From 6cd7331bd59798bfaa97b4a4e55cf16927d0baf1 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 8 Nov 2023 14:12:22 +0100 Subject: [PATCH 01/35] Repository: Rename `Changelog.md.gotmpl` into `changelog/controller.md.gotmpl`. --- Changelog.md.gotmpl => changelog/controller.md.gotmpl | 0 magefiles/utils/releasenote.go | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename Changelog.md.gotmpl => changelog/controller.md.gotmpl (100%) diff --git a/Changelog.md.gotmpl b/changelog/controller.md.gotmpl similarity index 100% rename from Changelog.md.gotmpl rename to changelog/controller.md.gotmpl diff --git a/magefiles/utils/releasenote.go b/magefiles/utils/releasenote.go index fa883104f..d4e9a757e 100644 --- a/magefiles/utils/releasenote.go +++ b/magefiles/utils/releasenote.go @@ -37,7 +37,7 @@ type ReleaseNote struct { func (r ReleaseNote) Template() { // Files are provided as a slice of strings. - changelogTemplate, err := os.ReadFile("Changelog.md.gotmpl") + changelogTemplate, err := os.ReadFile("changelog/controller.md.gotmpl") if err != nil { ErrorF("Could not read changelog template file %s", err) } From 7e34a676b975b0795ff181ccf75d992ea7c6364d Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 8 Nov 2023 14:12:57 +0100 Subject: [PATCH 02/35] Repository: Improve `changelog/controller.md.gotmpl`. --- changelog/controller.md.gotmpl | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/changelog/controller.md.gotmpl b/changelog/controller.md.gotmpl index d35df8ade..e1ae13cc5 100644 --- a/changelog/controller.md.gotmpl +++ b/changelog/controller.md.gotmpl @@ -1,15 +1,22 @@ # Changelog -### {{ .Version }} -Images: +### {{ .NewControllerVersion }} {{ with .ControllerImages }} -{{ range . }} * {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }} -{{ end }} {{ end }} -### All Changes: -{{ with .Updates }} -{{ range . }}* {{ . }} -{{ end }}{{ end }} -### Dependencies updates: {{ with .DepUpdates }} -{{ range . }}* {{ . }} -{{ end }} {{ end }} +Images: +{{ range . }} +* {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }} +{{- end }} +{{ end }} +{{- with .Updates }} +### All changes: +{{ range . }} +* {{ . }} +{{- end }} +{{ end }} +{{- with .DepUpdates }} +### Dependency updates: +{{ range . }} +* {{ . }} +{{- end }} +{{ end }} **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-{{ .PreviousControllerVersion }}...controller-{{ .NewControllerVersion }} From 84bdad5341e8da721557176049321e3af54dc566 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 8 Nov 2023 13:47:17 +0100 Subject: [PATCH 03/35] Repository: Rename `changelog/Changelog-*.md` into `changelog/controller-*.md`. --- changelog/{Changelog-1.6.4.md => controller-1.6.4.md} | 0 changelog/{Changelog-1.7.0.md => controller-1.7.0.md} | 0 changelog/{Changelog-1.7.1.md => controller-1.7.1.md} | 0 changelog/{Changelog-1.8.0.md => controller-1.8.0.md} | 0 changelog/{Changelog-1.8.1.md => controller-1.8.1.md} | 0 changelog/{Changelog-1.8.2.md => controller-1.8.2.md} | 0 .../{Changelog-1.9.0-beta.0.md => controller-1.9.0-beta.0.md} | 0 changelog/{Changelog-1.9.0.md => controller-1.9.0.md} | 0 changelog/{Changelog-1.9.1.md => controller-1.9.1.md} | 0 changelog/{Changelog-1.9.3.md => controller-1.9.3.md} | 0 changelog/{Changelog-1.9.4.md => controller-1.9.4.md} | 0 magefiles/utils/releasenote.go | 2 +- 12 files changed, 1 insertion(+), 1 deletion(-) rename changelog/{Changelog-1.6.4.md => controller-1.6.4.md} (100%) rename changelog/{Changelog-1.7.0.md => controller-1.7.0.md} (100%) rename changelog/{Changelog-1.7.1.md => controller-1.7.1.md} (100%) rename changelog/{Changelog-1.8.0.md => controller-1.8.0.md} (100%) rename changelog/{Changelog-1.8.1.md => controller-1.8.1.md} (100%) rename changelog/{Changelog-1.8.2.md => controller-1.8.2.md} (100%) rename changelog/{Changelog-1.9.0-beta.0.md => controller-1.9.0-beta.0.md} (100%) rename changelog/{Changelog-1.9.0.md => controller-1.9.0.md} (100%) rename changelog/{Changelog-1.9.1.md => controller-1.9.1.md} (100%) rename changelog/{Changelog-1.9.3.md => controller-1.9.3.md} (100%) rename changelog/{Changelog-1.9.4.md => controller-1.9.4.md} (100%) diff --git a/changelog/Changelog-1.6.4.md b/changelog/controller-1.6.4.md similarity index 100% rename from changelog/Changelog-1.6.4.md rename to changelog/controller-1.6.4.md diff --git a/changelog/Changelog-1.7.0.md b/changelog/controller-1.7.0.md similarity index 100% rename from changelog/Changelog-1.7.0.md rename to changelog/controller-1.7.0.md diff --git a/changelog/Changelog-1.7.1.md b/changelog/controller-1.7.1.md similarity index 100% rename from changelog/Changelog-1.7.1.md rename to changelog/controller-1.7.1.md diff --git a/changelog/Changelog-1.8.0.md b/changelog/controller-1.8.0.md similarity index 100% rename from changelog/Changelog-1.8.0.md rename to changelog/controller-1.8.0.md diff --git a/changelog/Changelog-1.8.1.md b/changelog/controller-1.8.1.md similarity index 100% rename from changelog/Changelog-1.8.1.md rename to changelog/controller-1.8.1.md diff --git a/changelog/Changelog-1.8.2.md b/changelog/controller-1.8.2.md similarity index 100% rename from changelog/Changelog-1.8.2.md rename to changelog/controller-1.8.2.md diff --git a/changelog/Changelog-1.9.0-beta.0.md b/changelog/controller-1.9.0-beta.0.md similarity index 100% rename from changelog/Changelog-1.9.0-beta.0.md rename to changelog/controller-1.9.0-beta.0.md diff --git a/changelog/Changelog-1.9.0.md b/changelog/controller-1.9.0.md similarity index 100% rename from changelog/Changelog-1.9.0.md rename to changelog/controller-1.9.0.md diff --git a/changelog/Changelog-1.9.1.md b/changelog/controller-1.9.1.md similarity index 100% rename from changelog/Changelog-1.9.1.md rename to changelog/controller-1.9.1.md diff --git a/changelog/Changelog-1.9.3.md b/changelog/controller-1.9.3.md similarity index 100% rename from changelog/Changelog-1.9.3.md rename to changelog/controller-1.9.3.md diff --git a/changelog/Changelog-1.9.4.md b/changelog/controller-1.9.4.md similarity index 100% rename from changelog/Changelog-1.9.4.md rename to changelog/controller-1.9.4.md diff --git a/magefiles/utils/releasenote.go b/magefiles/utils/releasenote.go index d4e9a757e..f2e72f921 100644 --- a/magefiles/utils/releasenote.go +++ b/magefiles/utils/releasenote.go @@ -44,7 +44,7 @@ func (r ReleaseNote) Template() { Debug("ChangeLog Templates %s", string(changelogTemplate)) t := template.Must(template.New("changelog").Parse(string(changelogTemplate))) // create a new file - file, err := os.Create(fmt.Sprintf("changelog/Changelog-%s.md", r.Version)) + file, err := os.Create(fmt.Sprintf("changelog/controller-%s.md", r.Version)) if err != nil { ErrorF("Could not create changelog file %s", err) } From 433781c9186609ff6a31c76bbf8e1b5075e1384b Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 8 Nov 2023 14:35:00 +0100 Subject: [PATCH 04/35] Repository: Align `changelog/controller-*.md` to `changelog/controller.md.gotmpl`. --- changelog/controller-1.6.4.md | 14 ++++++++------ changelog/controller-1.7.0.md | 14 ++++++++------ changelog/controller-1.7.1.md | 14 ++++++++------ changelog/controller-1.8.0.md | 17 +++++++---------- changelog/controller-1.8.1.md | 14 ++++++++------ changelog/controller-1.8.2.md | 10 +++++----- changelog/controller-1.9.0-beta.0.md | 14 ++++++++------ changelog/controller-1.9.0.md | 14 ++++++++------ changelog/controller-1.9.1.md | 14 ++++++++------ changelog/controller-1.9.3.md | 14 ++++++++------ changelog/controller-1.9.4.md | 9 +++++---- 11 files changed, 81 insertions(+), 67 deletions(-) diff --git a/changelog/controller-1.6.4.md b/changelog/controller-1.6.4.md index 5f940d1c4..256e5ec09 100644 --- a/changelog/controller-1.6.4.md +++ b/changelog/controller-1.6.4.md @@ -1,12 +1,13 @@ # Changelog ### 1.6.4 + Images: - * registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f - * registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81 - -### All Changes: +* registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f +* registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81 + +### All changes: * remove tests and regex path checks (#9626) * Fix incorrect annotation name in upstream hashing configuration (#9617) @@ -99,7 +100,8 @@ Images: * PDB: Add `maxUnavailable`. (#9278) * add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) -### Dependencies updates: +### Dependency updates: + * Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555) * Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553) * Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552) @@ -132,5 +134,5 @@ Images: * Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.1 (#9317) * Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301) * Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.6.4 diff --git a/changelog/controller-1.7.0.md b/changelog/controller-1.7.0.md index 6a938c5f5..97f0ebf22 100644 --- a/changelog/controller-1.7.0.md +++ b/changelog/controller-1.7.0.md @@ -1,12 +1,13 @@ # Changelog ### 1.7.0 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc + +### All changes: * kick off 1.7.0 build (#9775) * Update exposing-tcp-udp-services.md (#9777) @@ -46,7 +47,8 @@ Images: * Fix incorrect annotation name in upstream hashing configuration (#9617) * Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614) -### Dependencies updates: +### Dependency updates: + * Bump aquasecurity/trivy-action from 0.8.0 to 0.9.2 (#9767) * Bump k8s.io/component-base from 0.26.2 to 0.26.3 (#9764) * Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#9766) @@ -74,5 +76,5 @@ Images: * Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#9610) * Bump github.com/prometheus/client_golang (#9630) * Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#9609) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.6.3...controller-controller-v1.7.0 diff --git a/changelog/controller-1.7.1.md b/changelog/controller-1.7.1.md index 9b8422c7e..632ffe963 100644 --- a/changelog/controller-1.7.1.md +++ b/changelog/controller-1.7.1.md @@ -1,12 +1,13 @@ # Changelog ### 1.7.1 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988 + +### All changes: * Update TAG - 1.7.1 (#9922) * Update dependabot to watch docker images (#9600) @@ -30,7 +31,8 @@ Images: * Values: Fix indention of commented values. (#9812) * The Ingress-Nginx project recently released version 1.7.0 of the controller, but the deployment documentation still referenced version 1.6.4. This commit updates the documentation to reference the latest version, ensuring that users have access to the most up-to-date information. Fixes#9787 (#9788) -### Dependencies updates: +### Dependency updates: + * Bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 (#9912) * Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#9868) * Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#9888) @@ -48,5 +50,5 @@ Images: * Bump github.com/imdario/mergo from 0.3.13 to 0.3.15 (#9795) * Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#9794) * Bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#9822) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.0...controller-controller-v1.7.1 diff --git a/changelog/controller-1.8.0.md b/changelog/controller-1.8.0.md index a109c68ba..48b4cdefa 100644 --- a/changelog/controller-1.8.0.md +++ b/changelog/controller-1.8.0.md @@ -1,31 +1,28 @@ # Changelog ### 1.8.0 + Images: * registry.k8s.io/ingress-nginx/controller:v1.8.0@sha256:744ae2afd433a395eeb13dc03d3313facba92e96ad71d9feaafc85925493fee3 * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.0@sha256:a45e41cd2b7670adf829759878f512d4208d0aec1869dae593a0fecd09a5e49e -### Important Changes: +### Important changes: * Validate path types (#9967) * images: upgrade to Alpine 3.18 (#9997) * Update documentation to reflect project name; Ingress-Nginx Controller -For improving security on our 1.8.0 release includes a -[new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) -that limits the characters accepted on ".spec paths.path" when pathType=Exact or pathType=Prefix, -to alphanumeric characters only. More information can be found on our -[Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing) -, our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) -or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) +For improving security, our 1.8.0 release includes a [new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) that limits the characters accepted on ".spec paths.path" when pathType=Exact or athType=Prefix, to alphanumeric characters only. + +More information can be found on our [Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing), our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) ### Community Updates We are now posting updates and release to our twitter handle, [@IngressNginx](https://twitter.com/IngressNGINX) and on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) -### All Changes: +### All changes: * Add legacy to OpenTelemetry migration doc (#10011) * changed tagsha to recent builds (#10001) @@ -64,4 +61,4 @@ on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernet * Bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 (#9937) * Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#9936) -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0 \ No newline at end of file +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0 diff --git a/changelog/controller-1.8.1.md b/changelog/controller-1.8.1.md index c84a7ce18..16d4a8409 100644 --- a/changelog/controller-1.8.1.md +++ b/changelog/controller-1.8.1.md @@ -1,12 +1,13 @@ # Changelog ### 1.8.1 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd - * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.1@sha256:e0d4121e3c5e39de9122e55e331a32d5ebf8d4d257227cb93ab54a1b912a7627 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd +* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.1@sha256:e0d4121e3c5e39de9122e55e331a32d5ebf8d4d257227cb93ab54a1b912a7627 + +### All changes: * netlify: Only trigger preview when there are changes in docs. (#10144) * changed to updated baseimage and reverted tag (#10143) @@ -48,7 +49,8 @@ Images: * added helmshowvalues example (#10019) * release controller 1.8.0 and chart 4.7.0 (#10017) -### Dependencies updates: +### Dependency updates: + * Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#10133) * Bump google.golang.org/grpc from 1.56.0 to 1.56.1 (#10134) * Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (#10106) @@ -63,5 +65,5 @@ Images: * Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#10042) * Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#10041) * Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#10005) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.0...controller-controller-v1.8.1 diff --git a/changelog/controller-1.8.2.md b/changelog/controller-1.8.2.md index 12a273af2..0c20decc9 100644 --- a/changelog/controller-1.8.2.md +++ b/changelog/controller-1.8.2.md @@ -1,12 +1,13 @@ # Changelog ### 1.8.2 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.8.2@sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.2@sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.8.2@sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.2@sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133 + +### All changes: * Release v1.8.2 and Update Go to v1.21.1 (#10379) * Making auth access logs optional (#10380) @@ -15,5 +16,4 @@ Images: * [release-1.8] Update images tags after adding git data in gcloud (#10233) * [release-1.8] Golang 1.20.6 for test runner (#10231) -### Dependencies updates: **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.1...controller-controller-v1.8.2 diff --git a/changelog/controller-1.9.0-beta.0.md b/changelog/controller-1.9.0-beta.0.md index d1ffe148f..79ecf596e 100644 --- a/changelog/controller-1.9.0-beta.0.md +++ b/changelog/controller-1.9.0-beta.0.md @@ -1,12 +1,13 @@ # Changelog ### 1.9.0-beta.0 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.9.0-beta.0@sha256:531377e4cc9dc62af40d742402222603259673f5a755a64d74122f256dfad8f9 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0-beta.0@sha256:60b4c95349ce2a81a3b2a76423ee483b847b89d3fa8cb148468434f606f3fa0c - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.9.0-beta.0@sha256:531377e4cc9dc62af40d742402222603259673f5a755a64d74122f256dfad8f9 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0-beta.0@sha256:60b4c95349ce2a81a3b2a76423ee483b847b89d3fa8cb148468434f606f3fa0c + +### All changes: * Rework mage (#10418) * Start release of v1.9.0 beta0 (#10407) @@ -59,7 +60,8 @@ Images: * Deprecate and remove AJP support (#10158) * release notes 1.8.1 (#10161) -### Dependencies updates: +### Dependency updates: + * Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355) * Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399) * Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403) @@ -89,5 +91,5 @@ Images: * Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192) * Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191) * Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0-beta.0 diff --git a/changelog/controller-1.9.0.md b/changelog/controller-1.9.0.md index cd5396f05..25442894f 100644 --- a/changelog/controller-1.9.0.md +++ b/changelog/controller-1.9.0.md @@ -1,12 +1,13 @@ # Changelog ### 1.9.0 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.9.0@sha256:c15d1a617858d90fb8f8a2dd60b0676f2bb85c54e3ed11511794b86ec30c8c60 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0@sha256:d9fa7a136de2104fb2ecfcf1666978bfab927f4a125b75c0fb471e6104366ab5 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.9.0@sha256:c15d1a617858d90fb8f8a2dd60b0676f2bb85c54e3ed11511794b86ec30c8c60 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0@sha256:d9fa7a136de2104fb2ecfcf1666978bfab927f4a125b75c0fb471e6104366ab5 + +### All changes: * Rework mage (#10418) * Start release of v1.9.0 beta0 (#10407) @@ -59,7 +60,8 @@ Images: * Deprecate and remove AJP support (#10158) * release notes 1.8.1 (#10161) -### Dependencies updates: +### Dependency updates: + * Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355) * Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399) * Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403) @@ -89,5 +91,5 @@ Images: * Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192) * Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191) * Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0 diff --git a/changelog/controller-1.9.1.md b/changelog/controller-1.9.1.md index 07790098f..b05c88eae 100644 --- a/changelog/controller-1.9.1.md +++ b/changelog/controller-1.9.1.md @@ -1,19 +1,21 @@ # Changelog ### 1.9.1 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.9.1@sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.1@sha256:2ac744ef08850ee86ad7162451a6879f47c1a41c6a757f6b6f913c52103b8836 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.9.1@sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.1@sha256:2ac744ef08850ee86ad7162451a6879f47c1a41c6a757f6b6f913c52103b8836 + +### All changes: * upgrade owasp modsecurity core rule set to v3.3.5 (#10437) * Start v1.9.1 release (#10463) * Accept backend protocol on any case (#10461) * Chart: Rework network policies. (#10438) -### Dependencies updates: +### Dependency updates: + * Bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#10436) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.0...controller-controller-v1.9.1 diff --git a/changelog/controller-1.9.3.md b/changelog/controller-1.9.3.md index 45dfaa371..59ba545d9 100644 --- a/changelog/controller-1.9.3.md +++ b/changelog/controller-1.9.3.md @@ -1,12 +1,13 @@ # Changelog ### 1.9.3 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.3@sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.3@sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86 + +### All changes: * update nginx base, httpbun, e2e, helm webhook cert gen (#10506) * added warning for configuration-snippets usage (#10492) @@ -16,12 +17,13 @@ Images: * update error and otel to have all the arch we support (#10476) * Remove curl from nginx base image (#10477) -### Dependencies updates: +### Dependency updates: + * Bump x/net (#10514) * Bump curl and Go version (#10503) * Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#10496) * Bump github.com/prometheus/client_model (#10486) * Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#10487) * Bump golang.org/x/crypto from 0.13.0 to 0.14.0 (#10485) - + **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.1...controller-controller-v1.9.3 diff --git a/changelog/controller-1.9.4.md b/changelog/controller-1.9.4.md index 5550a9d69..69c6ad2e3 100644 --- a/changelog/controller-1.9.4.md +++ b/changelog/controller-1.9.4.md @@ -1,12 +1,13 @@ # Changelog ### 1.9.4 + Images: - * registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3 - * registry.k8s.io/ingress-nginx/controller-chroot:v1.9.4@sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26 - -### All Changes: +* registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.4@sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26 + +### All changes: * Cherry pick fcgi fix and release v1.9.4 (#10544) From 559c03d1d379542e88b09997300081c5299356ef Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 8 Nov 2023 14:15:07 +0100 Subject: [PATCH 05/35] Chart: Rename `changelog.md.gotmpl` into `changelog/helm-chart.md.gotmpl`. --- .../{changelog.md.gotmpl => changelog/helm-chart.md.gotmpl} | 0 magefiles/utils/releasenote.go | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename charts/ingress-nginx/{changelog.md.gotmpl => changelog/helm-chart.md.gotmpl} (100%) diff --git a/charts/ingress-nginx/changelog.md.gotmpl b/charts/ingress-nginx/changelog/helm-chart.md.gotmpl similarity index 100% rename from charts/ingress-nginx/changelog.md.gotmpl rename to charts/ingress-nginx/changelog/helm-chart.md.gotmpl diff --git a/magefiles/utils/releasenote.go b/magefiles/utils/releasenote.go index f2e72f921..8dc081428 100644 --- a/magefiles/utils/releasenote.go +++ b/magefiles/utils/releasenote.go @@ -58,7 +58,7 @@ func (r ReleaseNote) Template() { func (r ReleaseNote) HelmTemplate() { // Files are provided as a slice of strings. - changelogTemplate, err := os.ReadFile("charts/ingress-nginx/changelog.md.gotmpl") + changelogTemplate, err := os.ReadFile("charts/ingress-nginx/changelog/helm-chart.md.gotmpl") if err != nil { ErrorF("Could not read changelog template file %s", err) } From 84ced1ed1c4018eba38a96066e9f2506a9cc31bf Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 8 Nov 2023 14:15:38 +0100 Subject: [PATCH 06/35] Chart: Improve `changelog/helm-chart.md.gotmpl`. --- charts/ingress-nginx/changelog/helm-chart.md.gotmpl | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/ingress-nginx/changelog/helm-chart.md.gotmpl b/charts/ingress-nginx/changelog/helm-chart.md.gotmpl index de9885670..ef5add55d 100644 --- a/charts/ingress-nginx/changelog/helm-chart.md.gotmpl +++ b/charts/ingress-nginx/changelog/helm-chart.md.gotmpl @@ -2,8 +2,10 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). -### {{ .NewHelmChartVersion }} +### {{ .NewHelmChartVersion }} {{ with .HelmUpdates }} -{{ range . }}* {{ . }} -{{ end }}{{ end }} +{{- range . }} +* {{ . }} +{{- end }} +{{ end }} **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-{{ .PreviousHelmChartVersion }}...helm-chart-{{ .NewHelmChartVersion }} From b8e4e3cebabd84a08c418691a596c1d30b28bc02 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 8 Nov 2023 14:18:19 +0100 Subject: [PATCH 07/35] Chart: Rename `changelog/Changelog-*.md` into `changelog/helm-chart-*.md`. --- .../changelog/{Changelog-4.5.2.md => helm-chart-4.5.2.md} | 0 .../changelog/{Changelog-4.6.0.md => helm-chart-4.6.0.md} | 0 .../changelog/{Changelog-4.6.1.md => helm-chart-4.6.1.md} | 0 .../changelog/{Changelog-4.7.0.md => helm-chart-4.7.0.md} | 0 .../changelog/{Changelog-4.7.1.md => helm-chart-4.7.1.md} | 0 .../changelog/{Changelog-4.7.2.md => helm-chart-4.7.2.md} | 0 .../{Changelog-4.8.0-beta.0.md => helm-chart-4.8.0-beta.0.md} | 0 .../changelog/{Changelog-4.8.0.md => helm-chart-4.8.0.md} | 0 .../changelog/{Changelog-4.8.1.md => helm-chart-4.8.1.md} | 0 .../changelog/{Changelog-4.8.2.md => helm-chart-4.8.2.md} | 4 ++-- .../changelog/{Changelog-4.8.3.md => helm-chart-4.8.3.md} | 1 + magefiles/utils/releasenote.go | 2 +- 12 files changed, 4 insertions(+), 3 deletions(-) rename charts/ingress-nginx/changelog/{Changelog-4.5.2.md => helm-chart-4.5.2.md} (100%) rename charts/ingress-nginx/changelog/{Changelog-4.6.0.md => helm-chart-4.6.0.md} (100%) rename charts/ingress-nginx/changelog/{Changelog-4.6.1.md => helm-chart-4.6.1.md} (100%) rename charts/ingress-nginx/changelog/{Changelog-4.7.0.md => helm-chart-4.7.0.md} (100%) rename charts/ingress-nginx/changelog/{Changelog-4.7.1.md => helm-chart-4.7.1.md} (100%) rename charts/ingress-nginx/changelog/{Changelog-4.7.2.md => helm-chart-4.7.2.md} (100%) rename charts/ingress-nginx/changelog/{Changelog-4.8.0-beta.0.md => helm-chart-4.8.0-beta.0.md} (100%) rename charts/ingress-nginx/changelog/{Changelog-4.8.0.md => helm-chart-4.8.0.md} (100%) rename charts/ingress-nginx/changelog/{Changelog-4.8.1.md => helm-chart-4.8.1.md} (100%) rename charts/ingress-nginx/changelog/{Changelog-4.8.2.md => helm-chart-4.8.2.md} (72%) rename charts/ingress-nginx/changelog/{Changelog-4.8.3.md => helm-chart-4.8.3.md} (99%) diff --git a/charts/ingress-nginx/changelog/Changelog-4.5.2.md b/charts/ingress-nginx/changelog/helm-chart-4.5.2.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.5.2.md rename to charts/ingress-nginx/changelog/helm-chart-4.5.2.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.6.0.md b/charts/ingress-nginx/changelog/helm-chart-4.6.0.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.6.0.md rename to charts/ingress-nginx/changelog/helm-chart-4.6.0.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.6.1.md b/charts/ingress-nginx/changelog/helm-chart-4.6.1.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.6.1.md rename to charts/ingress-nginx/changelog/helm-chart-4.6.1.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.7.0.md b/charts/ingress-nginx/changelog/helm-chart-4.7.0.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.7.0.md rename to charts/ingress-nginx/changelog/helm-chart-4.7.0.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.7.1.md b/charts/ingress-nginx/changelog/helm-chart-4.7.1.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.7.1.md rename to charts/ingress-nginx/changelog/helm-chart-4.7.1.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.7.2.md b/charts/ingress-nginx/changelog/helm-chart-4.7.2.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.7.2.md rename to charts/ingress-nginx/changelog/helm-chart-4.7.2.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.8.0-beta.0.md b/charts/ingress-nginx/changelog/helm-chart-4.8.0-beta.0.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.8.0-beta.0.md rename to charts/ingress-nginx/changelog/helm-chart-4.8.0-beta.0.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.8.0.md b/charts/ingress-nginx/changelog/helm-chart-4.8.0.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.8.0.md rename to charts/ingress-nginx/changelog/helm-chart-4.8.0.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.8.1.md b/charts/ingress-nginx/changelog/helm-chart-4.8.1.md similarity index 100% rename from charts/ingress-nginx/changelog/Changelog-4.8.1.md rename to charts/ingress-nginx/changelog/helm-chart-4.8.1.md diff --git a/charts/ingress-nginx/changelog/Changelog-4.8.2.md b/charts/ingress-nginx/changelog/helm-chart-4.8.2.md similarity index 72% rename from charts/ingress-nginx/changelog/Changelog-4.8.2.md rename to charts/ingress-nginx/changelog/helm-chart-4.8.2.md index 3fbb19f53..9957c1a85 100644 --- a/charts/ingress-nginx/changelog/Changelog-4.8.2.md +++ b/charts/ingress-nginx/changelog/helm-chart-4.8.2.md @@ -4,7 +4,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku ### 4.8.2 -* - "update nginx base, httpbun, e2e, helm webhook cert gen (#10506)" -* - "Update Ingress-Nginx version controller-v1.9.3" +* update nginx base, httpbun, e2e, helm webhook cert gen (#10506) +* Update Ingress-Nginx version controller-v1.9.3 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.1...helm-chart-4.8.2 diff --git a/charts/ingress-nginx/changelog/Changelog-4.8.3.md b/charts/ingress-nginx/changelog/helm-chart-4.8.3.md similarity index 99% rename from charts/ingress-nginx/changelog/Changelog-4.8.3.md rename to charts/ingress-nginx/changelog/helm-chart-4.8.3.md index ca1815bbb..b8d4d56b3 100644 --- a/charts/ingress-nginx/changelog/Changelog-4.8.3.md +++ b/charts/ingress-nginx/changelog/helm-chart-4.8.3.md @@ -3,6 +3,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). ### 4.8.3 + * Update Ingress-Nginx version controller-v1.9.4 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.8.2...helm-chart-4.8.3 diff --git a/magefiles/utils/releasenote.go b/magefiles/utils/releasenote.go index 8dc081428..341595444 100644 --- a/magefiles/utils/releasenote.go +++ b/magefiles/utils/releasenote.go @@ -65,7 +65,7 @@ func (r ReleaseNote) HelmTemplate() { Debug("ChangeLog Templates %s", string(changelogTemplate)) t := template.Must(template.New("changelog").Parse(string(changelogTemplate))) // create a new file - file, err := os.Create(fmt.Sprintf("charts/ingress-nginx/changelog/Changelog-%s.md", r.NewHelmChartVersion)) + file, err := os.Create(fmt.Sprintf("charts/ingress-nginx/changelog/helm-chart-%s.md", r.NewHelmChartVersion)) if err != nil { ErrorF("Could not create changelog file %s", err) } From 7b9e3566f79f9519977958e8cd1afe8f913515b2 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 8 Nov 2023 14:18:55 +0100 Subject: [PATCH 08/35] Chart: Split `CHANGELOG.md` into `changelog/helm-chart-*.md`. --- charts/ingress-nginx/CHANGELOG.md | 460 ------------------ charts/ingress-nginx/changelog/.gitkeep | 0 .../changelog/helm-chart-2.10.0.md | 9 + .../changelog/helm-chart-2.11.0.md | 10 + .../changelog/helm-chart-2.11.1.md | 9 + .../changelog/helm-chart-2.11.2.md | 9 + .../changelog/helm-chart-2.11.3.md | 9 + .../changelog/helm-chart-2.12.0.md | 10 + .../changelog/helm-chart-2.12.1.md | 9 + .../changelog/helm-chart-2.13.0.md | 10 + .../changelog/helm-chart-2.14.0.md | 9 + .../changelog/helm-chart-2.15.0.md | 9 + .../changelog/helm-chart-2.16.0.md | 9 + .../changelog/helm-chart-2.9.0.md | 9 + .../changelog/helm-chart-2.9.1.md | 9 + .../changelog/helm-chart-3.0.0.md | 9 + .../changelog/helm-chart-3.10.0.md | 9 + .../changelog/helm-chart-3.10.1.md | 9 + .../changelog/helm-chart-3.11.0.md | 9 + .../changelog/helm-chart-3.11.1.md | 9 + .../changelog/helm-chart-3.12.0.md | 9 + .../changelog/helm-chart-3.13.0.md | 9 + .../changelog/helm-chart-3.14.0.md | 9 + .../changelog/helm-chart-3.15.0.md | 9 + .../changelog/helm-chart-3.15.1.md | 9 + .../changelog/helm-chart-3.16.0.md | 9 + .../changelog/helm-chart-3.16.1.md | 9 + .../changelog/helm-chart-3.17.0.md | 9 + .../changelog/helm-chart-3.18.0.md | 10 + .../changelog/helm-chart-3.19.0.md | 9 + .../changelog/helm-chart-3.20.0.md | 9 + .../changelog/helm-chart-3.20.1.md | 10 + .../changelog/helm-chart-3.21.0.md | 12 + .../changelog/helm-chart-3.22.0.md | 10 + .../changelog/helm-chart-3.23.0.md | 9 + .../changelog/helm-chart-3.24.0.md | 9 + .../changelog/helm-chart-3.25.0.md | 9 + .../changelog/helm-chart-3.26.0.md | 9 + .../changelog/helm-chart-3.27.0.md | 9 + .../changelog/helm-chart-3.28.0.md | 9 + .../changelog/helm-chart-3.29.0.md | 9 + .../changelog/helm-chart-3.3.0.md | 12 + .../changelog/helm-chart-3.3.1.md | 12 + .../changelog/helm-chart-3.30.0.md | 9 + .../changelog/helm-chart-3.31.0.md | 9 + .../changelog/helm-chart-3.32.0.md | 9 + .../changelog/helm-chart-3.33.0.md | 9 + .../changelog/helm-chart-3.34.0.md | 9 + .../changelog/helm-chart-3.4.0.md | 9 + .../changelog/helm-chart-3.5.0.md | 9 + .../changelog/helm-chart-3.5.1.md | 9 + .../changelog/helm-chart-3.6.0.md | 9 + .../changelog/helm-chart-3.7.0.md | 9 + .../changelog/helm-chart-3.7.1.md | 9 + .../changelog/helm-chart-3.8.0.md | 13 + .../changelog/helm-chart-3.9.0.md | 9 + .../changelog/helm-chart-4.0.1.md | 9 + .../changelog/helm-chart-4.0.10.md | 9 + .../changelog/helm-chart-4.0.11.md | 9 + .../changelog/helm-chart-4.0.12.md | 9 + .../changelog/helm-chart-4.0.13.md | 9 + .../changelog/helm-chart-4.0.14.md | 9 + .../changelog/helm-chart-4.0.15.md | 43 ++ .../changelog/helm-chart-4.0.18.md | 40 ++ .../changelog/helm-chart-4.0.2.md | 9 + .../changelog/helm-chart-4.0.3.md | 9 + .../changelog/helm-chart-4.0.5.md | 9 + .../changelog/helm-chart-4.0.6.md | 12 + .../changelog/helm-chart-4.0.7.md | 10 + .../changelog/helm-chart-4.0.9.md | 9 + .../changelog/helm-chart-4.1.0.md | 21 + .../changelog/helm-chart-4.1.2.md | 11 + .../changelog/helm-chart-4.2.0.md | 47 ++ .../changelog/helm-chart-4.2.1.md | 10 + .../changelog/helm-chart-4.3.0.md | 14 + .../changelog/helm-chart-4.4.0.md | 12 + 76 files changed, 815 insertions(+), 460 deletions(-) delete mode 100644 charts/ingress-nginx/CHANGELOG.md delete mode 100644 charts/ingress-nginx/changelog/.gitkeep create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.10.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.11.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.11.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.11.2.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.11.3.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.12.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.12.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.13.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.14.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.15.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.16.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.9.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-2.9.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.0.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.10.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.10.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.11.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.11.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.12.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.13.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.14.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.15.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.15.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.16.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.16.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.17.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.18.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.19.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.20.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.20.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.21.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.22.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.23.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.24.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.25.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.26.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.27.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.28.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.29.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.3.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.3.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.30.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.31.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.32.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.33.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.34.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.4.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.5.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.5.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.6.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.7.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.7.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.8.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-3.9.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.10.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.11.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.12.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.13.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.14.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.15.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.18.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.2.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.3.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.5.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.6.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.7.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.0.9.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.1.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.1.2.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.2.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.2.1.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.3.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.4.0.md diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md deleted file mode 100644 index 7d81ac1bd..000000000 --- a/charts/ingress-nginx/CHANGELOG.md +++ /dev/null @@ -1,460 +0,0 @@ -# Changelog - -This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). - -### 4.4.0 - -* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238 -* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186 -* #7652 - Updated Helm chart to use the fullname for the electionID if not specified. by @FutureMatt in https://github.com/kubernetes/ingress-nginx/pull/9133 -* Rename controller-wehbooks-networkpolicy.yaml. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9123 - -### 4.3.0 -- Support for Kubernetes v.1.25.0 was added and support for endpoint slices -- Support for Kubernetes v1.20.0 and v1.21.0 was removed -- [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices -- [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 -- [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name -- [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations - -### 4.2.1 - -- The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1 -- "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" - -### 4.2.0 - -- Support for Kubernetes v1.19.0 was removed -- "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0" -- "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name" -- "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1" -- "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16" -- "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process" -- "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix" -- "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check" -- "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16" -- "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0" -- "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process" -- "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable" -- "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15" -- "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2" -- "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format" -- "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API" -- "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide" -- "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs" -- "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14" -- "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0" -- "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5" -- "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement" -- "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver" -- "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step" -- "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha" -- "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path" -- "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases" -- "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds" -- "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps" -- "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)" -- "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard" -- "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0" -- "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2" -- "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos" -- "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it" -- "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0" -- "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0" -- "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3" -- "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1" - -### 4.1.2 - -- "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed" -- "[8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter" -- "[8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart" - -### 4.1.0 - -- "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script" -- "[8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6" -- "[8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod" -- "[8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty" -- "[8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector" -- "[8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies" -- "[8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md" -- "[8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing" -- "[8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist" -- "[8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one" -- "[8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement" -- "[8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation" -- "[8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0" - -### 4.0.18 - -- "[8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build" -- "[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build" -- "[8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge" -- "[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241" -- "[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts" -- "[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error" -- "[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation" -- "[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric" -- "[8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code." -- "[8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image" -- "[8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests" -- "[8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint" -- "[8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1" -- "[8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0" -- "[8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint" -- "[8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial" -- "[8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera" -- "[8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment" -- "[8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation" -- "[8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell" -- "[8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor" -- "[8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations" -- "[8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0" -- "[8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account" -- "[8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description" -- "[8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests" -- "[8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values" -- "[8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1" -- "[8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs" -- "[8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits" -- "[8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations" -- "[8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT" - - -### 4.0.15 - -- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1 -- [8119] https://github.com/kubernetes/ingress-nginx/pull/8119 Update to go v1.17.6 -- [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs -- [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors -- [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release -- [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparison of P… -- [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch -- [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable -- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart -- [8058] https://github.com/kubernetes/ingress-nginx/pull/8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 -- [8054] https://github.com/kubernetes/ingress-nginx/pull/8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0 -- [8051] https://github.com/kubernetes/ingress-nginx/pull/8051 align bug report with feature request regarding kind documentation -- [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045) -- [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues -- [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543 -- [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executable name -- [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners -- [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option -- [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags -- [8021] https://github.com/kubernetes/ingress-nginx/pull/8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified -- [8019] https://github.com/kubernetes/ingress-nginx/pull/8019 Revise main documentation page -- [8018] https://github.com/kubernetes/ingress-nginx/pull/8018 Preserve order of plugin invocation -- [8015] https://github.com/kubernetes/ingress-nginx/pull/8015 Add newline indenting to admission webhook annotations -- [8014] https://github.com/kubernetes/ingress-nginx/pull/8014 Add link to example error page manifest in docs -- [8009] https://github.com/kubernetes/ingress-nginx/pull/8009 Fix spelling in documentation and top-level files -- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml -- [8003] https://github.com/kubernetes/ingress-nginx/pull/8003 Minor improvements (formatting, consistency) in install guide -- [8001] https://github.com/kubernetes/ingress-nginx/pull/8001 fix: go-grpc Dockerfile -- [7999] https://github.com/kubernetes/ingress-nginx/pull/7999 images: use k8s-staging-test-infra/gcb-docker-gcloud -- [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement -- [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation. -- [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs -- [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to default server -- [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog -- [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition - -### 4.0.14 - -- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md - -### 4.0.13 - -- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml - -### 4.0.12 - -- [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs - -### 4.0.11 - -- [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional. - -### 4.0.10 - -- [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0 - -### 4.0.9 - -- [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources - -### 4.0.7 - -- [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx -- [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service - -### 4.0.6 - -- [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx -- [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart -- [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode -- [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1 - -### 4.0.5 - -- [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx - -### 4.0.3 - -- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx - -### 4.0.2 - -- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx - -### 4.0.1 - -- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx - -### 3.34.0 - -- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates - -### 3.33.0 - -- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1 - -### 3.32.0 - -- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA - -### 3.31.0 - -- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes - -### 3.30.0 - -- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints - -### 3.29.0 - -- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor - -### 3.28.0 - -- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs - -### 3.27.0 - -- Update ingress-nginx v0.45.0 - -### 3.26.0 - -- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics - -### 3.25.0 - -- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken - -### 3.24.0 - -- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment - -### 3.23.0 - -- Update ingress-nginx v0.44.0 - -### 3.22.0 - -- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file -- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart - -### 3.21.0 - -- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject -- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values -- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled -- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1 - -### 3.20.1 - -- Do not create KEDA in case of DaemonSets. -- Fix KEDA v2 definition - -### 3.20.0 - -- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled. - -### 3.19.0 - -- Update ingress-nginx v0.43.0 - -### 3.18.0 - -- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy -- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters - -### 3.17.0 - -- Update ingress-nginx v0.42.0 - -### 3.16.1 - -- Fix chart-releaser action - -### 3.16.0 - -- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service - -### 3.15.1 - -- Fix chart-releaser action - -### 3.15.0 - -- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml - -### 3.14.0 - -- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend - -### 3.13.0 - -- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable - -### 3.12.0 - -- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs - -### 3.11.1 - -- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling - -### 3.11.0 - -- Support Keda Autoscaling - -### 3.10.1 - -- Fix regression introduced in 0.41.0 with external authentication - -### 3.10.0 - -- Fix routing regression introduced in 0.41.0 with PathType Exact - -### 3.9.0 - -- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling - -### 3.8.0 - -- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image -- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs -- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend -- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations -- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog - -### 3.7.1 - -- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart - -### 3.7.0 - -- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315) - -### 3.6.0 - -- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector - -### 3.5.1 - -- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release - -### 3.5.0 - -- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations - -### 3.4.0 - -- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288 - -### 3.3.1 - -- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart -- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link -- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0 - -### 3.3.1 - -- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test - -### 3.3.0 - -- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values -- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort -- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression -- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules - -### 3.0.0 - -- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements - -### 2.16.0 - -- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller - -### 2.15.0 - -- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec - -### 2.14.0 - -- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration - -### 2.13.0 - -- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 - -### 2.13.0 - -- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 -- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip - -### 2.12.1 - -- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples - -### 2.12.0 - -- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels -- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting - -### 2.11.3 - -- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH - -### 2.11.2 - -- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version - -### 2.11.1 - -- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1 - -### 2.11.0 - -- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0 -- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe - -### 2.10.0 - -- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image - -### 2.9.1 - -- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823) - -### 2.9.0 - -- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues - - -### TODO - -Keep building the changelog using *git log charts* checking the tag diff --git a/charts/ingress-nginx/changelog/.gitkeep b/charts/ingress-nginx/changelog/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.10.0.md b/charts/ingress-nginx/changelog/helm-chart-2.10.0.md new file mode 100644 index 000000000..b42d6c28b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.10.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.10.0 + +* [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.1...ingress-nginx-2.10.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.11.0.md b/charts/ingress-nginx/changelog/helm-chart-2.11.0.md new file mode 100644 index 000000000..e549b3867 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.11.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.11.0 + +* [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0 +* [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.10.0...ingress-nginx-2.11.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.11.1.md b/charts/ingress-nginx/changelog/helm-chart-2.11.1.md new file mode 100644 index 000000000..d910d3bf4 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.11.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.11.1 + +* [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.0...ingress-nginx-2.11.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.11.2.md b/charts/ingress-nginx/changelog/helm-chart-2.11.2.md new file mode 100644 index 000000000..9f7821005 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.11.2.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.11.2 + +* [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.1...ingress-nginx-2.11.2 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.11.3.md b/charts/ingress-nginx/changelog/helm-chart-2.11.3.md new file mode 100644 index 000000000..344769163 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.11.3.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.11.3 + +* [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.2...ingress-nginx-2.11.3 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.12.0.md b/charts/ingress-nginx/changelog/helm-chart-2.12.0.md new file mode 100644 index 000000000..5cb3888aa --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.12.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.12.0 + +* [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels +* [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.3...ingress-nginx-2.12.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.12.1.md b/charts/ingress-nginx/changelog/helm-chart-2.12.1.md new file mode 100644 index 000000000..94d121db5 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.12.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.12.1 + +* [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.0...ingress-nginx-2.12.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.13.0.md b/charts/ingress-nginx/changelog/helm-chart-2.13.0.md new file mode 100644 index 000000000..01fe0b15d --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.13.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.13.0 + +* [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 +* [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.1...ingress-nginx-2.13.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.14.0.md b/charts/ingress-nginx/changelog/helm-chart-2.14.0.md new file mode 100644 index 000000000..2fb7a5a76 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.14.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.14.0 + +* [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.13.0...ingress-nginx-2.14.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.15.0.md b/charts/ingress-nginx/changelog/helm-chart-2.15.0.md new file mode 100644 index 000000000..543a55927 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.15.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.15.0 + +* [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.14.0...ingress-nginx-2.15.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.16.0.md b/charts/ingress-nginx/changelog/helm-chart-2.16.0.md new file mode 100644 index 000000000..996f4489e --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.16.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.16.0 + +* [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.15.0...ingress-nginx-2.16.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.9.0.md b/charts/ingress-nginx/changelog/helm-chart-2.9.0.md new file mode 100644 index 000000000..11c5f5fed --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.9.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.9.0 + +* [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-TODO...ingress-nginx-2.9.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-2.9.1.md b/charts/ingress-nginx/changelog/helm-chart-2.9.1.md new file mode 100644 index 000000000..7d4314d9c --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-2.9.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 2.9.1 + +* [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.0...ingress-nginx-2.9.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.0.0.md b/charts/ingress-nginx/changelog/helm-chart-3.0.0.md new file mode 100644 index 000000000..a7d50ee3a --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.0.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.0.0 + +* [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.16.0...ingress-nginx-3.0.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.10.0.md b/charts/ingress-nginx/changelog/helm-chart-3.10.0.md new file mode 100644 index 000000000..3369bed03 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.10.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.10.0 + +* Fix routing regression introduced in 0.41.0 with PathType Exact + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.9.0...ingress-nginx-3.10.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.10.1.md b/charts/ingress-nginx/changelog/helm-chart-3.10.1.md new file mode 100644 index 000000000..6ff682e52 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.10.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.10.1 + +* Fix regression introduced in 0.41.0 with external authentication + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.10.0...ingress-nginx-3.10.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.11.0.md b/charts/ingress-nginx/changelog/helm-chart-3.11.0.md new file mode 100644 index 000000000..69ba5506b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.11.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.11.0 + +* Support Keda Autoscaling + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.10.1...ingress-nginx-3.11.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.11.1.md b/charts/ingress-nginx/changelog/helm-chart-3.11.1.md new file mode 100644 index 000000000..4e81f4b41 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.11.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.11.1 + +* [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.11.0...ingress-nginx-3.11.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.12.0.md b/charts/ingress-nginx/changelog/helm-chart-3.12.0.md new file mode 100644 index 000000000..41b9744de --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.12.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.12.0 + +* [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.11.1...ingress-nginx-3.12.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.13.0.md b/charts/ingress-nginx/changelog/helm-chart-3.13.0.md new file mode 100644 index 000000000..0855a7913 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.13.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.13.0 + +* [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.12.0...ingress-nginx-3.13.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.14.0.md b/charts/ingress-nginx/changelog/helm-chart-3.14.0.md new file mode 100644 index 000000000..e07880bf4 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.14.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.14.0 + +* [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.13.0...ingress-nginx-3.14.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.15.0.md b/charts/ingress-nginx/changelog/helm-chart-3.15.0.md new file mode 100644 index 000000000..3053a3548 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.15.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.15.0 + +* [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.14.0...ingress-nginx-3.15.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.15.1.md b/charts/ingress-nginx/changelog/helm-chart-3.15.1.md new file mode 100644 index 000000000..f11ee0a76 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.15.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.15.1 + +* Fix chart-releaser action + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.15.0...ingress-nginx-3.15.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.16.0.md b/charts/ingress-nginx/changelog/helm-chart-3.16.0.md new file mode 100644 index 000000000..fba30b171 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.16.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.16.0 + +* [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.15.1...helm-chart-3.16.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.16.1.md b/charts/ingress-nginx/changelog/helm-chart-3.16.1.md new file mode 100644 index 000000000..650d1b8fa --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.16.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.16.1 + +* Fix chart-releaser action + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.16.0...helm-chart-3.16.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.17.0.md b/charts/ingress-nginx/changelog/helm-chart-3.17.0.md new file mode 100644 index 000000000..175c7a264 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.17.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.17.0 + +* Update ingress-nginx v0.42.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.16.1...helm-chart-3.17.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.18.0.md b/charts/ingress-nginx/changelog/helm-chart-3.18.0.md new file mode 100644 index 000000000..31b815e4e --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.18.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.18.0 + +* [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy +* [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.17.0...helm-chart-3.18.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.19.0.md b/charts/ingress-nginx/changelog/helm-chart-3.19.0.md new file mode 100644 index 000000000..0970bf02c --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.19.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.19.0 + +* Update ingress-nginx v0.43.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.18.0...helm-chart-3.19.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.20.0.md b/charts/ingress-nginx/changelog/helm-chart-3.20.0.md new file mode 100644 index 000000000..4b81ae42f --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.20.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.20.0 + +* [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled. + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.19.0...helm-chart-3.20.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.20.1.md b/charts/ingress-nginx/changelog/helm-chart-3.20.1.md new file mode 100644 index 000000000..952bf2bd3 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.20.1.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.20.1 + +* Do not create KEDA in case of DaemonSets. +* Fix KEDA v2 definition + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.20.0...helm-chart-3.20.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.21.0.md b/charts/ingress-nginx/changelog/helm-chart-3.21.0.md new file mode 100644 index 000000000..25edbefd9 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.21.0.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.21.0 + +* [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject +* [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values +* [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled +* [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.20.1...helm-chart-3.21.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.22.0.md b/charts/ingress-nginx/changelog/helm-chart-3.22.0.md new file mode 100644 index 000000000..147d66421 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.22.0.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.22.0 + +* [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file +* [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.21.0...helm-chart-3.22.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.23.0.md b/charts/ingress-nginx/changelog/helm-chart-3.23.0.md new file mode 100644 index 000000000..5dcb50fa8 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.23.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.23.0 + +* Update ingress-nginx v0.44.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.22.0...helm-chart-3.23.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.24.0.md b/charts/ingress-nginx/changelog/helm-chart-3.24.0.md new file mode 100644 index 000000000..d7db808b1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.24.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.24.0 + +* [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.23.0...helm-chart-3.24.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.25.0.md b/charts/ingress-nginx/changelog/helm-chart-3.25.0.md new file mode 100644 index 000000000..f9679a124 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.25.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.25.0 + +* [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.24.0...helm-chart-3.25.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.26.0.md b/charts/ingress-nginx/changelog/helm-chart-3.26.0.md new file mode 100644 index 000000000..0c3a1df68 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.26.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.26.0 + +* [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.25.0...helm-chart-3.26.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.27.0.md b/charts/ingress-nginx/changelog/helm-chart-3.27.0.md new file mode 100644 index 000000000..8113d7b9b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.27.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.27.0 + +* Update ingress-nginx v0.45.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.26.0...helm-chart-3.27.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.28.0.md b/charts/ingress-nginx/changelog/helm-chart-3.28.0.md new file mode 100644 index 000000000..eee0ccbec --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.28.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.28.0 + +* [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.27.0...helm-chart-3.28.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.29.0.md b/charts/ingress-nginx/changelog/helm-chart-3.29.0.md new file mode 100644 index 000000000..f0fabdce1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.29.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.29.0 + +* [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.28.0...helm-chart-3.29.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.3.0.md b/charts/ingress-nginx/changelog/helm-chart-3.3.0.md new file mode 100644 index 000000000..09fab3756 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.3.0.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.3.0 + +* [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values +* [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort +* [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression +* [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.0.0...ingress-nginx-3.3.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.3.1.md b/charts/ingress-nginx/changelog/helm-chart-3.3.1.md new file mode 100644 index 000000000..81f44fdbd --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.3.1.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.3.1 + +* [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart +* [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link +* [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0 +* [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.3.0...ingress-nginx-3.3.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.30.0.md b/charts/ingress-nginx/changelog/helm-chart-3.30.0.md new file mode 100644 index 000000000..77ad6b41b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.30.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.30.0 + +* [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.29.0...helm-chart-3.30.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.31.0.md b/charts/ingress-nginx/changelog/helm-chart-3.31.0.md new file mode 100644 index 000000000..bc07fed76 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.31.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.31.0 + +* [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.30.0...helm-chart-3.31.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.32.0.md b/charts/ingress-nginx/changelog/helm-chart-3.32.0.md new file mode 100644 index 000000000..68f7ed6b2 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.32.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.32.0 + +* [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.31.0...helm-chart-3.32.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.33.0.md b/charts/ingress-nginx/changelog/helm-chart-3.33.0.md new file mode 100644 index 000000000..b56c5fc1e --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.33.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.33.0 + +* [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.32.0...helm-chart-3.33.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.34.0.md b/charts/ingress-nginx/changelog/helm-chart-3.34.0.md new file mode 100644 index 000000000..a28cd0282 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.34.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.34.0 + +* [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.33.0...helm-chart-3.34.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.4.0.md b/charts/ingress-nginx/changelog/helm-chart-3.4.0.md new file mode 100644 index 000000000..3b4ca9353 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.4.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.4.0 + +* [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.3.1...ingress-nginx-3.4.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.5.0.md b/charts/ingress-nginx/changelog/helm-chart-3.5.0.md new file mode 100644 index 000000000..44991b3bb --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.5.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.5.0 + +* [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.4.0...ingress-nginx-3.5.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.5.1.md b/charts/ingress-nginx/changelog/helm-chart-3.5.1.md new file mode 100644 index 000000000..740f00c45 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.5.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.5.1 + +* [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.5.0...ingress-nginx-3.5.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.6.0.md b/charts/ingress-nginx/changelog/helm-chart-3.6.0.md new file mode 100644 index 000000000..4af7f11a1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.6.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.6.0 + +* [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.5.1...ingress-nginx-3.6.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.7.0.md b/charts/ingress-nginx/changelog/helm-chart-3.7.0.md new file mode 100644 index 000000000..a6b12994b --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.7.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.7.0 + +* [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.6.0...ingress-nginx-3.7.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.7.1.md b/charts/ingress-nginx/changelog/helm-chart-3.7.1.md new file mode 100644 index 000000000..6ba12df91 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.7.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.7.1 + +* [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.7.0...ingress-nginx-3.7.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.8.0.md b/charts/ingress-nginx/changelog/helm-chart-3.8.0.md new file mode 100644 index 000000000..8df250a98 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.8.0.md @@ -0,0 +1,13 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.8.0 + +* [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image +* [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs +* [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend +* [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations +* [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.7.1...ingress-nginx-3.8.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-3.9.0.md b/charts/ingress-nginx/changelog/helm-chart-3.9.0.md new file mode 100644 index 000000000..e8c9def51 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-3.9.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 3.9.0 + +* [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-3.8.0...ingress-nginx-3.9.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.1.md b/charts/ingress-nginx/changelog/helm-chart-4.0.1.md new file mode 100644 index 000000000..7a187b350 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.1.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.1 + +* [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-3.34.0...helm-chart-4.0.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.10.md b/charts/ingress-nginx/changelog/helm-chart-4.0.10.md new file mode 100644 index 000000000..c5d651670 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.10.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.10 + +* [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.9...helm-chart-4.0.10 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.11.md b/charts/ingress-nginx/changelog/helm-chart-4.0.11.md new file mode 100644 index 000000000..554182355 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.11.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.11 + +* [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional. + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.10...helm-chart-4.0.11 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.12.md b/charts/ingress-nginx/changelog/helm-chart-4.0.12.md new file mode 100644 index 000000000..320f6f546 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.12.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.12 + +* [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.11...helm-chart-4.0.12 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.13.md b/charts/ingress-nginx/changelog/helm-chart-4.0.13.md new file mode 100644 index 000000000..edd922814 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.13.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.13 + +* [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.12...helm-chart-4.0.13 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.14.md b/charts/ingress-nginx/changelog/helm-chart-4.0.14.md new file mode 100644 index 000000000..e92701039 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.14.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.14 + +* [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.13...helm-chart-4.0.14 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.15.md b/charts/ingress-nginx/changelog/helm-chart-4.0.15.md new file mode 100644 index 000000000..d3d14a98d --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.15.md @@ -0,0 +1,43 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.15 + +* [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1 +* [8119] https://github.com/kubernetes/ingress-nginx/pull/8119 Update to go v1.17.6 +* [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs +* [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors +* [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release +* [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparison of P… +* [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch +* [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable +* [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart +* [8058] https://github.com/kubernetes/ingress-nginx/pull/8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 +* [8054] https://github.com/kubernetes/ingress-nginx/pull/8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0 +* [8051] https://github.com/kubernetes/ingress-nginx/pull/8051 align bug report with feature request regarding kind documentation +* [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045) +* [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues +* [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543 +* [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executable name +* [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners +* [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option +* [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags +* [8021] https://github.com/kubernetes/ingress-nginx/pull/8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified +* [8019] https://github.com/kubernetes/ingress-nginx/pull/8019 Revise main documentation page +* [8018] https://github.com/kubernetes/ingress-nginx/pull/8018 Preserve order of plugin invocation +* [8015] https://github.com/kubernetes/ingress-nginx/pull/8015 Add newline indenting to admission webhook annotations +* [8014] https://github.com/kubernetes/ingress-nginx/pull/8014 Add link to example error page manifest in docs +* [8009] https://github.com/kubernetes/ingress-nginx/pull/8009 Fix spelling in documentation and top-level files +* [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml +* [8003] https://github.com/kubernetes/ingress-nginx/pull/8003 Minor improvements (formatting, consistency) in install guide +* [8001] https://github.com/kubernetes/ingress-nginx/pull/8001 fix: go-grpc Dockerfile +* [7999] https://github.com/kubernetes/ingress-nginx/pull/7999 images: use k8s-staging-test-infra/gcb-docker-gcloud +* [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement +* [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation. +* [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs +* [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to default server +* [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog +* [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.14...helm-chart-4.0.15 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.18.md b/charts/ingress-nginx/changelog/helm-chart-4.0.18.md new file mode 100644 index 000000000..30a8f75c1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.18.md @@ -0,0 +1,40 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.18 + +* [8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build +* [8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build +* [8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge +* [8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241 +* [8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts +* [8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error +* [8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation +* [8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric +* [8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code. +* [8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image +* [8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests +* [8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint +* [8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 +* [8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0 +* [8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint +* [8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial +* [8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera +* [8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment +* [8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation +* [8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell +* [8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor +* [8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations +* [8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0 +* [8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account +* [8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description +* [8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests +* [8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values +* [8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1 +* [8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs +* [8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits +* [8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations +* [8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.15...helm-chart-4.0.18 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.2.md b/charts/ingress-nginx/changelog/helm-chart-4.0.2.md new file mode 100644 index 000000000..9dbd003a9 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.2.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.2 + +* [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.1...helm-chart-4.0.2 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.3.md b/charts/ingress-nginx/changelog/helm-chart-4.0.3.md new file mode 100644 index 000000000..09b89f66c --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.3.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.3 + +* [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.2...helm-chart-4.0.3 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.5.md b/charts/ingress-nginx/changelog/helm-chart-4.0.5.md new file mode 100644 index 000000000..be67704ba --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.5.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.5 + +* [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.3...helm-chart-4.0.5 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.6.md b/charts/ingress-nginx/changelog/helm-chart-4.0.6.md new file mode 100644 index 000000000..25276e2be --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.6.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.6 + +* [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx +* [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart +* [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode +* [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.5...helm-chart-4.0.6 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.7.md b/charts/ingress-nginx/changelog/helm-chart-4.0.7.md new file mode 100644 index 000000000..50fd9227c --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.7.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.7 + +* [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx +* [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.6...helm-chart-4.0.7 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.0.9.md b/charts/ingress-nginx/changelog/helm-chart-4.0.9.md new file mode 100644 index 000000000..f2f725c93 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.0.9.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.0.9 + +* [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.7...helm-chart-4.0.9 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.1.0.md b/charts/ingress-nginx/changelog/helm-chart-4.1.0.md new file mode 100644 index 000000000..24aaf49ae --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.1.0.md @@ -0,0 +1,21 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.1.0 + +* [8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script +* [8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6 +* [8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod +* [8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty +* [8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector +* [8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies +* [8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md +* [8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing +* [8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist +* [8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one +* [8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement +* [8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation +* [8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.0.18...helm-chart-4.1.