DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'origin/main' into split-repo

Browse source
This commit is contained in:
patst 2023-04-17 19:24:56 +02:00
commit db200fcbd2
104 changed files with 3015 additions and 2363 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
.github/workflows/ci.yaml vendored
View file

@ -22,6 +22,7 @@ on:
required: false required: false
type: boolean type: boolean
permissions: permissions:
contents: read contents: read
@ -39,7 +40,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter id: filter
@ -65,7 +66,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Run Gosec Security Scanner - name: Run Gosec Security Scanner
uses: securego/gosec@a459eb0ba387d9bd083d5c2e2354dbeef2465038 # v2.15.0 uses: securego/gosec@a459eb0ba387d9bd083d5c2e2354dbeef2465038 # v2.15.0
@ -82,11 +83,11 @@ jobs:
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true')
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.20' go-version: '1.20'
check-latest: true check-latest: true
@ -101,11 +102,11 @@ jobs:
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true')
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.20' go-version: '1.20'
check-latest: true check-latest: true
@ -120,11 +121,11 @@ jobs:
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true')
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.20' go-version: '1.20'
check-latest: true check-latest: true
@ -141,11 +142,11 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Set up Go - name: Set up Go
id: go id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.20' go-version: '1.20'
check-latest: true check-latest: true
@ -204,14 +205,14 @@ jobs:
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.24.7, v1.25.3, v1.26.0]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Setup Go - name: Setup Go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.20' go-version: '1.20'
check-latest: true check-latest: true
@ -284,11 +285,11 @@ jobs:
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.24.7, v1.25.3, v1.26.0]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: cache - name: cache
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
@ -337,12 +338,12 @@ jobs:
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.24.7, v1.25.3, v1.26.0]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: cache - name: cache
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
@ -391,7 +392,7 @@ jobs:
PLATFORMS: linux/amd64,linux/arm64 PLATFORMS: linux/amd64,linux/arm64
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images id: filter-images
@ -460,11 +461,11 @@ jobs:
strategy: strategy:
matrix: matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] k8s: [v1.24.7, v1.25.3, v1.26.0]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images id: filter-images
@ -483,7 +484,7 @@ jobs:
- name: Set up Go - name: Set up Go
id: go id: go
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: '1.20' go-version: '1.20'
check-latest: true check-latest: true

2
.github/workflows/depreview.yaml vendored
View file

@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: 'Checkout Repository' - name: 'Checkout Repository'
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: 'Dependency Review' - name: 'Dependency Review'
uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4 uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4

4
.github/workflows/docs.yaml vendored
View file

@ -23,7 +23,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter id: filter
@ -47,7 +47,7 @@ jobs:
steps: steps:
- name: Checkout master - name: Checkout master
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Deploy - name: Deploy
uses: ./.github/actions/mkdocs uses: ./.github/actions/mkdocs

4
.github/workflows/helm.yaml vendored
View file

@ -23,7 +23,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Run Artifact Hub lint - name: Run Artifact Hub lint
run: | run: |
@ -61,7 +61,7 @@ jobs:
steps: steps:
- name: Checkout master - name: Checkout master
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
with: with:
# Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
fetch-depth: 0 fetch-depth: 0

2
.github/workflows/perftest.yaml vendored
View file

@ -19,7 +19,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Install K6 - name: Install K6
run: | run: |

6
.github/workflows/plugin.yaml vendored
View file

@ -17,12 +17,12 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Go - name: Set up Go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: 1.20 go-version: 1.20
check-latest: true check-latest: true
@ -36,6 +36,6 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update new version in krew-index - name: Update new version in krew-index
uses: rajatjindal/krew-release-bot@92da038bbf995803124a8e50ebd438b2f37bbbb0 # v0.0.43 uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46
with: with:
krew_template_file: cmd/plugin/krew.yaml krew_template_file: cmd/plugin/krew.yaml

2
.github/workflows/project.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
repository-projects: write repository-projects: write
issues: write issues: write
steps: steps:
- uses: actions/add-to-project@4756e6330fe1e0a736690d3cfd9f11c9399c2ed4 # v0.4.1 - uses: actions/add-to-project@31b3f3ccdc584546fc445612dec3f38ff5edb41c # v0.5.0
with: with:
project-url: https://github.com/orgs/kubernetes/projects/104 project-url: https://github.com/orgs/kubernetes/projects/104
github-token: ${{ secrets.PROJECT_WRITER }} github-token: ${{ secrets.PROJECT_WRITER }}

4
.github/workflows/scorecards.yml vendored
View file

@ -27,12 +27,12 @@ jobs:
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
with: with:
persist-credentials: false persist-credentials: false
- name: "Run analysis" - name: "Run analysis"
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif

2
.github/workflows/stale.yaml vendored
View file

@ -13,7 +13,7 @@ jobs:
pull-requests: write pull-requests: write
steps: steps:
- uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b # v7.0.0 - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
with: with:
stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack." stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack." stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."

4
.github/workflows/vulnerability-scans.yaml vendored
View file

@ -22,7 +22,7 @@ jobs:
versions: ${{ steps.version.outputs.TAGS }} versions: ${{ steps.version.outputs.TAGS }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
with: with:
fetch-depth: 0 fetch-depth: 0
@ -52,7 +52,7 @@ jobs:
versions: ${{ fromJSON(needs.version.outputs.versions) }} versions: ${{ fromJSON(needs.version.outputs.versions) }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- shell: bash - shell: bash
id: test id: test

2
NGINX_BASE
View file

@ -1 +1 @@
registry.k8s.io/ingress-nginx/nginx:66a760794f91809bcd897cbdb45435653d73fd92@sha256:86c1581e69dc92d107f8edd36724890ea682a3afda8c1fb1ba41aabc7bc0128d registry.k8s.io/ingress-nginx/nginx:91057c439cf07ffb62887b8a8bda66ce3cbe39ca@sha256:3b650123c755392f8c0eb9a356b12716327106e624ab5f5b43bc25ab130978fb

1
README.md
View file

@ -38,6 +38,7 @@ the versions listed. Ingress-Nginx versions may work on older versions but the p
| Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version |
|-----------------------|------------------------------|----------------|---------------| |-----------------------|------------------------------|----------------|---------------|
| v1.7.0 | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 |
| v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | | v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 |
| v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 |
| v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† |

2
TAG
View file

@ -1,2 +1,2 @@
v1.6.4 v1.7.0

78
changelog/Changelog-1.7.0.md Normal file
View file

@ -0,0 +1,78 @@
# Changelog
### 1.7.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc
### All Changes:
* kick off 1.7.0 build (#9775)
* Update exposing-tcp-udp-services.md (#9777)
* feat: OpenTelemetry module integration (#9062)
* drop k8s 1.23 support (#9772)
* Fix canary-weight-total annotation ignored in rule backends (#9729)
* fix: controller psp's volume config (#9740)
* Fix several Helm YAML issues with extraModules and extraInitContainers (#9709)
* docs(helm): fix value key in readme for enabling certManager (#9640)
* updated digest and sha for e2e-test-echo (#9760)
* updated digest and sha for e2e-test-fastcgi-helloserver (#9759)
* updated digest and sha for opentelemetry (#9758)
* updated digest and sha for e2e-test-cfssl (#9757)
* updated kube-webhook-certgen digest and tags (#9756)
* updated nginx-error digest and tags (#9755)
* added upgrade ginkgo documentation for contributors (#9753)
* changes Makefile of echo folder to trigger code-build (#9754)
* Chart: Drop `controller.headers`, rework DH param secret. (#9659)
* updated NGINX_BASE image with latest tag (#9747)
* Deployment/DaemonSet: Label pods using `ingress-nginx.labels`. (#9732)
* bumped ginkgo to v2.9.0 (#9722)
* HPA: autoscaling/v2beta1 deprecated, bump apiVersion to v2 for defaultBackend (#9731)
* update to golang 1.20 (#9690)
* Indent values.yaml using 2 instead of 4 spaces (#9656)
* fix some comments (#9688)
* migrate mitchellh/hashstructure to v2 (#9651)
* changed v1.6.3 to v1.6.4 on deploy docs (#9647)
* controller: Don't panic when ready condition in a endpointslice is missing (#9550)
* Rework Ginkgo usage (#9522)
* code clean for fsnotify (#9571)
* Optimize the document for readability (#9551)
* sets.String is deprecated: use generic Set instead. new ways: s1 := Set[string]{} s2 := New[string]() (#9589)
* Adjust the import package order and use http library variables (#9587)
* Optimize the judgment mode to remove redundant transformations (#9588)
* Fix rewrite example (#9633)
* remove tests and regex path checks (#9626)
* Fix incorrect annotation name in upstream hashing configuration (#9617)
* Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614)
### Dependencies updates:
* Bump aquasecurity/trivy-action from 0.8.0 to 0.9.2 (#9767)
* Bump k8s.io/component-base from 0.26.2 to 0.26.3 (#9764)
* Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#9766)
* Bump actions/add-to-project from 0.4.0 to 0.4.1 (#9765)
* Bump actions/dependency-review-action from 3.0.2 to 3.0.3 (#9727)
* Bump github.com/prometheus/common from 0.41.0 to 0.42.0 (#9724)
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#9723)
* Bump actions/download-artifact from 3.0.1 to 3.0.2 (#9721)
* Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#9718)
* Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#9717)
* Bump docker/setup-buildx-action from 2.2.1 to 2.5.0 (#9719)
* Bump helm/chart-releaser-action from 1.4.1 to 1.5.0 (#9720)
* Bump github.com/onsi/ginkgo/v2 from 2.6.1 to 2.9.0 (#9695)
* Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 (#9694)
* Bump golang.org/x/crypto in /magefiles (#9691)
* Bump k8s.io/component-base from 0.26.1 to 0.26.2 (#9696)
* Bump github.com/prometheus/common from 0.40.0 to 0.41.0 (#9698)
* Bump sigs.k8s.io/controller-runtime from 0.14.2 to 0.14.5 (#9697)
* Bump golang.org/x/net in /magefiles (#9692)
* Bump golang.org/x/sys in /images/custom-error-pages/rootfs (#9671)
* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#9675)
* Bump github.com/prometheus/common from 0.39.0 to 0.40.0 (#9653)
* Bump golang.org/x/net from 0.6.0 to 0.7.0 (#9646)
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#9645)
* Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#9610)
* Bump github.com/prometheus/client_golang (#9630)
* Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#9609)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.6.3...controller-controller-v1.7.0

22
charts/ingress-nginx/Chart.yaml
View file

@ -1,13 +1,21 @@
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- "add lint on chart before release (#9570)" - "Upgrade alpine 3.17.2"
- "ci: remove setup-helm step (#9404)" - "Upgrade golang 1.20"
- "feat(helm): Optionally use cert-manager instead admission patch (#9279)" - "Drop testing/support for Kubernetes 1.23"
- "run helm release on main only and when the chart/value changes only (#9290)" - "docs(helm): fix value key in readme for enabling certManager (#9640)"
- "Update Ingress-Nginx version controller-v1.6.4" - "Update Ingress-Nginx version controller-v1.7.0"
- "feat: OpenTelemetry module integration (#9062)"
- "canary-weight-total annotation ignored in rule backends (#9729)"
- "fix controller psp's volume config (#9740)"
- "Fix several Helm YAML issues with extraModules and extraInitContainers (#9709)"
- "Chart: Drop `controller.headers`, rework DH param secret. (#9659)"
- "Deployment/DaemonSet: Label pods using `ingress-nginx.labels`. (#9732)"
- "HPA: autoscaling/v2beta1 deprecated, bump apiVersion to v2 for defaultBackend (#9731)"
- "Fix incorrect annotation name in upstream hashing configuration (#9617)"
artifacthub.io/prerelease: "false" artifacthub.io/prerelease: "false"
apiVersion: v2 apiVersion: v2
appVersion: 1.6.4 appVersion: 1.7.0
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
load balancer load balancer
engine: gotpl engine: gotpl
@ -24,4 +32,4 @@ maintainers:
name: ingress-nginx name: ingress-nginx
sources: sources:
- https://github.com/kubernetes/ingress-nginx - https://github.com/kubernetes/ingress-nginx
version: 4.5.2 version: 4.6.0

36
charts/ingress-nginx/README.md
View file

@ -2,16 +2,15 @@
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
![Version: 4.5.2](https://img.shields.io/badge/Version-4.5.2-informational?style=flat-square) ![AppVersion: 1.6.4](https://img.shields.io/badge/AppVersion-1.6.4-informational?style=flat-square) ![Version: 4.6.0](https://img.shields.io/badge/Version-4.6.0-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square)
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites ## Requirements
- Chart version 3.x.x: Kubernetes v1.16+ Kubernetes: `>=1.20.0-0`
- Chart version 4.x.x and above: Kubernetes v1.19+
## Get Repo Info ## Get Repo Info
@ -52,10 +51,6 @@ helm upgrade [RELEASE_NAME] [CHART] --install
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading With Zero Downtime in Production
By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
### Migrating from stable/nginx-ingress ### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
@ -66,7 +61,6 @@ There are two main ways to migrate a release from `stable/nginx-ingress` to `ing
1. Redirect your DNS traffic from the old controller to the new controller 1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover 1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
@ -126,19 +120,6 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
``` ```
### AWS route53-mapper
To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label:
```yaml
controller:
service:
labels:
dns: "route53"
annotations:
domainName: "kubernetes-example.com"
```
### Additional Internal Load Balancer ### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
@ -244,10 +225,6 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
## Requirements
Kubernetes: `>=1.20.0-0`
## Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
@ -333,13 +310,13 @@ Kubernetes: `>=1.20.0-0`
| controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
| controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.allowPrivilegeEscalation | bool | `true` | |
| controller.image.chroot | bool | `false` | | | controller.image.chroot | bool | `false` | |
| controller.image.digest | string | `"sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f"` | | | controller.image.digest | string | `"sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7"` | |
| controller.image.digestChroot | string | `"sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81"` | | | controller.image.digestChroot | string | `"sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc"` | |
| controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.image | string | `"ingress-nginx/controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.registry | string | `"registry.k8s.io"` | |
| controller.image.runAsUser | int | `101` | | | controller.image.runAsUser | int | `101` | |
| controller.image.tag | string | `"v1.6.4"` | | | controller.image.tag | string | `"v1.7.0"` | |
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |
@ -525,4 +502,3 @@ Kubernetes: `>=1.20.0-0`
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | | tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |
| udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | | udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |

27
charts/ingress-nginx/README.md.gotmpl
View file

@ -7,10 +7,7 @@ To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.c
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites {{ template "chart.requirementsSection" . }}
- Chart version 3.x.x: Kubernetes v1.16+
- Chart version 4.x.x and above: Kubernetes v1.19+
## Get Repo Info ## Get Repo Info
@ -51,10 +48,6 @@ helm upgrade [RELEASE_NAME] [CHART] --install
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading With Zero Downtime in Production
By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
### Migrating from stable/nginx-ingress ### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
@ -65,7 +58,6 @@ There are two main ways to migrate a release from `stable/nginx-ingress` to `ing
1. Redirect your DNS traffic from the old controller to the new controller 1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover 1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
@ -125,19 +117,6 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
``` ```
### AWS route53-mapper
To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label:
```yaml
controller:
service:
labels:
dns: "route53"
annotations:
domainName: "kubernetes-example.com"
```
### Additional Internal Load Balancer ### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
@ -243,8 +222,4 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }} {{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

24
charts/ingress-nginx/changelog/Changelog-4.6.0.md Normal file
View file

@ -0,0 +1,24 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.5.3
* docs(helm): fix value key in readme for enabling certManager (#9640)
* Upgrade alpine 3.17.2
* Upgrade golang 1.20
* Drop testing/support for Kubernetes 1.23
* docs(helm): fix value key in readme for enabling certManager (#9640)
* Update Ingress-Nginx version controller-v1.7.0
* feat: OpenTelemetry module integration (#9062)
* canary-weight-total annotation ignored in rule backends (#9729)
* fix controller psp's volume config (#9740)
* Fix several Helm YAML issues with extraModules and extraInitContainers (#9709)
* Chart: Drop `controller.headers`, rework DH param secret. (#9659)
* Deployment/DaemonSet: Label pods using `ingress-nginx.labels`. (#9732)
* HPA: autoscaling/v2beta1 deprecated, bump apiVersion to v2 for defaultBackend (#9731)
* Fix incorrect annotation name in upstream hashing configuration (#9617)
* Update Ingress-Nginx version controller-v1.7.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.5.2...helm-chart-4.6.0

7
charts/ingress-nginx/values.yaml
View file

@ -23,9 +23,9 @@ controller:
## for backwards compatibility consider setting the full image url via the repository value below ## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository: ## repository:
tag: "v1.6.4" tag: "v1.7.0"
digest: sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f digest: sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
digestChroot: sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81 digestChroot: sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# www-data -> uid 101 # www-data -> uid 101
runAsUser: 101 runAsUser: 101
@ -544,7 +544,6 @@ controller:
## repository: ## repository:
tag: "v20230312-helm-chart-4.5.2-28-g66a760794" tag: "v20230312-helm-chart-4.5.2-28-g66a760794"
digest: sha256:40f766ac4a9832f36f217bb0e98d44c8d38faeccbfe861fbc1a76af7e9ab257f digest: sha256:40f766ac4a9832f36f217bb0e98d44c8d38faeccbfe861fbc1a76af7e9ab257f
containerSecurityContext: containerSecurityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
admissionWebhooks: admissionWebhooks:

2
cmd/dataplane/main.go
View file

@ -70,7 +70,7 @@ func main() {
mc := metric.NewDummyCollector() mc := metric.NewDummyCollector()
if conf.EnableMetrics { if conf.EnableMetrics {
// TODO: Ingress class is not a part of dataplane anymore // TODO: Ingress class is not a part of dataplane anymore
mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets) mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets, conf.ExcludeSocketMetrics)
if err != nil { if err != nil {
klog.Fatalf("Error creating prometheus collector: %v", err) klog.Fatalf("Error creating prometheus collector: %v", err)
} }

2
cmd/nginx/main.go
View file

@ -133,7 +133,7 @@ func main() {
mc := metric.NewDummyCollector() mc := metric.NewDummyCollector()
if conf.EnableMetrics { if conf.EnableMetrics {
mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets) mc, err = metric.NewCollector(conf.MetricsPerHost, conf.ReportStatusClasses, reg, conf.IngressClassConfiguration.Controller, *conf.MetricsBuckets, conf.ExcludeSocketMetrics)
if err != nil { if err != nil {
klog.Fatalf("Error creating prometheus collector: %v", err) klog.Fatalf("Error creating prometheus collector: %v", err)
} }

44
deploy/static/provider/aws/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -344,7 +344,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -377,7 +377,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -400,7 +400,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -417,6 +417,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.0
spec: spec:
containers: containers:
- args: - args:
@ -440,7 +442,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -512,7 +514,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -523,7 +525,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -559,7 +561,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -570,7 +572,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -608,7 +610,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -621,7 +623,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

44
deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -335,7 +335,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -353,7 +353,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -386,7 +386,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -409,7 +409,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -426,6 +426,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.0
spec: spec:
containers: containers:
- args: - args:
@ -449,7 +451,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -524,7 +526,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -535,7 +537,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -571,7 +573,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -582,7 +584,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -620,7 +622,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -633,7 +635,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

44
deploy/static/provider/baremetal/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -340,7 +340,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -372,7 +372,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -395,7 +395,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -412,6 +412,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.0
spec: spec:
containers: containers:
- args: - args:
@ -434,7 +436,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -506,7 +508,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -517,7 +519,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -553,7 +555,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -564,7 +566,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -602,7 +604,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -615,7 +617,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

44
deploy/static/provider/cloud/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -340,7 +340,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -373,7 +373,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -396,7 +396,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -413,6 +413,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.0
spec: spec:
containers: containers:
- args: - args:
@ -436,7 +438,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -508,7 +510,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -519,7 +521,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -555,7 +557,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -566,7 +568,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -604,7 +606,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -617,7 +619,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

44
deploy/static/provider/do/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -329,7 +329,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -343,7 +343,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -376,7 +376,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -399,7 +399,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -416,6 +416,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.0
spec: spec:
containers: containers:
- args: - args:
@ -439,7 +441,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -511,7 +513,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -522,7 +524,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -558,7 +560,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -569,7 +571,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -607,7 +609,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -620,7 +622,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

44
deploy/static/provider/exoscale/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -349,7 +349,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -382,7 +382,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -405,7 +405,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -422,6 +422,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.0
spec: spec:
containers: containers:
- args: - args:
@ -445,7 +447,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -517,7 +519,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -528,7 +530,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -564,7 +566,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -575,7 +577,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -613,7 +615,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -626,7 +628,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

44
deploy/static/provider/kind/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -340,7 +340,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -372,7 +372,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -395,7 +395,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -416,6 +416,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.0
spec: spec:
containers: containers:
- args: - args:
@ -440,7 +442,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -522,7 +524,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -533,7 +535,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -569,7 +571,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -580,7 +582,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -618,7 +620,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -631,7 +633,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

44
deploy/static/provider/scw/deploy.yaml
View file

@ -15,7 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -27,7 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -39,7 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -129,7 +129,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@ -148,7 +148,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@ -230,7 +230,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@ -249,7 +249,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -269,7 +269,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@ -288,7 +288,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -329,7 +329,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@ -343,7 +343,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -376,7 +376,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -399,7 +399,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -416,6 +416,8 @@ spec:
app.kubernetes.io/component: controller app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.0
spec: spec:
containers: containers:
- args: - args:
@ -439,7 +441,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -511,7 +513,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -522,7 +524,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-create name: ingress-nginx-admission-create
spec: spec:
containers: containers:
@ -558,7 +560,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@ -569,7 +571,7 @@ spec:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
spec: spec:
containers: containers:
@ -607,7 +609,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: nginx name: nginx
spec: spec:
controller: k8s.io/ingress-nginx controller: k8s.io/ingress-nginx
@ -620,7 +622,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.6.4 app.kubernetes.io/version: 1.7.0
name: ingress-nginx-admission name: ingress-nginx-admission
webhooks: webhooks:
- admissionReviewVersions: - admissionReviewVersions:

