Merge branch 'master' of github.com:kubernetes/ingress-nginx into add-servicemonitor-joblabel
This commit is contained in:
Muhammad Hamza Zaib
commit
ab58492ea4
10 changed files with 32 additions and 6 deletions
|
|
@ -4,10 +4,14 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku
|
||||||
|
|
||||||
### Unreleased
|
### Unreleased
|
||||||
|
|
||||||
### 3.28.0
|
### 3.29.0
|
||||||
|
|
||||||
- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
|
- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
|
||||||
|
|
||||||
|
### 3.28.0
|
||||||
|
|
||||||
|
- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs
|
||||||
|
|
||||||
### 3.27.0
|
### 3.27.0
|
||||||
|
|
||||||
- Update ingress-nginx v0.45.0
|
- Update ingress-nginx v0.45.0
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
# When the version is modified, make sure the artifacthub.io/changes list is updated
|
# When the version is modified, make sure the artifacthub.io/changes list is updated
|
||||||
# Also update CHANGELOG.md
|
# Also update CHANGELOG.md
|
||||||
version: 3.28.0
|
version: 3.29.0
|
||||||
appVersion: 0.45.0
|
appVersion: 0.45.0
|
||||||
home: https://github.com/kubernetes/ingress-nginx
|
home: https://github.com/kubernetes/ingress-nginx
|
||||||
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
|
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,10 @@ rules:
|
||||||
resources: ['podsecuritypolicies']
|
resources: ['podsecuritypolicies']
|
||||||
verbs: ['use']
|
verbs: ['use']
|
||||||
resourceNames:
|
resourceNames:
|
||||||
|
{{- with .Values.controller.admissionWebhooks.existingPsp }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- else }}
|
||||||
- {{ include "ingress-nginx.fullname" . }}-admission
|
- {{ include "ingress-nginx.fullname" . }}-admission
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}}
|
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if .Values.podSecurityPolicy.enabled -}}
|
{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -82,6 +82,10 @@ rules:
|
||||||
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
||||||
resources: ['podsecuritypolicies']
|
resources: ['podsecuritypolicies']
|
||||||
verbs: ['use']
|
verbs: ['use']
|
||||||
|
{{- with .Values.controller.existingPsp }}
|
||||||
|
resourceNames: [{{ . }}]
|
||||||
|
{{- else }}
|
||||||
resourceNames: [{{ include "ingress-nginx.fullname" . }}]
|
resourceNames: [{{ include "ingress-nginx.fullname" . }}]
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
|
{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -10,5 +10,9 @@ rules:
|
||||||
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
||||||
resources: ['podsecuritypolicies']
|
resources: ['podsecuritypolicies']
|
||||||
verbs: ['use']
|
verbs: ['use']
|
||||||
|
{{- with .Values.defaultBackend.existingPsp }}
|
||||||
|
resourceNames: [{{ . }}]
|
||||||
|
{{- else }}
|
||||||
resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
|
resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,9 @@ controller:
|
||||||
runAsUser: 101
|
runAsUser: 101
|
||||||
allowPrivilegeEscalation: true
|
allowPrivilegeEscalation: true
|
||||||
|
|
||||||
|
# Use an existing PSP instead of creating one
|
||||||
|
existingPsp: ""
|
||||||
|
|
||||||
# Configures the ports the nginx-controller listens on
|
# Configures the ports the nginx-controller listens on
|
||||||
containerPort:
|
containerPort:
|
||||||
http: 80
|
http: 80
|
||||||
|
|
@ -473,6 +476,9 @@ controller:
|
||||||
namespaceSelector: {}
|
namespaceSelector: {}
|
||||||
objectSelector: {}
|
objectSelector: {}
|
||||||
|
|
||||||
|
# Use an existing PSP instead of creating one
|
||||||
|
existingPsp: ""
|
||||||
|
|
||||||
service:
|
service:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
# clusterIP: ""
|
# clusterIP: ""
|
||||||
|
|
@ -611,6 +617,9 @@ defaultBackend:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
|
||||||
|
# Use an existing PSP instead of creating one
|
||||||
|
existingPsp: ""
|
||||||
|
|
||||||
extraArgs: {}
|
extraArgs: {}
|
||||||
|
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
|
|
|
||||||
|
|
@ -112,15 +112,16 @@ server_version=nginx: 1.9.11 - lua: 10001
|
||||||
|
|
||||||
HEADERS RECEIVED:
|
HEADERS RECEIVED:
|
||||||
accept=*/*
|
accept=*/*
|
||||||
authorization=Basic Zm9vOmJhcg==
|
|
||||||
connection=close
|
connection=close
|
||||||
host=foo.bar.com
|
host=foo.bar.com
|
||||||
user-agent=curl/7.43.0
|
user-agent=curl/7.43.0
|
||||||
|
x-request-id=e426c7829ef9f3b18d40730857c3eddb
|
||||||
x-forwarded-for=10.2.29.1
|
x-forwarded-for=10.2.29.1
|
||||||
x-forwarded-host=foo.bar.com
|
x-forwarded-host=foo.bar.com
|
||||||
x-forwarded-port=80
|
x-forwarded-port=80
|
||||||
x-forwarded-proto=http
|
x-forwarded-proto=http
|
||||||
x-real-ip=10.2.29.1
|
x-real-ip=10.2.29.1
|
||||||
|
x-scheme=http
|
||||||
BODY:
|
BODY:
|
||||||
* Connection #0 to host 10.2.29.4 left intact
|
* Connection #0 to host 10.2.29.4 left intact
|
||||||
-no body in request-
|
-no body in request-
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue