diff --git a/Makefile b/Makefile index 0ce3e3cef..25855a224 100644 --- a/Makefile +++ b/Makefile @@ -153,11 +153,11 @@ lua-test: ## Run lua unit tests. .PHONY: e2e-test e2e-test: ## Run e2e tests (expects access to a working Kubernetes cluster). - @build/run-e2e-suite.sh + @test/e2e/run-e2e-suite.sh .PHONY: kind-e2e-test kind-e2e-test: ## Run e2e tests using kind. - @test/e2e/run.sh + @test/e2e/run-kind-e2e.sh .PHONY: kind-e2e-chart-tests kind-e2e-chart-tests: ## Run helm chart e2e tests diff --git a/TAG b/TAG index b7c0a9b1d..023604509 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.6.0 +v1.6.1 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 174a8870d..7f3ea1866 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -253,6 +253,7 @@ Kubernetes: `>=1.20.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| | commonLabels | object | `{}` | | +| controller.EnablePathTypeValidation | bool | `false` | This configuration defines if Ingress Controller should validate pathType. If false, special characters will be allowed on paths of any pathType. If true, special characters are only allowed on paths with pathType = ImplementationSpecific | | controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers | | controller.admissionWebhooks.annotations | object | `{}` | | | controller.admissionWebhooks.certManager.admissionCert.duration | string | `""` | | @@ -311,7 +312,6 @@ Kubernetes: `>=1.20.0-0` | controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on | | controller.customTemplate.configMapKey | string | `""` | | | controller.customTemplate.configMapName | string | `""` | | -| controller.disablePathTypeValidation | bool | `false` | This configuration defines if Ingress Controller should validate pathType. If this is true, special characters will be allowed on paths of any pathType. If false, special characters are only allowed on paths with pathType = ImplementationSpecific | | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' | diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml index ffd003ee8..a1fbdf549 100644 --- a/charts/ingress-nginx/templates/controller-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap.yaml @@ -14,7 +14,7 @@ metadata: namespace: {{ .Release.Namespace }} data: allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}" - disable-pathtype-validation: "{{ .Values.controller.disablePathTypeValidation }}" + enable-pathtype-validation: "{{ .Values.controller.EnablePathTypeValidation }}" {{- if .Values.controller.addHeaders }} add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 072493ccc..4c587ee88 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -88,9 +88,9 @@ controller: allowSnippetAnnotations: true # -- This configuration defines if Ingress Controller should validate pathType. - # If this is true, special characters will be allowed on paths of any pathType. If - # false, special characters are only allowed on paths with pathType = ImplementationSpecific - disablePathTypeValidation: false + # If false, special characters will be allowed on paths of any pathType. + # If true, special characters are only allowed on paths with pathType = ImplementationSpecific + EnablePathTypeValidation: false # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 5dab8881a..e2e0e680f 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -25,200 +25,200 @@ data: The following table shows a configuration option's name, type, and the default value: -|name|type|default| -|:---|:---|:------| -|[add-headers](#add-headers)|string|""| -|[allow-backend-server-header](#allow-backend-server-header)|bool|"false"| -|[allow-snippet-annotations](#allow-snippet-annotations)|bool|true| -|[annotation-value-word-blocklist](#annotation-value-word-blocklist)|string array|""| -|[hide-headers](#hide-headers)|string array|empty| -|[access-log-params](#access-log-params)|string|""| -|[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"| -|[http-access-log-path](#http-access-log-path)|string|""| -|[stream-access-log-path](#stream-access-log-path)|string|""| -|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"| -|[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"| -|[enable-modsecurity](#enable-modsecurity)|bool|"false"| -|[modsecurity-snippet](#modsecurity-snippet)|string|""| -|[enable-owasp-modsecurity-crs](#enable-owasp-modsecurity-crs)|bool|"false"| -|[client-header-buffer-size](#client-header-buffer-size)|string|"1k"| -|[client-header-timeout](#client-header-timeout)|int|60| -|[client-body-buffer-size](#client-body-buffer-size)|string|"8k"| -|[client-body-timeout](#client-body-timeout)|int|60| -|[disable-access-log](#disable-access-log)|bool|false| -|[disable-ipv6](#disable-ipv6)|bool|false| -|[disable-ipv6-dns](#disable-ipv6-dns)|bool|false| -|[enable-underscores-in-headers](#enable-underscores-in-headers)|bool|false| -|[enable-ocsp](#enable-ocsp)|bool|false| -|[ignore-invalid-headers](#ignore-invalid-headers)|bool|true| -|[retry-non-idempotent](#retry-non-idempotent)|bool|"false"| -|[error-log-level](#error-log-level)|string|"notice"| -|[http2-max-field-size](#http2-max-field-size)|string|"4k"| -|[http2-max-header-size](#http2-max-header-size)|string|"16k"| -|[http2-max-requests](#http2-max-requests)|int|1000| -|[http2-max-concurrent-streams](#http2-max-concurrent-streams)|int|128| -|[hsts](#hsts)|bool|"true"| -|[hsts-include-subdomains](#hsts-include-subdomains)|bool|"true"| -|[hsts-max-age](#hsts-max-age)|string|"15724800"| -|[hsts-preload](#hsts-preload)|bool|"false"| -|[keep-alive](#keep-alive)|int|75| -|[keep-alive-requests](#keep-alive-requests)|int|1000| -|[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"| -|[log-format-escape-none](#log-format-escape-none)|bool|"false"| -|[log-format-escape-json](#log-format-escape-json)|bool|"false"| -|[log-format-upstream](#log-format-upstream)|string|`$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`| -|[log-format-stream](#log-format-stream)|string|`[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time`| -|[enable-multi-accept](#enable-multi-accept)|bool|"true"| -|[max-worker-connections](#max-worker-connections)|int|16384| -|[max-worker-open-files](#max-worker-open-files)|int|0| -|[map-hash-bucket-size](#max-hash-bucket-size)|int|64| -|[nginx-status-ipv4-whitelist](#nginx-status-ipv4-whitelist)|[]string|"127.0.0.1"| -|[nginx-status-ipv6-whitelist](#nginx-status-ipv6-whitelist)|[]string|"::1"| -|[proxy-real-ip-cidr](#proxy-real-ip-cidr)|[]string|"0.0.0.0/0"| -|[proxy-set-headers](#proxy-set-headers)|string|""| -|[server-name-hash-max-size](#server-name-hash-max-size)|int|1024| -|[server-name-hash-bucket-size](#server-name-hash-bucket-size)|int|`` -|[proxy-headers-hash-max-size](#proxy-headers-hash-max-size)|int|512| -|[proxy-headers-hash-bucket-size](#proxy-headers-hash-bucket-size)|int|64| -|[plugins](#plugins)|[]string| | -|[reuse-port](#reuse-port)|bool|"true"| -|[server-tokens](#server-tokens)|bool|"false"| -|[ssl-ciphers](#ssl-ciphers)|string|"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"| -|[ssl-ecdh-curve](#ssl-ecdh-curve)|string|"auto"| -|[ssl-dh-param](#ssl-dh-param)|string|""| -|[ssl-protocols](#ssl-protocols)|string|"TLSv1.2 TLSv1.3"| -|[ssl-session-cache](#ssl-session-cache)|bool|"true"| -|[ssl-session-cache-size](#ssl-session-cache-size)|string|"10m"| -|[ssl-session-tickets](#ssl-session-tickets)|bool|"false"| -|[ssl-session-ticket-key](#ssl-session-ticket-key)|string|`` -|[ssl-session-timeout](#ssl-session-timeout)|string|"10m"| -|[ssl-buffer-size](#ssl-buffer-size)|string|"4k"| -|[use-proxy-protocol](#use-proxy-protocol)|bool|"false"| -|[proxy-protocol-header-timeout](#proxy-protocol-header-timeout)|string|"5s"| -|[use-gzip](#use-gzip)|bool|"false"| -|[use-geoip](#use-geoip)|bool|"true"| -|[use-geoip2](#use-geoip2)|bool|"false"| -|[enable-brotli](#enable-brotli)|bool|"false"| -|[brotli-level](#brotli-level)|int|4| -|[brotli-min-length](#brotli-min-length)|int|20| -|[brotli-types](#brotli-types)|string|"application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"| -|[use-http2](#use-http2)|bool|"true"| -|[gzip-disable](#gzip-disable)|string|""| -|[gzip-level](#gzip-level)|int|1| -|[gzip-min-length](#gzip-min-length)|int|256| -|[gzip-types](#gzip-types)|string|"application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"| -|[worker-processes](#worker-processes)|string|``| -|[worker-cpu-affinity](#worker-cpu-affinity)|string|""| -|[worker-shutdown-timeout](#worker-shutdown-timeout)|string|"240s"| -|[load-balance](#load-balance)|string|"round_robin"| -|[variables-hash-bucket-size](#variables-hash-bucket-size)|int|128| -|[variables-hash-max-size](#variables-hash-max-size)|int|2048| -|[upstream-keepalive-connections](#upstream-keepalive-connections)|int|320| -|[upstream-keepalive-time](#upstream-keepalive-time)|string|"1h"| -|[upstream-keepalive-timeout](#upstream-keepalive-timeout)|int|60| -|[upstream-keepalive-requests](#upstream-keepalive-requests)|int|10000| -|[limit-conn-zone-variable](#limit-conn-zone-variable)|string|"$binary_remote_addr"| -|[proxy-stream-timeout](#proxy-stream-timeout)|string|"600s"| -|[proxy-stream-next-upstream](#proxy-stream-next-upstream)|bool|"true"| -|[proxy-stream-next-upstream-timeout](#proxy-stream-next-upstream-timeout)|string|"600s"| -|[proxy-stream-next-upstream-tries](#proxy-stream-next-upstream-tries)|int|3| -|[proxy-stream-responses](#proxy-stream-responses)|int|1| -|[bind-address](#bind-address)|[]string|""| -|[use-forwarded-headers](#use-forwarded-headers)|bool|"false"| -|[enable-real-ip](#enable-real-ip)|bool|"false"| -|[forwarded-for-header](#forwarded-for-header)|string|"X-Forwarded-For"| -|[compute-full-forwarded-for](#compute-full-forwarded-for)|bool|"false"| -|[proxy-add-original-uri-header](#proxy-add-original-uri-header)|bool|"false"| -|[generate-request-id](#generate-request-id)|bool|"true"| -|[enable-opentracing](#enable-opentracing)|bool|"false"| -|[opentracing-operation-name](#opentracing-operation-name)|string|""| -|[opentracing-location-operation-name](#opentracing-location-operation-name)|string|""| -|[zipkin-collector-host](#zipkin-collector-host)|string|""| -|[zipkin-collector-port](#zipkin-collector-port)|int|9411| -|[zipkin-service-name](#zipkin-service-name)|string|"nginx"| -|[zipkin-sample-rate](#zipkin-sample-rate)|float|1.0| -|[jaeger-collector-host](#jaeger-collector-host)|string|""| -|[jaeger-collector-port](#jaeger-collector-port)|int|6831| -|[jaeger-endpoint](#jaeger-endpoint)|string|""| -|[jaeger-service-name](#jaeger-service-name)|string|"nginx"| -|[jaeger-propagation-format](#jaeger-propagation-format)|string|"jaeger"| -|[jaeger-sampler-type](#jaeger-sampler-type)|string|"const"| -|[jaeger-sampler-param](#jaeger-sampler-param)|string|"1"| -|[jaeger-sampler-host](#jaeger-sampler-host)|string|"http://127.0.0.1"| -|[jaeger-sampler-port](#jaeger-sampler-port)|int|5778| -|[jaeger-trace-context-header-name](#jaeger-trace-context-header-name)|string|uber-trace-id| -|[jaeger-debug-header](#jaeger-debug-header)|string|uber-debug-id| -|[jaeger-baggage-header](#jaeger-baggage-header)|string|jaeger-baggage| -|[jaeger-trace-baggage-header-prefix](#jaeger-trace-baggage-header-prefix)|string|uberctx-| -|[datadog-collector-host](#datadog-collector-host)|string|""| -|[datadog-collector-port](#datadog-collector-port)|int|8126| -|[datadog-service-name](#datadog-service-name)|string|"nginx"| -|[datadog-environment](#datadog-environment)|string|"prod"| -|[datadog-operation-name-override](#datadog-operation-name-override)|string|"nginx.handle"| -|[datadog-priority-sampling](#datadog-priority-sampling)|bool|"true"| -|[datadog-sample-rate](#datadog-sample-rate)|float|1.0| -|[main-snippet](#main-snippet)|string|""| -|[http-snippet](#http-snippet)|string|""| -|[server-snippet](#server-snippet)|string|""| -|[stream-snippet](#stream-snippet)|string|""| -|[location-snippet](#location-snippet)|string|""| -|[custom-http-errors](#custom-http-errors)|[]int|[]int{}| -|[disable-proxy-intercept-errors](#disable-proxy-intercept-errors)|bool|"false"| -|[proxy-body-size](#proxy-body-size)|string|"1m"| -|[proxy-connect-timeout](#proxy-connect-timeout)|int|5| -|[proxy-read-timeout](#proxy-read-timeout)|int|60| -|[proxy-send-timeout](#proxy-send-timeout)|int|60| -|[proxy-buffers-number](#proxy-buffers-number)|int|4| -|[proxy-buffer-size](#proxy-buffer-size)|string|"4k"| -|[proxy-cookie-path](#proxy-cookie-path)|string|"off"| -|[proxy-cookie-domain](#proxy-cookie-domain)|string|"off"| -|[proxy-next-upstream](#proxy-next-upstream)|string|"error timeout"| -|[proxy-next-upstream-timeout](#proxy-next-upstream-timeout)|int|0| -|[proxy-next-upstream-tries](#proxy-next-upstream-tries)|int|3| -|[proxy-redirect-from](#proxy-redirect-from)|string|"off"| -|[proxy-request-buffering](#proxy-request-buffering)|string|"on"| -|[ssl-redirect](#ssl-redirect)|bool|"true"| -|[force-ssl-redirect](#force-ssl-redirect)|bool|"false"| -|[denylist-source-range](#denylist-source-range)|[]string|[]string{}| -|[whitelist-source-range](#whitelist-source-range)|[]string|[]string{}| -|[skip-access-log-urls](#skip-access-log-urls)|[]string|[]string{}| -|[limit-rate](#limit-rate)|int|0| -|[limit-rate-after](#limit-rate-after)|int|0| -|[lua-shared-dicts](#lua-shared-dicts)|string|""| -|[http-redirect-code](#http-redirect-code)|int|308| -|[proxy-buffering](#proxy-buffering)|string|"off"| -|[limit-req-status-code](#limit-req-status-code)|int|503| -|[limit-conn-status-code](#limit-conn-status-code)|int|503| -|[enable-syslog](#enable-syslog)|bool|false| -|[syslog-host](#syslog-host)|string|""| -|[syslog-port](#syslog-port)|int|514| -|[no-tls-redirect-locations](#no-tls-redirect-locations)|string|"/.well-known/acme-challenge"| -|[global-auth-url](#global-auth-url)|string|""| -|[global-auth-method](#global-auth-method)|string|""| -|[global-auth-signin](#global-auth-signin)|string|""| -|[global-auth-signin-redirect-param](#global-auth-signin-redirect-param)|string|"rd"| -|[global-auth-response-headers](#global-auth-response-headers)|string|""| -|[global-auth-request-redirect](#global-auth-request-redirect)|string|""| -|[global-auth-snippet](#global-auth-snippet)|string|""| -|[global-auth-cache-key](#global-auth-cache-key)|string|""| -|[global-auth-cache-duration](#global-auth-cache-duration)|string|"200 202 401 5m"| -|[no-auth-locations](#no-auth-locations)|string|"/.well-known/acme-challenge"| -|[block-cidrs](#block-cidrs)|[]string|""| -|[block-user-agents](#block-user-agents)|[]string|""| -|[block-referers](#block-referers)|[]string|""| -|[proxy-ssl-location-only](#proxy-ssl-location-only)|bool|"false"| -|[default-type](#default-type)|string|"text/html"| -|[global-rate-limit-memcached-host](#global-rate-limit)|string|""| -|[global-rate-limit-memcached-port](#global-rate-limit)|int|11211| -|[global-rate-limit-memcached-connect-timeout](#global-rate-limit)|int|50| -|[global-rate-limit-memcached-max-idle-timeout](#global-rate-limit)|int|10000| -|[global-rate-limit-memcached-pool-size](#global-rate-limit)|int|50| -|[global-rate-limit-status-code](#global-rate-limit)|int|429| -|[service-upstream](#service-upstream)|bool|"false"| -|[ssl-reject-handshake](#ssl-reject-handshake)|bool|"false"| -|[debug-connections](#debug-connections)|[]string|"127.0.0.1,1.1.1.1/24"| -|[disable-pathtype-validation](#disable-pathtype-validation)|bool|"false"| -|[path-additional-allowed-chars](#path-additional-allowed-chars)|string|"^%$[](){}*+?"| +| name | type | default | +|:--------------------------------------------------------------------------------|:-------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [add-headers](#add-headers) | string | "" | +| [allow-backend-server-header](#allow-backend-server-header) | bool | "false" | +| [allow-snippet-annotations](#allow-snippet-annotations) | bool | true | +| [annotation-value-word-blocklist](#annotation-value-word-blocklist) | string array | "" | +| [hide-headers](#hide-headers) | string array | empty | +| [access-log-params](#access-log-params) | string | "" | +| [access-log-path](#access-log-path) | string | "/var/log/nginx/access.log" | +| [http-access-log-path](#http-access-log-path) | string | "" | +| [stream-access-log-path](#stream-access-log-path) | string | "" | +| [enable-access-log-for-default-backend](#enable-access-log-for-default-backend) | bool | "false" | +| [error-log-path](#error-log-path) | string | "/var/log/nginx/error.log" | +| [enable-modsecurity](#enable-modsecurity) | bool | "false" | +| [modsecurity-snippet](#modsecurity-snippet) | string | "" | +| [enable-owasp-modsecurity-crs](#enable-owasp-modsecurity-crs) | bool | "false" | +| [client-header-buffer-size](#client-header-buffer-size) | string | "1k" | +| [client-header-timeout](#client-header-timeout) | int | 60 | +| [client-body-buffer-size](#client-body-buffer-size) | string | "8k" | +| [client-body-timeout](#client-body-timeout) | int | 60 | +| [disable-access-log](#disable-access-log) | bool | false | +| [disable-ipv6](#disable-ipv6) | bool | false | +| [disable-ipv6-dns](#disable-ipv6-dns) | bool | false | +| [enable-underscores-in-headers](#enable-underscores-in-headers) | bool | false | +| [enable-ocsp](#enable-ocsp) | bool | false | +| [ignore-invalid-headers](#ignore-invalid-headers) | bool | true | +| [retry-non-idempotent](#retry-non-idempotent) | bool | "false" | +| [error-log-level](#error-log-level) | string | "notice" | +| [http2-max-field-size](#http2-max-field-size) | string | "4k" | +| [http2-max-header-size](#http2-max-header-size) | string | "16k" | +| [http2-max-requests](#http2-max-requests) | int | 1000 | +| [http2-max-concurrent-streams](#http2-max-concurrent-streams) | int | 128 | +| [hsts](#hsts) | bool | "true" | +| [hsts-include-subdomains](#hsts-include-subdomains) | bool | "true" | +| [hsts-max-age](#hsts-max-age) | string | "15724800" | +| [hsts-preload](#hsts-preload) | bool | "false" | +| [keep-alive](#keep-alive) | int | 75 | +| [keep-alive-requests](#keep-alive-requests) | int | 1000 | +| [large-client-header-buffers](#large-client-header-buffers) | string | "4 8k" | +| [log-format-escape-none](#log-format-escape-none) | bool | "false" | +| [log-format-escape-json](#log-format-escape-json) | bool | "false" | +| [log-format-upstream](#log-format-upstream) | string | `$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id` | +| [log-format-stream](#log-format-stream) | string | `[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time` | +| [enable-multi-accept](#enable-multi-accept) | bool | "true" | +| [max-worker-connections](#max-worker-connections) | int | 16384 | +| [max-worker-open-files](#max-worker-open-files) | int | 0 | +| [map-hash-bucket-size](#max-hash-bucket-size) | int | 64 | +| [nginx-status-ipv4-whitelist](#nginx-status-ipv4-whitelist) | []string | "127.0.0.1" | +| [nginx-status-ipv6-whitelist](#nginx-status-ipv6-whitelist) | []string | "::1" | +| [proxy-real-ip-cidr](#proxy-real-ip-cidr) | []string | "0.0.0.0/0" | +| [proxy-set-headers](#proxy-set-headers) | string | "" | +| [server-name-hash-max-size](#server-name-hash-max-size) | int | 1024 | +| [server-name-hash-bucket-size](#server-name-hash-bucket-size) | int | `` | +| [proxy-headers-hash-max-size](#proxy-headers-hash-max-size) | int | 512 | +| [proxy-headers-hash-bucket-size](#proxy-headers-hash-bucket-size) | int | 64 | +| [plugins](#plugins) | []string | | +| [reuse-port](#reuse-port) | bool | "true" | +| [server-tokens](#server-tokens) | bool | "false" | +| [ssl-ciphers](#ssl-ciphers) | string | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" | +| [ssl-ecdh-curve](#ssl-ecdh-curve) | string | "auto" | +| [ssl-dh-param](#ssl-dh-param) | string | "" | +| [ssl-protocols](#ssl-protocols) | string | "TLSv1.2 TLSv1.3" | +| [ssl-session-cache](#ssl-session-cache) | bool | "true" | +| [ssl-session-cache-size](#ssl-session-cache-size) | string | "10m" | +| [ssl-session-tickets](#ssl-session-tickets) | bool | "false" | +| [ssl-session-ticket-key](#ssl-session-ticket-key) | string | `` | +| [ssl-session-timeout](#ssl-session-timeout) | string | "10m" | +| [ssl-buffer-size](#ssl-buffer-size) | string | "4k" | +| [use-proxy-protocol](#use-proxy-protocol) | bool | "false" | +| [proxy-protocol-header-timeout](#proxy-protocol-header-timeout) | string | "5s" | +| [use-gzip](#use-gzip) | bool | "false" | +| [use-geoip](#use-geoip) | bool | "true" | +| [use-geoip2](#use-geoip2) | bool | "false" | +| [enable-brotli](#enable-brotli) | bool | "false" | +| [brotli-level](#brotli-level) | int | 4 | +| [brotli-min-length](#brotli-min-length) | int | 20 | +| [brotli-types](#brotli-types) | string | "application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" | +| [use-http2](#use-http2) | bool | "true" | +| [gzip-disable](#gzip-disable) | string | "" | +| [gzip-level](#gzip-level) | int | 1 | +| [gzip-min-length](#gzip-min-length) | int | 256 | +| [gzip-types](#gzip-types) | string | "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" | +| [worker-processes](#worker-processes) | string | `` | +| [worker-cpu-affinity](#worker-cpu-affinity) | string | "" | +| [worker-shutdown-timeout](#worker-shutdown-timeout) | string | "240s" | +| [load-balance](#load-balance) | string | "round_robin" | +| [variables-hash-bucket-size](#variables-hash-bucket-size) | int | 128 | +| [variables-hash-max-size](#variables-hash-max-size) | int | 2048 | +| [upstream-keepalive-connections](#upstream-keepalive-connections) | int | 320 | +| [upstream-keepalive-time](#upstream-keepalive-time) | string | "1h" | +| [upstream-keepalive-timeout](#upstream-keepalive-timeout) | int | 60 | +| [upstream-keepalive-requests](#upstream-keepalive-requests) | int | 10000 | +| [limit-conn-zone-variable](#limit-conn-zone-variable) | string | "$binary_remote_addr" | +| [proxy-stream-timeout](#proxy-stream-timeout) | string | "600s" | +| [proxy-stream-next-upstream](#proxy-stream-next-upstream) | bool | "true" | +| [proxy-stream-next-upstream-timeout](#proxy-stream-next-upstream-timeout) | string | "600s" | +| [proxy-stream-next-upstream-tries](#proxy-stream-next-upstream-tries) | int | 3 | +| [proxy-stream-responses](#proxy-stream-responses) | int | 1 | +| [bind-address](#bind-address) | []string | "" | +| [use-forwarded-headers](#use-forwarded-headers) | bool | "false" | +| [enable-real-ip](#enable-real-ip) | bool | "false" | +| [forwarded-for-header](#forwarded-for-header) | string | "X-Forwarded-For" | +| [compute-full-forwarded-for](#compute-full-forwarded-for) | bool | "false" | +| [proxy-add-original-uri-header](#proxy-add-original-uri-header) | bool | "false" | +| [generate-request-id](#generate-request-id) | bool | "true" | +| [enable-opentracing](#enable-opentracing) | bool | "false" | +| [opentracing-operation-name](#opentracing-operation-name) | string | "" | +| [opentracing-location-operation-name](#opentracing-location-operation-name) | string | "" | +| [zipkin-collector-host](#zipkin-collector-host) | string | "" | +| [zipkin-collector-port](#zipkin-collector-port) | int | 9411 | +| [zipkin-service-name](#zipkin-service-name) | string | "nginx" | +| [zipkin-sample-rate](#zipkin-sample-rate) | float | 1.0 | +| [jaeger-collector-host](#jaeger-collector-host) | string | "" | +| [jaeger-collector-port](#jaeger-collector-port) | int | 6831 | +| [jaeger-endpoint](#jaeger-endpoint) | string | "" | +| [jaeger-service-name](#jaeger-service-name) | string | "nginx" | +| [jaeger-propagation-format](#jaeger-propagation-format) | string | "jaeger" | +| [jaeger-sampler-type](#jaeger-sampler-type) | string | "const" | +| [jaeger-sampler-param](#jaeger-sampler-param) | string | "1" | +| [jaeger-sampler-host](#jaeger-sampler-host) | string | "http://127.0.0.1" | +| [jaeger-sampler-port](#jaeger-sampler-port) | int | 5778 | +| [jaeger-trace-context-header-name](#jaeger-trace-context-header-name) | string | uber-trace-id | +| [jaeger-debug-header](#jaeger-debug-header) | string | uber-debug-id | +| [jaeger-baggage-header](#jaeger-baggage-header) | string | jaeger-baggage | +| [jaeger-trace-baggage-header-prefix](#jaeger-trace-baggage-header-prefix) | string | uberctx- | +| [datadog-collector-host](#datadog-collector-host) | string | "" | +| [datadog-collector-port](#datadog-collector-port) | int | 8126 | +| [datadog-service-name](#datadog-service-name) | string | "nginx" | +| [datadog-environment](#datadog-environment) | string | "prod" | +| [datadog-operation-name-override](#datadog-operation-name-override) | string | "nginx.handle" | +| [datadog-priority-sampling](#datadog-priority-sampling) | bool | "true" | +| [datadog-sample-rate](#datadog-sample-rate) | float | 1.0 | +| [main-snippet](#main-snippet) | string | "" | +| [http-snippet](#http-snippet) | string | "" | +| [server-snippet](#server-snippet) | string | "" | +| [stream-snippet](#stream-snippet) | string | "" | +| [location-snippet](#location-snippet) | string | "" | +| [custom-http-errors](#custom-http-errors) | []int | []int{} | +| [disable-proxy-intercept-errors](#disable-proxy-intercept-errors) | bool |"false" | +| [proxy-body-size](#proxy-body-size) | string | "1m" | +| [proxy-connect-timeout](#proxy-connect-timeout) | int | 5 | +| [proxy-read-timeout](#proxy-read-timeout) | int | 60 | +| [proxy-send-timeout](#proxy-send-timeout) | int | 60 | +| [proxy-buffers-number](#proxy-buffers-number) | int | 4 | +| [proxy-buffer-size](#proxy-buffer-size) | string | "4k" | +| [proxy-cookie-path](#proxy-cookie-path) | string | "off" | +| [proxy-cookie-domain](#proxy-cookie-domain) | string | "off" | +| [proxy-next-upstream](#proxy-next-upstream) | string | "error timeout" | +| [proxy-next-upstream-timeout](#proxy-next-upstream-timeout) | int | 0 | +| [proxy-next-upstream-tries](#proxy-next-upstream-tries) | int | 3 | +| [proxy-redirect-from](#proxy-redirect-from) | string | "off" | +| [proxy-request-buffering](#proxy-request-buffering) | string | "on" | +| [ssl-redirect](#ssl-redirect) | bool | "true" | +| [force-ssl-redirect](#force-ssl-redirect) | bool | "false" | +| [denylist-source-range](#denylist-source-range) | []string | []string{} | +| [whitelist-source-range](#whitelist-source-range) | []string | []string{} | +| [skip-access-log-urls](#skip-access-log-urls) | []string | []string{} | +| [limit-rate](#limit-rate) | int | 0 | +| [limit-rate-after](#limit-rate-after) | int | 0 | +| [lua-shared-dicts](#lua-shared-dicts) | string | "" | +| [http-redirect-code](#http-redirect-code) | int | 308 | +| [proxy-buffering](#proxy-buffering) | string | "off" | +| [limit-req-status-code](#limit-req-status-code) | int | 503 | +| [limit-conn-status-code](#limit-conn-status-code) | int | 503 | +| [enable-syslog](#enable-syslog) | bool | false | +| [syslog-host](#syslog-host) | string | "" | +| [syslog-port](#syslog-port) | int | 514 | +| [no-tls-redirect-locations](#no-tls-redirect-locations) | string | "/.well-known/acme-challenge" | +| [global-auth-url](#global-auth-url) | string | "" | +| [global-auth-method](#global-auth-method) | string | "" | +| [global-auth-signin](#global-auth-signin) | string | "" | +| [global-auth-signin-redirect-param](#global-auth-signin-redirect-param) | string | "rd" | +| [global-auth-response-headers](#global-auth-response-headers) | string | "" | +| [global-auth-request-redirect](#global-auth-request-redirect) | string | "" | +| [global-auth-snippet](#global-auth-snippet) | string | "" | +| [global-auth-cache-key](#global-auth-cache-key) | string | "" | +| [global-auth-cache-duration](#global-auth-cache-duration) | string | "200 202 401 5m" | +| [no-auth-locations](#no-auth-locations) | string | "/.well-known/acme-challenge" | +| [block-cidrs](#block-cidrs) | []string | "" | +| [block-user-agents](#block-user-agents) | []string | "" | +| [block-referers](#block-referers) | []string | "" | +| [proxy-ssl-location-only](#proxy-ssl-location-only) | bool | "false" | +| [default-type](#default-type) | string | "text/html" | +| [global-rate-limit-memcached-host](#global-rate-limit) | string | "" | +| [global-rate-limit-memcached-port](#global-rate-limit) | int | 11211 | +| [global-rate-limit-memcached-connect-timeout](#global-rate-limit) | int | 50 | +| [global-rate-limit-memcached-max-idle-timeout](#global-rate-limit) | int | 10000 | +| [global-rate-limit-memcached-pool-size](#global-rate-limit) | int | 50 | +| [global-rate-limit-status-code](#global-rate-limit) | int | 429 | +| [service-upstream](#service-upstream) | bool | "false" | +| [ssl-reject-handshake](#ssl-reject-handshake) | bool | "false" | +| [debug-connections](#debug-connections) | []string | "127.0.0.1,1.1.1.1/24" | +| [enable-pathtype-validation](#enable-pathtype-validation) | bool | "false" | +| [path-additional-allowed-chars](#path-additional-allowed-chars) | string | "^%$[](){}*+?" | ## add-headers @@ -1336,7 +1336,7 @@ _**default:**_ "" _References:_ [http://nginx.org/en/docs/ngx_core_module.html#debug_connection](http://nginx.org/en/docs/ngx_core_module.html#debug_connection) -## disable-pathtype-validation +## enable-pathtype-validation Ingress Controller validates the pathType, and only allows special characters on "path" if pathType is ImplementationSpecific. @@ -1346,13 +1346,11 @@ will be 0-9, a-z, A-Z, "-", ".", "_", "~", "/". If the validation is disabled, the [#path-additional-allowed-chars](#path-additional-allowed-chars) will be allowed on any pathType. -This behavior can be disabled, so special characters are accepted regardless of pathType +This behavior is disabled by default, so special characters are accepted regardless of pathType _**default:**_ "false" ## path-additional-allowed-chars -When validating path on Ingress resources, defines the additional set of special characters that +When [enable-pathtype-validation](enable-pathtype-validation) is set to true [#path-additional-allowed-chars](#path-additional-allowed-chars) defines the additional set of special characters that will be allowed. -See also [#disable-pathtype-validation](#disable-pathtype-validation). - _**default:**_ "^%$[](){}*+?|" diff --git a/go.mod b/go.mod index 6f90615ff..10b9e2fda 100644 --- a/go.mod +++ b/go.mod @@ -26,21 +26,21 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.5.0 - google.golang.org/grpc v1.52.0 + google.golang.org/grpc v1.52.3 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.26.0 - k8s.io/apiextensions-apiserver v0.26.0 - k8s.io/apimachinery v0.26.0 - k8s.io/apiserver v0.26.0 + k8s.io/api v0.26.1 + k8s.io/apiextensions-apiserver v0.26.1 + k8s.io/apimachinery v0.26.1 + k8s.io/apiserver v0.26.1 k8s.io/cli-runtime v0.26.0 - k8s.io/client-go v0.26.0 - k8s.io/code-generator v0.26.0 - k8s.io/component-base v0.26.0 - k8s.io/klog/v2 v2.80.1 + k8s.io/client-go v0.26.1 + k8s.io/code-generator v0.26.1 + k8s.io/component-base v0.26.1 + k8s.io/klog/v2 v2.90.0 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 - sigs.k8s.io/controller-runtime v0.13.1 + sigs.k8s.io/controller-runtime v0.14.2 sigs.k8s.io/mdtoc v1.1.0 ) @@ -77,7 +77,6 @@ require ( github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect - github.com/magefile/mage v1.14.0 // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect @@ -88,6 +87,7 @@ require ( github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect + github.com/onsi/ginkgo v1.16.5 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect @@ -104,7 +104,7 @@ require ( golang.org/x/sys v0.4.0 // indirect golang.org/x/term v0.4.0 // indirect golang.org/x/text v0.6.0 // indirect - golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect + golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect @@ -115,7 +115,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect - k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect + k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect diff --git a/go.sum b/go.sum index 8a32d3e00..6e370c655 100644 --- a/go.sum +++ b/go.sum @@ -87,6 +87,8 @@ github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= @@ -116,6 +118,7 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -195,6 +198,7 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWet github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= @@ -231,8 +235,6 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo= -github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= @@ -276,10 +278,17 @@ github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833/go.mod h1:0CznHmX github.com/ncabatoff/process-exporter v0.7.10 h1:+Ere7+3se6QqP54gg7aBRagWcL8bq3u5zNi/GRSWeKQ= github.com/ncabatoff/process-exporter v0.7.10/go.mod h1:DHZRZjqxw9LCOpLlX0DjBuyn6d5plh41Jv6Tmttj7Ek= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q= github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= @@ -385,7 +394,7 @@ go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee33 go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= +go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -430,6 +439,7 @@ golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -452,6 +462,7 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -482,6 +493,7 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -493,10 +505,13 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -517,6 +532,7 @@ golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -542,8 +558,8 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220609170525-579cf78fd858 h1:Dpdu/EMxGMFgq0CeYMh4fazTD2vtlZRYE7wyynxJb9U= -golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -586,6 +602,7 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= @@ -662,8 +679,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= -google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ= +google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -689,6 +706,7 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/pool.v3 v3.1.1 h1:4Qcj91IsYTpIeRhe/eo6Fz+w6uKWPEghx8vHFTYMfhw= @@ -698,6 +716,7 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/mcuadros/go-syslog.v2 v2.3.0 h1:kcsiS+WsTKyIEPABJBJtoG0KkOS6yzvJ+/eZlhD79kk= gopkg.in/mcuadros/go-syslog.v2 v2.3.0/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -718,38 +737,38 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= -k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= -k8s.io/apiextensions-apiserver v0.26.0 h1:Gy93Xo1eg2ZIkNX/8vy5xviVSxwQulsnUdQ00nEdpDo= -k8s.io/apiextensions-apiserver v0.26.0/go.mod h1:7ez0LTiyW5nq3vADtK6C3kMESxadD51Bh6uz3JOlqWQ= -k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= -k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/apiserver v0.26.0 h1:q+LqIK5EZwdznGZb8bq0+a+vCqdeEEe4Ux3zsOjbc4o= -k8s.io/apiserver v0.26.0/go.mod h1:aWhlLD+mU+xRo+zhkvP/gFNbShI4wBDHS33o0+JGI84= +k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ= +k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= +k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI= +k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM= +k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= +k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= +k8s.io/apiserver v0.26.1 h1:6vmnAqCDO194SVCPU3MU8NcDgSqsUA62tBUSWrFXhsc= +k8s.io/apiserver v0.26.1/go.mod