diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 28a5e5580..5ad21ca95 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -17,3 +17,11 @@ updates: - "area/dependency" - "release-note-none" - "ok-to-test" + - package-ecosystem: "docker" + directory: "/images" + schedule: + interval: "weekly" + labels: + - "area/dependency" + - "release-note-none" + - "ok-to-test" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index edef01915..77232aa88 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -205,7 +205,7 @@ jobs: strategy: matrix: - k8s: [v1.24.12, v1.25.8, v1.26.3] + k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1] steps: - name: Checkout @@ -280,7 +280,7 @@ jobs: strategy: matrix: - k8s: [v1.24.12, v1.25.8, v1.26.3] + k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1] steps: - name: Checkout @@ -329,7 +329,7 @@ jobs: strategy: matrix: - k8s: [v1.24.12, v1.25.8, v1.26.3] + k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1] steps: @@ -395,8 +395,8 @@ jobs: - 'images/echo/**' go-grpc-greeter-server: - 'images/go-grpc-greeter-server/**' - httpbin: - - 'images/httpbin/**' + httpbun: + - 'images/httpbun/**' kube-webhook-certgen: - 'images/kube-webhook-certgen/**' ext-auth-example-authsvc: @@ -422,10 +422,10 @@ jobs: if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }} run: | cd images/go-grpc-greeter-server && make build - - name: httpbin image build + - name: httpbun image build if: ${{ steps.filter-images.outputs.httpbin == 'true' }} run: | - cd images/httpbin && make build + cd images/httpbun && make build - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} run: | @@ -447,7 +447,7 @@ jobs: strategy: matrix: - k8s: [v1.24.12, v1.25.8, v1.26.3] + k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1] steps: - name: Checkout diff --git a/Makefile b/Makefile index 6037ac39d..fc40a39bb 100644 --- a/Makefile +++ b/Makefile @@ -147,7 +147,6 @@ test: ## Run go unit tests. .PHONY: lua-test lua-test: ## Run lua unit tests. @build/run-in-docker.sh \ - BUSTED_ARGS=$(BUSTED_ARGS) \ MAC_OS=$(MAC_OS) \ test/test-lua.sh diff --git a/README.md b/README.md index f3f68366e..86f95cb9b 100644 --- a/README.md +++ b/README.md @@ -34,27 +34,28 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi ### Supported Versions table Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for -the versions listed. Ingress-Nginx versions may work on older versions but the project does not make that guarantee. +the versions listed. Ingress-Nginx versions may work on older versions but the project does not make that guarantee. -| Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | -|-----------------------|------------------------------|----------------|---------------| -| v1.7.0 | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | -| v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | -| v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | -| v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | -| v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | -| v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | -| v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | -| v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | -| v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.1.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.1.0 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.5 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.4 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.3 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | -| v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | +| | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version | +|:-----:|------------------------|------------------------------|----------------|---------------|--------------------| +| 🔄 | **v1.7.1** | 1.27,1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | +| 🔄 | **v1.7.0** | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | +| 🔄 | **v1.6.4** | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* | +| 🔄| **v1.5.1** | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* | +| | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 | +| | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | 4.2.5 | +| | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | 4.2.3 | +| | v1.2.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6 | 1.19.10† | 4.1.4 | +| | v1.1.3 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† | 4.0.19 | +| | v1.1.2 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.18 | +| | v1.1.1 | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.17 | +| | v1.1.0 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.13 | +| | v1.0.5 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.9 | +| | v1.0.4 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.6 | +| | v1.0.3 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.5 | +| | v1.0.2 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.3 | +| | v1.0.1 | 1.22, 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† | 4.0.2 | +| | v1.0.0 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 | 4.0.1 | † _This build is diff --git a/TAG b/TAG index b13f0e3bc..668c7899c 100644 --- a/TAG +++ b/TAG @@ -1,2 +1,2 @@ -v1.7.0 +v1.7.1 diff --git a/changelog/Changelog-1.7.1.md b/changelog/Changelog-1.7.1.md new file mode 100644 index 000000000..9b8422c7e --- /dev/null +++ b/changelog/Changelog-1.7.1.md @@ -0,0 +1,52 @@ +# Changelog + +### 1.7.1 +Images: + + * registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 + * registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988 + +### All Changes: + +* Update TAG - 1.7.1 (#9922) +* Update dependabot to watch docker images (#9600) +* [helm] Support custom port configuration for internal service (#9846) +* Add support for --container flag (#9703) +* Fix typo in OpenTelemetry (#9903) +* ensure make lua-test runs locally (#9902) +* update k8s.io dependecies to v0.26.4 (#9893) +* Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803) +* I have not been able to fulfill my maintainer responsibilities for a while already, making it official now. (#9883) +* Update k8s versions (#9879) +* README: Update `external-dns` link. (#9866) +* Fastcgi configmap should be on the same namespace of ingress (#9863) +* Deprecate and remove influxdb feature (#9861) +* Remove deprecated annotation secure-upstream (#9862) +* Exclude socket metrics (#9770) +* Chart: Improve `README.md`. (#9831) +* update all container tags with date and sha, upgrade all containers (#9834) +* updated NGINX_BASE image in project (#9829) +* ISO 8601 date format (#9682) +* Values: Fix indention of commented values. (#9812) +* The Ingress-Nginx project recently released version 1.7.0 of the controller, but the deployment documentation still referenced version 1.6.4. This commit updates the documentation to reference the latest version, ensuring that users have access to the most up-to-date information. Fixes#9787 (#9788) + +### Dependencies updates: +* Bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 (#9912) +* Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#9868) +* Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#9888) +* Bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 (#9867) +* Bump actions/checkout from 3.5.0 to 3.5.2 (#9870) +* Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#9838) +* Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#9839) +* Bump actions/add-to-project from 0.4.1 to 0.5.0 (#9840) +* Bump actions/checkout from 3.4.0 to 3.5.0 (#9798) +* Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#9823) +* Bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#9806) +* Bump actions/stale from 7.0.0 to 8.0.0 (#9799) +* Bump rajatjindal/krew-release-bot from 0.0.43 to 0.0.46 (#9797) +* Bump actions/setup-go from 3.5.0 to 4.0.0 (#9796) +* Bump github.com/imdario/mergo from 0.3.13 to 0.3.15 (#9795) +* Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#9794) +* Bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#9822) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.0...controller-controller-v1.7.1 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index bad5e2a8c..81ebfc875 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,21 +1,11 @@ annotations: artifacthub.io/changes: | - - "Upgrade alpine 3.17.2" - - "Upgrade golang 1.20" - - "Drop testing/support for Kubernetes 1.23" - - "docs(helm): fix value key in readme for enabling certManager (#9640)" - - "Update Ingress-Nginx version controller-v1.7.0" - - "feat: OpenTelemetry module integration (#9062)" - - "canary-weight-total annotation ignored in rule backends (#9729)" - - "fix controller psp's volume config (#9740)" - - "Fix several Helm YAML issues with extraModules and extraInitContainers (#9709)" - - "Chart: Drop `controller.headers`, rework DH param secret. (#9659)" - - "Deployment/DaemonSet: Label pods using `ingress-nginx.labels`. (#9732)" - - "HPA: autoscaling/v2beta1 deprecated, bump apiVersion to v2 for defaultBackend (#9731)" - - "Fix incorrect annotation name in upstream hashing configuration (#9617)" + - "[helm] Support custom port configuration for internal service (#9846)" + - "Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803)" + - "Update Ingress-Nginx version controller-v1.7.1" artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 1.7.0 +appVersion: 1.7.1 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer engine: gotpl @@ -32,4 +22,4 @@ maintainers: name: ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx -version: 4.6.0 +version: 4.6.1 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 78b0028c6..a48dfa15d 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.6.0](https://img.shields.io/badge/Version-4.6.0-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 4.6.1](https://img.shields.io/badge/Version-4.6.1-informational?style=flat-square) ![AppVersion: 1.7.1](https://img.shields.io/badge/AppVersion-1.7.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -79,14 +79,14 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https: ### Prometheus Metrics -The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. +The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) ### ingress-nginx nginx\_status page/stats server -Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: +Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller: - In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed - In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. @@ -193,7 +193,7 @@ Optionally you can set `controller.service.loadBalancerIP` if you need a static ### Ingress Admission Webhooks -With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. +With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. **This feature is enabled by default since 0.31.0.** With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) @@ -202,7 +202,7 @@ With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fi A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. 1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. -2. The ingress nginx controller pod is configured to use a TLS proxy container, which will load that certificate. +2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate. 3. Validating and Mutating webhook configurations are created in the cluster. 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations @@ -294,14 +294,14 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | | controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-aware-hints="auto" Defaults to false | | controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | -| controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | +| controller.extraArgs | object | `{}` | Additional command line arguments to pass to Ingress-Nginx Controller E.g. to specify the default SSL certificate you can use | | controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | | controller.extraEnvs | list | `[]` | Additional environment variables to set | | controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. | | controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module | | controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. | | controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. | -| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the ingress nginx controller is running in the `hostNetwork: true` mode. | +| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. | | controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. | | controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged | | controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not | @@ -310,13 +310,13 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7"` | | -| controller.image.digestChroot | string | `"sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc"` | | +| controller.image.digest | string | `"sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407"` | | +| controller.image.digestChroot | string | `"sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.7.0"` | | +| controller.image.tag | string | `"v1.7.1"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | @@ -393,7 +393,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.readinessProbe.successThreshold | int | `1` | | | controller.readinessProbe.timeoutSeconds | int | `1` | | | controller.replicaCount | int | `1` | | -| controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply | +| controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply | | controller.resources.requests.cpu | string | `"100m"` | | | controller.resources.requests.memory | string | `"90Mi"` | | | controller.scope.enabled | bool | `false` | Enable 'scope' or not | @@ -409,6 +409,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. | | controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | +| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service | +| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service | | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.labels | object | `{}` | | diff --git a/charts/ingress-nginx/README.md.gotmpl b/charts/ingress-nginx/README.md.gotmpl index b3d35b6e7..4a35a40b3 100644 --- a/charts/ingress-nginx/README.md.gotmpl +++ b/charts/ingress-nginx/README.md.gotmpl @@ -76,14 +76,14 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https: ### Prometheus Metrics -The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. +The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) ### ingress-nginx nginx\_status page/stats server -Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: +Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller: - In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed - In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. @@ -190,7 +190,7 @@ Optionally you can set `controller.service.loadBalancerIP` if you need a static ### Ingress Admission Webhooks -With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. +With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. **This feature is enabled by default since 0.31.0.