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.1.2.md b/charts/ingress-nginx/changelog/helm-chart-4.1.2.md new file mode 100644 index 000000000..0a1d80cf1 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.1.2.md @@ -0,0 +1,11 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.1.2 + +* [8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed +* [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter +* [8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.1.0...helm-chart-4.1.2 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.2.0.md b/charts/ingress-nginx/changelog/helm-chart-4.2.0.md new file mode 100644 index 000000000..2074a0953 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.2.0.md @@ -0,0 +1,47 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.2.0 + +* Support for Kubernetes v1.19.0 was removed +* [8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0 +* [8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name +* [8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1 +* [8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16 +* [8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process +* [8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix +* [8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check +* [8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16 +* [8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 +* [8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process +* [8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable +* [8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15 +* [8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2 +* [8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format +* [8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API +* [8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide +* [8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs +* [8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14 +* [8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 +* [8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5 +* [8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement +* [8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver +* [8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step +* [8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha +* [8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path +* [8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases +* [8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds +* [8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps +* [8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image) +* [8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard +* [8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0 +* [8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2 +* [8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos +* [8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it +* [8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0 +* [8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0 +* [8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3 +* [8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.1.2...helm-chart-4.2.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.2.1.md b/charts/ingress-nginx/changelog/helm-chart-4.2.1.md new file mode 100644 index 000000000..7965bb1c2 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.2.1.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.2.1 + +* The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1 +* [8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.2.0...helm-chart-4.2.1 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.3.0.md b/charts/ingress-nginx/changelog/helm-chart-4.3.0.md new file mode 100644 index 000000000..f9dca22d9 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.3.0.md @@ -0,0 +1,14 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.3.0 + +* Support for Kubernetes v.1.25.0 was added and support for endpoint slices +* Support for Kubernetes v1.20.0 and v1.21.0 was removed +* [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) migrate to endpointslices +* [9059](https://github.com/kubernetes/ingress-nginx/pull/9059) kubewebhookcertgen sha change after go1191 +* [9046](https://github.com/kubernetes/ingress-nginx/pull/9046) Parameterize metrics port name +* [9104](https://github.com/kubernetes/ingress-nginx/pull/9104) Fix yaml formatting error with multiple annotations + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.2.1...helm-chart-4.3.0 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.4.0.md b/charts/ingress-nginx/changelog/helm-chart-4.4.0.md new file mode 100644 index 000000000..20f9e2336 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.4.0.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.4.0 + +* Adding support for disabling liveness and readiness probes to the Helm chart by @njegosrailic in https://github.com/kubernetes/ingress-nginx/pull/9238 +* add:(admission-webhooks) ability to set securityContext by @ybelMekk in https://github.com/kubernetes/ingress-nginx/pull/9186 +* #7652 - Updated Helm chart to use the fullname for the electionID if not specified. by @FutureMatt in https://github.com/kubernetes/ingress-nginx/pull/9133 +* Rename controller-wehbooks-networkpolicy.yaml. by @Gacko in https://github.com/kubernetes/ingress-nginx/pull/9123 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.3.0...helm-chart-4.4.0 From 44e550ea72f673fadeae0559a773feb9cbf3eec6 Mon Sep 17 00:00:00 2001 From: Zadkiel Aharonian Date: Wed, 29 Nov 2023 15:33:08 +0100 Subject: [PATCH 09/35] fix: remove tcpproxy copy error handling --- pkg/tcpproxy/tcp.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkg/tcpproxy/tcp.go b/pkg/tcpproxy/tcp.go index eda4a2746..fba4d21be 100644 --- a/pkg/tcpproxy/tcp.go +++ b/pkg/tcpproxy/tcp.go @@ -125,9 +125,8 @@ func (p *TCPProxy) Handle(conn net.Conn) { func pipe(client, server net.Conn) { doCopy := func(s, c net.Conn, cancel chan<- bool) { - if _, err := io.Copy(s, c); err != nil { - klog.Errorf("Error copying data: %v", err) - } + //nolint:errcheck // No need to catch these errors + io.Copy(s, c) cancel <- true } From a75db69c2e60edd6c355f23292242fd27dab71ea Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 29 Nov 2023 11:44:48 -0500 Subject: [PATCH 10/35] Revert "upgrade nginx" --- go.work.sum | 2 - images/nginx/rootfs/build.sh | 20 +- .../nginx-1.21.4-balancer_status_code.patch | 72 +++++ .../nginx-1.21.4-cache_manager_exit.patch | 19 ++ .../nginx-1.21.4-delayed_posted_events.patch | 98 +++++++ .../patches/nginx-1.21.4-hash_overflow.patch | 20 ++ .../rootfs/patches/nginx-1.21.4-http2.patch | 57 ++++ ...nginx-1.21.4-init_cycle_pool_release.patch | 59 ++++ .../nginx-1.21.4-larger_max_error_str.patch | 13 + .../patches/nginx-1.21.4-no_Werror.patch | 36 +++ .../nginx-1.21.4-proxy_host_port_vars.patch | 19 ++ .../nginx-1.21.4-resolver_conf_parsing.patch | 263 ++++++++++++++++++ ...nx-1.21.4-reuseport_close_unused_fds.patch | 38 +++ ...-1.21.4-single_process_graceful_exit.patch | 75 +++++ .../patches/nginx-1.21.4-socket_cloexec.patch | 185 ++++++++++++ .../nginx-1.21.4-ssl_cert_cb_yield.patch | 64 +++++ .../nginx-1.21.4-ssl_sess_cb_yield.patch | 41 +++ ...stream_proxy_get_next_upstream_tries.patch | 31 +++ ...nx-1.21.4-stream_ssl_preread_no_skip.patch | 13 + .../nginx-1.21.4-upstream_pipelining.patch | 23 ++ ...nginx-1.21.4-upstream_timeout_fields.patch | 112 ++++++++ 21 files changed, 1249 insertions(+), 11 deletions(-) create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-http2.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch create mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch diff --git a/go.work.sum b/go.work.sum index f1f07229e..91bbfc14a 100644 --- a/go.work.sum +++ b/go.work.sum @@ -255,7 +255,6 @@ golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= @@ -268,7 +267,6 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 118dee1be..8bf372f21 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -18,7 +18,7 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.25.3 +export NGINX_VERSION=1.21.6 # Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.2...master export NDK_VERSION=0.3.2 @@ -80,8 +80,8 @@ export LUA_CJSON_VERSION=2.1.0.11 # Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/3.4...master export GEOIP2_VERSION=a607a41a8115fecfc05b5c283c81532a3d605425 -# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20231117...v2.1-agentzh -export LUAJIT_VERSION=2.1-20231117 +# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20230410...v2.1-agentzh +export LUAJIT_VERSION=2.1-20230410 # Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/v0.04...master export LUA_RESTY_BALANCER=0.04 @@ -98,8 +98,8 @@ export LUA_RESTY_COOKIE_VERSION=9533f479371663107b515590fc9daf00d61ebf11 # Check for recent changes: https://github.com/openresty/lua-resty-dns/compare/v0.22...master export LUA_RESTY_DNS=0.22 -# Check for recent changes: https://github.com/ledgetech/lua-resty-http/compare/v0.17.1...master -export LUA_RESTY_HTTP=0.17.1 +# Check for recent changes: https://github.com/ledgetech/lua-resty-http/compare/v0.16.1...master +export LUA_RESTY_HTTP=0ce55d6d15da140ecc5966fa848204c6fd9074e8 # Check for recent changes: https://github.com/openresty/lua-resty-lock/compare/v0.09...master export LUA_RESTY_LOCK=0.09 @@ -195,7 +195,7 @@ mkdir --verbose -p "$BUILD_PATH" cd "$BUILD_PATH" # download, verify and extract the source files -get_src 64c5b975ca287939e828303fa857d22f142b251f17808dfe41733512d9cded86 \ +get_src 66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" get_src aa961eafb8317e0eb8da37eb6e2c9ff42267edd18b56947384e719b85188f58b \ @@ -255,7 +255,7 @@ if [[ ${ARCH} == "s390x" ]]; then get_src 266ed1abb70a9806d97cb958537a44b67db6afb33d3b32292a2d68a2acedea75 \ "https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz" else -get_src cc92968c57c00303eb9eaebf65cc8b29a0f851670f16bb514896ab5057ae381f \ +get_src 77bbcbb24c3c78f51560017288f3118d995fe71240aa379f5818ff6b166712ff \ "https://github.com/openresty/luajit2/archive/v$LUAJIT_VERSION.tar.gz" fi @@ -297,8 +297,8 @@ get_src b4ddcd47db347e9adf5c1e1491a6279a6ae2a3aff3155ef77ea0a65c998a69c1 \ get_src 70e9a01eb32ccade0d5116a25bcffde0445b94ad35035ce06b94ccd260ad1bf0 \ "https://github.com/openresty/lua-resty-dns/archive/v$LUA_RESTY_DNS.tar.gz" -get_src f52a0538b20a2d45025f318c18a138b78f6f88f07713dd0ed502183cb3d16f17 \ - "https://github.com/ledgetech/lua-resty-http/archive/v$LUA_RESTY_HTTP.tar.gz" +get_src 9fcb6db95bc37b6fce77d3b3dc740d593f9d90dce0369b405eb04844d56ac43f \ + "https://github.com/ledgetech/lua-resty-http/archive/$LUA_RESTY_HTTP.tar.gz" get_src 02733575c4aed15f6cab662378e4b071c0a4a4d07940c4ef19a7319e9be943d4 \ "https://github.com/openresty/lua-resty-memcached/archive/v$LUA_RESTY_MEMCACHED_VERSION.tar.gz" @@ -467,6 +467,8 @@ make install cd "$BUILD_PATH" git clone --depth=100 https://github.com/google/ngx_brotli.git cd ngx_brotli +# https://github.com/google/ngx_brotli/issues/156 +git reset --hard 63ca02abdcf79c9e788d2eedcc388d2335902e52 git submodule init git submodule update diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch b/images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch new file mode 100644 index 000000000..c4d87e2fb --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch @@ -0,0 +1,72 @@ +diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c +index f8d5707d..6efe0047 100644 +--- a/src/http/ngx_http_upstream.c ++++ b/src/http/ngx_http_upstream.c +@@ -1515,6 +1515,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u) + return; + } + ++ if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { ++ ngx_http_upstream_finalize_request(r, u, rc); ++ return; ++ } ++ + u->state->peer = u->peer.name; + + if (rc == NGX_BUSY) { +diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h +index 3e714e5b..dfbb25e0 100644 +--- a/src/http/ngx_http_upstream.h ++++ b/src/http/ngx_http_upstream.h +@@ -427,4 +427,9 @@ extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[]; + extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[]; + + ++#ifndef HAVE_BALANCER_STATUS_CODE_PATCH ++#define HAVE_BALANCER_STATUS_CODE_PATCH ++#endif ++ ++ + #endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */ +diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h +index 09d24593..d8b4b584 100644 +--- a/src/stream/ngx_stream.h ++++ b/src/stream/ngx_stream.h +@@ -27,6 +27,7 @@ typedef struct ngx_stream_session_s ngx_stream_session_t; + + + #define NGX_STREAM_OK 200 ++#define NGX_STREAM_SPECIAL_RESPONSE 300 + #define NGX_STREAM_BAD_REQUEST 400 + #define NGX_STREAM_FORBIDDEN 403 + #define NGX_STREAM_INTERNAL_SERVER_ERROR 500 +diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c +index 818d7329..329dcdc6 100644 +--- a/src/stream/ngx_stream_proxy_module.c ++++ b/src/stream/ngx_stream_proxy_module.c +@@ -691,6 +691,11 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s) + return; + } + ++ if (rc >= NGX_STREAM_SPECIAL_RESPONSE) { ++ ngx_stream_proxy_finalize(s, rc); ++ return; ++ } ++ + u->state->peer = u->peer.name; + + if (rc == NGX_BUSY) { +diff --git a/src/stream/ngx_stream_upstream.h b/src/stream/ngx_stream_upstream.h +index 73947f46..21bc0ad7 100644 +--- a/src/stream/ngx_stream_upstream.h ++++ b/src/stream/ngx_stream_upstream.h +@@ -151,4 +151,9 @@ ngx_stream_upstream_srv_conf_t *ngx_stream_upstream_add(ngx_conf_t *cf, + extern ngx_module_t ngx_stream_upstream_module; + + ++#ifndef HAVE_BALANCER_STATUS_CODE_PATCH ++#define HAVE_BALANCER_STATUS_CODE_PATCH ++#endif ++ ++ + #endif /* _NGX_STREAM_UPSTREAM_H_INCLUDED_ */ diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch b/images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch new file mode 100644 index 000000000..91ee63a26 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch @@ -0,0 +1,19 @@ +# HG changeset patch +# User Yichun Zhang +# Date 1383598130 28800 +# Node ID f64218e1ac963337d84092536f588b8e0d99bbaa +# Parent dea321e5c0216efccbb23e84bbce7cf3e28f130c +Cache: gracefully exit the cache manager process. + +diff -r dea321e5c021 -r f64218e1ac96 src/os/unix/ngx_process_cycle.c +--- a/src/os/unix/ngx_process_cycle.c Thu Oct 31 18:23:49 2013 +0400 ++++ b/src/os/unix/ngx_process_cycle.c Mon Nov 04 12:48:50 2013 -0800 +@@ -1134,7 +1134,7 @@ + + if (ngx_terminate || ngx_quit) { + ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); +- exit(0); ++ ngx_worker_process_exit(cycle); + } + + if (ngx_reopen) { diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch b/images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch new file mode 100644 index 000000000..687584324 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch @@ -0,0 +1,98 @@ +diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c +index 57af8132..4853945f 100644 +--- a/src/event/ngx_event.c ++++ b/src/event/ngx_event.c +@@ -196,6 +196,9 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle) + ngx_uint_t flags; + ngx_msec_t timer, delta; + ++ ngx_queue_t *q; ++ ngx_event_t *ev; ++ + if (ngx_timer_resolution) { + timer = NGX_TIMER_INFINITE; + flags = 0; +@@ -215,6 +218,13 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle) + #endif + } + ++ if (!ngx_queue_empty(&ngx_posted_delayed_events)) { ++ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, ++ "posted delayed event queue not empty" ++ " making poll timeout 0"); ++ timer = 0; ++ } ++ + if (ngx_use_accept_mutex) { + if (ngx_accept_disabled > 0) { + ngx_accept_disabled--; +@@ -257,6 +267,35 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle) + } + + ngx_event_process_posted(cycle, &ngx_posted_events); ++ ++ while (!ngx_queue_empty(&ngx_posted_delayed_events)) { ++ q = ngx_queue_head(&ngx_posted_delayed_events); ++ ++ ev = ngx_queue_data(q, ngx_event_t, queue); ++ if (ev->delayed) { ++ /* start of newly inserted nodes */ ++ for (/* void */; ++ q != ngx_queue_sentinel(&ngx_posted_delayed_events); ++ q = ngx_queue_next(q)) ++ { ++ ev = ngx_queue_data(q, ngx_event_t, queue); ++ ev->delayed = 0; ++ ++ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, ++ "skipping delayed posted event %p," ++ " till next iteration", ev); ++ } ++ ++ break; ++ } ++ ++ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, ++ "delayed posted event %p", ev); ++ ++ ngx_delete_posted_event(ev); ++ ++ ev->handler(ev); ++ } + } + + +@@ -600,6 +639,7 @@ ngx_event_process_init(ngx_cycle_t *cycle) + + ngx_queue_init(&ngx_posted_accept_events); + ngx_queue_init(&ngx_posted_events); ++ ngx_queue_init(&ngx_posted_delayed_events); + + if (ngx_event_timer_init(cycle->log) == NGX_ERROR) { + return NGX_ERROR; +diff --git a/src/event/ngx_event_posted.c b/src/event/ngx_event_posted.c +index d851f3d1..b6cea009 100644 +--- a/src/event/ngx_event_posted.c ++++ b/src/event/ngx_event_posted.c +@@ -12,6 +12,7 @@ + + ngx_queue_t ngx_posted_accept_events; + ngx_queue_t ngx_posted_events; ++ngx_queue_t ngx_posted_delayed_events; + + + void +diff --git a/src/event/ngx_event_posted.h b/src/event/ngx_event_posted.h +index 145d30fe..6c388553 100644 +--- a/src/event/ngx_event_posted.h ++++ b/src/event/ngx_event_posted.h +@@ -43,6 +43,9 @@ void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted); + + extern ngx_queue_t ngx_posted_accept_events; + extern ngx_queue_t ngx_posted_events; ++extern ngx_queue_t ngx_posted_delayed_events; ++ ++#define HAVE_POSTED_DELAYED_EVENTS_PATCH + + + #endif /* _NGX_EVENT_POSTED_H_INCLUDED_ */ diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch b/images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch new file mode 100644 index 000000000..449d214ba --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch @@ -0,0 +1,20 @@ +# HG changeset patch +# User Yichun Zhang +# Date 1412276417 25200 +# Thu Oct 02 12:00:17 2014 -0700 +# Node ID 4032b992f23b054c1a2cfb0be879330d2c6708e5 +# Parent 1ff0f68d9376e3d184d65814a6372856bf65cfcd +Hash: buffer overflow might happen when exceeding the pre-configured limits. + +diff -r 1ff0f68d9376 -r 4032b992f23b src/core/ngx_hash.c +--- a/src/core/ngx_hash.c Tue Sep 30 15:50:28 2014 -0700 ++++ b/src/core/ngx_hash.c Thu Oct 02 12:00:17 2014 -0700 +@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t *hinit, ng + continue; + } + ++ size--; ++ + ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0, + "could not build optimal %s, you should increase " + "either %s_max_size: %i or %s_bucket_size: %i; " diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-http2.patch b/images/nginx/rootfs/patches/nginx-1.21.4-http2.patch new file mode 100644 index 000000000..3b9d57736 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-http2.patch @@ -0,0 +1,57 @@ +#commit 6ceef192e7af1c507826ac38a2d43f08bf265fb9 +#repository: https://github.com/nginx/nginx +#Author: Maxim Dounin +#Date: Tue Oct 10 15:13:39 2023 +0300 +diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c +index 7c05ff1e7..410a8be24 100644 +--- a/src/http/v2/ngx_http_v2.c ++++ b/src/http/v2/ngx_http_v2.c +@@ -347,6 +347,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev) + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler"); + + h2c->blocked = 1; ++ h2c->new_streams = 0; + + if (c->close) { + c->close = 0; +@@ -1284,6 +1285,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + goto rst_stream; + } + ++ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many streams at once"); ++ ++ status = NGX_HTTP_V2_REFUSED_STREAM; ++ goto rst_stream; ++ } ++ + if (!h2c->settings_ack + && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) + && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) +@@ -1349,6 +1358,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + + rst_stream: + ++ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many refused streams"); ++ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); ++ } ++ + if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); + } +diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h +index cb9014ccf..6751b3026 100644 +--- a/src/http/v2/ngx_http_v2.h ++++ b/src/http/v2/ngx_http_v2.h +@@ -131,6 +131,8 @@ struct ngx_http_v2_connection_s { + ngx_uint_t processing; + ngx_uint_t frames; + ngx_uint_t idle; ++ ngx_uint_t new_streams; ++ ngx_uint_t refused_streams; + ngx_uint_t priority_limit; + + size_t send_window; \ No newline at end of file diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch b/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch new file mode 100644 index 000000000..9cfa4f7cb --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch @@ -0,0 +1,59 @@ +diff -rup nginx-1.21.4/src/core/nginx.c nginx-1.21.4-patched/src/core/nginx.c +--- nginx-1.21.4/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 ++++ nginx-1.21.4-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 +@@ -186,6 +186,7 @@ static u_char *ngx_prefix; + static u_char *ngx_conf_file; + static u_char *ngx_conf_params; + static char *ngx_signal; ++ngx_pool_t *saved_init_cycle_pool = NULL; + + + static char **ngx_os_environ; +@@ -253,6 +254,8 @@ main(int argc, char *const *argv) + return 1; + } + ++ saved_init_cycle_pool = init_cycle.pool; ++ + if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) { + return 1; + } +diff -rup nginx-1.21.4/src/core/ngx_core.h nginx-1.21.4-patched/src/core/ngx_core.h +--- nginx-1.21.4/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.21.4-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 +@@ -108,4 +108,6 @@ void ngx_cpuinfo(void); + #define NGX_DISABLE_SYMLINKS_NOTOWNER 2 + #endif + ++extern ngx_pool_t *saved_init_cycle_pool; ++ + #endif /* _NGX_CORE_H_INCLUDED_ */ +diff -rup nginx-1.21.4/src/core/ngx_cycle.c nginx-1.21.4-patched/src/core/ngx_cycle.c +--- nginx-1.21.4/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.21.4-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 +@@ -748,6 +748,10 @@ old_shm_zone_done: + + if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) { + ++ if (ngx_is_init_cycle(old_cycle)) { ++ saved_init_cycle_pool = NULL; ++ } ++ + ngx_destroy_pool(old_cycle->pool); + cycle->old_cycle = NULL; + +diff -rup nginx-1.21.4/src/os/unix/ngx_process_cycle.c nginx-1.21.4-patched/src/os/unix/ngx_process_cycle.c +--- nginx-1.21.4/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 ++++ nginx-1.21.4-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 +@@ -687,6 +692,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc + ngx_exit_cycle.files_n = ngx_cycle->files_n; + ngx_cycle = &ngx_exit_cycle; + ++ if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) { ++ ngx_destroy_pool(saved_init_cycle_pool); ++ saved_init_cycle_pool = NULL; ++ } ++ + ngx_destroy_pool(cycle->pool); + + exit(0); diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch b/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch new file mode 100644 index 000000000..c89032c9f --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch @@ -0,0 +1,13 @@ +--- nginx-1.21.4/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 ++++ nginx-1.21.4-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 +@@ -64,7 +64,9 @@ struct ngx_log_s { + }; + + +-#define NGX_MAX_ERROR_STR 2048 ++#ifndef NGX_MAX_ERROR_STR ++#define NGX_MAX_ERROR_STR 4096 ++#endif + + + /*********************************/ diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch b/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch new file mode 100644 index 000000000..f4d6fd0e5 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch @@ -0,0 +1,36 @@ +diff -urp nginx-1.21.4/auto/cc/clang nginx-1.21.4-patched/auto/cc/clang +--- nginx-1.21.4/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.21.4-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 +@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali + CFLAGS="$CFLAGS -Wno-unused-parameter" + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.21.4/auto/cc/gcc nginx-1.21.4-patched/auto/cc/gcc +--- nginx-1.21.4/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.21.4-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 +@@ -168,7 +168,7 @@ esac + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.21.4/auto/cc/icc nginx-1.21.4-patched/auto/cc/icc +--- nginx-1.21.4/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.21.4-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 +@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in + esac + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch b/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch new file mode 100644 index 000000000..01cebd65a --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch @@ -0,0 +1,19 @@ +--- nginx-1.21.4/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 ++++ nginx-1.21.4-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 +@@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach + static ngx_http_variable_t ngx_http_proxy_vars[] = { + + { ngx_string("proxy_host"), NULL, ngx_http_proxy_host_variable, 0, +- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, ++ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, + + { ngx_string("proxy_port"), NULL, ngx_http_proxy_port_variable, 0, +- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, ++ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, + + { ngx_string("proxy_add_x_forwarded_for"), NULL, +- ngx_http_proxy_add_x_forwarded_for_variable, 0, NGX_HTTP_VAR_NOHASH, 0 }, ++ ngx_http_proxy_add_x_forwarded_for_variable, 0, 0, 0 }, + + #if 0 + { ngx_string("proxy_add_via"), NULL, NULL, 0, NGX_HTTP_VAR_NOHASH, 0 }, diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch b/images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch new file mode 100644 index 000000000..8638cdf2a --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch @@ -0,0 +1,263 @@ +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index cd55520c..dade1846 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -9,12 +9,26 @@ + #include + #include + ++#if !(NGX_WIN32) ++#include ++#endif ++ + + #define NGX_RESOLVER_UDP_SIZE 4096 + + #define NGX_RESOLVER_TCP_RSIZE (2 + 65535) + #define NGX_RESOLVER_TCP_WSIZE 8192 + ++#if !(NGX_WIN32) ++/* ++ * note that 2KB should be more than enough for majority of the ++ * resolv.conf files out there. it also acts as a safety guard to prevent ++ * abuse. ++ */ ++#define NGX_RESOLVER_FILE_BUF_SIZE 2048 ++#define NGX_RESOLVER_FILE_NAME "/etc/resolv.conf" ++#endif ++ + + typedef struct { + u_char ident_hi; +@@ -131,6 +145,191 @@ static ngx_resolver_node_t *ngx_resolver_lookup_addr6(ngx_resolver_t *r, + #endif + + ++#if !