h1:wr75z634Cv+sifswE9HlAo5FQ7UoUauIICRlOE+5dCg= k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw= k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY= -k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= -k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= -k8s.io/code-generator v0.26.0 h1:ZDY+7Gic9p/lACgD1G72gQg2CvNGeAYZTPIncv+iALM= -k8s.io/code-generator v0.26.0/go.mod h1:OMoJ5Dqx1wgaQzKgc+ZWaZPfGjdRq/Y3WubFrZmeI3I= -k8s.io/component-base v0.26.0 h1:0IkChOCohtDHttmKuz+EP3j3+qKmV55rM9gIFTXA7Vs= -k8s.io/component-base v0.26.0/go.mod h1:lqHwlfV1/haa14F/Z5Zizk5QmzaVf23nQzCwVOQpfC8= +k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= +k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= +k8s.io/code-generator v0.26.1 h1:dusFDsnNSKlMFYhzIM0jAO1OlnTN5WYwQQ+Ai12IIlo= +k8s.io/code-generator v0.26.1/go.mod h1:OMoJ5Dqx1wgaQzKgc+ZWaZPfGjdRq/Y3WubFrZmeI3I= +k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4= +k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= -k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M= +k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= -k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs= -k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.13.1 h1:tUsRCSJVM1QQOOeViGeX3GMT3dQF1eePPw6sEE3xSlg= -sigs.k8s.io/controller-runtime v0.13.1/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI= +sigs.k8s.io/controller-runtime v0.14.2 h1:P6IwDhbsRWsBClt/8/h8Zy36bCuGuW5Op7MHpFrN/60= +sigs.k8s.io/controller-runtime v0.14.2/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index cfd224bdb..a9799c77d 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -787,14 +787,15 @@ type Configuration struct { // Default: "" DebugConnections []string `json:"debug-connections"` - // DisablePathTypeValidation allows the admin to disable the pathType validation. - // If PathTypeValidation is enabled, the Controller will only allow alphanumeric + // EnablePathTypeValidation allows the admin to enable the pathType validation. + // If EnablePathTypeValidation is enabled, the Controller will only allow alphanumeric // characters on path (0-9, a-z, A-Z, "-", ".", "_", "~", "/") - DisablePathTypeValidation bool `json:"disable-pathtype-validation"` + // to control what characters are allowed set them with PathAdditionalAllowedChars + EnablePathTypeValidation bool `json:"enable-pathtype-validation"` // PathAdditionalAllowedChars allows the admin to specify what are the additional // characters allowed in case of pathType=ImplementationSpecific. - // Case disable-pathtype-validation=true, this characters will be allowed on any path. + // Case enable-pathtype-validation=true, this characters will be only allowed on ImplementationSpecific. // Defaults to: "^%$[](){}*+?" PathAdditionalAllowedChars string `json:"path-additional-allowed-chars"` } @@ -832,7 +833,7 @@ func NewDefault() Configuration { ClientHeaderTimeout: 60, ClientBodyBufferSize: "8k", ClientBodyTimeout: 60, - DisablePathTypeValidation: false, + EnablePathTypeValidation: false, PathAdditionalAllowedChars: "^%$[](){}*+?|", EnableUnderscoresInHeaders: false, ErrorLogLevel: errorLevel, diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 5b063cd21..1b716e062 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -325,7 +325,7 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error { k8s.SetDefaultNGINXPathType(ing) - if err := utilingress.ValidateIngressPath(ing, cfg.DisablePathTypeValidation, cfg.PathAdditionalAllowedChars); err != nil { + if err := utilingress.ValidateIngressPath(ing, cfg.EnablePathTypeValidation, cfg.PathAdditionalAllowedChars); err != nil { return fmt.Errorf("ingress contains invalid characters: %s", err) } diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index d91760552..dab1e6e37 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -203,11 +203,11 @@ func TestCheckIngress(t *testing.T) { } t.Run("when validating pathType", func(t *testing.T) { - t.Run("When ingress contains invalid path and pathType validation is not disabled", func(t *testing.T) { + t.Run("When ingress contains invalid path and pathType validation is enabled", func(t *testing.T) { nginx.store = fakeIngressStore{ ingresses: []*ingress.Ingress{}, configuration: ngx_config.Configuration{ - DisablePathTypeValidation: false, + EnablePathTypeValidation: true, }, } nginx.command = testNginxTestCommand{ @@ -253,7 +253,7 @@ func TestCheckIngress(t *testing.T) { nginx.store = fakeIngressStore{ ingresses: []*ingress.Ingress{}, configuration: ngx_config.Configuration{ - DisablePathTypeValidation: true, + EnablePathTypeValidation: false, PathAdditionalAllowedChars: "^%$[](){}*+?|", }, } diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 1006858e8..e0f6cfb54 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -846,7 +846,7 @@ func (s *k8sStore) syncIngress(ing *networkingv1.Ingress) { copyIng := &networkingv1.Ingress{} ing.ObjectMeta.DeepCopyInto(©Ing.ObjectMeta) - if err := ingressutils.ValidateIngressPath(ing, s.backendConfig.DisablePathTypeValidation, s.backendConfig.PathAdditionalAllowedChars); err != nil { + if err := ingressutils.ValidateIngressPath(ing, s.backendConfig.EnablePathTypeValidation, s.backendConfig.PathAdditionalAllowedChars); err != nil { klog.Errorf("ingress %s contains invalid path and will be skipped: %s", key, err) return } diff --git a/pkg/tcpproxy/tcp.go b/pkg/tcpproxy/tcp.go index 4c34e1f7b..86850ad54 100644 --- a/pkg/tcpproxy/tcp.go +++ b/pkg/tcpproxy/tcp.go @@ -59,11 +59,12 @@ func (p *TCPProxy) Get(host string) *TCPServer { // and open a connection to the passthrough server. func (p *TCPProxy) Handle(conn net.Conn) { defer conn.Close() - data := make([]byte, 4096) + // See: https://www.ibm.com/docs/en/ztpf/1.1.0.15?topic=sessions-ssl-record-format + data := make([]byte, 16384) length, err := conn.Read(data) if err != nil { - klog.V(4).ErrorS(err, "Error reading the first 4k of the connection") + klog.V(4).ErrorS(err, "Error reading data from the connection") return } diff --git a/pkg/util/ingress/ingress.go b/pkg/util/ingress/ingress.go index e16518251..acadad432 100644 --- a/pkg/util/ingress/ingress.go +++ b/pkg/util/ingress/ingress.go @@ -246,44 +246,65 @@ func BuildRedirects(servers []*ingress.Server) []*redirect { return redirectServers } -func ValidateIngressPath(copyIng *networkingv1.Ingress, disablePathTypeValidation bool, additionalChars string) error { +func ValidateIngressPath(copyIng *networkingv1.Ingress, enablePathTypeValidation bool, pathAdditionalAllowedChars string) error { if copyIng == nil { return nil } - escapedAdditionalChars := regexp.QuoteMeta(additionalChars) - regexPath, err := regexp.Compile("^[" + alphaNumericChars + escapedAdditionalChars + "]*$") + escapedPathAdditionalAllowedChars := regexp.QuoteMeta(pathAdditionalAllowedChars) + regexPath, err := regexp.Compile("^[" + alphaNumericChars + escapedPathAdditionalAllowedChars + "]*$") if err != nil { - return fmt.Errorf("ingress has misconfigured validation regex on configmap: %s - %w", additionalChars, err) + return fmt.Errorf("ingress has misconfigured validation