** With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) @@ -199,7 +199,7 @@ With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fi A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. 1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. -2. The ingress nginx controller pod is configured to use a TLS proxy container, which will load that certificate. +2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate. 3. Validating and Mutating webhook configurations are created in the cluster. 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations diff --git a/charts/ingress-nginx/changelog/Changelog-4.6.1.md b/charts/ingress-nginx/changelog/Changelog-4.6.1.md new file mode 100644 index 000000000..57d99b8db --- /dev/null +++ b/charts/ingress-nginx/changelog/Changelog-4.6.1.md @@ -0,0 +1,11 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.6.1 + +* [helm] Support custom port configuration for internal service (#9846) +* Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803) +* Update Ingress-Nginx version controller-v1.7.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.6.0...helm-chart-4.6.1 diff --git a/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml b/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml index fd8df8de5..663ccb9d1 100644 --- a/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml +++ b/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml @@ -11,3 +11,9 @@ controller: enabled: true annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true" + ports: + http: 443 + https: 80 + targetPorts: + http: 443 + https: 80 diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml index 899d3cc5d..230307cd7 100644 --- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -10,6 +10,9 @@ metadata: {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} namespace: {{ .Release.Namespace }} + {{- if .Values.controller.annotations }} + annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} + {{- end }} spec: selector: matchLabels: diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index aae3e155e..87146b746 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -29,9 +29,9 @@ spec: {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} {{- if .Values.controller.service.enableHttp }} - name: http - port: {{ .Values.controller.service.ports.http }} + port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }} protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.http }} + targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }} {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} appProtocol: http {{- end }} @@ -41,9 +41,9 @@ spec: {{- end }} {{- if .Values.controller.service.enableHttps }} - name: https - port: {{ .Values.controller.service.ports.https }} + port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }} protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.https }} + targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }} {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} appProtocol: https {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 4ce87a309..a33db6e1e 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -23,9 +23,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.7.0" - digest: sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 - digestChroot: sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc + tag: "v1.7.1" + digest: sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 + digestChroot: sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988 pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 @@ -55,7 +55,7 @@ controller: # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. dnsPolicy: ClusterFirst # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network - # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply + # Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply reportNodeInternalIp: false # -- Process Ingress objects without ingressClass annotation/ingressClassName field # Overrides value for --watch-ingress-without-class flag of the controller binary @@ -150,7 +150,7 @@ controller: # -- Maxmind license key to download GeoLite2 Databases. ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases maxmindLicenseKey: "" - # -- Additional command line arguments to pass to nginx-ingress-controller + # -- Additional command line arguments to pass to Ingress-Nginx Controller # E.g. to specify the default SSL certificate you can use extraArgs: {} ## extraArgs: @@ -302,7 +302,7 @@ controller: healthCheckPath: "/healthz" # -- Address to bind the health check endpoint. # It is better to set this option to the internal node address - # if the ingress nginx controller is running in the `hostNetwork: true` mode. + # if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. healthCheckHost: "" # -- Annotations to be added to controller pods ## @@ -395,7 +395,6 @@ controller: # - type: Pods # value: 2 # periodSeconds: 60 - # -- Enable mimalloc as a drop-in replacement for malloc. ## ref: https://github.com/microsoft/mimalloc ## @@ -482,6 +481,16 @@ controller: ## providers supporting it ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer # externalTrafficPolicy: "" + + # -- Custom port mapping for internal service + ports: {} + # http: 80 + # https: 443 + + # -- Custom target port mapping for internal service + targetPorts: {} + # http: http + # https: https # shareProcessNamespace enables process namespace sharing within the pod. # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. shareProcessNamespace: false diff --git a/cmd/plugin/commands/backends/backends.go b/cmd/plugin/commands/backends/backends.go index 341c62a9c..afc98e4d6 100644 --- a/cmd/plugin/commands/backends/backends.go +++ b/cmd/plugin/commands/backends/backends.go @@ -30,7 +30,7 @@ import ( // CreateCommand creates and returns this cobra subcommand func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { - var pod, deployment, selector *string + var pod, deployment, selector, container *string cmd := &cobra.Command{ Use: "backends", Short: "Inspect the dynamic backend information of an ingress-nginx instance", @@ -47,7 +47,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { return fmt.Errorf("--list and --backend cannot both be specified") } - util.PrintError(backends(flags, *pod, *deployment, *selector, backend, onlyList)) + util.PrintError(backends(flags, *pod, *deployment, *selector, *container, backend, onlyList)) return nil }, } @@ -55,6 +55,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { pod = util.AddPodFlag(cmd) deployment = util.AddDeploymentFlag(cmd) selector = util.AddSelectorFlag(cmd) + container = util.AddContainerFlag(cmd) cmd.Flags().String("backend", "", "Output only the information for the given backend") cmd.Flags().Bool("list", false, "Output a newline-separated list of backend names") @@ -62,7 +63,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { return cmd } -func backends(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, backend string, onlyList bool) error { +func backends(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string, backend string, onlyList bool) error { var command []string if onlyList { command = []string{"/dbg", "backends", "list"} @@ -77,7 +78,7 @@ func backends(flags *genericclioptions.ConfigFlags, podName string, deployment s return err } - out, err := kubectl.PodExecString(flags, &pod, command) + out, err := kubectl.PodExecString(flags, &pod, container, command) if err != nil { return err } diff --git a/cmd/plugin/commands/certs/certs.go b/cmd/plugin/commands/certs/certs.go index 07fd08ad3..88b721ee3 100644 --- a/cmd/plugin/commands/certs/certs.go +++ b/cmd/plugin/commands/certs/certs.go @@ -30,7 +30,7 @@ import ( // CreateCommand creates and returns this cobra subcommand func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { - var pod, deployment, selector *string + var pod, deployment, selector, container *string cmd := &cobra.Command{ Use: "certs", Short: "Output the certificate data stored in an ingress-nginx pod", @@ -40,7 +40,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { return err } - util.PrintError(certs(flags, *pod, *deployment, *selector, host)) + util.PrintError(certs(flags, *pod, *deployment, *selector, *container, host)) return nil }, } @@ -50,11 +50,12 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { pod = util.AddPodFlag(cmd) deployment = util.AddDeploymentFlag(cmd) selector = util.AddSelectorFlag(cmd) + container = util.AddContainerFlag(cmd) return cmd } -func certs(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, host string) error { +func certs(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string, host string) error { command := []string{"/dbg", "certs", "get", host} pod, err := request.ChoosePod(flags, podName, deployment, selector) @@ -62,7 +63,7 @@ func certs(flags *genericclioptions.ConfigFlags, podName string, deployment stri return err } - out, err := kubectl.PodExecString(flags, &pod, command) + out, err := kubectl.PodExecString(flags, &pod, container, command) if err != nil { return err } diff --git a/cmd/plugin/commands/conf/conf.go b/cmd/plugin/commands/conf/conf.go index 5caa2a649..a7f03a062 100644 --- a/cmd/plugin/commands/conf/conf.go +++ b/cmd/plugin/commands/conf/conf.go @@ -32,7 +32,7 @@ import ( // CreateCommand creates and returns this cobra subcommand func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { - var pod, deployment, selector *string + var pod, deployment, selector, container *string cmd := &cobra.Command{ Use: "conf", Short: "Inspect the generated nginx.conf", @@ -42,7 +42,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { return err } - util.PrintError(conf(flags, host, *pod, *deployment, *selector)) + util.PrintError(conf(flags, host, *pod, *deployment, *selector, *container)) return nil }, } @@ -50,17 +50,18 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { pod = util.AddPodFlag(cmd) deployment = util.AddDeploymentFlag(cmd) selector = util.AddSelectorFlag(cmd) + container = util.AddContainerFlag(cmd) return cmd } -func conf(flags *genericclioptions.ConfigFlags, host string, podName string, deployment string, selector string) error { +func conf(flags *genericclioptions.ConfigFlags, host string, podName string, deployment string, selector string, container string) error { pod, err := request.ChoosePod(flags, podName, deployment, selector) if err != nil { return err } - nginxConf, err := kubectl.PodExecString(flags, &pod, []string{"/dbg", "conf"}) + nginxConf, err := kubectl.PodExecString(flags, &pod, container, []string{"/dbg", "conf"}) if err != nil { return err } diff --git a/cmd/plugin/commands/exec/exec.go b/cmd/plugin/commands/exec/exec.go index 5f1a31913..f06aaeb23 100644 --- a/cmd/plugin/commands/exec/exec.go +++ b/cmd/plugin/commands/exec/exec.go @@ -29,19 +29,21 @@ import ( // CreateCommand creates and returns this cobra subcommand func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { opts := execFlags{} - var pod, deployment, selector *string + var pod, deployment, selector, container *string cmd := &cobra.Command{ Use: "exec", Short: "Execute a command inside an ingress-nginx pod", RunE: func(cmd *cobra.Command, args []string) error { - util.PrintError(exec(flags, *pod, *deployment, *selector, args, opts)) + util.PrintError(exec(flags, *pod, *deployment, *selector, *container, args, opts)) return nil }, } pod = util.AddPodFlag(cmd) deployment = util.AddDeploymentFlag(cmd) selector = util.AddSelectorFlag(cmd) + container = util.AddContainerFlag(cmd) + cmd.Flags().BoolVarP(&opts.TTY, "tty", "t", false, "Stdin is a TTY") cmd.Flags().BoolVarP(&opts.Stdin, "stdin", "i", false, "Pass stdin to the container") @@ -53,7 +55,7 @@ type execFlags struct { Stdin bool } -func exec(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, cmd []string, opts execFlags) error { +func exec(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string, cmd []string, opts execFlags) error { pod, err := request.ChoosePod(flags, podName, deployment, selector) if err != nil { return err @@ -67,7 +69,7 @@ func exec(flags *genericclioptions.ConfigFlags, podName string, deployment strin args = append(args, "-i") } - args = append(args, []string{"-n", pod.Namespace, pod.Name, "--"}...) + args = append(args, []string{"-n", pod.Namespace, "-c", container, pod.Name, "--"}...) args = append(args, cmd...) return kubectl.Exec(flags, args) } diff --git a/cmd/plugin/commands/general/general.go b/cmd/plugin/commands/general/general.go index 44e02ca88..fa6c1301f 100644 --- a/cmd/plugin/commands/general/general.go +++ b/cmd/plugin/commands/general/general.go @@ -30,29 +30,30 @@ import ( // CreateCommand creates and returns this cobra subcommand func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { - var pod, deployment, selector *string + var pod, deployment, selector, container *string cmd := &cobra.Command{ Use: "general", Short: "Inspect the other dynamic ingress-nginx information", RunE: func(cmd *cobra.Command, args []string) error { - util.PrintError(general(flags, *pod, *deployment, *selector)) + util.PrintError(general(flags, *pod, *deployment, *selector, *container)) return nil }, } pod = util.AddPodFlag(cmd) deployment = util.AddDeploymentFlag(cmd) selector = util.AddSelectorFlag(cmd) + container = util.AddContainerFlag(cmd) return cmd } -func