20
docs/deploy/index.md
View file

@ -62,7 +62,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n
**If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead:
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml
``` ```
!!! info !!! info
@ -225,7 +225,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control
##### Network Load Balancer (NLB) ##### Network Load Balancer (NLB)
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/aws/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/aws/deploy.yaml
``` ```
##### TLS termination in AWS Load Balancer (NLB) ##### TLS termination in AWS Load Balancer (NLB)
@ -233,10 +233,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer.
This section explains how to do that on AWS using an NLB. This section explains how to do that on AWS using an NLB.
1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template 1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template
```console ```console
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
``` ```
2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster:
@ -282,7 +282,7 @@ Then, the ingress controller can be installed like this:
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml
``` ```
!!! warning !!! warning
@ -299,7 +299,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to
#### Azure #### Azure
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml
``` ```
More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller).
@ -307,7 +307,7 @@ More information with regard to Azure annotations for ingress controller can be
#### Digital Ocean #### Digital Ocean
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/do/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/do/deploy.yaml
``` ```
- By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data.
@ -315,7 +315,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
#### Scaleway #### Scaleway
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/scw/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/scw/deploy.yaml
``` ```
#### Exoscale #### Exoscale
@ -330,7 +330,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale
#### Oracle Cloud Infrastructure #### Oracle Cloud Infrastructure
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/cloud/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml
``` ```
A A
@ -357,7 +357,7 @@ For quick testing, you can use a
This should work on almost every cluster, but it will typically use a port in the range 30000-32767. This should work on almost every cluster, but it will typically use a port in the range 30000-32767.
```console ```console
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.6.4/deploy/static/provider/baremetal/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/baremetal/deploy.yaml
``` ```
For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range),

277
docs/e2e-tests.md
View file

@ -7,34 +7,19 @@ Do not try to edit it manually.
### [[Serial] admission controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L35) ### [[Admission] admission controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L35)
- [reject ingress with global-rate-limit annotations when memcached is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L48) - [reject ingress with global-rate-limit annotations when memcached is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L43)
- [should not allow overlaps of host and paths without canary annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L75) - [should not allow overlaps of host and paths without canary annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L70)
- [should allow overlaps of host and paths with canary annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L92) - [should allow overlaps of host and paths with canary annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L87)
- [should block ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L113) - [should block ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L108)
- [should return an error if there is an error validating the ingress definition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L130) - [should return an error if there is an error validating the ingress definition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L125)
- [should return an error if there is an invalid value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L141) - [should return an error if there is an invalid value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L136)
- [should return an error if there is a forbidden value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L155) - [should return an error if there is a forbidden value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L150)
- [should not return an error if the Ingress V1 definition is valid with Ingress Class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L169) - [should not return an error if the Ingress V1 definition is valid with Ingress Class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L164)
- [should not return an error if the Ingress V1 definition is valid with IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L185) - [should not return an error if the Ingress V1 definition is valid with IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L180)
- [should return an error if the Ingress V1 definition contains invalid annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L201) - [should return an error if the Ingress V1 definition contains invalid annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L196)
- [should not return an error for an invalid Ingress when it has unknown class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L212) - [should not return an error for an invalid Ingress when it has unknown class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L207)
### [modsecurity owasp](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L28)
- [should enable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L35)
- [should enable modsecurity with transaction ID and OWASP rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L53)
- [should disable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L74)
- [should enable modsecurity with snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L91)
- [should enable modsecurity without using 'modsecurity on;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L110)
- [should disable modsecurity using 'modsecurity off;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L132)
- [should enable modsecurity with snippet and block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L153)
- [should enable modsecurity globally and with modsecurity-snippet block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L189)
- [should enable modsecurity when enable-owasp-modsecurity-crs is set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L225)
- [should enable modsecurity through the config map](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L264)
- [should enable modsecurity through the config map but ignore snippet as disabled by admin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L305)
- [should disable default modsecurity conf setting when modsecurity-snippet is specified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L347)
### [affinitymode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L31) ### [affinitymode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L31)
@ -71,33 +56,6 @@ Do not try to edit it manually.
- [should set backend protocol to '' and use fastcgi_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L94) - [should set backend protocol to '' and use fastcgi_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L94)
- [should set backend protocol to '' and use ajp_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L109) - [should set backend protocol to '' and use ajp_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L109)
### [canary-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L36)
- [should response with a 200 status from the mainline upstream when requests are made to the mainline ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L48)
- [should return 404 status for requests to the canary if no matching ingress is found](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L80)
- [should return the correct status codes when endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L107)
- [should route requests to the correct upstream if mainline ingress is created before the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L161)
- [should route requests to the correct upstream if mainline ingress is created after the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L206)
- [should route requests to the correct upstream if the mainline ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L250)
- [should route requests to the correct upstream if the canary ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L307)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L372)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L426)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L490)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L532)
- [should routes to mainline upstream when the given Regex causes error](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L566)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L604)
- [respects always and never values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L643)
- [should route requests only to mainline if canary weight is 0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L705)
- [should route requests only to canary if canary weight is 100](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L743)
- [should route requests only to canary if canary weight is equal to canary weight total](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L775)
- [should route requests split between mainline and canary if canary weight is 50](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L808)
- [should not use canary as a catch-all server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L836)
- [should not use canary with domain as a server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L864)
- [does not crash when canary ingress has multiple paths to the same non-matching backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L888)
- [always routes traffic to canary if first request was affinitized to canary (default behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L916)
- [always routes traffic to canary if first request was affinitized to canary (explicit sticky behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L973)
- [routes traffic to either mainline or canary backend (legacy behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L1031)
### [client-body-buffer-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L28) ### [client-body-buffer-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L28)
- [should set client_body_buffer_size to 1000](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L35) - [should set client_body_buffer_size to 1000](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L35)
@ -151,13 +109,6 @@ Do not try to edit it manually.
- [disable-http-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L53) - [disable-http-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L53)
- [disable-stream-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L71) - [disable-stream-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L71)
### [backend-protocol - FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L31)
- [should use fastcgi_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L38)
- [should add fastcgi_index in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L55)
- [should add fastcgi_param in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L72)
- [should return OK for service with backend protocol FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L105)
### [force-ssl-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L27) ### [force-ssl-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L27)
- [should redirect to https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L34) - [should redirect to https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L34)
@ -182,10 +133,6 @@ Do not try to edit it manually.
- [enable the http2-push-preload directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L34) - [enable the http2-push-preload directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L34)
### [influxdb-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L39)
- [should send the request metric to the influxdb server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L48)
### [whitelist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L27) ### [whitelist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L27)
- [should set valid ip whitelist range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L34) - [should set valid ip whitelist range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L34)
@ -209,6 +156,21 @@ Do not try to edit it manually.
- [should set mirror-target to https://test.env.com/$request_uri](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L51) - [should set mirror-target to https://test.env.com/$request_uri](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L51)
- [should disable mirror-request-body](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L67) - [should disable mirror-request-body](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L67)
### [modsecurity owasp](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L28)
- [should enable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L35)
- [should enable modsecurity with transaction ID and OWASP rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L53)
- [should disable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L74)
- [should enable modsecurity with snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L91)
- [should enable modsecurity without using 'modsecurity on;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L110)
- [should disable modsecurity using 'modsecurity off;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L132)
- [should enable modsecurity with snippet and block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L153)
- [should enable modsecurity globally and with modsecurity-snippet block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L189)
- [should enable modsecurity when enable-owasp-modsecurity-crs is set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L225)
- [should enable modsecurity through the config map](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L264)
- [should enable modsecurity through the config map but ignore snippet as disabled by admin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L305)
- [should disable default modsecurity conf setting when modsecurity-snippet is specified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L347)
### [preserve-trailing-slash](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L27) ### [preserve-trailing-slash](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L27)
- [should allow preservation of trailing slashes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L34) - [should allow preservation of trailing slashes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L34)
@ -285,6 +247,11 @@ Do not try to edit it manually.
- [should set the X-Forwarded-Prefix to the annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L35) - [should set the X-Forwarded-Prefix to the annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L35)
- [should not add X-Forwarded-Prefix if the annotation value is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L57) - [should not add X-Forwarded-Prefix if the annotation value is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L57)
### [denylist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipdenylist.go#L28)
- [only deny explicitly denied IPs, allow all others](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipdenylist.go#L35)
- [only allow explicitly allowed IPs, deny all others](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipdenylist.go#L86)
### [affinity session-cookie-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L35) ### [affinity session-cookie-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L35)
- [should set sticky cookie SERVERID](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L42) - [should set sticky cookie SERVERID](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L42)
@ -311,6 +278,13 @@ Do not try to edit it manually.
- [should fail to use longest match for documented warning](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L158) - [should fail to use longest match for documented warning](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L158)
- [should allow for custom rewrite parameters](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L190) - [should allow for custom rewrite parameters](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L190)
### [backend-protocol - FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L30)
- [should use fastcgi_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L37)
- [should add fastcgi_index in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L54)
- [should add fastcgi_param in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L71)
- [should return OK for service with backend protocol FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L102)
### [auth-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L39) ### [auth-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L39)
- [should return status code 200 when no authentication is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L46) - [should return status code 200 when no authentication is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L46)
@ -347,10 +321,33 @@ Do not try to edit it manually.
- [should return 503 (location was denied)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L879) - [should return 503 (location was denied)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L879)
- [should add error to the config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L887) - [should add error to the config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L887)
### [denylist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipdenylist.go#L28) ### [canary-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L36)
- [only deny explicitly denied IPs, allow all others](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipdenylist.go#L35) - [should response with a 200 status from the mainline upstream when requests are made to the mainline ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L48)
- [only allow explicitly allowed IPs, deny all others](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipdenylist.go#L86) - [should return 404 status for requests to the canary if no matching ingress is found](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L80)
- [should return the correct status codes when endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L107)
- [should route requests to the correct upstream if mainline ingress is created before the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L161)
- [should route requests to the correct upstream if mainline ingress is created after the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L206)
- [should route requests to the correct upstream if the mainline ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L250)
- [should route requests to the correct upstream if the canary ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L307)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L372)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L426)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L490)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L532)
- [should routes to mainline upstream when the given Regex causes error](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L566)
- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L604)
- [respects always and never values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L643)
- [should route requests only to mainline if canary weight is 0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L705)
- [should route requests only to canary if canary weight is 100](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L743)
- [should route requests only to canary if canary weight is equal to canary weight total](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L775)
- [should route requests split between mainline and canary if canary weight is 50](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L808)
- [should route requests split between mainline and canary if canary weight is 100 and weight total is 200](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L834)
- [should not use canary as a catch-all server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L863)
- [should not use canary with domain as a server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L891)
- [does not crash when canary ingress has multiple paths to the same non-matching backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L915)
- [always routes traffic to canary if first request was affinitized to canary (default behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L943)
- [always routes traffic to canary if first request was affinitized to canary (explicit sticky behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L1000)
- [routes traffic to either mainline or canary backend (legacy behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L1058)
### [Debug CLI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L29) ### [Debug CLI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L29)
@ -376,30 +373,21 @@ Do not try to edit it manually.
- [should apply the annotation to the default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L38) - [should apply the annotation to the default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L38)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) ### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) - [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) ### [[Endpointslices] long service name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L29)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) - [should return 200 when service name has max allowed number of characters 63](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L38)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) ### [[TopologyHints] topology aware routing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/topology.go#L35)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) - [should return 200 when service has topology hints](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/topology.go#L43)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L)
### [[Setting] ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L190)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L206)
- [ [MemoryLeak]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L207)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L) ### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L)
@ -445,14 +433,6 @@ Do not try to edit it manually.
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L) - [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) ### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) - [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L)
@ -465,13 +445,37 @@ Do not try to edit it manually.
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L) - [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L)
### [[Setting] ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L194)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) ### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) - [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) ### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) - [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L)
### [[Shutdown] Grace period shutdown](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L32) ### [[Shutdown] Grace period shutdown](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L32)
@ -546,6 +550,12 @@ Do not try to edit it manually.
- [handles endpoints only changes consistently (down scaling of replicas vs. empty service)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L125) - [handles endpoints only changes consistently (down scaling of replicas vs. empty service)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L125)
- [handles an annotation change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L171) - [handles an annotation change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L171)
### [nginx-configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L99)
- [start nginx with default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L102)
- [fails when using alias directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L115)
- [fails when using root directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L124)
### [[Security] request smuggling](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L32) ### [[Security] request smuggling](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L32)
- [should not return body content from error_page](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L39) - [should not return body content from error_page](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L39)
@ -570,14 +580,6 @@ Do not try to edit it manually.
- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) - [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38)
### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27)
- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30)
### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42)
- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49)
### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L27) ### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L27)
- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L32) - [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L32)
@ -597,10 +599,6 @@ Do not try to edit it manually.
- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) - [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39)
### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29)
- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36)
### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) ### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30)
- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) - [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40)
@ -730,26 +728,24 @@ Do not try to edit it manually.
- [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) - [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31)
### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27)
- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30)
### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27) ### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27)
- [should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L31) - [should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L31)
- [should be enabled when set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L39) - [should be enabled when set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L39)
- [should be disabled when set to false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L49) - [should be disabled when set to false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L49)
### [[Flag] watch namespace selector](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L30)
- [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L70)
### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33)
- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54)
- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68)
- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82)
### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) ### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28)
- [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) - [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31)
### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42)
- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49)
### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L48) ### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L48)
- [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L58) - [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L58)
@ -858,11 +854,33 @@ Do not try to edit it manually.
- [should set gzip_min_length to 100](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/gzip.go#L78) - [should set gzip_min_length to 100](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/gzip.go#L78)
- [should set gzip_types to application/javascript](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/gzip.go#L89) - [should set gzip_types to application/javascript](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/gzip.go#L89)
### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29)
- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36)
### [[Flag] watch namespace selector](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L30)
- [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L63)
### [With enable-ssl-passthrough enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_passthrough.go#L36) ### [With enable-ssl-passthrough enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_passthrough.go#L36)
- [should enable ssl-passthrough-proxy-port on a different port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_passthrough.go#L56) - [should enable ssl-passthrough-proxy-port on a different port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_passthrough.go#L56)
- [should pass unknown traffic to default backend and handle known traffic](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_passthrough.go#L79) - [should pass unknown traffic to default backend and handle known traffic](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_passthrough.go#L79)
### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33)
- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54)
- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68)
- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82)
### [Configure Opentelemetry](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentelemetry.go#L37)
- [should not exists opentelemetry directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentelemetry.go#L47)
- [should exists opentelemetry directive when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentelemetry.go#L60)
- [should include opentelemetry_trust_incoming_spans on directive when enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentelemetry.go#L74)
- [should not exists opentelemetry_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentelemetry.go#L89)
- [should exists opentelemetry_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentelemetry.go#L104)
### [[SSL] redirect to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L29) ### [[SSL] redirect to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L29)
- [should redirect from HTTP to HTTPS when secret is missing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L36) - [should redirect from HTTP to HTTPS when secret is missing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L36)
@ -876,25 +894,8 @@ Do not try to edit it manually.
- [should update status field after client-go reconnection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L43) - [should update status field after client-go reconnection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L43)
### [[TCP] tcp-services](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L37) ### [[TCP] tcp-services](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L38)
- [should expose a TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L40) - [should expose a TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L46)
- [should expose an ExternalName TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L98) - [should expose an ExternalName TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L80)
- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L169)
### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L)
- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L)
### [[Endpointslices] long service name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L29)
- [should return 200 when service name has max allowed number of characters 63](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L38)
### [[TopologyHints] topology aware routing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/topology.go#L36)
- [should return 200 when service has topology hints](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/topology.go#L50)
### [nginx-configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L99)
- [start nginx with default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L102)
- [fails when using alias directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L115)
- [fails when using root directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L124)

BIN
docs/images/otel-grafana-demo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 121 KiB

BIN
docs/images/otel-jaeger-demo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 118 KiB

BIN
docs/images/otel-zipkin-demo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 131 KiB

1
docs/kubectl-plugin.md
View file

@ -208,6 +208,7 @@ modsecurity
modules modules
nginx.conf nginx.conf
opentracing.json opentracing.json
opentelemetry.toml
owasp-modsecurity-crs owasp-modsecurity-crs
template template
``` ```

1
docs/user-guide/cli-arguments.md
View file

@ -25,6 +25,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment
| `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)| | `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)|
| `--enable-ssl-passthrough` | Enable SSL Passthrough. (default false) | | `--enable-ssl-passthrough` | Enable SSL Passthrough. (default false) |
| `--enable-topology-aware-routing` | Enable topology aware hints feature, needs service object annotation service.kubernetes.io/topology-aware-hints sets to auto. (default false) | | `--enable-topology-aware-routing` | Enable topology aware hints feature, needs service object annotation service.kubernetes.io/topology-aware-hints sets to auto. (default false) |
| `--exclude-socket-metrics` | Set of socket request metrics to exclude which won't be exported nor being calculated. The possible socket request metrics to exclude are documented in the monitoring guide e.g. 'nginx_ingress_controller_request_duration_seconds,nginx_ingress_controller_response_size'|
| `--health-check-path` | URL path of the health check endpoint. Configured inside the NGINX status server. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. (default "/healthz") | | `--health-check-path` | URL path of the health check endpoint. Configured inside the NGINX status server. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. (default "/healthz") |
| `--health-check-timeout` | Time limit, in seconds, for a probe to health-check-path to succeed. (default 10) | | `--health-check-timeout` | Time limit, in seconds, for a probe to health-check-path to succeed. (default 10) |
| `--healthz-port` | Port to use for the healthz endpoint. (default 10254) | | `--healthz-port` | Port to use for the healthz endpoint. (default 10254) |

