DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix merge conflicts

Browse source
This commit is contained in:
Phil Nichol 2023-05-12 11:48:25 +01:00
commit c94bb09066
No known key found for this signature in database
GPG key ID: 998C1F11E05F7B14
249 changed files with 7112 additions and 3571 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.github/ISSUE_TEMPLATE/feature_request.md vendored
View file

@ -7,16 +7,6 @@ assignees: ''
--- ---
<!--
With the situation in place today, we think (and decided) that it's time to temporarily pause accepting new features and focus on fixing and stabilizing Ingress NGINX. We understand that some people may need to merge a trivial new feature. Still, we are asking the community to understand that maintaining the project at this pace is becoming hard for the project maintainers. We understand that you waited too long with your PR in the queue, and we are sorry! But it's hard for us as well to keep the project stable.
More details are available here https://youtu.be/UBt4N82ymOE and here https://kubernetes.slack.com/archives/CANQGM8BA/p1656020331133589.
The announcement in the dev mailing list is here https://groups.google.com/a/kubernetes.io/g/dev/c/rxtrKvT_Q8E
Thank you,
Ingress-Nginx maintainer
-->
<!-- What do you want to happen? --> <!-- What do you want to happen? -->
<!-- Is there currently another issue associated with this? --> <!-- Is there currently another issue associated with this? -->

34
.github/PULL_REQUEST_TEMPLATE.md vendored
View file

@ -1,5 +1,6 @@
<!--- Provide a general summary of your changes in the Title above ---> <!--- Provide a general summary of your changes in the Title above --->
<!--- Please don't @-mention people in PR or commit messages (do so in an additional comment). ---> <!--- Please don't @-mention people in PR or commit messages (do so in an additional comment). --->
<!--- Please make sure you title is descriptive, it is used in the Release notes to let others know what it does --->
## What this PR does / why we need it: ## What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? --> <!--- Why is this change required? What problem does it solve? -->
@ -33,36 +34,3 @@ fixes #
- [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide - [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide
- [ ] I have added unit and/or e2e tests to cover my changes. - [ ] I have added unit and/or e2e tests to cover my changes.
- [ ] All new and existing tests passed. - [ ] All new and existing tests passed.
- [ ] Added Release Notes.
## Does my pull request need a release note?
Any user-visible or operator-visible change qualifies for a release note. This could be a:
- CLI change
- API change
- UI change
- configuration schema change
- behavioral change
- change in non-functional attributes such as efficiency or availability, availability of a new platform
- a warning about a deprecation
- fix of a previous Known Issue
- fix of a vulnerability (CVE)
No release notes are required for changes to the following:
- Tests
- Build infrastructure
- Fixes for unreleased bugs
For more tips on writing good release notes, check out the [Release Notes Handbook](https://github.com/kubernetes/sig-release/tree/master/release-team/role-handbooks/release-notes)
<!--
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
For more information on release notes see: https://git.k8s.io/community/contributors/guide/release-notes.md
-->
```release-note
PLACE RELEASE NOTES HERE
```

8
.github/dependabot.yml vendored
View file

@ -17,3 +17,11 @@ updates:
- "area/dependency" - "area/dependency"
- "release-note-none" - "release-note-none"
- "ok-to-test" - "ok-to-test"
- package-ecosystem: "docker"
directory: "/images"
schedule:
interval: "weekly"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"

101
.github/workflows/ci.yaml vendored
View file

@ -22,6 +22,7 @@ on:
required: false required: false
type: boolean type: boolean
permissions: permissions:
contents: read contents: read
@ -39,7 +40,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter id: filter
@ -65,10 +66,10 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run Gosec Security Scanner - name: Run Gosec Security Scanner
uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # v2.14.0 uses: securego/gosec@a459eb0ba387d9bd083d5c2e2354dbeef2465038 # v2.15.0
with: with:
# G601 for zz_generated.deepcopy.go # G601 for zz_generated.deepcopy.go
# G306 TODO: Expect WriteFile permissions to be 0600 or less # G306 TODO: Expect WriteFile permissions to be 0600 or less
@ -82,13 +83,13 @@ jobs:
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true')
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.19' go-version: '1.20'
check-latest: true check-latest: true
- name: Run Lint - name: Run Lint
@ -101,13 +102,13 @@ jobs:
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true')
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.19' go-version: '1.20'
check-latest: true check-latest: true
- name: Run go-fmt - name: Run go-fmt
@ -120,13 +121,13 @@ jobs:
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true')
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.19' go-version: '1.20'
check-latest: true check-latest: true
- name: Run test - name: Run test
@ -141,13 +142,13 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.19' go-version: '1.20'
check-latest: true check-latest: true
- name: Set up QEMU - name: Set up QEMU
@ -155,7 +156,7 @@ jobs:
- name: Set up Docker Buildx - name: Set up Docker Buildx
id: buildx id: buildx
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1 uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
with: with:
version: latest version: latest
@ -166,7 +167,7 @@ jobs:
run: | run: |
sudo apt-get -qq update || true sudo apt-get -qq update || true
sudo apt-get install -y pigz sudo apt-get install -y pigz
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.25.5/bin/linux/amd64/kubectl curl -LO https://dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubectl
chmod +x ./kubectl chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl sudo mv ./kubectl /usr/local/bin/kubectl
@ -188,11 +189,11 @@ jobs:
| pigz > docker.tar.gz | pigz > docker.tar.gz
- name: cache - name: cache
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: docker.tar.gz name: docker.tar.gz
path: docker.tar.gz path: docker.tar.gz
retention-days: 5
helm: helm:
name: Helm chart name: Helm chart
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -204,20 +205,20 @@ jobs:
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Setup Go - name: Setup Go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.19' go-version: '1.20'
check-latest: true check-latest: true
- name: cache - name: cache
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: docker.tar.gz name: docker.tar.gz
@ -254,11 +255,6 @@ jobs:
run: | run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} kind create cluster --image=kindest/node:${{ matrix.k8s }}
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0
with:
name: docker.tar.gz
failOnError: false
- name: Load images from cache - name: Load images from cache
run: | run: |
echo "loading docker images..." echo "loading docker images..."
@ -284,14 +280,14 @@ jobs:
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: cache - name: cache
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: docker.tar.gz name: docker.tar.gz
@ -300,11 +296,6 @@ jobs:
run: | run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0
with:
name: docker.tar.gz
failOnError: false
- name: Load images from cache - name: Load images from cache
run: | run: |
echo "loading docker images..." echo "loading docker images..."
@ -320,12 +311,13 @@ jobs:
make kind-e2e-test make kind-e2e-test
- name: Uplaod e2e junit-reports - name: Uplaod e2e junit-reports
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: success() || failure() if: success() || failure()
with: with:
name: e2e-test-reports-${{ matrix.k8s }} name: e2e-test-reports-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml' path: 'test/junitreports/report*.xml'
kubernetes-chroot: kubernetes-chroot:
name: Kubernetes chroot name: Kubernetes chroot
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -337,15 +329,15 @@ jobs:
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: cache - name: cache
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: docker.tar.gz name: docker.tar.gz
@ -354,11 +346,6 @@ jobs:
run: | run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0
with:
name: docker.tar.gz
failOnError: false
- name: Load images from cache - name: Load images from cache
run: | run: |
echo "loading docker images..." echo "loading docker images..."
@ -374,8 +361,8 @@ jobs:
kind get kubeconfig > $HOME/.kube/kind-config-kind kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test make kind-e2e-test
- name: Uplaod e2e junit-reports - name: Upload e2e junit-reports
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: success() || failure() if: success() || failure()
with: with:
name: e2e-test-reports-chroot-${{ matrix.k8s }} name: e2e-test-reports-chroot-${{ matrix.k8s }}
@ -391,7 +378,7 @@ jobs:
PLATFORMS: linux/amd64,linux/arm64 PLATFORMS: linux/amd64,linux/arm64
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images id: filter-images
@ -408,8 +395,8 @@ jobs:
- 'images/echo/**' - 'images/echo/**'
go-grpc-greeter-server: go-grpc-greeter-server:
- 'images/go-grpc-greeter-server/**' - 'images/go-grpc-greeter-server/**'
httpbin: httpbun:
- 'images/httpbin/**' - 'images/httpbun/**'
kube-webhook-certgen: kube-webhook-certgen:
- 'images/kube-webhook-certgen/**' - 'images/kube-webhook-certgen/**'
ext-auth-example-authsvc: ext-auth-example-authsvc:
@ -435,10 +422,10 @@ jobs:
if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }} if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }}
run: | run: |
cd images/go-grpc-greeter-server && make build cd images/go-grpc-greeter-server && make build
- name: httpbin image build - name: httpbun image build
if: ${{ steps.filter-images.outputs.httpbin == 'true' }} if: ${{ steps.filter-images.outputs.httpbin == 'true' }}
run: | run: |
cd images/httpbin && make build cd images/httpbun && make build
- name: kube-webhook-certgen image build - name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: | run: |
@ -460,11 +447,11 @@ jobs:
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images id: filter-images
@ -483,9 +470,9 @@ jobs:
- name: Set up Go - name: Set up Go
id: go id: go
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.19' go-version: '1.20'
check-latest: true check-latest: true
- name: kube-webhook-certgen image build - name: kube-webhook-certgen image build

4
.github/workflows/depreview.yaml vendored
View file

@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: 'Checkout Repository' - name: 'Checkout Repository'
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: 'Dependency Review' - name: 'Dependency Review'
uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 # v3.0.2 uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4

4
.github/workflows/docs.yaml vendored
View file

@ -23,7 +23,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter id: filter
@ -47,7 +47,7 @@ jobs:
steps: steps:
- name: Checkout master - name: Checkout master
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Deploy - name: Deploy
uses: ./.github/actions/mkdocs uses: ./.github/actions/mkdocs

18
.github/workflows/helm.yaml vendored
View file

@ -23,7 +23,19 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run Artifact Hub lint
run: |
wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
./ah lint -p charts/ingress-nginx || exit 1
rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
- name: Lint
run: |
./build/run-in-docker.sh ./hack/verify-chart-lint.sh
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter id: filter
@ -49,7 +61,7 @@ jobs:
steps: steps:
- name: Checkout master - name: Checkout master
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
# Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
fetch-depth: 0 fetch-depth: 0
@ -61,7 +73,7 @@ jobs:
git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Helm Chart Releaser - name: Helm Chart Releaser
uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f # v1.4.1 uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
env: env:
CR_SKIP_EXISTING: "false" CR_SKIP_EXISTING: "false"
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

2
.github/workflows/perftest.yaml vendored
View file

@ -19,7 +19,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Install K6 - name: Install K6
run: | run: |

10
.github/workflows/plugin.yaml vendored
View file

@ -17,18 +17,18 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Go - name: Set up Go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: 1.19 go-version: 1.20
check-latest: true check-latest: true
- name: Run GoReleaser - name: Run GoReleaser
uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0 uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
with: with:
version: latest version: latest
args: release --rm-dist args: release --rm-dist
@ -36,6 +36,6 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update new version in krew-index - name: Update new version in krew-index
uses: rajatjindal/krew-release-bot@92da038bbf995803124a8e50ebd438b2f37bbbb0 # v0.0.43 uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46
with: with:
krew_template_file: cmd/plugin/krew.yaml krew_template_file: cmd/plugin/krew.yaml

2
.github/workflows/project.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
repository-projects: write repository-projects: write
issues: write issues: write
steps: steps:
- uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 # v0.4.0 - uses: actions/add-to-project@31b3f3ccdc584546fc445612dec3f38ff5edb41c # v0.5.0
with: with:
project-url: https://github.com/orgs/kubernetes/projects/104 project-url: https://github.com/orgs/kubernetes/projects/104
github-token: ${{ secrets.PROJECT_WRITER }} github-token: ${{ secrets.PROJECT_WRITER }}

6
.github/workflows/scorecards.yml vendored
View file

@ -27,12 +27,12 @@ jobs:
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
persist-credentials: false persist-credentials: false
- name: "Run analysis" - name: "Run analysis"
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif
@ -51,7 +51,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab. # format to the repository Actions tab.
- name: "Upload artifact" - name: "Upload artifact"
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: SARIF file name: SARIF file
path: results.sarif path: results.sarif

6
.github/workflows/stale.yaml vendored
View file

@ -13,10 +13,10 @@ jobs:
pull-requests: write pull-requests: write
steps: steps:
- uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b # v7.0.0 - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
with: with:
stale-issue-message: 'This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack.' stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
stale-pr-message: 'This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack.' stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
stale-issue-label: lifecycle/frozen stale-issue-label: lifecycle/frozen
stale-pr-label: lifecycle/frozen stale-pr-label: lifecycle/frozen
days-before-issue-stale: 30 days-before-issue-stale: 30

8
.github/workflows/vulnerability-scans.yaml vendored
View file

@ -22,7 +22,7 @@ jobs:
versions: ${{ steps.version.outputs.TAGS }} versions: ${{ steps.version.outputs.TAGS }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
fetch-depth: 0 fetch-depth: 0
@ -42,7 +42,7 @@ jobs:
echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}" echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}"
TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]" TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]"
echo "${TAGS_JSON}" echo "${TAGS_JSON}"
echo "::set-output name=TAGS::${TAGS_JSON}" echo "TAGS=${TAGS_JSON}" >> $GITHUB_OUTPUT
scan: scan:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -52,7 +52,7 @@ jobs:
versions: ${{ fromJSON(needs.version.outputs.versions) }} versions: ${{ fromJSON(needs.version.outputs.versions) }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- shell: bash - shell: bash
id: test id: test
@ -60,7 +60,7 @@ jobs:
- name: Scan image with AquaSec/Trivy - name: Scan image with AquaSec/Trivy
id: scan id: scan
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # v0.8.0 uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 # v0.10.0
with: with:
image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
format: 'sarif' format: 'sarif'

15
Changelog.md.gotmpl Normal file
View file

@ -0,0 +1,15 @@
# Changelog
### {{ .Version }}
Images:
{{ with .ControllerImages }}
{{ range . }} * {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }}
{{ end }} {{ end }}
### All Changes:
{{ with .Updates }}
{{ range . }}* {{ . }}
{{ end }}{{ end }}
### Dependencies updates: {{ with .DepUpdates }}
{{ range . }}* {{ . }}
{{ end }} {{ end }}
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-{{ .PreviousControllerVersion }}...controller-{{ .NewControllerVersion }}

10
RELEASE.md → MANUAL_RELEASE.md
View file

@ -103,7 +103,7 @@ Promoting the images basically means that images, that were pushed to staging co
- Fork that other project (if you don't have a fork already). - Fork that other project (if you don't have a fork already).
- Other project to fork [Github repo kubernetes/k8s.io](http://github.com/kubernetes/k8s.io) - Other project to fork [GitHub repo kubernetes/k8s.io](http://github.com/kubernetes/k8s.io)
- Fetch --all and rebase to upstream if already forked. - Fetch --all and rebase to upstream if already forked.
@ -111,7 +111,7 @@ Promoting the images basically means that images, that were pushed to staging co
- In the related branch, of your fork, edit the file /registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml. - In the related branch, of your fork, edit the file /registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml.
- For making it easier, you can edit your branch directly in the browser. But be careful about making any mistake. - For making, it easier, you can edit your branch directly in the browser. But be careful about making any mistake.
- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before - Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before
@ -132,7 +132,7 @@ Promoting the images basically means that images, that were pushed to staging co
- Make sure to get the tag and sha of the promoted image from the step before, either from cloudbuild or from [here](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/ingress-nginx/controller). - Make sure to get the tag and sha of the promoted image from the step before, either from cloudbuild or from [here](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/ingress-nginx/controller).
- This involves editing of several different files. So carefully follow the steps below and double check all changes with diff/grep etc., repeatedly. Mistakes here impact endusers. - This involves editing of several files. So carefully follow the steps below and double check all changes with diff/grep etc., repeatedly. Mistakes here impact endusers.
### a. Make sure your git workspace is ready ### a. Make sure your git workspace is ready
@ -160,7 +160,7 @@ Promoting the images basically means that images, that were pushed to staging co
- [TAG](https://github.com/kubernetes/ingress-nginx/blob/main/TAG#L1) - [TAG](https://github.com/kubernetes/ingress-nginx/blob/main/TAG#L1)
### c. Edit the helm Chart ### c. Edit the helm Chart
- Change the below mentioned [Fields in Chart.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/Chart.yaml) - Change the below-mentioned [Fields in Chart.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/Chart.yaml)
- version - version
- appVersion - appVersion
- kubeVersion (**ONLY if applicable**) - kubeVersion (**ONLY if applicable**)
@ -168,7 +168,7 @@ Promoting the images basically means that images, that were pushed to staging co
- artifacthub.io/prerelease: "true" - artifacthub.io/prerelease: "true"
- artifacthub.io/changes: | - artifacthub.io/changes: |
- Replace this line and other lines under this annotation with the Changelog. One process to generate the Changelog is described below - Replace this line and other lines under this annotation with the Changelog. One process to generate the Changelog is described below
- Install and configure github cli as per the docs of gh-cli https://cli.github.com/, - Install and configure GitHub cli as per the docs of gh-cli https://cli.github.com/,
- Change dir to your clone, of your fork, of the ingress-nginx project - Change dir to your clone, of your fork, of the ingress-nginx project
- Run the below command and save the output to a txt file - Run the below command and save the output to a txt file

7
Makefile
View file

@ -31,7 +31,7 @@ TAG ?= $(shell cat TAG)
# e2e settings # e2e settings
# Allow limiting the scope of the e2e tests. By default run everything # Allow limiting the scope of the e2e tests. By default run everything
FOCUS ?= .* FOCUS ?=
# number of parallel test # number of parallel test
E2E_NODES ?= 7 E2E_NODES ?= 7
# run e2e test suite with tests that check for memory leaks? (default is false) # run e2e test suite with tests that check for memory leaks? (default is false)
@ -147,17 +147,16 @@ test: ## Run go unit tests.
.PHONY: lua-test .PHONY: lua-test
lua-test: ## Run lua unit tests. lua-test: ## Run lua unit tests.
@build/run-in-docker.sh \ @build/run-in-docker.sh \
BUSTED_ARGS=$(BUSTED_ARGS) \
MAC_OS=$(MAC_OS) \ MAC_OS=$(MAC_OS) \
test/test-lua.sh test/test-lua.sh
.PHONY: e2e-test .PHONY: e2e-test
e2e-test: ## Run e2e tests (expects access to a working Kubernetes cluster). e2e-test: ## Run e2e tests (expects access to a working Kubernetes cluster).
@build/run-e2e-suite.sh @test/e2e/run-e2e-suite.sh
.PHONY: kind-e2e-test .PHONY: kind-e2e-test
kind-e2e-test: ## Run e2e tests using kind. kind-e2e-test: ## Run e2e tests using kind.
@test/e2e/run.sh @test/e2e/run-kind-e2e.sh
.PHONY: kind-e2e-chart-tests .PHONY: kind-e2e-chart-tests
kind-e2e-chart-tests: ## Run helm chart e2e tests kind-e2e-chart-tests: ## Run helm chart e2e tests

9
NEW_RELEASE_PROCESS.md Normal file
View file

@ -0,0 +1,9 @@
# Semi-Automated Release Process
1. Update TAG
2. Cloud Build
3. k8s.io PR
4. git pull origin main
5. git checkout -b $RELEASE_VERSION
6. mage release:newrelease $RELEASE_VERSION
7. Wait for PR

2
NGINX_BASE
View file

@ -1 +1 @@
registry.k8s.io/ingress-nginx/nginx:21aa7f55a3325c1c26de0dfb62ede4c0a809a994@sha256:da6b877ed96dada46ed6e379051c2dd461dd5d329af7a7531820ad3e16197e20 registry.k8s.io/ingress-nginx/nginx:91057c439cf07ffb62887b8a8bda66ce3cbe39ca@sha256:3b650123c755392f8c0eb9a356b12716327106e624ab5f5b43bc25ab130978fb

1
OWNERS
View file

@ -9,3 +9,4 @@ reviewers:
emeritus_approvers: emeritus_approvers:
- aledbf # 2020-04-02 - aledbf # 2020-04-02
- bowei # 2022-10-12 - bowei # 2022-10-12
- ElvinEfendi # 2023-04-23

11
OWNERS_ALIASES
View file

@ -11,27 +11,28 @@ aliases:
- strongjz - strongjz
ingress-nginx-maintainers: ingress-nginx-maintainers:
- ElvinEfendi
- rikatz - rikatz
- strongjz - strongjz
- cpanato
- puerco
- tao12345666333 - tao12345666333
ingress-nginx-reviewers: ingress-nginx-reviewers:
- ElvinEfendi
- rikatz - rikatz
- strongjz - strongjz
- puerco
- cpanato
- tao12345666333 - tao12345666333
ingress-nginx-helm-maintainers: ingress-nginx-helm-maintainers:
- ChiefAlexander
- cpanato - cpanato
- strongjz
ingress-nginx-helm-reviewers: ingress-nginx-helm-reviewers:
- ChiefAlexander
- cpanato - cpanato
- strongjz
ingress-nginx-docs-maintainers: ingress-nginx-docs-maintainers:
- IamNoah1
- longwuyuan - longwuyuan
- tao12345666333 - tao12345666333

39
README.md
View file

@ -34,25 +34,28 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi
### Supported Versions table ### Supported Versions table
Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for
the versions listed. Ingress-Nginx versions may work on older versions but the project does not make that guarantee. the versions listed. Ingress-Nginx versions may work on older versions but the project does not make that guarantee.
| Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | | | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version |
|-----------------------|------------------------------|----------------|---------------| |:-----:|------------------------|------------------------------|----------------|---------------|--------------------|
| v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | | 🔄 | **v1.7.1** | 1.27,1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* |
| v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | 🔄 | **v1.7.0** | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* |
| v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | | 🔄 | **v1.6.4** | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* |
| v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | | 🔄| **v1.5.1** | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* |
| v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 |
| v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | 4.2.5 |
| v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | 4.2.3 |
| v1.1.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | 4.1.4 |
| v1.1.0 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | 4.0.19 |
| v1.0.5 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.18 |
| v1.0.4 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.1.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.17 |
| v1.0.3 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.1.0 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.13 |
| v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.0.5 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.9 |
| v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | | | v1.0.4 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.6 |
| v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | | | v1.0.3 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.5 |
| | v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.3 |
| | v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.2 |
| | v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | 4.0.1 |
† _This build is † _This build is

3
TAG
View file

@ -1 +1,2 @@
v1.5.1 v1.7.1

2
build/dev-env.sh
View file

@ -62,7 +62,7 @@ echo "[dev-env] building image"
make build image make build image
docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}" docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}"
export K8S_VERSION=${K8S_VERSION:-v1.25.2@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace} export K8S_VERSION=${K8S_VERSION:-v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f}
KIND_CLUSTER_NAME="ingress-nginx-dev" KIND_CLUSTER_NAME="ingress-nginx-dev"

4
build/run-in-docker.sh
View file

@ -44,7 +44,7 @@ function cleanup {
} }
trap cleanup EXIT trap cleanup EXIT
E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221221-controller-v1.5.1-62-g6ffaef32a@sha256:8f025472964cd15ae2d379503aba150565a8d78eb36b41ddfc5f1e3b1ca81a8e} E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20230314-helm-chart-4.5.2-32-g520384b11@sha256:754c62f9a5efd1ee515ee908ecc16c0c4d1dda96a8cc8019667182a55f3a9035}
if [[ "$RUNTIME" == podman ]]; then if [[ "$RUNTIME" == podman ]]; then
# Podman does not support both tag and digest # Podman does not support both tag and digest
@ -87,7 +87,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "..reached DIND check TRUE block, inside run-in-docker.sh"
echo "FLAGS=$FLAGS" echo "FLAGS=$FLAGS"
#go env #go env
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.9.0
find / -type f -name ginkgo 2>/dev/null find / -type f -name ginkgo 2>/dev/null
which ginkgo which ginkgo
/bin/bash -c "${FLAGS}" /bin/bash -c "${FLAGS}"

67
changelog/Changelog-1.5.2.md → changelog/Changelog-1.6.4.md
View file

@ -1,13 +1,60 @@
# Changelog # Changelog
### 1.5.2 ### 1.6.4
Images: Images:
* registry.k8s.io/ingress-nginx/controller:controller-v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 * registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
* registry.k8s.io/ingress-nginx/controller-chroot:controller-v1.5.2@sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b * registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81
### All Changes: ### All Changes:
* remove tests and regex path checks (#9626)
* Fix incorrect annotation name in upstream hashing configuration (#9617)
* Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614)
* Revert Implement pathType validation (#9511) (#9607)
* update history and allow to pass a target test (#9605)
* Allow to pass a target test (#9542)
* Replace deprecated command with environment file (#9581)
* build 1.6.2 to fix (#9569)
* add lint on chart before release (#9570)
* tcpproxy: increase buffer size to 16K (#9548)
* Move and spell-check Kubernetes 1.22 migration FAQ (#9544)
* Add CORS template check inside location for externalAuth.SignURL (#8814)
* fix(grafana-dashboard): remove hardcoded namespace references (#9523)
* Replace deprecated command with environment file (#9581)
* add lint on chart before release (#9570)
* Switch logic on path type validation and setting it to false (#9543)
* tcpproxy: increase buffer size to 16K (#9548)
* Move and spell-check Kubernetes 1.22 migration FAQ (#9544)
* Add CORS template check inside location for externalAuth.SignURL (#8814)
* fix(grafana-dashboard): remove hardcoded namespace references (#9523)
* Align default value for keepalive_request with NGINX default (#9518)
* feat(configmap): expose gzip-disable (#9505)
* Values: Add missing `controller.metrics.service.labels`. (#9501)
* Add docs about orphan_ingress metric (#9514)
* Add new prometheus metric for orphaned ingress (#8230)
* Sanitise request metrics in monitoring docs (#9384)
* Change default value of enable-brotli (#9500)
* feat: support topology aware hints (#9165)
* Remove 1.5.2 from readme (#9498)
* Remove nonexistent load flag from docker build commands (#9122)
* added option to disable sync event creation (#8528)
* Add buildResolvers to the stream module (#9184)
* fix: disable auth access logs (#9049)
* Adding ipdenylist annotation (#8795)
* Add update updateStrategy and minReadySeconds for defaultBackend (#8506)
* Fix indentation on serviceAccount annotation (#9129)
* Update monitoring.md (#9269)
* add github actions stale bot (#9439)
* Admission Webhooks/Job: Add `NetworkPolicy`. (#9218)
* update OpenTelemetry image (#9491)
* bump OpenTelemetry (#9489)
* Optional podman support (#9294)
* fix change images (#9463)
* move tests to gh actions (#9461)
* Automated Release Controller 1.5.2 (#9455)
* Add sslpassthrough tests (#9457)
* updated the link in RELEASE.md file (#9456)
* restart 1.5.2 release process (#9450) * restart 1.5.2 release process (#9450)
* Update command line arguments documentation (#9224) * Update command line arguments documentation (#9224)
* start release 1.5.2 (#9445) * start release 1.5.2 (#9445)
@ -43,7 +90,6 @@ Images:
* remove the configmap related permissions (#9310) * remove the configmap related permissions (#9310)
* remove hardcoded datasource from grafana dashboard (#9284) * remove hardcoded datasource from grafana dashboard (#9284)
* update gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b to 3.0.0 (#9277) * update gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b to 3.0.0 (#9277)
* Validate ingress path fields (#9309)
* added SAN to cert create command (#9295) * added SAN to cert create command (#9295)
* Missing controller.ingressClass (#9304) * Missing controller.ingressClass (#9304)
* OpenTelemetry static linking (#9286) * OpenTelemetry static linking (#9286)
@ -54,6 +100,17 @@ Images:
* add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) * add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242)
### Dependencies updates: ### Dependencies updates:
* Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555)
* Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553)
* Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552)
* Bump google.golang.org/grpc from 1.51.0 to 1.52.0 (#9512)
* Bump `client-go` to remove dependence on go-autorest dependency (#9488)
* Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555)
* Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553)
* Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552)
* Bump google.golang.org/grpc from 1.51.0 to 1.52.0 (#9512)
* Bump `client-go` to remove dependence on go-autorest dependency (#9488)
* Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (#9494)
* Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397) * Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397)
* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432) * Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432)
* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421) * Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421)
@ -76,4 +133,4 @@ Images:
* Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301) * Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301)
* Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300) * Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.5.2 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.6.4

78
changelog/Changelog-1.7.0.md Normal file
View file

@ -0,0 +1,78 @@
# Changelog
### 1.7.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc
### All Changes:
* kick off 1.7.0 build (#9775)
* Update exposing-tcp-udp-services.md (#9777)
* feat: OpenTelemetry module integration (#9062)
* drop k8s 1.23 support (#9772)
* Fix canary-weight-total annotation ignored in rule backends (#9729)
* fix: controller psp's volume config (#9740)
* Fix several Helm YAML issues with extraModules and extraInitContainers (#9709)
* docs(helm): fix value key in readme for enabling certManager (#9640)
* updated digest and sha for e2e-test-echo (#9760)
* updated digest and sha for e2e-test-fastcgi-helloserver (#9759)
* updated digest and sha for opentelemetry (#9758)
* updated digest and sha for e2e-test-cfssl (#9757)
* updated kube-webhook-certgen digest and tags (#9756)
* updated nginx-error digest and tags (#9755)
* added upgrade ginkgo documentation for contributors (#9753)
* changes Makefile of echo folder to trigger code-build (#9754)
* Chart: Drop `controller.headers`, rework DH param secret. (#9659)
* updated NGINX_BASE image with latest tag (#9747)
* Deployment/DaemonSet: Label pods using `ingress-nginx.labels`. (#9732)
* bumped ginkgo to v2.9.0 (#9722)
* HPA: autoscaling/v2beta1 deprecated, bump apiVersion to v2 for defaultBackend (#9731)
* update to golang 1.20 (#9690)
* Indent values.yaml using 2 instead of 4 spaces (#9656)
* fix some comments (#9688)
* migrate mitchellh/hashstructure to v2 (#9651)
* changed v1.6.3 to v1.6.4 on deploy docs (#9647)
* controller: Don't panic when ready condition in a endpointslice is missing (#9550)
* Rework Ginkgo usage (#9522)
* code clean for fsnotify (#9571)
* Optimize the document for readability (#9551)
* sets.String is deprecated: use generic Set instead. new ways: s1 := Set[string]{} s2 := New[string]() (#9589)
* Adjust the import package order and use http library variables (#9587)
* Optimize the judgment mode to remove redundant transformations (#9588)
* Fix rewrite example (#9633)
* remove tests and regex path checks (#9626)
* Fix incorrect annotation name in upstream hashing configuration (#9617)
* Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614)
### Dependencies updates:
* Bump aquasecurity/trivy-action from 0.8.0 to 0.9.2 (#9767)
* Bump k8s.io/component-base from 0.26.2 to 0.26.3 (#9764)
* Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#9766)
* Bump actions/add-to-project from 0.4.0 to 0.4.1 (#9765)
* Bump actions/dependency-review-action from 3.0.2 to 3.0.3 (#9727)
* Bump github.com/prometheus/common from 0.41.0 to 0.42.0 (#9724)
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#9723)
* Bump actions/download-artifact from 3.0.1 to 3.0.2 (#9721)
* Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#9718)
* Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#9717)
* Bump docker/setup-buildx-action from 2.2.1 to 2.5.0 (#9719)
* Bump helm/chart-releaser-action from 1.4.1 to 1.5.0 (#9720)
* Bump github.com/onsi/ginkgo/v2 from 2.6.1 to 2.9.0 (#9695)
* Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 (#9694)
* Bump golang.org/x/crypto in /magefiles (#9691)
* Bump k8s.io/component-base from 0.26.1 to 0.26.2 (#9696)
* Bump github.com/prometheus/common from 0.40.0 to 0.41.0 (#9698)
* Bump sigs.k8s.io/controller-runtime from 0.14.2 to 0.14.5 (#9697)
* Bump golang.org/x/net in /magefiles (#9692)
* Bump golang.org/x/sys in /images/custom-error-pages/rootfs (#9671)
* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#9675)
* Bump github.com/prometheus/common from 0.39.0 to 0.40.0 (#9653)
* Bump golang.org/x/net from 0.6.0 to 0.7.0 (#9646)
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#9645)
* Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#9610)
* Bump github.com/prometheus/client_golang (#9630)
* Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#9609)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.6.3...controller-controller-v1.7.0

52
changelog/Changelog-1.7.1.md Normal file
View file

@ -0,0 +1,52 @@
# Changelog
### 1.7.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988
### All Changes:
* Update TAG - 1.7.1 (#9922)
* Update dependabot to watch docker images (#9600)
* [helm] Support custom port configuration for internal service (#9846)
* Add support for --container flag (#9703)
* Fix typo in OpenTelemetry (#9903)
* ensure make lua-test runs locally (#9902)
* update k8s.io dependecies to v0.26.4 (#9893)
* Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803)
* I have not been able to fulfill my maintainer responsibilities for a while already, making it official now. (#9883)
* Update k8s versions (#9879)
* README: Update `external-dns` link. (#9866)
* Fastcgi configmap should be on the same namespace of ingress (#9863)
* Deprecate and remove influxdb feature (#9861)
* Remove deprecated annotation secure-upstream (#9862)
* Exclude socket metrics (#9770)
* Chart: Improve `README.md`. (#9831)
* update all container tags with date and sha, upgrade all containers (#9834)
* updated NGINX_BASE image in project (#9829)
* ISO 8601 date format (#9682)
* Values: Fix indention of commented values. (#9812)
* The Ingress-Nginx project recently released version 1.7.0 of the controller, but the deployment documentation still referenced version 1.6.4. This commit updates the documentation to reference the latest version, ensuring that users have access to the most up-to-date information. Fixes#9787 (#9788)
### Dependencies updates:
* Bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 (#9912)
* Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#9868)
* Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#9888)
* Bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 (#9867)
* Bump actions/checkout from 3.5.0 to 3.5.2 (#9870)
* Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#9838)
* Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#9839)
* Bump actions/add-to-project from 0.4.1 to 0.5.0 (#9840)
* Bump actions/checkout from 3.4.0 to 3.5.0 (#9798)
* Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#9823)
* Bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#9806)
* Bump actions/stale from 7.0.0 to 8.0.0 (#9799)
* Bump rajatjindal/krew-release-bot from 0.0.43 to 0.0.46 (#9797)
* Bump actions/setup-go from 3.5.0 to 4.0.0 (#9796)
* Bump github.com/imdario/mergo from 0.3.13 to 0.3.15 (#9795)
* Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#9794)
* Bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#9822)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.0...controller-controller-v1.7.1

46
charts/ingress-nginx/Chart.yaml
View file

@ -1,31 +1,25 @@
annotations:
artifacthub.io/changes: |
- "[helm] Support custom port configuration for internal service (#9846)"
- "Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803)"
- "Update Ingress-Nginx version controller-v1.7.1"
artifacthub.io/prerelease: "false"
apiVersion: v2 apiVersion: v2
name: ingress-nginx appVersion: 1.7.1
# When the version is modified, make sure the artifacthub.io/changes list is updated description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
# Also update CHANGELOG.md load balancer
version: 4.4.2 engine: gotpl
appVersion: 1.5.1
home: https://github.com/kubernetes/ingress-nginx home: https://github.com/kubernetes/ingress-nginx
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
keywords: keywords:
- ingress - ingress
- nginx - nginx
sources: kubeVersion: '>=1.20.0-0'
- https://github.com/kubernetes/ingress-nginx
maintainers: maintainers:
- name: rikatz - name: rikatz
- name: strongjz - name: strongjz
- name: tao12345666333 - name: tao12345666333
engine: gotpl name: ingress-nginx
kubeVersion: ">=1.20.0-0" sources:
annotations: - https://github.com/kubernetes/ingress-nginx
# Use this annotation to indicate that this chart version is a pre-release. version: 4.6.1
# https://artifacthub.io/docs/topics/annotations/helm/
artifacthub.io/prerelease: "false"
# List of changes for the release in artifacthub.io
# https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog
artifacthub.io/changes: |
- Adding support for disabling liveness and readiness probes to the Helm chart
- add:(admission-webhooks) ability to set securityContext
- Updated Helm chart to use the fullname for the electionID if not specified
- Rename controller-wehbooks-networkpolicy.yaml

67
charts/ingress-nginx/README.md
View file

@ -2,16 +2,15 @@
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
![Version: 4.4.2](https://img.shields.io/badge/Version-4.4.2-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) ![Version: 4.6.1](https://img.shields.io/badge/Version-4.6.1-informational?style=flat-square) ![AppVersion: 1.7.1](https://img.shields.io/badge/AppVersion-1.7.1-informational?style=flat-square)
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites ## Requirements
- Chart version 3.x.x: Kubernetes v1.16+ Kubernetes: `>=1.20.0-0`
- Chart version 4.x.x and above: Kubernetes v1.19+
## Get Repo Info ## Get Repo Info
@ -52,10 +51,6 @@ helm upgrade [RELEASE_NAME] [CHART] --install
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading With Zero Downtime in Production
By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
### Migrating from stable/nginx-ingress ### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
@ -66,7 +61,6 @@ There are two main ways to migrate a release from `stable/nginx-ingress` to `ing
1. Redirect your DNS traffic from the old controller to the new controller 1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover 1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
@ -85,14 +79,14 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https:
### Prometheus Metrics ### Prometheus Metrics
The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
### ingress-nginx nginx\_status page/stats server ### ingress-nginx nginx\_status page/stats server
Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller:
- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed - In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. - In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
@ -100,7 +94,7 @@ Previous versions of this chart had a `controller.stats.*` configuration block,
### ExternalDNS Service Configuration ### ExternalDNS Service Configuration
Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service: Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
```yaml ```yaml
controller: controller:
@ -126,19 +120,6 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
``` ```
### AWS route53-mapper
To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label:
```yaml
controller:
service:
labels:
dns: "route53"
annotations:
domainName: "kubernetes-example.com"
```
### Additional Internal Load Balancer ### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
@ -212,7 +193,7 @@ Optionally you can set `controller.service.loadBalancerIP` if you need a static
### Ingress Admission Webhooks ### Ingress Admission Webhooks
With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
**This feature is enabled by default since 0.31.0.** **This feature is enabled by default since 0.31.0.**
With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
@ -221,14 +202,14 @@ With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fi
A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. 1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
2. The ingress nginx controller pod is configured to use a TLS proxy container, which will load that certificate. 2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate.
3. Validating and Mutating webhook configurations are created in the cluster. 3. Validating and Mutating webhook configurations are created in the cluster.
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
#### Alternatives #### Alternatives
It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required. It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enable` value to true. You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enabled` value to true.
Please ensure that cert-manager is correctly installed and configured. Please ensure that cert-manager is correctly installed and configured.
@ -244,10 +225,6 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
## Requirements
Kubernetes: `>=1.20.0-0`
## Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
@ -271,11 +248,11 @@ Kubernetes: `>=1.20.0-0`
| controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | | controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | |
| controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | |
| controller.admissionWebhooks.patch.enabled | bool | `true` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | |
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f"` | | | controller.admissionWebhooks.patch.image.digest | string | `"sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f"` | |
| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | |
| controller.admissionWebhooks.patch.image.tag | string | `"v20220916-gd32f8c343"` | | | controller.admissionWebhooks.patch.image.tag | string | `"v20230312-helm-chart-4.5.2-28-g66a760794"` | |
| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | |
@ -297,7 +274,6 @@ Kubernetes: `>=1.20.0-0`
| controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected | | controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected |
| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # | | controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # |
| controller.autoscaling.annotations | object | `{}` | | | controller.autoscaling.annotations | object | `{}` | |
| controller.autoscaling.apiVersion | string | `"autoscaling/v2"` | |
| controller.autoscaling.behavior | object | `{}` | | | controller.autoscaling.behavior | object | `{}` | |
| controller.autoscaling.enabled | bool | `false` | | | controller.autoscaling.enabled | bool | `false` | |
| controller.autoscaling.maxReplicas | int | `11` | | | controller.autoscaling.maxReplicas | int | `11` | |
@ -316,15 +292,16 @@ Kubernetes: `>=1.20.0-0`
| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' | | controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |
| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | | controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # |
| controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-aware-hints="auto" Defaults to false |
| controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | | controller.existingPsp | string | `""` | Use an existing PSP instead of creating one |
| controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | | controller.extraArgs | object | `{}` | Additional command line arguments to pass to Ingress-Nginx Controller E.g. to specify the default SSL certificate you can use |
| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | | controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. |
| controller.extraEnvs | list | `[]` | Additional environment variables to set | | controller.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. | | controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. |
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module | | controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module |
| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. | | controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. |
| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. | | controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. |
| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the ingress nginx controller is running in the `hostNetwork: true` mode. | | controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. |
| controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. | | controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. |
| controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged | | controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged |
| controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not | | controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not |
@ -333,13 +310,13 @@ Kubernetes: `>=1.20.0-0`
| controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
| controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.allowPrivilegeEscalation | bool | `true` | |
| controller.image.chroot | bool | `false` | | | controller.image.chroot | bool | `false` | |
| controller.image.digest | string | `"sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629"` | | | controller.image.digest | string | `"sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407"` | |
| controller.image.digestChroot | string | `"sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345"` | | | controller.image.digestChroot | string | `"sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988"` | |
| controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.image | string | `"ingress-nginx/controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.registry | string | `"registry.k8s.io"` | |
| controller.image.runAsUser | int | `101` | | | controller.image.runAsUser | int | `101` | |
| controller.image.tag | string | `"v1.5.1"` | | | controller.image.tag | string | `"v1.7.1"` | |
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |
@ -377,6 +354,7 @@ Kubernetes: `>=1.20.0-0`
| controller.metrics.prometheusRule.rules | list | `[]` | | | controller.metrics.prometheusRule.rules | list | `[]` | |
| controller.metrics.service.annotations | object | `{}` | | | controller.metrics.service.annotations | object | `{}` | |
| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | | controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # |
| controller.metrics.service.labels | object | `{}` | Labels to be added to the metrics service resource |
| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | | | controller.metrics.service.loadBalancerSourceRanges | list | `[]` | |
| controller.metrics.service.nameSuffix | string | `"metrics"` | - Suffix to be used to name the metrics service | | controller.metrics.service.nameSuffix | string | `"metrics"` | - Suffix to be used to name the metrics service |
| controller.metrics.service.servicePort | int | `10254` | | | controller.metrics.service.servicePort | int | `10254` | |
@ -395,7 +373,7 @@ Kubernetes: `>=1.20.0-0`
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # |
| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| controller.opentelemetry.enabled | bool | `false` | | | controller.opentelemetry.enabled | bool | `false` | |
| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230107-helm-chart-4.4.2-2-g96b3d2165@sha256:331b9bebd6acfcd2d3048abbdd86555f5be76b7e3d0b5af4300b04235c6056c9"` | | | controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:40f766ac4a9832f36f217bb0e98d44c8d38faeccbfe861fbc1a76af7e9ab257f"` | |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | | controller.podSecurityContext | object | `{}` | Security Context policies for controller pods |
@ -413,7 +391,7 @@ Kubernetes: `>=1.20.0-0`
| controller.readinessProbe.successThreshold | int | `1` | | | controller.readinessProbe.successThreshold | int | `1` | |
| controller.readinessProbe.timeoutSeconds | int | `1` | | | controller.readinessProbe.timeoutSeconds | int | `1` | |
| controller.replicaCount | int | `1` | | | controller.replicaCount | int | `1` | |
| controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply | | controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply |
| controller.resources.requests.cpu | string | `"100m"` | | | controller.resources.requests.cpu | string | `"100m"` | |
| controller.resources.requests.memory | string | `"90Mi"` | | | controller.resources.requests.memory | string | `"90Mi"` | |
| controller.scope.enabled | bool | `false` | Enable 'scope' or not | | controller.scope.enabled | bool | `false` | Enable 'scope' or not |
@ -430,6 +408,8 @@ Kubernetes: `>=1.20.0-0`
| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | | controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). |
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. |
| controller.service.internal.nameSuffix | string | `"internal"` | - Suffix to be used to name the internal service | | controller.service.internal.nameSuffix | string | `"internal"` | - Suffix to be used to name the internal service |
| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service |
| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service |
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
| controller.service.labels | object | `{}` | | | controller.service.labels | object | `{}` | |
@ -509,7 +489,7 @@ Kubernetes: `>=1.20.0-0`
| defaultBackend.serviceAccount.name | string | `""` | | | defaultBackend.serviceAccount.name | string | `""` | |
| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | | defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| podSecurityPolicy.enabled | bool | `false` | | | podSecurityPolicy.enabled | bool | `false` | |
| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | | portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration |
@ -522,4 +502,3 @@ Kubernetes: `>=1.20.0-0`
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | | tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |
| udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | | udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |

39
charts/ingress-nginx/README.md.gotmpl
View file

@ -7,10 +7,7 @@ To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.c
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites {{ template "chart.requirementsSection" . }}
- Chart version 3.x.x: Kubernetes v1.16+
- Chart version 4.x.x and above: Kubernetes v1.19+
## Get Repo Info ## Get Repo Info
@ -51,10 +48,6 @@ helm upgrade [RELEASE_NAME] [CHART] --install
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading With Zero Downtime in Production
By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
### Migrating from stable/nginx-ingress ### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
@ -65,7 +58,6 @@ There are two main ways to migrate a release from `stable/nginx-ingress` to `ing
1. Redirect your DNS traffic from the old controller to the new controller 1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover 1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
@ -84,14 +76,14 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https:
### Prometheus Metrics ### Prometheus Metrics
The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
### ingress-nginx nginx\_status page/stats server ### ingress-nginx nginx\_status page/stats server
Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller:
- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed - In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. - In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
@ -99,7 +91,7 @@ Previous versions of this chart had a `controller.stats.*` configuration block,
### ExternalDNS Service Configuration ### ExternalDNS Service Configuration
Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service: Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
```yaml ```yaml
controller: controller:
@ -125,19 +117,6 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
``` ```
### AWS route53-mapper
To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label:
```yaml
controller:
service:
labels:
dns: "route53"
annotations:
domainName: "kubernetes-example.com"
```
### Additional Internal Load Balancer ### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
@ -211,7 +190,7 @@ Optionally you can set `controller.service.loadBalancerIP` if you need a static
### Ingress Admission Webhooks ### Ingress Admission Webhooks
With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
**This feature is enabled by default since 0.31.0.** **This feature is enabled by default since 0.31.0.**
With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
@ -220,14 +199,14 @@ With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fi
A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. 1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
2. The ingress nginx controller pod is configured to use a TLS proxy container, which will load that certificate. 2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate.
3. Validating and Mutating webhook configurations are created in the cluster. 3. Validating and Mutating webhook configurations are created in the cluster.
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
#### Alternatives #### Alternatives
It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required. It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enable` value to true. You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enabled` value to true.
Please ensure that cert-manager is correctly installed and configured. Please ensure that cert-manager is correctly installed and configured.
@ -243,8 +222,4 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }} {{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

0
charts/ingress-nginx/changelog/.gitkeep Normal file
View file

13
charts/ingress-nginx/changelog/Changelog-4.5.2.md Normal file
View file

@ -0,0 +1,13 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.5.2
* add lint on chart before release (#9570)
* ci: remove setup-helm step (#9404)
* feat(helm): Optionally use cert-manager instead admission patch (#9279)
* run helm release on main only and when the chart/value changes only (#9290)
* Update Ingress-Nginx version controller-v1.6.4
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.4.3...helm-chart-4.5.2

24
charts/ingress-nginx/changelog/Changelog-4.6.0.md Normal file
View file

@ -0,0 +1,24 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.5.3
* docs(helm): fix value key in readme for enabling certManager (#9640)
* Upgrade alpine 3.17.2
* Upgrade golang 1.20
* Drop testing/support for Kubernetes 1.23
* docs(helm): fix value key in readme for enabling certManager (#9640)
* Update Ingress-Nginx version controller-v1.7.0
* feat: OpenTelemetry module integration (#9062)
* canary-weight-total annotation ignored in rule backends (#9729)
* fix controller psp's volume config (#9740)
* Fix several Helm YAML issues with extraModules and extraInitContainers (#9709)
* Chart: Drop `controller.headers`, rework DH param secret. (#9659)
* Deployment/DaemonSet: Label pods using `ingress-nginx.labels`. (#9732)
* HPA: autoscaling/v2beta1 deprecated, bump apiVersion to v2 for defaultBackend (#9731)
* Fix incorrect annotation name in upstream hashing configuration (#9617)
* Update Ingress-Nginx version controller-v1.7.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.5.2...helm-chart-4.6.0

11
charts/ingress-nginx/changelog/Changelog-4.6.1.md Normal file
View file

@ -0,0 +1,11 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.6.1
* [helm] Support custom port configuration for internal service (#9846)
* Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803)
* Update Ingress-Nginx version controller-v1.7.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.6.0...helm-chart-4.6.1

6
charts/ingress-nginx/ci/deployment-internal-lb-values.yaml
View file

@ -11,3 +11,9 @@ controller:
enabled: true enabled: true
annotations: annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true" service.beta.kubernetes.io/aws-load-balancer-internal: "true"
ports:
http: 443
https: 80
targetPorts:
http: 443
https: 80

7
charts/ingress-nginx/templates/NOTES.txt
View file

@ -71,10 +71,3 @@ If TLS is enabled for the Ingress, a Secret containing the certificate and key m
tls.crt: <base64 encoded cert> tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key> tls.key: <base64 encoded key>
type: kubernetes.io/tls type: kubernetes.io/tls
{{- if .Values.controller.headers }}
#################################################################################
###### WARNING: `controller.headers` has been deprecated! #####
###### It has been renamed to `controller.proxySetHeaders`. #####
#################################################################################
{{- end }}

3
charts/ingress-nginx/templates/_params.tpl
View file

@ -51,6 +51,9 @@
{{- if .Values.controller.watchIngressWithoutClass }} {{- if .Values.controller.watchIngressWithoutClass }}
- --watch-ingress-without-class=true - --watch-ingress-without-class=true
{{- end }} {{- end }}
{{- if .Values.controller.enableTopologyAwareRouting }}
- --enable-topology-aware-routing=true
{{- end }}
{{- range $key, $value := .Values.controller.extraArgs }} {{- range $key, $value := .Values.controller.extraArgs }}
{{- /* Accept keys without values or with false as value */}} {{- /* Accept keys without values or with false as value */}}
{{- if eq ($value | quote | len) 2 }} {{- if eq ($value | quote | len) 2 }}

9
charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml
View file

@ -1,4 +1,4 @@
{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}} {{- if .Values.controller.proxySetHeaders -}}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
@ -10,10 +10,5 @@ metadata:
{{- end }} {{- end }}
name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
data: data: {{ toYaml .Values.controller.proxySetHeaders | nindent 2 }}
{{- if .Values.controller.proxySetHeaders }}
{{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
{{ toYaml .Values.controller.headers | indent 2 }}
{{- end }}
{{- end }} {{- end }}

7
charts/ingress-nginx/templates/controller-configmap.yaml
View file

@ -17,13 +17,12 @@ data:
{{- if .Values.controller.addHeaders }} {{- if .Values.controller.addHeaders }}
add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
{{- end }} {{- end }}
{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }} {{- if .Values.controller.proxySetHeaders }}
proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
{{- end }} {{- end }}
{{- if .Values.dhParam }} {{- if .Values.dhParam }}
ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }} ssl-dh-param: {{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }}
{{- end }} {{- end }}
{{- range $key, $value := .Values.controller.config }} {{- range $key, $value := .Values.controller.config }}
{{- $key | nindent 2 }}: {{ $value | quote }} {{- $key | nindent 2 }}: {{ $value | quote }}
{{- end }} {{- end }}

21
charts/ingress-nginx/templates/controller-daemonset.yaml
View file

@ -33,7 +33,7 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
labels: labels:
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }} {{- include "ingress-nginx.labels" . | nindent 8 }}
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
{{- with .Values.controller.labels }} {{- with .Values.controller.labels }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
@ -178,17 +178,14 @@ spec:
{{- end }} {{- end }}
{{- if .Values.controller.extraModules }} {{- if .Values.controller.extraModules }}
{{- range .Values.controller.extraModules }} {{- range .Values.controller.extraModules }}
- name: {{ .Name }} {{ $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
image: {{ .Image }} {{ include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | indent 8 }}
command: ['sh', '-c', '/usr/local/bin/init_module.sh']
{{- if (or $.Values.controller.containerSecurityContext .containerSecurityContext) }}
securityContext: {{ .containerSecurityContext | default $.Values.controller.containerSecurityContext | toYaml | nindent 14 }}
{{- end }}
volumeMounts:
- name: modules
mountPath: /modules_mount
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.opentelemetry.enabled}}
{{ $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext) | nindent 8}}
{{- end}}
{{- end }} {{- end }}
{{- if .Values.controller.hostNetwork }} {{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }}
@ -207,9 +204,9 @@ spec:
{{- end }} {{- end }}
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
volumes: volumes:
{{- if .Values.controller.extraModules }} {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
- name: modules - name: modules
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}

4
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -37,7 +37,7 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
labels: labels:
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }} {{- include "ingress-nginx.labels" . | nindent 8 }}
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
{{- with .Values.controller.labels }} {{- with .Values.controller.labels }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
@ -185,7 +185,7 @@ spec:
{{- if .Values.controller.extraModules }} {{- if .Values.controller.extraModules }}
{{- range .Values.controller.extraModules }} {{- range .Values.controller.extraModules }}
{{ $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} {{ $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext | nindent 8) }} {{ include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | indent 8 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.controller.opentelemetry.enabled}} {{- if .Values.controller.opentelemetry.enabled}}

27
charts/ingress-nginx/templates/controller-hpa.yaml
View file

@ -1,12 +1,9 @@
{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} {{- if and (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) -}}
{{- if not .Values.controller.keda.enabled }} apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
apiVersion: {{ .Values.controller.autoscaling.apiVersion }}
kind: HorizontalPodAutoscaler kind: HorizontalPodAutoscaler
metadata: metadata:
annotations:
{{- with .Values.controller.autoscaling.annotations }} {{- with .Values.controller.autoscaling.annotations }}
{{- toYaml . | trimSuffix "\n" | nindent 4 }} annotations: {{ toYaml . | nindent 4 }}
{{- end }} {{- end }}
labels: labels:
{{- include "ingress-nginx.labels" . | nindent 4 }} {{- include "ingress-nginx.labels" . | nindent 4 }}
@ -24,14 +21,6 @@ spec:
minReplicas: {{ .Values.controller.autoscaling.minReplicas }} minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
metrics: metrics:
{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }} {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource - type: Resource
resource: resource:
@ -40,6 +29,14 @@ spec:
type: Utilization type: Utilization
averageUtilization: {{ . }} averageUtilization: {{ . }}
{{- end }} {{- end }}
{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .Values.controller.autoscalingTemplate }} {{- with .Values.controller.autoscalingTemplate }}
{{- toYaml . | nindent 2 }} {{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
@ -48,5 +45,3 @@ spec:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}

3
charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
View file

@ -10,6 +10,9 @@ metadata:
{{- end }} {{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }} name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
{{- if .Values.controller.annotations }}
annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
{{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:

4
charts/ingress-nginx/templates/controller-psp.yaml
View file

@ -28,9 +28,9 @@ spec:
volumes: volumes:
- 'configMap' - 'configMap'
- 'emptyDir' - 'emptyDir'
#- 'projected' - 'projected'
- 'secret' - 'secret'
#- 'downwardAPI' - 'downwardAPI'
{{- if .Values.controller.hostNetwork }} {{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }} {{- end }}

15
charts/ingress-nginx/templates/controller-secret.yaml Normal file
View file

@ -0,0 +1,15 @@
{{- if .Values.dhParam -}}
apiVersion: v1
kind: Secret
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- with .Values.controller.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ .Release.Namespace }}
data:
dhparam.pem: {{ .Values.dhParam }}
{{- end }}

8
charts/ingress-nginx/templates/controller-service-internal.yaml
View file

@ -29,9 +29,9 @@ spec:
{{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
{{- if .Values.controller.service.enableHttp }} {{- if .Values.controller.service.enableHttp }}
- name: http - name: http
port: {{ .Values.controller.service.ports.http }} port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }}
protocol: TCP protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.http }} targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }}
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
appProtocol: http appProtocol: http
{{- end }} {{- end }}
@ -41,9 +41,9 @@ spec:
{{- end }} {{- end }}
{{- if .Values.controller.service.enableHttps }} {{- if .Values.controller.service.enableHttps }}
- name: https - name: https
port: {{ .Values.controller.service.ports.https }} port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }}
protocol: TCP protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.https }} targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }}
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
appProtocol: https appProtocol: https
{{- end }} {{- end }}

37
charts/ingress-nginx/templates/default-backend-hpa.yaml
View file

@ -1,33 +1,40 @@
{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }} {{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1 apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
kind: HorizontalPodAutoscaler kind: HorizontalPodAutoscaler
metadata: metadata:
{{- with .Values.defaultBackend.autoscaling.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels: labels:
{{- include "ingress-nginx.labels" . | nindent 4 }} {{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend app.kubernetes.io/component: default-backend
{{- with .Values.defaultBackend.labels }} {{- with .Values.defaultBackend.labels }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
name: {{ template "ingress-nginx.defaultBackend.fullname" . }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
scaleTargetRef: scaleTargetRef:
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
name: {{ template "ingress-nginx.defaultBackend.fullname" . }} name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }} maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
metrics: metrics:
{{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource - type: Resource
resource: resource:
name: cpu name: cpu
targetAverageUtilization: {{ . }} target:
{{- end }} type: Utilization
{{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} averageUtilization: {{ . }}
- type: Resource {{- end }}
resource: {{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
name: memory - type: Resource
targetAverageUtilization: {{ . }} resource:
{{- end }} name: memory
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- end }} {{- end }}

10
charts/ingress-nginx/templates/dh-param-secret.yaml
View file

@ -1,10 +0,0 @@
{{- with .Values.dhParam -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "ingress-nginx.controller.fullname" $ }}
labels:
{{- include "ingress-nginx.labels" $ | nindent 4 }}
data:
dhparam.pem: {{ . }}
{{- end }}