general(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string) error { +func general(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string) error { pod, err := request.ChoosePod(flags, podName, deployment, selector) if err != nil { return err } - out, err := kubectl.PodExecString(flags, &pod, []string{"/dbg", "general"}) + out, err := kubectl.PodExecString(flags, &pod, container, []string{"/dbg", "general"}) if err != nil { return err } diff --git a/cmd/plugin/commands/logs/logs.go b/cmd/plugin/commands/logs/logs.go index 55cd008dc..56f4fc640 100644 --- a/cmd/plugin/commands/logs/logs.go +++ b/cmd/plugin/commands/logs/logs.go @@ -31,19 +31,20 @@ import ( // CreateCommand creates and returns this cobra subcommand func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { o := logsFlags{} - var pod, deployment, selector *string + var pod, deployment, selector, container *string cmd := &cobra.Command{ Use: "logs", Short: "Get the kubernetes logs for an ingress-nginx pod", RunE: func(cmd *cobra.Command, args []string) error { - util.PrintError(logs(flags, *pod, *deployment, *selector, o)) + util.PrintError(logs(flags, *pod, *deployment, *selector, *container, o)) return nil }, } pod = util.AddPodFlag(cmd) deployment = util.AddDeploymentFlag(cmd) selector = util.AddSelectorFlag(cmd) + container = util.AddContainerFlag(cmd) cmd.Flags().BoolVarP(&o.Follow, "follow", "f", o.Follow, "Specify if the logs should be streamed.") cmd.Flags().BoolVar(&o.Timestamps, "timestamps", o.Timestamps, "Include timestamps on each line in the log output") @@ -94,13 +95,13 @@ func (o *logsFlags) toStrings() []string { return r } -func logs(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, opts logsFlags) error { +func logs(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string, opts logsFlags) error { pod, err := request.ChoosePod(flags, podName, deployment, selector) if err != nil { return err } - cmd := []string{"logs", "-n", pod.Namespace, pod.Name} + cmd := []string{"logs", "-n", pod.Namespace, "-c", container, pod.Name} cmd = append(cmd, opts.toStrings()...) return kubectl.Exec(flags, cmd) } diff --git a/cmd/plugin/commands/ssh/ssh.go b/cmd/plugin/commands/ssh/ssh.go index 5e8b49fac..fe1b3e9fe 100644 --- a/cmd/plugin/commands/ssh/ssh.go +++ b/cmd/plugin/commands/ssh/ssh.go @@ -28,27 +28,28 @@ import ( // CreateCommand creates and returns this cobra subcommand func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { - var pod, deployment, selector *string + var pod, deployment, selector, container *string cmd := &cobra.Command{ Use: "ssh", Short: "ssh into a running ingress-nginx pod", RunE: func(cmd *cobra.Command, args []string) error { - util.PrintError(ssh(flags, *pod, *deployment, *selector)) + util.PrintError(ssh(flags, *pod, *deployment, *selector, *container)) return nil }, } pod = util.AddPodFlag(cmd) deployment = util.AddDeploymentFlag(cmd) selector = util.AddSelectorFlag(cmd) + container = util.AddContainerFlag(cmd) return cmd } -func ssh(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string) error { +func ssh(flags *genericclioptions.ConfigFlags, podName string, deployment string, selector string, container string) error { pod, err := request.ChoosePod(flags, podName, deployment, selector) if err != nil { return err } - return kubectl.Exec(flags, []string{"exec", "-it", "-n", pod.Namespace, pod.Name, "--", "/bin/bash"}) + return kubectl.Exec(flags, []string{"exec", "-it", "-n", pod.Namespace, "-c", container, pod.Name, "--", "/bin/bash"}) } diff --git a/cmd/plugin/kubectl/kubectl.go b/cmd/plugin/kubectl/kubectl.go index c11ba5b77..3f31a2104 100644 --- a/cmd/plugin/kubectl/kubectl.go +++ b/cmd/plugin/kubectl/kubectl.go @@ -31,8 +31,8 @@ import ( // PodExecString takes a pod and a command, uses kubectl exec to run the command in the pod // and returns stdout as a string -func PodExecString(flags *genericclioptions.ConfigFlags, pod *apiv1.Pod, args []string) (string, error) { - args = append([]string{"exec", "-n", pod.Namespace, pod.Name}, args...) +func PodExecString(flags *genericclioptions.ConfigFlags, pod *apiv1.Pod, container string, args []string) (string, error) { + args = append([]string{"exec", "-n", pod.Namespace, "-c", container, pod.Name}, args...) return ExecToString(flags, args) } diff --git a/cmd/plugin/util/util.go b/cmd/plugin/util/util.go index cc9882009..e1910140d 100644 --- a/cmd/plugin/util/util.go +++ b/cmd/plugin/util/util.go @@ -31,6 +31,7 @@ import ( const ( DefaultIngressDeploymentName = "ingress-nginx-controller" DefaultIngressServiceName = "ingress-nginx-controller" + DefaultIngressContainerName = "controller" ) // IssuePrefix is the github url that we can append an issue number to to link to it @@ -127,6 +128,13 @@ func AddSelectorFlag(cmd *cobra.Command) *string { return &v } +// AddContainerFlag adds a --container flag to a cobra command +func AddContainerFlag(cmd *cobra.Command) *string { + v := "" + cmd.Flags().StringVar(&v, "container", DefaultIngressContainerName, "The name of the ingress-nginx controller container") + return &v +} + // GetNamespace takes a set of kubectl flag values and returns the namespace we should be operating in func GetNamespace(flags *genericclioptions.ConfigFlags) string { namespace, _, err := flags.ToRawKubeConfigLoader().Namespace() diff --git a/deploy/grafana/dashboards/README.md b/deploy/grafana/dashboards/README.md index 26195583b..e16180c3b 100644 --- a/deploy/grafana/dashboards/README.md +++ b/deploy/grafana/dashboards/README.md @@ -4,7 +4,7 @@ Ingress-nginx supports a rich collection of prometheus metrics. If you have pro This folder contains two dashboards that you can import. -## 1. NGINX Ingress Controller +## 1. Ingress-Nginx Controller ![Dashboard](screenshot.png) diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index c1d595c3a..41006c016 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -418,7 +418,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 spec: containers: - args: @@ -442,7 +442,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 + image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -514,7 +514,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -525,7 +525,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create spec: containers: @@ -561,7 +561,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -572,7 +572,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch spec: containers: @@ -610,7 +610,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -623,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index ed6275a0b..4e4f9ca9b 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -335,7 +335,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -409,7 +409,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -427,7 +427,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 spec: containers: - args: @@ -451,7 +451,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 + image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create spec: containers: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch spec: containers: @@ -622,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index 595088a0c..3f015f001 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -413,7 +413,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 spec: containers: - args: @@ -436,7 +436,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 + image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -508,7 +508,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -519,7 +519,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create spec: containers: @@ -555,7 +555,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -566,7 +566,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch spec: containers: @@ -604,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -617,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 0540ff1cb..a914aca5e 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -396,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -414,7 +414,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 spec: containers: - args: @@ -438,7 +438,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 + image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -510,7 +510,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -521,7 +521,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create spec: containers: @@ -557,7 +557,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -568,7 +568,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch spec: containers: @@ -606,7 +606,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -619,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index ae6ae1f8f..676ae1229 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 spec: containers: - args: @@ -441,7 +441,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 + image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -513,7 +513,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -524,7 +524,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create spec: containers: @@ -560,7 +560,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -571,7 +571,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch spec: containers: @@ -609,7 +609,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -622,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index a387fa928..e9d3522f0 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -382,7 +382,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -405,7 +405,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 spec: containers: - args: @@ -447,7 +447,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 + image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -519,7 +519,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -530,7 +530,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create spec: containers: @@ -566,7 +566,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -577,7 +577,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch spec: containers: @@ -615,7 +615,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -628,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index a77a08ae9..6a327b97f 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 spec: containers: - args: @@ -442,7 +442,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 + image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -524,7 +524,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -535,7 +535,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create spec: containers: @@ -571,7 +571,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -582,7 +582,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch spec: containers: @@ -620,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -633,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index ab9142ce2..389e2a920 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 spec: containers: - args: @@ -441,7 +441,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 + image: registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -513,7 +513,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -524,7 +524,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-create spec: containers: @@ -560,7 +560,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -571,7 +571,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission-patch spec: containers: @@ -609,7 +609,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -622,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.7.0 + app.kubernetes.io/version: 1.7.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/baremetal.md b/docs/deploy/baremetal.md index 7d8076147..f5ff54174 100644 --- a/docs/deploy/baremetal.md +++ b/docs/deploy/baremetal.md @@ -1,14 +1,14 @@ # Bare-metal considerations In traditional *cloud* environments, where network load balancers are available on-demand, a single Kubernetes manifest -suffices to provide a single point of contact to the NGINX Ingress controller to external clients and, indirectly, to +suffices to provide a single point of contact to the Ingress-Nginx Controller to external clients and, indirectly, to any application running inside the cluster. *Bare-metal* environments lack this commodity, requiring a slightly different setup to offer the same kind of access to external consumers. ![Cloud environment](../images/baremetal/cloud_overview.jpg) ![Bare-metal environment](../images/baremetal/baremetal_overview.jpg) -The rest of this document describes a few recommended approaches to deploying the NGINX Ingress controller inside a +The rest of this document describes a few recommended approaches to deploying the Ingress-Nginx Controller inside a Kubernetes cluster running on bare-metal. ## A pure software solution: MetalLB @@ -30,7 +30,7 @@ the traffic for the `ingress-nginx` Service IP. See [Traffic policies][metallb-t yourself by reading the official documentation thoroughly. MetalLB can be deployed either with a simple Kubernetes manifest or with Helm. The rest of this example assumes MetalLB -was deployed following the [Installation][metallb-install] instructions, and that the NGINX Ingress controller was installed +was deployed following the [Installation][metallb-install] instructions, and that the Ingress-Nginx Controller was installed using the steps described in the [quickstart section of the installation guide][install-quickstart]. MetalLB requires a pool of IP addresses in order to be able to take ownership of the `ingress-nginx` Service. This pool @@ -164,7 +164,7 @@ field of the `ingress-nginx` Service spec to `Local` ([example][preserve-ip]). !!! warning This setting effectively **drops packets** sent to Kubernetes nodes which are not running any instance of the NGINX Ingress controller. Consider [assigning NGINX Pods to specific nodes][pod-assign] in order to control on what nodes - the NGINX Ingress controller should be scheduled or not scheduled. + the Ingress-Nginx Controller should be scheduled or not scheduled. !!! example In a Kubernetes cluster composed of 3 nodes (the external IP is added as an example, in most bare-metal environments @@ -193,7 +193,7 @@ field of the `ingress-nginx` Service spec to `Local` ([example][preserve-ip]). * **Ingress