6
docs/user-guide/exposing-tcp-udp-services.md
View file

@ -63,3 +63,9 @@ spec:
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
``` ```
Then, the configmap should be added into ingress controller's deployment args.
```
args:
- /nginx-ingress-controller
- --tcp-services-configmap=ingress-nginx/tcp-services
```

48
docs/user-guide/nginx-configuration/annotations.md
View file

@ -121,11 +121,8 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz
|[nginx.ingress.kubernetes.io/enable-access-log](#enable-access-log)|"true" or "false"| |[nginx.ingress.kubernetes.io/enable-access-log](#enable-access-log)|"true" or "false"|
|[nginx.ingress.kubernetes.io/enable-opentracing](#enable-opentracing)|"true" or "false"| |[nginx.ingress.kubernetes.io/enable-opentracing](#enable-opentracing)|"true" or "false"|
|[nginx.ingress.kubernetes.io/opentracing-trust-incoming-span](#opentracing-trust-incoming-span)|"true" or "false"| |[nginx.ingress.kubernetes.io/opentracing-trust-incoming-span](#opentracing-trust-incoming-span)|"true" or "false"|
|[nginx.ingress.kubernetes.io/enable-influxdb](#influxdb)|"true" or "false"| |[nginx.ingress.kubernetes.io/enable-opentelemetry](#enable-opentelemetry)|"true" or "false"|
|[nginx.ingress.kubernetes.io/influxdb-measurement](#influxdb)|string| |[nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-spans)|"true" or "false"|
|[nginx.ingress.kubernetes.io/influxdb-port](#influxdb)|string|
|[nginx.ingress.kubernetes.io/influxdb-host](#influxdb)|string|
|[nginx.ingress.kubernetes.io/influxdb-server-name](#influxdb)|string|
|[nginx.ingress.kubernetes.io/use-regex](#use-regex)|bool| |[nginx.ingress.kubernetes.io/use-regex](#use-regex)|bool|
|[nginx.ingress.kubernetes.io/enable-modsecurity](#modsecurity)|bool| |[nginx.ingress.kubernetes.io/enable-modsecurity](#modsecurity)|bool|
|[nginx.ingress.kubernetes.io/enable-owasp-core-rules](#modsecurity)|bool| |[nginx.ingress.kubernetes.io/enable-owasp-core-rules](#modsecurity)|bool|
@ -821,6 +818,24 @@ sometimes need to be overridden to enable it or disable it for a specific ingres
nginx.ingress.kubernetes.io/opentracing-trust-incoming-span: "true" nginx.ingress.kubernetes.io/opentracing-trust-incoming-span: "true"
``` ```
### Enable Opentelemetry
Opentelemetry can be enabled or disabled globally through the ConfigMap but this will sometimes need to be overridden
to enable it or disable it for a specific ingress (e.g. to turn off telemetry of external health check endpoints)
```yaml
nginx.ingress.kubernetes.io/enable-opentelemetry: "true"
```
### Opentelemetry Trust Incoming Span
The option to trust incoming trace spans can be enabled or disabled globally through the ConfigMap but this will
sometimes need to be overridden to enable it or disable it for a specific ingress (e.g. only enable on a private endpoint)
```yaml
nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-spans: "true"
```
### X-Forwarded-Prefix Header ### X-Forwarded-Prefix Header
To add the non-standard `X-Forwarded-Prefix` header to the upstream request with a string value, the following annotation can be used: To add the non-standard `X-Forwarded-Prefix` header to the upstream request with a string value, the following annotation can be used:
@ -876,29 +891,6 @@ nginx.ingress.kubernetes.io/modsecurity-snippet: |
Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
``` ```
### InfluxDB
Using `influxdb-*` annotations we can monitor requests passing through a Location by sending them to an InfluxDB backend exposing the UDP socket
using the [nginx-influxdb-module](https://github.com/influxdata/nginx-influxdb-module/).
```yaml
nginx.ingress.kubernetes.io/enable-influxdb: "true"
nginx.ingress.kubernetes.io/influxdb-measurement: "nginx-reqs"
nginx.ingress.kubernetes.io/influxdb-port: "8089"
nginx.ingress.kubernetes.io/influxdb-host: "127.0.0.1"
nginx.ingress.kubernetes.io/influxdb-server-name: "nginx-ingress"
```
For the `influxdb-host` parameter you have two options:
- Use an InfluxDB server configured with the [UDP protocol](https://docs.influxdata.com/influxdb/v1.5/supported_protocols/udp/) enabled.
- Deploy Telegraf as a sidecar proxy to the Ingress controller configured to listen UDP with the [socket listener input](https://github.com/influxdata/telegraf/tree/release-1.6/plugins/inputs/socket_listener) and to write using
anyone of the [outputs plugins](https://github.com/influxdata/telegraf/tree/release-1.7/plugins/outputs) like InfluxDB, Apache Kafka,
Prometheus, etc.. (recommended)
It's important to remember that there's no DNS resolver at this stage so you will have to configure
an ip address to `nginx.ingress.kubernetes.io/influxdb-host`. If you deploy Influx or Telegraf as sidecar (another container in the same pod) this becomes straightforward since you can directly use `127.0.0.1`.
### Backend Protocol ### Backend Protocol
Using `backend-protocol` annotations is possible to indicate how NGINX should communicate with the backend service. (Replaces `secure-backends` in older versions) Using `backend-protocol` annotations is possible to indicate how NGINX should communicate with the backend service. (Replaces `secure-backends` in older versions)

53
docs/user-guide/nginx-configuration/configmap.md Executable file → Normal file
View file

@ -157,6 +157,19 @@ The following table shows a configuration option's name, type, and the default v
|[datadog-operation-name-override](#datadog-operation-name-override)|string|"nginx.handle"| |[datadog-operation-name-override](#datadog-operation-name-override)|string|"nginx.handle"|
|[datadog-priority-sampling](#datadog-priority-sampling)|bool|"true"| |[datadog-priority-sampling](#datadog-priority-sampling)|bool|"true"|
|[datadog-sample-rate](#datadog-sample-rate)|float|1.0| |[datadog-sample-rate](#datadog-sample-rate)|float|1.0|
|[enable-opentelemetry](#enable-opentelemetry)|bool|"false"|
|[opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)|bool|"true"|
|[opentelemetry-operation-name](#opentelemetry-operation-name)|string|""|
|[opentelemetry-config](#/etc/nginx/opentelemetry.toml)|string|"/etc/nginx/opentelemetry.toml"|
|[otlp-collector-host](#otlp-collector-host)|string|""|
|[otlp-collector-port](#otlp-collector-port)|int|4317|
|[otel-max-queuesize](#otel-max-queuesize)|int||
|[otel-schedule-delay-millis](#otel-schedule-delay-millis)|int||
|[otel-max-export-batch-size](#otel-max-export-batch-size)|int||
|[otel-service-name](#otel-service-name)|string|"nginx"|
|[otel-sampler](#otel-sampler)|string|"AlwaysOff"|
|[otel-sampler-parent-based](#otel-sampler-parent-based)|bool|"false"|
|[otel-sampler-ratio](#otel-sampler-ratio)|float|0.01|
|[main-snippet](#main-snippet)|string|""| |[main-snippet](#main-snippet)|string|""|
|[http-snippet](#http-snippet)|string|""| |[http-snippet](#http-snippet)|string|""|
|[server-snippet](#server-snippet)|string|""| |[server-snippet](#server-snippet)|string|""|
@ -1009,6 +1022,46 @@ If true disables client-side sampling (thus ignoring `sample_rate`) and enables
Specifies sample rate for any traces created. Specifies sample rate for any traces created.
This is effective only when `datadog-priority-sampling` is `false` _**default:**_ 1.0 This is effective only when `datadog-priority-sampling` is `false` _**default:**_ 1.0
## enable-opentelemetry
Enables the nginx OpenTelemetry extension. _**default:**_ is disabled
_References:_
[https://github.com/open-telemetry/opentelemetry-cpp-contrib](https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/nginx)
## opentelemetry-operation-name
Specifies a custom name for the server span. _**default:**_ is empty
For example, set to "HTTP $request_method $uri".
## otlp-collector-host
Specifies the host to use when uploading traces. It must be a valid URL.
## otlp-collector-port
Specifies the port to use when uploading traces. _**default:**_ 4317
## otel-service-name
Specifies the service name to use for any traces created. _**default:**_ nginx
## opentelemetry-trust-incoming-span: "true"
Enables or disables using spans from incoming requests as parent for created ones. _**default:**_ true
## otel-sampler-parent-based
Uses sampler implementation which by default will take a sample if parent Activity is sampled. _**default:**_ false
## otel-sampler-ratio
Specifies sample rate for any traces created. _**default:**_ 0.01
## otel-sampler
Specifies the sampler to be used when sampling traces. The available samplers are: AlwaysOff, AlwaysOn, TraceIdRatioBased, remote. _**default:**_ AlwaysOff
## main-snippet ## main-snippet
Adds custom configuration to the main section of the nginx configuration. Adds custom configuration to the main section of the nginx configuration.

260
docs/user-guide/third-party-addons/opentelemetry.md Normal file
View file

@ -0,0 +1,260 @@
# OpenTelemetry
Enables requests served by NGINX for distributed telemetry via The OpenTelemetry Project.
Using the third party module [opentelemetry-cpp-contrib/nginx](https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/nginx) the NGINX ingress controller can configure NGINX to enable [OpenTelemetry](http://opentelemetry.io) instrumentation.
By default this feature is disabled.
## Usage
To enable the instrumentation we must enable OpenTelemetry in the configuration ConfigMap:
```yaml
data:
enable-opentelemetry: "true"
```
To enable or disable instrumentation for a single Ingress, use
the `enable-opentelemetry` annotation:
```yaml
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/enable-opentelemetry: "true"
```
We must also set the host to use when uploading traces:
```yaml
otlp-collector-host: "otel-coll-collector.otel.svc"
```
NOTE: While the option is called `otlp-collector-host`, you will need to point this to any backend that recieves otlp-grpc.
Next you will need to deploy a distributed telemetry system which uses OpenTelemetry.
[opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector), [Jaeger](https://www.jaegertracing.io/)
[Tempo](https://github.com/grafana/tempo), and [zipkin](https://zipkin.io/)
have been tested.
Other optional configuration options:
```yaml
# specifies the name to use for the server span
opentelemetry-operation-name
# sets whether or not to trust incoming telemetry spans
opentelemetry-trust-incoming-span
# specifies the port to use when uploading traces, Default: 4317
otlp-collector-port
# specifies the service name to use for any traces created, Default: nginx
otel-service-name
# The maximum queue size. After the size is reached data are dropped.
otel-max-queuesize
# The delay interval in milliseconds between two consecutive exports.
otel-schedule-delay-millis
# How long the export can run before it is cancelled.
otel-schedule-delay-millis
# The maximum batch size of every export. It must be smaller or equal to maxQueueSize.
otel-max-export-batch-size
# specifies sample rate for any traces created, Default: 0.01
otel-sampler-ratio
# specifies the sampler to be used when sampling traces.
# The available samplers are: AlwaysOn, AlwaysOff, TraceIdRatioBased, Default: AlwaysOff
otel-sampler
# Uses sampler implementation which by default will take a sample if parent Activity is sampled, Default: false
otel-sampler-parent-based
```
Note that you can also set whether to trust incoming spans (global default is true) per-location using annotations like the following:
```yaml
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span: "true"
```
## Examples
The following examples show how to deploy and test different distributed telemetry systems. These example can be performed using Docker Desktop.
In the [esigo/nginx-example](https://github.com/esigo/nginx-example)
GitHub repository is an example of a simple hello service:
```mermaid
graph TB
subgraph Browser
start["http://esigo.dev/hello/nginx"]
end
subgraph app
sa[service-a]
sb[service-b]
sa --> |name: nginx| sb
sb --> |hello nginx!| sa
end
subgraph otel
otc["Otel Collector"]
end
subgraph observability
tempo["Tempo"]
grafana["Grafana"]
backend["Jaeger"]
zipkin["Zipkin"]
end
subgraph ingress-nginx
ngx[nginx]
end
subgraph ngx[nginx]
ng[nginx]
om[OpenTelemetry module]
end
subgraph Node
app
otel
observability
ingress-nginx
om --> |otlp-gRPC| otc --> |jaeger| backend
otc --> |zipkin| zipkin
otc --> |otlp-gRPC| tempo --> grafana
sa --> |otlp-gRPC| otc
sb --> |otlp-gRPC| otc
start --> ng --> sa
end
```
To install the example and collectors run:
1. Enable Ingress addon with:
```yaml
opentelemetry:
enabled: true
image: registry.k8s.io/ingress-nginx/opentelemetry:v20230107-helm-chart-4.4.2-2-g96b3d2165@sha256:331b9bebd6acfcd2d3048abbdd86555f5be76b7e3d0b5af4300b04235c6056c9
containerSecurityContext:
allowPrivilegeEscalation: false
```
2. Enable OpenTelemetry and set the otlp-collector-host:
```yaml
$ echo '
apiVersion: v1
kind: ConfigMap
data:
enable-opentelemetry: "true"
opentelemetry-config: "/etc/nginx/opentelemetry.toml"
opentelemetry-operation-name: "HTTP $request_method $service_name $uri"
opentelemetry-trust-incoming-span: "true"
otlp-collector-host: "otel-coll-collector.otel.svc"
otlp-collector-port: "4317"
otel-max-queuesize: "2048"
otel-schedule-delay-millis: "5000"
otel-max-export-batch-size: "512"
otel-service-name: "nginx-proxy" # Opentelemetry resource name
otel-sampler: "AlwaysOn" # Also: AlwaysOff, TraceIdRatioBased
otel-sampler-ratio: "1.0"
otel-sampler-parent-based: "false"
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
' | kubectl replace -f -
```
4. Deploy otel-collector, grafana and Jaeger backend:
```bash
# add helm charts needed for grafana and OpenTelemetry collector
helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update
# deply cert-manager needed for OpenTelemetry collector operator
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml
# create observability namespace
kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/namespace.yaml
# install OpenTelemetry collector operator
helm upgrade --install otel-collector-operator -n otel --create-namespace open-telemetry/opentelemetry-operator
# deploy OpenTelemetry collector
kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/collector.yaml
# deploy Jaeger all-in-one
kubectl apply -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.37.0/jaeger-operator.yaml -n observability
kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/jaeger.yaml -n observability
# deploy zipkin
kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/zipkin.yaml -n observability
# deploy tempo and grafana
helm upgrade --install tempo grafana/tempo --create-namespace -n observability
helm upgrade -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/grafana/grafana-values.yaml --install grafana grafana/grafana --create-namespace -n observability
```
3. Build and deploy demo app:
```bash
# build images
make images
# deploy demo app:
make deploy-app
```
5. Make a few requests to the Service:
```bash
kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8090:80
curl http://esigo.dev:8090/hello/nginx
StatusCode : 200
StatusDescription : OK
Content : {"v":"hello nginx!"}
RawContent : HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 21
Content-Type: text/plain; charset=utf-8
Date: Mon, 10 Oct 2022 17:43:33 GMT
{"v":"hello nginx!"}
Forms : {}
Headers : {[Connection, keep-alive], [Content-Length, 21], [Content-Type, text/plain; charset=utf-8], [Date,
Mon, 10 Oct 2022 17:43:33 GMT]}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 21
```
6. View the Grafana UI:
```bash
kubectl port-forward --namespace=observability service/grafana 3000:80
```
In the Grafana interface we can see the details:
![grafana screenshot](../../images/otel-grafana-demo.png "grafana screenshot")
7. View the Jaeger UI:
```bash
kubectl port-forward --namespace=observability service/jaeger-all-in-one-query 16686:16686
```
In the Jaeger interface we can see the details:
![Jaeger screenshot](../../images/otel-jaeger-demo.png "Jaeger screenshot")
8. View the Zipkin UI:
```bash
kubectl port-forward --namespace=observability service/zipkin 9411:9411
```
In the Zipkin interface we can see the details:
![zipkin screenshot](../../images/otel-zipkin-demo.png "zipkin screenshot")

22
go.mod
View file

@ -6,7 +6,7 @@ require (
github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a
github.com/eapache/channels v1.1.0 github.com/eapache/channels v1.1.0
github.com/fsnotify/fsnotify v1.6.0 github.com/fsnotify/fsnotify v1.6.0
github.com/imdario/mergo v0.3.13 github.com/imdario/mergo v0.3.15
github.com/json-iterator/go v1.1.12 github.com/json-iterator/go v1.1.12
github.com/kylelemons/godebug v1.1.0 github.com/kylelemons/godebug v1.1.0
github.com/mitchellh/go-ps v1.0.0 github.com/mitchellh/go-ps v1.0.0
@ -15,18 +15,18 @@ require (
github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/moul/pb v0.0.0-20220425114252-bca18df4138c
github.com/ncabatoff/process-exporter v0.7.10 github.com/ncabatoff/process-exporter v0.7.10
github.com/onsi/ginkgo/v2 v2.9.0 github.com/onsi/ginkgo/v2 v2.9.0
github.com/opencontainers/runc v1.1.4 github.com/opencontainers/runc v1.1.5
github.com/pmezard/go-difflib v1.0.0 github.com/pmezard/go-difflib v1.0.0
github.com/prometheus/client_golang v1.14.0 github.com/prometheus/client_golang v1.14.0
github.com/prometheus/client_model v0.3.0 github.com/prometheus/client_model v0.3.0
github.com/prometheus/common v0.42.0 github.com/prometheus/common v0.42.0
github.com/spf13/cobra v1.6.1 github.com/spf13/cobra v1.7.0
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.8.2 github.com/stretchr/testify v1.8.2
github.com/yudai/gojsondiff v1.0.0 github.com/yudai/gojsondiff v1.0.0
github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a
golang.org/x/crypto v0.7.0 golang.org/x/crypto v0.8.0
google.golang.org/grpc v1.53.0 google.golang.org/grpc v1.54.0
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7
gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/go-playground/pool.v3 v3.1.1
gopkg.in/mcuadros/go-syslog.v2 v2.3.0 gopkg.in/mcuadros/go-syslog.v2 v2.3.0
@ -40,7 +40,7 @@ require (
k8s.io/component-base v0.26.3 k8s.io/component-base v0.26.3
k8s.io/klog/v2 v2.90.1 k8s.io/klog/v2 v2.90.1
pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732
sigs.k8s.io/controller-runtime v0.14.5 sigs.k8s.io/controller-runtime v0.14.6
sigs.k8s.io/mdtoc v1.1.0 sigs.k8s.io/mdtoc v1.1.0
) )
@ -76,7 +76,7 @@ require (
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.3.0 // indirect github.com/google/uuid v1.3.0 // indirect
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/josharian/intern v1.0.0 // indirect github.com/josharian/intern v1.0.0 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/mailru/easyjson v0.7.6 // indirect github.com/mailru/easyjson v0.7.6 // indirect
@ -101,11 +101,11 @@ require (
github.com/yudai/pp v2.0.1+incompatible // indirect github.com/yudai/pp v2.0.1+incompatible // indirect
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
golang.org/x/mod v0.8.0 // indirect golang.org/x/mod v0.8.0 // indirect
golang.org/x/net v0.8.0 // indirect golang.org/x/net v0.9.0 // indirect
golang.org/x/oauth2 v0.5.0 // indirect golang.org/x/oauth2 v0.5.0 // indirect
golang.org/x/sys v0.6.0 // indirect golang.org/x/sys v0.7.0 // indirect
golang.org/x/term v0.6.0 // indirect golang.org/x/term v0.7.0 // indirect
golang.org/x/text v0.8.0 // indirect golang.org/x/text v0.9.0 // indirect
golang.org/x/time v0.3.0 // indirect golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.6.0 // indirect golang.org/x/tools v0.6.0 // indirect
google.golang.org/appengine v1.6.7 // indirect google.golang.org/appengine v1.6.7 // indirect

45
go.sum
View file

@ -204,10 +204,10 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
@ -294,8 +294,8 @@ github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxm
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754= github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754=
github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/GDEs=
github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
@ -349,8 +349,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
@ -407,8 +407,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -475,8 +475,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -546,19 +546,19 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -683,8 +683,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU=
google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@ -731,7 +731,6 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@ -771,8 +770,8 @@ pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/controller-runtime v0.14.5 h1:6xaWFqzT5KuAQ9ufgUaj1G/+C4Y1GRkhrxl+BJ9i+5s= sigs.k8s.io/controller-runtime v0.14.6 h1:oxstGVvXGNnMvY7TAESYk+lzr6S3V5VFxQ6d92KcwQA=
sigs.k8s.io/controller-runtime v0.14.5/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0= sigs.k8s.io/controller-runtime v0.14.6/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0=
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=

2
hack/verify-chart-lint.sh
View file

@ -20,5 +20,5 @@ set -o pipefail
KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )" KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )"
# TODO: This is a temporary workaround while we don't update Helm Chart test # TODO: This is a temporary workaround while we don't update Helm Chart test
curl https://raw.githubusercontent.com/helm/chart-testing/v3.7.0/etc/chart_schema.yaml -o /tmp/chart_schema.yaml curl https://raw.githubusercontent.com/helm/chart-testing/v3.8.0/etc/chart_schema.yaml -o /tmp/chart_schema.yaml
ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false --chart-yaml-schema=/tmp/chart_schema.yaml ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false --chart-yaml-schema=/tmp/chart_schema.yaml

6
images/cfssl/Makefile
View file

@ -18,9 +18,13 @@ SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local REGISTRY ?= local
IMAGE = $(REGISTRY)/e2e-test-cfssl IMAGE = $(REGISTRY)/e2e-test-cfssl
# required to enable buildx # required to enable buildx

2
images/cfssl/cloudbuild.yaml
View file

@ -6,7 +6,7 @@ steps:
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

5
images/cfssl/rootfs/Dockerfile
View file

@ -14,8 +14,11 @@
FROM alpine:3.17.2 FROM alpine:3.17.2
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
RUN apk add --no-cache \ RUN apk update \
&& apk upgrade && \
apk add --no-cache \
bash \ bash \
cfssl@testing cfssl@testing

4
images/custom-error-pages/Makefile
View file

@ -20,7 +20,9 @@ SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local REGISTRY ?= local
IMAGE = $(REGISTRY)/nginx-errors IMAGE = $(REGISTRY)/nginx-errors

2
images/custom-error-pages/cloudbuild.yaml
View file

@ -6,7 +6,7 @@ steps:
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

4
images/custom-error-pages/rootfs/Dockerfile
View file

@ -13,7 +13,9 @@
# limitations under the License. # limitations under the License.
FROM golang:1.20.1-alpine3.17 as builder FROM golang:1.20.1-alpine3.17 as builder
RUN apk add git
RUN apk update \
&& apk upgrade && apk add git
WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages

4
images/echo/Makefile
View file

@ -18,7 +18,9 @@ SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
TAG ?=v1.0.0 SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local REGISTRY ?= local
IMAGE = $(REGISTRY)/e2e-test-echo IMAGE = $(REGISTRY)/e2e-test-echo

2
images/echo/cloudbuild.yaml
View file

@ -6,7 +6,7 @@ steps:
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

2
images/echo/rootfs/Dockerfile
View file

@ -2,7 +2,7 @@ ARG BASE_IMAGE
FROM ${BASE_IMAGE} FROM ${BASE_IMAGE}
RUN apk add -U perl curl make unzip RUN apk update && apk upgrade && apk add -U --no-cache perl curl make unzip
ARG LUAROCKS_VERSION ARG LUAROCKS_VERSION
ARG LUAROCKS_SHA ARG LUAROCKS_SHA

4
images/ext-auth-example-authsvc/cloudbuild.yaml
View file

@ -2,13 +2,13 @@ timeout: 1200s
options: options:
substitution_option: ALLOW_LOOSE substitution_option: ALLOW_LOOSE
# job builds a multi-arch docker image for amd64,arm,arm64 and s390x. # job builds a multi-arch docker image for amd64,arm,arm64 and s390x.
machineType: N1_HIGHCPU_8 machineType: E2_HIGHCPU_8
steps: steps:
- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90 - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

4
images/fastcgi-helloserver/Makefile
View file

@ -20,7 +20,9 @@ SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local REGISTRY ?= local
IMAGE = $(REGISTRY)/e2e-test-fastcgi-helloserver IMAGE = $(REGISTRY)/e2e-test-fastcgi-helloserver

2
images/fastcgi-helloserver/cloudbuild.yaml
View file

@ -6,7 +6,7 @@ steps:
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

4
images/go-grpc-greeter-server/Makefile
View file

@ -18,7 +18,9 @@ SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local REGISTRY ?= local
IMAGE = $(REGISTRY)/go-grpc-greeter-server IMAGE = $(REGISTRY)/go-grpc-greeter-server

4
images/go-grpc-greeter-server/cloudbuild.yaml
View file

@ -2,13 +2,13 @@ timeout: 1200s
options: options:
substitution_option: ALLOW_LOOSE substitution_option: ALLOW_LOOSE
# job builds a multi-arch docker image for amd64,arm,arm64 and s390x. # job builds a multi-arch docker image for amd64,arm,arm64 and s390x.
machineType: N1_HIGHCPU_8 machineType: E2_HIGHCPU_8
steps: steps:
- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90 - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

4
images/httpbin/Makefile
View file

@ -18,7 +18,9 @@ SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local REGISTRY ?= local
IMAGE = $(REGISTRY)/e2e-test-httpbin IMAGE = $(REGISTRY)/e2e-test-httpbin

4
images/httpbin/cloudbuild.yaml
View file

@ -2,13 +2,13 @@ timeout: 1200s
options: options:
substitution_option: ALLOW_LOOSE substitution_option: ALLOW_LOOSE
# job builds a multi-arch docker image for amd64,arm,arm64 and s390x. # job builds a multi-arch docker image for amd64,arm,arm64 and s390x.
machineType: N1_HIGHCPU_8 machineType: E2_HIGHCPU_8
steps: steps:
- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90 - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

2
images/httpbin/rootfs/Dockerfile
View file

@ -17,7 +17,7 @@ FROM alpine:3.17.2
ENV LC_ALL=C.UTF-8 ENV LC_ALL=C.UTF-8
ENV LANG=C.UTF-8 ENV LANG=C.UTF-8
RUN apk update \ RUN apk upgrade && apk update \
&& apk add --no-cache \ && apk add --no-cache \
python3 python3-dev \ python3 python3-dev \
musl-dev gcc g++ make \ musl-dev gcc g++ make \

4
images/kube-webhook-certgen/Makefile
View file

@ -19,7 +19,9 @@ SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local REGISTRY ?= local
IMAGE = $(REGISTRY)/kube-webhook-certgen IMAGE = $(REGISTRY)/kube-webhook-certgen

2
images/kube-webhook-certgen/cloudbuild.yaml
View file

@ -21,7 +21,7 @@ steps:
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

4
images/nginx/Makefile
View file

@ -21,7 +21,9 @@ DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
# 0.0.0 shouldn't clobber any released builds # 0.0.0 shouldn't clobber any released builds
TAG ?= 0.0 SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= gcr.io/k8s-staging-ingress-nginx REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
IMAGE = $(REGISTRY)/nginx IMAGE = $(REGISTRY)/nginx

4
images/nginx/cloudbuild.yaml
View file

@ -2,14 +2,14 @@ timeout: 10800s
options: options:
substitution_option: ALLOW_LOOSE substitution_option: ALLOW_LOOSE
# job builds a multi-arch docker image for amd64,arm,arm64 and s390x. # job builds a multi-arch docker image for amd64,arm,arm64 and s390x.
machineType: N1_HIGHCPU_32 machineType: E2_HIGHCPU_32
steps: steps:
- name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90' - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90'
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- TAG=$_PULL_BASE_SHA
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
- HOME=/root - HOME=/root
args: args:

2
images/nginx/rootfs/Dockerfile
View file

@ -17,7 +17,7 @@ COPY . /
RUN apk update \ RUN apk update \
&& apk upgrade \ && apk upgrade \
&& apk add -U bash \ && apk add -U bash --no-cache \
&& /build.sh && /build.sh
# Use a multi-stage build # Use a multi-stage build

6
images/nginx/rootfs/build.sh
View file

@ -77,8 +77,6 @@ export LUA_UPSTREAM_VERSION=8aa93ead98ba2060d4efd594ae33a35d153589bf
# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.10...openresty:master # Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.10...openresty:master
export LUA_CJSON_VERSION=2.1.0.10 export LUA_CJSON_VERSION=2.1.0.10
export NGINX_INFLUXDB_VERSION=5b09391cb7b9a889687c0aa67964c06a2d933e8b
# Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/3.3...master # Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/3.3...master
export GEOIP2_VERSION=a26c6beed77e81553686852dceb6c7fdacc5970d export GEOIP2_VERSION=a26c6beed77e81553686852dceb6c7fdacc5970d
@ -270,9 +268,6 @@ fi
get_src 586f92166018cc27080d34e17c59d68219b85af745edf3cc9fe41403fc9b4ac6 \ get_src 586f92166018cc27080d34e17c59d68219b85af745edf3cc9fe41403fc9b4ac6 \
"https://github.com/DataDog/dd-opentracing-cpp/archive/v$DATADOG_CPP_VERSION.tar.gz" "https://github.com/DataDog/dd-opentracing-cpp/archive/v$DATADOG_CPP_VERSION.tar.gz"
get_src 1af5a5632dc8b00ae103d51b7bf225de3a7f0df82f5c6a401996c080106e600e \
"https://github.com/influxdata/nginx-influxdb-module/archive/$NGINX_INFLUXDB_VERSION.tar.gz"
get_src 4c1933434572226942c65b2f2b26c8a536ab76aa771a3c7f6c2629faa764976b \ get_src 4c1933434572226942c65b2f2b26c8a536ab76aa771a3c7f6c2629faa764976b \
"https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz" "https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz"
@ -640,7 +635,6 @@ WITH_MODULES=" \
--add-module=$BUILD_PATH/lua-upstream-nginx-module-$LUA_UPSTREAM_VERSION \ --add-module=$BUILD_PATH/lua-upstream-nginx-module-$LUA_UPSTREAM_VERSION \
--add-module=$BUILD_PATH/nginx_ajp_module-${NGINX_AJP_VERSION} \ --add-module=$BUILD_PATH/nginx_ajp_module-${NGINX_AJP_VERSION} \
--add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest-$NGINX_DIGEST_AUTH \ --add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest-$NGINX_DIGEST_AUTH \
--add-dynamic-module=$BUILD_PATH/nginx-influxdb-module-$NGINX_INFLUXDB_VERSION \
--add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/opentracing \ --add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/opentracing \
--add-dynamic-module=$BUILD_PATH/ModSecurity-nginx-$MODSECURITY_VERSION \ --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx-$MODSECURITY_VERSION \
--add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module-${GEOIP2_VERSION} \ --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module-${GEOIP2_VERSION} \

4
images/opentelemetry/Makefile
View file

@ -21,7 +21,9 @@ DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
# 0.0.0 shouldn't clobber any released builds # 0.0.0 shouldn't clobber any released builds
TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= gcr.io/k8s-staging-ingress-nginx REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
IMAGE = $(REGISTRY)/opentelemetry IMAGE = $(REGISTRY)/opentelemetry

4
images/opentelemetry/cloudbuild.yaml
View file

@ -2,13 +2,13 @@ timeout: 10800s
options: options:
substitution_option: ALLOW_LOOSE substitution_option: ALLOW_LOOSE
# job builds a multi-arch docker image for amd64,arm,arm64 and s390x. # job builds a multi-arch docker image for amd64,arm,arm64 and s390x.
machineType: N1_HIGHCPU_32 machineType: E2_HIGHCPU_32
steps: steps:
- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90 - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx

49
images/test-runner/Makefile
View file

@ -18,7 +18,9 @@ SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD) SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local REGISTRY ?= local
IMAGE = $(REGISTRY)/e2e-test-runner IMAGE = $(REGISTRY)/e2e-test-runner
@ -30,27 +32,52 @@ export DOCKER_CLI_EXPERIMENTAL=enabled
# build with buildx # build with buildx
PLATFORMS?=linux/amd64,linux/arm64 PLATFORMS?=linux/amd64,linux/arm64
OUTPUT= OUTPUT?=
PROGRESS=plain PROGRESS=plain
build: ensure-buildx image:
docker buildx build \ echo "Building docker image ($(ARCH))..."
--platform=${PLATFORMS} $(OUTPUT) \ docker build \
--progress=$(PROGRESS) \ ${PLATFORM_FLAG} ${PLATFORM} \
--no-cache \
--pull \ --pull \
--build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \ --push \
--build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \
--build-arg GOLANG_VERSION=1.20.1 \ --build-arg GOLANG_VERSION=1.20.1 \
--build-arg ETCD_VERSION=3.4.3-0 \ --build-arg ETCD_VERSION=3.4.3-0 \
--build-arg K8S_RELEASE=v1.24.2 \ --build-arg K8S_RELEASE=v1.26.0 \
--build-arg RESTY_CLI_VERSION=0.27 \ --build-arg RESTY_CLI_VERSION=0.27 \
--build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \ --build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \
--build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_VERSION=3.8.0 \
--build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \
--build-arg CHART_TESTING_VERSION=3.7.0 \ --build-arg CHART_TESTING_VERSION=3.8.0 \
--build-arg YAML_LINT_VERSION=1.27.1 \ --build-arg YAML_LINT_VERSION=1.27.1 \
--build-arg YAMALE_VERSION=4.0.4 \ --build-arg YAMALE_VERSION=4.0.4 \
--build-arg HELM_VERSION=v3.9.0 \ --build-arg HELM_VERSION=3.11.2 \
-t $(IMAGE):$(TAG) rootfs --build-arg GINKGO_VERSION=2.9.0 \
--build-arg GOLINT_VERSION=latest \
-t ${IMAGE}:${TAG} rootfs
build: ensure-buildx
docker buildx build \
--platform=${PLATFORMS} ${OUTPUT} \
--progress=${PROGRESS} \
--pull \
--build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \
--build-arg GOLANG_VERSION=1.20.1 \
--build-arg ETCD_VERSION=3.4.3-0 \
--build-arg K8S_RELEASE=v1.26.0 \
--build-arg RESTY_CLI_VERSION=0.27 \
--build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \
--build-arg LUAROCKS_VERSION=3.8.0 \
--build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \
--build-arg CHART_TESTING_VERSION=3.8.0 \
--build-arg YAML_LINT_VERSION=1.27.1 \
--build-arg YAMALE_VERSION=4.0.4 \
--build-arg HELM_VERSION=3.11.2 \
--build-arg GINKGO_VERSION=2.9.0 \
--build-arg GOLINT_VERSION=latest \
-t ${IMAGE}:${TAG} rootfs
# push the cross built image # push the cross built image
push: OUTPUT=--push push: OUTPUT=--push

3
images/test-runner/cloudbuild.yaml
View file

@ -6,7 +6,7 @@ steps:
entrypoint: bash entrypoint: bash
env: env:
- DOCKER_CLI_EXPERIMENTAL=enabled - DOCKER_CLI_EXPERIMENTAL=enabled
- TAG=$_GIT_TAG - SHORT_SHA=$SHORT_SHA
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- REGISTRY=gcr.io/k8s-staging-ingress-nginx - REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx
@ -20,3 +20,4 @@ steps:
substitutions: substitutions:
_GIT_TAG: "12345" _GIT_TAG: "12345"
_PULL_BASE_REF: "master" _PULL_BASE_REF: "master"
_PULL_BASE_SHA: '12345'

74
images/test-runner/rootfs/Dockerfile
View file

@ -11,7 +11,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
ARG BASE_IMAGE ARG BASE_IMAGE
ARG GOLANG_VERSION ARG GOLANG_VERSION
ARG ETCD_VERSION ARG ETCD_VERSION
@ -21,6 +20,20 @@ FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd
FROM ${BASE_IMAGE} FROM ${BASE_IMAGE}
ARG RESTY_CLI_VERSION
ARG RESTY_CLI_SHA
ARG LUAROCKS_VERSION
ARG LUAROCKS_SHA
ARG TARGETARCH
ARG K8S_RELEASE
ARG CHART_TESTING_VERSION
ARG HELM_VERSION
ARG YAMALE_VERSION
ARG YAML_LINT_VERSION
ARG GINKGO_VERSION
ARG GOLINT_VERSION
RUN set -eux; \ RUN set -eux; \
if [ -e /etc/nsswitch.conf ]; then \ if [ -e /etc/nsswitch.conf ]; then \
grep '^hosts: files dns' /etc/nsswitch.conf; \ grep '^hosts: files dns' /etc/nsswitch.conf; \
@ -28,13 +41,16 @@ RUN set -eux; \
echo 'hosts: files dns' > /etc/nsswitch.conf; \ echo 'hosts: files dns' > /etc/nsswitch.conf; \
fi fi
COPY --from=GO /usr/local/go /usr/local/go COPY --from=GO /usr/local/go /usr/local/go
ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
COPY --from=etcd /usr/local/bin/etcd /usr/local/bin/etcd COPY --from=etcd /usr/local/bin/etcd /usr/local/bin/etcd
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
RUN apk add --no-cache \ RUN apk update && apk upgrade && apk add --no-cache \
bash \ bash \
ca-certificates \ ca-certificates \
wget \ wget \
@ -48,19 +64,15 @@ RUN apk add --no-cache \
py-pip \ py-pip \
unzip \ unzip \
openssl \ openssl \
cfssl@testing cfssl@testing \
curl \
tzdata \
libc6-compat
ENV GOPATH /go RUN go install -v github.com/onsi/ginkgo/v2/ginkgo@v${GINKGO_VERSION} \
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH && go install golang.org/x/lint/golint@${GOLINT_VERSION}
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" RUN wget -qO /tmp/resty_cli.tgz \
RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.9.0 && go install golang.org/x/lint/golint@latest
ARG RESTY_CLI_VERSION
ARG RESTY_CLI_SHA
RUN wget -O /tmp/resty_cli.tgz \
https://github.com/openresty/resty-cli/archive/v${RESTY_CLI_VERSION}.tar.gz \ https://github.com/openresty/resty-cli/archive/v${RESTY_CLI_VERSION}.tar.gz \
&& echo "${RESTY_CLI_SHA} */tmp/resty_cli.tgz" | sha256sum -c - \ && echo "${RESTY_CLI_SHA} */tmp/resty_cli.tgz" | sha256sum -c - \
&& tar -C /tmp -xzf /tmp/resty_cli.tgz \ && tar -C /tmp -xzf /tmp/resty_cli.tgz \
@ -68,10 +80,7 @@ RUN wget -O /tmp/resty_cli.tgz \
&& resty -V \ && resty -V \
&& rm -rf /tmp/* && rm -rf /tmp/*
ARG LUAROCKS_VERSION RUN wget -qO /tmp/luarocks.tgz \
ARG LUAROCKS_SHA
RUN wget -O /tmp/luarocks.tgz \
https://github.com/luarocks/luarocks/archive/v${LUAROCKS_VERSION}.tar.gz \ https://github.com/luarocks/luarocks/archive/v${LUAROCKS_VERSION}.tar.gz \
&& echo "${LUAROCKS_SHA} */tmp/luarocks.tgz" | sha256sum -c - \ && echo "${LUAROCKS_SHA} */tmp/luarocks.tgz" | sha256sum -c - \
&& tar -C /tmp -xzf /tmp/luarocks.tgz \ && tar -C /tmp -xzf /tmp/luarocks.tgz \
@ -82,48 +91,39 @@ RUN wget -O /tmp/luarocks.tgz \
RUN luarocks install busted \ RUN luarocks install busted \
&& luarocks install luacheck && luarocks install luacheck
ARG TARGETARCH RUN wget -qO /usr/local/bin/kubectl \
ARG K8S_RELEASE
RUN wget -O /usr/local/bin/kubectl \
https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/${TARGETARCH}/kubectl \ https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/${TARGETARCH}/kubectl \
&& chmod +x /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl
RUN wget -O /usr/local/bin/kube-apiserver \ RUN wget -qO /usr/local/bin/kube-apiserver \
https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/${TARGETARCH}/kube-apiserver \ https://storage.googleapis.com/kubernetes-release/release/${K8S_RELEASE}/bin/linux/${TARGETARCH}/kube-apiserver \
&& chmod +x /usr/local/bin/kube-apiserver && chmod +x /usr/local/bin/kube-apiserver
ARG CHART_TESTING_VERSION RUN wget -qO /tmp/ct-${CHART_TESTING_VERSION}-linux-${TARGETARCH}.tar.gz \
https://github.com/helm/chart-testing/releases/download/v${CHART_TESTING_VERSION}/chart-testing_${CHART_TESTING_VERSION}_linux_${TARGETARCH}.tar.gz \
RUN wget -O /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz \
https://github.com/helm/chart-testing/releases/download/v${CHART_TESTING_VERSION}/chart-testing_${CHART_TESTING_VERSION}_linux_amd64.tar.gz \
&& mkdir -p /tmp/ct-download \ && mkdir -p /tmp/ct-download \
&& tar xzvf /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz -C /tmp/ct-download \ && tar xzvf /tmp/ct-${CHART_TESTING_VERSION}-linux-${TARGETARCH}.tar.gz -C /tmp/ct-download \
&& rm /tmp/ct-${CHART_TESTING_VERSION}-linux-amd64.tar.gz \ && rm /tmp/ct-${CHART_TESTING_VERSION}-linux-${TARGETARCH}.tar.gz \
&& cp /tmp/ct-download/ct /usr/local/bin \ && cp /tmp/ct-download/ct /usr/local/bin \
&& mkdir -p /etc/ct \ && mkdir -p /etc/ct \
&& cp -R /tmp/ct-download/etc/* /etc/ct \ && cp -R /tmp/ct-download/etc/* /etc/ct \
&& rm -rf /tmp/* && rm -rf /tmp/*
RUN wget -O /usr/local/bin/lj-releng \ RUN wget -qO /usr/local/bin/lj-releng \
https://raw.githubusercontent.com/openresty/openresty-devel-utils/master/lj-releng \ https://raw.githubusercontent.com/openresty/openresty-devel-utils/master/lj-releng \
&& chmod +x /usr/local/bin/lj-releng && chmod +x /usr/local/bin/lj-releng
ARG HELM_VERSION
RUN wget -O /tmp/helm.tgz \ RUN wget -qO /tmp/helm.tgz \
https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ https://get.helm.sh/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \
&& tar -C /tmp -xzf /tmp/helm.tgz \ && tar -C /tmp -xzf /tmp/helm.tgz \
&& cp /tmp/linux*/helm /usr/local/bin \ && cp /tmp/linux*/helm /usr/local/bin \
&& rm -rf /tmp/* && rm -rf /tmp/*
# Install a YAML Linter # Install a YAML Linter
ARG YAML_LINT_VERSION
RUN pip install "yamllint==$YAML_LINT_VERSION" RUN pip install "yamllint==$YAML_LINT_VERSION"
# Install Yamale YAML schema validator # Install Yamale YAML schema validator
ARG YAMALE_VERSION
RUN pip install "yamale==$YAMALE_VERSION" RUN pip install "yamale==$YAMALE_VERSION"
WORKDIR $GOPATH WORKDIR $GOPATH

9
internal/ingress/annotations/annotations.go
View file

@ -20,6 +20,7 @@ import (
"github.com/imdario/mergo" "github.com/imdario/mergo"
"k8s.io/ingress-nginx/internal/ingress/annotations/canary" "k8s.io/ingress-nginx/internal/ingress/annotations/canary"
"k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity"
"k8s.io/ingress-nginx/internal/ingress/annotations/opentelemetry"
"k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl" "k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl"
"k8s.io/ingress-nginx/internal/ingress/annotations/sslcipher" "k8s.io/ingress-nginx/internal/ingress/annotations/sslcipher"
"k8s.io/ingress-nginx/internal/ingress/annotations/streamsnippet" "k8s.io/ingress-nginx/internal/ingress/annotations/streamsnippet"
@ -43,7 +44,6 @@ import (
"k8s.io/ingress-nginx/internal/ingress/annotations/fastcgi" "k8s.io/ingress-nginx/internal/ingress/annotations/fastcgi"
"k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit"
"k8s.io/ingress-nginx/internal/ingress/annotations/http2pushpreload" "k8s.io/ingress-nginx/internal/ingress/annotations/http2pushpreload"
"k8s.io/ingress-nginx/internal/ingress/annotations/influxdb"
"k8s.io/ingress-nginx/internal/ingress/annotations/ipdenylist" "k8s.io/ingress-nginx/internal/ingress/annotations/ipdenylist"
"k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist" "k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist"
"k8s.io/ingress-nginx/internal/ingress/annotations/loadbalancing" "k8s.io/ingress-nginx/internal/ingress/annotations/loadbalancing"
@ -57,7 +57,6 @@ import (
"k8s.io/ingress-nginx/internal/ingress/annotations/redirect" "k8s.io/ingress-nginx/internal/ingress/annotations/redirect"
"k8s.io/ingress-nginx/internal/ingress/annotations/rewrite" "k8s.io/ingress-nginx/internal/ingress/annotations/rewrite"
"k8s.io/ingress-nginx/internal/ingress/annotations/satisfy" "k8s.io/ingress-nginx/internal/ingress/annotations/satisfy"
"k8s.io/ingress-nginx/internal/ingress/annotations/secureupstream"