383
charts/ingress-nginx/values.yaml
View file

@ -23,71 +23,58 @@ controller:
## for backwards compatibility consider setting the full image url via the repository value below ## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository: ## repository:
tag: "v1.5.1" tag: "v1.7.1"
digest: sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 digest: sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
digestChroot: sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345 digestChroot: sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# www-data -> uid 101 # www-data -> uid 101
runAsUser: 101 runAsUser: 101
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
# -- Use an existing PSP instead of creating one # -- Use an existing PSP instead of creating one
existingPsp: "" existingPsp: ""
# -- Configures the controller container name # -- Configures the controller container name
containerName: controller containerName: controller
# -- Configures the ports that the nginx-controller listens on # -- Configures the ports that the nginx-controller listens on
containerPort: containerPort:
http: 80 http: 80
https: 443 https: 443
# -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
config: {} config: {}
# -- Annotations to be added to the controller config configuration configmap. # -- Annotations to be added to the controller config configuration configmap.
configAnnotations: {} configAnnotations: {}
# -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers
proxySetHeaders: {} proxySetHeaders: {}
# -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
addHeaders: {} addHeaders: {}
# -- Optionally customize the pod dnsConfig. # -- Optionally customize the pod dnsConfig.
dnsConfig: {} dnsConfig: {}
# -- Optionally customize the pod hostname. # -- Optionally customize the pod hostname.
hostname: {} hostname: {}
# -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
# By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
# to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
# -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
# Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply # Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
reportNodeInternalIp: false reportNodeInternalIp: false
# -- Process Ingress objects without ingressClass annotation/ingressClassName field # -- Process Ingress objects without ingressClass annotation/ingressClassName field
# Overrides value for --watch-ingress-without-class flag of the controller binary # Overrides value for --watch-ingress-without-class flag of the controller binary
# Defaults to false # Defaults to false
watchIngressWithoutClass: false watchIngressWithoutClass: false
# -- Process IngressClass per name (additionally as per spec.controller). # -- Process IngressClass per name (additionally as per spec.controller).
ingressClassByName: false ingressClassByName: false
# -- This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-aware-hints="auto"
# Defaults to false
enableTopologyAwareRouting: false
# -- This configuration defines if Ingress Controller should allow users to set # -- This configuration defines if Ingress Controller should allow users to set
# their own *-snippet annotations, otherwise this is forbidden / dropped # their own *-snippet annotations, otherwise this is forbidden / dropped
# when users add those annotations. # when users add those annotations.
# Global snippets in ConfigMap are still respected # Global snippets in ConfigMap are still respected
allowSnippetAnnotations: true allowSnippetAnnotations: true
# -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
# is merged # is merged
hostNetwork: false hostNetwork: false
## Use host ports 80 and 443 ## Use host ports 80 and 443
## Disabled by default ## Disabled by default
hostPort: hostPort:
@ -98,10 +85,8 @@ controller:
http: 80 http: 80
# -- 'hostPort' https port # -- 'hostPort' https port
https: 443 https: 443
# -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader'
electionID: "" electionID: ""
## This section refers to the creation of the IngressClass resource ## This section refers to the creation of the IngressClass resource
## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19
ingressClassResource: ingressClassResource:
@ -113,23 +98,19 @@ controller:
default: false default: false
# -- Controller-value of the controller that is processing this ingressClass # -- Controller-value of the controller that is processing this ingressClass
controllerValue: "k8s.io/ingress-nginx" controllerValue: "k8s.io/ingress-nginx"
# -- Parameters is a link to a custom resource containing additional # -- Parameters is a link to a custom resource containing additional
# configuration for the controller. This is optional if the controller # configuration for the controller. This is optional if the controller
# does not require extra parameters. # does not require extra parameters.
parameters: {} parameters: {}
# -- For backwards compatibility with ingress.class annotation, use ingressClass. # -- For backwards compatibility with ingress.class annotation, use ingressClass.
# Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation
ingressClass: nginx ingressClass: nginx
# -- Labels to add to the pod container metadata # -- Labels to add to the pod container metadata
podLabels: {} podLabels: {}
# key: value # key: value
# -- Security Context policies for controller pods # -- Security Context policies for controller pods
podSecurityContext: {} podSecurityContext: {}
# -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls
sysctls: {} sysctls: {}
# sysctls: # sysctls:
@ -145,7 +126,6 @@ controller:
# -- Allows overriding of the publish service to bind to # -- Allows overriding of the publish service to bind to
# Must be <namespace>/<service_name> # Must be <namespace>/<service_name>
pathOverride: "" pathOverride: ""
# Limit the scope of the controller to a specific namespace # Limit the scope of the controller to a specific namespace
scope: scope:
# -- Enable 'scope' or not # -- Enable 'scope' or not
@ -155,27 +135,22 @@ controller:
# -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels
# only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces.
namespaceSelector: "" namespaceSelector: ""
# -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE)
configMapNamespace: "" configMapNamespace: ""
tcp: tcp:
# -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE)
configMapNamespace: "" configMapNamespace: ""
# -- Annotations to be added to the tcp config configmap # -- Annotations to be added to the tcp config configmap
annotations: {} annotations: {}
udp: udp:
# -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE)
configMapNamespace: "" configMapNamespace: ""
# -- Annotations to be added to the udp config configmap # -- Annotations to be added to the udp config configmap
annotations: {} annotations: {}
# -- Maxmind license key to download GeoLite2 Databases. # -- Maxmind license key to download GeoLite2 Databases.
## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases
maxmindLicenseKey: "" maxmindLicenseKey: ""
# -- Additional command line arguments to pass to Ingress-Nginx Controller
# -- Additional command line arguments to pass to nginx-ingress-controller
# E.g. to specify the default SSL certificate you can use # E.g. to specify the default SSL certificate you can use
extraArgs: {} extraArgs: {}
## extraArgs: ## extraArgs:
@ -192,7 +167,6 @@ controller:
# -- Use a `DaemonSet` or `Deployment` # -- Use a `DaemonSet` or `Deployment`
kind: Deployment kind: Deployment
# -- Annotations to be added to the controller Deployment or DaemonSet # -- Annotations to be added to the controller Deployment or DaemonSet
## ##
annotations: {} annotations: {}
@ -204,7 +178,6 @@ controller:
# keel.sh/policy: patch # keel.sh/policy: patch
# keel.sh/trigger: poll # keel.sh/trigger: poll
# -- The update strategy to apply to the Deployment or DaemonSet # -- The update strategy to apply to the Deployment or DaemonSet
## ##
updateStrategy: {} updateStrategy: {}
@ -215,8 +188,6 @@ controller:
# -- `minReadySeconds` to avoid killing pods before we are ready # -- `minReadySeconds` to avoid killing pods before we are ready
## ##
minReadySeconds: 0 minReadySeconds: 0
# -- Node tolerations for server scheduling to nodes with taints # -- Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
## ##
@ -230,68 +201,66 @@ controller:
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## ##
affinity: {} affinity: {}
# # An example of preferred pod anti-affinity, weight is in the range 1-100 # # An example of preferred pod anti-affinity, weight is in the range 1-100
# podAntiAffinity: # podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution: # preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 100 # - weight: 100
# podAffinityTerm: # podAffinityTerm:
# labelSelector: # labelSelector:
# matchExpressions: # matchExpressions:
# - key: app.kubernetes.io/name # - key: app.kubernetes.io/name
# operator: In # operator: In
# values: # values:
# - ingress-nginx # - ingress-nginx
# - key: app.kubernetes.io/instance # - key: app.kubernetes.io/instance
# operator: In # operator: In
# values: # values:
# - ingress-nginx # - ingress-nginx
# - key: app.kubernetes.io/component # - key: app.kubernetes.io/component
# operator: In # operator: In
# values: # values:
# - controller # - controller
# topologyKey: kubernetes.io/hostname # topologyKey: kubernetes.io/hostname
# # An example of required pod anti-affinity # # An example of required pod anti-affinity
# podAntiAffinity: # podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution: # requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector: # - labelSelector:
# matchExpressions: # matchExpressions:
# - key: app.kubernetes.io/name # - key: app.kubernetes.io/name
# operator: In # operator: In
# values: # values:
# - ingress-nginx # - ingress-nginx
# - key: app.kubernetes.io/instance # - key: app.kubernetes.io/instance
# operator: In # operator: In
# values: # values:
# - ingress-nginx # - ingress-nginx
# - key: app.kubernetes.io/component # - key: app.kubernetes.io/component
# operator: In # operator: In
# values: # values:
# - controller # - controller
# topologyKey: "kubernetes.io/hostname" # topologyKey: "kubernetes.io/hostname"
# -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## ##
topologySpreadConstraints: [] topologySpreadConstraints: []
# - maxSkew: 1 # - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone # topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule # whenUnsatisfiable: DoNotSchedule
# labelSelector: # labelSelector:
# matchLabels: # matchLabels:
# app.kubernetes.io/instance: ingress-nginx-internal # app.kubernetes.io/instance: ingress-nginx-internal
# -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready
## wait up to five minutes for the drain of connections ## wait up to five minutes for the drain of connections
## ##
terminationGracePeriodSeconds: 300 terminationGracePeriodSeconds: 300
# -- Node labels for controller pod assignment # -- Node labels for controller pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
## ##
nodeSelector: nodeSelector:
kubernetes.io/os: linux kubernetes.io/os: linux
## Liveness and readiness probe values ## Liveness and readiness probe values
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## ##
@ -328,23 +297,17 @@ controller:
timeoutSeconds: 1 timeoutSeconds: 1
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
# -- Path of the health check endpoint. All requests received on the port defined by # -- Path of the health check endpoint. All requests received on the port defined by
# the healthz-port parameter are forwarded internally to this path. # the healthz-port parameter are forwarded internally to this path.
healthCheckPath: "/healthz" healthCheckPath: "/healthz"
# -- Address to bind the health check endpoint. # -- Address to bind the health check endpoint.
# It is better to set this option to the internal node address # It is better to set this option to the internal node address
# if the ingress nginx controller is running in the `hostNetwork: true` mode. # if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode.
healthCheckHost: "" healthCheckHost: ""
# -- Annotations to be added to controller pods # -- Annotations to be added to controller pods
## ##
podAnnotations: {} podAnnotations: {}
replicaCount: 1 replicaCount: 1
# -- Define either 'minAvailable' or 'maxUnavailable', never both. # -- Define either 'minAvailable' or 'maxUnavailable', never both.
minAvailable: 1 minAvailable: 1
# -- Define either 'minAvailable' or 'maxUnavailable', never both. # -- Define either 'minAvailable' or 'maxUnavailable', never both.
@ -355,16 +318,14 @@ controller:
## Ideally, there should be no limits. ## Ideally, there should be no limits.
## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/
resources: resources:
## limits: ## limits:
## cpu: 100m ## cpu: 100m
## memory: 90Mi ## memory: 90Mi
requests: requests:
cpu: 100m cpu: 100m
memory: 90Mi memory: 90Mi
# Mutually exclusive with keda autoscaling # Mutually exclusive with keda autoscaling
autoscaling: autoscaling:
apiVersion: autoscaling/v2
enabled: false enabled: false
annotations: {} annotations: {}
minReplicas: 1 minReplicas: 1
@ -372,19 +333,18 @@ controller:
targetCPUUtilizationPercentage: 50 targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50 targetMemoryUtilizationPercentage: 50
behavior: {} behavior: {}
# scaleDown: # scaleDown:
# stabilizationWindowSeconds: 300 # stabilizationWindowSeconds: 300
# policies: # policies:
# - type: Pods # - type: Pods
# value: 1 # value: 1
# periodSeconds: 180 # periodSeconds: 180
# scaleUp: # scaleUp:
# stabilizationWindowSeconds: 300 # stabilizationWindowSeconds: 300
# policies: # policies:
# - type: Pods # - type: Pods
# value: 2 # value: 2
# periodSeconds: 60 # periodSeconds: 60
autoscalingTemplate: [] autoscalingTemplate: []
# Custom or additional autoscaling metrics # Custom or additional autoscaling metrics
# ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
@ -414,40 +374,36 @@ controller:
# annotations: # annotations:
# key: value # key: value
triggers: [] triggers: []
# - type: prometheus # - type: prometheus
# metadata: # metadata:
# serverAddress: http://<prometheus-host>:9090 # serverAddress: http://<prometheus-host>:9090
# metricName: http_requests_total # metricName: http_requests_total
# threshold: '100' # threshold: '100'
# query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
behavior: {} behavior: {}
# scaleDown: # scaleDown:
# stabilizationWindowSeconds: 300 # stabilizationWindowSeconds: 300
# policies: # policies:
# - type: Pods # - type: Pods
# value: 1 # value: 1
# periodSeconds: 180 # periodSeconds: 180
# scaleUp: # scaleUp:
# stabilizationWindowSeconds: 300 # stabilizationWindowSeconds: 300
# policies: # policies:
# - type: Pods # - type: Pods
# value: 2 # value: 2
# periodSeconds: 60 # periodSeconds: 60
# -- Enable mimalloc as a drop-in replacement for malloc. # -- Enable mimalloc as a drop-in replacement for malloc.
## ref: https://github.com/microsoft/mimalloc ## ref: https://github.com/microsoft/mimalloc
## ##
enableMimalloc: true enableMimalloc: true
## Override NGINX template ## Override NGINX template
customTemplate: customTemplate:
configMapName: "" configMapName: ""
configMapKey: "" configMapKey: ""
service: service:
enabled: true enabled: true
# -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were
# using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# It allows choosing the protocol for each backend specified in the Kubernetes service. # It allows choosing the protocol for each backend specified in the Kubernetes service.
@ -455,7 +411,6 @@ controller:
# Will be ignored for Kubernetes versions older than 1.20 # Will be ignored for Kubernetes versions older than 1.20
## ##
appProtocol: true appProtocol: true
annotations: {} annotations: {}
labels: {} labels: {}
# clusterIP: "" # clusterIP: ""
@ -464,14 +419,11 @@ controller:
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
## ##
externalIPs: [] externalIPs: []
# -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
loadBalancerIP: "" loadBalancerIP: ""
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
enableHttp: true enableHttp: true
enableHttps: true enableHttps: true
## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it.
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: "" # externalTrafficPolicy: ""
@ -490,23 +442,18 @@ controller:
# The ipFamilies and clusterIPs fields depend on the value of this field. # The ipFamilies and clusterIPs fields depend on the value of this field.
## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
ipFamilyPolicy: "SingleStack" ipFamilyPolicy: "SingleStack"
# -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically
# based on cluster configuration and the ipFamilyPolicy field. # based on cluster configuration and the ipFamilyPolicy field.
## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
ipFamilies: ipFamilies:
- IPv4 - IPv4
ports: ports:
http: 80 http: 80
https: 443 https: 443
targetPorts: targetPorts:
http: http http: http
https: https https: https
type: LoadBalancer type: LoadBalancer
## type: NodePort ## type: NodePort
## nodePorts: ## nodePorts:
## http: 32080 ## http: 32080
@ -518,21 +465,17 @@ controller:
https: "" https: ""
tcp: {} tcp: {}
udp: {} udp: {}
external: external:
enabled: true enabled: true
internal: internal:
# -- Enables an additional internal load balancer (besides the external one). # -- Enables an additional internal load balancer (besides the external one).
enabled: false enabled: false
# -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service.
annotations: {} annotations: {}
# loadBalancerIP: "" # loadBalancerIP: ""
# -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
## Set external traffic policy to: "Local" to preserve source IP on ## Set external traffic policy to: "Local" to preserve source IP on
## providers supporting it ## providers supporting it
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
@ -541,10 +484,19 @@ controller:
# --- Suffix to be used to name the internal service # --- Suffix to be used to name the internal service
nameSuffix: internal nameSuffix: internal
# -- Custom port mapping for internal service
ports: {}
# http: 80
# https: 443
# -- Custom target port mapping for internal service
targetPorts: {}
# http: http
# https: https
# shareProcessNamespace enables process namespace sharing within the pod. # shareProcessNamespace enables process namespace sharing within the pod.
# This can be used for example to signal log rotation using `kill -USR1` from a sidecar. # This can be used for example to signal log rotation using `kill -USR1` from a sidecar.
shareProcessNamespace: false shareProcessNamespace: false
# -- Additional containers to be added to the controller pod. # -- Additional containers to be added to the controller pod.
# See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
extraContainers: [] extraContainers: []
@ -587,6 +539,8 @@ controller:
# -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module
extraModules: [] extraModules: []
# - name: mytestmodule
# image: registry.k8s.io/ingress-nginx/mytestmodule
# containerSecurityContext: # containerSecurityContext:
# allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
# #
@ -596,10 +550,9 @@ controller:
opentelemetry: opentelemetry:
enabled: false enabled: false
image: registry.k8s.io/ingress-nginx/opentelemetry:v20230107-helm-chart-4.4.2-2-g96b3d2165@sha256:331b9bebd6acfcd2d3048abbdd86555f5be76b7e3d0b5af4300b04235c6056c9 image: registry.k8s.io/ingress-nginx/opentelemetry:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:40f766ac4a9832f36f217bb0e98d44c8d38faeccbfe861fbc1a76af7e9ab257f
containerSecurityContext: containerSecurityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
admissionWebhooks: admissionWebhooks:
annotations: {} annotations: {}
# ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem".
@ -626,11 +579,9 @@ controller:
objectSelector: {} objectSelector: {}
# -- Labels to be added to admission webhooks # -- Labels to be added to admission webhooks
labels: {} labels: {}
# -- Use an existing PSP instead of creating one # -- Use an existing PSP instead of creating one
existingPsp: "" existingPsp: ""
networkPolicyEnabled: false networkPolicyEnabled: false
service: service:
annotations: {} annotations: {}
# clusterIP: "" # clusterIP: ""
@ -641,23 +592,20 @@ controller:
nameSuffix: admission nameSuffix: admission
servicePort: 443 servicePort: 443
type: ClusterIP type: ClusterIP
createSecretJob: createSecretJob:
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
resources: {} resources: {}
# limits: # limits:
# cpu: 10m # cpu: 10m
# memory: 20Mi # memory: 20Mi
# requests: # requests:
# cpu: 10m # cpu: 10m
# memory: 20Mi # memory: 20Mi
patchWebhookJob: patchWebhookJob:
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
resources: {} resources: {}
patch: patch:
enabled: true enabled: true
image: image:
@ -666,8 +614,8 @@ controller:
## for backwards compatibility consider setting the full image url via the repository value below ## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository: ## repository:
tag: v20220916-gd32f8c343 tag: v20230312-helm-chart-4.5.2-28-g66a760794
digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f digest: sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# -- Provide a priority class name to the webhook patching job # -- Provide a priority class name to the webhook patching job
## ##
@ -682,37 +630,36 @@ controller:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 2000 runAsUser: 2000
fsGroup: 2000 fsGroup: 2000
# Use certmanager to generate webhook certs # Use certmanager to generate webhook certs
certManager: certManager:
enabled: false enabled: false
# self-signed root certificate # self-signed root certificate
rootCert: rootCert:
duration: "" # default to be 5y # default to be 5y
duration: ""
admissionCert: admissionCert:
duration: "" # default to be 1y # default to be 1y
# issuerRef: duration: ""
# name: "issuer" # issuerRef:
# kind: "ClusterIssuer" # name: "issuer"
# kind: "ClusterIssuer"
metrics: metrics:
port: 10254 port: 10254
portName: metrics portName: metrics
# if this port is changed, change healthz-port: in extraArgs: accordingly # if this port is changed, change healthz-port: in extraArgs: accordingly
enabled: false enabled: false
service: service:
annotations: {} annotations: {}
# prometheus.io/scrape: "true" # prometheus.io/scrape: "true"
# prometheus.io/port: "10254" # prometheus.io/port: "10254"
# -- Labels to be added to the metrics service resource
labels: {}
# clusterIP: "" # clusterIP: ""
# -- List of IP addresses at which the stats-exporter service is available # -- List of IP addresses at which the stats-exporter service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
## ##
externalIPs: [] externalIPs: []
# loadBalancerIP: "" # loadBalancerIP: ""
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
# --- Suffix to be used to name the metrics service # --- Suffix to be used to name the metrics service
@ -721,7 +668,6 @@ controller:
type: ClusterIP type: ClusterIP
# externalTrafficPolicy: "" # externalTrafficPolicy: ""
# nodePort: "" # nodePort: ""
serviceMonitor: serviceMonitor:
enabled: false enabled: false
additionalLabels: {} additionalLabels: {}
@ -738,46 +684,44 @@ controller:
targetLabels: [] targetLabels: []
relabelings: [] relabelings: []
metricRelabelings: [] metricRelabelings: []
prometheusRule: prometheusRule:
enabled: false enabled: false
additionalLabels: {} additionalLabels: {}
# namespace: "" # namespace: ""
rules: [] rules: []
# # These are just examples rules, please adapt them to your needs # # These are just examples rules, please adapt them to your needs
# - alert: NGINXConfigFailed # - alert: NGINXConfigFailed
# expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0
# for: 1s # for: 1s
# labels: # labels:
# severity: critical # severity: critical
# annotations: # annotations:
# description: bad ingress config - nginx config test failed # description: bad ingress config - nginx config test failed
# summary: uninstall the latest ingress changes to allow config reloads to resume # summary: uninstall the latest ingress changes to allow config reloads to resume
# - alert: NGINXCertificateExpiry # - alert: NGINXCertificateExpiry
# expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800
# for: 1s # for: 1s
# labels: # labels:
# severity: critical # severity: critical
# annotations: # annotations:
# description: ssl certificate(s) will expire in less then a week # description: ssl certificate(s) will expire in less then a week
# summary: renew expiring certificates to avoid downtime # summary: renew expiring certificates to avoid downtime
# - alert: NGINXTooMany500s # - alert: NGINXTooMany500s
# expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
# for: 1m # for: 1m
# labels: # labels:
# severity: warning # severity: warning
# annotations: # annotations:
# description: Too many 5XXs # description: Too many 5XXs
# summary: More than 5% of all requests returned 5XX, this requires your attention # summary: More than 5% of all requests returned 5XX, this requires your attention
# - alert: NGINXTooMany400s # - alert: NGINXTooMany400s
# expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
# for: 1m # for: 1m
# labels: # labels:
# severity: warning # severity: warning
# annotations: # annotations:
# description: Too many 4XXs # description: Too many 4XXs
# summary: More than 5% of all requests returned 4XX, this requires your attention # summary: More than 5% of all requests returned 4XX, this requires your attention
# -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook:
# With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds
# to 300, allowing the draining of connections up to five minutes. # to 300, allowing the draining of connections up to five minutes.
@ -790,19 +734,15 @@ controller:
exec: exec:
command: command:
- /wait-shutdown - /wait-shutdown
priorityClassName: "" priorityClassName: ""
# -- Rollback limit # -- Rollback limit
## ##
revisionHistoryLimit: 10 revisionHistoryLimit: 10
## Default 404 backend ## Default 404 backend
## ##
defaultBackend: defaultBackend:
## ##
enabled: false enabled: false
name: defaultbackend name: defaultbackend
image: image:
registry: registry.k8s.io registry: registry.k8s.io
@ -817,21 +757,16 @@ defaultBackend:
runAsNonRoot: true runAsNonRoot: true
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
# -- Use an existing PSP instead of creating one # -- Use an existing PSP instead of creating one
existingPsp: "" existingPsp: ""
extraArgs: {} extraArgs: {}
serviceAccount: serviceAccount:
create: true create: true
name: "" name: ""
automountServiceAccountToken: true automountServiceAccountToken: true
# -- Additional environment variables to set for defaultBackend pods # -- Additional environment variables to set for defaultBackend pods
extraEnvs: [] extraEnvs: []
port: 8080 port: 8080
## Readiness and liveness probes for default backend ## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## ##
@ -847,7 +782,6 @@ defaultBackend:
periodSeconds: 5 periodSeconds: 5
successThreshold: 1 successThreshold: 1
timeoutSeconds: 5 timeoutSeconds: 5
# -- The update strategy to apply to the Deployment or DaemonSet # -- The update strategy to apply to the Deployment or DaemonSet
## ##
updateStrategy: {} updateStrategy: {}
@ -858,7 +792,6 @@ defaultBackend:
# -- `minReadySeconds` to avoid killing pods before we are ready # -- `minReadySeconds` to avoid killing pods before we are ready
## ##
minReadySeconds: 0 minReadySeconds: 0
# -- Node tolerations for server scheduling to nodes with taints # -- Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
## ##
@ -869,19 +802,16 @@ defaultBackend:
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
affinity: {} affinity: {}
# -- Security Context policies for controller pods # -- Security Context policies for controller pods
# See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
# notes on enabling and using sysctls # notes on enabling and using sysctls
## ##
podSecurityContext: {} podSecurityContext: {}
# -- Security Context policies for controller main container. # -- Security Context policies for controller main container.
# See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
# notes on enabling and using sysctls # notes on enabling and using sysctls
## ##
containerSecurityContext: {} containerSecurityContext: {}
# -- Labels to add to the pod container metadata # -- Labels to add to the pod container metadata
podLabels: {} podLabels: {}
# key: value # key: value
@ -891,15 +821,11 @@ defaultBackend:
## ##
nodeSelector: nodeSelector:
kubernetes.io/os: linux kubernetes.io/os: linux
# -- Annotations to be added to default backend pods # -- Annotations to be added to default backend pods
## ##
podAnnotations: {} podAnnotations: {}
replicaCount: 1 replicaCount: 1
minAvailable: 1 minAvailable: 1
resources: {} resources: {}
# limits: # limits:
# cpu: 10m # cpu: 10m
@ -925,43 +851,35 @@ defaultBackend:
maxReplicas: 2 maxReplicas: 2
targetCPUUtilizationPercentage: 50 targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50 targetMemoryUtilizationPercentage: 50
service: service:
annotations: {} annotations: {}
# clusterIP: "" # clusterIP: ""
# -- List of IP addresses at which the default backend service is available # -- List of IP addresses at which the default backend service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
## ##
externalIPs: [] externalIPs: []
# loadBalancerIP: "" # loadBalancerIP: ""
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
servicePort: 80 servicePort: 80
type: ClusterIP type: ClusterIP
priorityClassName: "" priorityClassName: ""
# -- Labels to be added to the default backend resources # -- Labels to be added to the default backend resources
labels: {} labels: {}
## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 ## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266
rbac: rbac:
create: true create: true
scope: false scope: false
## If true, create & use Pod Security Policy resources ## If true, create & use Pod Security Policy resources
## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
podSecurityPolicy: podSecurityPolicy:
enabled: false enabled: false
serviceAccount: serviceAccount:
create: true create: true
name: "" name: ""
automountServiceAccountToken: true automountServiceAccountToken: true
# -- Annotations for the controller service account # -- Annotations for the controller service account
annotations: {} annotations: {}
# -- Optional array of imagePullSecrets containing private registry credentials # -- Optional array of imagePullSecrets containing private registry credentials
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: [] imagePullSecrets: []
@ -982,8 +900,7 @@ udp: {}
# -- Prefix for TCP and UDP ports names in ingress controller service # -- Prefix for TCP and UDP ports names in ingress controller service
## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration ## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration
portNamePrefix: "" portNamePrefix: ""
# -- (string) A base64-encoded Diffie-Hellman parameter. # -- (string) A base64-encoded Diffie-Hellman parameter.
# This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64`
## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param
dhParam: dhParam: ""

2
cmd/dataplane/main.go
View file

@ -70,7 +70,7 @@ func main() {
mc := metric.NewDummyCollector() mc := metric.NewDummyCollector()
if conf.EnableMetrics { if conf.EnableMetrics {
// TODO: Ingress class is not a part of dataplane anymore // TODO: Ingress class is not a part of dataplane anymore
mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets) mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets, conf.ExcludeSocketMetrics)
if err != nil { if err != nil {
klog.Fatalf("Error creating prometheus collector: %v", err) klog.Fatalf("Error creating prometheus collector: %v", err)
} }

2
cmd/nginx/main.go
View file

@ -133,7 +133,7 @@ func main() {
mc := metric.NewDummyCollector() mc := metric.NewDummyCollector()
if conf.EnableMetrics { if conf.EnableMetrics {
mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets) mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets, conf.ExcludeSocketMetrics)
if err != nil { if err != nil {
klog.Fatalf("Error creating prometheus collector: %v", err) klog.Fatalf("Error creating prometheus collector: %v", err)
} }

9
cmd/plugin/commands/backends/backends.go
View file

@ -30,7 +30,7 @@ import (
// CreateCommand creates and returns this cobra subcommand // CreateCommand creates and returns this cobra subcommand
func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
var pod, deployment, selector *string var pod, deployment, selector, container *string
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "backends", Use: "backends",
Short: "Inspect the dynamic backend information of an ingress-nginx instance", Short: "Inspect the dynamic backend information of an ingress-nginx instance",
@ -47,7 +47,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
return fmt.Errorf("--list and --backend cannot both be specified") return fmt.Errorf("--list and --backend cannot both be specified")
} }
util.PrintError(backends(flags, *pod, *deployment, *selector, backend, onlyList)) util.PrintError(backends(flags, *pod, *deployment, *selector, *container, backend, onlyList))
return nil return nil
}, },
} }
@ -55,6 +55,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
pod = util.AddPodFlag(cmd) pod = util.AddPodFlag(cmd)
deployment = util.AddDeploymentFlag(cmd) deployment = util.AddDeploymentFlag(cmd)
selector = util.AddSelectorFlag(cmd) selector = util.AddSelectorFlag(cmd)
container = util.AddContainerFlag(cmd)
cmd.Flags().String("backend", "", "Output only the information for the given backend") cmd.Flags().String("backend", "", "Output only the information for the given backend")
cmd.Flags().Bool("list", false, "Output a newline-separated list of backend names") cmd.Flags().Bool("list", false, "Output a newline-separated list of backend names")
@ -62,7 +63,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
return cmd return cmd
} }
func backends(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, backend string, onlyList bool) error { func backends(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string, backend string, onlyList bool) error {
var command []string var command []string
if onlyList { if onlyList {
command = []string{"/dbg", "backends", "list"} command = []string{"/dbg", "backends", "list"}
@ -77,7 +78,7 @@ func backends(flags *genericclioptions.ConfigFlags, podName string, deployment s
return err return err
} }
out, err := kubectl.PodExecString(flags, &pod, command) out, err := kubectl.PodExecString(flags, &pod, container, command)
if err != nil { if err != nil {
return err return err
} }

9
cmd/plugin/commands/certs/certs.go
View file

@ -30,7 +30,7 @@ import (
// CreateCommand creates and returns this cobra subcommand // CreateCommand creates and returns this cobra subcommand
func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
var pod, deployment, selector *string var pod, deployment, selector, container *string
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "certs", Use: "certs",
Short: "Output the certificate data stored in an ingress-nginx pod", Short: "Output the certificate data stored in an ingress-nginx pod",
@ -40,7 +40,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
return err return err
} }
util.PrintError(certs(flags, *pod, *deployment, *selector, host)) util.PrintError(certs(flags, *pod, *deployment, *selector, *container, host))
return nil return nil
}, },
} }
@ -50,11 +50,12 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
pod = util.AddPodFlag(cmd) pod = util.AddPodFlag(cmd)
deployment = util.AddDeploymentFlag(cmd) deployment = util.AddDeploymentFlag(cmd)
selector = util.AddSelectorFlag(cmd) selector = util.AddSelectorFlag(cmd)
container = util.AddContainerFlag(cmd)
return cmd return cmd
} }
func certs(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, host string) error { func certs(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string, host string) error {
command := []string{"/dbg", "certs", "get", host} command := []string{"/dbg", "certs", "get", host}
pod, err := request.ChoosePod(flags, podName, deployment, selector) pod, err := request.ChoosePod(flags, podName, deployment, selector)
@ -62,7 +63,7 @@ func certs(flags *genericclioptions.ConfigFlags, podName string, deployment stri
return err return err
} }
out, err := kubectl.PodExecString(flags, &pod, command) out, err := kubectl.PodExecString(flags, &pod, container, command)
if err != nil { if err != nil {
return err return err
} }

9
cmd/plugin/commands/conf/conf.go
View file

@ -32,7 +32,7 @@ import (
// CreateCommand creates and returns this cobra subcommand // CreateCommand creates and returns this cobra subcommand
func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
var pod, deployment, selector *string var pod, deployment, selector, container *string
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "conf", Use: "conf",
Short: "Inspect the generated nginx.conf", Short: "Inspect the generated nginx.conf",
@ -42,7 +42,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
return err return err
} }
util.PrintError(conf(flags, host, *pod, *deployment, *selector)) util.PrintError(conf(flags, host, *pod, *deployment, *selector, *container))
return nil return nil
}, },
} }
@ -50,17 +50,18 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
pod = util.AddPodFlag(cmd) pod = util.AddPodFlag(cmd)
deployment = util.AddDeploymentFlag(cmd) deployment = util.AddDeploymentFlag(cmd)
selector = util.AddSelectorFlag(cmd) selector = util.AddSelectorFlag(cmd)
container = util.AddContainerFlag(cmd)
return cmd return cmd
} }
func conf(flags *genericclioptions.ConfigFlags, host string, podName string, deployment string, selector string) error { func conf(flags *genericclioptions.ConfigFlags, host string, podName string, deployment string, selector string, container string) error {
pod, err := request.ChoosePod(flags, podName, deployment, selector) pod, err := request.ChoosePod(flags, podName, deployment, selector)
if err != nil { if err != nil {
return err return err
} }
nginxConf, err := kubectl.PodExecString(flags, &pod, []string{"/dbg", "conf"}) nginxConf, err := kubectl.PodExecString(flags, &pod, container, []string{"/dbg", "conf"})
if err != nil { if err != nil {
return err return err
} }

10
cmd/plugin/commands/exec/exec.go
View file

@ -29,19 +29,21 @@ import (
// CreateCommand creates and returns this cobra subcommand // CreateCommand creates and returns this cobra subcommand
func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
opts := execFlags{} opts := execFlags{}
var pod, deployment, selector *string var pod, deployment, selector, container *string
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "exec", Use: "exec",
Short: "Execute a command inside an ingress-nginx pod", Short: "Execute a command inside an ingress-nginx pod",
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
util.PrintError(exec(flags, *pod, *deployment, *selector, args, opts)) util.PrintError(exec(flags, *pod, *deployment, *selector, *container, args, opts))
return nil return nil
}, },
} }
pod = util.AddPodFlag(cmd) pod = util.AddPodFlag(cmd)
deployment = util.AddDeploymentFlag(cmd) deployment = util.AddDeploymentFlag(cmd)
selector = util.AddSelectorFlag(cmd) selector = util.AddSelectorFlag(cmd)
container = util.AddContainerFlag(cmd)
cmd.Flags().BoolVarP(&opts.TTY, "tty", "t", false, "Stdin is a TTY") cmd.Flags().BoolVarP(&opts.TTY, "tty", "t", false, "Stdin is a TTY")
cmd.Flags().BoolVarP(&opts.Stdin, "stdin", "i", false, "Pass stdin to the container") cmd.Flags().BoolVarP(&opts.Stdin, "stdin", "i", false, "Pass stdin to the container")
@ -53,7 +55,7 @@ type execFlags struct {
Stdin bool Stdin bool
} }
func exec(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, cmd []string, opts execFlags) error { func exec(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string, cmd []string, opts execFlags) error {
pod, err := request.ChoosePod(flags, podName, deployment, selector) pod, err := request.ChoosePod(flags, podName, deployment, selector)
if err != nil { if err != nil {
return err return err
@ -67,7 +69,7 @@ func exec(flags *genericclioptions.ConfigFlags, podName string, deployment strin
args = append(args, "-i") args = append(args, "-i")
} }
args = append(args, []string{"-n", pod.Namespace, pod.Name, "--"}...) args = append(args, []string{"-n", pod.Namespace, "-c", container, pod.Name, "--"}...)
args = append(args, cmd...) args = append(args, cmd...)
return kubectl.Exec(flags, args) return kubectl.Exec(flags, args)
} }

9
cmd/plugin/commands/general/general.go
View file

@ -30,29 +30,30 @@ import (
// CreateCommand creates and returns this cobra subcommand // CreateCommand creates and returns this cobra subcommand
func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
var pod, deployment, selector *string var pod, deployment, selector, container *string
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "general", Use: "general",
Short: "Inspect the other dynamic ingress-nginx information", Short: "Inspect the other dynamic ingress-nginx information",
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
util.PrintError(general(flags, *pod, *deployment, *selector)) util.PrintError(general(flags, *pod, *deployment, *selector, *container))
return nil return nil
}, },
} }
pod = util.AddPodFlag(cmd) pod = util.AddPodFlag(cmd)
deployment = util.AddDeploymentFlag(cmd) deployment = util.AddDeploymentFlag(cmd)
selector = util.AddSelectorFlag(cmd) selector = util.AddSelectorFlag(cmd)
container = util.AddContainerFlag(cmd)
return cmd return cmd
} }
func general(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string) error { func general(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string) error {
pod, err := request.ChoosePod(flags, podName, deployment, selector) pod, err := request.ChoosePod(flags, podName, deployment, selector)
if err != nil { if err != nil {
return err return err
} }
out, err := kubectl.PodExecString(flags, &pod, []string{"/dbg", "general"}) out, err := kubectl.PodExecString(flags, &pod, container, []string{"/dbg", "general"})
if err != nil { if err != nil {
return err return err
} }

9
cmd/plugin/commands/logs/logs.go
View file

@ -31,19 +31,20 @@ import (
// CreateCommand creates and returns this cobra subcommand // CreateCommand creates and returns this cobra subcommand
func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
o := logsFlags{} o := logsFlags{}
var pod, deployment, selector *string var pod, deployment, selector, container *string
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "logs", Use: "logs",
Short: "Get the kubernetes logs for an ingress-nginx pod", Short: "Get the kubernetes logs for an ingress-nginx pod",
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
util.PrintError(logs(flags, *pod, *deployment, *selector, o)) util.PrintError(logs(flags, *pod, *deployment, *selector, *container, o))
return nil return nil
}, },
} }
pod = util.AddPodFlag(cmd) pod = util.AddPodFlag(cmd)
deployment = util.AddDeploymentFlag(cmd) deployment = util.AddDeploymentFlag(cmd)
selector = util.AddSelectorFlag(cmd) selector = util.AddSelectorFlag(cmd)
container = util.AddContainerFlag(cmd)
cmd.Flags().BoolVarP(&o.Follow, "follow", "f", o.Follow, "Specify if the logs should be streamed.") cmd.Flags().BoolVarP(&o.Follow, "follow", "f", o.Follow, "Specify if the logs should be streamed.")
cmd.Flags().BoolVar(&o.Timestamps, "timestamps", o.Timestamps, "Include timestamps on each line in the log output") cmd.Flags().BoolVar(&o.Timestamps, "timestamps", o.Timestamps, "Include timestamps on each line in the log output")
@ -94,13 +95,13 @@ func (o *logsFlags) toStrings() []string {
return r return r
} }
func logs(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, opts logsFlags) error { func logs(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string, opts logsFlags) error {
pod, err := request.ChoosePod(flags, podName, deployment, selector) pod, err := request.ChoosePod(flags, podName, deployment, selector)
if err != nil { if err != nil {
return err return err
} }
cmd := []string{"logs", "-n", pod.Namespace, pod.Name} cmd := []string{"logs", "-n", pod.Namespace, "-c", container, pod.Name}
cmd = append(cmd, opts.toStrings()...) cmd = append(cmd, opts.toStrings()...)
return kubectl.Exec(flags, cmd) return kubectl.Exec(flags, cmd)
} }

9
cmd/plugin/commands/ssh/ssh.go
View file

@ -28,27 +28,28 @@ import (
// CreateCommand creates and returns this cobra subcommand // CreateCommand creates and returns this cobra subcommand
func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
var pod, deployment, selector *string var pod, deployment, selector, container *string
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "ssh", Use: "ssh",
Short: "ssh into a running ingress-nginx pod", Short: "ssh into a running ingress-nginx pod",
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
util.PrintError(ssh(flags, *pod, *deployment, *selector)) util.PrintError(ssh(flags, *pod, *deployment, *selector, *container))
return nil return nil
}, },
} }
pod = util.AddPodFlag(cmd) pod = util.AddPodFlag(cmd)
deployment = util.AddDeploymentFlag(cmd) deployment = util.AddDeploymentFlag(cmd)
selector = util.AddSelectorFlag(cmd) selector = util.AddSelectorFlag(cmd)
container = util.AddContainerFlag(cmd)
return cmd return cmd
} }
func ssh(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string) error { func ssh(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string) error {
pod, err := request.ChoosePod(flags, podName, deployment, selector) pod, err := request.ChoosePod(flags, podName, deployment, selector)
if err != nil { if err != nil {
return err return err
} }
return kubectl.Exec(flags, []string{"exec", "-it", "-n", pod.Namespace, pod.Name, "--", "/bin/bash"}) return kubectl.Exec(flags, []string{"exec", "-it", "-n", pod.Namespace, "-c", container, pod.Name, "--", "/bin/bash"})
} }

4
cmd/plugin/kubectl/kubectl.go
View file

@ -31,8 +31,8 @@ import (
// PodExecString takes a pod and a command, uses kubectl exec to run the command in the pod // PodExecString takes a pod and a command, uses kubectl exec to run the command in the pod
// and returns stdout as a string // and returns stdout as a string
func PodExecString(flags *genericclioptions.ConfigFlags, pod *apiv1.Pod, args []string) (string, error) { func PodExecString(flags *genericclioptions.ConfigFlags, pod *apiv1.Pod, container string, args []string) (string, error) {
args = append([]string{"exec", "-n", pod.Namespace, pod.Name}, args...) args = append([]string{"exec", "-n", pod.Namespace, "-c", container, pod.Name}, args...)
return ExecToString(flags, args) return ExecToString(flags, args)
} }

8
cmd/plugin/util/util.go
View file

@ -31,6 +31,7 @@ import (
const ( const (
DefaultIngressDeploymentName = "ingress-nginx-controller" DefaultIngressDeploymentName = "ingress-nginx-controller"
DefaultIngressServiceName = "ingress-nginx-controller" DefaultIngressServiceName = "ingress-nginx-controller"
DefaultIngressContainerName = "controller"
) )
// IssuePrefix is the github url that we can append an issue number to to link to it // IssuePrefix is the github url that we can append an issue number to to link to it
@ -127,6 +128,13 @@ func AddSelectorFlag(cmd *cobra.Command) *string {
return &v return &v
} }
// AddContainerFlag adds a --container flag to a cobra command
func AddContainerFlag(cmd *cobra.Command) *string {
v := ""
cmd.Flags().StringVar(&v, "container", DefaultIngressContainerName, "The name of the ingress-nginx controller container")
return &v
}
// GetNamespace takes a set of kubectl flag values and returns the namespace we should be operating in // GetNamespace takes a set of kubectl flag values and returns the namespace we should be operating in
func GetNamespace(flags *genericclioptions.ConfigFlags) string { func GetNamespace(flags *genericclioptions.ConfigFlags) string {
namespace, _, err := flags.ToRawKubeConfigLoader().Namespace() namespace, _, err := flags.ToRawKubeConfigLoader().Namespace()

2
deploy/grafana/dashboards/README.md
View file

@ -4,7 +4,7 @@ Ingress-nginx supports a rich collection of prometheus metrics. If you have pro
This folder contains two dashboards that you can import. This folder contains two dashboards that you can import.
## 1. NGINX Ingress Controller ## 1. Ingress-Nginx Controller
![Dashboard](screenshot.png) ![Dashboard](screenshot.png)

8
deploy/grafana/dashboards/nginx.json
View file

@ -1312,7 +1312,7 @@
"targets": [ "targets": [
{ {
"exemplar": true, "exemplar": true,
"expr": "histogram_quantile(0.80, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", "expr": "histogram_quantile(0.80, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le))",
"format": "time_series", "format": "time_series",
"hide": false, "hide": false,
"instant": false, "instant": false,
@ -1323,7 +1323,7 @@
}, },
{ {
"exemplar": true, "exemplar": true,
"expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le))",
"format": "time_series", "format": "time_series",
"hide": false, "hide": false,
"instant": false, "instant": false,
@ -1335,7 +1335,7 @@
{ {
"editorMode": "code", "editorMode": "code",
"exemplar": true, "exemplar": true,
"expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le))", "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le))",
"format": "time_series", "format": "time_series",
"hide": false, "hide": false,
"instant": false, "instant": false,
@ -1377,7 +1377,7 @@
"targets": [ "targets": [
{ {
"exemplar": true, "exemplar": true,
"expr": "sum(increase(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=\"uat\"}[2m])) by (le)", "expr": "sum(increase(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le)",
"format": "heatmap", "format": "heatmap",
"interval": "", "interval": "",
"legendFormat": "{{le}}", "legendFormat": "{{le}}",

63
deploy/static/provider/aws/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -90,21 +90,6 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- ""
resourceNames:
- ingress-nginx-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resourceNames: resourceNames:
@ -144,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -163,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -245,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -264,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -284,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -303,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -322,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -343,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -359,7 +344,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -392,7 +377,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -415,7 +400,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -432,6 +417,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
spec: spec:
containers: containers:
- args: - args:
@ -455,7 +442,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -527,7 +514,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -538,7 +525,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -552,7 +539,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: create name: create
securityContext: securityContext:
@ -574,7 +561,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -585,7 +572,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -601,7 +588,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: patch name: patch
securityContext: securityContext:
@ -623,7 +610,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -636,7 +623,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

63
deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -90,21 +90,6 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- ""
resourceNames:
- ingress-nginx-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resourceNames: resourceNames:
@ -144,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -163,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -245,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -264,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -284,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -303,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -322,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -350,7 +335,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -368,7 +353,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -401,7 +386,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -424,7 +409,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -441,6 +426,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
spec: spec:
containers: containers:
- args: - args:
@ -464,7 +451,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -539,7 +526,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -550,7 +537,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -564,7 +551,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: create name: create
securityContext: securityContext:
@ -586,7 +573,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -597,7 +584,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -613,7 +600,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: patch name: patch
securityContext: securityContext:
@ -635,7 +622,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -648,7 +635,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

63
deploy/static/provider/baremetal/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -90,21 +90,6 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- ""
resourceNames:
- ingress-nginx-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resourceNames: resourceNames:
@ -144,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -163,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -245,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -264,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -284,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -303,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -322,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -343,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -355,7 +340,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -387,7 +372,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -410,7 +395,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -427,6 +412,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
spec: spec:
containers: containers:
- args: - args:
@ -449,7 +436,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -521,7 +508,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -532,7 +519,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -546,7 +533,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: create name: create
securityContext: securityContext:
@ -568,7 +555,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -579,7 +566,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -595,7 +582,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: patch name: patch
securityContext: securityContext:
@ -617,7 +604,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -630,7 +617,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

63
deploy/static/provider/cloud/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -90,21 +90,6 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- ""
resourceNames:
- ingress-nginx-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resourceNames: resourceNames:
@ -144,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -163,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -245,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -264,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -284,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -303,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -322,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -343,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -355,7 +340,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -388,7 +373,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -411,7 +396,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -428,6 +413,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
spec: spec:
containers: containers:
- args: - args:
@ -451,7 +438,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -523,7 +510,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -534,7 +521,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -548,7 +535,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: create name: create
securityContext: securityContext:
@ -570,7 +557,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -581,7 +568,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -597,7 +584,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: patch name: patch
securityContext: securityContext:
@ -619,7 +606,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -632,7 +619,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

63
deploy/static/provider/do/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -90,21 +90,6 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- ""
resourceNames:
- ingress-nginx-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resourceNames: resourceNames:
@ -144,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -163,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -245,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -264,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -284,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -303,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -322,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -344,7 +329,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -358,7 +343,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -391,7 +376,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -414,7 +399,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -431,6 +416,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
spec: spec:
containers: containers:
- args: - args:
@ -454,7 +441,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -526,7 +513,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -537,7 +524,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -551,7 +538,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: create name: create
securityContext: securityContext:
@ -573,7 +560,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -584,7 +571,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -600,7 +587,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: patch name: patch
securityContext: securityContext:
@ -622,7 +609,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -635,7 +622,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

63
deploy/static/provider/exoscale/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -90,21 +90,6 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- ""
resourceNames:
- ingress-nginx-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resourceNames: resourceNames:
@ -144,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -163,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -245,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -264,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -284,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -303,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -322,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -343,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -364,7 +349,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -397,7 +382,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -420,7 +405,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -437,6 +422,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
spec: spec:
containers: containers:
- args: - args:
@ -460,7 +447,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -532,7 +519,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -543,7 +530,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -557,7 +544,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: create name: create
securityContext: securityContext:
@ -579,7 +566,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -590,7 +577,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -606,7 +593,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: patch name: patch
securityContext: securityContext:
@ -628,7 +615,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -641,7 +628,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

63
deploy/static/provider/kind/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -90,21 +90,6 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- ""
resourceNames:
- ingress-nginx-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resourceNames: resourceNames:
@ -144,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -163,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -245,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -264,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -284,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -303,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -322,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -343,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -355,7 +340,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -387,7 +372,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -410,7 +395,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -431,6 +416,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
spec: spec:
containers: containers:
- args: - args:
@ -455,7 +442,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -537,7 +524,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -548,7 +535,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -562,7 +549,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: create name: create
securityContext: securityContext:
@ -584,7 +571,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -595,7 +582,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -611,7 +598,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: patch name: patch
securityContext: securityContext:
@ -633,7 +620,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -646,7 +633,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

63
deploy/static/provider/scw/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -90,21 +90,6 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- ""
resourceNames:
- ingress-nginx-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resourceNames: resourceNames:
@ -144,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -163,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -245,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -264,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -284,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -303,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -322,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -344,7 +329,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -358,7 +343,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -391,7 +376,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -414,7 +399,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -431,6 +416,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
spec: spec:
containers: containers:
- args: - args:
@ -454,7 +441,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -526,7 +513,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -537,7 +524,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -551,7 +538,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: create name: create
securityContext: securityContext:
@ -573,7 +560,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -584,7 +571,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -600,7 +587,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: patch name: patch
securityContext: securityContext:
@ -622,7 +609,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -635,7 +622,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1 app.kubernetes.io/version: 1.7.1
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

28
docs/deploy/baremetal.md
View file

@ -1,14 +1,14 @@
# Bare-metal considerations # Bare-metal considerations
In traditional *cloud* environments, where network load balancers are available on-demand, a single Kubernetes manifest In traditional *cloud* environments, where network load balancers are available on-demand, a single Kubernetes manifest
suffices to provide a single point of contact to the NGINX Ingress controller to external clients and, indirectly, to suffices to provide a single point of contact to the Ingress-Nginx Controller to external clients and, indirectly, to
any application running inside the cluster. *Bare-metal* environments lack this commodity, requiring a slightly any application running inside the cluster. *Bare-metal* environments lack this commodity, requiring a slightly
different setup to offer the same kind of access to external consumers. different setup to offer the same kind of access to external consumers.
![Cloud environment](../images/baremetal/cloud_overview.jpg) ![Cloud environment](../images/baremetal/cloud_overview.jpg)
![Bare-metal environment](../images/baremetal/baremetal_overview.jpg) ![Bare-metal environment](../images/baremetal/baremetal_overview.jpg)
The rest of this document describes a few recommended approaches to deploying the NGINX Ingress controller inside a The rest of this document describes a few recommended approaches to deploying the Ingress-Nginx Controller inside a
Kubernetes cluster running on bare-metal. Kubernetes cluster running on bare-metal.
## A pure software solution: MetalLB ## A pure software solution: MetalLB
@ -30,7 +30,7 @@ the traffic for the `ingress-nginx` Service IP. See [Traffic policies][metallb-t
yourself by reading the official documentation thoroughly. yourself by reading the official documentation thoroughly.
MetalLB can be deployed either with a simple Kubernetes manifest or with Helm. The rest of this example assumes MetalLB MetalLB can be deployed either with a simple Kubernetes manifest or with Helm. The rest of this example assumes MetalLB
was deployed following the [Installation][metallb-install] instructions, and that the NGINX Ingress controller was installed was deployed following the [Installation][metallb-install] instructions, and that the Ingress-Nginx Controller was installed
using the steps described in the [quickstart section of the installation guide][install-quickstart]. using the steps described in the [quickstart section of the installation guide][install-quickstart].
MetalLB requires a pool of IP addresses in order to be able to take ownership of the `ingress-nginx` Service. This pool MetalLB requires a pool of IP addresses in order to be able to take ownership of the `ingress-nginx` Service. This pool
@ -164,7 +164,7 @@ field of the `ingress-nginx` Service spec to `Local` ([example][preserve-ip]).
!!! warning !!! warning
This setting effectively **drops packets** sent to Kubernetes nodes which are not running any instance of the NGINX This setting effectively **drops packets** sent to Kubernetes nodes which are not running any instance of the NGINX
Ingress controller. Consider [assigning NGINX Pods to specific nodes][pod-assign] in order to control on what nodes Ingress controller. Consider [assigning NGINX Pods to specific nodes][pod-assign] in order to control on what nodes
the NGINX Ingress controller should be scheduled or not scheduled. the Ingress-Nginx Controller should be scheduled or not scheduled.
!!! example !!! example
In a Kubernetes cluster composed of 3 nodes (the external IP is added as an example, in most bare-metal environments In a Kubernetes cluster composed of 3 nodes (the external IP is added as an example, in most bare-metal environments
@ -193,7 +193,7 @@ field of the `ingress-nginx` Service spec to `Local` ([example][preserve-ip]).
* **Ingress status** * **Ingress status**
Because NodePort Services do not get a LoadBalancerIP assigned by definition, the NGINX Ingress controller **does not Because NodePort Services do not get a LoadBalancerIP assigned by definition, the Ingress-Nginx Controller **does not
update the status of Ingress objects it manages**. update the status of Ingress objects it manages**.
```console ```console
@ -202,12 +202,12 @@ NAME HOSTS ADDRESS PORTS
test-ingress myapp.example.com 80 test-ingress myapp.example.com 80
``` ```
Despite the fact there is no load balancer providing a public IP address to the NGINX Ingress controller, it is possible Despite the fact there is no load balancer providing a public IP address to the Ingress-Nginx Controller, it is possible
to force the status update of all managed Ingress objects by setting the `externalIPs` field of the `ingress-nginx` to force the status update of all managed Ingress objects by setting the `externalIPs` field of the `ingress-nginx`
Service. Service.
!!! warning !!! warning
There is more to setting `externalIPs` than just enabling the NGINX Ingress controller to update the status of There is more to setting `externalIPs` than just enabling the Ingress-Nginx Controller to update the status of
Ingress objects. Please read about this option in the [Services][external-ips] page of official Kubernetes Ingress objects. Please read about this option in the [Services][external-ips] page of official Kubernetes
documentation as well as the section about [External IPs](#external-ips) in this document for more information. documentation as well as the section about [External IPs](#external-ips) in this document for more information.
@ -268,11 +268,11 @@ for generating redirect URLs that take into account the URL used by external cli
In a setup where there is no external load balancer available but using NodePorts is not an option, one can configure In a setup where there is no external load balancer available but using NodePorts is not an option, one can configure
`ingress-nginx` Pods to use the network of the host they run on instead of a dedicated network namespace. The benefit of `ingress-nginx` Pods to use the network of the host they run on instead of a dedicated network namespace. The benefit of
this approach is that the NGINX Ingress controller can bind ports 80 and 443 directly to Kubernetes nodes' network this approach is that the Ingress-Nginx Controller can bind ports 80 and 443 directly to Kubernetes nodes' network
interfaces, without the extra network translation imposed by NodePort Services. interfaces, without the extra network translation imposed by NodePort Services.
!!! note !!! note
This approach does not leverage any Service object to expose the NGINX Ingress controller. If the `ingress-nginx` This approach does not leverage any Service object to expose the Ingress-Nginx Controller. If the `ingress-nginx`
Service exists in the target cluster, it is **recommended to delete it**. Service exists in the target cluster, it is **recommended to delete it**.
This can be achieved by enabling the `hostNetwork` option in the Pods' spec. This can be achieved by enabling the `hostNetwork` option in the Pods' spec.
@ -284,7 +284,7 @@ template:
``` ```
!!! danger "Security considerations" !!! danger "Security considerations"
Enabling this option **exposes every system daemon to the NGINX Ingress controller** on any network interface, Enabling this option **exposes every system daemon to the Ingress-Nginx Controller** on any network interface,
including the host's loopback. Please evaluate the impact this may have on the security of your system carefully. including the host's loopback. Please evaluate the impact this may have on the security of your system carefully.
!!! example !!! example
@ -299,7 +299,7 @@ template:
ingress-nginx-controller-5b4cf5fc6-lzrls 1/1 Running 203.0.113.2 host-2 ingress-nginx-controller-5b4cf5fc6-lzrls 1/1 Running 203.0.113.2 host-2
``` ```
One major limitation of this deployment approach is that only **a single NGINX Ingress controller Pod** may be scheduled One major limitation of this deployment approach is that only **a single Ingress-Nginx Controller Pod** may be scheduled
on each cluster node, because binding the same port multiple times on the same network interface is technically on each cluster node, because binding the same port multiple times on the same network interface is technically
impossible. Pods that are unschedulable due to such situation fail with the following event: impossible. Pods that are unschedulable due to such situation fail with the following event:
@ -312,7 +312,7 @@ Events:
Warning FailedScheduling default-scheduler 0/3 nodes are available: 3 node(s) didn't have free ports for the requested pod ports. Warning FailedScheduling default-scheduler 0/3 nodes are available: 3 node(s) didn't have free ports for the requested pod ports.
``` ```
One way to ensure only schedulable Pods are created is to deploy the NGINX Ingress controller as a *DaemonSet* instead One way to ensure only schedulable Pods are created is to deploy the Ingress-Nginx Controller as a *DaemonSet* instead
of a traditional Deployment. of a traditional Deployment.
!!! info !!! info
@ -334,7 +334,7 @@ expected to resolve internal names for any reason.
* **Ingress status** * **Ingress status**
Because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default Because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default
`--publish-service` flag used in standard cloud setups **does not apply** and the status of all Ingress objects remains `--publish-service` flag used in standard cloud setups **does not apply** and the status of all Ingress objects remains
blank. blank.
@ -346,7 +346,7 @@ test-ingress myapp.example.com 80
Instead, and because bare-metal nodes usually don't have an ExternalIP, one has to enable the Instead, and because bare-metal nodes usually don't have an ExternalIP, one has to enable the
[`--report-node-internal-ip-address`][cli-args] flag, which sets the status of all Ingress objects to the internal IP [`--report-node-internal-ip-address`][cli-args] flag, which sets the status of all Ingress objects to the internal IP
address of all nodes running the NGINX Ingress controller. address of all nodes running the Ingress-Nginx Controller.
!!! example !!! example
Given a `ingress-nginx-controller` DaemonSet composed of 2 replicas Given a `ingress-nginx-controller` DaemonSet composed of 2 replicas

2
docs/deploy/hardening-guide.md
View file

@ -94,7 +94,7 @@ This guide refers to chapters in the CIS Benchmark. For full explanation you sho
| __5 Request Filtering and Restrictions__||| | | __5 Request Filtering and Restrictions__||| |
| ||| | | ||| |
| __5.1 Access Control__||| | | __5.1 Access Control__||| |
| 5.1.1 Ensure allow and deny filters limit access to specific IP addresses (Not Scored)| OK/ACTION NEEDED | Depends on use case, geo ip module is compiled into nginx ingress controller, there are several ways to use it | If needed set IP restrictions via annotations or work with config snippets (be careful with lets-encrypt-http-challenge!) | | 5.1.1 Ensure allow and deny filters limit access to specific IP addresses (Not Scored)| OK/ACTION NEEDED | Depends on use case, geo ip module is compiled into Ingress-Nginx Controller, there are several ways to use it | If needed set IP restrictions via annotations or work with config snippets (be careful with lets-encrypt-http-challenge!) |
| 5.1.2 Ensure only whitelisted HTTP methods are allowed (Not Scored) | OK/ACTION NEEDED | Depends on use case| If required it can be set via config snippet| | 5.1.2 Ensure only whitelisted HTTP methods are allowed (Not Scored) | OK/ACTION NEEDED | Depends on use case| If required it can be set via config snippet|
| ||| | | ||| |
| __5.2 Request Limits__||| | | __5.2 Request Limits__||| |

36
docs/deploy/index.md
View file

@ -1,6 +1,6 @@
# Installation Guide # Installation Guide
There are multiple ways to install the NGINX ingress controller: There are multiple ways to install the Ingress-Nginx Controller:
- with [Helm](https://helm.sh), using the project repository chart; - with [Helm](https://helm.sh), using the project repository chart;
- with `kubectl apply`, using YAML manifests; - with `kubectl apply`, using YAML manifests;
@ -62,7 +62,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n
**If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead:
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/cloud/deploy.yaml
``` ```
!!! info !!! info
@ -192,9 +192,9 @@ doesn't work, you might have to fall back to the `kubectl port-forward` method d
Rancher Desktop provides Kubernetes and Container Management on the desktop. Kubernetes is enabled by default in Rancher Desktop. Rancher Desktop provides Kubernetes and Container Management on the desktop. Kubernetes is enabled by default in Rancher Desktop.
Rancher Desktop uses K3s under the hood, which in turn uses Traefik as the default ingress controller for the Kubernetes cluster. To use NGINX ingress controller in place of the default Traefik, disable Traefik from Preference > Kubernetes menu. Rancher Desktop uses K3s under the hood, which in turn uses Traefik as the default ingress controller for the Kubernetes cluster. To use Ingress-Nginx Controller in place of the default Traefik, disable Traefik from Preference > Kubernetes menu.
Once traefik is disabled, the NGINX ingress controller can be installed on Rancher Desktop using the default [quick start](#quick-start) instructions. Follow the instructions described in the [local testing section](#local-testing) to try a sample. Once traefik is disabled, the Ingress-Nginx Controller can be installed on Rancher Desktop using the default [quick start](#quick-start) instructions. Follow the instructions described in the [local testing section](#local-testing) to try a sample.
### Cloud deployments ### Cloud deployments
@ -214,7 +214,7 @@ options of various cloud providers.
#### AWS #### AWS
In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`. In AWS, we use a Network load balancer (NLB) to expose the Ingress-Nginx Controller behind a Service of `Type=LoadBalancer`.
!!! info !!! info
The provided templates illustrate the setup for legacy in-tree service load balancer for AWS NLB. The provided templates illustrate the setup for legacy in-tree service load balancer for AWS NLB.
@ -225,7 +225,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control
##### Network Load Balancer (NLB) ##### Network Load Balancer (NLB)
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/aws/deploy.yaml
``` ```
##### TLS termination in AWS Load Balancer (NLB) ##### TLS termination in AWS Load Balancer (NLB)
@ -233,10 +233,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer.
This section explains how to do that on AWS using an NLB. This section explains how to do that on AWS using an NLB.
1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template 1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template
```console ```console
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
``` ```
2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster:
@ -282,7 +282,7 @@ Then, the ingress controller can be installed like this:
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/cloud/deploy.yaml
``` ```
!!! warning !!! warning
@ -299,7 +299,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to
#### Azure #### Azure
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/cloud/deploy.yaml
``` ```
More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller).
@ -307,7 +307,7 @@ More information with regard to Azure annotations for ingress controller can be
#### Digital Ocean #### Digital Ocean
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/do/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/do/deploy.yaml
``` ```
- By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data.
@ -315,7 +315,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
#### Scaleway #### Scaleway
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/scw/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/scw/deploy.yaml
``` ```
#### Exoscale #### Exoscale
@ -330,7 +330,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale
#### Oracle Cloud Infrastructure #### Oracle Cloud Infrastructure
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/cloud/deploy.yaml
``` ```
A A
@ -357,7 +357,7 @@ For quick testing, you can use a
This should work on almost every cluster, but it will typically use a port in the range 30000-32767. This should work on almost every cluster, but it will typically use a port in the range 30000-32767.
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/baremetal/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/baremetal/deploy.yaml
``` ```
For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range),
@ -419,14 +419,14 @@ Here is how these Ingress versions are supported in Kubernetes:
- from Kubernetes 1.19 to 1.21, both `v1beta1` and `v1` Ingress resources are supported - from Kubernetes 1.19 to 1.21, both `v1beta1` and `v1` Ingress resources are supported
- in Kubernetes 1.22 and above, only `v1` Ingress resources are supported - in Kubernetes 1.22 and above, only `v1` Ingress resources are supported
And here is how these Ingress versions are supported in NGINX Ingress Controller: And here is how these Ingress versions are supported in Ingress-Nginx Controller:
- before version 1.0, only `v1beta1` Ingress resources are supported - before version 1.0, only `v1beta1` Ingress resources are supported
- in version 1.0 and above, only `v1` Ingress resources are - in version 1.0 and above, only `v1` Ingress resources are
As a result, if you're running Kubernetes 1.19 or later, you should be able to use the latest version of the NGINX As a result, if you're running Kubernetes 1.19 or later, you should be able to use the latest version of the NGINX
Ingress Controller; but if you're using an old version of Kubernetes (1.18 or earlier) you will have to use version 0.X Ingress Controller; but if you're using an old version of Kubernetes (1.18 or earlier) you will have to use version 0.X
of the NGINX Ingress Controller (e.g. version 0.49). of the Ingress-Nginx Controller (e.g. version 0.49).
The Helm chart of the NGINX Ingress Controller switched to version 1 in version 4 of the chart. In other words, if The Helm chart of the Ingress-Nginx Controller switched to version 1 in version 4 of the chart. In other words, if
you're running Kubernetes 1.19 or earlier, you should use version 3.X of the chart (this can be done by adding you're running Kubernetes 1.19 or earlier, you should use version 3.X of the chart (this can be done by adding
`--version='<4'` to the `helm install` command). `--version='<4'` to the `helm install` command ).

4
docs/developer-guide/code-overview.md
View file

@ -53,7 +53,7 @@ This code can be found in [internal/file](https://github.com/kubernetes/ingress-
#### Ingress functions #### Ingress functions
Contains all the logics from NGINX Ingress Controller, with some examples being: Contains all the logics from Ingress-Nginx Controller, with some examples being:
* Expected Golang structures that will be used in templates and other parts of the code - [internal/ingress/types.go](https://github.com/kubernetes/ingress-nginx/blob/main/internal/ingress/types.go). * Expected Golang structures that will be used in templates and other parts of the code - [internal/ingress/types.go](https://github.com/kubernetes/ingress-nginx/blob/main/internal/ingress/types.go).
* supported annotations and its parsing logics - [internal/ingress/annotations](https://github.com/kubernetes/ingress-nginx/tree/main/internal/ingress/annotations). * supported annotations and its parsing logics - [internal/ingress/annotations](https://github.com/kubernetes/ingress-nginx/tree/main/internal/ingress/annotations).
@ -104,7 +104,7 @@ Describe here `kubectl plugin`, `dbg`, `waitshutdown` and cover the hack scripts
### kubectl plugin ### kubectl plugin
It containes kubectl plugin for inspecting your ingress-nginx deployments. It contains kubectl plugin for inspecting your ingress-nginx deployments.
This part of code can be found in [cmd/plugin](https://github.com/kubernetes/ingress-nginx/tree/main/cmd/plugin) directory This part of code can be found in [cmd/plugin](https://github.com/kubernetes/ingress-nginx/tree/main/cmd/plugin) directory
Detail functions flow and available flow can be found in [kubectl-plugin](https://github.com/kubernetes/ingress-nginx/blob/main/docs/kubectl-plugin.md) Detail functions flow and available flow can be found in [kubectl-plugin](https://github.com/kubernetes/ingress-nginx/blob/main/docs/kubectl-plugin.md)

4
docs/developer-guide/getting-started.md
View file

@ -1,6 +1,6 @@
Developing for NGINX Ingress Controller Developing for Ingress-Nginx Controller
This document explains how to get started with developing for NGINX Ingress controller. This document explains how to get started with developing for Ingress-Nginx Controller.
For the really new contributors, who want to contribute to the INGRESS-NGINX project, but need help with understanding some basic concepts, For the really new contributors, who want to contribute to the INGRESS-NGINX project, but need help with understanding some basic concepts,
that are needed to work with the Kubernetes ingress resource, here is a link to the [New Contributors Guide](https://github.com/kubernetes/ingress-nginx/blob/main/NEW_CONTRIBUTOR.md). that are needed to work with the Kubernetes ingress resource, here is a link to the [New Contributors Guide](https://github.com/kubernetes/ingress-nginx/blob/main/NEW_CONTRIBUTOR.md).

965
docs/e2e-tests.md
View file

File diff suppressed because it is too large Load diff

2
docs/examples/affinity/cookie/README.md
View file

@ -67,7 +67,7 @@ Accept-Ranges: bytes
``` ```
In the example above, you can see that the response contains a `Set-Cookie` header with the settings we have defined. In the example above, you can see that the response contains a `Set-Cookie` header with the settings we have defined.
This cookie is created by the NGINX Ingress Controller, it contains a randomly generated key corresponding to the upstream used for that request (selected using [consistent hashing][consistent-hashing]) and has an `Expires` directive. This cookie is created by the Ingress-Nginx Controller, it contains a randomly generated key corresponding to the upstream used for that request (selected using [consistent hashing][consistent-hashing]) and has an `Expires` directive.
If a client sends a cookie that doesn't correspond to an upstream, NGINX selects an upstream and creates a corresponding cookie. If a client sends a cookie that doesn't correspond to an upstream, NGINX selects an upstream and creates a corresponding cookie.
If the backend pool grows NGINX will keep sending the requests through the same server of the first request, even if it's overloaded. If the backend pool grows NGINX will keep sending the requests through the same server of the first request, even if it's overloaded.