status** -Because NodePort Services do not get a LoadBalancerIP assigned by definition, the NGINX Ingress controller **does not +Because NodePort Services do not get a LoadBalancerIP assigned by definition, the Ingress-Nginx Controller **does not update the status of Ingress objects it manages**. ```console @@ -202,12 +202,12 @@ NAME HOSTS ADDRESS PORTS test-ingress myapp.example.com 80 ``` -Despite the fact there is no load balancer providing a public IP address to the NGINX Ingress controller, it is possible +Despite the fact there is no load balancer providing a public IP address to the Ingress-Nginx Controller, it is possible to force the status update of all managed Ingress objects by setting the `externalIPs` field of the `ingress-nginx` Service. !!! warning - There is more to setting `externalIPs` than just enabling the NGINX Ingress controller to update the status of + There is more to setting `externalIPs` than just enabling the Ingress-Nginx Controller to update the status of Ingress objects. Please read about this option in the [Services][external-ips] page of official Kubernetes documentation as well as the section about [External IPs](#external-ips) in this document for more information. @@ -268,11 +268,11 @@ for generating redirect URLs that take into account the URL used by external cli In a setup where there is no external load balancer available but using NodePorts is not an option, one can configure `ingress-nginx` Pods to use the network of the host they run on instead of a dedicated network namespace. The benefit of -this approach is that the NGINX Ingress controller can bind ports 80 and 443 directly to Kubernetes nodes' network +this approach is that the Ingress-Nginx Controller can bind ports 80 and 443 directly to Kubernetes nodes' network interfaces, without the extra network translation imposed by NodePort Services. !!! note - This approach does not leverage any Service object to expose the NGINX Ingress controller. If the `ingress-nginx` + This approach does not leverage any Service object to expose the Ingress-Nginx Controller. If the `ingress-nginx` Service exists in the target cluster, it is **recommended to delete it**. This can be achieved by enabling the `hostNetwork` option in the Pods' spec. @@ -284,7 +284,7 @@ template: ``` !!! danger "Security considerations" - Enabling this option **exposes every system daemon to the NGINX Ingress controller** on any network interface, + Enabling this option **exposes every system daemon to the Ingress-Nginx Controller** on any network interface, including the host's loopback. Please evaluate the impact this may have on the security of your system carefully. !!! example @@ -299,7 +299,7 @@ template: ingress-nginx-controller-5b4cf5fc6-lzrls 1/1 Running 203.0.113.2 host-2 ``` -One major limitation of this deployment approach is that only **a single NGINX Ingress controller Pod** may be scheduled +One major limitation of this deployment approach is that only **a single Ingress-Nginx Controller Pod** may be scheduled on each cluster node, because binding the same port multiple times on the same network interface is technically impossible. Pods that are unschedulable due to such situation fail with the following event: @@ -312,7 +312,7 @@ Events: Warning FailedScheduling default-scheduler 0/3 nodes are available: 3 node(s) didn't have free ports for the requested pod ports. ``` -One way to ensure only schedulable Pods are created is to deploy the NGINX Ingress controller as a *DaemonSet* instead +One way to ensure only schedulable Pods are created is to deploy the Ingress-Nginx Controller as a *DaemonSet* instead of a traditional Deployment. !!! info @@ -334,7 +334,7 @@ expected to resolve internal names for any reason. * **Ingress status** -Because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default +Because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default `--publish-service` flag used in standard cloud setups **does not apply** and the status of all Ingress objects remains blank. @@ -346,7 +346,7 @@ test-ingress myapp.example.com 80 Instead, and because bare-metal nodes usually don't have an ExternalIP, one has to enable the [`--report-node-internal-ip-address`][cli-args] flag, which sets the status of all Ingress objects to the internal IP -address of all nodes running the NGINX Ingress controller. +address of all nodes running the Ingress-Nginx Controller. !!! example Given a `ingress-nginx-controller` DaemonSet composed of 2 replicas diff --git a/docs/deploy/hardening-guide.md b/docs/deploy/hardening-guide.md index d428bc3aa..cfbdb1466 100644 --- a/docs/deploy/hardening-guide.md +++ b/docs/deploy/hardening-guide.md @@ -94,7 +94,7 @@ This guide refers to chapters in the CIS Benchmark. For full explanation you sho | __5 Request Filtering and Restrictions__||| | | ||| | | __5.1 Access Control__||| | -| 5.1.1 Ensure allow and deny filters limit access to specific IP addresses (Not Scored)| OK/ACTION NEEDED | Depends on use case, geo ip module is compiled into nginx ingress controller, there are several ways to use it | If needed set IP restrictions via annotations or work with config snippets (be careful with lets-encrypt-http-challenge!) | +| 5.1.1 Ensure allow and deny filters limit access to specific IP addresses (Not Scored)| OK/ACTION NEEDED | Depends on use case, geo ip module is compiled into Ingress-Nginx Controller, there are several ways to use it | If needed set IP restrictions via annotations or work with config snippets (be careful with lets-encrypt-http-challenge!) | | 5.1.2 Ensure only whitelisted HTTP methods are allowed (Not Scored) | OK/ACTION NEEDED | Depends on use case| If required it can be set via config snippet| | ||| | | __5.2 Request Limits__||| | diff --git a/docs/deploy/index.md b/docs/deploy/index.md index f6ba17a09..e33ee5dbe 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -1,6 +1,6 @@ # Installation Guide -There are multiple ways to install the NGINX ingress controller: +There are multiple ways to install the Ingress-Nginx Controller: - with [Helm](https://helm.sh), using the project repository chart; - with `kubectl apply`, using YAML manifests; @@ -62,7 +62,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -192,9 +192,9 @@ doesn't work, you might have to fall back to the `kubectl port-forward` method d Rancher Desktop provides Kubernetes and Container Management on the desktop. Kubernetes is enabled by default in Rancher Desktop. -Rancher Desktop uses K3s under the hood, which in turn uses Traefik as the default ingress controller for the Kubernetes cluster. To use NGINX ingress controller in place of the default Traefik, disable Traefik from Preference > Kubernetes menu. +Rancher Desktop uses K3s under the hood, which in turn uses Traefik as the default ingress controller for the Kubernetes cluster. To use Ingress-Nginx Controller in place of the default Traefik, disable Traefik from Preference > Kubernetes menu. -Once traefik is disabled, the NGINX ingress controller can be installed on Rancher Desktop using the default [quick start](#quick-start) instructions. Follow the instructions described in the [local testing section](#local-testing) to try a sample. +Once traefik is disabled, the Ingress-Nginx Controller can be installed on Rancher Desktop using the default [quick start](#quick-start) instructions. Follow the instructions described in the [local testing section](#local-testing) to try a sample. ### Cloud deployments @@ -214,7 +214,7 @@ options of various cloud providers. #### AWS -In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`. +In AWS, we use a Network load balancer (NLB) to expose the Ingress-Nginx Controller behind a Service of `Type=LoadBalancer`. !!! info The provided templates illustrate the setup for legacy in-tree service load balancer for AWS NLB. @@ -225,7 +225,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -233,10 +233,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -282,7 +282,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -299,7 +299,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -307,7 +307,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -315,7 +315,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -330,7 +330,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/cloud/deploy.yaml ``` A @@ -357,7 +357,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), @@ -419,14 +419,14 @@ Here is how these Ingress versions are supported in Kubernetes: - from Kubernetes 1.19 to 1.21, both `v1beta1` and `v1` Ingress resources are supported - in Kubernetes 1.22 and above, only `v1` Ingress resources are supported -And here is how these Ingress versions are supported in NGINX Ingress Controller: +And here is how these Ingress versions are supported in Ingress-Nginx Controller: - before version 1.0, only `v1beta1` Ingress resources are supported - in version 1.0 and above, only `v1` Ingress resources are As a result, if you're running Kubernetes 1.19 or later, you should be able to use the latest version of the NGINX Ingress Controller; but if you're using an old version of Kubernetes (1.18 or earlier) you will have to use version 0.X -of the NGINX Ingress Controller (e.g. version 0.49). +of the Ingress-Nginx Controller (e.g. version 0.49). -The Helm chart of the NGINX Ingress Controller switched to version 1 in version 4 of the chart. In other words, if +The Helm chart of the Ingress-Nginx Controller switched to version 1 in version 4 of the chart. In other words, if you're running Kubernetes 1.19 or earlier, you should use version 3.X of the chart (this can be done by adding `--version='<4'` to the `helm install` command ). diff --git a/docs/developer-guide/code-overview.md b/docs/developer-guide/code-overview.md index a26083c6a..8e872211d 100644 --- a/docs/developer-guide/code-overview.md +++ b/docs/developer-guide/code-overview.md @@ -53,7 +53,7 @@ This code can be found in [internal/file](https://github.com/kubernetes/ingress- #### Ingress functions -Contains all the logics from NGINX Ingress Controller, with some examples being: +Contains all the logics from Ingress-Nginx Controller, with some examples being: * Expected Golang structures that will be used in templates and other parts of the code - [internal/ingress/types.go](https://github.com/kubernetes/ingress-nginx/blob/main/internal/ingress/types.go). * supported annotations and its parsing logics - [internal/ingress/annotations](https://github.com/kubernetes/ingress-nginx/tree/main/internal/ingress/annotations). diff --git a/docs/developer-guide/getting-started.md b/docs/developer-guide/getting-started.md index 9f4be8fcc..4b7ed46f0 100644 --- a/docs/developer-guide/getting-started.md +++ b/docs/developer-guide/getting-started.md @@ -1,6 +1,6 @@ - Developing for NGINX Ingress Controller + Developing for Ingress-Nginx Controller -This document explains how to get started with developing for NGINX Ingress controller. +This document explains how to get started with developing for Ingress-Nginx Controller. For the really new contributors, who want to contribute to the INGRESS-NGINX project, but need help with understanding some basic concepts, that are needed to work with the Kubernetes ingress resource, here is a link to the [New Contributors Guide](https://github.com/kubernetes/ingress-nginx/blob/main/NEW_CONTRIBUTOR.md). diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index ed3e77f67..9b3c5f2ff 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -373,10 +373,6 @@ Do not try to edit it manually. - [should apply the annotation to the default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L38) -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) - ### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) - [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) @@ -898,4 +894,13 @@ Do not try to edit it manually. - [should expose a TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L46) - [should expose an ExternalName TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L80) -- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L169) \ No newline at end of file +- [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L169) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) + +### [[metrics] exported prometheus metrics](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/metrics/metrics.go#L36) + +- [exclude socket request metrics are absent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/metrics/metrics.go#L50) +- [exclude socket request metrics are present](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/metrics/metrics.go#L72) \ No newline at end of file diff --git a/docs/examples/affinity/cookie/README.md b/docs/examples/affinity/cookie/README.md index 1920d132b..e66503dd7 100644 --- a/docs/examples/affinity/cookie/README.md +++ b/docs/examples/affinity/cookie/README.md @@ -67,7 +67,7 @@ Accept-Ranges: bytes ``` In the example above, you can see that the response contains a `Set-Cookie` header with the settings we have defined. -This cookie is created by the NGINX Ingress Controller, it contains a randomly generated key corresponding to the upstream used for that request (selected using [consistent hashing][consistent-hashing]) and has an `Expires` directive. +This cookie is created by the Ingress-Nginx Controller, it contains a randomly generated key corresponding to the upstream used for that request (selected using [consistent hashing][consistent-hashing]) and has an `Expires` directive. If a client sends a cookie that doesn't correspond to an upstream, NGINX selects an upstream and creates a corresponding cookie. If the backend pool grows NGINX will keep sending the requests through the same server of the first request, even if it's overloaded. diff --git a/docs/examples/customization/custom-errors/README.md b/docs/examples/customization/custom-errors/README.md index a137fd6dc..a7c9545b0 100644 --- a/docs/examples/customization/custom-errors/README.md +++ b/docs/examples/customization/custom-errors/README.md @@ -29,7 +29,7 @@ service/nginx-errors ClusterIP 10.0.0.12 80/TCP 10s ## Ingress controller configuration -If you do not