"k8s.io/ingress-nginx/internal/ingress/annotations/serversnippet" "k8s.io/ingress-nginx/internal/ingress/annotations/serversnippet"
"k8s.io/ingress-nginx/internal/ingress/annotations/serviceupstream" "k8s.io/ingress-nginx/internal/ingress/annotations/serviceupstream"
"k8s.io/ingress-nginx/internal/ingress/annotations/sessionaffinity" "k8s.io/ingress-nginx/internal/ingress/annotations/sessionaffinity"
@ -94,6 +93,7 @@ type Ingress struct {
EnableGlobalAuth bool EnableGlobalAuth bool
HTTP2PushPreload bool HTTP2PushPreload bool
Opentracing opentracing.Config Opentracing opentracing.Config
Opentelemetry opentelemetry.Config
Proxy proxy.Config Proxy proxy.Config
ProxySSL proxyssl.Config ProxySSL proxyssl.Config
RateLimit ratelimit.Config RateLimit ratelimit.Config
@ -101,7 +101,6 @@ type Ingress struct {
Redirect redirect.Config Redirect redirect.Config
Rewrite rewrite.Config Rewrite rewrite.Config
Satisfy string Satisfy string
SecureUpstream secureupstream.Config
ServerSnippet string ServerSnippet string
ServiceUpstream bool ServiceUpstream bool
SessionAffinity sessionaffinity.Config SessionAffinity sessionaffinity.Config
@ -115,7 +114,6 @@ type Ingress struct {
XForwardedPrefix string XForwardedPrefix string
SSLCipher sslcipher.Config SSLCipher sslcipher.Config
Logs log.Config Logs log.Config
InfluxDB influxdb.Config
ModSecurity modsecurity.Config ModSecurity modsecurity.Config
Mirror mirror.Config Mirror mirror.Config
StreamSnippet string StreamSnippet string
@ -145,6 +143,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor {
"EnableGlobalAuth": authreqglobal.NewParser(cfg), "EnableGlobalAuth": authreqglobal.NewParser(cfg),
"HTTP2PushPreload": http2pushpreload.NewParser(cfg), "HTTP2PushPreload": http2pushpreload.NewParser(cfg),
"Opentracing": opentracing.NewParser(cfg), "Opentracing": opentracing.NewParser(cfg),
"Opentelemetry": opentelemetry.NewParser(cfg),
"Proxy": proxy.NewParser(cfg), "Proxy": proxy.NewParser(cfg),
"ProxySSL": proxyssl.NewParser(cfg), "ProxySSL": proxyssl.NewParser(cfg),
"RateLimit": ratelimit.NewParser(cfg), "RateLimit": ratelimit.NewParser(cfg),
@ -152,7 +151,6 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor {
"Redirect": redirect.NewParser(cfg), "Redirect": redirect.NewParser(cfg),
"Rewrite": rewrite.NewParser(cfg), "Rewrite": rewrite.NewParser(cfg),
"Satisfy": satisfy.NewParser(cfg), "Satisfy": satisfy.NewParser(cfg),
"SecureUpstream": secureupstream.NewParser(cfg),
"ServerSnippet": serversnippet.NewParser(cfg), "ServerSnippet": serversnippet.NewParser(cfg),
"ServiceUpstream": serviceupstream.NewParser(cfg), "ServiceUpstream": serviceupstream.NewParser(cfg),
"SessionAffinity": sessionaffinity.NewParser(cfg), "SessionAffinity": sessionaffinity.NewParser(cfg),
@ -166,7 +164,6 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor {
"XForwardedPrefix": xforwardedprefix.NewParser(cfg), "XForwardedPrefix": xforwardedprefix.NewParser(cfg),
"SSLCipher": sslcipher.NewParser(cfg), "SSLCipher": sslcipher.NewParser(cfg),
"Logs": log.NewParser(cfg), "Logs": log.NewParser(cfg),
"InfluxDB": influxdb.NewParser(cfg),
"BackendProtocol": backendprotocol.NewParser(cfg), "BackendProtocol": backendprotocol.NewParser(cfg),
"ModSecurity": modsecurity.NewParser(cfg), "ModSecurity": modsecurity.NewParser(cfg),
"Mirror": mirror.NewParser(cfg), "Mirror": mirror.NewParser(cfg),

6
internal/ingress/annotations/fastcgi/main.go
View file

@ -88,11 +88,11 @@ func (a fastcgi) Parse(ing *networking.Ingress) (interface{}, error) {
} }
} }
if cmns == "" { if cmns != "" && cmns != ing.Namespace {
cmns = ing.Namespace return fcgiConfig, fmt.Errorf("different namespace is not supported on fast_cgi param configmap")
} }
cm = fmt.Sprintf("%v/%v", cmns, cmn) cm = fmt.Sprintf("%v/%v", ing.Namespace, cmn)
cmap, err := a.r.GetConfigMap(cm) cmap, err := a.r.GetConfigMap(cm)
if err != nil { if err != nil {
return fcgiConfig, ing_errors.LocationDenied{ return fcgiConfig, ing_errors.LocationDenied{

30
internal/ingress/annotations/fastcgi/main_test.go
View file

@ -17,13 +17,14 @@ limitations under the License.
package fastcgi package fastcgi
import ( import (
"fmt"
"testing" "testing"
api "k8s.io/api/core/v1" api "k8s.io/api/core/v1"
networking "k8s.io/api/networking/v1" networking "k8s.io/api/networking/v1"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/tools/cache"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/errors"
"k8s.io/ingress-nginx/internal/ingress/resolver" "k8s.io/ingress-nginx/internal/ingress/resolver"
) )
@ -51,14 +52,19 @@ type mockConfigMap struct {
} }
func (m mockConfigMap) GetConfigMap(name string) (*api.ConfigMap, error) { func (m mockConfigMap) GetConfigMap(name string) (*api.ConfigMap, error) {
if name != "default/demo-configmap" { if name != "default/demo-configmap" && name != "otherns/demo-configmap" {
return nil, errors.Errorf("there is no configmap with name %v", name) return nil, fmt.Errorf("there is no configmap with name %v", name)
}
cmns, cmn, err := cache.SplitMetaNamespaceKey(name)
if err != nil {
return nil, fmt.Errorf("invalid configmap name")
} }
return &api.ConfigMap{ return &api.ConfigMap{
ObjectMeta: meta_v1.ObjectMeta{ ObjectMeta: meta_v1.ObjectMeta{
Namespace: api.NamespaceDefault, Namespace: cmns,
Name: "demo-secret", Name: cmn,
}, },
Data: map[string]string{"REDIRECT_STATUS": "200", "SERVER_NAME": "$server_name"}, Data: map[string]string{"REDIRECT_STATUS": "200", "SERVER_NAME": "$server_name"},
}, nil }, nil
@ -210,6 +216,20 @@ func TestParseFastCGIParamsConfigMapAnnotationWithNS(t *testing.T) {
} }
} }
func TestParseFastCGIParamsConfigMapAnnotationWithDifferentNS(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix("fastcgi-params-configmap")] = "otherns/demo-configmap"
ing.SetAnnotations(data)
_, err := NewParser(&mockConfigMap{}).Parse(ing)
if err == nil {
t.Errorf("Different namespace configmap should return an error")
}
}
func TestConfigEquality(t *testing.T) { func TestConfigEquality(t *testing.T) {
var nilConfig *Config var nilConfig *Config

101
internal/ingress/annotations/influxdb/main.go
View file

@ -1,101 +0,0 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package influxdb
import (
networking "k8s.io/api/networking/v1"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/resolver"
)
type influxdb struct {
r resolver.Resolver
}
// Config contains the IfluxDB configuration to be used in the Ingress
type Config struct {
InfluxDBEnabled bool `json:"influxDBEnabled"`
InfluxDBMeasurement string `json:"influxDBMeasurement"`
InfluxDBPort string `json:"influxDBPort"`
InfluxDBHost string `json:"influxDBHost"`
InfluxDBServerName string `json:"influxDBServerName"`
}
// NewParser creates a new InfluxDB annotation parser
func NewParser(r resolver.Resolver) parser.IngressAnnotation {
return influxdb{r}
}
// Parse parses the annotations to look for InfluxDB configurations
func (c influxdb) Parse(ing *networking.Ingress) (interface{}, error) {
var err error
config := &Config{}
config.InfluxDBEnabled, err = parser.GetBoolAnnotation("enable-influxdb", ing)
if err != nil {
config.InfluxDBEnabled = false
}
config.InfluxDBMeasurement, err = parser.GetStringAnnotation("influxdb-measurement", ing)
if err != nil {
config.InfluxDBMeasurement = "default"
}
config.InfluxDBPort, err = parser.GetStringAnnotation("influxdb-port", ing)
if err != nil {
// This is not the default 8086 port but the port usually used to expose
// influxdb in UDP, the module uses UDP to talk to influx via the line protocol.
config.InfluxDBPort = "8089"
}
config.InfluxDBHost, err = parser.GetStringAnnotation("influxdb-host", ing)
if err != nil {
config.InfluxDBHost = "127.0.0.1"
}
config.InfluxDBServerName, err = parser.GetStringAnnotation("influxdb-server-name", ing)
if err != nil {
config.InfluxDBServerName = "nginx-ingress"
}
return config, nil
}
// Equal tests for equality between two Config types
func (e1 *Config) Equal(e2 *Config) bool {
if e1 == e2 {
return true
}
if e1 == nil || e2 == nil {
return false
}
if e1.InfluxDBEnabled != e2.InfluxDBEnabled {
return false
}
if e1.InfluxDBPort != e2.InfluxDBPort {
return false
}
if e1.InfluxDBHost != e2.InfluxDBHost {
return false
}
if e1.InfluxDBServerName != e2.InfluxDBServerName {
return false
}
return true
}

138
internal/ingress/annotations/influxdb/main_test.go
View file

@ -1,138 +0,0 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package influxdb
import (
"testing"
api "k8s.io/api/core/v1"
networking "k8s.io/api/networking/v1"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/resolver"
)
func buildIngress() *networking.Ingress {
defaultBackend := networking.IngressBackend{
Service: &networking.IngressServiceBackend{
Name: "default-backend",
Port: networking.ServiceBackendPort{
Number: 80,
},
},
}
return &networking.Ingress{
ObjectMeta: meta_v1.ObjectMeta{
Name: "foo",
Namespace: api.NamespaceDefault,
},
Spec: networking.IngressSpec{
DefaultBackend: &networking.IngressBackend{
Service: &networking.IngressServiceBackend{
Name: "default-backend",
Port: networking.ServiceBackendPort{
Number: 80,
},
},
},
Rules: []networking.IngressRule{
{
Host: "foo.bar.com",
IngressRuleValue: networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Path: "/foo",
Backend: defaultBackend,
},
},
},
},
},
},
},
}
}
func TestIngressInvalidInfluxDB(t *testing.T) {
ing := buildIngress()
influx, _ := NewParser(&resolver.Mock{}).Parse(ing)
nginxInflux, ok := influx.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
if nginxInflux.InfluxDBEnabled == true {
t.Errorf("expected influxdb enabled but returned %v", nginxInflux.InfluxDBEnabled)
}
if nginxInflux.InfluxDBMeasurement != "default" {
t.Errorf("expected measurement name not found. Found %v", nginxInflux.InfluxDBMeasurement)
}
if nginxInflux.InfluxDBPort != "8089" {
t.Errorf("expected port not found. Found %v", nginxInflux.InfluxDBPort)
}
if nginxInflux.InfluxDBHost != "127.0.0.1" {
t.Errorf("expected host not found. Found %v", nginxInflux.InfluxDBHost)
}
if nginxInflux.InfluxDBServerName != "nginx-ingress" {
t.Errorf("expected server name not found. Found %v", nginxInflux.InfluxDBServerName)
}
}
func TestIngressInfluxDB(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix("enable-influxdb")] = "true"
data[parser.GetAnnotationWithPrefix("influxdb-measurement")] = "nginxmeasures"
data[parser.GetAnnotationWithPrefix("influxdb-port")] = "9091"
data[parser.GetAnnotationWithPrefix("influxdb-host")] = "10.99.0.13"
data[parser.GetAnnotationWithPrefix("influxdb-server-name")] = "nginx-test-1"
ing.SetAnnotations(data)
influx, _ := NewParser(&resolver.Mock{}).Parse(ing)
nginxInflux, ok := influx.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
if !nginxInflux.InfluxDBEnabled {
t.Errorf("expected influxdb enabled but returned %v", nginxInflux.InfluxDBEnabled)
}
if nginxInflux.InfluxDBMeasurement != "nginxmeasures" {
t.Errorf("expected measurement name not found. Found %v", nginxInflux.InfluxDBMeasurement)
}
if nginxInflux.InfluxDBPort != "9091" {
t.Errorf("expected port not found. Found %v", nginxInflux.InfluxDBPort)
}
if nginxInflux.InfluxDBHost != "10.99.0.13" {
t.Errorf("expected host not found. Found %v", nginxInflux.InfluxDBHost)
}
if nginxInflux.InfluxDBServerName != "nginx-test-1" {
t.Errorf("expected server name not found. Found %v", nginxInflux.InfluxDBServerName)
}
}

101
internal/ingress/annotations/opentelemetry/main.go Normal file
View file

@ -0,0 +1,101 @@
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package opentelemetry
import (
networking "k8s.io/api/networking/v1"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/resolver"
)
type opentelemetry struct {
r resolver.Resolver
}
// Config contains the configuration to be used in the Ingress
type Config struct {
Enabled bool `json:"enabled"`
Set bool `json:"set"`
TrustEnabled bool `json:"trust-enabled"`
TrustSet bool `json:"trust-set"`
OperationName string `json:"operation-name"`
}
// Equal tests for equality between two Config types
func (bd1 *Config) Equal(bd2 *Config) bool {
if bd1.Set != bd2.Set {
return false
}
if bd1.Enabled != bd2.Enabled {
return false
}
if bd1.TrustSet != bd2.TrustSet {
return false
}
if bd1.TrustEnabled != bd2.TrustEnabled {
return false
}
if bd1.OperationName != bd2.OperationName {
return false
}
return true
}
// NewParser creates a new serviceUpstream annotation parser
func NewParser(r resolver.Resolver) parser.IngressAnnotation {
return opentelemetry{r}
}
// Parse parses the annotations to look for opentelemetry configurations
func (c opentelemetry) Parse(ing *networking.Ingress) (interface{}, error) {
cfg := Config{}
enabled, err := parser.GetBoolAnnotation("enable-opentelemetry", ing)
if err != nil {
return &cfg, nil
}
cfg.Set = true
cfg.Enabled = enabled
if !enabled {
return &cfg, nil
}
trustEnabled, err := parser.GetBoolAnnotation("opentelemetry-trust-incoming-span", ing)
if err != nil {
operationName, err := parser.GetStringAnnotation("opentelemetry-operation-name", ing)
if err != nil {
return &cfg, nil
}
cfg.OperationName = operationName
return &cfg, nil
}
cfg.TrustSet = true
cfg.TrustEnabled = trustEnabled
operationName, err := parser.GetStringAnnotation("opentelemetry-operation-name", ing)
if err != nil {
return &cfg, nil
}
cfg.OperationName = operationName
return &cfg, nil
}

170
internal/ingress/annotations/opentelemetry/main_test.go Normal file
View file

@ -0,0 +1,170 @@
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package opentelemetry
import (
"testing"
api "k8s.io/api/core/v1"
networking "k8s.io/api/networking/v1"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/resolver"
)
func buildIngress() *networking.Ingress {
defaultBackend := networking.IngressBackend{
Service: &networking.IngressServiceBackend{
Name: "default-backend",
Port: networking.ServiceBackendPort{
Number: 80,
},
},
}
return &networking.Ingress{
ObjectMeta: meta_v1.ObjectMeta{
Name: "foo",
Namespace: api.NamespaceDefault,
},
Spec: networking.IngressSpec{
DefaultBackend: &networking.IngressBackend{
Service: &networking.IngressServiceBackend{
Name: "default-backend",
Port: networking.ServiceBackendPort{
Number: 80,
},
},
},
Rules: []networking.IngressRule{
{
Host: "foo.bar.com",
IngressRuleValue: networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Path: "/foo",
Backend: defaultBackend,
},
},
},
},
},
},
},
}
}
func TestIngressAnnotationOpentelemetrySetTrue(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix("enable-opentelemetry")] = "true"
ing.SetAnnotations(data)
val, _ := NewParser(&resolver.Mock{}).Parse(ing)
openTelemetry, ok := val.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
if !openTelemetry.Enabled {
t.Errorf("expected annotation value to be true, got false")
}
if !openTelemetry.Set {
t.Errorf("expected annotation value to be true, got false")
}
if openTelemetry.TrustSet {
t.Errorf("expected annotation value to be false, got true")
}
}
func TestIngressAnnotationOpentelemetrySetFalse(t *testing.T) {
ing := buildIngress()
// Test with explicitly set to false
data := map[string]string{}
data[parser.GetAnnotationWithPrefix("enable-opentelemetry")] = "false"
ing.SetAnnotations(data)
val, _ := NewParser(&resolver.Mock{}).Parse(ing)
openTelemetry, ok := val.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
if openTelemetry.Enabled {
t.Errorf("expected annotation value to be false, got true")
}
if !openTelemetry.Set {
t.Errorf("expected annotation value to be true, got false")
}
}
func TestIngressAnnotationOpentelemetryTrustSetTrue(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
opName := "foo-op"
data[parser.GetAnnotationWithPrefix("enable-opentelemetry")] = "true"
data[parser.GetAnnotationWithPrefix("opentelemetry-trust-incoming-span")] = "true"
data[parser.GetAnnotationWithPrefix("opentelemetry-operation-name")] = opName
ing.SetAnnotations(data)
val, _ := NewParser(&resolver.Mock{}).Parse(ing)
openTelemetry, ok := val.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
if !openTelemetry.Enabled {
t.Errorf("expected annotation value to be true, got false")
}
if !openTelemetry.Set {
t.Errorf("expected annotation value to be true, got false")
}
if !openTelemetry.TrustEnabled {
t.Errorf("expected annotation value to be true, got false")
}
if !openTelemetry.TrustSet {
t.Errorf("expected annotation value to be true, got false")
}
if openTelemetry.OperationName != opName {
t.Errorf("expected annotation value to be %v, got %v", opName, openTelemetry.OperationName)
}
}
func TestIngressAnnotationOpentelemetryUnset(t *testing.T) {
ing := buildIngress()
// Test with no annotation specified
data := map[string]string{}
ing.SetAnnotations(data)
val, _ := NewParser(&resolver.Mock{}).Parse(ing)
_, ok := val.(*Config)
if !ok {
t.Errorf("expected a Config type")
}
}

48
internal/ingress/annotations/secureupstream/main.go
View file

@ -1,48 +0,0 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secureupstream
import (
networking "k8s.io/api/networking/v1"
"k8s.io/klog/v2"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/resolver"
)
// Config describes SSL backend configuration
type Config struct {
CACert resolver.AuthSSLCert `json:"caCert"`
}
type su struct {
r resolver.Resolver
}
// NewParser creates a new secure upstream annotation parser
func NewParser(r resolver.Resolver) parser.IngressAnnotation {
return su{r}
}
// Parse parses the annotations contained in the ingress
// rule used to indicate if the upstream servers should use SSL
func (a su) Parse(ing *networking.Ingress) (secure interface{}, err error) {
if ca, _ := parser.GetStringAnnotation("secure-verify-ca-secret", ing); ca != "" {
klog.Warningf("NOTE! secure-verify-ca-secret is not supported anymore. Please use proxy-ssl-secret instead")
}
return
}

162
internal/ingress/annotations/secureupstream/main_test.go
View file

@ -1,162 +0,0 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secureupstream
import (
"fmt"
"testing"
api "k8s.io/api/core/v1"
networking "k8s.io/api/networking/v1"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/resolver"
)
func buildIngress() *networking.Ingress {
defaultBackend := networking.IngressBackend{
Service: &networking.IngressServiceBackend{
Name: "default-backend",
Port: networking.ServiceBackendPort{
Number: 80,
},
},
}
return &networking.Ingress{
ObjectMeta: meta_v1.ObjectMeta{
Name: "foo",
Namespace: api.NamespaceDefault,
},
Spec: networking.IngressSpec{
DefaultBackend: &networking.IngressBackend{
Service: &networking.IngressServiceBackend{
Name: "default-backend",
Port: networking.ServiceBackendPort{
Number: 80,
},
},
},
Rules: []networking.IngressRule{
{
Host: "foo.bar.com",
IngressRuleValue: networking.IngressRuleValue{
HTTP: &networking.HTTPIngressRuleValue{
Paths: []networking.HTTPIngressPath{
{
Path: "/foo",
Backend: defaultBackend,
},
},
},
},
},
},
},
}
}
type mockCfg struct {
resolver.Mock
certs map[string]resolver.AuthSSLCert
}
func (cfg mockCfg) GetAuthCertificate(secret string) (*resolver.AuthSSLCert, error) {
if cert, ok := cfg.certs[secret]; ok {
return &cert, nil
}
return nil, fmt.Errorf("secret not found: %v", secret)
}
func TestNoCA(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTPS"
ing.SetAnnotations(data)
_, err := NewParser(mockCfg{
certs: map[string]resolver.AuthSSLCert{
"default/secure-verify-ca": {},
},
}).Parse(ing)
if err != nil {
t.Errorf("Unexpected error on ingress: %v", err)
}
}
func TestAnnotations(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTPS"
data[parser.GetAnnotationWithPrefix("secure-verify-ca-secret")] = "secure-verify-ca"
ing.SetAnnotations(data)
_, err := NewParser(mockCfg{
certs: map[string]resolver.AuthSSLCert{
"default/secure-verify-ca": {},
},
}).Parse(ing)
if err != nil {
t.Errorf("Unexpected error on ingress: %v", err)
}
}
func TestSecretNotFound(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTPS"
data[parser.GetAnnotationWithPrefix("secure-verify-ca-secret")] = "secure-verify-ca"
ing.SetAnnotations(data)
_, err := NewParser(mockCfg{}).Parse(ing)
if err != nil {
t.Error("Expected secret not found error on ingress")
}
}
func TestSecretOnNonSecure(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTP"
data[parser.GetAnnotationWithPrefix("secure-verify-ca-secret")] = "secure-verify-ca"
ing.SetAnnotations(data)
_, err := NewParser(mockCfg{
certs: map[string]resolver.AuthSSLCert{
"default/secure-verify-ca": {},
},
}).Parse(ing)
if err != nil {
t.Error("Expected CA secret on non secure backend error on ingress")
}
}
func TestUnsupportedAnnotation(t *testing.T) {
ing := buildIngress()
data := map[string]string{}
data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTPS"
data[parser.GetAnnotationWithPrefix("secure-verify-ca-secret")] = "secure-verify-ca"
ing.SetAnnotations(data)
_, err := NewParser(mockCfg{
certs: map[string]resolver.AuthSSLCert{
"default/secure-verify-ca": {},
},
}).Parse(ing)
if err != nil {
t.Errorf("Unexpected error on ingress: %v", err)
}
}

55
internal/ingress/controller/config/config.go
View file

@ -568,6 +568,54 @@ type Configuration struct {
// Default: true // Default: true
OpentracingTrustIncomingSpan bool `json:"opentracing-trust-incoming-span"` OpentracingTrustIncomingSpan bool `json:"opentracing-trust-incoming-span"`
// EnableOpentelemetry enables the nginx Opentelemetry extension
// By default this is disabled
EnableOpentelemetry bool `json:"enable-opentelemetry"`
