Merge remote-tracking branch 'upstream/main' into fix-rolling-update-strategy
This commit is contained in:
z1cheng
commit
d462ec1968
21 changed files with 61 additions and 46 deletions
2
.github/workflows/scorecards.yml
vendored
2
.github/workflows/scorecards.yml
vendored
|
|
@ -32,7 +32,7 @@ jobs:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|
||||||
- name: "Run analysis"
|
- name: "Run analysis"
|
||||||
uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
|
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
|
||||||
with:
|
with:
|
||||||
results_file: results.sarif
|
results_file: results.sarif
|
||||||
results_format: sarif
|
results_format: sarif
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
registry.k8s.io/ingress-nginx/nginx:v20230527@sha256:cf77c71aa6e4284925ca2233ddf871b5823eaa3ee000347ae25096b07fb52c57
|
registry.k8s.io/ingress-nginx/nginx:v20230623-427f3d2fb@sha256:7b479f66872c0b1cb0f1315e305b8a3e9c6da846c7dd3855db99bc8cfd6791e1
|
||||||
|
|
|
||||||
3
TAG
3
TAG
|
|
@ -1,2 +1 @@
|
||||||
v1.8.1
|
v1.8.0
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -408,6 +408,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
||||||
| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
|
| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
|
||||||
| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. |
|
| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. |
|
||||||
| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). |
|
| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). |
|
||||||
|
| controller.service.internal.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. |
|
||||||
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. |
|
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. |
|
||||||
| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service |
|
| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service |
|
||||||
| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service |
|
| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service |
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ spec:
|
||||||
loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
|
loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.controller.service.loadBalancerClass }}
|
{{- if .Values.controller.service.loadBalancerClass }}
|
||||||
loadBalancerClass: {{ toYaml .Values.controller.service.loadBalancerClass }}
|
loadBalancerClass: {{ .Values.controller.service.loadBalancerClass }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.controller.service.externalTrafficPolicy }}
|
{{- if .Values.controller.service.externalTrafficPolicy }}
|
||||||
externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
|
externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
|
||||||
|
|
|
||||||
|
|
@ -478,7 +478,9 @@ controller:
|
||||||
enabled: false
|
enabled: false
|
||||||
# -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service.
|
# -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service.
|
||||||
annotations: {}
|
annotations: {}
|
||||||
# loadBalancerIP: ""
|
|
||||||
|
# -- Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS.
|
||||||
|
loadBalancerIP: ""
|
||||||
|
|
||||||
# -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
|
# -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
|
||||||
loadBalancerSourceRanges: []
|
loadBalancerSourceRanges: []
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
---
|
---
|
||||||
|
|
@ -27,7 +27,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission
|
name: ingress-nginx-admission
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
---
|
---
|
||||||
|
|
@ -39,7 +39,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
rules:
|
rules:
|
||||||
|
|
@ -129,7 +129,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission
|
name: ingress-nginx-admission
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
rules:
|
rules:
|
||||||
|
|
@ -148,7 +148,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|
@ -230,7 +230,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission
|
name: ingress-nginx-admission
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|
@ -249,7 +249,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
roleRef:
|
roleRef:
|
||||||
|
|
@ -269,7 +269,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission
|
name: ingress-nginx-admission
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
roleRef:
|
roleRef:
|
||||||
|
|
@ -288,7 +288,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
|
@ -307,7 +307,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission
|
name: ingress-nginx-admission
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
|
@ -328,26 +328,27 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-controller
|
name: ingress-nginx-controller
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
annotations:
|
||||||
|
service.beta.kubernetes.io/oci-load-balancer-shape: flexible
|
||||||
|
service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
|
||||||
|