(NGX_WIN32) ++static ngx_int_t ++ngx_resolver_read_resolv_conf(ngx_conf_t *cf, ngx_resolver_t *r, u_char *path, ++ size_t path_len) ++{ ++ ngx_url_t u; ++ ngx_resolver_connection_t *rec; ++ ngx_fd_t fd; ++ ngx_file_t file; ++ u_char buf[NGX_RESOLVER_FILE_BUF_SIZE]; ++ u_char ipv6_buf[NGX_INET6_ADDRSTRLEN]; ++ ngx_uint_t address = 0, j, total = 0; ++ ssize_t n, i; ++ enum { ++ sw_nameserver, ++ sw_spaces, ++ sw_address, ++ sw_skip ++ } state; ++ ++ file.name.data = path; ++ file.name.len = path_len; ++ ++ if (ngx_conf_full_name(cf->cycle, &file.name, 1) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY, ++ NGX_FILE_OPEN, 0); ++ ++ if (fd == NGX_INVALID_FILE) { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, ++ ngx_open_file_n " \"%s\" failed", file.name.data); ++ ++ return NGX_ERROR; ++ } ++ ++ ngx_memzero(&file, sizeof(ngx_file_t)); ++ ++ file.fd = fd; ++ file.log = cf->log; ++ ++ state = sw_nameserver; ++ ++ n = ngx_read_file(&file, buf, NGX_RESOLVER_FILE_BUF_SIZE, 0); ++ ++ if (n == NGX_ERROR) { ++ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno, ++ ngx_read_file_n " \"%s\" failed", file.name.data); ++ } ++ ++ if (ngx_close_file(file.fd) == NGX_FILE_ERROR) { ++ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno, ++ ngx_close_file_n " \"%s\" failed", file.name.data); ++ } ++ ++ if (n == NGX_ERROR) { ++ return NGX_ERROR; ++ } ++ ++ if (n == 0) { ++ return NGX_OK; ++ } ++ ++ for (i = 0; i < n && total < MAXNS; /* void */) { ++ if (buf[i] == '#' || buf[i] == ';') { ++ state = sw_skip; ++ } ++ ++ switch (state) { ++ ++ case sw_nameserver: ++ ++ if ((size_t) n - i >= sizeof("nameserver") - 1 ++ && ngx_memcmp(buf + i, "nameserver", ++ sizeof("nameserver") - 1) == 0) ++ { ++ state = sw_spaces; ++ i += sizeof("nameserver") - 1; ++ ++ continue; ++ } ++ ++ break; ++ ++ case sw_spaces: ++ if (buf[i] != '\t' && buf[i] != ' ') { ++ address = i; ++ state = sw_address; ++ } ++ ++ break; ++ ++ case sw_address: ++ ++ if (buf[i] == CR || buf[i] == LF || i == n - 1) { ++ ngx_memzero(&u, sizeof(ngx_url_t)); ++ ++ u.url.data = buf + address; ++ ++ if (i == n - 1 && buf[i] != CR && buf[i] != LF) { ++ u.url.len = n - address; ++ ++ } else { ++ u.url.len = i - address; ++ } ++ ++ u.default_port = 53; ++ ++ /* IPv6? */ ++ if (ngx_strlchr(u.url.data, u.url.data + u.url.len, ++ ':') != NULL) ++ { ++ if (u.url.len + 2 > sizeof(ipv6_buf)) { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ++ "IPv6 resolver address is too long:" ++ " \"%V\"", &u.url); ++ ++ return NGX_ERROR; ++ } ++ ++ ipv6_buf[0] = '['; ++ ngx_memcpy(ipv6_buf + 1, u.url.data, u.url.len); ++ ipv6_buf[u.url.len + 1] = ']'; ++ ++ u.url.data = ipv6_buf; ++ u.url.len = u.url.len + 2; ++ } ++ ++ if (ngx_parse_url(cf->pool, &u) != NGX_OK) { ++ if (u.err) { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ++ "%s in resolver \"%V\"", ++ u.err, &u.url); ++ } ++ ++ return NGX_ERROR; ++ } ++ ++ rec = ngx_array_push_n(&r->connections, u.naddrs); ++ if (rec == NULL) { ++ return NGX_ERROR; ++ } ++ ++ ngx_memzero(rec, u.naddrs * sizeof(ngx_resolver_connection_t)); ++ ++ for (j = 0; j < u.naddrs; j++) { ++ rec[j].sockaddr = u.addrs[j].sockaddr; ++ rec[j].socklen = u.addrs[j].socklen; ++ rec[j].server = u.addrs[j].name; ++ rec[j].resolver = r; ++ } ++ ++ total++; ++ ++#if (NGX_DEBUG) ++ /* ++ * logs with level below NGX_LOG_NOTICE will not be printed ++ * in this early phase ++ */ ++ ngx_conf_log_error(NGX_LOG_NOTICE, cf, 0, ++ "parsed a resolver: \"%V\"", &u.url); ++#endif ++ ++ state = sw_nameserver; ++ } ++ ++ break; ++ ++ case sw_skip: ++ if (buf[i] == CR || buf[i] == LF) { ++ state = sw_nameserver; ++ } ++ ++ break; ++ } ++ ++ i++; ++ } ++ ++ return NGX_OK; ++} ++#endif ++ ++ + ngx_resolver_t * + ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) + { +@@ -246,6 +445,39 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) + } + #endif + ++#if !(NGX_WIN32) ++ if (ngx_strncmp(names[i].data, "local=", 6) == 0) { ++ ++ if (ngx_strcmp(&names[i].data[6], "on") == 0) { ++ if (ngx_resolver_read_resolv_conf(cf, r, ++ (u_char *) ++ NGX_RESOLVER_FILE_NAME, ++ sizeof(NGX_RESOLVER_FILE_NAME) ++ - 1) ++ != NGX_OK) ++ { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ++ "unable to parse local resolver"); ++ return NULL; ++ } ++ ++ } else if (ngx_strcmp(&names[i].data[6], "off") != 0) { ++ if (ngx_resolver_read_resolv_conf(cf, r, ++ &names[i].data[6], ++ names[i].len - 6) ++ != NGX_OK) ++ { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ++ "unable to parse local resolver"); ++ return NULL; ++ } ++ ++ } ++ ++ continue; ++ } ++#endif ++ + ngx_memzero(&u, sizeof(ngx_url_t)); + + u.url = names[i]; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch b/images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch new file mode 100644 index 000000000..ff4a36fd2 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch @@ -0,0 +1,38 @@ +diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c +--- a/src/core/ngx_connection.c ++++ b/src/core/ngx_connection.c +@@ -1118,6 +1118,12 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle) + ls = cycle->listening.elts; + for (i = 0; i < cycle->listening.nelts; i++) { + ++#if (NGX_HAVE_REUSEPORT) ++ if (ls[i].fd == (ngx_socket_t) -1) { ++ continue; ++ } ++#endif ++ + c = ls[i].connection; + + if (c) { +diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c +--- a/src/event/ngx_event.c ++++ b/src/event/ngx_event.c +@@ -775,6 +775,18 @@ ngx_event_process_init(ngx_cycle_t *cycle) + + #if (NGX_HAVE_REUSEPORT) + if (ls[i].reuseport && ls[i].worker != ngx_worker) { ++ ngx_log_debug2(NGX_LOG_DEBUG_CORE, cycle->log, 0, ++ "closing unused fd:%d listening on %V", ++ ls[i].fd, &ls[i].addr_text); ++ ++ if (ngx_close_socket(ls[i].fd) == -1) { ++ ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_socket_errno, ++ ngx_close_socket_n " %V failed", ++ &ls[i].addr_text); ++ } ++ ++ ls[i].fd = (ngx_socket_t) -1; ++ + continue; + } + #endif diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch b/images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch new file mode 100644 index 000000000..2754fc2fe --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch @@ -0,0 +1,75 @@ +diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c +index 15680237..12a8c687 100644 +--- a/src/os/unix/ngx_process.c ++++ b/src/os/unix/ngx_process.c +@@ -362,8 +362,15 @@ ngx_signal_handler(int signo, siginfo_t *siginfo, void *ucontext) + break; + + case ngx_signal_value(NGX_RECONFIGURE_SIGNAL): +- ngx_reconfigure = 1; +- action = ", reconfiguring"; ++ if (ngx_process == NGX_PROCESS_SINGLE) { ++ ngx_terminate = 1; ++ action = ", exiting"; ++ ++ } else { ++ ngx_reconfigure = 1; ++ action = ", reconfiguring"; ++ } ++ + break; + + case ngx_signal_value(NGX_REOPEN_SIGNAL): +diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c +index 5817a2c2..f3d58e97 100644 +--- a/src/os/unix/ngx_process_cycle.c ++++ b/src/os/unix/ngx_process_cycle.c +@@ -305,11 +305,26 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) + } + + for ( ;; ) { ++ if (ngx_exiting) { ++ if (ngx_event_no_timers_left() == NGX_OK) { ++ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); ++ ++ for (i = 0; cycle->modules[i]; i++) { ++ if (cycle->modules[i]->exit_process) { ++ cycle->modules[i]->exit_process(cycle); ++ } ++ } ++ ++ ngx_master_process_exit(cycle); ++ } ++ } ++ + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle"); + + ngx_process_events_and_timers(cycle); + +- if (ngx_terminate || ngx_quit) { ++ if (ngx_terminate) { ++ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); + + for (i = 0; cycle->modules[i]; i++) { + if (cycle->modules[i]->exit_process) { +@@ -320,6 +335,20 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) + ngx_master_process_exit(cycle); + } + ++ if (ngx_quit) { ++ ngx_quit = 0; ++ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, ++ "gracefully shutting down"); ++ ngx_setproctitle("process is shutting down"); ++ ++ if (!ngx_exiting) { ++ ngx_exiting = 1; ++ ngx_set_shutdown_timer(cycle); ++ ngx_close_listening_sockets(cycle); ++ ngx_close_idle_connections(cycle); ++ } ++ } ++ + if (ngx_reconfigure) { + ngx_reconfigure = 0; + ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reconfiguring"); diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch b/images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch new file mode 100644 index 000000000..8ffe4c167 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch @@ -0,0 +1,185 @@ +diff --git a/auto/unix b/auto/unix +index 10835f6c..b5b33bb3 100644 +--- a/auto/unix ++++ b/auto/unix +@@ -990,3 +990,27 @@ ngx_feature_test='struct addrinfo *res; + if (getaddrinfo("localhost", NULL, NULL, &res) != 0) return 1; + freeaddrinfo(res)' + . auto/feature ++ ++ngx_feature="SOCK_CLOEXEC support" ++ngx_feature_name="NGX_HAVE_SOCKET_CLOEXEC" ++ngx_feature_run=no ++ngx_feature_incs="#include ++ #include " ++ngx_feature_path= ++ngx_feature_libs= ++ngx_feature_test="int fd; ++ fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);" ++. auto/feature ++ ++ngx_feature="FD_CLOEXEC support" ++ngx_feature_name="NGX_HAVE_FD_CLOEXEC" ++ngx_feature_run=no ++ngx_feature_incs="#include ++ #include ++ #include " ++ngx_feature_path= ++ngx_feature_libs= ++ngx_feature_test="int fd; ++ fd = socket(AF_INET, SOCK_STREAM, 0); ++ fcntl(fd, F_SETFD, FD_CLOEXEC);" ++. auto/feature +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index cd55520c..438e0806 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -4466,8 +4466,14 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec) + ngx_event_t *rev, *wev; + ngx_connection_t *c; + ++#if (NGX_HAVE_SOCKET_CLOEXEC) ++ s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0); ++ ++#else + s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM, 0); + ++#endif ++ + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, &rec->log, 0, "TCP socket %d", s); + + if (s == (ngx_socket_t) -1) { +@@ -4494,6 +4500,15 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec) + goto failed; + } + ++#if (NGX_HAVE_FD_CLOEXEC) ++ if (ngx_cloexec(s) == -1) { ++ ngx_log_error(NGX_LOG_ALERT, &rec->log, ngx_socket_errno, ++ ngx_cloexec_n " failed"); ++ ++ goto failed; ++ } ++#endif ++ + rev = c->read; + wev = c->write; + +diff --git a/src/event/ngx_event.h b/src/event/ngx_event.h +index 19fec68..8c2f01a 100644 +--- a/src/event/ngx_event.h ++++ b/src/event/ngx_event.h +@@ -73,6 +73,9 @@ struct ngx_event_s { + /* to test on worker exit */ + unsigned channel:1; + unsigned resolver:1; ++#if (HAVE_SOCKET_CLOEXEC_PATCH) ++ unsigned skip_socket_leak_check:1; ++#endif + + unsigned cancelable:1; + +diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c +index 77563709..5827b9d0 100644 +--- a/src/event/ngx_event_accept.c ++++ b/src/event/ngx_event_accept.c +@@ -62,7 +62,9 @@ ngx_event_accept(ngx_event_t *ev) + + #if (NGX_HAVE_ACCEPT4) + if (use_accept4) { +- s = accept4(lc->fd, &sa.sockaddr, &socklen, SOCK_NONBLOCK); ++ s = accept4(lc->fd, &sa.sockaddr, &socklen, ++ SOCK_NONBLOCK | SOCK_CLOEXEC); ++ + } else { + s = accept(lc->fd, &sa.sockaddr, &socklen); + } +@@ -202,6 +204,16 @@ ngx_event_accept(ngx_event_t *ev) + ngx_close_accepted_connection(c); + return; + } ++ ++#if (NGX_HAVE_FD_CLOEXEC) ++ if (ngx_cloexec(s) == -1) { ++ ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno, ++ ngx_cloexec_n " failed"); ++ ngx_close_accepted_connection(c); ++ return; ++ } ++#endif ++ + } + } + +diff --git a/src/event/ngx_event_connect.c b/src/event/ngx_event_connect.c +index c5bb8068..cf33b1d2 100644 +--- a/src/event/ngx_event_connect.c ++++ b/src/event/ngx_event_connect.c +@@ -38,8 +38,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc) + + type = (pc->type ? pc->type : SOCK_STREAM); + ++#if (NGX_HAVE_SOCKET_CLOEXEC) ++ s = ngx_socket(pc->sockaddr->sa_family, type | SOCK_CLOEXEC, 0); ++ ++#else + s = ngx_socket(pc->sockaddr->sa_family, type, 0); + ++#endif ++ ++ + ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pc->log, 0, "%s socket %d", + (type == SOCK_STREAM) ? "stream" : "dgram", s); + +@@ -80,6 +87,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc) + goto failed; + } + ++#if (NGX_HAVE_FD_CLOEXEC) ++ if (ngx_cloexec(s) == -1) { ++ ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno, ++ ngx_cloexec_n " failed"); ++ ++ goto failed; ++ } ++#endif ++ + if (pc->local) { + + #if (NGX_HAVE_TRANSPARENT_PROXY) +diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c +index c4376a5..48e8fa8 100644 +--- a/src/os/unix/ngx_process_cycle.c ++++ b/src/os/unix/ngx_process_cycle.c +@@ -960,6 +1029,9 @@ ngx_worker_process_exit(ngx_cycle_t *cycle) + for (i = 0; i < cycle->connection_n; i++) { + if (c[i].fd != -1 + && c[i].read ++#if (HAVE_SOCKET_CLOEXEC_PATCH) ++ && !c[i].read->skip_socket_leak_check ++#endif + && !c[i].read->accept + && !c[i].read->channel + && !c[i].read->resolver) +diff --git a/src/os/unix/ngx_socket.h b/src/os/unix/ngx_socket.h +index fcc51533..d1eebf47 100644 +--- a/src/os/unix/ngx_socket.h ++++ b/src/os/unix/ngx_socket.h +@@ -38,6 +38,17 @@ int ngx_blocking(ngx_socket_t s); + + #endif + ++#if (NGX_HAVE_FD_CLOEXEC) ++ ++#define ngx_cloexec(s) fcntl(s, F_SETFD, FD_CLOEXEC) ++#define ngx_cloexec_n "fcntl(FD_CLOEXEC)" ++ ++/* at least FD_CLOEXEC is required to ensure connection fd is closed ++ * after execve */ ++#define HAVE_SOCKET_CLOEXEC_PATCH 1 ++ ++#endif ++ + int ngx_tcp_nopush(ngx_socket_t s); + int ngx_tcp_push(ngx_socket_t s); + diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch new file mode 100644 index 000000000..89773c05e --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch @@ -0,0 +1,64 @@ +# HG changeset patch +# User Yichun Zhang +# Date 1451762084 28800 +# Sat Jan 02 11:14:44 2016 -0800 +# Node ID 449f0461859c16e95bdb18e8be6b94401545d3dd +# Parent 78b4e10b4367b31367aad3c83c9c3acdd42397c4 +SSL: handled SSL_CTX_set_cert_cb() callback yielding. + +OpenSSL 1.0.2+ introduces SSL_CTX_set_cert_cb() to allow custom +callbacks to serve the SSL certificiates and private keys dynamically +and lazily. The callbacks may yield for nonblocking I/O or sleeping. +Here we added support for such usage in NGINX 3rd-party modules +(like ngx_lua) in NGINX's event handlers for downstream SSL +connections. + +diff -r 78b4e10b4367 -r 449f0461859c src/event/ngx_event_openssl.c +--- a/src/event/ngx_event_openssl.c Thu Dec 17 16:39:15 2015 +0300 ++++ b/src/event/ngx_event_openssl.c Sat Jan 02 11:14:44 2016 -0800 +@@ -1445,6 +1445,23 @@ ngx_ssl_handshake(ngx_connection_t *c) + return NGX_AGAIN; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) { ++ c->read->handler = ngx_ssl_handshake_handler; ++ c->write->handler = ngx_ssl_handshake_handler; ++ ++ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ return NGX_AGAIN; ++ } ++#endif ++ + err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; + + c->ssl->no_wait_shutdown = 1; +@@ -1558,6 +1575,21 @@ ngx_ssl_try_early_data(ngx_connection_t *c) + return NGX_AGAIN; + } + ++ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) { ++ c->read->handler = ngx_ssl_handshake_handler; ++ c->write->handler = ngx_ssl_handshake_handler; ++ ++ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ return NGX_AGAIN; ++ } ++ + err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; + + c->ssl->no_wait_shutdown = 1; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch new file mode 100644 index 000000000..ac5fe65eb --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch @@ -0,0 +1,41 @@ +diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c +--- a/src/event/ngx_event_openssl.c ++++ b/src/event/ngx_event_openssl.c +@@ -1446,7 +1446,12 @@ ngx_ssl_handshake(ngx_connection_t *c) + } + + #if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) { ++ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP ++# ifdef SSL_ERROR_PENDING_SESSION ++ || sslerr == SSL_ERROR_PENDING_SESSION ++# endif ++ ) ++ { + c->read->handler = ngx_ssl_handshake_handler; + c->write->handler = ngx_ssl_handshake_handler; + +@@ -1575,6 +1580,23 @@ ngx_ssl_try_early_data(ngx_connection_t *c) + return NGX_AGAIN; + } + ++#ifdef SSL_ERROR_PENDING_SESSION ++ if (sslerr == SSL_ERROR_PENDING_SESSION) { ++ c->read->handler = ngx_ssl_handshake_handler; ++ c->write->handler = ngx_ssl_handshake_handler; ++ ++ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ return NGX_AGAIN; ++ } ++#endif ++ + err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; + + c->ssl->no_wait_shutdown = 1; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch b/images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch new file mode 100644 index 000000000..cb881f070 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch @@ -0,0 +1,31 @@ +diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h +index 09d2459..de92724 100644 +--- a/src/stream/ngx_stream.h ++++ b/src/stream/ngx_stream.h +@@ -303,4 +303,7 @@ typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s, + extern ngx_stream_filter_pt ngx_stream_top_filter; + + ++#define HAS_NGX_STREAM_PROXY_GET_NEXT_UPSTREAM_TRIES_PATCH 1 ++ ++ + #endif /* _NGX_STREAM_H_INCLUDED_ */ +diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c +index 0afde1c..3254ce1 100644 +--- a/src/stream/ngx_stream_proxy_module.c ++++ b/src/stream/ngx_stream_proxy_module.c +@@ -2156,3 +2156,14 @@ ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) + + return NGX_CONF_OK; + } ++ ++ ++ngx_uint_t ++ngx_stream_proxy_get_next_upstream_tries(ngx_stream_session_t *s) ++{ ++ ngx_stream_proxy_srv_conf_t *pscf; ++ ++ pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); ++ ++ return pscf->next_upstream_tries; ++} diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch b/images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch new file mode 100644 index 000000000..e45e9f69a --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch @@ -0,0 +1,13 @@ +diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c +index e3d11fd9..3717b5fe 100644 +--- a/src/stream/ngx_stream_ssl_preread_module.c ++++ b/src/stream/ngx_stream_ssl_preread_module.c +@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s) + + rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len); + if (rc != NGX_AGAIN) { +- return rc; ++ return rc == NGX_OK ? NGX_DECLINED : rc; + } + + p += len; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch new file mode 100644 index 000000000..aed80365a --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch @@ -0,0 +1,23 @@ +commit f9907b72a76a21ac5413187b83177a919475c75f +Author: Yichun Zhang (agentzh) +Date: Wed Feb 10 16:05:08 2016 -0800 + + bugfix: upstream: keep sending request data after the first write attempt. + + See + http://mailman.nginx.org/pipermail/nginx-devel/2012-March/002040.html + for more details on the issue. + +diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c +index 69019417..92b7c97f 100644 +--- a/src/http/ngx_http_upstream.c ++++ b/src/http/ngx_http_upstream.c +@@ -2239,7 +2239,7 @@ ngx_http_upstream_send_request_handler(ngx_http_request_t *r, + + #endif + +- if (u->header_sent && !u->conf->preserve_output) { ++ if (u->request_body_sent && !u->conf->preserve_output) { + u->write_event_handler = ngx_http_upstream_dummy_handler; + + (void) ngx_handle_write_event(c->write, 0); diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch new file mode 100644 index 000000000..2314ddf80 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch @@ -0,0 +1,112 @@ +diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c +index 69019417..2265d8f7 100644 +--- a/src/http/ngx_http_upstream.c ++++ b/src/http/ngx_http_upstream.c +@@ -509,12 +509,19 @@ void + ngx_http_upstream_init(ngx_http_request_t *r) + { + ngx_connection_t *c; ++ ngx_http_upstream_t *u; + + c = r->connection; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, + "http init upstream, client timer: %d", c->read->timer_set); + ++ u = r->upstream; ++ ++ u->connect_timeout = u->conf->connect_timeout; ++ u->send_timeout = u->conf->send_timeout; ++ u->read_timeout = u->conf->read_timeout; ++ + #if (NGX_HTTP_V2) + if (r->stream) { + ngx_http_upstream_init_request(r); +@@ -1626,7 +1633,7 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u) + u->request_body_blocked = 0; + + if (rc == NGX_AGAIN) { +- ngx_add_timer(c->write, u->conf->connect_timeout); ++ ngx_add_timer(c->write, u->connect_timeout); + return; + } + +@@ -1704,7 +1711,7 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r, + if (rc == NGX_AGAIN) { + + if (!c->write->timer_set) { +- ngx_add_timer(c->write, u->conf->connect_timeout); ++ ngx_add_timer(c->write, u->connect_timeout); + } + + c->ssl->handler = ngx_http_upstream_ssl_handshake_handler; +@@ -2022,7 +2029,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u, + + if (rc == NGX_AGAIN) { + if (!c->write->ready || u->request_body_blocked) { +- ngx_add_timer(c->write, u->conf->send_timeout); ++ ngx_add_timer(c->write, u->send_timeout); + + } else if (c->write->timer_set) { + ngx_del_timer(c->write); +@@ -2084,7 +2091,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u, + return; + } + +- ngx_add_timer(c->read, u->conf->read_timeout); ++ ngx_add_timer(c->read, u->read_timeout); + + if (c->read->ready) { + ngx_http_upstream_process_header(r, u); +@@ -3213,7 +3220,7 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u) + p->cyclic_temp_file = 0; + } + +- p->read_timeout = u->conf->read_timeout; ++ p->read_timeout = u->read_timeout; + p->send_timeout = clcf->send_timeout; + p->send_lowat = clcf->send_lowat; + +@@ -3458,7 +3465,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r, + } + + if (upstream->write->active && !upstream->write->ready) { +- ngx_add_timer(upstream->write, u->conf->send_timeout); ++ ngx_add_timer(upstream->write, u->send_timeout); + + } else if (upstream->write->timer_set) { + ngx_del_timer(upstream->write); +@@ -3470,7 +3477,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r, + } + + if (upstream->read->active && !upstream->read->ready) { +- ngx_add_timer(upstream->read, u->conf->read_timeout); ++ ngx_add_timer(upstream->read, u->read_timeout); + + } else if (upstream->read->timer_set) { + ngx_del_timer(upstream->read); +@@ -3664,7 +3671,7 @@ ngx_http_upstream_process_non_buffered_request(ngx_http_request_t *r, + } + + if (upstream->read->active && !upstream->read->ready) { +- ngx_add_timer(upstream->read, u->conf->read_timeout); ++ ngx_add_timer(upstream->read, u->read_timeout); + + } else if (upstream->read->timer_set) { + ngx_del_timer(upstream->read); +diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h +index c2f4dc0b..b9eef118 100644 +--- a/src/http/ngx_http_upstream.h ++++ b/src/http/ngx_http_upstream.h +@@ -333,6 +333,11 @@ struct ngx_http_upstream_s { + ngx_array_t *caches; + #endif + ++#define HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS 1 ++ ngx_msec_t connect_timeout; ++ ngx_msec_t send_timeout; ++ ngx_msec_t read_timeout; ++ + ngx_http_upstream_headers_in_t headers_in; + + ngx_http_upstream_resolved_t *resolved; From bfc2300c3d0cd35aa16324b35d865b7a0a6f4bbb Mon Sep 17 00:00:00 2001 From: Jmnote Date: Thu, 30 Nov 2023 06:39:51 +0900 Subject: [PATCH 11/35] [charts] add controller.admissionWebhooks.networkPolicyEnabled (#10650) * add controller.admissionWebhooks.networkPolicyEnabled Signed-off-by: Jmnote * .Values.controller.admissionWebhooks.patch.networkPolicy.enabled --------- Signed-off-by: Jmnote --- charts/ingress-nginx/README.md | 1 + .../templates/admission-webhooks/job-patch/networkpolicy.yaml | 2 +- charts/ingress-nginx/values.yaml | 4 ++++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 4a0cb94a2..e2777fbe2 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -259,6 +259,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | | controller.admissionWebhooks.patch.image.tag | string | `"v20231011-8b53cabe0"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | +| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | | controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml index 142e56aeb..a8f38df96 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.networkPolicy.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index cb50b9d07..0842a70bf 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -708,6 +708,10 @@ controller: ## priorityClassName: "" podAnnotations: {} + # NetworkPolicy for webhook patch + networkPolicy: + # -- Enable 'networkPolicy' or not + enabled: false nodeSelector: kubernetes.io/os: linux tolerations: [] From a8decd818299472ead4e9fb2bebad2f2b1abb0d8 Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 30 Nov 2023 16:53:05 -0500 Subject: [PATCH 12/35] update the nginx build (#10707) Signed-off-by: James Strong --- NGINX_BASE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NGINX_BASE b/NGINX_BASE index d6cecf76b..8c12b0f65 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:v20231011-8b53cabe0@sha256:34881d62f71e8573fb765c40585dba28a1148206fbbe2c3871ad3f4e8c6e360f +registry.k8s.io/ingress-nginx/nginx:v20231129-9439e6c71@sha256:ca1349074a0d087d8fca347ea4c04fa12c0275f53f72d6f65118307285efc8ca \ No newline at end of file From 1f06e26080e8531100d0c633f4c9819e97dcb5cb Mon Sep 17 00:00:00 2001 From: Stavros Foteinopoulos Date: Sat, 2 Dec 2023 15:26:23 +0200 Subject: [PATCH 13/35] Add extra configMaps support to helm chart (#10673) * Add extra configMaps support to helm chart Signed-off-by: Stavros Foteinopoulos * Introducing unit tests for helm chart Signed-off-by: Stavros Foteinopoulos --------- Signed-off-by: Stavros Foteinopoulos --- .github/workflows/ci.yaml | 8 +++ .gitignore | 1 + charts/ingress-nginx/.helmignore | 1 + charts/ingress-nginx/Chart.yaml | 2 +- charts/ingress-nginx/README.md | 3 +- .../default-backend-extra-configmaps.yaml | 23 +++++++++ ...default-backend-extra-configmaps_test.yaml | 49 +++++++++++++++++++ charts/ingress-nginx/values.yaml | 15 ++++++ 8 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 charts/ingress-nginx/templates/default-backend-extra-configmaps.yaml create mode 100644 charts/ingress-nginx/tests/default-backend-extra-configmaps_test.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1203be01b..7af11c277 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -163,6 +163,14 @@ jobs: go-version: '1.21.3' check-latest: true + - name: Install Helm Unit Test Plugin + run: | + helm plugin install https://github.com/quintush/helm-unittest + + - name: Run Helm Unit Tests + run: | + helm unittest charts/ingress-nginx -d + - name: cache uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: diff --git a/.gitignore b/.gitignore index 60bf6a304..73108f627 100644 --- a/.gitignore +++ b/.gitignore @@ -61,3 +61,4 @@ cmd/plugin/release/*.tar.gz cmd/plugin/release/LICENSE tmp/ test/junitreports/ +tests/__snapshot__ diff --git a/charts/ingress-nginx/.helmignore b/charts/ingress-nginx/.helmignore index 50af03172..109b40811 100644 --- a/charts/ingress-nginx/.helmignore +++ b/charts/ingress-nginx/.helmignore @@ -20,3 +20,4 @@ .idea/ *.tmproj .vscode/ +__snapshot__ diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 30ca8afaa..b664a6714 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -19,4 +19,4 @@ maintainers: name: ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx -version: 4.8.3 +version: 4.8.4 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index e2777fbe2..c03f290df 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.8.3](https://img.shields.io/badge/Version-4.8.3-informational?style=flat-square) ![AppVersion: 1.9.4](https://img.shields.io/badge/AppVersion-1.9.4-informational?style=flat-square) +![Version: 4.8.4](https://img.shields.io/badge/Version-4.8.4-informational?style=flat-square) ![AppVersion: 1.9.4](https://img.shields.io/badge/AppVersion-1.9.4-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -465,6 +465,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.enabled | bool | `false` | | | defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one | | defaultBackend.extraArgs | object | `{}` | | +| defaultBackend.extraConfigMaps | list | `[]` | | | defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods | | defaultBackend.extraVolumeMounts | list | `[]` | | | defaultBackend.extraVolumes | list | `[]` | | diff --git a/charts/ingress-nginx/templates/default-backend-extra-configmaps.yaml b/charts/ingress-nginx/templates/default-backend-extra-configmaps.yaml new file mode 100644 index 000000000..88b59280b --- /dev/null +++ b/charts/ingress-nginx/templates/default-backend-extra-configmaps.yaml @@ -0,0 +1,23 @@ +{{- if .Values.defaultBackend.enabled }} + {{- range .Values.defaultBackend.extraConfigMaps }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .name }} + namespace: {{ include "ingress-nginx.namespace" $ | quote }} + labels: + {{- include "ingress-nginx.labels" $ | nindent 4 }} + {{- with $.Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{- with .data }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- end }} +{{- end }} + diff --git a/charts/ingress-nginx/tests/default-backend-extra-configmaps_test.yaml b/charts/ingress-nginx/tests/default-backend-extra-configmaps_test.yaml new file mode 100644 index 000000000..b18ceedfa --- /dev/null +++ b/charts/ingress-nginx/tests/default-backend-extra-configmaps_test.yaml @@ -0,0 +1,49 @@ +suite: test default backend extra ConfigMaps +templates: + - default-backend-extra-configmaps.yaml + +tests: + - it: should not create any ConfigMap by default + set: + Release.Namespace: default + defaultBackend.enabled: true + asserts: + - hasDocuments: + count: 0 + + - it: should create one ConfigMap + set: + Release.Namespace: default + defaultBackend.enabled: true + defaultBackend.extraConfigMaps: + - name: my-configmap-1 + data: + key1: value1 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: my-configmap-1 + + - it: should correctly render multiple ConfigMaps + set: + Release.Namespace: nginx + defaultBackend.enabled: true + defaultBackend.extraConfigMaps: + - name: my-configmap-1 + data: + key1: value1 + - name: my-configmap-2 + data: + key2: value2 + asserts: + - hasDocuments: + count: 2 + - isKind: + of: ConfigMap + - matchRegex: + path: metadata.name + pattern: "my-configmap-\\d+" diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 0842a70bf..c1e89d777 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -931,6 +931,21 @@ defaultBackend: ## Additional volumes to the default backend pod. # - name: copy-portal-skins # emptyDir: {} + extraConfigMaps: [] + ## Additional configmaps to the default backend pod. + # Example ConfigMap, uncomment and configure as needed + # - name: my-extra-configmap-1 + # labels: + # type: config-1 + # data: + # extra_file_1.html: | + # + # - name: my-extra-configmap-2 + # labels: + # type: config-2 + # data: + # extra_file_2.html: | + # autoscaling: annotations: {} From 8dfdc30958f951b28fdd56d25edcd0f3285bbcd5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Dec 2023 17:38:42 +0100 Subject: [PATCH 14/35] Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#10724) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/crypto/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 87e4d8873..8988b7461 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 - golang.org/x/crypto v0.15.0 + golang.org/x/crypto v0.16.0 google.golang.org/grpc v1.59.0 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 @@ -104,8 +104,8 @@ require ( golang.org/x/mod v0.13.0 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sys v0.14.0 // indirect - golang.org/x/term v0.14.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.14.0 // indirect diff --git a/go.sum b/go.sum index a325a9c26..2a615836b 100644 --- a/go.sum +++ b/go.sum @@ -399,8 +399,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= -golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= +golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -532,11 +532,11 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= -golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 83f433257282029b2425a5643e8701ba14755fcb Mon Sep 17 00:00:00 2001 From: Ofir Shtrull Date: Tue, 5 Dec 2023 15:47:20 +0200 Subject: [PATCH 15/35] add new serivce type for internal use (#10727) * add new serivce type for internal use * bump chart version * lint * fix tests * fix readme * Update charts/ingress-nginx/Chart.yaml Co-authored-by: Marco Ebert * Update charts/ingress-nginx/values.yaml Co-authored-by: Marco Ebert * rerun helm-docs * Update charts/ingress-nginx/templates/controller-service-internal.yaml Co-authored-by: Marco Ebert * fix values * fix values --------- Co-authored-by: Marco Ebert --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/templates/controller-service-internal.yaml | 2 +- charts/ingress-nginx/values.yaml | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index c03f290df..88b62cca5 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -428,6 +428,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | | controller.service.internal.ports | object | `{}` | Custom port mapping for internal service | | controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service | +| controller.service.internal.type | string | `""` | Type of the internal controller service. | | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | controller.service.labels | object | `{}` | | diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index b69a09f67..8df2d9609 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -15,7 +15,7 @@ metadata: name: {{ include "ingress-nginx.controller.fullname" . }}-internal namespace: {{ include "ingress-nginx.namespace" . }} spec: - type: "{{ .Values.controller.service.type }}" + type: "{{ .Values.controller.service.internal.type | default .Values.controller.service.type }}" {{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }} allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index c1e89d777..d48e847fa 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -525,6 +525,8 @@ controller: # allocateLoadBalancerNodePorts: true # -- Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. loadBalancerIP: "" + # -- Type of the internal controller service. + type: "" # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. loadBalancerSourceRanges: [] ## Set external traffic policy to: "Local" to preserve source IP on From 815a1c56a99e011549a5ba308dda89a925e547d0 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Tue, 5 Dec 2023 17:22:12 +0100 Subject: [PATCH 16/35] Chart: Simplify image templating. (#10708) --- .../admission-webhooks/job-patch/job-createSecret.yaml | 2 +- .../admission-webhooks/job-patch/job-patchWebhook.yaml | 2 +- charts/ingress-nginx/templates/controller-daemonset.yaml | 2 +- charts/ingress-nginx/templates/controller-deployment.yaml | 2 +- charts/ingress-nginx/templates/default-backend-deployment.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index c29083f2b..0a21f856a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -43,7 +43,7 @@ spec: containers: - name: create {{- with .Values.controller.admissionWebhooks.patch.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index cbc4a7619..ce9985aa5 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -43,7 +43,7 @@ spec: containers: - name: patch {{- with .Values.controller.admissionWebhooks.patch.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} {{- end }} imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} args: diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 3aaa92509..e6e28c872 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -77,7 +77,7 @@ spec: containers: - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }} {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index ded282a30..cd59c7979 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -80,7 +80,7 @@ spec: containers: - name: {{ .Values.controller.containerName }} {{- with .Values.controller.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }} {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.lifecycle }} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index ed88e6bc3..66c307563 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -51,7 +51,7 @@ spec: containers: - name: {{ template "ingress-nginx.name" . }}-default-backend {{- with .Values.defaultBackend.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} {{- end }} imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} {{- if .Values.defaultBackend.extraArgs }} From 7e54daa9097ade586595150b2de0caf3e205a7cb Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Tue, 5 Dec 2023 17:25:04 +0100 Subject: [PATCH 17/35] Helm Service: Align internal to external. (#10239) * Service: Align internal to external. * Service: Remove redundant condition. --- charts/ingress-nginx/README.md | 73 +++--- .../controller-service-internal.yaml | 55 +++-- .../templates/controller-service.yaml | 8 +- charts/ingress-nginx/values.yaml | 219 +++++++++++++----- 4 files changed, 242 insertions(+), 113 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 88b62cca5..cafecf976 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -415,35 +415,50 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.scope.enabled | bool | `false` | Enable 'scope' or not | | controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | | controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | -| controller.service.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. | -| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # | -| controller.service.enableHttp | bool | `true` | | -| controller.service.enableHttps | bool | `true` | | -| controller.service.enabled | bool | `true` | | -| controller.service.external.enabled | bool | `true` | | -| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # | -| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. | -| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | -| controller.service.internal.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. | -| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | -| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service | -| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service | -| controller.service.internal.type | string | `""` | Type of the internal controller service. | -| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | -| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | -| controller.service.labels | object | `{}` | | -| controller.service.loadBalancerClass | string | `""` | Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | -| controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | -| controller.service.loadBalancerSourceRanges | list | `[]` | | -| controller.service.nodePorts.http | string | `""` | | -| controller.service.nodePorts.https | string | `""` | | -| controller.service.nodePorts.tcp | object | `{}` | | -| controller.service.nodePorts.udp | object | `{}` | | -| controller.service.ports.http | int | `80` | | -| controller.service.ports.https | int | `443` | | -| controller.service.targetPorts.http | string | `"http"` | | -| controller.service.targetPorts.https | string | `"https"` | | -| controller.service.type | string | `"LoadBalancer"` | | +| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. | +| controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | +| controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | +| controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. | +| controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. | +| controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. | +| controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. | +| controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | +| controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | +| controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | +| controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | +| controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | +| controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. | +| controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | +| controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | +| controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | +| controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | +| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. | +| controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 | +| controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 | +| controller.service.internal.ports | object | `{}` | | +| controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | +| controller.service.internal.targetPorts | object | `{}` | | +| controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | +| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.labels | object | `{}` | Labels to be added to both controller services. | +| controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | +| controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | +| controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. | +| controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. | +| controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 | +| controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 | +| controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. | +| controller.service.ports.https | int | `443` | Port the external HTTPS listener is published with. | +| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | +| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. | +| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. | +| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | | controller.shareProcessNamespace | bool | `false` | | | controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ | | controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index 8df2d9609..950eb8f05 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}} +{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations -}} apiVersion: v1 kind: Service metadata: @@ -15,9 +15,12 @@ metadata: name: {{ include "ingress-nginx.controller.fullname" . }}-internal namespace: {{ include "ingress-nginx.namespace" . }} spec: - type: "{{ .Values.controller.service.internal.type | default .Values.controller.service.type }}" -{{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }} + type: {{ .Values.controller.service.internal.type | default .Values.controller.service.type }} +{{- if .Values.controller.service.internal.clusterIP }} + clusterIP: {{ .Values.controller.service.internal.clusterIP }} +{{- end }} +{{- if .Values.controller.service.internal.externalIPs }} + externalIPs: {{ toYaml .Values.controller.service.internal.externalIPs | nindent 4 }} {{- end }} {{- if .Values.controller.service.internal.loadBalancerIP }} loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }} @@ -25,8 +28,28 @@ spec: {{- if .Values.controller.service.internal.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }} {{- end }} +{{- if .Values.controller.service.internal.loadBalancerClass }} + loadBalancerClass: {{ .Values.controller.service.internal.loadBalancerClass }} +{{- end }} +{{- if hasKey .Values.controller.service.internal "allocateLoadBalancerNodePorts" }} + allocateLoadBalancerNodePorts: {{ .Values.controller.service.internal.allocateLoadBalancerNodePorts }} +{{- end }} {{- if .Values.controller.service.internal.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }} +{{- end }} +{{- if .Values.controller.service.internal.sessionAffinity }} + sessionAffinity: {{ .Values.controller.service.internal.sessionAffinity }} +{{- end }} +{{- if .Values.controller.service.internal.healthCheckNodePort }} + healthCheckNodePort: {{ .Values.controller.service.internal.healthCheckNodePort }} +{{- end }} +{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.internal.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.controller.service.internal.ipFamilyPolicy }} +{{- end }} +{{- if .Values.controller.service.internal.ipFamilies }} + ipFamilies: {{ toYaml .Values.controller.service.internal.ipFamilies | nindent 4 }} +{{- end }} {{- end }} ports: {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} @@ -35,11 +58,11 @@ spec: port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }} protocol: TCP targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }} - {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }} appProtocol: http {{- end }} - {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} - nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.http))) }} + nodePort: {{ .Values.controller.service.internal.nodePorts.http }} {{- end }} {{- end }} {{- if .Values.controller.service.enableHttps }} @@ -47,11 +70,11 @@ spec: port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }} protocol: TCP targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }} - {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }} appProtocol: https {{- end }} - {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} - nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.https))) }} + nodePort: {{ .Values.controller.service.internal.nodePorts.https }} {{- end }} {{- end }} {{- range $key, $value := .Values.tcp }} @@ -59,9 +82,9 @@ spec: port: {{ $key }} protocol: TCP targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp - {{- if $.Values.controller.service.nodePorts.tcp }} - {{- if index $.Values.controller.service.nodePorts.tcp $key }} - nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} + {{- if $.Values.controller.service.internal.nodePorts.tcp }} + {{- if index $.Values.controller.service.internal.nodePorts.tcp $key }} + nodePort: {{ index $.Values.controller.service.internal.nodePorts.tcp $key }} {{- end }} {{- end }} {{- end }} @@ -70,9 +93,9 @@ spec: port: {{ $key }} protocol: UDP targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp - {{- if $.Values.controller.service.nodePorts.udp }} - {{- if index $.Values.controller.service.nodePorts.udp $key }} - nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} + {{- if $.Values.controller.service.internal.nodePorts.udp }} + {{- if index $.Values.controller.service.internal.nodePorts.udp $key }} + nodePort: {{ index $.Values.controller.service.internal.nodePorts.udp $key }} {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index d81635014..74f608536 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -16,9 +16,6 @@ metadata: namespace: {{ include "ingress-nginx.namespace" . }} spec: type: {{ .Values.controller.service.type }} -{{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }} -{{- end }} {{- if .Values.controller.service.clusterIP }} clusterIP: {{ .Values.controller.service.clusterIP }} {{- end }} @@ -34,6 +31,9 @@ spec: {{- if .Values.controller.service.loadBalancerClass }} loadBalancerClass: {{ .Values.controller.service.loadBalancerClass }} {{- end }} +{{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }} + allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }} +{{- end }} {{- if .Values.controller.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} {{- end }} @@ -47,8 +47,6 @@ spec: {{- if .Values.controller.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} {{- end }} -{{- end }} -{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} {{- if .Values.controller.service.ipFamilies }} ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index d48e847fa..a06eca14c 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -444,105 +444,198 @@ controller: customTemplate: configMapName: "" configMapKey: "" + service: + # -- Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. enabled: true - # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were - # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # It allows choosing the protocol for each backend specified in the Kubernetes service. - # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 - # Will be ignored for Kubernetes versions older than 1.20 - ## - appProtocol: true - # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. + + external: + # -- Enable the external controller service or not. Useful for internal-only deployments. + enabled: true + + # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. annotations: {} + # -- Labels to be added to both controller services. labels: {} - # clusterIP: "" - # -- List of IP addresses at which the controller services are available - ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - ## + # -- Type of the external controller service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: LoadBalancer + + # -- Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIP: "" + + # -- List of node IP addresses at which the external controller service is available. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips externalIPs: [] - # -- Set to false to disable loadbalancer node port allocation - # See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation - # allocateLoadBalancerNodePorts: true - # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + # -- Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer loadBalancerIP: "" + # -- Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. loadBalancerSourceRanges: [] - # -- Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + # -- Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class loadBalancerClass: "" - enableHttp: true - enableHttps: true - ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" - ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - # sessionAffinity: "" + # -- Enable node port allocation for the external controller service or not. Applies to type `LoadBalancer` only. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation + # allocateLoadBalancerNodePorts: true - ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, - ## the service controller allocates a port from your cluster’s NodePort range. - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # -- External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. + # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: "" + + # -- Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". + # Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity + sessionAffinity: "" + + # -- Specifies the health check node port (numeric port number) for the external controller service. + # If not specified, the service controller allocates a port from your cluster's node port range. + # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 - # -- Represents the dual-stack-ness requested or required by this Service. Possible values are - # SingleStack, PreferDualStack or RequireDualStack. - # The ipFamilies and clusterIPs fields depend on the value of this field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilyPolicy: "SingleStack" - # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically - # based on cluster configuration and the ipFamilyPolicy field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + # -- Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. + # Fields `ipFamilies` and `clusterIP` depend on the value of this field. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: SingleStack + # -- List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services ipFamilies: - IPv4 + + # -- Enable the HTTP listener on both controller services or not. + enableHttp: true + # -- Enable the HTTPS listener on both controller services or not. + enableHttps: true + ports: + # -- Port the external HTTP listener is published with. http: 80 + # -- Port the external HTTPS listener is published with. https: 443 + targetPorts: + # -- Port of the ingress controller the external HTTP listener is mapped to. http: http + # -- Port of the ingress controller the external HTTPS listener is mapped to. https: https - type: LoadBalancer - ## type: NodePort - ## nodePorts: - ## http: 32080 - ## https: 32443 - ## tcp: - ## 8080: 32808 + + # -- Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + appProtocol: true + nodePorts: + # -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. http: "" + # -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. https: "" + # -- Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. + # Example: + # tcp: + # 8080: 30080 tcp: {} + # -- Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. + # Example: + # udp: + # 53: 30053 udp: {} - external: - enabled: true + internal: - # -- Enables an additional internal load balancer (besides the external one). + # -- Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. enabled: false - # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. + + # -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer annotations: {} - # -- Set to false to disable loadbalancer node port allocation - # See https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation - # allocateLoadBalancerNodePorts: true - # -- Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. - loadBalancerIP: "" + # -- Type of the internal controller service. + # Defaults to the value of `controller.service.type`. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: "" - # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. + + # -- Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIP: "" + + # -- List of node IP addresses at which the internal controller service is available. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + externalIPs: [] + + # -- Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + loadBalancerIP: "" + # -- Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. loadBalancerSourceRanges: [] - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" + # -- Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + loadBalancerClass: "" + + # -- Enable node port allocation for the internal controller service or not. Applies to type `LoadBalancer` only. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation + # allocateLoadBalancerNodePorts: true + + # -- External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. + # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: "" + + # -- Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". + # Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity + sessionAffinity: "" + + # -- Specifies the health check node port (numeric port number) for the internal controller service. + # If not specified, the service controller allocates a port from your cluster's node port range. + # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # healthCheckNodePort: 0 + + # -- Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. + # Fields `ipFamilies` and `clusterIP` depend on the value of this field. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: SingleStack + # -- List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilies: + - IPv4 - # -- Custom port mapping for internal service ports: {} - # http: 80 - # https: 443 + # -- Port the internal HTTP listener is published with. + # Defaults to the value of `controller.service.ports.http`. + # http: 80 + # -- Port the internal HTTPS listener is published with. + # Defaults to the value of `controller.service.ports.https`. + # https: 443 - # -- Custom target port mapping for internal service targetPorts: {} - # http: http - # https: https + # -- Port of the ingress controller the internal HTTP listener is mapped to. + # Defaults to the value of `controller.service.targetPorts.http`. + # http: http + # -- Port of the ingress controller the internal HTTPS listener is mapped to. + # Defaults to the value of `controller.service.targetPorts.https`. + # https: https + + # -- Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + appProtocol: true + + nodePorts: + # -- Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. + http: "" + # -- Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. + https: "" + # -- Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. + # Example: + # tcp: + # 8080: 30080 + tcp: {} + # -- Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. + # Example: + # udp: + # 53: 30053 + udp: {} + # shareProcessNamespace enables process namespace sharing within the pod. # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. shareProcessNamespace: false From 45f8262d052ee0da6133d886ec90f1fbd7a19e3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 08:14:33 +0100 Subject: [PATCH 18/35] Bump actions/dependency-review-action from 3.1.3 to 3.1.4 (#10725) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/7bbfa034e752445ea40215fff1c3bf9597993d3f...01bc87099ba56df1e897b6874784491ea6309bc4) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 1eefe5939..3cd461417 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f # v3.1.3 + uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4 From 6152695c78075ef6ea17c97923d46e27e606e51c Mon Sep 17 00:00:00 2001 From: Sonu Kumar Singh Date: Thu, 7 Dec 2023 20:27:33 +0530 Subject: [PATCH 19/35] images: upgrade to Alpine 3.18.5 (#10722) --- images/cfssl/rootfs/Dockerfile | 2 +- images/nginx/rootfs/Dockerfile | 4 ++-- images/opentelemetry/rootfs/Dockerfile | 2 +- rootfs/Dockerfile-chroot | 2 +- test/e2e-image/Dockerfile | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index 4ad69d362..f5fceb6e0 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.18.4 +FROM alpine:3.18.5 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 95f7a0288..5df4efac0 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.18.4 as builder +FROM alpine:3.18.5 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.18.4 +FROM alpine:3.18.5 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index b46b116e0..4f6a927f6 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.18.4 as base +FROM alpine:3.18.5 as base RUN mkdir -p /opt/third_party/install COPY . /opt/third_party/ diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index 09e0ba7ce..634de7c04 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.18.4 +FROM alpine:3.18.5 ARG TARGETARCH ARG VERSION diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index cd0bcb715..81b4b4d16 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,7 +1,7 @@ ARG E2E_BASE_IMAGE FROM ${E2E_BASE_IMAGE} AS BASE -FROM alpine:3.18.4 +FROM alpine:3.18.5 RUN apk update \ && apk upgrade && apk add -U --no-cache \ From 6807537a700a3f229a2b1ba6e74ca0932f22e72e Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 7 Dec 2023 19:52:14 -0500 Subject: [PATCH 20/35] upgrade go 1.21.5 (#10732) * upgrade go 1.21.5 Signed-off-by: James Strong * update golang gha Signed-off-by: James Strong * supgrade golang lint ci to v1.55.2 * sfix all golang lint ci errors * sget a nginx build as well * srevert some e2e changes * srevert some e2e changes --------- Signed-off-by: James Strong --- .github/workflows/ci.yaml | 16 ++++++++-------- .github/workflows/golangci-lint.yml | 6 +++--- .github/workflows/plugin.yaml | 4 ++-- go.mod | 2 +- go.work | 2 +- go.work.sum | 4 ++++ images/custom-error-pages/rootfs/Dockerfile | 2 +- images/custom-error-pages/rootfs/go.mod | 2 +- .../ext-auth-example-authsvc/rootfs/Dockerfile | 2 +- images/ext-auth-example-authsvc/rootfs/go.mod | 2 +- images/fastcgi-helloserver/rootfs/Dockerfile | 2 +- images/go-grpc-greeter-server/rootfs/Dockerfile | 2 +- images/httpbun/rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/go.mod | 2 +- images/nginx/TAG | 2 +- images/opentelemetry/rootfs/go.mod | 2 +- images/test-runner/Makefile | 4 ++-- internal/ingress/annotations/annotations_test.go | 1 + .../ingress/annotations/parser/validators.go | 2 ++ magefiles/go.mod | 2 +- test/e2e/annotations/auth.go | 1 + test/e2e/annotations/grpc.go | 1 + test/e2e/framework/httpexpect/response.go | 1 + test/e2e/settings/disable_sync_events.go | 1 + test/e2e/settings/enable_real_ip.go | 1 + 26 files changed, 41 insertions(+), 29 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7af11c277..cfb243808 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -73,9 +73,9 @@ jobs: - name: Set up Go id: go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.3' + go-version: '1.21.5' check-latest: true - name: Run test @@ -94,9 +94,9 @@ jobs: - name: Set up Go id: go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.3' + go-version: '1.21.5' check-latest: true - name: Set up QEMU @@ -158,9 +158,9 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.3' + go-version: '1.21.5' check-latest: true - name: Install Helm Unit Test Plugin @@ -508,9 +508,9 @@ jobs: - name: Set up Go id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.3' + go-version: '1.21.5' check-latest: true - name: kube-webhook-certgen image build diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index d3118d469..9cfb43a96 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -23,12 +23,12 @@ jobs: - name: Set up Go id: go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.3' + go-version: '1.21.5' check-latest: true - name: golangci-lint uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 with: - version: v1.53 + version: v1.55.2 diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index ab88454fb..3b1c44b95 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -20,9 +20,9 @@ jobs: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.3' + go-version: '1.21.5' check-latest: true - name: Run GoReleaser diff --git a/go.mod b/go.mod index 8988b7461..817432787 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx -go 1.21.3 +go 1.21.5 require ( dario.cat/mergo v1.0.0 diff --git a/go.work b/go.work index 249976119..3dd9bfdee 100644 --- a/go.work +++ b/go.work @@ -1,4 +1,4 @@ -go 1.21.3 +go 1.21.5 use ( . diff --git a/go.work.sum b/go.work.sum index 91bbfc14a..cb2ff1f18 100644 --- a/go.work.sum +++ b/go.work.sum @@ -197,6 +197,7 @@ github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcs github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= +github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= github.com/onsi/ginkgo/v2 v2.9.1/go.mod h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo= github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= @@ -255,6 +256,7 @@ golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= @@ -267,11 +269,13 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 54b2a5cc7..3647788d4 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.3-alpine3.18 as builder +FROM golang:1.21.5-alpine3.18 as builder RUN apk update \ && apk upgrade && apk add git diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index 50cfc2a19..ce0fffd4a 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/custom-error-pages -go 1.21.3 +go 1.21.5 require github.com/prometheus/client_golang v1.11.1 diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 96da802ce..f85698398 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.3-alpine3.18 as builder +FROM golang:1.21.5-alpine3.18 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod index e910e360c..3608868b3 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.mod +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -1,6 +1,6 @@ module example.com/authsvc -go 1.21.3 +go 1.21.5 require k8s.io/apimachinery v0.23.1 diff --git a/images/fastcgi-helloserver/rootfs/Dockerfile b/images/fastcgi-helloserver/rootfs/Dockerfile index 92a5e8196..38d7f8ce0 100755 --- a/images/fastcgi-helloserver/rootfs/Dockerfile +++ b/images/fastcgi-helloserver/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.3-alpine3.18 as builder +FROM golang:1.21.5-alpine3.18 as builder WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi diff --git a/images/go-grpc-greeter-server/rootfs/Dockerfile b/images/go-grpc-greeter-server/rootfs/Dockerfile index 33cb35923..94e4b91ff 100644 --- a/images/go-grpc-greeter-server/rootfs/Dockerfile +++ b/images/go-grpc-greeter-server/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.3-alpine3.18 as build +FROM golang:1.21.5-alpine3.18 as build WORKDIR /go/src/greeter-server diff --git a/images/httpbun/rootfs/Dockerfile b/images/httpbun/rootfs/Dockerfile index c84f17fd1..c4b1e6f9d 100644 --- a/images/httpbun/rootfs/Dockerfile +++ b/images/httpbun/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.3 AS builder +FROM golang:1.21.5 AS builder ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index 846e37aee..f20a295d3 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.21.3 as builder +FROM --platform=$BUILDPLATFORM golang:1.21.5 as builder ARG BUILDPLATFORM ARG TARGETARCH diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index b30fa5f27..893669c7b 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -1,6 +1,6 @@ module github.com/jet/kube-webhook-certgen -go 1.21.3 +go 1.21.5 require ( github.com/onrik/logrus v0.9.0 diff --git a/images/nginx/TAG b/images/nginx/TAG index 4e379d2bf..6812f8122 100644 --- a/images/nginx/TAG +++ b/images/nginx/TAG @@ -1 +1 @@ -0.0.2 +0.0.3 \ No newline at end of file diff --git a/images/opentelemetry/rootfs/go.mod b/images/opentelemetry/rootfs/go.mod index 0f48b0988..f34dd98ff 100644 --- a/images/opentelemetry/rootfs/go.mod +++ b/images/opentelemetry/rootfs/go.mod @@ -1,3 +1,3 @@ module init-otel -go 1.21.3 +go 1.21.5 diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index b70c57b7b..4cbde89fc 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -43,7 +43,7 @@ image: --pull \ --push \ --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ - --build-arg GOLANG_VERSION=1.21.3 \ + --build-arg GOLANG_VERSION=1.21.5 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.26.0 \ --build-arg RESTY_CLI_VERSION=0.27 \ @@ -64,7 +64,7 @@ build: ensure-buildx --progress=${PROGRESS} \ --pull \ --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ - --build-arg GOLANG_VERSION=1.21.3 \ + --build-arg GOLANG_VERSION=1.21.5 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.26.0 \ --build-arg RESTY_CLI_VERSION=0.27 \ diff --git a/internal/ingress/annotations/annotations_test.go b/internal/ingress/annotations/annotations_test.go index 5f8128e0d..0f4f8f7d7 100644 --- a/internal/ingress/annotations/annotations_test.go +++ b/internal/ingress/annotations/annotations_test.go @@ -125,6 +125,7 @@ func TestSSLPassthrough(t *testing.T) { ec := NewAnnotationExtractor(mockCfg{}) ing := buildIngress() + //nolint:goconst //already a constant fooAnns := []struct { annotations map[string]string er bool diff --git a/internal/ingress/annotations/parser/validators.go b/internal/ingress/annotations/parser/validators.go index f66f3c0bc..9a46bc840 100644 --- a/internal/ingress/annotations/parser/validators.go +++ b/internal/ingress/annotations/parser/validators.go @@ -49,6 +49,8 @@ var ( // IsValidRegex checks if the tested string can be used as a regex, but without any weird character. // It includes regex characters for paths that may contain regexes +// +//nolint:goconst //already a constant var IsValidRegex = regexp.MustCompile("^[/" + alphaNumericChars + regexEnabledChars + "]*$") // SizeRegex validates sizes understood by NGINX, like 1000, 100k, 1000M diff --git a/magefiles/go.mod b/magefiles/go.mod index db252f7c3..42e8fade0 100644 --- a/magefiles/go.mod +++ b/magefiles/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/magefiles -go 1.21.3 +go 1.21.5 require ( github.com/blang/semver/v4 v4.0.0 diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index 415ffd951..ea33fdf32 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -425,6 +425,7 @@ http { f.EnsureIngress(ing2) f.WaitForNginxServer(host, func(server string) bool { + //nolint:goconst //server_name is a constant return strings.Contains(server, "server_name "+host) }) }) diff --git a/test/e2e/annotations/grpc.go b/test/e2e/annotations/grpc.go index b256b8ae4..b3be82c2a 100644 --- a/test/e2e/annotations/grpc.go +++ b/test/e2e/annotations/grpc.go @@ -103,6 +103,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() { return strings.Contains(server, "grpc_pass grpc://upstream_balancer;") }) + //nolint:goconst //string interpolation conn, err := grpc.Dial(f.GetNginxIP()+":443", grpc.WithTransportCredentials( credentials.NewTLS(&tls.Config{ diff --git a/test/e2e/framework/httpexpect/response.go b/test/e2e/framework/httpexpect/response.go index 1c7624752..e324e94ff 100644 --- a/test/e2e/framework/httpexpect/response.go +++ b/test/e2e/framework/httpexpect/response.go @@ -234,6 +234,7 @@ func (r *HTTPResponse) checkContentType(expectedType string, expectedCharset ... } if mediaType != expectedType { + //nolint:goconst //string interpolation r.chain.fail("\nexpected \"Content-Type\" header with %q media type,"+ "\nbut got %q", expectedType, mediaType) return false diff --git a/test/e2e/settings/disable_sync_events.go b/test/e2e/settings/disable_sync_events.go index 033fd9194..0d55c96e4 100644 --- a/test/e2e/settings/disable_sync_events.go +++ b/test/e2e/settings/disable_sync_events.go @@ -44,6 +44,7 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-sync-events", func() { return strings.Contains(server, fmt.Sprintf("server_name %v", host)) }) + //nolint:goconst //string interpolation events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host}) assert.Nil(ginkgo.GinkgoT(), err, "listing events") diff --git a/test/e2e/settings/enable_real_ip.go b/test/e2e/settings/enable_real_ip.go index 778011b9f..bf16e1ea0 100644 --- a/test/e2e/settings/enable_real_ip.go +++ b/test/e2e/settings/enable_real_ip.go @@ -47,6 +47,7 @@ var _ = framework.DescribeSetting("enable-real-ip", func() { f.WaitForNginxServer(host, func(server string) bool { + //nolint:goconst //already a const return strings.Contains(server, "server_name "+host) && !strings.Contains(server, "proxy_set_header X-Forwarded-Proto $full_x_forwarded_proto;") }) From 7e31f818ff5871dcf54b55e656c052d455df6901 Mon Sep 17 00:00:00 2001 From: patst Date: Fri, 8 Dec 2023 11:09:34 +0100 Subject: [PATCH 21/35] helm: opentelemetry addon allow configuration of registry with setting tag (#9773) * feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon * feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon * add ci test file * fix: updated helm-docs with opentelemetry image value * fix: ci test case * fix: ci test case set default registry, image + tag * fix: ci test case set default registry + image * fix: remove unrequired comment * feat!: use extraModules helper method for templating the image value * image definition for OTel image is now split up in image, repo and registry values * feat!: move distroless config under the image key * update helm-docs * Refactor template to generate the image name * adapt test cases for extraModules * implement code review * try to fix ci test for opentelemetry --- charts/ingress-nginx/README.md | 7 ++++-- .../ci/daemonset-extra-modules.yaml | 5 ++++- ...modules-default-container-sec-context.yaml | 5 ++++- ...odules-specific-container-sec-context.yaml | 5 ++++- .../ci/deployment-extra-modules.yaml | 5 ++++- ...t-opentelemetry-customregistry-values.yaml | 9 ++++++++ charts/ingress-nginx/templates/_helpers.tpl | 4 +++- charts/ingress-nginx/values.yaml | 22 +++++++++++++++---- 8 files changed, 51 insertions(+), 11 deletions(-) create mode 100644 charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index cafecf976..acf1be7bf 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -387,9 +387,12 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.opentelemetry.containerSecurityContext.runAsNonRoot | bool | `true` | | | controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. | | controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| controller.opentelemetry.distroless | bool | `true` | | | controller.opentelemetry.enabled | bool | `false` | | -| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | | +| controller.opentelemetry.image.digest | string | `"sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | | +| controller.opentelemetry.image.distroless | bool | `true` | | +| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry"` | | +| controller.opentelemetry.image.registry | string | `"registry.k8s.io"` | | +| controller.opentelemetry.image.tag | string | `"v20230721-3e2062ee5"` | | | controller.opentelemetry.name | string | `"opentelemetry"` | | | controller.opentelemetry.resources | object | `{}` | | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | diff --git a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml b/charts/ingress-nginx/ci/daemonset-extra-modules.yaml index f299dbf1c..52a32fcbd 100644 --- a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml +++ b/charts/ingress-nginx/ci/daemonset-extra-modules.yaml @@ -7,4 +7,7 @@ controller: type: ClusterIP extraModules: - name: opentelemetry - image: busybox + image: + registry: registry.k8s.io + image: busybox + tag: latest diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml index 2310c344e..91b1b98a8 100644 --- a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml +++ b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml @@ -9,4 +9,7 @@ controller: allowPrivilegeEscalation: false extraModules: - name: opentelemetry - image: busybox + image: + registry: registry.k8s.io + image: busybox + tag: latest diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml index bd2f011cc..b6013c7d0 100644 --- a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml +++ b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml @@ -7,6 +7,9 @@ controller: type: ClusterIP extraModules: - name: opentelemetry - image: busybox + image: + registry: registry.k8s.io + image: busybox + tag: latest containerSecurityContext: allowPrivilegeEscalation: false diff --git a/charts/ingress-nginx/ci/deployment-extra-modules.yaml b/charts/ingress-nginx/ci/deployment-extra-modules.yaml index ec5923548..2fbe1cc01 100644 --- a/charts/ingress-nginx/ci/deployment-extra-modules.yaml +++ b/charts/ingress-nginx/ci/deployment-extra-modules.yaml @@ -7,4 +7,7 @@ controller: type: ClusterIP extraModules: - name: opentelemetry - image: busybox + image: + registry: registry.k8s.io + image: busybox + tag: latest diff --git a/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml b/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml new file mode 100644 index 000000000..fb3ef4446 --- /dev/null +++ b/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml @@ -0,0 +1,9 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + opentelemetry: + enabled: true diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index c936dab79..db1ab2e24 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -257,7 +257,8 @@ Extra modules. */}} {{- define "extraModules" -}} - name: {{ .name }} - image: {{ .image }} + {{- with .image }} + image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }} command: {{- if .distroless }} - /init_module @@ -266,6 +267,7 @@ Extra modules. - -c - /usr/local/bin/init_module.sh {{- end }} + {{- end }} {{- if .containerSecurityContext }} securityContext: {{ toYaml .containerSecurityContext | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index a06eca14c..a21eb0ba3 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -682,8 +682,15 @@ controller: # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module extraModules: [] # - name: mytestmodule - # image: registry.k8s.io/ingress-nginx/mytestmodule - # distroless: false + # image: + # registry: registry.k8s.io + # image: ingress-nginx/mytestmodule + # ## for backwards compatibility consider setting the full image url via the repository value below + # ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + # ## repository: + # tag: "v1.0.0" + # digest: "" + # distroless: false # containerSecurityContext: # runAsNonRoot: true # runAsUser: @@ -703,8 +710,15 @@ controller: opentelemetry: enabled: false name: opentelemetry - image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472 - distroless: true + image: + registry: registry.k8s.io + image: ingress-nginx/opentelemetry + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "v20230721-3e2062ee5" + digest: sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472 + distroless: true containerSecurityContext: runAsNonRoot: true # -- The image's default user, inherited from its base image `cgr.dev/chainguard/static`. From c211e75065d9bd301658e7cc83f4e7012fb89aa8 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 8 Dec 2023 14:15:22 -0500 Subject: [PATCH 22/35] upgrade alpine to 3.19.0 Signed-off-by: James Strong --- images/cfssl/rootfs/Dockerfile | 2 +- images/nginx/rootfs/Dockerfile | 4 ++-- images/opentelemetry/rootfs/Dockerfile | 2 +- rootfs/Dockerfile-chroot | 2 +- test/e2e-image/Dockerfile | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index f5fceb6e0..569756d79 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.18.5 +FROM alpine:3.19.0 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 5df4efac0..024c0e873 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.18.5 as builder +FROM alpine:3.19.0 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.18.5 +FROM alpine:3.19.0 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 4f6a927f6..0ca57ed5d 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.18.5 as base +FROM alpine:3.19.0 as base RUN mkdir -p /opt/third_party/install COPY . /opt/third_party/ diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index 634de7c04..a210aa7bf 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.18.5 +FROM alpine:3.19.0 ARG TARGETARCH ARG VERSION diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index 81b4b4d16..222156f13 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,7 +1,7 @@ ARG E2E_BASE_IMAGE FROM ${E2E_BASE_IMAGE} AS BASE -FROM alpine:3.18.5 +FROM alpine:3.19.0 RUN apk update \ && apk upgrade && apk add -U --no-cache \ From 5d82d183500a3c0a5cd1ffbfcd396328c616dde9 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 8 Dec 2023 14:37:20 -0500 Subject: [PATCH 23/35] missed some Signed-off-by: James Strong --- build/run-in-docker.sh | 2 +- images/custom-error-pages/rootfs/Dockerfile | 2 +- images/ext-auth-example-authsvc/rootfs/Dockerfile | 2 +- images/fastcgi-helloserver/rootfs/Dockerfile | 2 +- images/go-grpc-greeter-server/rootfs/Dockerfile | 2 +- images/test-runner/Makefile | 4 ++-- images/test-runner/rootfs/Dockerfile | 2 +- test/e2e/run-chart-test.sh | 2 +- test/e2e/run-kind-e2e.sh | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index bec825291..7ae9e2a12 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -87,7 +87,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "FLAGS=$FLAGS" #go env - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.13.0 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.13.1 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 3647788d4..d6009e634 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.5-alpine3.18 as builder +FROM golang:1.21.5-alpine:3.19 as builder RUN apk update \ && apk upgrade && apk add git diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index f85698398..880987f82 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.5-alpine3.18 as builder +FROM golang:1.21.5-alpine:3.19 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/fastcgi-helloserver/rootfs/Dockerfile b/images/fastcgi-helloserver/rootfs/Dockerfile index 38d7f8ce0..31b32bd6d 100755 --- a/images/fastcgi-helloserver/rootfs/Dockerfile +++ b/images/fastcgi-helloserver/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.5-alpine3.18 as builder +FROM golang:1.21.5-alpine:3.19 as builder WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi diff --git a/images/go-grpc-greeter-server/rootfs/Dockerfile b/images/go-grpc-greeter-server/rootfs/Dockerfile index 94e4b91ff..6ee689958 100644 --- a/images/go-grpc-greeter-server/rootfs/Dockerfile +++ b/images/go-grpc-greeter-server/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.5-alpine3.18 as build +FROM golang:1.21.5-alpine:3.19 as build WORKDIR /go/src/greeter-server diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 4cbde89fc..d6b974ba9 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -54,7 +54,7 @@ image: --build-arg YAML_LINT_VERSION=1.27.1 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ - --build-arg GINKGO_VERSION=2.13.0 \ + --build-arg GINKGO_VERSION=2.13.1 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs @@ -75,7 +75,7 @@ build: ensure-buildx --build-arg YAML_LINT_VERSION=1.27.1 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ - --build-arg GINKGO_VERSION=2.13.0 \ + --build-arg GINKGO_VERSION=2.13.1 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index 161b6caf4..de0d3a15f 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -15,7 +15,7 @@ ARG BASE_IMAGE ARG GOLANG_VERSION ARG ETCD_VERSION -FROM golang:${GOLANG_VERSION}-alpine3.18 as GO +FROM golang:${GOLANG_VERSION}-alpine:3.19 as GO FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd FROM ${BASE_IMAGE} diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 425d043e9..cdcf729f5 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.13.0 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.13.1 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run-kind-e2e.sh b/test/e2e/run-kind-e2e.sh index 5c4ba5c1e..d213ac4b7 100755 --- a/test/e2e/run-kind-e2e.sh +++ b/test/e2e/run-kind-e2e.sh @@ -96,7 +96,7 @@ fi if [ "${SKIP_E2E_IMAGE_CREATION}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.13.0 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.13.1 fi echo "[dev-env] .. done building controller images" From f555a5659a592dcd5e4e88523631b9ad642e2163 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 8 Dec 2023 14:41:23 -0500 Subject: [PATCH 24/35] smore missing builds --- images/custom-error-pages/rootfs/Dockerfile | 2 +- images/ext-auth-example-authsvc/rootfs/Dockerfile | 2 +- images/fastcgi-helloserver/rootfs/Dockerfile | 2 +- images/go-grpc-greeter-server/rootfs/Dockerfile | 2 +- images/test-runner/rootfs/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index d6009e634..1d22dbb4c 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.5-alpine:3.19 as builder +FROM golang:1.21.5-alpine3.19 as builder RUN apk update \ && apk upgrade && apk add git diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 880987f82..b2ca6fb22 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.5-alpine:3.19 as builder +FROM golang:1.21.5-alpine3.19 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/fastcgi-helloserver/rootfs/Dockerfile b/images/fastcgi-helloserver/rootfs/Dockerfile index 31b32bd6d..8077cc900 100755 --- a/images/fastcgi-helloserver/rootfs/Dockerfile +++ b/images/fastcgi-helloserver/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.5-alpine:3.19 as builder +FROM golang:1.21.5-alpine3.19 as builder WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi diff --git a/images/go-grpc-greeter-server/rootfs/Dockerfile b/images/go-grpc-greeter-server/rootfs/Dockerfile index 6ee689958..0c4c9c71c 100644 --- a/images/go-grpc-greeter-server/rootfs/Dockerfile +++ b/images/go-grpc-greeter-server/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.5-alpine:3.19 as build +FROM golang:1.21.5-alpine3.19 as build WORKDIR /go/src/greeter-server diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index de0d3a15f..161b6caf4 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -15,7 +15,7 @@ ARG BASE_IMAGE ARG GOLANG_VERSION ARG ETCD_VERSION -FROM golang:${GOLANG_VERSION}-alpine:3.19 as GO +FROM golang:${GOLANG_VERSION}-alpine3.18 as GO FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd FROM ${BASE_IMAGE} From 208ea484a813ae51780cae327229f36b8b362419 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 8 Dec 2023 14:43:21 -0500 Subject: [PATCH 25/35] revert golang 1.21.5 and alpine 3.19 not available yet Signed-off-by: James Strong --- images/custom-error-pages/rootfs/Dockerfile | 2 +- images/ext-auth-example-authsvc/rootfs/Dockerfile | 2 +- images/fastcgi-helloserver/rootfs/Dockerfile | 2 +- images/go-grpc-greeter-server/rootfs/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 1d22dbb4c..3647788d4 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.5-alpine3.19 as builder +FROM golang:1.21.5-alpine3.18 as builder RUN apk update \ && apk upgrade && apk add git diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index b2ca6fb22..f85698398 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.5-alpine3.19 as builder +FROM golang:1.21.5-alpine3.18 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/fastcgi-helloserver/rootfs/Dockerfile b/images/fastcgi-helloserver/rootfs/Dockerfile index 8077cc900..38d7f8ce0 100755 --- a/images/fastcgi-helloserver/rootfs/Dockerfile +++ b/images/fastcgi-helloserver/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.5-alpine3.19 as builder +FROM golang:1.21.5-alpine3.18 as builder WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi diff --git a/images/go-grpc-greeter-server/rootfs/Dockerfile b/images/go-grpc-greeter-server/rootfs/Dockerfile index 0c4c9c71c..94e4b91ff 100644 --- a/images/go-grpc-greeter-server/rootfs/Dockerfile +++ b/images/go-grpc-greeter-server/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.5-alpine3.19 as build +FROM golang:1.21.5-alpine3.18 as build WORKDIR /go/src/greeter-server From 7c998b5937826b880aab7a56d5081fffcc29e191 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Fri, 8 Dec 2023 23:15:02 +0100 Subject: [PATCH 26/35] otel distroless (#10741) --- images/opentelemetry/rootfs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 0ca57ed5d..8c8cb1783 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -54,7 +54,7 @@ COPY . . RUN go mod download RUN CGO_ENABLED=0 go build -o /go/bin/init_module -FROM cgr.dev/chainguard/static as final +FROM gcr.io/distroless/static-debian11 as final COPY --from=build-init /go/bin/init_module / COPY --from=nginx /etc/nginx/modules /etc/nginx/modules From 14d8be4c0aee7d50f184d64fab785007cf74d842 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Claus=20Pr=C3=BCfer?