already have an instance of the NGINX Ingress controller running, deploy it according to the +If you do not already have an instance of the Ingress-Nginx Controller running, deploy it according to the [deployment guide][deploy], then follow these steps: 1. Edit the `ingress-nginx-controller` Deployment and set the value of the `--default-backend-service` flag to the name of the @@ -37,7 +37,7 @@ If you do not already have an instance of the NGINX Ingress controller running, 2. Edit the `ingress-nginx-controller` ConfigMap and create the key `custom-http-errors` with a value of `404,503`. -3. Take note of the IP address assigned to the NGINX Ingress controller Service. +3. Take note of the IP address assigned to the Ingress-Nginx Controller Service. ``` $ kubectl get svc ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE diff --git a/docs/examples/customization/custom-errors/custom-default-backend.yaml b/docs/examples/customization/custom-errors/custom-default-backend.yaml index 5fc5c55e4..2af64896f 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml @@ -36,7 +36,7 @@ spec: spec: containers: - name: nginx-error-server - image: registry.k8s.io/ingress-nginx/nginx-errors:v20230312-helm-chart-4.5.2-28-g66a760794@sha256:332be6ff8c4e93e8845963932f98839dfd52ae49829c29e06475368a3e4fbd9e + image: registry.k8s.io/ingress-nginx/nginx-errors:v20230404-helm-chart-4.6.0-11-gc76179c04@sha256:aabd7a001f6a0a07ed6ea8f6da87e928bfa8f971eba2bef708f3e8504fc5cc9b ports: - containerPort: 8080 # Setting the environment variable DEBUG we can see the headers sent diff --git a/docs/examples/customization/custom-headers/README.md b/docs/examples/customization/custom-headers/README.md index 499bfc386..0da12582f 100644 --- a/docs/examples/customization/custom-headers/README.md +++ b/docs/examples/customization/custom-headers/README.md @@ -10,7 +10,7 @@ To work around this limitation, perform a rolling restart of the deployment. ## Example -This example demonstrates configuration of the nginx ingress controller via +This example demonstrates configuration of the Ingress-Nginx Controller via a ConfigMap to pass a custom list of headers to the upstream server. @@ -26,7 +26,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/customization/custom-headers/configmap.yaml ``` -The nginx ingress controller will read the `ingress-nginx/ingress-nginx-controller` ConfigMap, find the `proxy-set-headers` key, read HTTP headers from the `ingress-nginx/custom-headers` ConfigMap, and include those HTTP headers in all requests flowing from nginx to the backends. +The Ingress-Nginx Controller will read the `ingress-nginx/ingress-nginx-controller` ConfigMap, find the `proxy-set-headers` key, read HTTP headers from the `ingress-nginx/custom-headers` ConfigMap, and include those HTTP headers in all requests flowing from nginx to the backends. The above example was for passing a custom list of headers to the upstream server. diff --git a/docs/examples/customization/ssl-dh-param/README.md b/docs/examples/customization/ssl-dh-param/README.md index 2eae67ce2..fcd80757b 100644 --- a/docs/examples/customization/ssl-dh-param/README.md +++ b/docs/examples/customization/ssl-dh-param/README.md @@ -1,6 +1,6 @@ # Custom DH parameters for perfect forward secrecy -This example aims to demonstrate the deployment of an nginx ingress controller and +This example aims to demonstrate the deployment of an Ingress-Nginx Controller and use a ConfigMap to configure a custom Diffie-Hellman parameters file to help with "Perfect Forward Secrecy". diff --git a/docs/examples/tls-termination/README.md b/docs/examples/tls-termination/README.md index bd68ddc67..25139b381 100644 --- a/docs/examples/tls-termination/README.md +++ b/docs/examples/tls-termination/README.md @@ -1,6 +1,6 @@ # TLS termination -This example demonstrates how to terminate TLS through the nginx Ingress controller. +This example demonstrates how to terminate TLS through the Ingress-Nginx Controller. ## Prerequisites diff --git a/docs/how-it-works.md b/docs/how-it-works.md index 894a504dc..161803210 100644 --- a/docs/how-it-works.md +++ b/docs/how-it-works.md @@ -60,7 +60,7 @@ In a relatively big cluster with frequently deploying apps this feature saves si Because the ingress controller works using the [synchronization loop pattern](https://coreos.com/kubernetes/docs/latest/replication-controller.html#the-reconciliation-loop-in-detail), it is applying the configuration for all matching objects. In case some Ingress objects have a broken configuration, for example a syntax error in the `nginx.ingress.kubernetes.io/configuration-snippet` annotation, the generated configuration becomes invalid, does not reload and hence no more ingresses will be taken into account. -To prevent this situation to happen, the nginx ingress controller optionally exposes a [validating admission webhook server][8] to ensure the validity of incoming ingress objects. +To prevent this situation to happen, the Ingress-Nginx Controller optionally exposes a [validating admission webhook server][8] to ensure the validity of incoming ingress objects. This webhook appends the incoming ingress objects to the list of ingresses, generates the configuration and calls nginx to ensure the configuration has no syntax errors. [0]: https://github.com/openresty/lua-nginx-module/pull/1259 diff --git a/docs/kubectl-plugin.md b/docs/kubectl-plugin.md index 2b6381f6f..9e5a5dcc6 100644 --- a/docs/kubectl-plugin.md +++ b/docs/kubectl-plugin.md @@ -68,7 +68,7 @@ Use "ingress-nginx [command] --help" for more information about a command. ## Common Flags - Every subcommand supports the basic `kubectl` configuration flags like `--namespace`, `--context`, `--client-key` and so on. -- Subcommands that act on a particular `ingress-nginx` pod (`backends`, `certs`, `conf`, `exec`, `general`, `logs`, `ssh`), support the `--deployment ` and `--pod ` flags to select either a pod from a deployment with the given name, or a pod with the given name. The `--deployment` flag defaults to `ingress-nginx-controller`. +- Subcommands that act on a particular `ingress-nginx` pod (`backends`, `certs`, `conf`, `exec`, `general`, `logs`, `ssh`), support the `--deployment `, `--pod `, and `--container ` flags to select either a pod from a deployment with the given name, or a pod with the given name (and the given container name). The `--deployment` flag defaults to `ingress-nginx-controller`, and the `--container` flag defaults to `controller`. - Subcommands that inspect resources (`ingresses`, `lint`) support the `--all-namespaces` flag, which causes them to inspect resources in every namespace. ## Subcommands diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index 59e52957d..bc0894a52 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -68,7 +68,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--validating-webhook` | The address to start an admission controller on to validate incoming ingresses. Takes the form ":port". If not provided, no admission controller is started. | | `--validating-webhook-certificate` | The path of the validating webhook certificate PEM. | | `--validating-webhook-key` | The path of the validating webhook key PEM. | -| `--version` | Show release information about the NGINX Ingress controller and exit. | +| `--version` | Show release information about the Ingress-Nginx Controller and exit. | | `--watch-ingress-without-class` | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. (default false) | | `--watch-namespace` | Namespace the controller watches for updates to Kubernetes objects. This includes Ingresses, Services and all configuration resources. All namespaces are watched if this parameter is left empty. | | `--watch-namespace-selector` | The controller will watch namespaces whose labels match the given selector. This flag only takes effective when `--watch-namespace` is empty. | diff --git a/docs/user-guide/external-articles.md b/docs/user-guide/external-articles.md index d9fd828b8..27a3f4447 100644 --- a/docs/user-guide/external-articles.md +++ b/docs/user-guide/external-articles.md @@ -2,5 +2,5 @@ - [Pain(less) NGINX Ingress](http://danielfm.me/posts/painless-nginx-ingress.html) - [Accessing Kubernetes Pods from Outside of the Cluster](http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster) -- [Kubernetes - Redirect HTTP to HTTPS with ELB and the nginx ingress controller](https://dev.to/tomhoule/kubernetes---redirect-http-to-https-with-elb-and-the-nginx-ingress-controller) +- [Kubernetes - Redirect HTTP to HTTPS with ELB and the Ingress-Nginx Controller](https://dev.to/tomhoule/kubernetes---redirect-http-to-https-with-elb-and-the-nginx-ingress-controller) - [Configure Nginx Ingress Controller for TLS termination on Kubernetes on Azure](https://blogs.technet.microsoft.com/livedevopsinjapan/2017/02/28/configure-nginx-ingress-controller-for-tls-termination-on-kubernetes-on-azure-2/) diff --git a/docs/user-guide/miscellaneous.md b/docs/user-guide/miscellaneous.md index d9b32d36f..e7d1ac59c 100644 --- a/docs/user-guide/miscellaneous.md +++ b/docs/user-guide/miscellaneous.md @@ -32,7 +32,7 @@ The default value of these settings is `60 seconds`. A more adequate value to support websockets is a value higher than one hour (`3600`). !!! Important - If the NGINX ingress controller is exposed with a service `type=LoadBalancer` make sure the protocol between the loadbalancer and NGINX is TCP. + If the Ingress-Nginx Controller is exposed with a service `type=LoadBalancer` make sure the protocol between the loadbalancer and NGINX is TCP. ## Optimizing TLS Time To First Byte (TTTFB) @@ -52,4 +52,4 @@ The previous behavior can be restored using `retry-non-idempotent=true` in the c ## Why endpoints and not services -The NGINX ingress controller does not use [Services](http://kubernetes.io/docs/user-guide/services) to route traffic to the pods. Instead it uses the Endpoints API in order to bypass [kube-proxy](http://kubernetes.io/docs/admin/kube-proxy/) to allow NGINX features like session affinity and custom load balancing algorithms. It also removes some overhead, such as conntrack entries for iptables DNAT. +The Ingress-Nginx Controller does not use [Services](http://kubernetes.io/docs/user-guide/services) to route traffic to the pods. Instead it uses the Endpoints API in order to bypass [kube-proxy](http://kubernetes.io/docs/admin/kube-proxy/) to allow NGINX features like session affinity and custom load balancing algorithms. It also removes some overhead, such as conntrack entries for iptables DNAT. diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index 281207866..1e30e556f 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -6,14 +6,14 @@ Two different methods to install and configure Prometheus and Grafana are descri ## Prometheus and Grafana installation using Pod Annotations -This tutorial will show you how to install [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/) for scraping the metrics of the NGINX Ingress controller. +This tutorial will show you how to install [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/) for scraping the metrics of the Ingress-Nginx Controller. !!! important This example uses `emptyDir` volumes for Prometheus and Grafana. This means once the pod gets terminated you will lose all the data. ### Before You Begin -- The NGINX Ingress controller should already be deployed according to the deployment instructions [here](../deploy/index.md). +- The Ingress-Nginx Controller should already be deployed according to the deployment instructions [here](../deploy/index.md). - The controller should be configured for exporting metrics. This requires 3 configurations to the controller. These configurations are : 1. controller.metrics.enabled=true @@ -184,9 +184,9 @@ According to the above example, this URL will be http://10.192.0.3:31086 ## Prometheus and Grafana installation using Service Monitors This document assumes you're using helm and using the kube-prometheus-stack package to install Prometheus and Grafana. -### Verify NGINX Ingress controller is installed +### Verify Ingress-Nginx Controller is installed -- The NGINX Ingress controller should already be deployed according to the deployment instructions [here](../deploy/index.md). +- The Ingress-Nginx Controller should already be deployed according to the deployment instructions [here](../deploy/index.md). - To check if Ingress controller is deployed, ``` @@ -214,7 +214,7 @@ This document assumes you're using helm and using the kube-prometheus-stack pack - If prometheus is not installed, then you can install from [here](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack) -### Re-configure NGINX Ingress controller +### Re-configure Ingress-Nginx Controller - The Ingress NGINX controller needs to be reconfigured for exporting metrics. This requires 3 additional configurations to the controller. These configurations are : ``` diff --git a/docs/user-guide/multiple-ingress.md b/docs/user-guide/multiple-ingress.md index 6a9457a9c..fca93ee65 100644 --- a/docs/user-guide/multiple-ingress.md +++ b/docs/user-guide/multiple-ingress.md @@ -111,7 +111,7 @@ spec: then setting the corresponding `kubernetes.io/ingress.class: "internal-nginx"` annotation on your Ingresses. -To reiterate, setting the annotation to any value which does not match a valid ingress class will force the NGINX Ingress controller to ignore your Ingress. -If you are only running a single NGINX ingress controller, this can be achieved by setting the annotation to any value except "nginx" or an empty string. +To reiterate, setting the annotation to any value which does not match a valid ingress class will force the Ingress-Nginx Controller to ignore your Ingress. +If you are only running a single Ingress-Nginx Controller, this can be achieved by setting the annotation to any value except "nginx" or an empty string. Do this if you wish to use one of the other Ingress controllers at the same time as the NGINX controller. diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 3b463eea7..b515a9f3b 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -22,7 +22,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/auth-realm](#authentication)|string| |[nginx.ingress.kubernetes.io/auth-secret](#authentication)|string| |[nginx.ingress.kubernetes.io/auth-secret-type](#authentication)|string| -|[nginx.ingress.kubernetes.io/auth-type](#authentication)|basic or digest| +|[nginx.ingress.kubernetes.io/auth-type](#authentication)|"basic" or "digest"| |[nginx.ingress.kubernetes.io/auth-tls-secret](#client-certificate-authentication)|string| |[nginx.ingress.kubernetes.io/auth-tls-verify-depth](#client-certificate-authentication)|number| |[nginx.ingress.kubernetes.io/auth-tls-verify-client](#client-certificate-authentication)|string| @@ -598,7 +598,7 @@ the User guide. ### Service Upstream -By default the NGINX ingress controller uses a list of all endpoints (Pod IP/port) in the NGINX upstream configuration. +By default the Ingress-Nginx Controller uses a list of all endpoints (Pod IP/port) in the NGINX upstream configuration. The `nginx.ingress.kubernetes.io/service-upstream` annotation disables that behavior and instead uses a single upstream in NGINX, the service's Cluster IP and port. diff --git a/docs/user-guide/third-party-addons/opentelemetry.md b/docs/user-guide/third-party-addons/opentelemetry.md index d966dff1f..1b9b6536e 100644 --- a/docs/user-guide/third-party-addons/opentelemetry.md +++ b/docs/user-guide/third-party-addons/opentelemetry.md @@ -2,7 +2,7 @@ Enables requests served by NGINX for distributed telemetry via The OpenTelemetry Project. -Using the third party module [opentelemetry-cpp-contrib/nginx](https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/nginx) the NGINX ingress controller can configure NGINX to enable [OpenTelemetry](http://opentelemetry.io) instrumentation. +Using the third party module [opentelemetry-cpp-contrib/nginx](https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/nginx) the Ingress-Nginx Controller can configure NGINX to enable [OpenTelemetry](http://opentelemetry.io) instrumentation. By default this feature is disabled. ## Usage @@ -27,7 +27,7 @@ We must also set the host to use when uploading traces: ```yaml otlp-collector-host: "otel-coll-collector.otel.svc" ``` -NOTE: While the option is called `otlp-collector-host`, you will need to point this to any backend that recieves otlp-grpc. +NOTE: While the option is called `otlp-collector-host`, you will need to point this to any backend that receives otlp-grpc. Next you will need to deploy a distributed telemetry system which uses OpenTelemetry. [opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector), [Jaeger](https://www.jaegertracing.io/) diff --git a/docs/user-guide/third-party-addons/opentracing.md b/docs/user-guide/third-party-addons/opentracing.md index 6ed0f195e..f5ec59faf 100644 --- a/docs/user-guide/third-party-addons/opentracing.md +++ b/docs/user-guide/third-party-addons/opentracing.md @@ -2,7 +2,7 @@ Enables requests served by NGINX for distributed tracing via The OpenTracing Project. -Using the third party module [opentracing-contrib/nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing) the NGINX ingress controller can configure NGINX to enable [OpenTracing](http://opentracing.io) instrumentation. +Using the third party module [opentracing-contrib/nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing) the Ingress-Nginx Controller can configure NGINX to enable [OpenTracing](http://opentracing.io) instrumentation. By default this feature is disabled. ## Usage diff --git a/go.mod b/go.mod index 54929c1a7..9de23ba1a 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 github.com/onsi/ginkgo/v2 v2.9.0 - github.com/opencontainers/runc v1.1.6 + github.com/opencontainers/runc v1.1.7 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.15.0 github.com/prometheus/client_model v0.3.0 diff --git a/go.sum b/go.sum index 4d2b69333..da99bd248 100644 --- a/go.sum +++ b/go.sum @@ -288,8 +288,8 @@ github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxm github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754= -github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA= -github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= +github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/uoCk= +github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= diff --git a/images/README.md b/images/README.md index 13f6bfc3c..e7e5f71a6 100644 --- a/images/README.md +++ b/images/README.md @@ -13,10 +13,11 @@ Directory | Purpose ------------ | ------------- -custom-error-pages | Example of Custom error pages for the NGINX Ingress controller +custom-error-pages | Example of Custom error pages for the Ingress-Nginx Controller e2e | Image to run e2e tests fastcgi-helloserver | FastCGI application for e2e tests grpc-fortune-teller | grpc server application for the nginx-ingress grpc example -httpbin | A simple HTTP Request & Response Service for e2e tests +httpbun | A simple HTTP Request & Response Service for e2e tests +httpbin | [Removed] we are no longer maintaining the httpbin image due to project being unmaintained nginx | NGINX base image using [alpine linux](https://www.alpinelinux.org) cfssl | Image to run cfssl commands diff --git a/images/custom-error-pages/README.md b/images/custom-error-pages/README.md index 88983591f..cd6df3e0a 100644 --- a/images/custom-error-pages/README.md +++ b/images/custom-error-pages/README.md @@ -1,3 +1,3 @@ # custom-error-pages -Example of Custom error pages for the NGINX Ingress controller +Example of Custom error pages for the Ingress-Nginx Controller diff --git a/images/httpbin/Makefile b/images/httpbun/Makefile similarity index 97% rename from images/httpbin/Makefile rename to images/httpbun/Makefile index a2ba07400..bcb8c7be2 100644 --- a/images/httpbin/Makefile +++ b/images/httpbun/Makefile @@ -23,7 +23,7 @@ TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA) REGISTRY ?= local -IMAGE = $(REGISTRY)/e2e-test-httpbin +IMAGE = $(REGISTRY)/e2e-test-httpbun # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled diff --git a/images/httpbin/cloudbuild.yaml b/images/httpbun/cloudbuild.yaml similarity index 94% rename from images/httpbin/cloudbuild.yaml rename to images/httpbun/cloudbuild.yaml index e9df202b8..9e3af5935 100644 --- a/images/httpbin/cloudbuild.yaml +++ b/images/httpbun/cloudbuild.yaml @@ -18,7 +18,7 @@ steps: - -c - | gcloud auth configure-docker \ - && cd images/httpbin && make push + && cd images/httpbun && make push substitutions: _GIT_TAG: "12345" _PULL_BASE_REF: "master" diff --git a/images/httpbin/rootfs/Dockerfile b/images/httpbun/rootfs/Dockerfile similarity index 61% rename from images/httpbin/rootfs/Dockerfile rename to images/httpbun/rootfs/Dockerfile index a05f6872f..a1775d303 100644 --- a/images/httpbin/rootfs/Dockerfile +++ b/images/httpbun/rootfs/Dockerfile @@ -12,21 +12,23 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.17.2 +FROM golang:1.20 AS builder ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 +ENV HTTPBUN_COMMIT=a6b387c438b664322734250e426b6966966c2fe4 -RUN apk upgrade && apk update \ - && apk add --no-cache \ - python3 python3-dev \ - musl-dev gcc g++ make \ - libffi libffi-dev libstdc++ \ - py3-gevent py3-gunicorn py3-wheel \ - py3-pip \ - && pip3 install httpbin \ - && apk del python3-dev musl-dev gcc g++ make libffi-dev +RUN git clone https://github.com/sharat87/httpbun.git +WORKDIR httpbun +RUN git checkout $HTTPBUN_COMMIT +RUN CGO_ENABLED=0 GOOS=linux go build \ + -installsuffix cgo \ + -trimpath \ + -o bin/httpbun . + +FROM scratch +COPY --from=builder /go/httpbun/bin/httpbun httpbun +ENV HTTPBUN_BIND=0.0.0.0:80 EXPOSE 80 - -CMD ["gunicorn", "-b", "0.0.0.0:80", "httpbin:app", "-k", "gevent"] +ENTRYPOINT ["/httpbun"] diff --git a/magefiles/helm.go b/magefiles/helm.go index d56cbed78..585a93413 100644 --- a/magefiles/helm.go +++ b/magefiles/helm.go @@ -104,7 +104,7 @@ func updateChartReleaseNotes(releasesNotes []string) { CheckIfError(err, "HELM Could not Load Chart to update release notes %s", HelmChartPath) var releaseNoteString string for i := range releasesNotes { - releaseNoteString = fmt.Sprintf("%s - %s\n", releaseNoteString, releasesNotes[i]) + releaseNoteString = fmt.Sprintf("%s - \"%s\"\n", releaseNoteString, releasesNotes[i]) } Info("HELM Release note string %s", releaseNoteString) chart.Annotations["artifacthub.io/changes"] = releaseNoteString diff --git a/magefiles/release.go b/magefiles/release.go index aeaafc3d2..c02b88cfd 100644 --- a/magefiles/release.go +++ b/magefiles/release.go @@ -356,15 +356,17 @@ func makeReleaseNotes(newVersion string) (*ReleaseNote, error) { c1 := ControllerImage{ Digest: controllerDigest, Registry: INGRESS_REGISTRY, - Name: "controller", - Tag: newReleaseNotes.NewControllerVersion, + Name: "ingress-nginx/controller", + Tag: fmt.Sprintf("v%s", newReleaseNotes.Version), } + c2 := ControllerImage{ Digest: controllerChrootDigest, Registry: INGRESS_REGISTRY, - Name: "controller-chroot", - Tag: newReleaseNotes.NewControllerVersion, + Name: "ingress-nginx/controller-chroot", + Tag: fmt.Sprintf("v%s", newReleaseNotes.Version), } + newReleaseNotes.ControllerImages = append(newReleaseNotes.ControllerImages, c1) newReleaseNotes.ControllerImages = append(newReleaseNotes.ControllerImages, c2) Debug("New Release Controller Images %s %s", newReleaseNotes.ControllerImages[0].Digest, newReleaseNotes.ControllerImages[1].Digest) @@ -413,7 +415,7 @@ func (r ReleaseNote) helmTemplate() { Debug("ChangeLog Templates %s", string(changelogTemplate)) t := template.Must(template.New("changelog").Parse(string(changelogTemplate))) // create a new file - file, err := os.Create(fmt.Sprintf("charts/ingress-nginx/changelog/Changelog-%s.md", r.Version)) + file, err := os.Create(fmt.Sprintf("charts/ingress-nginx/changelog/Changelog-%s.md", r.NewHelmChartVersion)) if err != nil { ErrorF("Could not create changelog file %s", err) } diff --git a/mkdocs.yml b/mkdocs.yml index 62c0ccf48..39eab9ef0 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,4 +1,4 @@ -site_name: NGINX Ingress Controller +site_name: Ingress-Nginx Controller repo_name: "kubernetes/ingress-nginx" repo_url: https://github.com/kubernetes/ingress-nginx site_url: https://kubernetes.github.io/ingress-nginx diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index a49989f30..9b3a47de3 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -188,8 +188,10 @@ http { geoip2 /etc/nginx/geoip/GeoLite2-Country.mmdb { $geoip2_country_code source=$remote_addr country iso_code; $geoip2_country_name source=$remote_addr country names en; + $geoip2_country_geoname_id source=$remote_addr country geoname_id; $geoip2_continent_code source=$remote_addr continent code; $geoip2_continent_name source=$remote_addr continent names en; + $geoip2_continent_geoname_id source=$remote_addr continent geoname_id; } {{ end }} @@ -197,8 +199,10 @@ http { geoip2 /etc/nginx/geoip/GeoIP2-Country.mmdb { $geoip2_country_code source=$remote_addr country iso_code; $geoip2_country_name source=$remote_addr country names en; + $geoip2_country_geoname_id source=$remote_addr country geoname_id; $geoip2_continent_code source=$remote_addr continent code; $geoip2_continent_name source=$remote_addr continent names en; + $geoip2_continent_geoname_id source=$remote_addr continent geoname_id; } {{ end }} @@ -206,7 +210,9 @@ http { geoip2 /etc/nginx/geoip/GeoLite2-City.mmdb { $geoip2_city_country_code source=$remote_addr country iso_code; $geoip2_city_country_name source=$remote_addr country names en; + $geoip2_city_country_geoname_id source=$remote_addr country geoname_id; $geoip2_city source=$remote_addr city names en; + $geoip2_city_geoname_id source=$remote_addr city geoname_id; $geoip2_postal_code source=$remote_addr postal code; $geoip2_dma_code source=$remote_addr location metro_code; $geoip2_latitude source=$remote_addr location latitude; @@ -214,8 +220,10 @@ http { $geoip2_time_zone source=$remote_addr location time_zone; $geoip2_region_code source=$remote_addr subdivisions 0 iso_code; $geoip2_region_name source=$remote_addr subdivisions 0 names en; + $geoip2_region_geoname_id source=$remote_addr subdivisions 0 geoname_id; $geoip2_subregion_code source=$remote_addr subdivisions 1 iso_code; $geoip2_subregion_name source=$remote_addr subdivisions 1 names en; + $geoip2_subregion_geoname_id source=$remote_addr subdivisions 1 geoname_id; } {{ end }} @@ -223,7 +231,9 @@ http { geoip2 /etc/nginx/geoip/GeoIP2-City.mmdb { $geoip2_city_country_code source=$remote_addr country iso_code; $geoip2_city_country_name source=$remote_addr country names en; + $geoip2_city_country_geoname_id source=$remote_addr country geoname_id; $geoip2_city source=$remote_addr city names en; + $geoip2_city_geoname_id source=$remote_addr city geoname_id; $geoip2_postal_code source=$remote_addr postal code; $geoip2_dma_code source=$remote_addr location metro_code; $geoip2_latitude source=$remote_addr location latitude; @@ -231,8 +241,10 @@ http { $geoip2_time_zone source=$remote_addr location time_zone; $geoip2_region_code source=$remote_addr subdivisions 0 iso_code; $geoip2_region_name source=$remote_addr subdivisions 0 names en; + $geoip2_region_geoname_id source=$remote_addr subdivisions 0 geoname_id; $geoip2_subregion_code source=$remote_addr subdivisions 1 iso_code; $geoip2_subregion_name source=$remote_addr subdivisions 1 names en; + $geoip2_subregion_geoname_id source=$remote_addr subdivisions 1 geoname_id; } {{ end }} diff --git a/test/data/config.json b/test/data/config.json index 5d8a88cbe..d51e1c40b 100644 --- a/test/data/config.json +++ b/test/data/config.json @@ -413,7 +413,7 @@ "secured": false }, "externalAuth": { - "url": "https://httpbin.org/basic-auth/user/passwd", + "url": "https://httpbun.com/basic-auth/user/passwd", "method": "", "sendBody": false }, @@ -59354,7 +59354,7 @@ "secured": false }, "externalAuth": { - "url": "https://httpbin.org/basic-auth/user/passwd", + "url": "https://httpbun.com/basic-auth/user/passwd", "method": "", "sendBody": false }, @@ -60272,4 +60272,4 @@ "failTimeout": 0 }] }] -} \ No newline at end of file +} diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index e3d0bcb2e..4ca034825 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -19,13 +19,14 @@ package annotations import ( "context" "fmt" - "golang.org/x/crypto/bcrypt" "net/http" "net/url" "regexp" "strings" "time" + "golang.org/x/crypto/bcrypt" + "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" @@ -389,10 +390,10 @@ http { assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint") assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint") - httpbinIP := e.Subsets[0].Addresses[0].IP + httpbunIP := e.Subsets[0].Addresses[0].IP annotations = map[string]string{ - "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbinIP), + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbunIP), "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", } @@ -456,21 +457,21 @@ http { var ing *networking.Ingress ginkgo.BeforeEach(func() { - f.NewHttpbinDeployment() + f.NewHttpbunDeployment() - err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1) + err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1) assert.Nil(ginkgo.GinkgoT(), err) - e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{}) + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{}) assert.Nil(ginkgo.GinkgoT(), err) assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint") assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint") - httpbinIP := e.Subsets[0].Addresses[0].IP + httpbunIP := e.Subsets[0].Addresses[0].IP annotations = map[string]string{ - "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP), + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbunIP), "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", } @@ -649,20 +650,20 @@ http { var ing *networking.Ingress ginkgo.BeforeEach(func() { - f.NewHttpbinDeployment() + f.NewHttpbunDeployment() - var httpbinIP string + var httpbunIP string - err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1) + err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1) assert.Nil(ginkgo.GinkgoT(), err) - e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{}) + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{}) assert.Nil(ginkgo.GinkgoT(), err) - httpbinIP = e.Subsets[0].Addresses[0].IP + httpbunIP = e.Subsets[0].Addresses[0].IP annotations = map[string]string{ - "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP), + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbunIP), "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", "nginx.ingress.kubernetes.io/auth-signin-redirect-param": "orig", } @@ -728,23 +729,23 @@ http { barPath := "/bar" ginkgo.BeforeEach(func() { - f.NewHttpbinDeployment() + f.NewHttpbunDeployment() - err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1) + err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1) assert.Nil(ginkgo.GinkgoT(), err) framework.Sleep(1 * time.Second) - e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{}) + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{}) assert.Nil(ginkgo.GinkgoT(), err) assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint") assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint") - httpbinIP := e.Subsets[0].Addresses[0].IP + httpbunIP := e.Subsets[0].Addresses[0].IP annotations := map[string]string{ - "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP), + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbunIP), "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", "nginx.ingress.kubernetes.io/auth-cache-key": "fixed", "nginx.ingress.kubernetes.io/auth-cache-duration": "200 201 401 30m", @@ -777,7 +778,7 @@ http { Expect(). Status(http.StatusOK) - err := f.DeleteDeployment(framework.HTTPBinService) + err := f.DeleteDeployment(framework.HTTPBunService) assert.Nil(ginkgo.GinkgoT(), err) framework.Sleep() @@ -797,7 +798,7 @@ http { Expect(). Status(http.StatusOK) - err := f.DeleteDeployment(framework.HTTPBinService) + err := f.DeleteDeployment(framework.HTTPBunService) assert.Nil(ginkgo.GinkgoT(), err) framework.Sleep() @@ -826,7 +827,7 @@ http { Expect(). Status(http.StatusOK) - err := f.DeleteDeployment(framework.HTTPBinService) + err := f.DeleteDeployment(framework.HTTPBunService) assert.Nil(ginkgo.GinkgoT(), err) framework.Sleep() diff --git a/test/e2e/annotations/grpc.go b/test/e2e/annotations/grpc.go index 39349e701..046191b21 100644 --- a/test/e2e/annotations/grpc.go +++ b/test/e2e/annotations/grpc.go @@ -125,7 +125,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() { ginkgo.It("authorization metadata should be overwritten by external auth response headers", func() { f.NewGRPCBinDeployment() - f.NewHttpbinDeployment() + f.NewHttpbunDeployment() host := "echo" @@ -149,19 +149,19 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() { } f.EnsureService(svc) - err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1) + err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1) assert.Nil(ginkgo.GinkgoT(), err) - e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{}) + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{}) assert.Nil(ginkgo.GinkgoT(), err) assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint") assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint") - httpbinIP := e.Subsets[0].Addresses[0].IP + httpbunIP := e.Subsets[0].Addresses[0].IP annotations := map[string]string{ - "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/response-headers?authorization=foo", httpbinIP), + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/response-headers?authorization=foo", httpbunIP), "nginx.ingress.kubernetes.io/auth-response-headers": "Authorization", "nginx.ingress.kubernetes.io/backend-protocol": "GRPC", } diff --git a/test/e2e/annotations/satisfy.go b/test/e2e/annotations/satisfy.go index e75464a9d..758ad21a4 100644 --- a/test/e2e/annotations/satisfy.go +++ b/test/e2e/annotations/satisfy.go @@ -85,15 +85,15 @@ var _ = framework.DescribeAnnotation("satisfy", func() { host := "auth" // setup external auth - f.NewHttpbinDeployment() + f.NewHttpbunDeployment() - err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1) + err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1) assert.Nil(ginkgo.GinkgoT(), err) - e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{}) + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{}) assert.Nil(ginkgo.GinkgoT(), err) - httpbinIP := e.Subsets[0].Addresses[0].IP + httpbunIP := e.Subsets[0].Addresses[0].IP // create basic auth secret at ingress s := f.EnsureSecret(buildSecret("uname", "pwd", "basic-secret", f.Namespace)) @@ -105,7 +105,7 @@ var _ = framework.DescribeAnnotation("satisfy", func() { "nginx.ingress.kubernetes.io/auth-realm": "test basic auth", // annotations for external auth - "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP), + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbunIP), "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", // set satisfy any diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 4627a8892..06dfa0c5e 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -19,6 +19,7 @@ package framework import ( "context" "errors" + "fmt" "os" "time" @@ -36,14 +37,18 @@ const EchoService = "echo" // SlowEchoService name of the deployment for the echo app const SlowEchoService = "slow-echo" -// HTTPBinService name of the deployment for the httpbin app -const HTTPBinService = "httpbin" +// HTTPBunService name of the deployment for the httpbun app +const HTTPBunService = "httpbun" + +// NipService name of external service using nip.io +const NIPService = "external-nip" type deploymentOptions struct { namespace string name string replicas int svcAnnotations map[string]string + image string } // WithDeploymentNamespace allows configuring the deployment's namespace @@ -82,18 +87,26 @@ func WithName(n string) func(*deploymentOptions) { } } +// WithImage allows configuring the image for the deployments +func WithImage(i string) func(*deploymentOptions) { + return func(o *deploymentOptions) { + o.image = i + } +} + // NewEchoDeployment creates a new single replica deployment of the echo server image in a particular namespace func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { options := &deploymentOptions{ namespace: f.Namespace, name: EchoService, replicas: 1, + image: "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:4938d1d91a2b7d19454460a8c1b010b89f6ff92d2987fd889ac3e8fc3b70d91a", } for _, o := range opts { o(options) } - deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:4938d1d91a2b7d19454460a8c1b010b89f6ff92d2987fd889ac3e8fc3b70d91a", 80, int32(options.replicas), + deployment := newDeployment(options.name, options.namespace, options.image, 80, int32(options.replicas), nil, nil, nil, []corev1.VolumeMount{}, []corev1.Volume{}, @@ -129,6 +142,85 @@ func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready") } +// BuildNipHost used to generate a nip host for DNS resolving +func BuildNIPHost(ip string) string { + return fmt.Sprintf("%s.nip.io", ip) +} + +// BuildNIPExternalNameService used to generate a service pointing to nip.io to +// help resolve to an IP address +func BuildNIPExternalNameService(f *Framework, ip, portName string) *corev1.Service { + return &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: NIPService, + Namespace: f.Namespace, + }, + Spec: corev1.ServiceSpec{ + ExternalName: BuildNIPHost(ip), + Type: corev1.ServiceTypeExternalName, + Ports: []corev1.ServicePort{ + { + Name: portName, + Port: 80, + TargetPort: intstr.FromInt(80), + Protocol: "TCP", + }, + }, + }, + } +} + +// NewHttpbunDeployment creates a new single replica deployment of the httpbun +// server image in a particular namespace we return the ip for testing purposes +func (f *Framework) NewHttpbunDeployment(opts ...func(*deploymentOptions)) string { + options := &deploymentOptions{ + namespace: f.Namespace, + name: HTTPBunService, + replicas: 1, + image: "registry.k8s.io/ingress-nginx/e2e-test-httpbun:v20230505-v0.0.1", + } + for _, o := range opts { + o(options) + } + + deployment := newDeployment(options.name, options.namespace, options.image, 80, int32(options.replicas), + nil, nil, nil, + []corev1.VolumeMount{}, + []corev1.Volume{}, + true, + ) + + f.EnsureDeployment(deployment) + + service := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: options.name, + Namespace: options.namespace, + Annotations: options.svcAnnotations, + }, + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "http", + Port: 80, + TargetPort: intstr.FromInt(80), + Protocol: corev1.ProtocolTCP, + }, + }, + Selector: map[string]string{ + "app": options.name, + }, + }, + } + + s := f.EnsureService(service) + + err := WaitForEndpoints(f.KubeClientSet, DefaultTimeout, options.name, options.namespace, options.replicas) + assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready") + + return s.Spec.ClusterIPs[0] +} + // NewSlowEchoDeployment creates a new deployment of the slow echo server image in a particular namespace. func (f *Framework) NewSlowEchoDeployment() { cfg := `# @@ -418,11 +510,6 @@ func newDeployment(name, namespace, image string, port int32, replicas int32, co return d } -// NewHttpbinDeployment creates a new single replica deployment of the httpbin image in a particular namespace. -func (f *Framework) NewHttpbinDeployment() { - f.NewDeployment(HTTPBinService, "registry.k8s.io/ingress-nginx/e2e-test-httpbin@sha256:c6372ef57a775b95f18e19d4c735a9819f2e7bb4641e5e3f27287d831dfeb7e8", 80, 1) -} - func (f *Framework) NewDeployment(name, image string, port int32, replicas int32) { f.NewDeploymentWithOpts(name, image, port, replicas, nil, nil, nil, nil, nil, true) } diff --git a/test/e2e/security/request_smuggling.go b/test/e2e/security/request_smuggling.go index 9891480dc..786a7a397 100644 --- a/test/e2e/security/request_smuggling.go +++ b/test/e2e/security/request_smuggling.go @@ -50,9 +50,12 @@ server { f.UpdateNginxConfigMapData("http-snippet", snippet) + //TODO: currently using a self hosted HTTPBun instance results in a 499, we + //should move away from using httpbun.com once we have the httpbun + //deployment as part of the framework ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, map[string]string{ - "nginx.ingress.kubernetes.io/auth-signin": "https://httpbin.org/uuid", - "nginx.ingress.kubernetes.io/auth-url": "https://httpbin.org/basic-auth/user/passwd", + "nginx.ingress.kubernetes.io/auth-signin": "https://httpbun.com/bearer/d4bcba7a-0def-4a31-91a7-47e420adf44b", + "nginx.ingress.kubernetes.io/auth-url": "https://httpbun.com/basic-auth/user/passwd", }) f.EnsureIngress(ing) diff --git a/test/e2e/servicebackend/service_externalname.go b/test/e2e/servicebackend/service_externalname.go index 0d121c671..2fd6cd080 100644 --- a/test/e2e/servicebackend/service_externalname.go +++ b/test/e2e/servicebackend/service_externalname.go @@ -29,44 +29,21 @@ import ( corev1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/ingress-nginx/internal/nginx" "k8s.io/ingress-nginx/test/e2e/framework" ) -func buildHTTPBinExternalNameService(f *framework.Framework, portName string) *corev1.Service { - return &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: framework.HTTPBinService, - Namespace: f.Namespace, - }, - Spec: corev1.ServiceSpec{ - ExternalName: "httpbin.org", - Type: corev1.ServiceTypeExternalName, - Ports: []corev1.ServicePort{ - { - Name: portName, - Port: 80, - TargetPort: intstr.FromInt(80), - Protocol: "TCP", - }, - }, - }, - } -} - var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { f := framework.NewDefaultFramework("type-externalname") ginkgo.It("works with external name set to incomplete fqdn", func() { f.NewEchoDeployment() - host := "echo" svc := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: framework.HTTPBinService, + Name: framework.HTTPBunService, Namespace: f.Namespace, }, Spec: corev1.ServiceSpec{ @@ -77,7 +54,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { f.EnsureService(svc) - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, nil) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, nil) f.EnsureIngress(ing) f.WaitForNginxServer(host, @@ -93,15 +70,19 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { }) ginkgo.It("should return 200 for service type=ExternalName without a port defined", func() { + // This is a workaround so we only depend on a self hosted instance of + // httpbun + ip := f.NewHttpbunDeployment() + host := "echo" svc := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: framework.HTTPBinService, + Name: framework.NIPService, Namespace: f.Namespace, }, Spec: corev1.ServiceSpec{ - ExternalName: "httpbin.org", + ExternalName: framework.BuildNIPHost(ip), Type: corev1.ServiceTypeExternalName, }, } @@ -109,9 +90,9 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { f.EnsureService(svc) annotations := map[string]string{ - "nginx.ingress.kubernetes.io/upstream-vhost": "httpbin.org", + "nginx.ingress.kubernetes.io/upstream-vhost": framework.BuildNIPHost(ip), } - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, annotations) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, annotations) f.EnsureIngress(ing) f.WaitForNginxServer(host, @@ -127,15 +108,19 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { }) ginkgo.It("should return 200 for service type=ExternalName with a port defined", func() { + // This is a workaround so we only depend on a self hosted instance of + // httpbun + ip := f.NewHttpbunDeployment() + host := "echo" - svc := buildHTTPBinExternalNameService(f, host) + svc := framework.BuildNIPExternalNameService(f, ip, host) f.EnsureService(svc) annotations := map[string]string{ - "nginx.ingress.kubernetes.io/upstream-vhost": "httpbin.org", + "nginx.ingress.kubernetes.io/upstream-vhost": framework.BuildNIPHost(ip), } - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, annotations) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, annotations) f.EnsureIngress(ing) f.WaitForNginxServer(host, @@ -155,7 +140,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { svc := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: framework.HTTPBinService, + Name: framework.HTTPBunService, Namespace: f.Namespace, }, Spec: corev1.ServiceSpec{ @@ -166,7 +151,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { f.EnsureService(svc) - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, nil) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, nil) f.EnsureIngress(ing) f.WaitForNginxServer(host, @@ -182,18 +167,22 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { }) ginkgo.It("should return 200 for service type=ExternalName using a port name", func() { + // This is a workaround so we only depend on a self hosted instance of + // httpbun + ip := f.NewHttpbunDeployment() + host := "echo" - svc := buildHTTPBinExternalNameService(f, host) + svc := framework.BuildNIPExternalNameService(f, ip, host) f.EnsureService(svc) annotations := map[string]string{ - "nginx.ingress.kubernetes.io/upstream-vhost": "httpbin.org", + "nginx.ingress.kubernetes.io/upstream-vhost": framework.BuildNIPHost(ip), } - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, annotations) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, annotations) namedBackend := networking.IngressBackend{ Service: &networking.IngressServiceBackend{ - Name: framework.HTTPBinService, + Name: framework.NIPService, Port: networking.ServiceBackendPort{ Name: host, }, @@ -215,22 +204,26 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { }) ginkgo.It("should return 200 for service type=ExternalName using FQDN with trailing dot", func() { + // This is a workaround so we only depend on a self hosted instance of + // httpbun + ip := f.NewHttpbunDeployment() + host := "echo" svc := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: framework.HTTPBinService, + Name: framework.NIPService, Namespace: f.Namespace, }, Spec: corev1.ServiceSpec{ - ExternalName: "httpbin.org.", + ExternalName: framework.BuildNIPHost(ip), Type: corev1.ServiceTypeExternalName, }, } f.EnsureService(svc) - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, nil) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, nil) f.EnsureIngress(ing) f.WaitForNginxServer(host, @@ -246,18 +239,23 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { }) ginkgo.It("should update the external name after a service update", func() { + // This is a workaround so we only depend on a self hosted instance of + // httpbun + ip := f.NewHttpbunDeployment() + host := "echo" - svc := buildHTTPBinExternalNameService(f, host) + svc := framework.BuildNIPExternalNameService(f, ip, host) f.EnsureService(svc) annotations := map[string]string{ - "nginx.ingress.kubernetes.io/upstream-vhost": "httpbin.org", + "nginx.ingress.kubernetes.io/upstream-vhost": framework.BuildNIPHost(ip), } - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, annotations) + + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, annotations) namedBackend := networking.IngressBackend{ Service: &networking.IngressServiceBackend{ - Name: framework.HTTPBinService, + Name: framework.NIPService, Port: networking.ServiceBackendPort{ Name: host, }, @@ -281,13 +279,15 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { assert.Contains(ginkgo.GinkgoT(), body, `"X-Forwarded-Host": "echo"`) - svc, err := f.KubeClientSet.CoreV1().Services(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "unexpected error obtaining httpbin service") + svc, err := f.KubeClientSet.CoreV1().Services(f.Namespace).Get(context.TODO(), framework.NIPService, metav1.GetOptions{}) + assert.Nil(ginkgo.GinkgoT(), err, "unexpected error obtaining external service") - svc.Spec.ExternalName = "eu.httpbin.org" + ip = f.NewHttpbunDeployment(framework.WithDeploymentName("eu-server")) + + svc.Spec.ExternalName = framework.BuildNIPHost(ip) _, err = f.KubeClientSet.CoreV1().Services(f.Namespace).Update(context.Background(), svc, metav1.UpdateOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "unexpected error updating httpbin service") + assert.Nil(ginkgo.GinkgoT(), err, "unexpected error updating external service") framework.Sleep() @@ -301,18 +301,22 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { assert.Contains(ginkgo.GinkgoT(), body, `"X-Forwarded-Host": "echo"`) - ginkgo.By("checking the service is updated to use eu.httpbin.org") + ginkgo.By("checking the service is updated to use new host") curlCmd := fmt.Sprintf("curl --fail --silent http://localhost:%v/configuration/backends", nginx.StatusPort) output, err := f.ExecIngressPod(curlCmd) assert.Nil(ginkgo.GinkgoT(), err) - assert.Contains(ginkgo.GinkgoT(), output, `{"address":"eu.httpbin.org"`) + assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf("{\"address\":\"%s\"", framework.BuildNIPHost(ip))) }) ginkgo.It("should sync ingress on external name service addition/deletion", func() { + // This is a workaround so we only depend on a self hosted instance of + // httpbun + ip := f.NewHttpbunDeployment() + host := "echo" // Create the Ingress first - ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, nil) + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.NIPService, 80, nil) f.EnsureIngress(ing) f.WaitForNginxServer(host, @@ -328,7 +332,7 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { Status(http.StatusServiceUnavailable) // Now create the service - svc := buildHTTPBinExternalNameService(f, host) + svc := framework.BuildNIPExternalNameService(f, ip, host) f.EnsureService(svc) framework.Sleep() @@ -341,9 +345,8 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { Status(http.StatusOK) // And back to 503 after deleting the service - - err := f.KubeClientSet.CoreV1().Services(f.Namespace).Delete(context.TODO(), framework.HTTPBinService, metav1.DeleteOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "unexpected error deleting httpbin service") + err := f.KubeClientSet.CoreV1().Services(f.Namespace).Delete(context.TODO(), framework.NIPService, metav1.DeleteOptions{}) + assert.Nil(ginkgo.GinkgoT(), err, "unexpected error deleting external service") framework.Sleep() diff --git a/test/e2e/settings/brotli.go b/test/e2e/settings/brotli.go index a07eb6c09..a13678f66 100644 --- a/test/e2e/settings/brotli.go +++ b/test/e2e/settings/brotli.go @@ -33,7 +33,7 @@ var _ = framework.IngressNginxDescribe("brotli", func() { host := "brotli" ginkgo.BeforeEach(func() { - f.NewHttpbinDeployment() + f.NewHttpbunDeployment() }) ginkgo.It("should only compress responses that meet the `brotli-min-length` condition", func() { @@ -43,7 +43,7 @@ var _ = framework.IngressNginxDescribe("brotli", func() { f.UpdateNginxConfigMapData("brotli-types", contentEncoding) f.UpdateNginxConfigMapData("brotli-min-length", strconv.Itoa(brotliMinLength)) - f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, nil)) + f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, nil)) f.WaitForNginxConfiguration( func(server string) bool { diff --git a/test/e2e/settings/disable_service_external_name.go b/test/e2e/settings/disable_service_external_name.go index a24cfebde..7f03e5355 100644 --- a/test/e2e/settings/disable_service_external_name.go +++ b/test/e2e/settings/disable_service_external_name.go @@ -50,17 +50,21 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-service-external-name", f }) ginkgo.It("should ignore services of external-name type", func() { - nonexternalhost := "echo-svc.com" externalhost := "echo-external-svc.com" + + ip := f.NewHttpbunDeployment() + svc := framework.BuildNIPExternalNameService(f, ip, "echo") + f.EnsureService(svc) + svcexternal := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Name: "external", Namespace: f.Namespace, }, Spec: corev1.ServiceSpec{ - ExternalName: "httpbin.org", + ExternalName: framework.BuildNIPHost(ip), Type: corev1.ServiceTypeExternalName, }, } diff --git a/test/e2e/settings/global_external_auth.go b/test/e2e/settings/global_external_auth.go index c70b5a9b1..c5964299f 100644 --- a/test/e2e/settings/global_external_auth.go +++ b/test/e2e/settings/global_external_auth.go @@ -50,13 +50,13 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() { ginkgo.BeforeEach(func() { f.NewEchoDeployment() - f.NewHttpbinDeployment() + f.NewHttpbunDeployment() }) ginkgo.Context("when global external authentication is configured", func() { ginkgo.BeforeEach(func() { - globalExternalAuthURL := fmt.Sprintf("http://%s.%s.svc.cluster.local:80/status/401", framework.HTTPBinService, f.Namespace) + globalExternalAuthURL := fmt.Sprintf("http://%s.%s.svc.cluster.local:80/status/401", framework.HTTPBunService, f.Namespace) ginkgo.By("Adding an ingress rule for /foo") fooIng := framework.NewSingleIngress("foo-ingress", fooPath, host, f.Namespace, echoServiceName, 80, nil) @@ -158,7 +158,7 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() { globalExternalAuthCacheKey := "foo" globalExternalAuthCacheDurationSetting := "global-auth-cache-duration" globalExternalAuthCacheDuration := "200 201 401 30m" - globalExternalAuthURL := fmt.Sprintf("http://%s.%s.svc.cluster.local:80/status/200", framework.HTTPBinService, f.Namespace) + globalExternalAuthURL := fmt.Sprintf("http://%s.%s.svc.cluster.local:80/status/200", framework.HTTPBunService, f.Namespace) ginkgo.By("Adding a global-auth-cache-key to configMap") f.SetNginxConfigMapData(map[string]string{ @@ -182,7 +182,7 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() { Expect(). Status(http.StatusOK) - err := f.DeleteDeployment(framework.HTTPBinService) + err := f.DeleteDeployment(framework.HTTPBunService) assert.Nil(ginkgo.GinkgoT(), err) framework.Sleep() @@ -307,9 +307,9 @@ http { assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint") assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint") - httpbinIP := e.Subsets[0].Addresses[0].IP + httpbunIP := e.Subsets[0].Addresses[0].IP - f.UpdateNginxConfigMapData(globalExternalAuthURLSetting, fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbinIP)) + f.UpdateNginxConfigMapData(globalExternalAuthURLSetting, fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbunIP)) ing1 = framework.NewSingleIngress(host, "/", host, f.Namespace, "http-cookie-with-error", 80, nil) f.EnsureIngress(ing1) diff --git a/test/e2e/settings/listen_nondefault_ports.go b/test/e2e/settings/listen_nondefault_ports.go index 61a128040..8b5d22f6e 100644 --- a/test/e2e/settings/listen_nondefault_ports.go +++ b/test/e2e/settings/listen_nondefault_ports.go @@ -98,21 +98,21 @@ var _ = framework.IngressNginxDescribe("[Flag] custom HTTP and HTTPS ports", fun ginkgo.Context("when external authentication is configured", func() { ginkgo.It("should set the X-Forwarded-Port header to 443", func() { - f.NewHttpbinDeployment() + f.NewHttpbunDeployment() - err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1) + err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBunService, f.Namespace, 1) assert.Nil(ginkgo.GinkgoT(), err) - e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBinService, metav1.GetOptions{}) + e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(context.TODO(), framework.HTTPBunService, metav1.GetOptions{}) assert.Nil(ginkgo.GinkgoT(), err) assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets), 1, "expected at least one endpoint") assert.GreaterOrEqual(ginkgo.GinkgoT(), len(e.Subsets[0].Addresses), 1, "expected at least one address ready in the endpoint") - httpbinIP := e.Subsets[0].Addresses[0].IP + httpbunIP := e.Subsets[0].Addresses[0].IP annotations := map[string]string{ - "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbinIP), + "nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/basic-auth/user/password", httpbunIP), "nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start", } diff --git a/test/k6/smoketest.js b/test/k6/smoketest.js index b5ab577a9..8fe9e950a 100644 --- a/test/k6/smoketest.js +++ b/test/k6/smoketest.js @@ -27,7 +27,7 @@ export default function () { const params = { headers: {'host': 'test.ingress-nginx-controller.ga'}, }; - // httpbin.org documents these requests + // httpbun.com documents these requests const req1 = { method: 'GET', url: 'http://test.ingress-nginx-controller.ga/ip', diff --git a/test/test-lua.sh b/test/test-lua.sh index 9c8149eac..fc60023f8 100755 --- a/test/test-lua.sh +++ b/test/test-lua.sh @@ -41,7 +41,7 @@ SHDICT_ARGS=( ) if [ $# -eq 0 ]; then - resty "${SHDICT_ARGS[@]}" ./rootfs/etc/nginx/lua/test/ ./rootfs/etc/nginx/lua/plugins/**/test + resty "${SHDICT_ARGS[@]}" ./rootfs/etc/nginx/lua/test/ ./rootfs/etc/nginx/lua/plugins/**/test ${BUSTED_ARGS} else - resty "${SHDICT_ARGS[@]}" $@ + resty "${SHDICT_ARGS[@]}" $@ ${BUSTED_ARGS} fi