// OpentelemetryConfig sets the opentelemetry config file
// Default: /etc/nginx/opentelemetry.toml
OpentelemetryConfig string `json:"opentelemetry-config"`
// OpentelemetryOperationName specifies a custom name for the server span
OpentelemetryOperationName string `json:"opentelemetry-operation-name"`
// OpentelemetryTrustIncomingSpan sets whether or not to trust incoming trace spans
// If false, incoming span headers will be rejected
// Default: true
OpentelemetryTrustIncomingSpan bool `json:"opentelemetry-trust-incoming-span"`
// OtlpCollectorHost specifies the host to use when uploading traces
OtlpCollectorHost string `json:"otlp-collector-host"`
// OtlpCollectorPort specifies the port to use when uploading traces
// Default: 4317
OtlpCollectorPort string `json:"otlp-collector-port"`
// OtelServiceName specifies the service name to use for any traces created
// Default: nginx
OtelServiceName string `json:"otel-service-name"`
// OtelSampler specifies the sampler to use for any traces created
// Default: AlwaysOff
OtelSampler string `json:"otel-sampler"`
// OtelSamplerRatio specifies the sampler ratio to use for any traces created
// Default: 0.01
OtelSamplerRatio float32 `json:"otel-sampler-ratio"`
//OtelSamplerParentBased specifies the parent based sampler to be use for any traces created
// Default: false
OtelSamplerParentBased bool `json:"otel-sampler-parent-based"`
// MaxQueueSize specifies the max queue size for uploading traces
OtelMaxQueueSize int32 `json:"otel-max-queuesize"`
// ScheduleDelayMillis specifies the max delay between uploading traces
OtelScheduleDelayMillis int32 `json:"otel-schedule-delay-millis"`
// MaxExportBatchSize specifies the max export batch size to used when uploading traces
OtelMaxExportBatchSize int32 `json:"otel-max-export-batch-size"`
// ZipkinCollectorHost specifies the host to use when uploading traces // ZipkinCollectorHost specifies the host to use when uploading traces
ZipkinCollectorHost string `json:"zipkin-collector-host"` ZipkinCollectorHost string `json:"zipkin-collector-host"`
@ -917,6 +965,13 @@ func NewDefault() Configuration {
BindAddressIpv4: defBindAddress, BindAddressIpv4: defBindAddress,
BindAddressIpv6: defBindAddress, BindAddressIpv6: defBindAddress,
OpentracingTrustIncomingSpan: true, OpentracingTrustIncomingSpan: true,
OpentelemetryTrustIncomingSpan: true,
OpentelemetryConfig: "/etc/nginx/opentelemetry.toml",
OtlpCollectorPort: "4317",
OtelServiceName: "nginx",
OtelSampler: "AlwaysOff",
OtelSamplerRatio: 0.01,
OtelSamplerParentBased: false,
ZipkinCollectorPort: 9411, ZipkinCollectorPort: 9411,
ZipkinServiceName: "nginx", ZipkinServiceName: "nginx",
ZipkinSampleRate: 1.0, ZipkinSampleRate: 1.0,

3
internal/ingress/controller/controller.go
View file

@ -106,6 +106,7 @@ type Configuration struct {
MetricsPerHost bool MetricsPerHost bool
MetricsBuckets *collectors.HistogramBuckets MetricsBuckets *collectors.HistogramBuckets
ReportStatusClasses bool ReportStatusClasses bool
ExcludeSocketMetrics []string
FakeCertificate *ingress.SSLCert FakeCertificate *ingress.SSLCert
@ -1444,6 +1445,7 @@ func locationApplyAnnotations(loc *ingress.Location, anns *annotations.Ingress)
loc.EnableGlobalAuth = anns.EnableGlobalAuth loc.EnableGlobalAuth = anns.EnableGlobalAuth
loc.HTTP2PushPreload = anns.HTTP2PushPreload loc.HTTP2PushPreload = anns.HTTP2PushPreload
loc.Opentracing = anns.Opentracing loc.Opentracing = anns.Opentracing
loc.Opentelemetry = anns.Opentelemetry
loc.Proxy = anns.Proxy loc.Proxy = anns.Proxy
loc.ProxySSL = anns.ProxySSL loc.ProxySSL = anns.ProxySSL
loc.RateLimit = anns.RateLimit loc.RateLimit = anns.RateLimit
@ -1458,7 +1460,6 @@ func locationApplyAnnotations(loc *ingress.Location, anns *annotations.Ingress)
loc.UsePortInRedirects = anns.UsePortInRedirects loc.UsePortInRedirects = anns.UsePortInRedirects
loc.Connection = anns.Connection loc.Connection = anns.Connection
loc.Logs = anns.Logs loc.Logs = anns.Logs
loc.InfluxDB = anns.InfluxDB
loc.DefaultBackend = anns.DefaultBackend loc.DefaultBackend = anns.DefaultBackend
loc.BackendProtocol = anns.BackendProtocol loc.BackendProtocol = anns.BackendProtocol
loc.FastCGI = anns.FastCGI loc.FastCGI = anns.FastCGI

43
internal/ingress/controller/nginx.go
View file

@ -673,6 +673,11 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
return err return err
} }
err = createOpentelemetryCfg(cfg)
if err != nil {
return err
}
err = n.testTemplate(content) err = n.testTemplate(content)
if err != nil { if err != nil {
return err return err
@ -1056,6 +1061,29 @@ const datadogTmpl = `{
"dd.priority.sampling": {{ .DatadogPrioritySampling }} "dd.priority.sampling": {{ .DatadogPrioritySampling }}
}` }`
const otelTmpl = `
exporter = "otlp"
processor = "batch"
[exporters.otlp]
# Alternatively the OTEL_EXPORTER_OTLP_ENDPOINT environment variable can also be used.
host = "{{ .OtlpCollectorHost }}"
port = {{ .OtlpCollectorPort }}
[processors.batch]
max_queue_size = {{ .OtelMaxQueueSize }}
schedule_delay_millis = {{ .OtelScheduleDelayMillis }}
max_export_batch_size = {{ .OtelMaxExportBatchSize }}
[service]
name = "{{ .OtelServiceName }}" # Opentelemetry resource name
[sampler]
name = "{{ .OtelSampler }}" # Also: AlwaysOff, TraceIdRatioBased
ratio = {{ .OtelSamplerRatio }}
parent_based = {{ .OtelSamplerParentBased }}
`
func createOpentracingCfg(cfg ngx_config.Configuration) error { func createOpentracingCfg(cfg ngx_config.Configuration) error {
var tmpl *template.Template var tmpl *template.Template
var err error var err error
@ -1091,6 +1119,21 @@ func createOpentracingCfg(cfg ngx_config.Configuration) error {
return os.WriteFile("/etc/nginx/opentracing.json", []byte(expanded), file.ReadWriteByUser) return os.WriteFile("/etc/nginx/opentracing.json", []byte(expanded), file.ReadWriteByUser)
} }
func createOpentelemetryCfg(cfg ngx_config.Configuration) error {
tmpl, err := template.New("otel").Parse(otelTmpl)
if err != nil {
return err
}
tmplBuf := bytes.NewBuffer(make([]byte, 0))
err = tmpl.Execute(tmplBuf, cfg)
if err != nil {
return err
}
return os.WriteFile(cfg.OpentelemetryConfig, tmplBuf.Bytes(), file.ReadWriteByUser)
}
func cleanTempNginxCfg() error { func cleanTempNginxCfg() error {
var files []string var files []string

123
internal/ingress/controller/template/template.go
View file

@ -40,7 +40,6 @@ import (
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/klog/v2" "k8s.io/klog/v2"
"k8s.io/ingress-nginx/internal/ingress/annotations/influxdb"
"k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/annotations/parser"
"k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit"
"k8s.io/ingress-nginx/internal/ingress/controller/config" "k8s.io/ingress-nginx/internal/ingress/controller/config"
@ -265,8 +264,8 @@ var (
"buildAuthSignURL": buildAuthSignURL, "buildAuthSignURL": buildAuthSignURL,
"buildAuthSignURLLocation": buildAuthSignURLLocation, "buildAuthSignURLLocation": buildAuthSignURLLocation,
"buildOpentracing": buildOpentracing, "buildOpentracing": buildOpentracing,
"buildOpentelemetry": buildOpentelemetry,
"proxySetHeader": proxySetHeader, "proxySetHeader": proxySetHeader,
"buildInfluxDB": buildInfluxDB,
"enforceRegexModifier": enforceRegexModifier, "enforceRegexModifier": enforceRegexModifier,
"buildCustomErrorDeps": buildCustomErrorDeps, "buildCustomErrorDeps": buildCustomErrorDeps,
"buildCustomErrorLocationsPerServer": buildCustomErrorLocationsPerServer, "buildCustomErrorLocationsPerServer": buildCustomErrorLocationsPerServer,
@ -274,11 +273,12 @@ var (
"buildHTTPListener": buildHTTPListener, "buildHTTPListener": buildHTTPListener,
"buildHTTPSListener": buildHTTPSListener, "buildHTTPSListener": buildHTTPSListener,
"buildOpentracingForLocation": buildOpentracingForLocation, "buildOpentracingForLocation": buildOpentracingForLocation,
"buildOpentelemetryForLocation": buildOpentelemetryForLocation,
"shouldLoadOpentracingModule": shouldLoadOpentracingModule, "shouldLoadOpentracingModule": shouldLoadOpentracingModule,
"shouldLoadOpentelemetryModule": shouldLoadOpentelemetryModule,
"buildModSecurityForLocation": buildModSecurityForLocation, "buildModSecurityForLocation": buildModSecurityForLocation,
"buildMirrorLocations": buildMirrorLocations, "buildMirrorLocations": buildMirrorLocations,
"shouldLoadAuthDigestModule": shouldLoadAuthDigestModule, "shouldLoadAuthDigestModule": shouldLoadAuthDigestModule,
"shouldLoadInfluxDBModule": shouldLoadInfluxDBModule,
"buildServerName": buildServerName, "buildServerName": buildServerName,
"buildCorsOriginRegex": buildCorsOriginRegex, "buildCorsOriginRegex": buildCorsOriginRegex,
} }
@ -1239,27 +1239,31 @@ func buildOpentracing(c interface{}, s interface{}) string {
return buf.String() return buf.String()
} }
// buildInfluxDB produces the single line configuration func buildOpentelemetry(c interface{}, s interface{}) string {
// needed by the InfluxDB module to send request's metrics cfg, ok := c.(config.Configuration)
// for the current resource
func buildInfluxDB(input interface{}) string {
cfg, ok := input.(influxdb.Config)
if !ok { if !ok {
klog.Errorf("expected an 'influxdb.Config' type but %T was returned", input) klog.Errorf("expected a 'config.Configuration' type but %T was returned", c)
return "" return ""
} }
if !cfg.InfluxDBEnabled { servers, ok := s.([]*ingress.Server)
if !ok {
klog.Errorf("expected an '[]*ingress.Server' type but %T was returned", s)
return "" return ""
} }
return fmt.Sprintf( if !shouldLoadOpentelemetryModule(cfg, servers) {
"influxdb server_name=%s host=%s port=%s measurement=%s enabled=true;", return ""
cfg.InfluxDBServerName, }
cfg.InfluxDBHost,
cfg.InfluxDBPort, buf := bytes.NewBufferString("")
cfg.InfluxDBMeasurement,
) buf.WriteString("\r\n")
if cfg.OpentelemetryOperationName != "" {
buf.WriteString(fmt.Sprintf("opentelemetry_operation_name \"%s\";\n", cfg.OpentelemetryOperationName))
}
return buf.String()
} }
func proxySetHeader(loc interface{}) string { func proxySetHeader(loc interface{}) string {
@ -1360,6 +1364,13 @@ func opentracingPropagateContext(location *ingress.Location) string {
return "opentracing_propagate_context;" return "opentracing_propagate_context;"
} }
func opentelemetryPropagateContext(location *ingress.Location) string {
if location == nil {
return ""
}
return "opentelemetry_propagate;"
}
// shouldLoadModSecurityModule determines whether or not the ModSecurity module needs to be loaded. // shouldLoadModSecurityModule determines whether or not the ModSecurity module needs to be loaded.
// First, it checks if `enable-modsecurity` is set in the ConfigMap. If it is not, it iterates over all locations to // First, it checks if `enable-modsecurity` is set in the ConfigMap. If it is not, it iterates over all locations to
// check if ModSecurity is enabled by the annotation `nginx.ingress.kubernetes.io/enable-modsecurity`. // check if ModSecurity is enabled by the annotation `nginx.ingress.kubernetes.io/enable-modsecurity`.
@ -1575,6 +1586,36 @@ func buildOpentracingForLocation(isOTEnabled bool, isOTTrustSet bool, location *
return opc return opc
} }
func buildOpentelemetryForLocation(isOTEnabled bool, isOTTrustSet bool, location *ingress.Location) string {
isOTEnabledInLoc := location.Opentelemetry.Enabled
isOTSetInLoc := location.Opentelemetry.Set
if isOTEnabled {
if isOTSetInLoc && !isOTEnabledInLoc {
return "opentelemetry off;"
}
} else if !isOTSetInLoc || !isOTEnabledInLoc {
return ""
}
opc := opentelemetryPropagateContext(location)
if opc != "" {
opc = fmt.Sprintf("opentelemetry on;\n%v", opc)
}
if location.Opentelemetry.OperationName != "" {
opc = opc + "\nopentelemetry_operation_name " + location.Opentelemetry.OperationName + ";"
}
if (!isOTTrustSet && !location.Opentelemetry.TrustSet) ||
(location.Opentelemetry.TrustSet && !location.Opentelemetry.TrustEnabled) {
opc = opc + "\nopentelemetry_trust_incoming_spans off;"
} else {
opc = opc + "\nopentelemetry_trust_incoming_spans on;"
}
return opc
}
// shouldLoadOpentracingModule determines whether or not the Opentracing module needs to be loaded. // shouldLoadOpentracingModule determines whether or not the Opentracing module needs to be loaded.
// First, it checks if `enable-opentracing` is set in the ConfigMap. If it is not, it iterates over all locations to // First, it checks if `enable-opentracing` is set in the ConfigMap. If it is not, it iterates over all locations to
// check if Opentracing is enabled by the annotation `nginx.ingress.kubernetes.io/enable-opentracing`. // check if Opentracing is enabled by the annotation `nginx.ingress.kubernetes.io/enable-opentracing`.
@ -1606,6 +1647,35 @@ func shouldLoadOpentracingModule(c interface{}, s interface{}) bool {
return false return false
} }
// shouldLoadOpentelemetryModule determines whether or not the Opentelemetry module needs to be loaded.
// It checks if `enable-opentelemetry` is set in the ConfigMap.
func shouldLoadOpentelemetryModule(c interface{}, s interface{}) bool {
cfg, ok := c.(config.Configuration)
if !ok {
klog.Errorf("expected a 'config.Configuration' type but %T was returned", c)
return false
}
servers, ok := s.([]*ingress.Server)
if !ok {
klog.Errorf("expected an '[]*ingress.Server' type but %T was returned", s)
return false
}
if cfg.EnableOpentelemetry {
return true
}
for _, server := range servers {
for _, location := range server.Locations {
if location.Opentelemetry.Enabled {
return true
}
}
}
return false
}
func buildModSecurityForLocation(cfg config.Configuration, location *ingress.Location) string { func buildModSecurityForLocation(cfg config.Configuration, location *ingress.Location) string {
isMSEnabledInLoc := location.ModSecurity.Enable isMSEnabledInLoc := location.ModSecurity.Enable
isMSEnableSetInLoc := location.ModSecurity.EnableSet isMSEnableSetInLoc := location.ModSecurity.EnableSet
@ -1701,25 +1771,6 @@ func shouldLoadAuthDigestModule(s interface{}) bool {
return false return false
} }
// shouldLoadInfluxDBModule determines whether or not the ngx_http_auth_digest_module module needs to be loaded.
func shouldLoadInfluxDBModule(s interface{}) bool {
servers, ok := s.([]*ingress.Server)
if !ok {
klog.Errorf("expected an '[]*ingress.Server' type but %T was returned", s)
return false
}
for _, server := range servers {
for _, location := range server.Locations {
if location.InfluxDB.InfluxDBEnabled {
return true
}
}
}
return false
}
// buildServerName ensures wildcard hostnames are valid // buildServerName ensures wildcard hostnames are valid
func buildServerName(hostname string) string { func buildServerName(hostname string) string {
if !strings.HasPrefix(hostname, "*") { if !strings.HasPrefix(hostname, "*") {

178
internal/ingress/controller/template/template_test.go
View file

@ -35,8 +35,8 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/internal/ingress/annotations/authreq" "k8s.io/ingress-nginx/internal/ingress/annotations/authreq"
"k8s.io/ingress-nginx/internal/ingress/annotations/influxdb"
"k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity"
"k8s.io/ingress-nginx/internal/ingress/annotations/opentelemetry"
"k8s.io/ingress-nginx/internal/ingress/annotations/opentracing" "k8s.io/ingress-nginx/internal/ingress/annotations/opentracing"
"k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit"
"k8s.io/ingress-nginx/internal/ingress/annotations/rewrite" "k8s.io/ingress-nginx/internal/ingress/annotations/rewrite"
@ -1150,6 +1150,26 @@ func TestOpentracingPropagateContext(t *testing.T) {
} }
} }
func TestOpentelemetryPropagateContext(t *testing.T) {
tests := map[*ingress.Location]string{
{BackendProtocol: "HTTP"}: "opentelemetry_propagate;",
{BackendProtocol: "HTTPS"}: "opentelemetry_propagate;",
{BackendProtocol: "AUTO_HTTP"}: "opentelemetry_propagate;",
{BackendProtocol: "GRPC"}: "opentelemetry_propagate;",
{BackendProtocol: "GRPCS"}: "opentelemetry_propagate;",
{BackendProtocol: "AJP"}: "opentelemetry_propagate;",
{BackendProtocol: "FCGI"}: "opentelemetry_propagate;",
nil: "",
}
for loc, expectedDirective := range tests {
actualDirective := opentelemetryPropagateContext(loc)
if actualDirective != expectedDirective {
t.Errorf("Expected %v but returned %v", expectedDirective, actualDirective)
}
}
}
func TestGetIngressInformation(t *testing.T) { func TestGetIngressInformation(t *testing.T) {
testcases := map[string]struct { testcases := map[string]struct {
@ -1619,30 +1639,6 @@ func TestProxySetHeader(t *testing.T) {
} }
} }
func TestBuildInfluxDB(t *testing.T) {
invalidType := &ingress.Ingress{}
expected := ""
actual := buildInfluxDB(invalidType)
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
cfg := influxdb.Config{
InfluxDBEnabled: true,
InfluxDBServerName: "ok.com",
InfluxDBHost: "host.com",
InfluxDBPort: "5252",
InfluxDBMeasurement: "ok",
}
expected = "influxdb server_name=ok.com host=host.com port=5252 measurement=ok enabled=true;"
actual = buildInfluxDB(cfg)
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
}
func TestBuildOpenTracing(t *testing.T) { func TestBuildOpenTracing(t *testing.T) {
invalidType := &ingress.Ingress{} invalidType := &ingress.Ingress{}
expected := "" expected := ""
@ -1723,6 +1719,37 @@ func TestBuildOpenTracing(t *testing.T) {
} }
func TestBuildOpenTelemetry(t *testing.T) {
invalidType := &ingress.Ingress{}
expected := ""
actual := buildOpentelemetry(invalidType, []*ingress.Server{})
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
cfgNoHost := config.Configuration{
EnableOpentelemetry: true,
}
expected = "\r\n"
actual = buildOpentelemetry(cfgNoHost, []*ingress.Server{})
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
cfgOpenTelemetry := config.Configuration{
EnableOpentelemetry: true,
OpentelemetryOperationName: "my-operation-name",
}
expected = "\r\n"
expected += "opentelemetry_operation_name \"my-operation-name\";\n"
actual = buildOpentelemetry(cfgOpenTelemetry, []*ingress.Server{})
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
}
func TestEnforceRegexModifier(t *testing.T) { func TestEnforceRegexModifier(t *testing.T) {
invalidType := &ingress.Ingress{} invalidType := &ingress.Ingress{}
expected := false expected := false
@ -1903,6 +1930,107 @@ func TestShouldLoadOpentracingModule(t *testing.T) {
} }
} }
func TestOpentelemetryForLocation(t *testing.T) {
trueVal := true
falseVal := false
loadOT := `opentelemetry on;
opentelemetry_propagate;
opentelemetry_trust_incoming_spans on;`
loadOTUntrustedSpan := `opentelemetry on;
opentelemetry_propagate;
opentelemetry_trust_incoming_spans off;`
testCases := []struct {
description string
globalOT bool
isSetInLoc bool
isOTInLoc *bool
globalTrust bool
isTrustSetInLoc bool
isTrustInLoc *bool
expected string
}{
{"globally enabled, without annotation", true, false, nil, true, false, nil, loadOT},
{"globally enabled and enabled in location", true, true, &trueVal, true, false, nil, loadOT},
{"globally disabled and not enabled in location", false, false, nil, true, false, nil, ""},
{"globally disabled but enabled in location", false, true, &trueVal, true, false, nil, loadOT},
{"globally trusted, not trusted in location", true, false, nil, true, true, &falseVal, loadOTUntrustedSpan},
{"not globally trusted, trust set in location", true, false, nil, false, true, &trueVal, loadOT},
{"not globally trusted, trust not set in location", true, false, nil, false, false, nil, loadOTUntrustedSpan},
}
for _, testCase := range testCases {
il := &ingress.Location{
Opentelemetry: opentelemetry.Config{Set: testCase.isSetInLoc, TrustSet: testCase.isTrustSetInLoc},
}
if il.Opentelemetry.Set {
il.Opentelemetry.Enabled = *testCase.isOTInLoc
}
if il.Opentelemetry.TrustSet {
il.Opentelemetry.TrustEnabled = *testCase.isTrustInLoc
}
actual := buildOpentelemetryForLocation(testCase.globalOT, testCase.globalTrust, il)
if testCase.expected != actual {
t.Errorf("%v: expected '%v' but returned '%v'", testCase.description, testCase.expected, actual)
}
}
}
func TestShouldLoadOpentelemetryModule(t *testing.T) {
// ### Invalid argument type tests ###
// The first tests should return false.
expected := false
invalidType := &ingress.Ingress{}
actual := shouldLoadOpentelemetryModule(config.Configuration{}, invalidType)
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
actual = shouldLoadOpentelemetryModule(invalidType, []*ingress.Server{})
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
// ### Functional tests ###
actual = shouldLoadOpentelemetryModule(config.Configuration{}, []*ingress.Server{})
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
// All further tests should return true.
expected = true
configuration := config.Configuration{EnableOpentelemetry: true}
actual = shouldLoadOpentelemetryModule(configuration, []*ingress.Server{})
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
servers := []*ingress.Server{
{
Locations: []*ingress.Location{
{
Opentelemetry: opentelemetry.Config{
Enabled: true,
},
},
},
},
}
actual = shouldLoadOpentelemetryModule(config.Configuration{}, servers)
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
actual = shouldLoadOpentelemetryModule(configuration, servers)
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
}
func TestModSecurityForLocation(t *testing.T) { func TestModSecurityForLocation(t *testing.T) {
loadModule := `modsecurity on; loadModule := `modsecurity on;
` `

169
internal/ingress/metric/collectors/socket.go