= Date: Sat, 9 Dec 2023 20:31:01 +0100 Subject: [PATCH 27/35] Update Documentation for Client-Cert Authentication misleading #10687 (#10705) * Update README.md Update / restructure "Client Cert Authentication" Documentation sub-section * Update README.md * Update README.md * Update README.md * Update README.md Add openssl subjectAltName and remark for future releases. * Update README.md Moved subjectAltName to new topic "Remarks", i think it is not annotation / ingress related * Update README.md Typo --- docs/examples/auth/client-certs/README.md | 126 ++++++++++++++++------ 1 file changed, 92 insertions(+), 34 deletions(-) diff --git a/docs/examples/auth/client-certs/README.md b/docs/examples/auth/client-certs/README.md index 94cf6c697..7aed26395 100644 --- a/docs/examples/auth/client-certs/README.md +++ b/docs/examples/auth/client-certs/README.md @@ -2,59 +2,117 @@ It is possible to enable Client-Certificate Authentication by adding additional annotations to your Ingress Resource. -Before getting started you must have the following Certificates configured: +## 1. Prerequisites / Certificates -1. CA certificate and Key (Intermediate Certs need to be in CA) -2. Server Certificate (Signed by CA) and Key (CN should be equal the hostname you will use) -3. Client Certificate (Signed by CA) and Key +- Certificate Authority (CA) Certificate ```ca-cert.pem``` +- Server Certificate (Signed by CA) and Key ```server-cert.pem``` and ```server-key.pem``` +- Client Certificate (Signed by CA), Key and CA Certificate for following client side authentication (See Sub-Section 4 - Test) -For more details on the generation process, checkout the Prerequisite [docs](../../PREREQUISITES.md#client-certificate-authentication). +:memo: If Intermediate CA-Certificates (Official CA, non-self-signed) used, they all need to be concatenated (CA authority chain) in one CA file. -You can have as many certificates as you want. If they're in the binary DER format, you can convert them as the following: +The following commands let you generate self-signed Certificates and Keys for testing-purpose. + +- Generate the CA Key and Certificate: + +```bash +openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca-key.der -out ca-cert.der -days 356 -nodes -subj '/CN=My Cert Authority' +``` + +- Generate the Server Key, and Certificate and Sign with the CA Certificate: + +```bash +openssl req -new -newkey rsa:4096 -keyout server-key.der -out server.csr -nodes -subj '/CN=mydomain.com' +openssl x509 -req -sha256 -days 365 -in server.csr -CA ca-cert.der -CAkey ca-key.der -set_serial 01 -out server-cert.der +``` + +:memo: The CN (Common Name) x.509 attribute for the server Certificate ***must*** match the dns hostname referenced in ingress definition, see example below. + +- Generate the Client Key, and Certificate and Sign with the CA Certificate: + +```bash +openssl req -new -newkey rsa:4096 -keyout client-key.der -out client.csr -nodes -subj '/CN=My Client' +openssl x509 -req -sha256 -days 365 -in client.csr -CA ca-cert.der -CAkey ca-key.der -set_serial 02 -out client-cert.der +``` + +## 2. Import Certificates / Keys to Kubernetes Secret-Backend + +- Convert all files specified in 1) from .der (binary format) to .pem (base64 encoded): ```bash openssl x509 -in certificate.der -inform der -out certificate.crt -outform pem ``` -Then, you can concatenate them all into one file, named 'ca.crt' with the following: +:exclamation: Kubernetes Web-Services import relies on .pem Base64-encoded format. + +:zap: There is no need to import the CA Private Key, the Private Key is used only to sign new Client Certificates by the CA. + +- Import the CA Certificate as Kubernetes sub-type ```generic/ca.crt``` ```bash -cat certificate1.crt certificate2.crt certificate3.crt >> ca.crt +kubectl create secret generic ca-secret --from-file=ca.crt=./ca-cert.pem ``` -**Note:** Make sure that the Key Size is greater than 1024 and Hashing Algorithm (Digest) is something better than md5 -for each certificate generated. Otherwise you will receive an error. +- Import the Server Certificate and Key as Kubernetes sub-type ```tls``` for transport layer -## Creating Certificate Secrets +```bash +kubectl create secret tls tls-secret --cert ./server-cert.pem --key ./server-key.pem +``` -There are many different ways of configuring your secrets to enable Client-Certificate -Authentication to work properly. +- Optional import CA-cert, Server-cert and Server-Key for TLS and Client-Auth -* You can create a secret containing just the CA certificate and another - Secret containing the Server Certificate which is Signed by the CA. +```bash +kubectl create secret generic tls-and-auth --from-file=tls.crt=./server-crt.pem --from-file=tls.key=./server-key.pem --from-file=ca.crt=./ca-cert.pem +``` - ```bash - kubectl create secret generic ca-secret --from-file=ca.crt=ca.crt - kubectl create secret generic tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key - ``` +- Optional import a CRL (Certificate Revocation List) -* You can create a secret containing CA certificate along with the Server - Certificate that can be used for both TLS and Client Auth. +```bash +kubectl create secret generic ca-secret --from-file=ca.crt=./ca-cert.pem --from-file=ca.crl=./ca-crl.pem +``` - ```bash - kubectl create secret generic ca-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt - ``` +## 3. Annotations / Ingress-Reference -* If you want to also enable Certificate Revocation List verification you can - create the secret also containing the CRL file in PEM format: - ```bash - kubectl create secret generic ca-secret --from-file=ca.crt=ca.crt --from-file=ca.crl=ca.crl - ``` +Now we are able to reference the created secrets in the ingress definition. -Note: The CA Certificate must contain the trusted certificate authority chain to verify client certificates. +:memo: The CA Certificate "authentication" will be reference in annotations. -## Setup Instructions +| Annotation | Description | Remark | +|---------------------------------------------------------------------------|----------------------------|--------------------| +| nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" | Activate Client-Auth | If "on", verify client Certificate | +| nginx.ingress.kubernetes.io/auth-tls-secret: "namespace/ca-secret" | CA "secret" reference | Secret namespace and service / ingress namespace must match | +| nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" | CA "chain" depth | How many CA levels should be processed | +| nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" | Pass Cert / Header | Pass Certificate to Web-App for e.g. parsing Client E-Mail Address x.509 Property | + +:memo: The Server Certificate for transport layer will be referenced in tls .yaml subsection. + +```yaml +tls: + - hosts: + - mydomain.com + secretName: tls-secret +``` + +## 4. Example / Test + +The working .yaml Example: [ingress.yaml](ingress.yaml) + +- Test by performing a curl / wget against the Ingress Path without the Client Cert and expect a Status Code 400 (Bad Request - No required SSL certificate was sent). +- Test by performing a curl / wget against the Ingress Path with the Client Cert and expect a Status Code 200. + +```bash +wget \ +--ca-cert=ca-cert.pem \ +--certificate=client-cert.pem \ +--private-key=client-key.pem \ +https://mydomain.com +``` + +## 5. Remarks + +| :exclamation: In future releases, CN verification seems to be "replaced" by SAN (Subject Alternate Name) for verrification, so do not forget to add | +|-----------------------------------------------------------------------------------------------------------------------------------------------------| + +```bash +openssl req -addext "subjectAltName = DNS:mydomain.com" ... +``` -1. Add the annotations as provided in the [ingress.yaml](ingress.yaml) example to your own ingress resources as required. -2. Test by performing a curl against the Ingress Path without the Client Cert and expect a Status Code 400. -3. Test by performing a curl against the Ingress Path with the Client Cert and expect a Status Code 200. From 737c75d4f76204f60160110b57cac28f2a82a2ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 12:30:43 +0100 Subject: [PATCH 28/35] Bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 (#10746) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.14.0 to 0.16.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/2b6a709cf9c4025c5438138008beaddbb02086f0...91713af97dc80187565512baba96e4364e983601) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/vulnerability-scans.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 226586030..5e17f65b7 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -60,7 +60,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # v0.14.0 + uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 # v0.16.0 with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' From 759ac63a86537a4ed64a4ddbfd49c8d75d18dd5e Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 11 Dec 2023 21:16:59 -0500 Subject: [PATCH 29/35] supdate images from golang upgrade (#10750) --- NGINX_BASE | 2 +- build/run-in-docker.sh | 2 +- .../custom-errors/custom-default-backend.helm.values.yaml | 2 +- .../customization/custom-errors/custom-default-backend.yaml | 2 +- test/e2e-image/Makefile | 2 +- test/e2e/settings/ocsp/ocsp.go | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/NGINX_BASE b/NGINX_BASE index 8c12b0f65..058a89bb1 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:v20231129-9439e6c71@sha256:ca1349074a0d087d8fca347ea4c04fa12c0275f53f72d6f65118307285efc8ca \ No newline at end of file +registry.k8s.io/ingress-nginx/nginx:v20231208-4c39e6acc@sha256:03508408458d00ba4e219d2693ba2a039ba66d4151ab9b43794f61877e0abb73 \ No newline at end of file diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 7ae9e2a12..2e1256fb2 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -44,7 +44,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20231011-8b53cabe0@sha256:ed0dad805c635e66469b4ac376010eebdd0b3fe62d753f58db1632d6f12f451d} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20231208-4c39e6acc@sha256:0607184ca9c53c9c24a47b6f52347dd96137b05c6f276efa67051929a39e8f7a} if [[ "$RUNTIME" == podman ]]; then # Podman does not support both tag and digest diff --git a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml index 708a93831..865857dea 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml @@ -6,7 +6,7 @@ defaultBackend: image: registry: registry.k8s.io image: ingress-nginx/nginx-errors - tag: "v20230505@sha256:3600dcd1bbd0d05959bb01af4b272714e94d22d24a64e91838e7183c80e53f7f" + tag: "v20231208-4c39e6acc@sha256:c2ca20775f41c0c89906dc74a31239d94ac48e84e7c6164affed41fe669cdaa5" extraVolumes: - name: custom-error-pages configMap: diff --git a/docs/examples/customization/custom-errors/custom-default-backend.yaml b/docs/examples/customization/custom-errors/custom-default-backend.yaml index e606c5b62..993f91f5b 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml @@ -36,7 +36,7 @@ spec: spec: containers: - name: nginx-error-server - image: registry.k8s.io/ingress-nginx/nginx-errors:v20230505@sha256:3600dcd1bbd0d05959bb01af4b272714e94d22d24a64e91838e7183c80e53f7f + image: registry.k8s.io/ingress-nginx/nginx-errors:v20231208-4c39e6acc@sha256:c2ca20775f41c0c89906dc74a31239d94ac48e84e7c6164affed41fe669cdaa5 ports: - containerPort: 8080 # Setting the environment variable DEBUG we can see the headers sent diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index ff5aa8fb6..ed6c6d52d 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20231011-8b53cabe0@sha256:ed0dad805c635e66469b4ac376010eebdd0b3fe62d753f58db1632d6f12f451d" +E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20231208-4c39e6acc@sha256:0607184ca9c53c9c24a47b6f52347dd96137b05c6f276efa67051929a39e8f7a" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/settings/ocsp/ocsp.go b/test/e2e/settings/ocsp/ocsp.go index 4d419c5d0..f6f106b06 100644 --- a/test/e2e/settings/ocsp/ocsp.go +++ b/test/e2e/settings/ocsp/ocsp.go @@ -292,7 +292,7 @@ func ocspserveDeployment(namespace string) (*appsv1.Deployment, *corev1.Service) Containers: []corev1.Container{ { Name: name, - Image: "registry.k8s.io/ingress-nginx/e2e-test-cfssl@sha256:adaa118c179c41cb33fb567004a1f0c71b8fce6bc13263efa63d42dddd5b4346", + Image: "registry.k8s.io/ingress-nginx/e2e-test-cfssl@sha256:48869cf72b0ceb1d8c82029f85961e423daf3ff8a04f4a455150000f90a90606", Command: []string{ "/bin/bash", "-c", From 97d4a83e75ff6ff41243edb5fededbc251aa56b5 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 13 Dec 2023 09:29:06 +0100 Subject: [PATCH 30/35] Deployment/DaemonSet: Remove `distroless` from `extraModules` templating. (#10742) --- charts/ingress-nginx/templates/controller-daemonset.yaml | 4 ++-- charts/ingress-nginx/templates/controller-deployment.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index e6e28c872..718e20c52 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -183,13 +183,13 @@ spec: {{- if .Values.controller.extraModules }} {{- range .Values.controller.extraModules }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} + {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} {{- end }} {{- end }} {{- if .Values.controller.opentelemetry.enabled }} {{- with .Values.controller.opentelemetry }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} + {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} {{- end }} {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index cd59c7979..5ff45585b 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -186,13 +186,13 @@ spec: {{- if .Values.controller.extraModules }} {{- range .Values.controller.extraModules }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} + {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} {{- end }} {{- end }} {{- if .Values.controller.opentelemetry.enabled }} {{- with .Values.controller.opentelemetry }} {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} + {{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} {{- end }} {{- end }} {{- end }} From 6ff70f015dd8b12d5e96adc6ef3c16e1c9060944 Mon Sep 17 00:00:00 2001 From: Cheng Pan Date: Wed, 13 Dec 2023 16:54:59 +0800 Subject: [PATCH 31/35] Docs: Keep title in navbar in upcase (#10755) --- mkdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index 7f10a1d53..cbc2988ce 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -78,7 +78,7 @@ nav: - Role Based Access Control (RBAC): "deploy/rbac.md" - Upgrade: "deploy/upgrade.md" - Hardening guide: "deploy/hardening-guide.md" - - User guide: + - User Guide: - NGINX Configuration: - Introduction: "user-guide/nginx-configuration/index.md" - Basic usage: "user-guide/basic-usage.md" From be7f508c73cefc030ea37937902c32baf1eec914 Mon Sep 17 00:00:00 2001 From: Stavros Foteinopoulos Date: Thu, 14 Dec 2023 17:17:09 +0200 Subject: [PATCH 32/35] Add more unit tests to helm chart (#10731) * Add more unit tests to helm chart Signed-off-by: Stavros Foteinopoulos * Apply suggestions from code review Co-authored-by: Marco Ebert * Apply suggestions from code review Co-authored-by: Marco Ebert * Apply suggestions from code review Co-authored-by: Marco Ebert * Use upstream helm-unittest repository Signed-off-by: Stavros Foteinopoulos * Remove non existing value from controller unittest Signed-off-by: Stavros Foteinopoulos * fix unit test Signed-off-by: Stavros Foteinopoulos * Apply suggestions from code review Co-authored-by: Marco Ebert * Apply suggestions from code review Co-authored-by: Marco Ebert --------- Signed-off-by: Stavros Foteinopoulos Co-authored-by: Marco Ebert --- .github/workflows/ci.yaml | 2 +- .../controller-configmap-addheaders_test.yaml | 27 +++++++++++++++ ...ontroller-configmap-proxyheaders_test.yaml | 27 +++++++++++++++ .../tests/controller-configmap_test.yaml | 14 ++++++++ .../tests/controller-daemonset_test.yaml | 16 +++++++++ .../tests/controller-deployment_test.yaml | 34 +++++++++++++++++++ .../tests/controller-hpa_test.yaml | 17 ++++++++++ .../tests/controller-keda_test.yaml | 17 ++++++++++ .../tests/controller-networkpolicy_test.yaml | 23 +++++++++++++ .../controller-service-internal_test.yaml | 25 ++++++++++++++ .../controller-service-metrics_test.yaml | 23 +++++++++++++ .../tests/controller-service_test.yaml | 32 +++++++++++++++++ .../tests/default-backend-service_test.yaml | 32 +++++++++++++++++ 13 files changed, 288 insertions(+), 1 deletion(-) create mode 100644 charts/ingress-nginx/tests/controller-configmap-addheaders_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-configmap-proxyheaders_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-configmap_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-daemonset_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-deployment_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-hpa_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-keda_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-networkpolicy_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-service-internal_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-service-metrics_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-service_test.yaml create mode 100644 charts/ingress-nginx/tests/default-backend-service_test.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cfb243808..3c9559b08 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -165,7 +165,7 @@ jobs: - name: Install Helm Unit Test Plugin run: | - helm plugin install https://github.com/quintush/helm-unittest + helm plugin install https://github.com/helm-unittest/helm-unittest - name: Run Helm Unit Tests run: | diff --git a/charts/ingress-nginx/tests/controller-configmap-addheaders_test.yaml b/charts/ingress-nginx/tests/controller-configmap-addheaders_test.yaml new file mode 100644 index 000000000..e831d50c0 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-configmap-addheaders_test.yaml @@ -0,0 +1,27 @@ +suite: Controller > ConfigMap > Add Headers +templates: + - controller-configmap-addheaders.yaml + +tests: + - it: should not create a ConfigMap if `controller.addHeaders` is not set + set: + controller.addHeaders: null + asserts: + - hasDocuments: + count: 0 + + - it: should create a ConfigMap if `controller.addHeaders` is set + set: + controller.addHeaders: + X-Another-Custom-Header: Value + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-custom-add-headers + - equal: + path: data.X-Another-Custom-Header + value: Value diff --git a/charts/ingress-nginx/tests/controller-configmap-proxyheaders_test.yaml b/charts/ingress-nginx/tests/controller-configmap-proxyheaders_test.yaml new file mode 100644 index 000000000..0634a3739 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-configmap-proxyheaders_test.yaml @@ -0,0 +1,27 @@ +suite: Controller > ConfigMap > Proxy Headers +templates: + - controller-configmap-proxyheaders.yaml + +tests: + - it: should not create a ConfigMap if `controller.proxySetHeaders` is not set + set: + controller.proxySetHeaders: null + asserts: + - hasDocuments: + count: 0 + + - it: should create a ConfigMap if `controller.proxySetHeaders` is set + set: + controller.proxySetHeaders: + X-Custom-Header: Value + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-custom-proxy-headers + - equal: + path: data.X-Custom-Header + value: Value diff --git a/charts/ingress-nginx/tests/controller-configmap_test.yaml b/charts/ingress-nginx/tests/controller-configmap_test.yaml new file mode 100644 index 000000000..038760338 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-configmap_test.yaml @@ -0,0 +1,14 @@ +suite: Controller > ConfigMap +templates: + - controller-configmap.yaml + +tests: + - it: should create a ConfigMap + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/charts/ingress-nginx/tests/controller-daemonset_test.yaml new file mode 100644 index 000000000..2e85848b6 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -0,0 +1,16 @@ +suite: Controller > DaemonSet +templates: + - controller-daemonset.yaml + +tests: + - it: should create a DaemonSet if `controller.kind` is "DaemonSet" + set: + controller.kind: DaemonSet + asserts: + - hasDocuments: + count: 1 + - isKind: + of: DaemonSet + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml new file mode 100644 index 000000000..01844612e --- /dev/null +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -0,0 +1,34 @@ +suite: Controller > Deployment +templates: + - controller-deployment.yaml + +tests: + - it: should create a Deployment + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Deployment + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller + + - it: should create a Deployment with 3 replicas if `controller.replicaCount` is 3 + set: + controller.replicaCount: 3 + asserts: + - equal: + path: spec.replicas + value: 3 + + - it: should create a Deployment with resource limits if `controller.resources.limits` is set + set: + controller.resources.limits.cpu: 500m + controller.resources.limits.memory: 512Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 500m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 512Mi diff --git a/charts/ingress-nginx/tests/controller-hpa_test.yaml b/charts/ingress-nginx/tests/controller-hpa_test.yaml new file mode 100644 index 000000000..7cd668509 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-hpa_test.yaml @@ -0,0 +1,17 @@ +suite: Controller > HPA +templates: + - controller-hpa.yaml + +tests: + - it: should create a HPA if `controller.kind` is "Deployment" and `controller.autoscaling.enabled` is true + set: + controller.kind: Deployment + controller.autoscaling.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: HorizontalPodAutoscaler + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-keda_test.yaml b/charts/ingress-nginx/tests/controller-keda_test.yaml new file mode 100644 index 000000000..e6ca8dbfe --- /dev/null +++ b/charts/ingress-nginx/tests/controller-keda_test.yaml @@ -0,0 +1,17 @@ +suite: Controller > KEDA +templates: + - controller-keda.yaml + +tests: + - it: should create a ScaledObject if `controller.kind` is "Deployment" and `controller.keda.enabled` is true + set: + controller.kind: Deployment + controller.keda.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ScaledObject + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-networkpolicy_test.yaml b/charts/ingress-nginx/tests/controller-networkpolicy_test.yaml new file mode 100644 index 000000000..5de12e9c4 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-networkpolicy_test.yaml @@ -0,0 +1,23 @@ +suite: Controller > NetworkPolicy +templates: + - controller-networkpolicy.yaml + +tests: + - it: should not create a NetworkPolicy if `controller.networkPolicy.enabled` is false + set: + controller.networkPolicy.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a NetworkPolicy if `controller.networkPolicy.enabled` is true + set: + controller.networkPolicy.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: NetworkPolicy + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-service-internal_test.yaml b/charts/ingress-nginx/tests/controller-service-internal_test.yaml new file mode 100644 index 000000000..5465e1a2b --- /dev/null +++ b/charts/ingress-nginx/tests/controller-service-internal_test.yaml @@ -0,0 +1,25 @@ +suite: Controller > Service > Internal +templates: + - controller-service-internal.yaml + +tests: + - it: should not create an internal Service if `controller.service.internal.enabled` is false + set: + controller.service.internal.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create an internal Service if `controller.service.internal.enabled` is true and `controller.service.internal.annotations` are set + set: + controller.service.internal.enabled: true + controller.service.internal.annotations: + test.annotation: "true" + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller-internal diff --git a/charts/ingress-nginx/tests/controller-service-metrics_test.yaml b/charts/ingress-nginx/tests/controller-service-metrics_test.yaml new file mode 100644 index 000000000..afdb94046 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-service-metrics_test.yaml @@ -0,0 +1,23 @@ +suite: Controller > Service > Metrics +templates: + - controller-service-metrics.yaml + +tests: + - it: should not create a metrics Service if `controller.metrics.enabled` is false + set: + controller.metrics.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a metrics Service if `controller.metrics.enabled` is true + set: + controller.metrics.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller-metrics diff --git a/charts/ingress-nginx/tests/controller-service_test.yaml b/charts/ingress-nginx/tests/controller-service_test.yaml new file mode 100644 index 000000000..2810d4679 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-service_test.yaml @@ -0,0 +1,32 @@ +suite: Controller > Service +templates: + - controller-service.yaml + +tests: + - it: should not create a Service if `controller.service.external.enabled` is false + set: + controller.service.external.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a Service if `controller.service.external.enabled` is true + set: + controller.service.external.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller + + - it: should create a Service of type "NodePort" if `controller.service.external.enabled` is true and `controller.service.type` is "NodePort" + set: + controller.service.enabled: true + controller.service.type: NodePort + asserts: + - equal: + path: spec.type + value: NodePort diff --git a/charts/ingress-nginx/tests/default-backend-service_test.yaml b/charts/ingress-nginx/tests/default-backend-service_test.yaml new file mode 100644 index 000000000..f16904f9f --- /dev/null +++ b/charts/ingress-nginx/tests/default-backend-service_test.yaml @@ -0,0 +1,32 @@ +suite: Default Backend > Service +templates: + - default-backend-service.yaml + +tests: + - it: should not create a Service if `defaultBackend.enabled` is false + set: + defaultBackend.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a Service if `defaultBackend.enabled` is true + set: + defaultBackend.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-defaultbackend + + - it: should create a Service with port 80 if `defaultBackend.service.port` is 80 + set: + defaultBackend.enabled: true + defaultBackend.service.port: 80 + asserts: + - equal: + path: spec.ports[0].port + value: 80 From 648cb8bb0a3934312250435cb31f9cc9a10956ea Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Fri, 15 Dec 2023 01:13:34 +0100 Subject: [PATCH 33/35] CI: Replace `chart-testing` image by `e2e-test-runner`. (#10761) --- hack/verify-chart-lint.sh | 4 +--- test/e2e/run-chart-test.sh | 5 ++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/hack/verify-chart-lint.sh b/hack/verify-chart-lint.sh index 9ece681e0..1c661ae2b 100755 --- a/hack/verify-chart-lint.sh +++ b/hack/verify-chart-lint.sh @@ -19,6 +19,4 @@ set -o nounset set -o pipefail KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )" -# TODO: This is a temporary workaround while we don't update Helm Chart test -curl https://raw.githubusercontent.com/helm/chart-testing/v3.8.0/etc/chart_schema.yaml -o /tmp/chart_schema.yaml -ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false --chart-yaml-schema=/tmp/chart_schema.yaml +ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index cdcf729f5..eedb2bef5 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -104,13 +104,12 @@ if [ "${SKIP_CERT_MANAGER_CREATION:-false}" = "false" ]; then fi echo "[dev-env] running helm chart e2e tests..." -# Uses a custom chart-testing image to avoid timeouts waiting for namespace deletion. -# The changes can be found here: https://github.com/aledbf/chart-testing/commit/41fe0ae0733d0c9a538099fb3cec522e888e3d82 docker run --rm --interactive --network host \ --name ct \ --volume $KUBECONFIG:/root/.kube/config \ --volume "${DIR}/../../":/workdir \ --workdir /workdir \ - aledbf/chart-testing:v3.3.1-next ct install \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20231208-4c39e6acc@sha256:0607184ca9c53c9c24a47b6f52347dd96137b05c6f276efa67051929a39e8f7a \ + ct install \ --charts charts/ingress-nginx \ --helm-extra-args "--timeout 60s" From 6c876bba9ad90414c3ace6473c1ad0912db5d0d5 Mon Sep 17 00:00:00 2001 From: AhmedGrati <48932084+AhmedGrati@users.noreply.github.com> Date: Fri, 15 Dec 2023 14:25:39 +0100 Subject: [PATCH 34/35] fix: disable cluster wide controller role permissions (#10659) Signed-off-by: AhmedGrati --- charts/ingress-nginx/templates/controller-role.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index f6217a29a..a94b39978 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -44,12 +44,15 @@ rules: - get - list - watch + # Omit Ingress status permissions if `--update-status` is disabled. + {{- if ne (index .Values.controller.extraArgs "update-status") "false" }} - apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - update + {{- end }} - apiGroups: - networking.k8s.io resources: From e2856809a5fed79777c764fc8778f80aac65751f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 08:43:58 +0100 Subject: [PATCH 35/35] Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#10775) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 817432787..524d4760b 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 - golang.org/x/crypto v0.16.0 + golang.org/x/crypto v0.17.0 google.golang.org/grpc v1.59.0 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 diff --git a/go.sum b/go.sum index 2a615836b..bd5c6a656 100644 --- a/go.sum +++ b/go.sum @@ -399,8 +399,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=