service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "10"
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/component: controller
|
app.kubernetes.io/component: controller
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-controller
|
name: ingress-nginx-controller
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
annotations:
|
|
||||||
service.beta.kubernetes.io/oci-load-balancer-shape: "flexible"
|
|
||||||
service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "10"
|
|
||||||
service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
|
|
||||||
spec:
|
spec:
|
||||||
|
externalTrafficPolicy: Local
|
||||||
ipFamilies:
|
ipFamilies:
|
||||||
- IPv4
|
- IPv4
|
||||||
ipFamilyPolicy: SingleStack
|
ipFamilyPolicy: SingleStack
|
||||||
|
|
@ -376,7 +377,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-controller-admission
|
name: ingress-nginx-controller-admission
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -399,7 +400,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-controller
|
name: ingress-nginx-controller
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -421,7 +422,7 @@ spec:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- args:
|
- args:
|
||||||
|
|
@ -445,7 +446,7 @@ spec:
|
||||||
fieldPath: metadata.namespace
|
fieldPath: metadata.namespace
|
||||||
- name: LD_PRELOAD
|
- name: LD_PRELOAD
|
||||||
value: /usr/local/lib/libmimalloc.so
|
value: /usr/local/lib/libmimalloc.so
|
||||||
image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
|
image: registry.k8s.io/ingress-nginx/controller:v1.8.0@sha256:744ae2afd433a395eeb13dc03d3313facba92e96ad71d9feaafc85925493fee3
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
lifecycle:
|
lifecycle:
|
||||||
preStop:
|
preStop:
|
||||||
|
|
@ -517,7 +518,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission-create
|
name: ingress-nginx-admission-create
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -528,7 +529,7 @@ spec:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission-create
|
name: ingress-nginx-admission-create
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
|
|
@ -542,7 +543,7 @@ spec:
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: metadata.namespace
|
fieldPath: metadata.namespace
|
||||||
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
|
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
name: create
|
name: create
|
||||||
securityContext:
|
securityContext:
|
||||||
|
|
@ -564,7 +565,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission-patch
|
name: ingress-nginx-admission-patch
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -575,7 +576,7 @@ spec:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission-patch
|
name: ingress-nginx-admission-patch
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
|
|
@ -591,7 +592,7 @@ spec:
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: metadata.namespace
|
fieldPath: metadata.namespace
|
||||||
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:01d181618f270f2a96c04006f33b2699ad3ccb02da48d0f89b22abce084b292f
|
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
name: patch
|
name: patch
|
||||||
securityContext:
|
securityContext:
|
||||||
|
|
@ -613,7 +614,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
controller: k8s.io/ingress-nginx
|
controller: k8s.io/ingress-nginx
|
||||||
|
|
@ -626,7 +627,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/version: 1.7.1
|
app.kubernetes.io/version: 1.8.0
|
||||||
name: ingress-nginx-admission
|
name: ingress-nginx-admission
|
||||||
webhooks:
|
webhooks:
|
||||||
- admissionReviewVersions:
|
- admissionReviewVersions:
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
# ```
|
# ```
|
||||||
# namespace: ingress-nginx
|
# namespace: ingress-nginx
|
||||||
# bases:
|
# bases:
|
||||||
# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud
|
# - github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/oracle
|
||||||
# ```
|
# ```
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
2
go.mod
2
go.mod
|
|
@ -26,7 +26,7 @@ require (
|
||||||
github.com/yudai/gojsondiff v1.0.0
|
github.com/yudai/gojsondiff v1.0.0
|
||||||
github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a
|
github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a
|
||||||
golang.org/x/crypto v0.10.0
|
golang.org/x/crypto v0.10.0
|
||||||
google.golang.org/grpc v1.56.0
|
google.golang.org/grpc v1.56.1
|
||||||
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7
|
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7
|
||||||
gopkg.in/go-playground/pool.v3 v3.1.1
|
gopkg.in/go-playground/pool.v3 v3.1.1
|
||||||
gopkg.in/mcuadros/go-syslog.v2 v2.3.0
|
gopkg.in/mcuadros/go-syslog.v2 v2.3.0
|
||||||
|
|
|
||||||
4
go.sum
4
go.sum
|
|
@ -661,8 +661,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
|
||||||
google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
|
google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
|
||||||
google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
|