4
docs/examples/customization/custom-errors/README.md
View file

@ -29,7 +29,7 @@ service/nginx-errors ClusterIP 10.0.0.12 <none> 80/TCP 10s
## Ingress controller configuration ## Ingress controller configuration
If you do not already have an instance of the NGINX Ingress controller running, deploy it according to the If you do not already have an instance of the Ingress-Nginx Controller running, deploy it according to the
[deployment guide][deploy], then follow these steps: [deployment guide][deploy], then follow these steps:
1. Edit the `ingress-nginx-controller` Deployment and set the value of the `--default-backend-service` flag to the name of the 1. Edit the `ingress-nginx-controller` Deployment and set the value of the `--default-backend-service` flag to the name of the
@ -37,7 +37,7 @@ If you do not already have an instance of the NGINX Ingress controller running,
2. Edit the `ingress-nginx-controller` ConfigMap and create the key `custom-http-errors` with a value of `404,503`. 2. Edit the `ingress-nginx-controller` ConfigMap and create the key `custom-http-errors` with a value of `404,503`.
3. Take note of the IP address assigned to the NGINX Ingress controller Service. 3. Take note of the IP address assigned to the Ingress-Nginx Controller Service.
``` ```
$ kubectl get svc ingress-nginx $ kubectl get svc ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

2
docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml
View file

@ -6,7 +6,7 @@ defaultBackend:
image: image:
registry: registry.k8s.io registry: registry.k8s.io
image: ingress-nginx/nginx-errors image: ingress-nginx/nginx-errors
tag: "v20220916-gd32f8c343@sha256:09c421ac743bace19ab77979b82186941c5125c95e62cdb40bdf41293b5c275c" tag: "v20230312-helm-chart-4.5.2-28-g66a760794@sha256:332be6ff8c4e93e8845963932f98839dfd52ae49829c29e06475368a3e4fbd9e"
extraVolumes: extraVolumes:
- name: custom-error-pages - name: custom-error-pages
configMap: configMap:

2
docs/examples/customization/custom-errors/custom-default-backend.yaml
View file

@ -36,7 +36,7 @@ spec:
spec: spec:
containers: containers:
- name: nginx-error-server - name: nginx-error-server
image: registry.k8s.io/ingress-nginx/nginx-errors:v20220916-gd32f8c343@sha256:09c421ac743bace19ab77979b82186941c5125c95e62cdb40bdf41293b5c275c image: registry.k8s.io/ingress-nginx/nginx-errors:v20230404-helm-chart-4.6.0-11-gc76179c04@sha256:aabd7a001f6a0a07ed6ea8f6da87e928bfa8f971eba2bef708f3e8504fc5cc9b
ports: ports:
- containerPort: 8080 - containerPort: 8080
# Setting the environment variable DEBUG we can see the headers sent # Setting the environment variable DEBUG we can see the headers sent

4
docs/examples/customization/custom-headers/README.md
View file

@ -10,7 +10,7 @@ To work around this limitation, perform a rolling restart of the deployment.
## Example ## Example
This example demonstrates configuration of the nginx ingress controller via This example demonstrates configuration of the Ingress-Nginx Controller via
a ConfigMap to pass a custom list of headers to the upstream a ConfigMap to pass a custom list of headers to the upstream
server. server.
@ -26,7 +26,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/customization/custom-headers/configmap.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/customization/custom-headers/configmap.yaml
``` ```
The nginx ingress controller will read the `ingress-nginx/ingress-nginx-controller` ConfigMap, find the `proxy-set-headers` key, read HTTP headers from the `ingress-nginx/custom-headers` ConfigMap, and include those HTTP headers in all requests flowing from nginx to the backends. The Ingress-Nginx Controller will read the `ingress-nginx/ingress-nginx-controller` ConfigMap, find the `proxy-set-headers` key, read HTTP headers from the `ingress-nginx/custom-headers` ConfigMap, and include those HTTP headers in all requests flowing from nginx to the backends.
The above example was for passing a custom list of headers to the upstream server. The above example was for passing a custom list of headers to the upstream server.

2
docs/examples/customization/external-auth-headers/echo-service.yaml
View file

@ -18,7 +18,7 @@ spec:
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
containers: containers:
- name: echo-service - name: echo-service
image: registry.k8s.io/ingress-nginx/e2e-test-echo:v20220819-ga98c63787@sha256:778ac6d1188c8de8ecabeddd3c37b72c8adc8c712bad2bd7a81fb23a3514934c image: registry.k8s.io/ingress-nginx/e2e-test-echo:v20230318-helm-chart-4.5.2-44-gfec1dbe3a@sha256:4938d1d91a2b7d19454460a8c1b010b89f6ff92d2987fd889ac3e8fc3b70d91a
ports: ports:
- containerPort: 8080 - containerPort: 8080
resources: resources:

2
docs/examples/customization/ssl-dh-param/README.md
View file

@ -1,6 +1,6 @@
# Custom DH parameters for perfect forward secrecy # Custom DH parameters for perfect forward secrecy
This example aims to demonstrate the deployment of an nginx ingress controller and This example aims to demonstrate the deployment of an Ingress-Nginx Controller and
use a ConfigMap to configure a custom Diffie-Hellman parameters file to help with use a ConfigMap to configure a custom Diffie-Hellman parameters file to help with
"Perfect Forward Secrecy". "Perfect Forward Secrecy".

1
docs/examples/rewrite/README.md
View file

@ -38,6 +38,7 @@ apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
annotations: annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/rewrite-target: /$2
name: rewrite name: rewrite
namespace: default namespace: default

2
docs/examples/tls-termination/README.md
View file

@ -1,6 +1,6 @@
# TLS termination # TLS termination
This example demonstrates how to terminate TLS through the nginx Ingress controller. This example demonstrates how to terminate TLS through the Ingress-Nginx Controller.
## Prerequisites ## Prerequisites

4
docs/how-it-works.md
View file

@ -10,7 +10,7 @@ The goal of this Ingress controller is the assembly of a configuration file (ngi
Usually, a Kubernetes Controller utilizes the [synchronization loop pattern][1] to check if the desired state in the controller is updated or a change is required. To this purpose, we need to build a model using different objects from the cluster, in particular (in no special order) Ingresses, Services, Endpoints, Secrets, and Configmaps to generate a point in time configuration file that reflects the state of the cluster. Usually, a Kubernetes Controller utilizes the [synchronization loop pattern][1] to check if the desired state in the controller is updated or a change is required. To this purpose, we need to build a model using different objects from the cluster, in particular (in no special order) Ingresses, Services, Endpoints, Secrets, and Configmaps to generate a point in time configuration file that reflects the state of the cluster.
To get this object from the cluster, we use [Kubernetes Informers][2], in particular, `FilteredSharedInformer`. This informers allows reacting to changes in using [callbacks][3] to individual changes when a new object is added, modified or removed. Unfortunately, there is no way to know if a particular change is going to affect the final configuration file. Therefore on every change, we have to rebuild a new model from scratch based on the state of cluster and compare it to the current model. If the new model equals to the current one, then we avoid generating a new NGINX configuration and triggering a reload. Otherwise, we check if the difference is only about Endpoints. If so we then send the new list of Endpoints to a Lua handler running inside Nginx using HTTP POST request and again avoid generating a new NGINX configuration and triggering a reload. If the difference between running and new model is about more than just Endpoints we create a new NGINX configuration based on the new model, replace the current model and trigger a reload. To get this object from the cluster, we use [Kubernetes Informers][2], in particular, `FilteredSharedInformer`. These informers allow reacting to change in using [callbacks][3] to individual changes when a new object is added, modified or removed. Unfortunately, there is no way to know if a particular change is going to affect the final configuration file. Therefore on every change, we have to rebuild a new model from scratch based on the state of cluster and compare it to the current model. If the new model equals to the current one, then we avoid generating a new NGINX configuration and triggering a reload. Otherwise, we check if the difference is only about Endpoints. If so we then send the new list of Endpoints to a Lua handler running inside Nginx using HTTP POST request and again avoid generating a new NGINX configuration and triggering a reload. If the difference between running and new model is about more than just Endpoints we create a new NGINX configuration based on the new model, replace the current model and trigger a reload.
One of the uses of the model is to avoid unnecessary reloads when there's no change in the state and to detect conflicts in definitions. One of the uses of the model is to avoid unnecessary reloads when there's no change in the state and to detect conflicts in definitions.
@ -60,7 +60,7 @@ In a relatively big cluster with frequently deploying apps this feature saves si
Because the ingress controller works using the [synchronization loop pattern](https://coreos.com/kubernetes/docs/latest/replication-controller.html#the-reconciliation-loop-in-detail), it is applying the configuration for all matching objects. In case some Ingress objects have a broken configuration, for example a syntax error in the `nginx.ingress.kubernetes.io/configuration-snippet` annotation, the generated configuration becomes invalid, does not reload and hence no more ingresses will be taken into account. Because the ingress controller works using the [synchronization loop pattern](https://coreos.com/kubernetes/docs/latest/replication-controller.html#the-reconciliation-loop-in-detail), it is applying the configuration for all matching objects. In case some Ingress objects have a broken configuration, for example a syntax error in the `nginx.ingress.kubernetes.io/configuration-snippet` annotation, the generated configuration becomes invalid, does not reload and hence no more ingresses will be taken into account.
To prevent this situation to happen, the nginx ingress controller optionally exposes a [validating admission webhook server][8] to ensure the validity of incoming ingress objects. To prevent this situation to happen, the Ingress-Nginx Controller optionally exposes a [validating admission webhook server][8] to ensure the validity of incoming ingress objects.
This webhook appends the incoming ingress objects to the list of ingresses, generates the configuration and calls nginx to ensure the configuration has no syntax errors. This webhook appends the incoming ingress objects to the list of ingresses, generates the configuration and calls nginx to ensure the configuration has no syntax errors.
[0]: https://github.com/openresty/lua-nginx-module/pull/1259 [0]: https://github.com/openresty/lua-nginx-module/pull/1259

BIN
docs/images/otel-grafana-demo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 121 KiB

BIN
docs/images/otel-jaeger-demo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 118 KiB

BIN
docs/images/otel-zipkin-demo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 131 KiB

232
docs/index.md
View file

@ -11,233 +11,7 @@ You can learn more about using [Ingress](http://kubernetes.io/docs/user-guide/in
See [Deployment](./deploy/) for a whirlwind tour that will get you started. See [Deployment](./deploy/) for a whirlwind tour that will get you started.
# FAQ - Migration to apiVersion `networking.k8s.io/v1` # FAQ - Kubernetes 1.22 Migration
If you are using Ingress objects in your cluster (running Kubernetes older than v1.22), and you plan to upgrade to Kubernetes v1.22, this section is relevant to you. If you are using Ingress objects in your cluster (running Kubernetes older than v1.22),
and you plan to upgrade to Kubernetes v1.22, please read [the migration guide here](./user-guide/k8s-122-migration.md).
- Please read this [official blog on deprecated Ingress API versions](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/)
- Please read this [official documentation on the IngressClass object](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)
## What is an IngressClass and why is it important for users of Ingress-NGINX controller now ?
IngressClass is a Kubernetes resource. See the description below. It's important because until now, a default install of the Ingress-NGINX controller did not require any IngressClass object. From version 1.0.0 of the Ingress-NGINX Controller, an IngressClass object is required.
On clusters with more than one instance of the Ingress-NGINX controller, all instances of the controllers must be aware of which Ingress objects they serve. The `ingressClassName` field of an Ingress is the way to let the controller know about that.
```console
kubectl explain ingressclass
```
```
KIND: IngressClass
VERSION: networking.k8s.io/v1
DESCRIPTION:
IngressClass represents the class of the Ingress, referenced by the Ingress
Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be
used to indicate that an IngressClass should be considered default. When a
single IngressClass resource has this annotation set to true, new Ingress
resources without a class specified will be assigned this default class.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <Object>
Spec is the desired state of the IngressClass. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status`
```
## What has caused this change in behavior?
There are 2 reasons primarily.
### Reason #1
Until K8s version 1.21, it was possible to create an Ingress resource using deprecated versions of the Ingress API, such as:
- `extensions/v1beta1`
- `networking.k8s.io/v1beta1`
You would get a message about deprecation, but the Ingress resource would get created.
From K8s version 1.22 onwards, you can **only** access the Ingress API via the stable, `networking.k8s.io/v1` API. The reason is explained in the [official blog on deprecated ingress API versions](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/).
### Reason #2
If you are already using the Ingress-NGINX controller and then upgrade to K8s version v1.22 , there are several scenarios where your existing Ingress objects will not work how you expect. Read this FAQ to check which scenario matches your use case.
## What is ingressClassName field ?
`ingressClassName` is a field in the specs of an Ingress object.
```shell
kubectl explain ingress.spec.ingressClassName
```
```console
KIND: Ingress
VERSION: networking.k8s.io/v1
FIELD: ingressClassName <string>
DESCRIPTION:
IngressClassName is the name of the IngressClass cluster resource. The
associated IngressClass defines which controller will implement the
resource. This replaces the deprecated `kubernetes.io/ingress.class`
annotation. For backwards compatibility, when that annotation is set, it
must be given precedence over this field. The controller may emit a warning
if the field and annotation have different values. Implementations of this
API should ignore Ingresses without a class specified. An IngressClass
resource may be marked as default, which can be used to set a default value
for this field. For more information, refer to the IngressClass
documentation.
```
The `.spec.ingressClassName` behavior has precedence over the deprecated `kubernetes.io/ingress.class` annotation.
## I have only one ingress controller in my cluster. What should I do?
If a single instance of the Ingress-NGINX controller is the sole Ingress controller running in your cluster, you should add the annotation "ingressclass.kubernetes.io/is-default-class" in your IngressClass, so any new Ingress objects will have this one as default IngressClass.
When using Helm, you can enable this annotation by setting `.controller.ingressClassResource.default: true` in your Helm chart installation's values file.
If you have any old Ingress objects remaining without an IngressClass set, you can do one or more of the following to make the Ingress-NGINX controller aware of the old objects:
- You can manually set the [`.spec.ingressClassName`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) field in the manifest of your own Ingress resources.
- You can re-create them after setting the `ingressclass.kubernetes.io/is-default-class` annotation to `true` on the IngressClass
- Alternatively you can make the Ingress-NGINX controller watch Ingress objects without the ingressClassName field set by starting your Ingress-NGINX with the flag [--watch-ingress-without-class=true](#what-is-the-flag-watch-ingress-without-class) . When using Helm, you can configure your Helm chart installation's values file with `.controller.watchIngressWithoutClass: true`
You can configure your Helm chart installation's values file with `.controller.watchIngressWithoutClass: true`.
We recommend that you create the IngressClass as shown below:
```
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
name: nginx
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: k8s.io/ingress-nginx
```
And add the value `spec.ingressClassName=nginx` in your Ingress objects.
## I have multiple ingress objects in my cluster. What should I do ?
- If you have lot of ingress objects without ingressClass configuration, you can run the ingress-controller with the flag `--watch-ingress-without-class=true`.
### What is the flag '--watch-ingress-without-class' ?
- Its a flag that is passed,as an argument, to the `nginx-ingress-controller` executable. In the configuration, it looks like this:
```
...
...
args:
- /nginx-ingress-controller
- --watch-ingress-without-class=true
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-dev-v1-test-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-dev-v1-test-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
...
...
```
## I have more than one controller in my cluster and already use the annotation ?
No problem. This should still keep working, but we highly recommend you to test!
Even though `kubernetes.io/ingress.class` is deprecated, the Ingress-NGINX controller still understands that annotation.
If you want to follow good practice, you should consider migrating to use IngressClass and `.spec.ingressClassName`.
## I have more than one controller running in my cluster, and I want to use the new API ?
In this scenario, you need to create multiple IngressClasses (see example one). But be aware that IngressClass works in a very specific way: you will need to change the `.spec.controller` value in your IngressClass and configure the controller to expect the exact same value.
Let's see some example, supposing that you have three IngressClasses:
- IngressClass `ingress-nginx-one`, with `.spec.controller` equal to `example.com/ingress-nginx1`
- IngressClass `ingress-nginx-two`, with `.spec.controller` equal to `example.com/ingress-nginx2`
- IngressClass `ingress-nginx-three`, with `.spec.controller` equal to `example.com/ingress-nginx1`
(for private use, you can also use a controller name that doesn't contain a `/`; for example: `ingress-nginx1`)
When deploying your ingress controllers, you will have to change the `--controller-class` field as follows:
- Ingress-Nginx A, configured to use controller class name `example.com/ingress-nginx1`
- Ingress-Nginx B, configured to use controller class name `example.com/ingress-nginx2`
Then, when you create an Ingress object with its `ingressClassName` set to `ingress-nginx-two`, only controllers looking for the `example.com/ingress-nginx2` controller class pay attention to the new object. Given that Ingress-Nginx B is set up that way, it will serve that object, whereas Ingress-Nginx A ignores the new Ingress.
Bear in mind that, if you start Ingress-Nginx B with the command line argument `--watch-ingress-without-class=true`, then it will serve:
1. Ingresses without any `ingressClassName` set
2. Ingresses where the deprecated annotation (`kubernetes.io/ingress.class`) matches the value set in the command line argument `--ingress-class`
3. Ingresses that refer to any IngressClass that has the same `spec.controller` as configured in `--controller-class`
If you start Ingress-Nginx B with the command line argument `--watch-ingress-without-class=true` and you run Ingress-Nginx A with the command line argument `--watch-ingress-without-class=false` then this is a supported configuration. If you have two Ingress-NGINX controllers for the same cluster, both running with `--watch-ingress-without-class=true` then there is likely to be a conflict.
## I am seeing this error message in the logs of the Ingress-NGINX controller: "ingress class annotation is not equal to the expected by Ingress Controller". Why ?
- It is highly likely that you will also see the name of the ingress resource in the same error message. This error message has been observed on use the deprecated annotation (`kubernetes.io/ingress.class`) in a Ingress resource manifest. It is recommended to use the `.spec.ingressClassName` field of the Ingress resource, to specify the name of the IngressClass of the Ingress you are defining.
## How to easily install multiple instances of the ingress-NGINX controller in the same cluster ?
- Create a new namespace
```
kubectl create namespace ingress-nginx-2
```
- Use Helm to install the additional instance of the ingress controller
- Ensure you have Helm working (refer to the [Helm documentation](https://helm.sh/docs/))
- We have to assume that you have the helm repo for the ingress-NGINX controller already added to your Helm config. But, if you have not added the helm repo then you can do this to add the repo to your helm config;
```
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
```
- Make sure you have updated the helm repo data;
```
helm repo update
```
- Now, install an additional instance of the ingress-NGINX controller like this:
```
helm install ingress-nginx-2 ingress-nginx/ingress-nginx \
--namespace ingress-nginx-2 \
--set controller.ingressClassResource.name=nginx-two \
--set controller.ingressClass=nginx-two \
--set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
--set controller.ingressClassResource.enabled=true \
--set controller.ingressClassByName=true
```
- If you need to install yet another instance, then repeat the procedure to create a new namespace, change the values such as names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs.
- If you need to install all instances in the same namespace, then you need to specify a different **election id**, like this:
```
helm install ingress-nginx-2 ingress-nginx/ingress-nginx \
--namespace kube-system \
--set controller.electionID=nginx-two-leader \
--set controller.ingressClassResource.name=nginx-two \
--set controller.ingressClass=nginx-two \
--set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
--set controller.ingressClassResource.enabled=true \
--set controller.ingressClassByName=true
```
- Note, controller.ingressClassResource.name and controller.ingressClass have to be set with the value of the new class as the first is to create the IngressClass object and the other is to modify the deployment of the actuall ingress controller pod.

3
docs/kubectl-plugin.md
View file

@ -68,7 +68,7 @@ Use "ingress-nginx [command] --help" for more information about a command.
## Common Flags ## Common Flags
- Every subcommand supports the basic `kubectl` configuration flags like `--namespace`, `--context`, `--client-key` and so on. - Every subcommand supports the basic `kubectl` configuration flags like `--namespace`, `--context`, `--client-key` and so on.
- Subcommands that act on a particular `ingress-nginx` pod (`backends`, `certs`, `conf`, `exec`, `general`, `logs`, `ssh`), support the `--deployment <deployment>` and `--pod <pod>` flags to select either a pod from a deployment with the given name, or a pod with the given name. The `--deployment` flag defaults to `ingress-nginx-controller`. - Subcommands that act on a particular `ingress-nginx` pod (`backends`, `certs`, `conf`, `exec`, `general`, `logs`, `ssh`), support the `--deployment <deployment>`, `--pod <pod>`, and `--container <container>` flags to select either a pod from a deployment with the given name, or a pod with the given name (and the given container name). The `--deployment` flag defaults to `ingress-nginx-controller`, and the `--container` flag defaults to `controller`.
- Subcommands that inspect resources (`ingresses`, `lint`) support the `--all-namespaces` flag, which causes them to inspect resources in every namespace. - Subcommands that inspect resources (`ingresses`, `lint`) support the `--all-namespaces` flag, which causes them to inspect resources in every namespace.
## Subcommands ## Subcommands
@ -208,6 +208,7 @@ modsecurity
modules modules
nginx.conf nginx.conf
opentracing.json opentracing.json
opentelemetry.toml
owasp-modsecurity-crs owasp-modsecurity-crs
template template
``` ```

4
docs/user-guide/cli-arguments.md
View file

@ -24,6 +24,8 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment
| `--enable-metrics` | Enables the collection of NGINX metrics. (default true) | | `--enable-metrics` | Enables the collection of NGINX metrics. (default true) |
| `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)| | `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)|
| `--enable-ssl-passthrough` | Enable SSL Passthrough. (default false) | | `--enable-ssl-passthrough` | Enable SSL Passthrough. (default false) |
| `--enable-topology-aware-routing` | Enable topology aware hints feature, needs service object annotation service.kubernetes.io/topology-aware-hints sets to auto. (default false) |
| `--exclude-socket-metrics` | Set of socket request metrics to exclude which won't be exported nor being calculated. The possible socket request metrics to exclude are documented in the monitoring guide e.g. 'nginx_ingress_controller_request_duration_seconds,nginx_ingress_controller_response_size'|
| `--health-check-path` | URL path of the health check endpoint. Configured inside the NGINX status server. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. (default "/healthz") | | `--health-check-path` | URL path of the health check endpoint. Configured inside the NGINX status server. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. (default "/healthz") |
| `--health-check-timeout` | Time limit, in seconds, for a probe to health-check-path to succeed. (default 10) | | `--health-check-timeout` | Time limit, in seconds, for a probe to health-check-path to succeed. (default 10) |
| `--healthz-port` | Port to use for the healthz endpoint. (default 10254) | | `--healthz-port` | Port to use for the healthz endpoint. (default 10254) |
@ -66,7 +68,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment
| `--validating-webhook` | The address to start an admission controller on to validate incoming ingresses. Takes the form "<host>:port". If not provided, no admission controller is started. | | `--validating-webhook` | The address to start an admission controller on to validate incoming ingresses. Takes the form "<host>:port". If not provided, no admission controller is started. |
| `--validating-webhook-certificate` | The path of the validating webhook certificate PEM. | | `--validating-webhook-certificate` | The path of the validating webhook certificate PEM. |
| `--validating-webhook-key` | The path of the validating webhook key PEM. | | `--validating-webhook-key` | The path of the validating webhook key PEM. |
| `--version` | Show release information about the NGINX Ingress controller and exit. | | `--version` | Show release information about the Ingress-Nginx Controller and exit. |
| `--watch-ingress-without-class` | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. (default false) | | `--watch-ingress-without-class` | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. (default false) |
| `--watch-namespace` | Namespace the controller watches for updates to Kubernetes objects. This includes Ingresses, Services and all configuration resources. All namespaces are watched if this parameter is left empty. | | `--watch-namespace` | Namespace the controller watches for updates to Kubernetes objects. This includes Ingresses, Services and all configuration resources. All namespaces are watched if this parameter is left empty. |
| `--watch-namespace-selector` | The controller will watch namespaces whose labels match the given selector. This flag only takes effective when `--watch-namespace` is empty. | | `--watch-namespace-selector` | The controller will watch namespaces whose labels match the given selector. This flag only takes effective when `--watch-namespace` is empty. |

6
docs/user-guide/exposing-tcp-udp-services.md
View file

@ -63,3 +63,9 @@ spec:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
``` ```
Then, the configmap should be added into ingress controller's deployment args.
```
args:
- /nginx-ingress-controller
- --tcp-services-configmap=ingress-nginx/tcp-services
```

2
docs/user-guide/external-articles.md
View file

@ -2,5 +2,5 @@
- [Pain(less) NGINX Ingress](http://danielfm.me/posts/painless-nginx-ingress.html) - [Pain(less) NGINX Ingress](http://danielfm.me/posts/painless-nginx-ingress.html)
- [Accessing Kubernetes Pods from Outside of the Cluster](http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster) - [Accessing Kubernetes Pods from Outside of the Cluster](http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster)
- [Kubernetes - Redirect HTTP to HTTPS with ELB and the nginx ingress controller](https://dev.to/tomhoule/kubernetes---redirect-http-to-https-with-elb-and-the-nginx-ingress-controller) - [Kubernetes - Redirect HTTP to HTTPS with ELB and the Ingress-Nginx Controller](https://dev.to/tomhoule/kubernetes---redirect-http-to-https-with-elb-and-the-nginx-ingress-controller)
- [Configure Nginx Ingress Controller for TLS termination on Kubernetes on Azure](https://blogs.technet.microsoft.com/livedevopsinjapan/2017/02/28/configure-nginx-ingress-controller-for-tls-termination-on-kubernetes-on-azure-2/) - [Configure Nginx Ingress Controller for TLS termination on Kubernetes on Azure](https://blogs.technet.microsoft.com/livedevopsinjapan/2017/02/28/configure-nginx-ingress-controller-for-tls-termination-on-kubernetes-on-azure-2/)

245
docs/user-guide/k8s-122-migration.md Normal file
View file

@ -0,0 +1,245 @@
# FAQ - Migration to Kubernetes 1.22 and apiVersion `networking.k8s.io/v1`
If you are using Ingress objects in your cluster (running Kubernetes older than v1.22),
and you plan to upgrade to Kubernetes v1.22, this page is relevant to you.
- Please read this [official blog on deprecated Ingress API versions](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/)
- Please read this [official documentation on the IngressClass object](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)
## What is an IngressClass and why is it important for users of ingress-nginx controller now?
IngressClass is a Kubernetes resource. See the description below.
It's important because until now, a default install of the ingress-nginx controller did not require a IngressClass object.
From version 1.0.0 of the ingress-nginx controller, an IngressClass object is required.
On clusters with more than one instance of the ingress-nginx controller, all instances of the controllers must be aware of which Ingress objects they serve.
The `ingressClassName` field of an Ingress is the way to let the controller know about that.
```console
kubectl explain ingressclass
```
```
KIND: IngressClass
VERSION: networking.k8s.io/v1
DESCRIPTION:
IngressClass represents the class of the Ingress, referenced by the Ingress
Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be
used to indicate that an IngressClass should be considered default. When a
single IngressClass resource has this annotation set to true, new Ingress
resources without a class specified will be assigned this default class.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <Object>
Spec is the desired state of the IngressClass. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status`
```
## What has caused this change in behavior?
There are 2 primary reasons.
### Reason 1
Until K8s version 1.21, it was possible to create an Ingress resource using deprecated versions of the Ingress API, such as:
- `extensions/v1beta1`
- `networking.k8s.io/v1beta1`
You would get a message about deprecation, but the Ingress resource would get created.
From K8s version 1.22 onwards, you can **only** access the Ingress API via the stable, `networking.k8s.io/v1` API.
The reason is explained in the [official blog on deprecated ingress API versions](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/).
### Reason #2
If you are already using the ingress-nginx controller and then upgrade to Kubernetes 1.22,
there are several scenarios where your existing Ingress objects will not work how you expect.
Read this FAQ to check which scenario matches your use case.
## What is the `ingressClassName` field?
`ingressClassName` is a field in the spec of an Ingress object.
```shell
kubectl explain ingress.spec.ingressClassName
```
```console
KIND: Ingress
VERSION: networking.k8s.io/v1
FIELD: ingressClassName <string>
DESCRIPTION:
IngressClassName is the name of the IngressClass cluster resource. The
associated IngressClass defines which controller will implement the
resource. This replaces the deprecated `kubernetes.io/ingress.class`
annotation. For backwards compatibility, when that annotation is set, it
must be given precedence over this field. The controller may emit a warning
if the field and annotation have different values. Implementations of this
API should ignore Ingresses without a class specified. An IngressClass
resource may be marked as default, which can be used to set a default value
for this field. For more information, refer to the IngressClass
documentation.
```
The `.spec.ingressClassName` behavior has precedence over the deprecated `kubernetes.io/ingress.class` annotation.
## I have only one ingress controller in my cluster. What should I do?
If a single instance of the ingress-nginx controller is the sole Ingress controller running in your cluster,
you should add the annotation "ingressclass.kubernetes.io/is-default-class" in your IngressClass,
so any new Ingress objects will have this one as default IngressClass.
When using Helm, you can enable this annotation by setting `.controller.ingressClassResource.default: true` in your Helm chart installation's values file.
If you have any old Ingress objects remaining without an IngressClass set, you can do one or more of the following to make the ingress-nginx controller aware of the old objects:
- You can manually set the [`.spec.ingressClassName`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) field in the manifest of your own Ingress resources.
- You can re-create them after setting the `ingressclass.kubernetes.io/is-default-class` annotation to `true` on the IngressClass
- Alternatively you can make the ingress-nginx controller watch Ingress objects without the ingressClassName field set by starting your ingress-nginx with the flag [--watch-ingress-without-class=true](#what-is-the-flag-watch-ingress-without-class).
When using Helm, you can configure your Helm chart installation's values file with `.controller.watchIngressWithoutClass: true`.
We recommend that you create the IngressClass as shown below:
```
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
name: nginx
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: k8s.io/ingress-nginx
```
and add the value `spec.ingressClassName=nginx` in your Ingress objects.
## I have many ingress objects in my cluster. What should I do?
If you have a lot of ingress objects without ingressClass configuration,
you can run the ingress controller with the flag `--watch-ingress-without-class=true`.
### What is the flag `--watch-ingress-without-class`?
It's a flag that is passed, as an argument, to the `nginx-ingress-controller` executable.
In the configuration, it looks like this:
```yaml
# ...
args:
- /nginx-ingress-controller
- --watch-ingress-without-class=true
- --controller-class=k8s.io/ingress-nginx
# ...
# ...
```
## I have more than one controller in my cluster, and I'm already using the annotation
No problem. This should still keep working, but we highly recommend you to test!
Even though `kubernetes.io/ingress.class` is deprecated, the ingress-nginx controller still understands that annotation.
If you want to follow good practice, you should consider migrating to use IngressClass and `.spec.ingressClassName`.
## I have more than one controller running in my cluster, and I want to use the new API
In this scenario, you need to create multiple IngressClasses (see the example above).
Be aware that IngressClass works in a very specific way: you will need to change the `.spec.controller` value in your IngressClass and configure the controller to expect the exact same value.
Let's see an example, supposing that you have three IngressClasses:
- IngressClass `ingress-nginx-one`, with `.spec.controller` equal to `example.com/ingress-nginx1`
- IngressClass `ingress-nginx-two`, with `.spec.controller` equal to `example.com/ingress-nginx2`
- IngressClass `ingress-nginx-three`, with `.spec.controller` equal to `example.com/ingress-nginx1`
For private use, you can also use a controller name that doesn't contain a `/`, e.g. `ingress-nginx1`.
When deploying your ingress controllers, you will have to change the `--controller-class` field as follows:
- Ingress-Nginx A, configured to use controller class name `example.com/ingress-nginx1`
- Ingress-Nginx B, configured to use controller class name `example.com/ingress-nginx2`
When you create an Ingress object with its `ingressClassName` set to `ingress-nginx-two`,
only controllers looking for the `example.com/ingress-nginx2` controller class pay attention to the new object.
Given that Ingress-Nginx B is set up that way, it will serve that object, whereas Ingress-Nginx A ignores the new Ingress.
Bear in mind that if you start Ingress-Nginx B with the command line argument `--watch-ingress-without-class=true`, it will serve:
1. Ingresses without any `ingressClassName` set
2. Ingresses where the deprecated annotation (`kubernetes.io/ingress.class`) matches the value set in the command line argument `--ingress-class`
3. Ingresses that refer to any IngressClass that has the same `spec.controller` as configured in `--controller-class`
4. If you start Ingress-Nginx B with the command line argument `--watch-ingress-without-class=true` and you run Ingress-Nginx A with the command line argument `--watch-ingress-without-class=false` then this is a supported configuration.
If you have two ingress-nginx controllers for the same cluster, both running with `--watch-ingress-without-class=true` then there is likely to be a conflict.
## Why am I seeing "ingress class annotation is not equal to the expected by Ingress Controller" in my controller logs?
It is highly likely that you will also see the name of the ingress resource in the same error message.
This error message has been observed on use the deprecated annotation (`kubernetes.io/ingress.class`) in an Ingress resource manifest.
It is recommended to use the `.spec.ingressClassName` field of the Ingress resource, to specify the name of the IngressClass of the Ingress you are defining.
## How can I easily install multiple instances of the ingress-nginx controller in the same cluster?
You can install them in different namespaces.
- Create a new namespace
```
kubectl create namespace ingress-nginx-2
```
- Use Helm to install the additional instance of the ingress controller
- Ensure you have Helm working (refer to the [Helm documentation](https://helm.sh/docs/))
- We have to assume that you have the helm repo for the ingress-nginx controller already added to your Helm config.
But, if you have not added the helm repo then you can do this to add the repo to your helm config;
```
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
```
- Make sure you have updated the helm repo data;
```
helm repo update
```
- Now, install an additional instance of the ingress-nginx controller like this:
```
helm install ingress-nginx-2 ingress-nginx/ingress-nginx \
--namespace ingress-nginx-2 \
--set controller.ingressClassResource.name=nginx-two \
--set controller.ingressClass=nginx-two \
--set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
--set controller.ingressClassResource.enabled=true \
--set controller.ingressClassByName=true
```
If you need to install yet another instance, then repeat the procedure to create a new namespace,
change the values such as names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs.
Note that `controller.ingressClassResource.name` and `controller.ingressClass` have to be set correctly.
The first is to create the IngressClass object and the other is to modify the deployment of the actual ingress controller pod.
### I can't use multiple namespaces, what should I do?
If you need to install all instances in the same namespace, then you need to specify a different **election id**, like this:
```
helm install ingress-nginx-2 ingress-nginx/ingress-nginx \
--namespace kube-system \
--set controller.electionID=nginx-two-leader \
--set controller.ingressClassResource.name=nginx-two \
--set controller.ingressClass=nginx-two \
--set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
--set controller.ingressClassResource.enabled=true \
--set controller.ingressClassByName=true
```

6
docs/user-guide/miscellaneous.md
View file

@ -27,12 +27,12 @@ Support for websockets is provided by NGINX out of the box. No special configura
The only requirement to avoid the close of connections is the increase of the values of `proxy-read-timeout` and `proxy-send-timeout`. The only requirement to avoid the close of connections is the increase of the values of `proxy-read-timeout` and `proxy-send-timeout`.
The default value of this settings is `60 seconds`. The default value of these settings is `60 seconds`.
A more adequate value to support websockets is a value higher than one hour (`3600`). A more adequate value to support websockets is a value higher than one hour (`3600`).
!!! Important !!! Important
If the NGINX ingress controller is exposed with a service `type=LoadBalancer` make sure the protocol between the loadbalancer and NGINX is TCP. If the Ingress-Nginx Controller is exposed with a service `type=LoadBalancer` make sure the protocol between the loadbalancer and NGINX is TCP.
## Optimizing TLS Time To First Byte (TTTFB) ## Optimizing TLS Time To First Byte (TTTFB)
@ -52,4 +52,4 @@ The previous behavior can be restored using `retry-non-idempotent=true` in the c
## Why endpoints and not services ## Why endpoints and not services
The NGINX ingress controller does not use [Services](http://kubernetes.io/docs/user-guide/services) to route traffic to the pods. Instead it uses the Endpoints API in order to bypass [kube-proxy](http://kubernetes.io/docs/admin/kube-proxy/) to allow NGINX features like session affinity and custom load balancing algorithms. It also removes some overhead, such as conntrack entries for iptables DNAT. The Ingress-Nginx Controller does not use [Services](http://kubernetes.io/docs/user-guide/services) to route traffic to the pods. Instead it uses the Endpoints API in order to bypass [kube-proxy](http://kubernetes.io/docs/admin/kube-proxy/) to allow NGINX features like session affinity and custom load balancing algorithms. It also removes some overhead, such as conntrack entries for iptables DNAT.

70
docs/user-guide/monitoring.md
View file

@ -6,14 +6,14 @@ Two different methods to install and configure Prometheus and Grafana are descri
## Prometheus and Grafana installation using Pod Annotations ## Prometheus and Grafana installation using Pod Annotations
This tutorial will show you how to install [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/) for scraping the metrics of the NGINX Ingress controller. This tutorial will show you how to install [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/) for scraping the metrics of the Ingress-Nginx Controller.
!!! important !!! important
This example uses `emptyDir` volumes for Prometheus and Grafana. This means once the pod gets terminated you will lose all the data. This example uses `emptyDir` volumes for Prometheus and Grafana. This means once the pod gets terminated you will lose all the data.
### Before You Begin ### Before You Begin
- The NGINX Ingress controller should already be deployed according to the deployment instructions [here](../deploy/index.md). - The Ingress-Nginx Controller should already be deployed according to the deployment instructions [here](../deploy/index.md).
- The controller should be configured for exporting metrics. This requires 3 configurations to the controller. These configurations are : - The controller should be configured for exporting metrics. This requires 3 configurations to the controller. These configurations are :
1. controller.metrics.enabled=true 1. controller.metrics.enabled=true
@ -170,7 +170,7 @@ According to the above example, this URL will be http://10.192.0.3:31086
- By default request metrics are labeled with the hostname. When you have a wildcard domain ingress, then there will be no metrics for that ingress (to prevent the metrics from exploding in cardinality). To get metrics in this case you need to run the ingress controller with `--metrics-per-host=false` (you will lose labeling by hostname, but still have labeling by ingress). - By default request metrics are labeled with the hostname. When you have a wildcard domain ingress, then there will be no metrics for that ingress (to prevent the metrics from exploding in cardinality). To get metrics in this case you need to run the ingress controller with `--metrics-per-host=false` (you will lose labeling by hostname, but still have labeling by ingress).
### Grafana dashboard using ingress resource ### Grafana dashboard using ingress resource
- If you want to expose the dashboard for grafana using a ingress resource, then you can : - If you want to expose the dashboard for grafana using an ingress resource, then you can :
- change the service type of the prometheus-server service and the grafana service to "ClusterIP" like this : - change the service type of the prometheus-server service and the grafana service to "ClusterIP" like this :
``` ```
kubectl -n ingress-nginx edit svc grafana kubectl -n ingress-nginx edit svc grafana
@ -178,15 +178,15 @@ According to the above example, this URL will be http://10.192.0.3:31086
- This will open the currently deployed service grafana in the default editor configured in your shell (vi/nvim/nano/other) - This will open the currently deployed service grafana in the default editor configured in your shell (vi/nvim/nano/other)
- scroll down to line 34 that looks like "type: NodePort" - scroll down to line 34 that looks like "type: NodePort"
- change it to look like "type: ClusterIP". Save and exit. - change it to look like "type: ClusterIP". Save and exit.
- create a ingress resource with backend as "grafana" and port as "3000" - create an ingress resource with backend as "grafana" and port as "3000"
- Similarly, you can edit the service "prometheus-server" and add a ingress resource. - Similarly, you can edit the service "prometheus-server" and add an ingress resource.
## Prometheus and Grafana installation using Service Monitors ## Prometheus and Grafana installation using Service Monitors
This document assumes you're using helm and using the kube-prometheus-stack package to install Prometheus and Grafana. This document assumes you're using helm and using the kube-prometheus-stack package to install Prometheus and Grafana.
### Verify NGINX Ingress controller is installed ### Verify Ingress-Nginx Controller is installed
- The NGINX Ingress controller should already be deployed according to the deployment instructions [here](../deploy/index.md). - The Ingress-Nginx Controller should already be deployed according to the deployment instructions [here](../deploy/index.md).
- To check if Ingress controller is deployed, - To check if Ingress controller is deployed,
``` ```
@ -214,7 +214,7 @@ This document assumes you're using helm and using the kube-prometheus-stack pack
- If prometheus is not installed, then you can install from [here](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack) - If prometheus is not installed, then you can install from [here](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack)
### Re-configure NGINX Ingress controller ### Re-configure Ingress-Nginx Controller
- The Ingress NGINX controller needs to be reconfigured for exporting metrics. This requires 3 additional configurations to the controller. These configurations are : - The Ingress NGINX controller needs to be reconfigured for exporting metrics. This requires 3 additional configurations to the controller. These configurations are :
``` ```
@ -355,56 +355,40 @@ Prometheus metrics are exposed on port 10254.
### Request metrics ### Request metrics
* `nginx_ingress_controller_request_duration_seconds` Histogram * `nginx_ingress_controller_request_duration_seconds` Histogram\
The request processing (time elapsed between the first bytes were read from the client and the log write after the last bytes were sent to the client) time in seconds (affected by client speed).\
The request processing time in seconds (affected by client speed)
nginx var: `request_time` nginx var: `request_time`
* `nginx_ingress_controller_response_duration_seconds` Histogram * `nginx_ingress_controller_response_duration_seconds` Histogram\
The time spent on receiving the response from the upstream server in seconds (affected by client speed when the response is bigger than proxy buffers).\
The time spent on receiving the response from the upstream server (affected by client speed) Note: can be up to several millis bigger than the `nginx_ingress_controller_request_duration_seconds` because of the different measuring method.
nginx var: `upstream_response_time` nginx var: `upstream_response_time`
* `nginx_ingress_controller_header_duration_seconds` Histogram * `nginx_ingress_controller_header_duration_seconds` Histogram\
The time spent on receiving first header from the upstream server\
The time spent on receiving first header from the upstream server
nginx var: `upstream_header_time` nginx var: `upstream_header_time`
* `nginx_ingress_controller_connect_duration_seconds` Histogram * `nginx_ingress_controller_connect_duration_seconds` Histogram\
The time spent on establishing a connection with the upstream server\
The time spent on establishing a connection with the upstream server
nginx var: `upstream_connect_time` nginx var: `upstream_connect_time`
* `nginx_ingress_controller_response_size` Histogram * `nginx_ingress_controller_response_size` Histogram\
The response length (including request line, header, and request body)\
The response length (including request line, header, and request body)
nginx var: `bytes_sent` nginx var: `bytes_sent`
* `nginx_ingress_controller_request_size` Histogram * `nginx_ingress_controller_request_size` Histogram\
The request length (including request line, header, and request body)\
The request length (including request line, header, and request body)
nginx var: `request_length` nginx var: `request_length`
* `nginx_ingress_controller_requests` Counter * `nginx_ingress_controller_requests` Counter\
The total number of client requests The total number of client requests
* `nginx_ingress_controller_bytes_sent` Histogram * `nginx_ingress_controller_bytes_sent` Histogram\
The number of bytes sent to a client. **Deprecated**, use `nginx_ingress_controller_response_size`\
The number of bytes sent to a client. **Deprecated**, use `nginx_ingress_controller_response_size`
nginx var: `bytes_sent` nginx var: `bytes_sent`
* `nginx_ingress_controller_ingress_upstream_latency_seconds` Summary * `nginx_ingress_controller_ingress_upstream_latency_seconds` Summary\
Upstream service latency per Ingress. **Deprecated**, use `nginx_ingress_controller_connect_duration_seconds`\
Upstream service latency per Ingress. **Deprecated**, use `nginx_ingress_controller_connect_duration_seconds`
nginx var: `upstream_connect_time` nginx var: `upstream_connect_time`
``` ```
@ -469,6 +453,8 @@ Prometheus metrics are exposed on port 10254.
# TYPE nginx_ingress_controller_ssl_certificate_info gauge # TYPE nginx_ingress_controller_ssl_certificate_info gauge
# HELP nginx_ingress_controller_success Cumulative number of Ingress controller reload operations # HELP nginx_ingress_controller_success Cumulative number of Ingress controller reload operations
# TYPE nginx_ingress_controller_success counter # TYPE nginx_ingress_controller_success counter
# HELP nginx_ingress_controller_orphan_ingress Gauge reporting status of ingress orphanity, 1 indicates orphaned ingress. 'namespace' is the string used to identify namespace of ingress, 'ingress' for ingress name and 'type' for 'no-service' or 'no-endpoint' of orphanity
# TYPE nginx_ingress_controller_orphan_ingress gauge
``` ```
### Admission metrics ### Admission metrics

6
docs/user-guide/multiple-ingress.md
View file

@ -2,7 +2,7 @@
By default, deploying multiple Ingress controllers (e.g., `ingress-nginx` & `gce`) will result in all controllers simultaneously racing to update Ingress status fields in confusing ways. By default, deploying multiple Ingress controllers (e.g., `ingress-nginx` & `gce`) will result in all controllers simultaneously racing to update Ingress status fields in confusing ways.
To fix this problem, use [IngressClasses](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class). The `kubernetes.io/ingress.class` annotation is not being preferred or suggested to use as it can be deprecated in future. Better to use the field `ingress.spec.ingressClassName`. To fix this problem, use [IngressClasses](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class). The `kubernetes.io/ingress.class` annotation is not being preferred or suggested to use as it can be deprecated in the future. Better to use the field `ingress.spec.ingressClassName`.
But, when user has deployed with `scope.enabled`, then the ingress class resource field is not used. But, when user has deployed with `scope.enabled`, then the ingress class resource field is not used.
@ -111,7 +111,7 @@ spec:
then setting the corresponding `kubernetes.io/ingress.class: "internal-nginx"` annotation on your Ingresses. then setting the corresponding `kubernetes.io/ingress.class: "internal-nginx"` annotation on your Ingresses.
To reiterate, setting the annotation to any value which does not match a valid ingress class will force the NGINX Ingress controller to ignore your Ingress. To reiterate, setting the annotation to any value which does not match a valid ingress class will force the Ingress-Nginx Controller to ignore your Ingress.
If you are only running a single NGINX ingress controller, this can be achieved by setting the annotation to any value except "nginx" or an empty string. If you are only running a single Ingress-Nginx Controller, this can be achieved by setting the annotation to any value except "nginx" or an empty string.
Do this if you wish to use one of the other Ingress controllers at the same time as the NGINX controller. Do this if you wish to use one of the other Ingress controllers at the same time as the NGINX controller.

54
docs/user-guide/nginx-configuration/annotations.md
View file

@ -22,7 +22,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz
|[nginx.ingress.kubernetes.io/auth-realm](#authentication)|string| |[nginx.ingress.kubernetes.io/auth-realm](#authentication)|string|
|[nginx.ingress.kubernetes.io/auth-secret](#authentication)|string| |[nginx.ingress.kubernetes.io/auth-secret](#authentication)|string|
|[nginx.ingress.kubernetes.io/auth-secret-type](#authentication)|string| |[nginx.ingress.kubernetes.io/auth-secret-type](#authentication)|string|
|[nginx.ingress.kubernetes.io/auth-type](#authentication)|basic or digest| |[nginx.ingress.kubernetes.io/auth-type](#authentication)|"basic" or "digest"|
|[nginx.ingress.kubernetes.io/auth-tls-secret](#client-certificate-authentication)|string| |[nginx.ingress.kubernetes.io/auth-tls-secret](#client-certificate-authentication)|string|
|[nginx.ingress.kubernetes.io/auth-tls-verify-depth](#client-certificate-authentication)|number| |[nginx.ingress.kubernetes.io/auth-tls-verify-depth](#client-certificate-authentication)|number|
|[nginx.ingress.kubernetes.io/auth-tls-verify-client](#client-certificate-authentication)|string| |[nginx.ingress.kubernetes.io/auth-tls-verify-client](#client-certificate-authentication)|string|
@ -121,11 +121,8 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz
|[nginx.ingress.kubernetes.io/enable-access-log](#enable-access-log)|"true" or "false"| |[nginx.ingress.kubernetes.io/enable-access-log](#enable-access-log)|"true" or "false"|
|[nginx.ingress.kubernetes.io/enable-opentracing](#enable-opentracing)|"true" or "false"| |[nginx.ingress.kubernetes.io/enable-opentracing](#enable-opentracing)|"true" or "false"|
|[nginx.ingress.kubernetes.io/opentracing-trust-incoming-span](#opentracing-trust-incoming-span)|"true" or "false"| |[nginx.ingress.kubernetes.io/opentracing-trust-incoming-span](#opentracing-trust-incoming-span)|"true" or "false"|
|[nginx.ingress.kubernetes.io/enable-influxdb](#influxdb)|"true" or "false"| |[nginx.ingress.kubernetes.io/enable-opentelemetry](#enable-opentelemetry)|"true" or "false"|
|[nginx.ingress.kubernetes.io/influxdb-measurement](#influxdb)|string| |[nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-spans)|"true" or "false"|
|[nginx.ingress.kubernetes.io/influxdb-port](#influxdb)|string|
|[nginx.ingress.kubernetes.io/influxdb-host](#influxdb)|string|
|[nginx.ingress.kubernetes.io/influxdb-server-name](#influxdb)|string|
|[nginx.ingress.kubernetes.io/use-regex](#use-regex)|bool| |[nginx.ingress.kubernetes.io/use-regex](#use-regex)|bool|
|[nginx.ingress.kubernetes.io/enable-modsecurity](#modsecurity)|bool| |[nginx.ingress.kubernetes.io/enable-modsecurity](#modsecurity)|bool|
|[nginx.ingress.kubernetes.io/enable-owasp-core-rules](#modsecurity)|bool| |[nginx.ingress.kubernetes.io/enable-owasp-core-rules](#modsecurity)|bool|
@ -239,7 +236,7 @@ To enable consistent hashing for a backend:
`nginx.ingress.kubernetes.io/upstream-hash-by`: the nginx variable, text value or any combination thereof to use for consistent hashing. For example: `nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri"` or `nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri$host"` or `nginx.ingress.kubernetes.io/upstream-hash-by: "${request_uri}-text-value"` to consistently hash upstream requests by the current request URI. `nginx.ingress.kubernetes.io/upstream-hash-by`: the nginx variable, text value or any combination thereof to use for consistent hashing. For example: `nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri"` or `nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri$host"` or `nginx.ingress.kubernetes.io/upstream-hash-by: "${request_uri}-text-value"` to consistently hash upstream requests by the current request URI.
"subset" hashing can be enabled setting `nginx.ingress.kubernetes.io/upstream-hash-by-subset`: "true". This maps requests to subset of nodes instead of a single one. `upstream-hash-by-subset-size` determines the size of each subset (default 3). "subset" hashing can be enabled setting `nginx.ingress.kubernetes.io/upstream-hash-by-subset`: "true". This maps requests to subset of nodes instead of a single one. `nginx.ingress.kubernetes.io/upstream-hash-by-subset-size` determines the size of each subset (default 3).
Please check the [chashsubset](../../examples/chashsubset/deployment.yaml) example. Please check the [chashsubset](../../examples/chashsubset/deployment.yaml) example.
@ -601,7 +598,7 @@ the User guide.
### Service Upstream ### Service Upstream
By default the NGINX ingress controller uses a list of all endpoints (Pod IP/port) in the NGINX upstream configuration. By default the Ingress-Nginx Controller uses a list of all endpoints (Pod IP/port) in the NGINX upstream configuration.
The `nginx.ingress.kubernetes.io/service-upstream` annotation disables that behavior and instead uses a single upstream in NGINX, the service's Cluster IP and port. The `nginx.ingress.kubernetes.io/service-upstream` annotation disables that behavior and instead uses a single upstream in NGINX, the service's Cluster IP and port.
@ -821,6 +818,24 @@ sometimes need to be overridden to enable it or disable it for a specific ingres
nginx.ingress.kubernetes.io/opentracing-trust-incoming-span: "true" nginx.ingress.kubernetes.io/opentracing-trust-incoming-span: "true"
``` ```
### Enable Opentelemetry
Opentelemetry can be enabled or disabled globally through the ConfigMap but this will sometimes need to be overridden
to enable it or disable it for a specific ingress (e.g. to turn off telemetry of external health check endpoints)
```yaml
nginx.ingress.kubernetes.io/enable-opentelemetry: "true"
```
### Opentelemetry Trust Incoming Span
The option to trust incoming trace spans can be enabled or disabled globally through the ConfigMap but this will
sometimes need to be overridden to enable it or disable it for a specific ingress (e.g. only enable on a private endpoint)
```yaml
nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-spans: "true"
```
### X-Forwarded-Prefix Header ### X-Forwarded-Prefix Header
To add the non-standard `X-Forwarded-Prefix` header to the upstream request with a string value, the following annotation can be used: To add the non-standard `X-Forwarded-Prefix` header to the upstream request with a string value, the following annotation can be used:
@ -876,29 +891,6 @@ nginx.ingress.kubernetes.io/modsecurity-snippet: |
Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
``` ```
### InfluxDB
Using `influxdb-*` annotations we can monitor requests passing through a Location by sending them to an InfluxDB backend exposing the UDP socket
using the [nginx-influxdb-module](https://github.com/influxdata/nginx-influxdb-module/).
```yaml
nginx.ingress.kubernetes.io/enable-influxdb: "true"
nginx.ingress.kubernetes.io/influxdb-measurement: "nginx-reqs"
nginx.ingress.kubernetes.io/influxdb-port: "8089"
nginx.ingress.kubernetes.io/influxdb-host: "127.0.0.1"
nginx.ingress.kubernetes.io/influxdb-server-name: "nginx-ingress"
```
For the `influxdb-host` parameter you have two options:
- Use an InfluxDB server configured with the [UDP protocol](https://docs.influxdata.com/influxdb/v1.5/supported_protocols/udp/) enabled.
- Deploy Telegraf as a sidecar proxy to the Ingress controller configured to listen UDP with the [socket listener input](https://github.com/influxdata/telegraf/tree/release-1.6/plugins/inputs/socket_listener) and to write using
anyone of the [outputs plugins](https://github.com/influxdata/telegraf/tree/release-1.7/plugins/outputs) like InfluxDB, Apache Kafka,
Prometheus, etc.. (recommended)
It's important to remember that there's no DNS resolver at this stage so you will have to configure
an ip address to `nginx.ingress.kubernetes.io/influxdb-host`. If you deploy Influx or Telegraf as sidecar (another container in the same pod) this becomes straightforward since you can directly use `127.0.0.1`.
### Backend Protocol ### Backend Protocol
Using `backend-protocol` annotations is possible to indicate how NGINX should communicate with the backend service. (Replaces `secure-backends` in older versions) Using `backend-protocol` annotations is possible to indicate how NGINX should communicate with the backend service. (Replaces `secure-backends` in older versions)

64
docs/user-guide/nginx-configuration/configmap.md Executable file → Normal file
View file

@ -62,7 +62,7 @@ The following table shows a configuration option's name, type, and the default v
|[hsts-max-age](#hsts-max-age)|string|"15724800"| |[hsts-max-age](#hsts-max-age)|string|"15724800"|
|[hsts-preload](#hsts-preload)|bool|"false"| |[hsts-preload](#hsts-preload)|bool|"false"|
|[keep-alive](#keep-alive)|int|75| |[keep-alive](#keep-alive)|int|75|
|[keep-alive-requests](#keep-alive-requests)|int|100| |[keep-alive-requests](#keep-alive-requests)|int|1000|
|[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"| |[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"|
|[log-format-escape-none](#log-format-escape-none)|bool|"false"| |[log-format-escape-none](#log-format-escape-none)|bool|"false"|
|[log-format-escape-json](#log-format-escape-json)|bool|"false"| |[log-format-escape-json](#log-format-escape-json)|bool|"false"|
@ -103,7 +103,9 @@ The following table shows a configuration option's name, type, and the default v
|[brotli-min-length](#brotli-min-length)|int|20| |[brotli-min-length](#brotli-min-length)|int|20|
|[brotli-types](#brotli-types)|string|"application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"| |[brotli-types](#brotli-types)|string|"application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"|
|[use-http2](#use-http2)|bool|"true"| |[use-http2](#use-http2)|bool|"true"|
|[gzip-disable](#gzip-disable)|string|""|
|[gzip-level](#gzip-level)|int|1| |[gzip-level](#gzip-level)|int|1|
|[gzip-min-length](#gzip-min-length)|int|256|
|[gzip-types](#gzip-types)|string|"application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"| |[gzip-types](#gzip-types)|string|"application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"|
|[worker-processes](#worker-processes)|string|`<Number of CPUs>`| |[worker-processes](#worker-processes)|string|`<Number of CPUs>`|
|[worker-cpu-affinity](#worker-cpu-affinity)|string|""| |[worker-cpu-affinity](#worker-cpu-affinity)|string|""|
@ -155,6 +157,19 @@ The following table shows a configuration option's name, type, and the default v
|[datadog-operation-name-override](#datadog-operation-name-override)|string|"nginx.handle"| |[datadog-operation-name-override](#datadog-operation-name-override)|string|"nginx.handle"|
|[datadog-priority-sampling](#datadog-priority-sampling)|bool|"true"| |[datadog-priority-sampling](#datadog-priority-sampling)|bool|"true"|
|[datadog-sample-rate](#datadog-sample-rate)|float|1.0| |[datadog-sample-rate](#datadog-sample-rate)|float|1.0|
|[enable-opentelemetry](#enable-opentelemetry)|bool|"false"|
|[opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)|bool|"true"|
|[opentelemetry-operation-name](#opentelemetry-operation-name)|string|""|
|[opentelemetry-config](#/etc/nginx/opentelemetry.toml)|string|"/etc/nginx/opentelemetry.toml"|
|[otlp-collector-host](#otlp-collector-host)|string|""|
|[otlp-collector-port](#otlp-collector-port)|int|4317|
|[otel-max-queuesize](#otel-max-queuesize)|int||
|[otel-schedule-delay-millis](#otel-schedule-delay-millis)|int||
|[otel-max-export-batch-size](#otel-max-export-batch-size)|int||
|[otel-service-name](#otel-service-name)|string|"nginx"|
|[otel-sampler](#otel-sampler)|string|"AlwaysOff"|
|[otel-sampler-parent-based](#otel-sampler-parent-based)|bool|"false"|
|[otel-sampler-ratio](#otel-sampler-ratio)|float|0.01|
|[main-snippet](#main-snippet)|string|""| |[main-snippet](#main-snippet)|string|""|
|[http-snippet](#http-snippet)|string|""| |[http-snippet](#http-snippet)|string|""|
|[server-snippet](#server-snippet)|string|""| |[server-snippet](#server-snippet)|string|""|
@ -693,7 +708,8 @@ _**default:**_ false
## enable-brotli ## enable-brotli
Enables or disables compression of HTTP responses using the ["brotli" module](https://github.com/google/ngx_brotli). Enables or disables compression of HTTP responses using the ["brotli" module](https://github.com/google/ngx_brotli).
The default mime type list to compress is: `application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component`. _**default:**_ is disabled The default mime type list to compress is: `application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component`.
_**default:**_ false
> __Note:__ Brotli does not works in Safari < 11. For more information see [https://caniuse.com/#feat=brotli](https://caniuse.com/#feat=brotli) > __Note:__ Brotli does not works in Safari < 11. For more information see [https://caniuse.com/#feat=brotli](https://caniuse.com/#feat=brotli)
@ -714,6 +730,10 @@ _**default:**_ `application/xml+rss application/atom+xml application/javascript
Enables or disables [HTTP/2](https://nginx.org/en/docs/http/ngx_http_v2_module.html) support in secure connections. Enables or disables [HTTP/2](https://nginx.org/en/docs/http/ngx_http_v2_module.html) support in secure connections.
## gzip-disable
Disables [gzipping](http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_disable) of responses for requests with "User-Agent" header fields matching any of the specified regular expressions.
## gzip-level ## gzip-level
Sets the gzip Compression Level that will be used. _**default:**_ 1 Sets the gzip Compression Level that will be used. _**default:**_ 1
@ -1002,6 +1022,46 @@ If true disables client-side sampling (thus ignoring `sample_rate`) and enables
Specifies sample rate for any traces created. Specifies sample rate for any traces created.
This is effective only when `datadog-priority-sampling` is `false` _**default:**_ 1.0 This is effective only when `datadog-priority-sampling` is `false` _**default:**_ 1.0
## enable-opentelemetry
Enables the nginx OpenTelemetry extension. _**default:**_ is disabled
_References:_
[https://github.com/open-telemetry/opentelemetry-cpp-contrib](https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/nginx)
## opentelemetry-operation-name
Specifies a custom name for the server span. _**default:**_ is empty
For example, set to "HTTP $request_method $uri".
## otlp-collector-host
Specifies the host to use when uploading traces. It must be a valid URL.
## otlp-collector-port
Specifies the port to use when uploading traces. _**default:**_ 4317
## otel-service-name
Specifies the service name to use for any traces created. _**default:**_ nginx
## opentelemetry-trust-incoming-span: "true"
Enables or disables using spans from incoming requests as parent for created ones. _**default:**_ true
## otel-sampler-parent-based
Uses sampler implementation which by default will take a sample if parent Activity is sampled. _**default:**_ false
## otel-sampler-ratio
Specifies sample rate for any traces created. _**default:**_ 0.01
## otel-sampler
Specifies the sampler to be used when sampling traces. The available samplers are: AlwaysOff, AlwaysOn, TraceIdRatioBased, remote. _**default:**_ AlwaysOff
## main-snippet ## main-snippet
Adds custom configuration to the main section of the nginx configuration. Adds custom configuration to the main section of the nginx configuration.

Some files were not shown because too many files have changed in this diff Show more