View file

@ -21,6 +21,7 @@ import (
"io" "io"
"net" "net"
"os" "os"
"strings"
"syscall" "syscall"
jsoniter "github.com/json-iterator/go" jsoniter "github.com/json-iterator/go"
@ -60,6 +61,8 @@ type HistogramBuckets struct {
SizeBuckets []float64 SizeBuckets []float64
} }
type metricMapping map[string]prometheus.Collector
// SocketCollector stores prometheus metrics and ingress meta-data // SocketCollector stores prometheus metrics and ingress meta-data
type SocketCollector struct { type SocketCollector struct {
prometheus.Collector prometheus.Collector
@ -78,7 +81,7 @@ type SocketCollector struct {
listener net.Listener listener net.Listener
metricMapping map[string]interface{} metricMapping metricMapping
hosts sets.Set[string] hosts sets.Set[string]
@ -106,7 +109,7 @@ var defObjectives = map[float64]float64{0.5: 0.05, 0.9: 0.01, 0.99: 0.001}
// NewSocketCollector creates a new SocketCollector instance using // NewSocketCollector creates a new SocketCollector instance using
// the ingress watch namespace and class used by the controller // the ingress watch namespace and class used by the controller
func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStatusClasses bool, buckets HistogramBuckets) (*SocketCollector, error) { func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStatusClasses bool, buckets HistogramBuckets, excludeMetrics []string) (*SocketCollector, error) {
socket := "/tmp/nginx/prometheus-nginx.socket" socket := "/tmp/nginx/prometheus-nginx.socket"
// unix sockets must be unlink()ed before being used // unix sockets must be unlink()ed before being used
_ = syscall.Unlink(socket) _ = syscall.Unlink(socket)
@ -132,13 +135,23 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat
requestTags = append(requestTags, "host") requestTags = append(requestTags, "host")
} }
em := make(map[string]struct{}, len(excludeMetrics))
for _, m := range excludeMetrics {
// remove potential nginx_ingress_controller prefix from the metric name
// TBD: how to handle fully qualified histogram metrics e.g. _buckets and _sum. Should we just remove the suffix and remove the histogram metric or ignore it?
em[strings.TrimPrefix(m, "nginx_ingress_controller_")] = struct{}{}
}
// create metric mapping with only the metrics that are not excluded
mm := make(metricMapping)
sc := &SocketCollector{ sc := &SocketCollector{
listener: listener, listener: listener,
metricsPerHost: metricsPerHost, metricsPerHost: metricsPerHost,
reportStatusClasses: reportStatusClasses, reportStatusClasses: reportStatusClasses,
connectTime: prometheus.NewHistogramVec( connectTime: histogramMetric(
prometheus.HistogramOpts{ prometheus.HistogramOpts{
Name: "connect_duration_seconds", Name: "connect_duration_seconds",
Help: "The time spent on establishing a connection with the upstream server", Help: "The time spent on establishing a connection with the upstream server",
@ -147,8 +160,11 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat
Buckets: buckets.TimeBuckets, Buckets: buckets.TimeBuckets,
}, },
requestTags, requestTags,
em,
mm,
), ),
headerTime: prometheus.NewHistogramVec(
headerTime: histogramMetric(
prometheus.HistogramOpts{ prometheus.HistogramOpts{
Name: "header_duration_seconds", Name: "header_duration_seconds",
Help: "The time spent on receiving first header from the upstream server", Help: "The time spent on receiving first header from the upstream server",
@ -157,8 +173,10 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat
Buckets: buckets.TimeBuckets, Buckets: buckets.TimeBuckets,
}, },
requestTags, requestTags,
em,
mm,
), ),
responseTime: prometheus.NewHistogramVec( responseTime: histogramMetric(
prometheus.HistogramOpts{ prometheus.HistogramOpts{
Name: "response_duration_seconds", Name: "response_duration_seconds",
Help: "The time spent on receiving the response from the upstream server", Help: "The time spent on receiving the response from the upstream server",
@ -167,8 +185,11 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat
Buckets: buckets.TimeBuckets, Buckets: buckets.TimeBuckets,
}, },
requestTags, requestTags,
em,
mm,
), ),
requestTime: prometheus.NewHistogramVec(
requestTime: histogramMetric(
prometheus.HistogramOpts{ prometheus.HistogramOpts{
Name: "request_duration_seconds", Name: "request_duration_seconds",
Help: "The request processing time in milliseconds", Help: "The request processing time in milliseconds",
@ -177,9 +198,11 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat
Buckets: buckets.TimeBuckets, Buckets: buckets.TimeBuckets,
}, },
requestTags, requestTags,
em,
mm,
), ),
responseLength: prometheus.NewHistogramVec( responseLength: histogramMetric(
prometheus.HistogramOpts{ prometheus.HistogramOpts{
Name: "response_size", Name: "response_size",
Help: "The response length (including request line, header, and request body)", Help: "The response length (including request line, header, and request body)",
@ -188,19 +211,24 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat
Buckets: buckets.LengthBuckets, Buckets: buckets.LengthBuckets,
}, },
requestTags, requestTags,
em,
mm,
), ),
requestLength: prometheus.NewHistogramVec(
requestLength: histogramMetric(
prometheus.HistogramOpts{ prometheus.HistogramOpts{
Name: "request_size", Name: "request_size",
Help: "The request length (including request line, header, and request body)", Help: "The request length (including request line, header, and request body)",
Namespace: PrometheusNamespace, Namespace: PrometheusNamespace,
Buckets: buckets.LengthBuckets,
ConstLabels: constLabels, ConstLabels: constLabels,
Buckets: buckets.LengthBuckets,
}, },
requestTags, requestTags,
em,
mm,
), ),
requests: prometheus.NewCounterVec( requests: counterMetric(
prometheus.CounterOpts{ prometheus.CounterOpts{
Name: "requests", Name: "requests",
Help: "The total number of client requests", Help: "The total number of client requests",
@ -208,9 +236,11 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat
ConstLabels: constLabels, ConstLabels: constLabels,
}, },
requestTags, requestTags,
em,
mm,
), ),
bytesSent: prometheus.NewHistogramVec( bytesSent: histogramMetric(
prometheus.HistogramOpts{ prometheus.HistogramOpts{
Name: "bytes_sent", Name: "bytes_sent",
Help: "DEPRECATED The number of bytes sent to a client", Help: "DEPRECATED The number of bytes sent to a client",
@ -219,9 +249,11 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat
ConstLabels: constLabels, ConstLabels: constLabels,
}, },
requestTags, requestTags,
em,
mm,
), ),
upstreamLatency: prometheus.NewSummaryVec( upstreamLatency: summaryMetric(
prometheus.SummaryOpts{ prometheus.SummaryOpts{
Name: "ingress_upstream_latency_seconds", Name: "ingress_upstream_latency_seconds",
Help: "DEPRECATED Upstream service latency per Ingress", Help: "DEPRECATED Upstream service latency per Ingress",
@ -230,28 +262,59 @@ func NewSocketCollector(pod, namespace, class string, metricsPerHost, reportStat
Objectives: defObjectives, Objectives: defObjectives,
}, },
[]string{"ingress", "namespace", "service", "canary"}, []string{"ingress", "namespace", "service", "canary"},
em,
mm,
), ),
} }
sc.metricMapping = map[string]interface{}{ sc.metricMapping = mm
prometheus.BuildFQName(PrometheusNamespace, "", "requests"): sc.requests,
prometheus.BuildFQName(PrometheusNamespace, "", "connect_duration_seconds"): sc.connectTime,
prometheus.BuildFQName(PrometheusNamespace, "", "header_duration_seconds"): sc.headerTime,
prometheus.BuildFQName(PrometheusNamespace, "", "response_duration_seconds"): sc.responseTime,
prometheus.BuildFQName(PrometheusNamespace, "", "request_duration_seconds"): sc.requestTime,
prometheus.BuildFQName(PrometheusNamespace, "", "request_size"): sc.requestLength,
prometheus.BuildFQName(PrometheusNamespace, "", "response_size"): sc.responseLength,
prometheus.BuildFQName(PrometheusNamespace, "", "bytes_sent"): sc.bytesSent,
prometheus.BuildFQName(PrometheusNamespace, "", "ingress_upstream_latency_seconds"): sc.upstreamLatency,
}
return sc, nil return sc, nil
} }
func containsMetric(excludeMetrics map[string]struct{}, name string) bool {
if _, ok := excludeMetrics[name]; ok {
klog.V(3).InfoS("Skipping metric", "metric", name)
return true
}
return false
}
func summaryMetric(opts prometheus.SummaryOpts, requestTags []string, excludeMetrics map[string]struct{}, metricMapping metricMapping) *prometheus.SummaryVec {
if containsMetric(excludeMetrics, opts.Name) {
return nil
}
m := prometheus.NewSummaryVec(
opts,
requestTags,
)
metricMapping[prometheus.BuildFQName(PrometheusNamespace, "", opts.Name)] = m
return m
}
func counterMetric(opts prometheus.CounterOpts, requestTags []string, excludeMetrics map[string]struct{}, metricMapping metricMapping) *prometheus.CounterVec {
if containsMetric(excludeMetrics, opts.Name) {
return nil
}
m := prometheus.NewCounterVec(
opts,
requestTags,
)
metricMapping[prometheus.BuildFQName(PrometheusNamespace, "", opts.Name)] = m
return m
}
func histogramMetric(opts prometheus.HistogramOpts, requestTags []string, excludeMetrics map[string]struct{}, metricMapping metricMapping) *prometheus.HistogramVec {
if containsMetric(excludeMetrics, opts.Name) {
return nil
}
m := prometheus.NewHistogramVec(
opts,
requestTags,
)
metricMapping[prometheus.BuildFQName(PrometheusNamespace, "", opts.Name)] = m
return m
}
func (sc *SocketCollector) handleMessage(msg []byte) { func (sc *SocketCollector) handleMessage(msg []byte) {
klog.V(5).InfoS("Metric", "message", string(msg)) klog.V(5).InfoS("Metric", "message", string(msg))
@ -305,21 +368,26 @@ func (sc *SocketCollector) handleMessage(msg []byte) {
"canary": stats.Canary, "canary": stats.Canary,
} }
if sc.requests != nil {
requestsMetric, err := sc.requests.GetMetricWith(collectorLabels) requestsMetric, err := sc.requests.GetMetricWith(collectorLabels)
if err != nil { if err != nil {
klog.ErrorS(err, "Error fetching requests metric") klog.ErrorS(err, "Error fetching requests metric")
} else { } else {
requestsMetric.Inc() requestsMetric.Inc()
} }
}
if stats.Latency != -1 { if stats.Latency != -1 {
if sc.connectTime != nil {
connectTimeMetric, err := sc.connectTime.GetMetricWith(requestLabels) connectTimeMetric, err := sc.connectTime.GetMetricWith(requestLabels)
if err != nil { if err != nil {
klog.ErrorS(err, "Error fetching connect time metric") klog.ErrorS(err, "Error fetching connect time metric")
} else { } else {
connectTimeMetric.Observe(stats.Latency) connectTimeMetric.Observe(stats.Latency)
} }
}
if sc.upstreamLatency != nil {
latencyMetric, err := sc.upstreamLatency.GetMetricWith(latencyLabels) latencyMetric, err := sc.upstreamLatency.GetMetricWith(latencyLabels)
if err != nil { if err != nil {
klog.ErrorS(err, "Error fetching latency metric") klog.ErrorS(err, "Error fetching latency metric")
@ -327,8 +395,9 @@ func (sc *SocketCollector) handleMessage(msg []byte) {
latencyMetric.Observe(stats.Latency) latencyMetric.Observe(stats.Latency)
} }
} }
}
if stats.HeaderTime != -1 { if stats.HeaderTime != -1 && sc.headerTime != nil {
headerTimeMetric, err := sc.headerTime.GetMetricWith(requestLabels) headerTimeMetric, err := sc.headerTime.GetMetricWith(requestLabels)
if err != nil { if err != nil {
klog.ErrorS(err, "Error fetching header time metric") klog.ErrorS(err, "Error fetching header time metric")
@ -337,7 +406,7 @@ func (sc *SocketCollector) handleMessage(msg []byte) {
} }
} }
if stats.RequestTime != -1 { if stats.RequestTime != -1 && sc.requestTime != nil {
requestTimeMetric, err := sc.requestTime.GetMetricWith(requestLabels) requestTimeMetric, err := sc.requestTime.GetMetricWith(requestLabels)
if err != nil { if err != nil {
klog.ErrorS(err, "Error fetching request duration metric") klog.ErrorS(err, "Error fetching request duration metric")
@ -346,7 +415,7 @@ func (sc *SocketCollector) handleMessage(msg []byte) {
} }
} }
if stats.RequestLength != -1 { if stats.RequestLength != -1 && sc.requestLength != nil {
requestLengthMetric, err := sc.requestLength.GetMetricWith(requestLabels) requestLengthMetric, err := sc.requestLength.GetMetricWith(requestLabels)
if err != nil { if err != nil {
klog.ErrorS(err, "Error fetching request length metric") klog.ErrorS(err, "Error fetching request length metric")
@ -355,7 +424,7 @@ func (sc *SocketCollector) handleMessage(msg []byte) {
} }
} }
if stats.ResponseTime != -1 { if stats.ResponseTime != -1 && sc.responseTime != nil {
responseTimeMetric, err := sc.responseTime.GetMetricWith(requestLabels) responseTimeMetric, err := sc.responseTime.GetMetricWith(requestLabels)
if err != nil { if err != nil {
klog.ErrorS(err, "Error fetching upstream response time metric") klog.ErrorS(err, "Error fetching upstream response time metric")
@ -365,13 +434,16 @@ func (sc *SocketCollector) handleMessage(msg []byte) {
} }
if stats.ResponseLength != -1 { if stats.ResponseLength != -1 {
if sc.bytesSent != nil {
bytesSentMetric, err := sc.bytesSent.GetMetricWith(requestLabels) bytesSentMetric, err := sc.bytesSent.GetMetricWith(requestLabels)
if err != nil { if err != nil {
klog.ErrorS(err, "Error fetching bytes sent metric") klog.ErrorS(err, "Error fetching bytes sent metric")
} else { } else {
bytesSentMetric.Observe(stats.ResponseLength) bytesSentMetric.Observe(stats.ResponseLength)
} }
}
if sc.responseLength != nil {
responseSizeMetric, err := sc.responseLength.GetMetricWith(requestLabels) responseSizeMetric, err := sc.responseLength.GetMetricWith(requestLabels)
if err != nil { if err != nil {
klog.ErrorS(err, "Error fetching bytes sent metric") klog.ErrorS(err, "Error fetching bytes sent metric")
@ -380,6 +452,7 @@ func (sc *SocketCollector) handleMessage(msg []byte) {
} }
} }
} }
}
} }
// Start listen for connections in the unix socket and spawns a goroutine to process the content // Start listen for connections in the unix socket and spawns a goroutine to process the content
@ -471,36 +544,16 @@ func (sc *SocketCollector) RemoveMetrics(ingresses []string, registry prometheus
// Describe implements prometheus.Collector // Describe implements prometheus.Collector
func (sc SocketCollector) Describe(ch chan<- *prometheus.Desc) { func (sc SocketCollector) Describe(ch chan<- *prometheus.Desc) {
sc.connectTime.Describe(ch) for _, metric := range sc.metricMapping {
sc.headerTime.Describe(ch) metric.Describe(ch)
sc.responseTime.Describe(ch) }
sc.requestTime.Describe(ch)
sc.requestLength.Describe(ch)
sc.responseLength.Describe(ch)
sc.requests.Describe(ch)
sc.upstreamLatency.Describe(ch)
sc.bytesSent.Describe(ch)
} }
// Collect implements the prometheus.Collector interface. // Collect implements the prometheus.Collector interface.
func (sc SocketCollector) Collect(ch chan<- prometheus.Metric) { func (sc SocketCollector) Collect(ch chan<- prometheus.Metric) {
sc.connectTime.Collect(ch) for _, metric := range sc.metricMapping {
sc.headerTime.Collect(ch) metric.Collect(ch)
sc.responseTime.Collect(ch) }
sc.requestTime.Collect(ch)
sc.requestLength.Collect(ch)
sc.responseLength.Collect(ch)
sc.requests.Collect(ch)
sc.upstreamLatency.Collect(ch)
sc.bytesSent.Collect(ch)
} }
// SetHosts sets the hostnames that are being served by the ingress controller // SetHosts sets the hostnames that are being served by the ingress controller

116
internal/ingress/metric/collectors/socket_test.go
View file

@ -84,6 +84,7 @@ func TestCollector(t *testing.T) {
data []string data []string
metrics []string metrics []string
useStatusClasses bool useStatusClasses bool
excludeMetrics []string
wantBefore string wantBefore string
removeIngresses []string removeIngresses []string
wantAfter string wantAfter string
@ -470,13 +471,126 @@ func TestCollector(t *testing.T) {
wantAfter: ` wantAfter: `
`, `,
}, },
{
name: "basic exclude metrics test",
data: []string{`[{
"host":"testshop.com",
"status":"200",
"bytesSent":150.0,
"method":"GET",
"path":"/admin",
"requestLength":300.0,
"requestTime":60.0,
"upstreamLatency":1.0,
"upstreamHeaderTime":5.0,
"upstreamName":"test-upstream",
"upstreamIP":"1.1.1.1:8080",
"upstreamResponseTime":200,
"upstreamStatus":"220",
"namespace":"test-app-production",
"ingress":"web-yml",
"service":"test-app",
"canary":""
}]`},
excludeMetrics: []string{"nginx_ingress_controller_connect_duration_seconds"},
metrics: []string{"nginx_ingress_controller_connect_duration_seconds", "nginx_ingress_controller_response_duration_seconds"},
useStatusClasses: true,
wantBefore: `
# HELP nginx_ingress_controller_response_duration_seconds The time spent on receiving the response from the upstream server
# TYPE nginx_ingress_controller_response_duration_seconds histogram
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.005"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.01"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.025"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.05"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.1"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.25"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.5"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="1"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="2.5"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="5"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="10"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="+Inf"} 1
nginx_ingress_controller_response_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx"} 200
nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx"} 1
`,
},
{
name: "remove metrics with the short metric name",
data: []string{`[{
"host":"testshop.com",
"status":"200",
"bytesSent":150.0,
"method":"GET",
"path":"/admin",
"requestLength":300.0,
"requestTime":60.0,
"upstreamLatency":1.0,
"upstreamHeaderTime":5.0,
"upstreamName":"test-upstream",
"upstreamIP":"1.1.1.1:8080",
"upstreamResponseTime":200,
"upstreamStatus":"220",
"namespace":"test-app-production",
"ingress":"web-yml",
"service":"test-app",
"canary":""
}]`},
excludeMetrics: []string{"response_duration_seconds"},
metrics: []string{"nginx_ingress_controller_response_duration_seconds"},
useStatusClasses: true,
wantBefore: `
`,
},
{
name: "exclude metrics make sure to only remove exactly matched metrics",
data: []string{`[{
"host":"testshop.com",
"status":"200",
"bytesSent":150.0,
"method":"GET",
"path":"/admin",
"requestLength":300.0,
"requestTime":60.0,
"upstreamLatency":1.0,
"upstreamHeaderTime":5.0,
"upstreamName":"test-upstream",
"upstreamIP":"1.1.1.1:8080",
"upstreamResponseTime":200,
"upstreamStatus":"220",
"namespace":"test-app-production",
"ingress":"web-yml",
"service":"test-app",
"canary":""
}]`},
excludeMetrics: []string{"response_duration_seconds2", "test.*", "nginx_ingress_.*", "response_duration_secon"},
metrics: []string{"nginx_ingress_controller_response_duration_seconds"},
useStatusClasses: true,
wantBefore: `
# HELP nginx_ingress_controller_response_duration_seconds The time spent on receiving the response from the upstream server
# TYPE nginx_ingress_controller_response_duration_seconds histogram
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.005"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.01"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.025"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.05"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.1"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.25"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="0.5"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="1"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="2.5"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="5"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="10"} 0
nginx_ingress_controller_response_duration_seconds_bucket{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx",le="+Inf"} 1
nginx_ingress_controller_response_duration_seconds_sum{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx"} 200
nginx_ingress_controller_response_duration_seconds_count{canary="",controller_class="ingress",controller_namespace="default",controller_pod="pod",host="testshop.com",ingress="web-yml",method="GET",namespace="test-app-production",path="/admin",service="test-app",status="2xx"} 1
`,
},
} }
for _, c := range cases { for _, c := range cases {
t.Run(c.name, func(t *testing.T) { t.Run(c.name, func(t *testing.T) {
registry := prometheus.NewPedanticRegistry() registry := prometheus.NewPedanticRegistry()
sc, err := NewSocketCollector("pod", "default", "ingress", true, c.useStatusClasses, buckets) sc, err := NewSocketCollector("pod", "default", "ingress", true, c.useStatusClasses, buckets, c.excludeMetrics)
if err != nil { if err != nil {
t.Errorf("%v: unexpected error creating new SocketCollector: %v", c.name, err) t.Errorf("%v: unexpected error creating new SocketCollector: %v", c.name, err)
} }

4
internal/ingress/metric/main.go
View file

@ -71,7 +71,7 @@ type collector struct {
} }
// NewCollector creates a new metric collector the for ingress controller // NewCollector creates a new metric collector the for ingress controller
func NewCollector(metricsPerHost, reportStatusClasses bool, registry *prometheus.Registry, ingressclass string, buckets collectors.HistogramBuckets) (Collector, error) { func NewCollector(metricsPerHost, reportStatusClasses bool, registry *prometheus.Registry, ingressclass string, buckets collectors.HistogramBuckets, excludedSocketMetrics []string) (Collector, error) {
podNamespace := os.Getenv("POD_NAMESPACE") podNamespace := os.Getenv("POD_NAMESPACE")
if podNamespace == "" { if podNamespace == "" {
podNamespace = "default" podNamespace = "default"
@ -89,7 +89,7 @@ func NewCollector(metricsPerHost, reportStatusClasses bool, registry *prometheus
return nil, err return nil, err
} }
s, err := collectors.NewSocketCollector(podName, podNamespace, ingressclass, metricsPerHost, reportStatusClasses, buckets) s, err := collectors.NewSocketCollector(podName, podNamespace, ingressclass, metricsPerHost, reportStatusClasses, buckets, excludedSocketMetrics)
if err != nil { if err != nil {
return nil, err return nil, err
} }

2
magefiles/release.go
View file

@ -50,7 +50,7 @@ var INGRESS_REGISTRY = "registry.k8s.io" //Co
var KUSTOMIZE_INSTALL_VERSION = "sigs.k8s.io/kustomize/kustomize/v4@v4.5.4" //static deploys needs kustomize to generate the template var KUSTOMIZE_INSTALL_VERSION = "sigs.k8s.io/kustomize/kustomize/v4@v4.5.4" //static deploys needs kustomize to generate the template
// ingress-nginx releases start with a TAG then a cloudbuild, then a promotion through a PR, this the location of that PR // ingress-nginx releases start with a TAG then a cloudbuild, then a promotion through a PR, this the location of that PR
var IMAGES_YAML = "https://raw.githubusercontent.com/kubernetes/k8s.io/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml" var IMAGES_YAML = "https://raw.githubusercontent.com/kubernetes/k8s.io/main/registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml"
var ctx = context.Background() // Context used for GitHub Client var ctx = context.Background() // Context used for GitHub Client
const INDEX_DOCS = "docs/deploy/index.md" //index.md has a version of the controller and needs to updated const INDEX_DOCS = "docs/deploy/index.md" //index.md has a version of the controller and needs to updated

1
mkdocs.yml
View file

@ -101,6 +101,7 @@ nav:
- Third party addons: - Third party addons:
- ModSecurity Web Application Firewall: "user-guide/third-party-addons/modsecurity.md" - ModSecurity Web Application Firewall: "user-guide/third-party-addons/modsecurity.md"
- OpenTracing: "user-guide/third-party-addons/opentracing.md" - OpenTracing: "user-guide/third-party-addons/opentracing.md"
- OpenTelemetry: "user-guide/third-party-addons/opentelemetry.md"
- Examples: - Examples:
- Introduction: "examples/index.md" - Introduction: "examples/index.md"
- Prerequisites: "examples/PREREQUISITES.md" - Prerequisites: "examples/PREREQUISITES.md"

8
pkg/apis/ingress/types.go
View file

@ -29,12 +29,12 @@ import (
"k8s.io/ingress-nginx/internal/ingress/annotations/cors" "k8s.io/ingress-nginx/internal/ingress/annotations/cors"
"k8s.io/ingress-nginx/internal/ingress/annotations/fastcgi" "k8s.io/ingress-nginx/internal/ingress/annotations/fastcgi"
"k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit"
"k8s.io/ingress-nginx/internal/ingress/annotations/influxdb"
"k8s.io/ingress-nginx/internal/ingress/annotations/ipdenylist" "k8s.io/ingress-nginx/internal/ingress/annotations/ipdenylist"
"k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist" "k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist"
"k8s.io/ingress-nginx/internal/ingress/annotations/log" "k8s.io/ingress-nginx/internal/ingress/annotations/log"
"k8s.io/ingress-nginx/internal/ingress/annotations/mirror" "k8s.io/ingress-nginx/internal/ingress/annotations/mirror"
"k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity"
"k8s.io/ingress-nginx/internal/ingress/annotations/opentelemetry"
"k8s.io/ingress-nginx/internal/ingress/annotations/opentracing" "k8s.io/ingress-nginx/internal/ingress/annotations/opentracing"
"k8s.io/ingress-nginx/internal/ingress/annotations/proxy" "k8s.io/ingress-nginx/internal/ingress/annotations/proxy"
"k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl" "k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl"
@ -337,9 +337,6 @@ type Location struct {
// Logs allows to enable or disable the nginx logs // Logs allows to enable or disable the nginx logs
// By default access logs are enabled and rewrite logs are disabled // By default access logs are enabled and rewrite logs are disabled
Logs log.Config `json:"logs,omitempty"` Logs log.Config `json:"logs,omitempty"`
// InfluxDB allows to monitor the incoming request by sending them to an influxdb database
// +optional
InfluxDB influxdb.Config `json:"influxDB,omitempty"`
// BackendProtocol indicates which protocol should be used to communicate with the service // BackendProtocol indicates which protocol should be used to communicate with the service
// By default this is HTTP // By default this is HTTP
BackendProtocol string `json:"backend-protocol"` BackendProtocol string `json:"backend-protocol"`
@ -360,6 +357,9 @@ type Location struct {
// Opentracing allows the global opentracing setting to be overridden for a location // Opentracing allows the global opentracing setting to be overridden for a location
// +optional // +optional
Opentracing opentracing.Config `json:"opentracing"` Opentracing opentracing.Config `json:"opentracing"`
// Opentelemetry allows the global opentelemetry setting to be overridden for a location
// +optional
Opentelemetry opentelemetry.Config `json:"opentelemetry"`
} }
// SSLPassthroughBackend describes a SSL upstream server configured // SSLPassthroughBackend describes a SSL upstream server configured

8
pkg/apis/ingress/types_equals.go
View file

@ -431,10 +431,6 @@ func (l1 *Location) Equal(l2 *Location) bool {
return false return false
} }
if !(&l1.InfluxDB).Equal(&l2.InfluxDB) {
return false
}
if l1.BackendProtocol != l2.BackendProtocol { if l1.BackendProtocol != l2.BackendProtocol {
return false return false
} }
@ -464,6 +460,10 @@ func (l1 *Location) Equal(l2 *Location) bool {
return false return false
} }
if !l1.Opentelemetry.Equal(&l2.Opentelemetry) {
return false
}
if !l1.Mirror.Equal(&l2.Mirror) { if !l1.Mirror.Equal(&l2.Mirror) {
return false return false
} }

2
pkg/flags/flags.go
View file

@ -174,6 +174,7 @@ Requires the update-status parameter.`)
timeBuckets = flags.Float64Slice("time-buckets", prometheus.DefBuckets, "Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime.") timeBuckets = flags.Float64Slice("time-buckets", prometheus.DefBuckets, "Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime.")
lengthBuckets = flags.Float64Slice("length-buckets", prometheus.LinearBuckets(10, 10, 10), "Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength.") lengthBuckets = flags.Float64Slice("length-buckets", prometheus.LinearBuckets(10, 10, 10), "Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength.")
sizeBuckets = flags.Float64Slice("size-buckets", prometheus.ExponentialBuckets(10, 10, 7), "Set of buckets which will be used for prometheus histogram metrics such as BytesSent.") sizeBuckets = flags.Float64Slice("size-buckets", prometheus.ExponentialBuckets(10, 10, 7), "Set of buckets which will be used for prometheus histogram metrics such as BytesSent.")
excludeSocketMetrics = flags.StringSlice("exclude-socket-metrics", []string{}, "et of socket request metrics to exclude which won't be exported nor being calculated. E.g. 'nginx_ingress_controller_success,nginx_ingress_controller_header_duration_seconds'.")
monitorMaxBatchSize = flags.Int("monitor-max-batch-size", 10000, "Max batch size of NGINX metrics.") monitorMaxBatchSize = flags.Int("monitor-max-batch-size", 10000, "Max batch size of NGINX metrics.")
httpPort = flags.Int("http-port", 80, `Port to use for servicing HTTP traffic.`) httpPort = flags.Int("http-port", 80, `Port to use for servicing HTTP traffic.`)
@ -328,6 +329,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g
MetricsPerHost: *metricsPerHost, MetricsPerHost: *metricsPerHost,
MetricsBuckets: histogramBuckets, MetricsBuckets: histogramBuckets,
ReportStatusClasses: *reportStatusClasses, ReportStatusClasses: *reportStatusClasses,
ExcludeSocketMetrics: *excludeSocketMetrics,
MonitorMaxBatchSize: *monitorMaxBatchSize, MonitorMaxBatchSize: *monitorMaxBatchSize,
DisableServiceExternalName: *disableServiceExternalName, DisableServiceExternalName: *disableServiceExternalName,
EnableSSLPassthrough: *enableSSLPassthrough, EnableSSLPassthrough: *enableSSLPassthrough,

32
rootfs/etc/nginx/template/nginx.tmpl Executable file → Normal file
View file

@ -21,10 +21,6 @@ load_module /etc/nginx/modules/ngx_http_brotli_filter_module.so;
load_module /etc/nginx/modules/ngx_http_brotli_static_module.so; load_module /etc/nginx/modules/ngx_http_brotli_static_module.so;
{{ end }} {{ end }}
{{ if (shouldLoadInfluxDBModule $servers) }}
load_module /etc/nginx/modules/ngx_http_influxdb_module.so;
{{ end }}
{{ if (shouldLoadAuthDigestModule $servers) }} {{ if (shouldLoadAuthDigestModule $servers) }}
load_module /etc/nginx/modules/ngx_http_auth_digest_module.so; load_module /etc/nginx/modules/ngx_http_auth_digest_module.so;
{{ end }} {{ end }}
@ -37,6 +33,10 @@ load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
load_module /etc/nginx/modules/ngx_http_opentracing_module.so; load_module /etc/nginx/modules/ngx_http_opentracing_module.so;
{{ end }} {{ end }}
{{ if (shouldLoadOpentelemetryModule $cfg $servers) }}
load_module /modules_mount/etc/nginx/modules/otel/otel_ngx_module.so;
{{ end }}
daemon off; daemon off;
worker_processes {{ $cfg.WorkerProcesses }}; worker_processes {{ $cfg.WorkerProcesses }};
@ -64,6 +64,10 @@ events {
} }
http { http {
{{ if (shouldLoadOpentelemetryModule $cfg $servers) }}
opentelemetry_config {{ $cfg.OpentelemetryConfig }};
{{ end }}
lua_package_path "/etc/nginx/lua/?.lua;;"; lua_package_path "/etc/nginx/lua/?.lua;;";
{{ buildLuaSharedDictionaries $cfg $servers }} {{ buildLuaSharedDictionaries $cfg $servers }}
@ -322,6 +326,7 @@ http {
limit_conn_status {{ $cfg.LimitConnStatusCode }}; limit_conn_status {{ $cfg.LimitConnStatusCode }};
{{ buildOpentracing $cfg $servers }} {{ buildOpentracing $cfg $servers }}
{{ buildOpentelemetry $cfg $servers }}
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type {{ $cfg.DefaultType }}; default_type {{ $cfg.DefaultType }};
@ -695,6 +700,9 @@ http {
opentracing off; opentracing off;
{{ end }} {{ end }}
{{ if $cfg.EnableOpentelemetry }}
opentelemetry off;
{{ end }}
location {{ $healthzURI }} { location {{ $healthzURI }} {
return 200; return 200;
} }
@ -1063,6 +1071,11 @@ stream {
opentracing_propagate_context; opentracing_propagate_context;
{{ end }} {{ end }}
{{ if (or $all.Cfg.EnableOpentelemetry $location.Opentelemetry.Enabled) }}
opentelemetry on;
opentelemetry_propagate;
{{ end }}
access_log off; access_log off;
# Ensure that modsecurity will not run on an internal location as this is not accessible from outside # Ensure that modsecurity will not run on an internal location as this is not accessible from outside
@ -1204,6 +1217,7 @@ stream {
set $global_rate_limit_exceeding n; set $global_rate_limit_exceeding n;
{{ buildOpentracingForLocation $all.Cfg.EnableOpentracing $all.Cfg.OpentracingTrustIncomingSpan $location }} {{ buildOpentracingForLocation $all.Cfg.EnableOpentracing $all.Cfg.OpentracingTrustIncomingSpan $location }}
{{ buildOpentelemetryForLocation $all.Cfg.EnableOpentelemetry $all.Cfg.OpentelemetryTrustIncomingSpan $location }}
{{ if $location.Mirror.Source }} {{ if $location.Mirror.Source }}
mirror {{ $location.Mirror.Source }}; mirror {{ $location.Mirror.Source }};
@ -1348,8 +1362,6 @@ stream {
{{ range $limit := $limits }} {{ range $limit := $limits }}
{{ $limit }}{{ end }} {{ $limit }}{{ end }}
{{ buildInfluxDB $location.InfluxDB }}
{{ if isValidByteSize $location.Proxy.BodySize true }} {{ if isValidByteSize $location.Proxy.BodySize true }}
client_max_body_size {{ $location.Proxy.BodySize }}; client_max_body_size {{ $location.Proxy.BodySize }};
{{ end }} {{ end }}
@ -1520,6 +1532,10 @@ stream {
opentracing off; opentracing off;
{{ end }} {{ end }}
{{ if $all.Cfg.EnableOpentelemetry }}
opentelemetry off;
{{ end }}
access_log off; access_log off;
return 200; return 200;
} }
@ -1531,6 +1547,10 @@ stream {
opentracing off; opentracing off;
{{ end }} {{ end }}
{{ if $all.Cfg.EnableOpentelemetry }}
opentelemetry off;
{{ end }}
{{ range $v := $all.NginxStatusIpv4Whitelist }} {{ range $v := $all.NginxStatusIpv4Whitelist }}
allow {{ $v }}; allow {{ $v }};
{{ end }} {{ end }}

3
test/e2e-image/Dockerfile
View file

@ -3,7 +3,8 @@ FROM ${E2E_BASE_IMAGE} AS BASE
FROM alpine:3.17.2 FROM alpine:3.17.2
RUN apk add -U --no-cache \ RUN apk update \
&& apk upgrade && apk add -U --no-cache \
ca-certificates \ ca-certificates \
bash \ bash \
curl \ curl \

2
test/e2e-image/Makefile
View file

@ -1,6 +1,6 @@
DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20230314-helm-chart-4.5.2-32-g520384b11@sha256:754c62f9a5efd1ee515ee908ecc16c0c4d1dda96a8cc8019667182a55f3a9035" E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20230314-helm-chart-4.5.2-32-g520384b11@sha256:754c62f9a5efd1ee515ee908ecc16c0c4d1dda96a8cc8019667182a55f3a9035"
image: image:
echo "..entered Makefile in /test/e2e-image" echo "..entered Makefile in /test/e2e-image"

186
test/e2e/annotations/influxdb.go
View file

@ -1,186 +0,0 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package annotations
import (
"bytes"
"context"
"fmt"
"net/http"
"os/exec"
"strings"
"time"
jsoniter "github.com/json-iterator/go"
"github.com/onsi/ginkgo/v2"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/ingress-nginx/test/e2e/framework"
)
var _ = framework.DescribeAnnotation("influxdb-*", func() {
f := framework.NewDefaultFramework("influxdb")
ginkgo.BeforeEach(func() {
f.NewInfluxDBDeployment()
f.NewEchoDeployment()
})
ginkgo.Context("when influxdb is enabled", func() {
ginkgo.It("should send the request metric to the influxdb server", func() {
ifs := createInfluxDBService(f)
// Ingress configured with InfluxDB annotations
host := "influxdb.e2e.local"
createInfluxDBIngress(
f,
host,
framework.EchoService,
80,
map[string]string{
"nginx.ingress.kubernetes.io/enable-influxdb": "true",
"nginx.ingress.kubernetes.io/influxdb-host": ifs.Spec.ClusterIP,
"nginx.ingress.kubernetes.io/influxdb-port": "8089",
"nginx.ingress.kubernetes.io/influxdb-measurement": "requests",
"nginx.ingress.kubernetes.io/influxdb-servername": "e2e-nginx-srv",
},
)
// Do a request to the echo server ingress that sends metrics
// to the InfluxDB backend.
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
framework.Sleep(10 * time.Second)
var measurements string
var err error
err = wait.Poll(time.Second, time.Minute, func() (bool, error) {
measurements, err = extractInfluxDBMeasurements(f)
if err != nil {
return false, nil
}
return true, nil
})
assert.Nil(ginkgo.GinkgoT(), err)
var results map[string][]map[string]interface{}
_ = jsoniter.ConfigCompatibleWithStandardLibrary.Unmarshal([]byte(measurements), &results)
assert.NotEqual(ginkgo.GinkgoT(), len(measurements), 0)
for _, elem := range results["results"] {
assert.NotEqual(ginkgo.GinkgoT(), len(elem), 0)
}
})
})
})
func createInfluxDBService(f *framework.Framework) *corev1.Service {
service := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
Name: "influxdb",
Namespace: f.Namespace,
},
Spec: corev1.ServiceSpec{Ports: []corev1.ServicePort{
{
Name: "udp",
Port: 8089,
TargetPort: intstr.FromInt(8089),
Protocol: "UDP",
},
},
Selector: map[string]string{
"app": "influxdb",
},
},
}
return f.EnsureService(service)
}
func createInfluxDBIngress(f *framework.Framework, host, service string, port int, annotations map[string]string) {
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, service, port, annotations)
f.EnsureIngress(ing)
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, fmt.Sprintf("server_name %v", host))
})
}
func extractInfluxDBMeasurements(f *framework.Framework) (string, error) {
l, err := f.KubeClientSet.CoreV1().Pods(f.Namespace).List(context.TODO(), metav1.ListOptions{
LabelSelector: "app=influxdb",
})
if err != nil {
return "", err
}
if len(l.Items) == 0 {
return "", err
}
cmd := "influx -database 'nginx' -execute 'select * from requests' -format 'json' -pretty"
var pod *corev1.Pod
for _, p := range l.Items {
pod = &p
break
}
if pod == nil {
return "", fmt.Errorf("no influxdb pods found")
}
o, err := execInfluxDBCommand(pod, cmd)
if err != nil {
return "", err
}
return o, nil
}
func execInfluxDBCommand(pod *corev1.Pod, command string) (string, error) {
var (
execOut bytes.Buffer
execErr bytes.Buffer
)
cmd := exec.Command("/bin/bash", "-c", fmt.Sprintf("%v exec --namespace %s %s -- %s", framework.KubectlPath, pod.Namespace, pod.Name, command))
cmd.Stdout = &execOut
cmd.Stderr = &execErr
err := cmd.Run()
if execErr.Len() > 0 {
return "", fmt.Errorf("stderr: %v", execErr.String())
}
if err != nil {
return "", fmt.Errorf("could not execute '%s %s': %v", cmd.Path, cmd.Args, err)
}
return execOut.String(), nil
}

1
test/e2e/e2e.go
View file

@ -40,6 +40,7 @@ import (
_ "k8s.io/ingress-nginx/test/e2e/leaks" _ "k8s.io/ingress-nginx/test/e2e/leaks"
_ "k8s.io/ingress-nginx/test/e2e/loadbalance" _ "k8s.io/ingress-nginx/test/e2e/loadbalance"
_ "k8s.io/ingress-nginx/test/e2e/lua" _ "k8s.io/ingress-nginx/test/e2e/lua"
_ "k8s.io/ingress-nginx/test/e2e/metrics"
_ "k8s.io/ingress-nginx/test/e2e/nginx" _ "k8s.io/ingress-nginx/test/e2e/nginx"
_ "k8s.io/ingress-nginx/test/e2e/security" _ "k8s.io/ingress-nginx/test/e2e/security"
_ "k8s.io/ingress-nginx/test/e2e/servicebackend" _ "k8s.io/ingress-nginx/test/e2e/servicebackend"

7
test/e2e/framework/exec.go
View file

@ -21,6 +21,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
"os"
"os/exec" "os/exec"
"regexp" "regexp"
"strconv" "strconv"
@ -111,7 +112,11 @@ func (f *Framework) NamespaceContent() (string, error) {
// newIngressController deploys a new NGINX Ingress controller in a namespace // newIngressController deploys a new NGINX Ingress controller in a namespace
func (f *Framework) newIngressController(namespace string, namespaceOverlay string) error { func (f *Framework) newIngressController(namespace string, namespaceOverlay string) error {
// Creates an nginx deployment // Creates an nginx deployment
cmd := exec.Command("./wait-for-nginx.sh", namespace, namespaceOverlay) isChroot, ok := os.LookupEnv("IS_CHROOT")
if !ok {
isChroot = "false"
}
cmd := exec.Command("./wait-for-nginx.sh", namespace, namespaceOverlay, isChroot)
out, err := cmd.CombinedOutput() out, err := cmd.CombinedOutput()
if err != nil { if err != nil {
return fmt.Errorf("unexpected error waiting for ingress controller deployment: %v.\nLogs:\n%v", err, string(out)) return fmt.Errorf("unexpected error waiting for ingress controller deployment: %v.\nLogs:\n%v", err, string(out))

141
test/e2e/framework/influxdb.go
View file

@ -1,141 +0,0 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package framework
import (
"github.com/onsi/ginkgo/v2"
"github.com/stretchr/testify/assert"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields"
)
const influxConfig = `
reporting-disabled = true
bind-address = "0.0.0.0:8088"
[meta]
dir = "/var/lib/influxdb/meta"
retention-autocreate = true
logging-enabled = true
[data]
dir = "/var/lib/influxdb/data"
index-version = "inmem"
wal-dir = "/var/lib/influxdb/wal"
wal-fsync-delay = "0s"
query-log-enabled = true
cache-max-memory-size = 1073741824
cache-snapshot-memory-size = 26214400
cache-snapshot-write-cold-duration = "10m0s"
compact-full-write-cold-duration = "4h0m0s"
max-series-per-database = 1000000
max-values-per-tag = 100000
max-concurrent-compactions = 0
trace-logging-enabled = false
[[udp]]
enabled = true
bind-address = ":8089"
database = "nginx"
`
// NewInfluxDBDeployment creates an InfluxDB server configured to reply
// on 8086/tcp and 8089/udp
func (f *Framework) NewInfluxDBDeployment() {
configuration := &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Name: "influxdb-config",
Namespace: f.Namespace,
},
Data: map[string]string{
"influxd.conf": influxConfig,
},
}
f.EnsureConfigMap(configuration)
deployment := &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Name: "influxdb",
Namespace: f.Namespace,
},
Spec: appsv1.DeploymentSpec{
Replicas: NewInt32(1),
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"app": "influxdb",
},
},
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{
"app": "influxdb",
},
},
Spec: corev1.PodSpec{
TerminationGracePeriodSeconds: NewInt64(0),
Volumes: []corev1.Volume{
{
Name: "influxdb-config",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: "influxdb-config",
},
},
},
},
},
Containers: []corev1.Container{
{
Name: "influxdb",
Image: "docker.io/influxdb:1.5",
Env: []corev1.EnvVar{},
Command: []string{"influxd", "-config", "/influxdb-config/influxd.conf"},
VolumeMounts: []corev1.VolumeMount{
{
Name: "influxdb-config",
ReadOnly: true,
MountPath: "/influxdb-config",
},
},
Ports: []corev1.ContainerPort{
{
Name: "http",
ContainerPort: 8086,
},
{
Name: "udp",
ContainerPort: 8089,
},
},
},
},
},
},
},
}
d := f.EnsureDeployment(deployment)
err := waitForPodsReady(f.KubeClientSet, DefaultTimeout, 1, f.Namespace, metav1.ListOptions{
LabelSelector: fields.SelectorFromSet(fields.Set(d.Spec.Template.ObjectMeta.Labels)).String(),
})
assert.Nil(ginkgo.GinkgoT(), err, "waiting for influxdb pod to become ready")
}

Some files were not shown because too many files have changed in this diff Show more