regex on configmap: %s - %w", pathAdditionalAllowedChars, err) } for _, rule := range copyIng.Spec.Rules { + if rule.HTTP == nil { continue } - if err := checkPath(rule.HTTP.Paths, disablePathTypeValidation, regexPath); err != nil { + + if err := checkPath(rule.HTTP.Paths, enablePathTypeValidation, regexPath); err != nil { return fmt.Errorf("error validating ingressPath: %w", err) } } return nil } -func checkPath(paths []networkingv1.HTTPIngressPath, disablePathTypeValidation bool, regexSpecificChars *regexp.Regexp) error { +func checkPath(paths []networkingv1.HTTPIngressPath, enablePathTypeValidation bool, regexSpecificChars *regexp.Regexp) error { + for _, path := range paths { if path.PathType == nil { path.PathType = &defaultPathType } - if disablePathTypeValidation || *path.PathType == networkingv1.PathTypeImplementationSpecific { + klog.V(9).InfoS("PathType Validation", "enablePathTypeValidation", enablePathTypeValidation, "regexSpecificChars", regexSpecificChars.String(), "Path", path.Path) + + switch pathType := *path.PathType; pathType { + case networkingv1.PathTypeImplementationSpecific: + //only match on regex chars per Ingress spec when path is implementation specific if !regexSpecificChars.MatchString(path.Path) { return fmt.Errorf("path %s of type %s contains invalid characters", path.Path, *path.PathType) } - continue - } - if !pathAlphaNumericRegex(path.Path) { - return fmt.Errorf("path %s of type %s contains invalid characters", path.Path, *path.PathType) + case networkingv1.PathTypeExact, networkingv1.PathTypePrefix: + //enforce path type validation + if enablePathTypeValidation { + //only allow alphanumeric chars, no regex chars + if !pathAlphaNumericRegex(path.Path) { + return fmt.Errorf("path %s of type %s contains invalid characters", path.Path, *path.PathType) + } + continue + } else { + //path validation is disabled, so we check what regex chars are allowed by user + if !regexSpecificChars.MatchString(path.Path) { + return fmt.Errorf("path %s of type %s contains invalid characters", path.Path, *path.PathType) + } + continue + } + + default: + return fmt.Errorf("unknown path type %v on path %v", *path.PathType, path.Path) } } return nil diff --git a/pkg/util/ingress/ingress_test.go b/pkg/util/ingress/ingress_test.go index a79da6b6f..3bd7f1230 100644 --- a/pkg/util/ingress/ingress_test.go +++ b/pkg/util/ingress/ingress_test.go @@ -212,11 +212,11 @@ const ( func TestValidateIngressPath(t *testing.T) { tests := []struct { - name string - copyIng *networkingv1.Ingress - disablePathTypeValidation bool - additionalChars string - wantErr bool + name string + copyIng *networkingv1.Ingress + EnablePathTypeValidation bool + additionalChars string + wantErr bool }{ { name: "should return nil when ingress = nil", @@ -251,49 +251,53 @@ func TestValidateIngressPath(t *testing.T) { { name: "should deny path with bad characters and pathType not implementationSpecific", wantErr: true, - additionalChars: defaultAdditionalChars, + additionalChars: "()", copyIng: generateDumbIngressforPathTest(&pathTypeExact, "/foo/bar/(.+)"), }, { - name: "should accept path with regex characters and pathType implementationSpecific", - wantErr: false, - additionalChars: defaultAdditionalChars, - copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"), + name: "should accept path with regex characters and pathType implementationSpecific", + wantErr: false, + additionalChars: defaultAdditionalChars, + EnablePathTypeValidation: false, + copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"), }, { - name: "should accept path with regex characters and pathType exact, but pathType validation disabled", - wantErr: false, - additionalChars: defaultAdditionalChars, - disablePathTypeValidation: true, - copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"), + name: "should accept path with regex characters and pathType exact, but pathType validation disabled", + wantErr: false, + additionalChars: defaultAdditionalChars, + EnablePathTypeValidation: false, + copyIng: generateDumbIngressforPathTest(&pathTypeExact, "/foo/bar/(.+)"), }, { - name: "should reject path when the allowed additional set does not match", - wantErr: true, - additionalChars: "().?", - disablePathTypeValidation: false, - copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"), + name: "should reject path when the allowed additional set does not match", + wantErr: true, + additionalChars: "().?", + EnablePathTypeValidation: false, + copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"), }, { - name: "should accept path when the allowed additional set does match", - wantErr: false, - additionalChars: "().?", - copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.?)"), + name: "should accept path when the allowed additional set does match", + wantErr: false, + additionalChars: "().?", + EnablePathTypeValidation: false, + copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.?)"), }, { - name: "should block if at least one path is bad", - wantErr: true, - copyIng: generateComplexIngress(generateDumbIngressforPathTest(&pathTypeExact, "/foo/bar/(.?)")), + name: "should block if at least one path is bad", + wantErr: true, + EnablePathTypeValidation: false, + copyIng: generateComplexIngress(generateDumbIngressforPathTest(&pathTypeExact, "/foo/bar/(.?)")), }, { - name: "should block if at least one path is bad", - wantErr: true, - copyIng: generateComplexIngress(generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.?)")), + name: "should block if at least one path is bad", + wantErr: true, + EnablePathTypeValidation: false, + copyIng: generateComplexIngress(generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.?)")), }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := ValidateIngressPath(tt.copyIng, tt.disablePathTypeValidation, tt.additionalChars); (err != nil) != tt.wantErr { + if err := ValidateIngressPath(tt.copyIng, tt.EnablePathTypeValidation, tt.additionalChars); (err != nil) != tt.wantErr { t.Errorf("ValidateIngressPath() error = %v, wantErr %v", err, tt.wantErr) } }) diff --git a/test/e2e/admission/admission.go b/test/e2e/admission/admission.go index 5c037a0c5..e0f55df4e 100644 --- a/test/e2e/admission/admission.go +++ b/test/e2e/admission/admission.go @@ -160,9 +160,22 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() { assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error") }) - ginkgo.It("should reject ingress with bad characters and pathType != ImplementationSpecific", func() { + ginkgo.It("ADMISSION should not validate characters on ingress when validation of pathType is disabled", func() { host := "admission-test" + f.UpdateNginxConfigMapData("enable-pathtype-validation", "false") + + firstIngress := framework.NewSingleIngress("first-ingress", "/xpto*", host, f.Namespace, framework.EchoService, 80, nil) + firstIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathPrefix + _, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{}) + assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with regex chars on path and pathType validation disabled should be accepted") + }) + + ginkgo.It("ADMISSION should reject ingress with bad characters and pathType != ImplementationSpecific", func() { + host := "admission-test" + + f.UpdateNginxConfigMapData("enable-pathtype-validation", "true") + firstIngress := framework.NewSingleIngress("first-ingress", "/xpto*", host, f.Namespace, framework.EchoService, 80, nil) firstIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathPrefix _, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{}) @@ -175,18 +188,7 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() { }) - ginkgo.It("should not validate characters on ingress when validation of pathType is disabled", func() { - host := "admission-test" - - f.UpdateNginxConfigMapData("disable-pathtype-validation", "true") - - firstIngress := framework.NewSingleIngress("first-ingress", "/xpto*", host, f.Namespace, framework.EchoService, 80, nil) - firstIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathPrefix - _, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with regex chars on path and pathType validation disabled should be accepted") - }) - - ginkgo.It("should return an error if there is a forbidden value in some annotation", func() { + ginkgo.It("ADMISSION should return an error if there is a forbidden value in some annotation", func() { host := "admission-test" annotations := map[string]string{ diff --git a/build/run-e2e-suite.sh b/test/e2e/run-e2e-suite.sh similarity index 97% rename from build/run-e2e-suite.sh rename to test/e2e/run-e2e-suite.sh index ae38b5fcc..7920c0523 100755 --- a/build/run-e2e-suite.sh +++ b/test/e2e/run-e2e-suite.sh @@ -14,10 +14,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -if ! [ -z "$DEBUG" ]; then +if [ -n "$DEBUG" ]; then set -x +else + trap cleanup EXIT fi +function cleanup { + kubectl delete pod e2e 2>/dev/null || true +} + set -o errexit set -o nounset set -o pipefail @@ -43,16 +49,11 @@ if [ "$missing" = true ]; then exit 1 fi -function cleanup { - kubectl delete pod e2e 2>/dev/null || true -} -trap cleanup EXIT - E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS:-} FOCUS=${FOCUS:-.*} BASEDIR=$(dirname "$0") -NGINX_BASE_IMAGE=$(cat $BASEDIR/../NGINX_BASE) +NGINX_BASE_IMAGE=$(cat $BASEDIR/../../NGINX_BASE) export E2E_CHECK_LEAKS export FOCUS diff --git a/test/e2e/run.sh b/test/e2e/run-kind-e2e.sh similarity index 62% rename from test/e2e/run.sh rename to test/e2e/run-kind-e2e.sh index 17dad6c39..bb61706b4 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run-kind-e2e.sh @@ -14,13 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -KIND_LOG_LEVEL="1" - -if ! [ -z $DEBUG ]; then - set -x - KIND_LOG_LEVEL="6" -fi - set -o errexit set -o nounset set -o pipefail @@ -31,45 +24,56 @@ cleanup() { fi kind delete cluster \ - --verbosity=${KIND_LOG_LEVEL} \ - --name ${KIND_CLUSTER_NAME} + --verbosity="${KIND_LOG_LEVEL}" \ + --name "${KIND_CLUSTER_NAME}" } -trap cleanup EXIT +DEBUG=${DEBUG:=false} +if [ "${DEBUG}" = "true" ]; then + set -x + KIND_LOG_LEVEL="6" +else + trap cleanup EXIT +fi + +KIND_LOG_LEVEL="1" +IS_CHROOT="${IS_CHROOT:-false}" export KIND_CLUSTER_NAME=${KIND_CLUSTER_NAME:-ingress-nginx-dev} +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +# Use 1.0.0-dev to make sure we use the latest configuration in the helm template +export TAG=1.0.0-dev +export ARCH=${ARCH:-amd64} +export REGISTRY=ingress-controller +NGINX_BASE_IMAGE=$(cat "$DIR"/../../NGINX_BASE) +export NGINX_BASE_IMAGE=$NGINX_BASE_IMAGE +export DOCKER_CLI_EXPERIMENTAL=enabled +export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/kind-config-$KIND_CLUSTER_NAME}" +SKIP_INGRESS_IMAGE_CREATION="${SKIP_INGRESS_IMAGE_CREATION:-false}" +SKIP_E2E_IMAGE_CREATION="${SKIP_E2E_IMAGE_CREATION:=false}" +SKIP_CLUSTER_CREATION="${SKIP_CLUSTER_CREATION:-false}" if ! command -v kind --version &> /dev/null; then echo "kind is not installed. Use the package manager or visit the official site https://kind.sigs.k8s.io/" exit 1 fi -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -# Use 1.0.0-dev to make sure we use the latest configuration in the helm template -export TAG=1.0.0-dev -export ARCH=${ARCH:-amd64} -export REGISTRY=ingress-controller - -NGINX_BASE_IMAGE=$(cat $DIR/../../NGINX_BASE) - echo "Running e2e with nginx base image ${NGINX_BASE_IMAGE}" -export NGINX_BASE_IMAGE=$NGINX_BASE_IMAGE - -export DOCKER_CLI_EXPERIMENTAL=enabled - -export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/kind-config-$KIND_CLUSTER_NAME}" - -if [ "${SKIP_CLUSTER_CREATION:-false}" = "false" ]; then +if [ "${SKIP_CLUSTER_CREATION}" = "false" ]; then echo "[dev-env] creating Kubernetes cluster with kind" export K8S_VERSION=${K8S_VERSION:-v1.25.2@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace} + # delete the cluster if it exists + if kind get clusters | grep "${KIND_CLUSTER_NAME}"; then + kind delete cluster --name "${KIND_CLUSTER_NAME}" + fi + kind create cluster \ - --verbosity=${KIND_LOG_LEVEL} \ - --name ${KIND_CLUSTER_NAME} \ - --config ${DIR}/kind.yaml \ + --verbosity="${KIND_LOG_LEVEL}" \ + --name "${KIND_CLUSTER_NAME}" \ + --config "${DIR}"/kind.yaml \ --retain \ --image "kindest/node:${K8S_VERSION}" @@ -77,16 +81,26 @@ if [ "${SKIP_CLUSTER_CREATION:-false}" = "false" ]; then kubectl get nodes -o wide fi -if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then +if [ "${SKIP_INGRESS_IMAGE_CREATION}" = "false" ]; then + echo "[dev-env] building image" + if [ "${IS_CHROOT}" = "true" ]; then + make -C "${DIR}"/../../ clean-image build image-chroot + docker tag ${REGISTRY}/controller-chroot:${TAG} ${REGISTRY}/controller:${TAG} + else + make -C "${DIR}"/../../ clean-image build image + fi + + echo "[dev-env] .. done building controller images" +fi + +if [ "${SKIP_E2E_IMAGE_CREATION}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 fi - echo "[dev-env] building image" - make -C ${DIR}/../../ clean-image build image image-chroot echo "[dev-env] .. done building controller images" echo "[dev-env] now building e2e-image.." - make -C ${DIR}/../e2e-image image + make -C "${DIR}"/../e2e-image image echo "[dev-env] ..done building e2e-image" fi @@ -95,13 +109,7 @@ KIND_WORKERS=$(kind get nodes --name="${KIND_CLUSTER_NAME}" | grep worker | awk echo "[dev-env] copying docker images to cluster..." -kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes=${KIND_WORKERS} nginx-ingress-controller:e2e - -if [ "${IS_CHROOT:-false}" = "true" ]; then - docker tag ${REGISTRY}/controller-chroot:${TAG} ${REGISTRY}/controller:${TAG} -fi - -kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes=${KIND_WORKERS} ${REGISTRY}/controller:${TAG} - +kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes="${KIND_WORKERS}" nginx-ingress-controller:e2e +kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes="${KIND_WORKERS}" "${REGISTRY}"/controller:"${TAG}" echo "[dev-env] running e2e tests..." -make -C ${DIR}/../../ e2e-test +make -C "${DIR}"/../../ e2e-test \ No newline at end of file