google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
|
||||||
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
|
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
|
||||||
google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE=
|
google.golang.org/grpc v1.56.1 h1:z0dNfjIl0VpaZ9iSVjA6daGatAYwPGstTjt5vkRMFkQ=
|
||||||
google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
|
google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
|
||||||
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU=
|
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU=
|
||||||
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI=
|
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI=
|
||||||
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
|
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../common
|
||||||
8
hack/manifest-templates/provider/oracle/values.yaml
Normal file
8
hack/manifest-templates/provider/oracle/values.yaml
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
controller:
|
||||||
|
service:
|
||||||
|
type: LoadBalancer
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
annotations:
|
||||||
|
service.beta.kubernetes.io/oci-load-balancer-shape: "flexible"
|
||||||
|
service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "10"
|
||||||
|
service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
FROM golang:1.20.4-alpine3.18 as builder
|
FROM golang:1.20.5-alpine3.18 as builder
|
||||||
|
|
||||||
RUN apk update \
|
RUN apk update \
|
||||||
&& apk upgrade && apk add git
|
&& apk upgrade && apk add git
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
FROM golang:1.20.4-alpine3.18 as builder
|
FROM golang:1.20.5-alpine3.18 as builder
|
||||||
RUN mkdir /authsvc
|
RUN mkdir /authsvc
|
||||||
WORKDIR /authsvc
|
WORKDIR /authsvc
|
||||||
COPY . ./
|
COPY . ./
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
FROM golang:1.20.4-alpine3.18 as builder
|
FROM golang:1.20.5-alpine3.18 as builder
|
||||||
|
|
||||||
WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi
|
WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
FROM golang:1.20.4-alpine3.18 as build
|
FROM golang:1.20.5-alpine3.18 as build
|
||||||
|
|
||||||
WORKDIR /go/src/greeter-server
|
WORKDIR /go/src/greeter-server
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
FROM golang:1.20 AS builder
|
FROM golang:1.20.5 AS builder
|
||||||
|
|
||||||
ENV LC_ALL=C.UTF-8
|
ENV LC_ALL=C.UTF-8
|
||||||
ENV LANG=C.UTF-8
|
ENV LANG=C.UTF-8
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
FROM --platform=$BUILDPLATFORM golang:1.20.1 as builder
|
FROM --platform=$BUILDPLATFORM golang:1.20.5 as builder
|
||||||
ARG BUILDPLATFORM
|
ARG BUILDPLATFORM
|
||||||
ARG TARGETARCH
|
ARG TARGETARCH
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
[build]
|
[build]
|
||||||
publish = "site"
|
publish = "site"
|
||||||
command = "make build-docs"
|
command = "make build-docs"
|
||||||
|
ignore = "git diff --quiet $CACHED_COMMIT_REF $COMMIT_REF ./docs"
|
||||||
# available here https://github.com/netlify/build-image/blob/focal/included_software.md#languages
|
# available here https://github.com/netlify/build-image/blob/focal/included_software.md#languages
|
||||||
environment = { PYTHON_VERSION = "3.8" }
|
environment = { PYTHON_VERSION = "3.8" }
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1388,13 +1388,11 @@ stream {
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
{{/* By default use vhost as Host to upstream, but allow overrides */}}
|
{{/* By default use vhost as Host to upstream, but allow overrides */}}
|
||||||
{{ if not (eq $proxySetHeader "grpc_set_header") }}
|
|
||||||
{{ if not (empty $location.UpstreamVhost) }}
|
{{ if not (empty $location.UpstreamVhost) }}
|
||||||
{{ $proxySetHeader }} Host {{ $location.UpstreamVhost | quote }};
|
{{ $proxySetHeader }} Host {{ $location.UpstreamVhost | quote }};
|
||||||
{{ else }}
|
{{ else }}
|
||||||
{{ $proxySetHeader }} Host $best_http_host;
|
{{ $proxySetHeader }} Host $best_http_host;
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
# Pass the extracted client certificate to the backend
|
# Pass the extracted client certificate to the backend
|
||||||
{{ if not (empty $server.CertificateAuth.CAFileName) }}
|
{{ if not (empty $server.CertificateAuth.CAFileName) }}
|
||||||
|
|
|
||||||
|
|
@ -120,6 +120,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
|
||||||
|
|
||||||
metadata := res.GetMetadata()
|
metadata := res.GetMetadata()
|
||||||
assert.Equal(ginkgo.GinkgoT(), metadata["content-type"].Values[0], "application/grpc")
|
assert.Equal(ginkgo.GinkgoT(), metadata["content-type"].Values[0], "application/grpc")
|
||||||
|
assert.Equal(ginkgo.GinkgoT(), metadata[":authority"].Values[0], host)
|
||||||
})
|
})
|
||||||
|
|
||||||
ginkgo.It("authorization metadata should be overwritten by external auth response headers", func() {
|
ginkgo.It("authorization metadata should be overwritten by external auth response headers", func() {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue