Merge branch 'main' into allow-any-protocol-cors

2024-08-22 19:34:52 -03:00 · 2024-08-22 19:34:52 -03:00 · ed3b2dbdb0
commit ed3b2dbdb0
parent 1a22978f2e 3bec99ecfc
265 changed files with 72926 additions and 64758 deletions
--- a/.ct.yaml
+++ b/.ct.yaml
@ -0,0 +1,26 @@
 # Copyright 2024 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
 remote: origin
 target-branch: main
 validate-maintainers: false
 check-version-increment: false
 chart-repos:
  - ingress-nginx=https://kubernetes.github.io/ingress-nginx
 helm-extra-args: --timeout 800s
 chart-dirs:
  - charts
--- a/.github/ISSUE_TEMPLATE/cve_report.md
+++ b/.github/ISSUE_TEMPLATE/cve_report.md
@ -4,8 +4,9 @@ about: CVE reporting for ingress-nginx
 title: ''
 labels: kind/bug
 assignees:
-    - strongjz
+    - Gacko
    - rikatz
    - strongjz
 ---
 <!-- if you found something that impacts directly ingress-nginx and
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -47,7 +47,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
@ -69,22 +69,24 @@ jobs:
            baseimage:
              - 'NGINX_BASE'
              - 'images/nginx-1.25/**'
            docs:
              - '**/*.md'
  test-go:
    runs-on: ubuntu-latest
    needs: changes
    if: |
-      (needs.changes.outputs.go == 'true')
+      (needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Get go version
        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
      - name: Set up Go
        id: go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GOLANG_VERSION }}
          check-latest: true
@ -92,6 +94,27 @@ jobs:
      - name: Run test
        run: make test
  verify-docs:
    name: Verify Doc generation
    runs-on: ubuntu-latest
    needs: changes
    if: |
      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    steps:
      - name: Checkout
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Get go version
        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
      - name: Set up Go
        id: go
        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GOLANG_VERSION }}
          check-latest: true
      - name: Verify Docs
        run: make verify-docs
  build:
    name: Build
    runs-on: ubuntu-latest
@ -99,13 +122,13 @@ jobs:
    outputs:
      golangversion: ${{ steps.golangversion.outputs.version }}
    if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true')
+      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    env:
        PLATFORMS: linux/amd64
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Get go version
        id: golangversion
@ -114,17 +137,17 @@ jobs:
      - name: Set up Go
        id: go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ steps.golangversion.outputs.version }}
          check-latest: true
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
        with:
          version: latest
@ -163,33 +186,35 @@ jobs:
            | gzip > docker.tar.gz
      - name: cache
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
        with:
          name: docker.tar.gz
          path: docker.tar.gz
          retention-days: 5
-  helm:
+
-    name: Helm chart
+  helm-lint:
    name: Helm chart lint
    runs-on: ubuntu-latest
    needs:
      - changes
      - build
    if: |
-      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true')
+      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    strategy:
      matrix:
        k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Setup Go
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
        with:
-          go-version: ${{ needs.build.outputs.golangversion }}
+          fetch-depth: 0
-          check-latest: true
+
      - name: Set up Helm
        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
        with:
          python-version: '3.x'
      - name: Set up chart-testing
        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
      - name: Install Helm Unit Test Plugin
        run: |
@ -199,14 +224,8 @@ jobs:
        run: |
          helm unittest charts/ingress-nginx -d
-      - name: cache
+      - name: Run chart-testing (lint)
-        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+        run: ct lint --config ./.ct.yaml
        with:
          name: docker.tar.gz
      - name: Lint
        run: |
          ./build/run-in-docker.sh ./hack/verify-chart-lint.sh
      - name: Run helm-docs
        run: |
@ -227,6 +246,35 @@ jobs:
          ./ah lint -p charts/ingress-nginx || exit 1
          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
  helm-test:
    name: Helm chart testing
    runs-on: ubuntu-latest
    needs:
      - changes
      - build
      - helm-lint
    if: |
      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    strategy:
      matrix:
        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
    steps:
      - name: Checkout
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Setup Go
        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ needs.build.outputs.golangversion }}
          check-latest: true
      - name: cache
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: docker.tar.gz
      - name: fix permissions
        run: |
          sudo mkdir -p $HOME/.kube
@ -258,10 +306,10 @@ jobs:
      - changes
      - build
    if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true')
+      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    strategy:
      matrix:
-        k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
    uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
    with:
      k8s-version: ${{ matrix.k8s }}
@ -272,10 +320,10 @@ jobs:
      - changes
      - build
    if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true')
+      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    strategy:
      matrix:
-        k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
    uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
    with:
      k8s-version: ${{ matrix.k8s }}
@ -287,10 +335,10 @@ jobs:
      - changes
      - build
    if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true')
+      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    strategy:
      matrix:
-        k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
    uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
    with:
      k8s-version: ${{ matrix.k8s }}
--- a/.github/workflows/depreview.yaml
+++ b/.github/workflows/depreview.yaml
@ -9,6 +9,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
--- a/.github/workflows/docs.yaml
+++ b/.github/workflows/docs.yaml
@ -23,7 +23,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
@ -47,7 +47,7 @@ jobs:
    steps:
      - name: Checkout master
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Deploy
        uses: ./.github/actions/mkdocs
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -15,19 +15,19 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Get go version
        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
      - name: Set up Go
        id: go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GOLANG_VERSION }}
          check-latest: true
      - name: golangci-lint
-        uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
+        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
        with:
          version: v1.56
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@ -4,6 +4,9 @@ on:
  push:
    branches:
      - main
      - release-*
  workflow_dispatch:
 permissions:
  contents: read
@ -11,19 +14,20 @@ permissions:
 jobs:
  changes:
    runs-on: ubuntu-latest
    permissions:
      contents: read  # for dorny/paths-filter to fetch a list of changed files
-      pull-requests: read  # for dorny/paths-filter to read pull requests
+
-    runs-on: ubuntu-latest
+    if: github.repository == 'kubernetes/ingress-nginx'
-    if: |
+
      (github.repository == 'kubernetes/ingress-nginx')
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
      charts: ${{ steps.filter.outputs.charts }}
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Run Artifact Hub lint
        run: |
@ -33,9 +37,11 @@ jobs:
          ./ah lint -p charts/ingress-nginx || exit 1
          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
-      - name: Lint
+      - name: Set up chart-testing
-        run: |
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
-          ./build/run-in-docker.sh ./hack/verify-chart-lint.sh
+
      - name: Run chart-testing (lint)
        run: ct lint --target-branch ${{ github.ref_name }} --config ./.ct.yaml
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
@ -55,16 +61,16 @@ jobs:
    needs:
      - changes
-    if: |
+
-      (github.repository == 'kubernetes/ingress-nginx') &&
+    if: ${{ needs.changes.outputs.charts == 'true' }}
      (needs.changes.outputs.charts == 'true')
    steps:
      - name: Checkout master
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
          fetch-depth: 0
          ref: ${{ github.ref_name }} 
      - name: Setup
        shell: bash
--- a/.github/workflows/images.yaml
+++ b/.github/workflows/images.yaml
@ -41,7 +41,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
        with:
@ -141,17 +141,17 @@ jobs:
      (needs.changes.outputs.kube-webhook-certgen == 'true')
    strategy:
      matrix:
-        k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, v1.29.0]
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
    steps:
    - name: Checkout
-      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
    - name: Get go version
      run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
    - name: Set up Go
      id: go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
      with:
        go-version: ${{ env.GOLANG_VERSION }}
        check-latest: true
@ -178,7 +178,7 @@ jobs:
        nginx: ['1.25.3', '1.21.6']
    steps:
    - name: Checkout
-      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
    - name: image build
      run: |
        cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build
@ -195,17 +195,17 @@ jobs:
      PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
        with:
          version: latest
          platforms: ${{ env.PLATFORMS }}
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
--- a/.github/workflows/junit-reports.yaml
+++ b/.github/workflows/junit-reports.yaml
@ -9,7 +9,7 @@ jobs:
  report:
    runs-on: ubuntu-latest
    steps:
-      - uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0
+      - uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
        with:
          artifact: /e2e-test-reports-(.*)/
          name: JEST Tests $1               # Name of the check run which will be created
--- a/.github/workflows/perftest.yaml
+++ b/.github/workflows/perftest.yaml
@ -19,7 +19,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Install K6
        run: |
--- a/.github/workflows/plugin.yaml
+++ b/.github/workflows/plugin.yaml
@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0
@ -20,14 +20,14 @@ jobs:
        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
      - name: Set up Go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GOLANG_VERSION }}
          check-latest: true
      - name: Run GoReleaser Snapshot
        if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
-        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
        with:
          version: latest
          args: release --snapshot --clean
@ -36,7 +36,7 @@ jobs:
      - name: Run GoReleaser
        if: ${{ startsWith(github.ref, 'refs/tags/') }}
-        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
        with:
          version: latest
          args: release --clean
--- a/.github/workflows/project.yml
+++ b/.github/workflows/project.yml
@ -13,7 +13,7 @@ jobs:
      repository-projects: write
      issues: write
    steps:
-      - uses: actions/add-to-project@0609a2702eefb44781da00f8e04901d6e5cd2b92 # v0.6.0
+      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
        with:
          project-url: https://github.com/orgs/kubernetes/projects/104
          github-token: ${{ secrets.PROJECT_WRITER }}
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@ -27,12 +27,12 @@ jobs:
    steps:
      - name: "Checkout code"
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          persist-credentials: false
      - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
        with:
          results_file: results.sarif
          results_format: sarif
@ -51,7 +51,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
        with:
          name: SARIF file
          path: results.sarif
@ -59,6 +59,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
+        uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
        with:
          sarif_file: results.sarif
--- a/.github/workflows/vulnerability-scans.yaml
+++ b/.github/workflows/vulnerability-scans.yaml
@ -22,7 +22,7 @@ jobs:
      versions: ${{ steps.version.outputs.TAGS }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0
@ -52,7 +52,7 @@ jobs:
        versions: ${{ fromJSON(needs.version.outputs.versions) }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - shell: bash
        id: test
@ -60,7 +60,7 @@ jobs:
      - name: Scan image with AquaSec/Trivy
        id: scan
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
        with:
          image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
          format: 'sarif'
@ -75,7 +75,7 @@ jobs:
      # This step checks out a copy of your repository.
      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
+        uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
        with:
          token: ${{ github.token }}
          # Path to SARIF file relative to the root of the repository
--- a/.github/workflows/zz-tmpl-images.yaml
+++ b/.github/workflows/zz-tmpl-images.yaml
@ -31,7 +31,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
        with:
@ -48,7 +48,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Build
        run: |
@ -67,10 +67,10 @@ jobs:
      PLATFORMS: ${{ inputs.platforms-publish }}
    steps:
    - name: Checkout
-      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
    - name: Login to GitHub Container Registry
-      uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
--- a/.github/workflows/zz-tmpl-k8s-e2e.yaml
+++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml
@ -20,10 +20,10 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: cache
-        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: docker.tar.gz
@ -50,7 +50,7 @@ jobs:
          make kind-e2e-test
      - name: Upload e2e junit-reports ${{ inputs.variation }}
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
        if: success() || failure()
        with:
          name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }}
--- a/2
+++ b/2
@ -1 +1 @@
-1.22.1
+1.22.6
--- a/5
+++ b/5
@ -110,7 +110,7 @@ clean-chroot-image: ## Removes local image
 .PHONY: build
 build:  ## Build ingress controller, debug tool and pre-stop hook.
-	E2E_IMAGE=golang:$(GO_VERSION)-alpine3.19 USE_SHELL=/bin/sh build/run-in-docker.sh \
+	E2E_IMAGE=golang:$(GO_VERSION)-alpine3.20 USE_SHELL=/bin/sh build/run-in-docker.sh \
 		MAC_OS=$(MAC_OS) \
 		PKG=$(PKG) \
 		ARCH=$(ARCH) \
@ -124,6 +124,9 @@ build:  ## Build ingress controller, debug tool and pre-stop hook.
 clean: ## Remove .gocache directory.
 	rm -rf bin/ .gocache/ .cache/
 .PHONY: verify-docs
 verify-docs: ## Verify doc generation
 	hack/verify-annotation-docs.sh
 .PHONY: static-check
 static-check: ## Run verification script for boilerplate, codegen, gofmt, golint, lualint and chart-lint.
--- a/2
+++ b/2
@ -1 +1 @@
-registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.5@sha256:cdafd6c9d36e23414ce41330a482f9136ce82fac46802809681f61cdcd5ad0bb
+registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.12@sha256:2d471b3a34dc43d10c3f3d7f2a6e8a2ecf7654a4197e56374261c1c708b16365
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
 approvers:
 - ingress-nginx-maintainers
--- a/20
+++ b/20
@ -1,4 +1,4 @@
-# See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md
+# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
 aliases:
  sig-network-leads:
@ -7,38 +7,34 @@ aliases:
  - thockin
  ingress-nginx-admins:
  - Gacko
  - rikatz
  - strongjz
  ingress-nginx-maintainers:
  - cpanato
  - Gacko
  - puerco
  - rikatz
  - strongjz
  - cpanato
  - puerco
  - tao12345666333
  ingress-nginx-reviewers:
  - cpanato
  - Gacko
  - puerco
  - rikatz
  - strongjz
  - puerco
  - cpanato
  - tao12345666333
  ingress-nginx-helm-maintainers:
  - cpanato
  - Gacko
  - strongjz
  - ubergesundheit
  ingress-nginx-helm-reviewers:
  - cpanato
  - Gacko
  - strongjz
  - ubergesundheit
  ingress-nginx-docs-maintainers:
  - longwuyuan
  - tao12345666333
  ingress-nginx-kube-webhook-certgen-reviewers:
  - invidian
--- a/README.md
+++ b/README.md
@ -6,7 +6,6 @@
 [![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers)
 [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md)
 ## Overview
 ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load
@ -37,14 +36,21 @@ Supported versions for the ingress-nginx project mean that we have completed E2E
 the versions listed. Ingress-Nginx versions **may** work on older versions, but the project does not make that guarantee.
 | Supported | Ingress-NGINX version | k8s supported version         | Alpine Version | Nginx Version | Helm Chart Version |
-|:--:|-----------------------|------------------------------|----------------|---------------|------------------------------|
+| :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ |
-| 🔄 | **v1.10.0**            | 1.29, 1.28, 1.27, 1.26        | 3.19.1         | 1.25.3        | 4.10.0*                 |
+|    🔄     | **v1.11.2**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.11.2             |
-| 🔄 | **v1.9.6**            | 1.29, 1.28, 1.27, 1.26, 1.25        | 3.19.0         | 1.21.6        | 4.9.1*                 |
+|    🔄     | **v1.11.1**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.11.1             |
-| 🔄 | **v1.9.5**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.9.0*                       |
+|    🔄     | **v1.11.0**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.11.0             |
-| 🔄 | **v1.9.4**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3                        |
+|    🔄     | **v1.10.4**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.10.4             |
-| 🔄 | **v1.9.3**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
+|    🔄     | **v1.10.3**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.10.3             |
-| 🔄 | **v1.9.1**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
+|    🔄     | **v1.10.2**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.10.2             |
-| 🔄 | **v1.9.0**            | 1.28, 1.27, 1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*                        |
+|    🔄     | **v1.10.1**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.19.1         | 1.25.3        | 4.10.1             |
 |    🔄     | **v1.10.0**           | 1.29, 1.28, 1.27, 1.26        | 3.19.1         | 1.25.3        | 4.10.0             |
 |           | v1.9.6                | 1.29, 1.28, 1.27, 1.26, 1.25  | 3.19.0         | 1.21.6        | 4.9.1              |
 |           | v1.9.5                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.9.0              |
 |           | v1.9.4                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3              |
 |           | v1.9.3                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*              |
 |           | v1.9.1                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*              |
 |           | v1.9.0                | 1.28, 1.27, 1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*              |
 |           | v1.8.4                | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*              |
 |           | v1.7.1                | 1.27, 1.26, 1.25, 1.24        | 3.17.2         | 1.21.6        | 4.6.*              |
 |           | v1.6.4                | 1.26, 1.25, 1.24, 1.23        | 3.17.0         | 1.21.6        | 4.5.*              |
@ -61,7 +67,6 @@ Thanks for taking the time to join our community and start contributing!
 - This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md).
  By participating in this project, you agree to abide by its terms.
 - **Contributing**: Contributions of all kinds are welcome!
  - Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we
@ -70,8 +75,8 @@ Thanks for taking the time to join our community and start contributing!
  - Submit GitHub issues for any feature enhancements, bugs, or documentation problems.
    - Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**.
  - Join our [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
 - **Support**:
  - Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users.
  - The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests.
  - **Discuss**: Tweet using the `#IngressNginx` hashtag or sharing with us [@IngressNginx](https://twitter.com/IngressNGINX).
--- a/2
+++ b/2
@ -9,6 +9,6 @@
 #
 # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
 # INSTRUCTIONS AT https://kubernetes.io/security/
-bowei
+Gacko
 rikatz
 strongjz
--- a/build/dev-env.sh
+++ b/build/dev-env.sh
@ -64,7 +64,7 @@ echo "[dev-env] building image"
 make build image
 docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}"
-export K8S_VERSION=${K8S_VERSION:-v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f}
+export K8S_VERSION=${K8S_VERSION:-v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245}
 KIND_CLUSTER_NAME="ingress-nginx-dev"
--- a/build/run-in-docker.sh
+++ b/build/run-in-docker.sh
@ -44,7 +44,7 @@ function cleanup {
 }
 trap cleanup EXIT
-E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240126-760bf8eb@sha256:5e676bf2e5d5d035adfc6e093abee040af08327011e72fef640fa20da73cea2e}
+E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240812-3f0129aa@sha256:95c2aaf2a66e8cbbf7a7453046f3b024383c273a0988efab841cd96116afd1a9}
 if [[ "$RUNTIME" == podman ]]; then
  # Podman does not support both tag and digest
@ -82,7 +82,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
  echo "..reached DIND check TRUE block, inside run-in-docker.sh"
  echo "FLAGS=$FLAGS"
  #go env
-  go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.15.0
+  go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.20.0
  find / -type f -name ginkgo 2>/dev/null
  which ginkgo
  /bin/bash -c "${FLAGS}"
--- a/changelog/controller-1.10.1.md
+++ b/changelog/controller-1.10.1.md
@ -0,0 +1,57 @@
 # Changelog
 ### controller-v1.10.1
 Images:
 * registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e
 * registry.k8s.io/ingress-nginx/controller-chroot:v1.10.1@sha256:c155954116b397163c88afcb3252462771bd7867017e8a17623e83601bab7ac7
 ### All changes:
 * start 1.10.1 build (#11246)
 * force nginx rebuild (#11245)
 * update k8s version to latest kind release (#11241)
 * remove _ssl_expire_time_seconds metric by identifier (#11239)
 * update post submit helm ci and clean up (#11221)
 * Chart: Add unit tests for default backend & topology spread constraints. (#11219)
 * sort default backend hpa metrics (#11217)
 * updated certgen image shatag (#11216)
 * changed testrunner image sha (#11211)
 * bumped certgeimage tag (#11213)
 * updated baseimage & deleted a useless file (#11209)
 * bump ginkgo to 2-17-1 in testrunner (#11204)
 * chunking related faq update (#11205)
 * Fix-semver (#11199)
 * refactor helm ci tests part I (#11188)
 * Proposal: e2e tests for regex patterns (#11185)
 * bump ginkgo to v2.17.1 (#11186)
 * fixes brotli build issue (#11187)
 * fix geoip2 configuration docs (#11151)
 * Fix typos in OTel doc (#11081) (#11129)
 * Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
 * Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
 * Chart: Align HPA & KEDA conditions. (#11113)
 * Chart: Improve IngressClass documentation. (#11111)
 * Chart: Add Gacko to maintainers. Again. (#11112)
 * Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
 * Chores: Pick patches from main. (#11103)
 ### Dependency updates:
 * Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
 * Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
 * Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
 * Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
 * Bump github.com/prometheus/client_model in the all group (#11231)
 * Bump the all group with 3 updates (#11230)
 * Bump the all group with 2 updates (#11190)
 * Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
 * Bump the all group with 3 updates (#11166)
 * Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
 * Bump the all group with 4 updates (#11140)
 * Bump the all group with 1 update (#11136)
 * Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
 * Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
 * Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)
--- a/changelog/controller-1.10.2.md
+++ b/changelog/controller-1.10.2.md
@ -0,0 +1,130 @@
 # Changelog
 ### controller-v1.10.2
 Images:
 * registry.k8s.io/ingress-nginx/controller:v1.10.2@sha256:e3311b3d9671bc52d90572bcbfb7ee5b71c985d6d6cffd445c241f1e2703363c
 * registry.k8s.io/ingress-nginx/controller-chroot:v1.10.2@sha256:c4395cba98f9721e3381d3c06e7994371bae20f5ab30e457cd7debe44a8c8c54
 ### All changes:
 * update test runner to latest build (#11557)
 * add k8s 1.30 to ci build (#11553)
 * update test runner go base to 3.20 (#11550)
 * tag new test runner image with new nginx base 0.0.8 (#11549)
 * bump NGINX_BASE to v0.0.8 (#11543)
 * trigger build for NGINX-1.25 v0.0.8 (#11542)
 * Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11548)
 * [feature] bump nginx to 1.25.5 and add http3 module (#11541)
 * add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11534)
 * bump alpine version to 3.20 to custom-error-pages (#11537)
 * fix: Ensure changes in MatchCN annotation are detected (#11528)
 * Docs: Add information about HTTP/3 support. (#11525)
 * Docs: Specify `ingressClass` for multi-controller setup. (#11520)
 * Docs: Improve default certificate usage. (#11519)
 * docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11500)
 * Update getting-started.md with new prerequisites (#11487)
 * Fix boolean configuration (#11484)
 * Chores: Align security contacts & chart maintainers to actual owners. (#11480)
 * CI: Bump forgotten Ginkgo versions. (#11469)
 * Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11468)
 * Owners: Promote Gacko to admin. (#11464)
 * fixed fastcgi userguide (#11455)
 * Remove unnecessary space character (#11451)
 * fix for docs issue 11432 (#11446)
 * Update index.md (#11445)
 * upgrade to alpine 3.20 (#11438)
 * update golang to 1.22.4 (#11431)
 * Adapt dashboards for Grafana 11 compatibility (#11414)
 * Rename variable to fix typo (#11413)
 * Fix helm install on cloud provider admonition block (#11412)
 * edited helm-install tips (#11411)
 * added info for aws helm install (#11410)
 * added multiplecontrollers-howto to faq (#11409)
 * removed tlsv1 & tlsv1.1 (#11408)
 * Docs: Remove opentracing and zipkin from docs (#11405)
 * Go: Sync modules from `main`. (#11398)
 * add workflow to helm release and update ct for branch (#11317)
 * Merge pull request #11277 from strongjz/chart-1.10.1 (#11314)
 * Release Helm Chart on branch update (#11306)
 * Release controller 1.10.1 (#11298)
 * fix path in file changed detected message (#11286)
 * chore: fix function names in comment (#11281)
 * fix: update kube version requirement to 1.21 (#11279)
 * release helm chart from release branch (#11278)
 * start 1.10.1 build (#11246)
 * force nginx rebuild (#11245)
 * update k8s version to latest kind release (#11241)
 * remove _ssl_expire_time_seconds metric by identifier (#11239)
 * update post submit helm ci and clean up (#11221)
 * Chart: Add unit tests for default backend & topology spread constraints. (#11219)
 * sort default backend hpa metrics (#11217)
 * updated certgen image shatag (#11216)
 * changed testrunner image sha (#11211)
 * bumped certgeimage tag (#11213)
 * updated baseimage & deleted a useless file (#11209)
 * bump ginkgo to 2-17-1 in testrunner (#11204)
 * chunking related faq update (#11205)
 * Fix-semver (#11199)
 * refactor helm ci tests part I (#11188)
 * Proposal: e2e tests for regex patterns (#11185)
 * bump ginkgo to v2.17.1 (#11186)
 * fixes brotli build issue (#11187)
 * fix geoip2 configuration docs (#11151)
 * Fix typos in OTel doc (#11081) (#11129)
 * Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
 * Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
 * Chart: Align HPA & KEDA conditions. (#11113)
 * Chart: Improve IngressClass documentation. (#11111)
 * Chart: Add Gacko to maintainers. Again. (#11112)
 * Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
 * Chores: Pick patches from main. (#11103)
 * Start the release of v1.10.0 (#11038)
 ### Dependency updates:
 * Bump the all group with 2 updates (#11524)
 * Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11521)
 * Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11501)
 * Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11479)
 * Bump the all group with 3 updates (#11478)
 * Bump the all group with 2 updates (#11477)
 * Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11471)
 * Bump sigs.k8s.io/controller-runtime in the all group (#11449)
 * Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11447)
 * Bump the all group with 3 updates (#11450)
 * Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11448)
 * Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11422)
 * Bump the all group with 2 updates (#11421)
 * Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11423)
 * Bump the all group across 1 directory with 6 updates (#11407)
 * Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11406)
 * Bump the all group with 3 updates (#11404)
 * Bump Kubernetes version on images (#11403)
 * Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11402)
 * Bump the all group with 4 updates (#11380)
 * Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11301)
 * Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11300)
 * Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11285)
 * Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11284)
 * Bump the all group with 2 updates (#11266)
 * Bump azure/setup-helm from 3.5 to 4 (#11265)
 * Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11264)
 * Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
 * Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
 * Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
 * Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
 * Bump github.com/prometheus/client_model in the all group (#11231)
 * Bump the all group with 3 updates (#11230)
 * Bump the all group with 2 updates (#11190)
 * Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
 * Bump the all group with 3 updates (#11166)
 * Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
 * Bump the all group with 4 updates (#11140)
 * Bump the all group with 1 update (#11136)
 * Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
 * Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
 * Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.1...controller-v1.10.2
--- a/changelog/controller-1.10.3.md
+++ b/changelog/controller-1.10.3.md
@ -0,0 +1,37 @@
 # Changelog
 ### controller-v1.10.3
 Images:
 * registry.k8s.io/ingress-nginx/controller:v1.10.3@sha256:b5a5082f8e508cc1aac1c0ef101dc2f87b63d51598a5747d81d6cf6e7ba058fd
 * registry.k8s.io/ingress-nginx/controller-chroot:v1.10.3@sha256:9033e04bd3cd01f92414f8d5999c5095734d4caceb4923942298152a38373d4b
 ### All changes:
 * Images: Trigger `controller` v1.10.3 build. (#11648)
 * Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11646)
 * Images: Re-run `test-runner` build. (#11643)
 * Images: Trigger `test-runner` build. (#11639)
 * Images: Bump `NGINX_BASE` to v0.0.10. (#11637)
 * Images: Trigger NGINX build. (#11631)
 * bump testing runner (#11626)
 * remove modsecurity coreruleset test files from nginx image (#11619)
 * unskip the ocsp tests and update images to fix cfssl bug (#11615)
 * Fix indent in YAML for example pod (#11609)
 * Images: Bump `test-runner`. (#11604)
 * Images: Bump `NGINX_BASE` to v0.0.9. (#11601)
 * revert module upgrade (#11595)
 * README: Fix support matrix. (#11593)
 * Mage: Stop mutating release notes. (#11582)
 * Images: Bump `kube-webhook-certgen`. (#11583)
 ### Dependency updates:
 * Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11622)
 * Bump the all group with 5 updates (#11613)
 * Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11579)
 * Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11577)
 * Bump the all group with 4 updates (#11574)
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.10.3
--- a/changelog/controller-1.10.4.md
+++ b/changelog/controller-1.10.4.md
@ -0,0 +1,53 @@
 # Changelog
 ### controller-v1.10.4
 Images:
 * registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
 * registry.k8s.io/ingress-nginx/controller-chroot:v1.10.4@sha256:bf71acf6e71830a4470e2183e3bc93c4f006b954f8a05fb434242ef0f8a24858
 ### All changes:
 * Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11811)
 * Images: Trigger controller build. (#11808)
 * Tests & Docs: Bump images. (#11804)
 * Images: Trigger failed builds. (#11801)
 * Images: Trigger other builds. (#11797)
 * Controller: Fix panic in alternative backend merging. (#11793)
 * Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11791)
 * Images: Trigger `test-runner` build. (#11786)
 * Images: Bump `NGINX_BASE` to v0.0.12. (#11783)
 * Images: Trigger NGINX build. (#11780)
 * Cloud Build: Add missing config, remove unused ones. (#11776)
 * Generate correct output on NumCPU() when using cgroups2 (#11775)
 * Cloud Build: Tweak timeouts. (#11762)
 * Cloud Build: Fix substitutions. (#11759)
 * Cloud Build: Some chores. (#11756)
 * Go: Bump to v1.22.6. (#11748)
 * Images: Bump `NGINX_BASE` to v0.0.11. (#11744)
 * Images: Trigger NGINX build. (#11736)
 * docs: update OpenSSL Roadmap link (#11734)
 * Go: Bump to v1.22.5. (#11731)
 * Docs: Fix typo in AWS LB Controller reference (#11724)
 * Perform some cleaning operations on line breaks. (#11722)
 * Missing anchors in regular expression. (#11718)
 * Docs: Fix `from-to-www` redirect description. (#11715)
 * Chart: Remove `isControllerTagValid`. (#11714)
 * Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11704)
 * Docs: Clarify `from-to-www` redirect direction. (#11692)
 * added real-client-ip faq (#11665)
 * Docs: Format NGINX configuration table. (#11660)
 ### Dependency updates:
 * Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11772)
 * Bump the all group with 2 updates (#11770)
 * Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11768)
 * Bump the all group with 3 updates (#11729)
 * Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11700)
 * Bump the all group with 2 updates (#11697)
 * Bump the all group with 4 updates (#11676)
 * Bump the all group with 2 updates (#11674)
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.3...controller-v1.10.4
--- a/changelog/controller-1.11.0.md
+++ b/changelog/controller-1.11.0.md
@ -0,0 +1,164 @@
 # Changelog
 ### controller-v1.11.0
 Images:
 * registry.k8s.io/ingress-nginx/controller:v1.11.0@sha256:a886e56d532d1388c77c8340261149d974370edca1093af4c97a96fb1467cb39
 * registry.k8s.io/ingress-nginx/controller-chroot:v1.11.0@sha256:f16dfed1c94d216b65e5dcb7508ab46148641a99649c5a700749db6f01a7039e
 ### All changes:
 * update test runner to latest build (#11558)
 * add k8s 1.30 to ci build (#11554)
 * update test runner go base to 3.20 (#11552)
 * tag new test runner image with new nginx base 0.0.8 (#11551)
 * bump NGINX_BASE to v0.0.8 (#11544)
 * add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
 * trigger build for NGINX-1.25 v0.0.8 (#11539)
 * bump alpine version to 3.20 to custom-error-pages (#11538)
 * fix: Ensure changes in MatchCN annotation are detected (#11529)
 * Docs: Add information about HTTP/3 support. (#11513)
 * Docs: Specify `ingressClass` for multi-controller setup. (#11493)
 * Docs: Improve default certificate usage. (#11504)
 * Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11511)
 * docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11495)
 * Update getting-started.md with new prerequisites (#11486)
 * [feature] bump nginx to 1.25.5 and add http3 module (#11470)
 * Fix boolean configuration (#11483)
 * Chores: Align security contacts & chart maintainers to actual owners. (#11465)
 * CI: Bump forgotten Ginkgo versions. (#11467)
 * Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11462)
 * Owners: Promote Gacko to admin. (#11463)
 * Chart: Make pod affinity templatable. (#11453)
 * fixed fastcgi userguide (#11454)
 * Remove unnecessary space character (#11434)
 * upgrade to alpine 3.20 (#11428)
 * fix for docs issue 11432 (#11433)
 * Update index.md (#11437)
 * update golang to 1.22.4 (#11427)
 * Chart: Fix `IngressClass` annotations. (#11416)
 * Chart: Make admission webhook patch job RBAC configurable. (#11376)
 * Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
 * Chart: Remove `controller.enableWorkerSerialReloads`. (#11400)
 * Adapt dashboards for Grafana 11 compatibility (#11399)
 * Rename variable to fix typo (#11395)
 * Fix helm install on cloud provider admonition block (#11394)
 * edited helm-install tips (#11393)
 * added info for aws helm install (#11390)
 * added multiplecontrollers-howto to faq (#11389)
 * removed tlsv1 & tlsv1.1 (#11343)
 * feat: Add grpc timeouts annotations (#11258)
 * sfix position of options (#11379)
 * add workflow to helm release and update ct for branch (#11378)
 * Accept user defined annotations in IngressClass (#11362)
 * Docs: Remove opentracing and zipkin from docs (#11361)
 * Allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads which can lead to high resource usage and OOMKill (#10884)
 * chore(deps): group update k8s.io packages to v0.30.0 (#11344)
 * Fix function name in comment (#11296)
 * fix path in file changed detected message (#11271)
 * chore: fix function names in comment (#11280)
 * fix: update kube version requirement to 1.21 (#11275)
 * release helm chart from release branch (#11276)
 * update k8s version to latest kind release (#11240)
 * feat: add annotation to allow to add custom response headers (#9742)
 * remove _ssl_expire_time_seconds metric by identifier (#9706)
 * update post submit helm ci and clean up (#11220)
 * Chart: Add unit tests for default backend & topology spread constraints. (#11218)
 * sort default backend hpa metrics (#11215)
 * updated certgen image shatag (#11214)
 * feature(default_backend): topologySpreadConstraints on default backend (#11197)
 * bumped certgeimage tag (#11212)
 * changed testrunner image sha (#11207)
 * updated baseimage & deleted a useless file (#11208)
 * Chart: Make `controller.config` templatable. (#11181)
 * chunking related faq update (#11196)
 * bump ginkgo to 2-17-1 in testrunner (#11202)
 * Owners: Promote Gacko to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`. (#11165)
 * Fix-semver (#11193)
 * refactor helm ci tests part I (#11178)
 * fixes brotli build issue (#10484)
 * bump ginkgo to v2.17.1 (#11177)
 * Proposal: e2e tests for regex patterns (#11174)
 * Controller: Make Leader Election TTL configurable. (#11142)
 * Chores: Remove recently added whitespaces. (#11156)
 * Add GRPC Buffer Size to the Configmap (#11155)
 * fix geoip2 configuration docs (#11150)
 * feature(geoip2_autoreload): Enable GeoIP2 auto_reload config  (#11079)
 * Chart: Add IngressClass aliases. (#11109)
 * Fix typos in OTel doc (#11081)
 * Chart: Render `controller.ingressClassResource.parameters` natively. (#11108)
 * Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11089)
 * Chart: Align HPA & KEDA conditions. (#11110)
 * Chart: Add Gacko to maintainers. Again. (#11107)
 * Chart: Improve IngressClass documentation. (#11104)
 * Chart: Deploy `PodDisruptionBudget` with KEDA. (#11032)
 * Undo #11062 since it breaks the nginx config (#11082)
 * [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled (#11062)
 * golangci-lint update, ci cleanup, group dependabot updates (#11071)
 * bump golang (#11070)
 * feature(leader_election): flag to disable leader election feature on controller (#11064)
 * docs: update the 404 link to FAQ (#11069)
 * Update README.md (#11065)
 * quotes around numbers fort ports definitions (#11052)
 ### Dependency updates:
 * Bump the all group with 2 updates (#11523)
 * Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11499)
 * Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11497)
 * Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11475)
 * Bump the all group with 3 updates (#11474)
 * Bump the all group with 2 updates (#11476)
 * Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11442)
 * Bump the all group with 3 updates (#11443)
 * Bump sigs.k8s.io/controller-runtime in the all group (#11440)
 * Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11444)
 * Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11441)
 * Bump the all group with 2 updates (#11419)
 * Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11418)
 * Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11417)
 * Bump the all group across 1 directory with 3 updates (#11384)
 * Bump the all group across 1 directory with 6 updates (#11383)
 * Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#11357)
 * Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11355)
 * Bump the all group with 3 updates (#11348)
 * Bump Kubernetes version on images (#11346)
 * Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.18.1 (#11345)
 * Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11328)
 * Bump the all group with 4 updates (#11327)
 * Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11291)
 * Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11290)
 * Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11282)
 * Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11283)
 * Bump the all group with 2 updates (#11261)
 * Bump azure/setup-helm from 3.5 to 4 (#11263)
 * Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11262)
 * Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11237)
 * Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11228)
 * Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11227)
 * Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11229)
 * Bump github.com/prometheus/client_model in the all group (#11226)
 * Bump the all group with 3 updates (#11225)
 * Bump the all group with 2 updates (#11183)
 * Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11184)
 * Bump the all group with 3 updates (#11157)
 * Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11159)
 * Bump the all group with 4 updates (#11133)
 * Bump the all group with 1 update (#11134)
 * Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11119)
 * Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11121)
 * Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11120)
 * Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 (#11076)
 * Bump the all group with 1 update (#11073)
 * Bump the all group with 1 update (#11072)
 * Bump github.com/prometheus/common from 0.49.0 to 0.50.0 (#11075)
 * Bump actions/download-artifact from 4.1.2 to 4.1.4 (#11059)
 * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#11055)
 * Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#11057)
 * Bump github.com/prometheus/common from 0.48.0 to 0.49.0 (#11056)
 * Bump github/codeql-action from 3.24.5 to 3.24.6 (#11060)
 * Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#11058)
 * Bump dorny/paths-filter from 3.0.1 to 3.0.2 (#11061)
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.11.0
--- a/changelog/controller-1.11.1.md
+++ b/changelog/controller-1.11.1.md
@ -0,0 +1,45 @@
 # Changelog
 ### controller-v1.11.1
 Images:
 * registry.k8s.io/ingress-nginx/controller:v1.11.1@sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a
 * registry.k8s.io/ingress-nginx/controller-chroot:v1.11.1@sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
 ### All changes:
 * Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11647)
 * Images: Re-run `test-runner` build. (#11644)
 * Images: Trigger `test-runner` build. (#11640)
 * Images: Bump `NGINX_BASE` to v0.0.10. (#11638)
 * Images: Trigger NGINX build. (#11632)
 * bump testing runner (#11627)
 * remove modsecurity coreruleset test files from nginx image (#11620)
 * unskip the ocsp tests and update images to fix cfssl bug (#11616)
 * Fix indent in YAML for example pod (#11610)
 * Images: Bump `test-runner`. (#11605)
 * Images: Bump `NGINX_BASE` to v0.0.9. (#11602)
 * revert module upgrade (#11597)
 * Release: Apply changes from `main`. (#11589)
 * Mage: Stop mutating release notes. (#11581)
 * Images: Bump `kube-webhook-certgen`. (#11584)
 * update test runner to latest build (#11558)
 * add k8s 1.30 to ci build (#11554)
 * update test runner go base to 3.20 (#11552)
 * tag new test runner image with new nginx base 0.0.8 (#11551)
 * bump NGINX_BASE to v0.0.8 (#11544)
 * add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
 * trigger build for NGINX-1.25 v0.0.8 (#11539)
 * bump alpine version to 3.20 to custom-error-pages (#11538)
 * fix: Ensure changes in MatchCN annotation are detected (#11529)
 ### Dependency updates:
 * Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11621)
 * Bump the all group with 5 updates (#11614)
 * Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11580)
 * Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11576)
 * Bump the all group with 4 updates (#11575)
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.11.1
--- a/changelog/controller-1.11.2.md
+++ b/changelog/controller-1.11.2.md
@ -0,0 +1,54 @@
 # Changelog
 ### controller-v1.11.2
 Images:
 * registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
 * registry.k8s.io/ingress-nginx/controller-chroot:v1.11.2@sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8
 ### All changes:
 * Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11812)
 * Images: Trigger controller build. (#11807)
 * Tests & Docs: Bump images. (#11805)
 * Images: Trigger failed builds. (#11802)
 * Images: Trigger other builds. (#11798)
 * Controller: Fix panic in alternative backend merging. (#11794)
 * Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11792)
 * Images: Trigger `test-runner` build. (#11787)
 * Images: Bump `NGINX_BASE` to v0.0.12. (#11784)
 * Images: Trigger NGINX build. (#11781)
 * Cloud Build: Add missing config, remove unused ones. (#11777)
 * Generate correct output on NumCPU() when using cgroups2 (#11778)
 * Cloud Build: Tweak timeouts. (#11763)
 * Cloud Build: Fix substitutions. (#11760)
 * Cloud Build: Some chores. (#11757)
 * Go: Bump to v1.22.6. (#11749)
 * Images: Bump `NGINX_BASE` to v0.0.11. (#11743)
 * Images: Trigger NGINX build. (#11737)
 * docs: update OpenSSL Roadmap link (#11733)
 * Go: Bump to v1.22.5. (#11732)
 * Docs: Fix typo in AWS LB Controller reference (#11725)
 * Perform some cleaning operations on line breaks. (#11721)
 * Missing anchors in regular expression. (#11719)
 * Docs: Fix `from-to-www` redirect description. (#11716)
 * Chart: Remove `isControllerTagValid`. (#11713)
 * Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11705)
 * Docs: Clarify `from-to-www` redirect direction. (#11693)
 * added real-client-ip faq (#11664)
 * Docs: Format NGINX configuration table. (#11662)
 * Docs: Update version in `deploy/index.md`. (#11652)
 ### Dependency updates:
 * Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11773)
 * Bump the all group with 2 updates (#11771)
 * Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11769)
 * Bump the all group with 3 updates (#11728)
 * Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11701)
 * Bump the all group with 2 updates (#11698)
 * Bump the all group with 4 updates (#11677)
 * Bump the all group with 2 updates (#11675)
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.1...controller-v1.11.2
--- a/charts/ingress-nginx/Chart.yaml
+++ b/charts/ingress-nginx/Chart.yaml
@ -1,9 +1,9 @@
 annotations:
-  artifacthub.io/changes: |-
+  artifacthub.io/changes: |
-    - "Update Ingress-Nginx version controller-v1.10.0"
+    - Update Ingress-Nginx version controller-v1.11.2
  artifacthub.io/prerelease: "false"
 apiVersion: v2
-appVersion: 1.10.0
+appVersion: 1.11.2
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
  load balancer
 home: https://github.com/kubernetes/ingress-nginx
@ -11,13 +11,15 @@ icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/5
 keywords:
 - ingress
 - nginx
-kubeVersion: '>=1.20.0-0'
+kubeVersion: '>=1.21.0-0'
 maintainers:
 - name: cpanato
 - name: Gacko
 - name: puerco
 - name: rikatz
 - name: strongjz
 - name: tao12345666333
 name: ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
-version: 4.10.0
+version: 4.11.2
--- a/charts/ingress-nginx/OWNERS
+++ b/charts/ingress-nginx/OWNERS
@ -1,4 +1,4 @@
-# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
 approvers:
 - ingress-nginx-helm-maintainers
--- a/charts/ingress-nginx/README.md
+++ b/charts/ingress-nginx/README.md
@ -2,7 +2,7 @@
 [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
-![Version: 4.10.0](https://img.shields.io/badge/Version-4.10.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square)
+![Version: 4.11.2](https://img.shields.io/badge/Version-4.11.2-informational?style=flat-square) ![AppVersion: 1.11.2](https://img.shields.io/badge/AppVersion-1.11.2-informational?style=flat-square)
 To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
@ -10,7 +10,7 @@ This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kuber
 ## Requirements
-Kubernetes: `>=1.20.0-0`
+Kubernetes: `>=1.21.0-0`
 ## Get Repo Info
@ -242,7 +242,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` |  |
 | controller.admissionWebhooks.createSecretJob.name | string | `"create"` |  |
 | controller.admissionWebhooks.createSecretJob.resources | object | `{}` |  |
-| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
+| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
 | controller.admissionWebhooks.enabled | bool | `true` |  |
 | controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one |
 | controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set |
@ -253,21 +253,27 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.admissionWebhooks.namespaceSelector | object | `{}` |  |
 | controller.admissionWebhooks.objectSelector | object | `{}` |  |
 | controller.admissionWebhooks.patch.enabled | bool | `true` |  |
-| controller.admissionWebhooks.patch.image.digest | string | `"sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334"` |  |
+| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3"` |  |
 | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` |  |
 | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` |  |
-| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.0"` |  |
+| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.3"` |  |
 | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
 | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
 | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
 | controller.admissionWebhooks.patch.podAnnotations | object | `{}` |  |
 | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
 | controller.admissionWebhooks.patch.rbac | object | `{"create":true}` | Admission webhook patch job RBAC |
 | controller.admissionWebhooks.patch.rbac.create | bool | `true` | Create RBAC or not |
 | controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods |
 | controller.admissionWebhooks.patch.serviceAccount | object | `{"automountServiceAccountToken":true,"create":true,"name":""}` | Admission webhook patch job service account |
 | controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token or not |
 | controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not |
 | controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name |
 | controller.admissionWebhooks.patch.tolerations | list | `[]` |  |
 | controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` |  |
 | controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` |  |
-| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
+| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
 | controller.admissionWebhooks.port | int | `8443` |  |
 | controller.admissionWebhooks.service.annotations | object | `{}` |  |
 | controller.admissionWebhooks.service.externalIPs | list | `[]` |  |
@ -285,7 +291,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.autoscaling.targetCPUUtilizationPercentage | int | `50` |  |
 | controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` |  |
 | controller.autoscalingTemplate | list | `[]` |  |
-| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
+| controller.config | object | `{}` | Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
 | controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
 | controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
 | controller.containerName | string | `"controller"` | Configures the controller container name |
@ -297,6 +303,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
 | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
 | controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |
 | controller.electionTTL | string | `""` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) |
 | controller.enableAnnotationValidations | bool | `false` |  |
 | controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # |
 | controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" Defaults to false |
@ -318,20 +325,22 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
 | controller.image.allowPrivilegeEscalation | bool | `false` |  |
 | controller.image.chroot | bool | `false` |  |
-| controller.image.digest | string | `"sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c"` |  |
+| controller.image.digest | string | `"sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce"` |  |
-| controller.image.digestChroot | string | `"sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096"` |  |
+| controller.image.digestChroot | string | `"sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8"` |  |
 | controller.image.image | string | `"ingress-nginx/controller"` |  |
 | controller.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.image.readOnlyRootFilesystem | bool | `false` |  |
 | controller.image.registry | string | `"registry.k8s.io"` |  |
 | controller.image.runAsGroup | int | `82` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
 | controller.image.runAsNonRoot | bool | `true` |  |
-| controller.image.runAsUser | int | `101` |  |
+| controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
 | controller.image.seccompProfile.type | string | `"RuntimeDefault"` |  |
-| controller.image.tag | string | `"v1.10.0"` |  |
+| controller.image.tag | string | `"v1.11.2"` |  |
 | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
 | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
-| controller.ingressClassResource | object | `{"aliases":[],"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
+| controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
 | controller.ingressClassResource.aliases | list | `[]` | Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. Useful for development environments with only one Ingress Controller but production-like Ingress resources. `default` gets enabled on the original IngressClass only. |
 | controller.ingressClassResource.annotations | object | `{}` | Annotations to be added to the IngressClass resource. |
 | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
 | controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class |
 | controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not |
@ -388,15 +397,16 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
 | controller.opentelemetry.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | controller.opentelemetry.containerSecurityContext.readOnlyRootFilesystem | bool | `true` |  |
 | controller.opentelemetry.containerSecurityContext.runAsGroup | int | `65532` |  |
 | controller.opentelemetry.containerSecurityContext.runAsNonRoot | bool | `true` |  |
 | controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
 | controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | controller.opentelemetry.enabled | bool | `false` |  |
-| controller.opentelemetry.image.digest | string | `"sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` |  |
+| controller.opentelemetry.image.digest | string | `"sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922"` |  |
 | controller.opentelemetry.image.distroless | bool | `true` |  |
-| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry"` |  |
+| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry-1.25.3"` |  |
 | controller.opentelemetry.image.registry | string | `"registry.k8s.io"` |  |
-| controller.opentelemetry.image.tag | string | `"v20230721-3e2062ee5"` |  |
+| controller.opentelemetry.image.tag | string | `"v20240813-b933310d"` |  |
 | controller.opentelemetry.name | string | `"opentelemetry"` |  |
 | controller.opentelemetry.resources | object | `{}` |  |
 | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
@ -477,7 +487,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) |
 | controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
 | controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false |
-| defaultBackend.affinity | object | `{}` |  |
+| defaultBackend.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
 | defaultBackend.autoscaling.annotations | object | `{}` |  |
 | defaultBackend.autoscaling.enabled | bool | `false` |  |
 | defaultBackend.autoscaling.maxReplicas | int | `2` |  |
@ -497,6 +507,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | defaultBackend.image.pullPolicy | string | `"IfNotPresent"` |  |
 | defaultBackend.image.readOnlyRootFilesystem | bool | `true` |  |
 | defaultBackend.image.registry | string | `"registry.k8s.io"` |  |
 | defaultBackend.image.runAsGroup | int | `65534` |  |
 | defaultBackend.image.runAsNonRoot | bool | `true` |  |
 | defaultBackend.image.runAsUser | int | `65534` |  |
 | defaultBackend.image.seccompProfile.type | string | `"RuntimeDefault"` |  |
@ -533,6 +544,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | defaultBackend.serviceAccount.create | bool | `true` |  |
 | defaultBackend.serviceAccount.name | string | `""` |  |
 | defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
 | defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
 | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
 | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
 | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
--- a/charts/ingress-nginx/changelog/helm-chart-4.10.1.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.10.1.md
@ -0,0 +1,11 @@
 # Changelog
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 ### 4.10.1
 * - "update post submit helm ci and clean up (#11221)"
 * - "refactor helm ci tests part I (#11188)"
 * - "Update Ingress-Nginx version controller-v1.10.1"
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.0...helm-chart-4.10.1
--- a/charts/ingress-nginx/changelog/helm-chart-4.10.2.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.10.2.md
@ -0,0 +1,18 @@
 # Changelog
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 ### 4.10.2
 * Chores: Align security contacts & chart maintainers to actual owners. (#11480)
 * Fix helm install on cloud provider admonition block (#11412)
 * edited helm-install tips (#11411)
 * added info for aws helm install (#11410)
 * add workflow to helm release and update ct for branch (#11317)
 * Merge pull request #11277 from strongjz/chart-1.10.1 (#11314)
 * release helm chart from release branch (#11278)
 * update post submit helm ci and clean up (#11221)
 * refactor helm ci tests part I (#11188)
 * Update Ingress-Nginx version controller-v1.10.2
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.1...helm-chart-4.10.2
--- a/charts/ingress-nginx/changelog/helm-chart-4.10.3.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.10.3.md
@ -0,0 +1,9 @@
 # Changelog
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 ### 4.10.3
 * Update Ingress-Nginx version controller-v1.10.3
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.2...helm-chart-4.10.3
--- a/charts/ingress-nginx/changelog/helm-chart-4.10.4.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.10.4.md
@ -0,0 +1,9 @@
 # Changelog
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 ### 4.10.4
 * Update Ingress-Nginx version controller-v1.10.4
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.3...helm-chart-4.10.4
--- a/charts/ingress-nginx/changelog/helm-chart-4.11.0.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.11.0.md
@ -0,0 +1,18 @@
 # Changelog
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 ### 4.11.0
 * Chores: Align security contacts & chart maintainers to actual owners. (#11465)
 * Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
 * Fix helm install on cloud provider admonition block (#11394)
 * edited helm-install tips (#11393)
 * added info for aws helm install (#11390)
 * add workflow to helm release and update ct for branch (#11378)
 * release helm chart from release branch (#11276)
 * update post submit helm ci and clean up (#11220)
 * refactor helm ci tests part I (#11178)
 * Update Ingress-Nginx version controller-v1.11.0
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.2...helm-chart-4.11.0
--- a/charts/ingress-nginx/changelog/helm-chart-4.11.1.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.11.1.md
@ -0,0 +1,9 @@
 # Changelog
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 ### 4.11.1
 * Update Ingress-Nginx version controller-v1.11.1
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.11.1
--- a/charts/ingress-nginx/changelog/helm-chart-4.11.2.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.11.2.md
@ -0,0 +1,9 @@
 # Changelog
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 ### 4.11.2
 * Update Ingress-Nginx version controller-v1.11.2
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.1...helm-chart-4.11.2
--- a/charts/ingress-nginx/templates/_helpers.tpl
+++ b/charts/ingress-nginx/templates/_helpers.tpl
@ -47,6 +47,7 @@ Controller container security context.
 {{- else -}}
 runAsNonRoot: {{ .Values.controller.image.runAsNonRoot }}
 runAsUser: {{ .Values.controller.image.runAsUser }}
 runAsGroup: {{ .Values.controller.image.runAsGroup }}
 allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }}
 {{- if .Values.controller.image.seccompProfile }}
 seccompProfile: {{ toYaml .Values.controller.image.seccompProfile | nindent 2 }}
@ -167,6 +168,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.admissionWebhooks.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create the name of the admission webhook patch job service account to use
 */}}
 {{- define "ingress-nginx.admissionWebhooks.patch.serviceAccountName" -}}
 {{- if .Values.controller.admissionWebhooks.patch.serviceAccount.create -}}
    {{ default (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Create a default fully qualified admission webhook secret creation job name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@ -211,6 +223,7 @@ Default backend container security context.
 {{- else -}}
 runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
 runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
 runAsGroup: {{ .Values.defaultBackend.image.runAsGroup }}
 allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
 {{- if .Values.defaultBackend.image.seccompProfile }}
 seccompProfile: {{ toYaml .Values.defaultBackend.image.seccompProfile | nindent 2 }}
@ -233,15 +246,6 @@ Return the appropriate apiGroup for PodSecurityPolicy.
 {{- end -}}
 {{- end -}}
 {{/*
 Check the ingress controller version tag is at most three versions behind the last release
 */}}
 {{- define "isControllerTagValid" -}}
 {{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}}
 {{- fail "Controller container image tag should be 0.27.0 or higher" -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Extra modules.
 */}}
--- a/charts/ingress-nginx/templates/_params.tpl
+++ b/charts/ingress-nginx/templates/_params.tpl
@ -63,6 +63,9 @@
 {{- if .Values.controller.disableLeaderElection }}
 - --disable-leader-election=true
 {{- end }}
 {{- if .Values.controller.electionTTL }}
 - --election-ttl={{ .Values.controller.electionTTL }}
 {{- end }}
 {{- range $key, $value := .Values.controller.extraArgs }}
 {{- /* Accept keys without values or with false as value */}}
 {{- if eq ($value | quote | len) 2 }}
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -18,6 +18,6 @@ roleRef:
  name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
 subjects:
  - kind: ServiceAccount
-    name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
+    name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
    namespace: {{ include "ingress-nginx.namespace" . }}
 {{- end }}
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
@ -66,7 +66,7 @@ spec:
          resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }}
          {{- end }}
      restartPolicy: OnFailure
-      serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
+      serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
    {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
      nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
    {{- end }}
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@ -68,7 +68,7 @@ spec:
          resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }}
          {{- end }}
      restartPolicy: OnFailure
-      serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
+      serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
    {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
      nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
    {{- end }}
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@ -19,6 +19,6 @@ roleRef:
  name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
 subjects:
  - kind: ServiceAccount
-    name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
+    name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
    namespace: {{ include "ingress-nginx.namespace" . }}
 {{- end }}
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
@ -1,8 +1,8 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.serviceAccount.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
+  name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
  namespace: {{ include "ingress-nginx.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
@ -13,4 +13,5 @@ metadata:
    {{- with .Values.controller.admissionWebhooks.patch.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
 {{- end }}
--- a/charts/ingress-nginx/templates/controller-configmap.yaml
+++ b/charts/ingress-nginx/templates/controller-configmap.yaml
@ -24,5 +24,5 @@ data:
  ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }}
 {{- end }}
 {{- range $key, $value := .Values.controller.config }}
-  {{- $key | nindent 2 }}: {{ $value | quote }}
+  {{- $key | nindent 2 }}: {{ tpl (toString $value) $ | quote }}
 {{- end }}
--- a/charts/ingress-nginx/templates/controller-daemonset.yaml
+++ b/charts/ingress-nginx/templates/controller-daemonset.yaml
@ -1,5 +1,4 @@
 {{- if eq .Values.controller.kind "DaemonSet" -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@ -203,7 +202,7 @@ spec:
      tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.affinity }}
-      affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
+      affinity: {{ tpl (toYaml .Values.controller.affinity) $ | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.topologySpreadConstraints }}
      topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }}
--- a/charts/ingress-nginx/templates/controller-deployment.yaml
+++ b/charts/ingress-nginx/templates/controller-deployment.yaml
@ -1,5 +1,4 @@
 {{- if eq .Values.controller.kind "Deployment" -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -206,7 +205,7 @@ spec:
      tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.affinity }}
-      affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
+      affinity: {{ tpl (toYaml .Values.controller.affinity) $ | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.topologySpreadConstraints }}
      topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }}
--- a/charts/ingress-nginx/templates/controller-ingressclass-aliases.yaml
+++ b/charts/ingress-nginx/templates/controller-ingressclass-aliases.yaml
@ -11,6 +11,9 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ . }}
  {{- if $.Values.controller.ingressClassResource.annotations }}
  annotations: {{ toYaml $.Values.controller.ingressClassResource.annotations | nindent 4 }}
  {{- end }}
 spec:
  controller: {{ $.Values.controller.ingressClassResource.controllerValue }}
  {{- with $.Values.controller.ingressClassResource.parameters }}
--- a/charts/ingress-nginx/templates/controller-ingressclass.yaml
+++ b/charts/ingress-nginx/templates/controller-ingressclass.yaml
@ -9,10 +9,15 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ .Values.controller.ingressClassResource.name }}
-  {{- if .Values.controller.ingressClassResource.default }}
+  {{- if or .Values.controller.ingressClassResource.default .Values.controller.ingressClassResource.annotations }}
  annotations:
    {{- if .Values.controller.ingressClassResource.default }}
    ingressclass.kubernetes.io/is-default-class: "true"
    {{- end }}
    {{- if .Values.controller.ingressClassResource.annotations }}
    {{- toYaml .Values.controller.ingressClassResource.annotations | nindent 4 }}
    {{- end }}
  {{- end }}
 spec:
  controller: {{ .Values.controller.ingressClassResource.controllerValue }}
  {{- with .Values.controller.ingressClassResource.parameters }}
--- a/charts/ingress-nginx/templates/controller-service-internal.yaml
+++ b/charts/ingress-nginx/templates/controller-service-internal.yaml
@ -58,7 +58,7 @@ spec:
      port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
      appProtocol: http
    {{- end }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.http))) }}
@ -70,7 +70,7 @@ spec:
      port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
      appProtocol: https
    {{- end }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.https))) }}
--- a/charts/ingress-nginx/templates/controller-service-webhook.yaml
+++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml
@ -31,7 +31,7 @@ spec:
    - name: https-webhook
      port: 443
      targetPort: webhook
-    {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+    {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
      appProtocol: https
    {{- end }}
  selector:
--- a/charts/ingress-nginx/templates/controller-service.yaml
+++ b/charts/ingress-nginx/templates/controller-service.yaml
@ -58,7 +58,7 @@ spec:
      port: {{ .Values.controller.service.ports.http }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.http }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
      appProtocol: http
    {{- end }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
@ -70,7 +70,7 @@ spec:
      port: {{ .Values.controller.service.ports.https }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.https }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
      appProtocol: https
    {{- end }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
--- a/charts/ingress-nginx/templates/default-backend-deployment.yaml
+++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml
@ -107,7 +107,10 @@ spec:
      tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
    {{- end }}
    {{- if .Values.defaultBackend.affinity }}
-      affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
+      affinity: {{ tpl (toYaml .Values.defaultBackend.affinity) $ | nindent 8 }}
    {{- end }}
    {{- if .Values.defaultBackend.topologySpreadConstraints }}
      topologySpreadConstraints: {{ tpl (toYaml .Values.defaultBackend.topologySpreadConstraints) $ | nindent 8 }}
    {{- end }}
      terminationGracePeriodSeconds: 60
    {{- if .Values.defaultBackend.extraVolumes }}
--- a/charts/ingress-nginx/templates/default-backend-hpa.yaml
+++ b/charts/ingress-nginx/templates/default-backend-hpa.yaml
@ -21,14 +21,6 @@ spec:
  minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
  metrics:
  {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: {{ . }}
  {{- end }}
  {{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
  - type: Resource
    resource:
@ -37,4 +29,12 @@ spec:
        type: Utilization
        averageUtilization: {{ . }}
  {{- end }}
  {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: {{ . }}
  {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/templates/default-backend-service.yaml
+++ b/charts/ingress-nginx/templates/default-backend-service.yaml
@ -32,7 +32,7 @@ spec:
      port: {{ .Values.defaultBackend.service.servicePort }}
      protocol: TCP
      targetPort: http
-    {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+    {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
      appProtocol: http
    {{- end }}
  selector:
--- a/charts/ingress-nginx/tests/admission-webhooks/job-patch/clusterrole_test.yaml
+++ b/charts/ingress-nginx/tests/admission-webhooks/job-patch/clusterrole_test.yaml
@ -0,0 +1,11 @@
 suite: Admission Webhooks > Patch Job > ClusterRole
 templates:
  - admission-webhooks/job-patch/clusterrole.yaml
 tests:
  - it: should not create a ClusterRole if `controller.admissionWebhooks.patch.rbac.create` is false
    set:
      controller.admissionWebhooks.patch.rbac.create: false
    asserts:
      - hasDocuments:
          count: 0
--- a/charts/ingress-nginx/tests/admission-webhooks/job-patch/clusterrolebinding_test.yaml
+++ b/charts/ingress-nginx/tests/admission-webhooks/job-patch/clusterrolebinding_test.yaml
@ -0,0 +1,11 @@
 suite: Admission Webhooks > Patch Job > ClusterRoleBinding
 templates:
  - admission-webhooks/job-patch/clusterrolebinding.yaml
 tests:
  - it: should not create a ClusterRoleBinding if `controller.admissionWebhooks.patch.rbac.create` is false
    set:
      controller.admissionWebhooks.patch.rbac.create: false
    asserts:
      - hasDocuments:
          count: 0
--- a/charts/ingress-nginx/tests/admission-webhooks/job-patch/role_test.yaml
+++ b/charts/ingress-nginx/tests/admission-webhooks/job-patch/role_test.yaml
@ -0,0 +1,11 @@
 suite: Admission Webhooks > Patch Job > Role
 templates:
  - admission-webhooks/job-patch/role.yaml
 tests:
  - it: should not create a Role if `controller.admissionWebhooks.patch.rbac.create` is false
    set:
      controller.admissionWebhooks.patch.rbac.create: false
    asserts:
      - hasDocuments:
          count: 0
--- a/charts/ingress-nginx/tests/admission-webhooks/job-patch/rolebinding_test.yaml
+++ b/charts/ingress-nginx/tests/admission-webhooks/job-patch/rolebinding_test.yaml
@ -0,0 +1,11 @@
 suite: Admission Webhooks > Patch Job > RoleBinding
 templates:
  - admission-webhooks/job-patch/rolebinding.yaml
 tests:
  - it: should not create a RoleBinding if `controller.admissionWebhooks.patch.rbac.create` is false
    set:
      controller.admissionWebhooks.patch.rbac.create: false
    asserts:
      - hasDocuments:
          count: 0
--- a/charts/ingress-nginx/tests/admission-webhooks/job-patch/serviceaccount_test.yaml
+++ b/charts/ingress-nginx/tests/admission-webhooks/job-patch/serviceaccount_test.yaml
@ -0,0 +1,47 @@
 suite: Admission Webhooks > Patch Job > ServiceAccount
 templates:
  - admission-webhooks/job-patch/serviceaccount.yaml
 tests:
  - it: should not create a ServiceAccount if `controller.admissionWebhooks.patch.serviceAccount.create` is false
    set:
      controller.admissionWebhooks.patch.serviceAccount.create: false
    asserts:
      - hasDocuments:
          count: 0
  - it: should create a ServiceAccount if `controller.admissionWebhooks.patch.serviceAccount.create` is true
    set:
      controller.admissionWebhooks.patch.serviceAccount.create: true
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: ServiceAccount
      - equal:
          path: metadata.name
          value: ingress-nginx-admission
  - it: should create a ServiceAccount with specified name if `controller.admissionWebhooks.patch.serviceAccount.name` is set
    set:
      controller.admissionWebhooks.patch.serviceAccount.name: ingress-nginx-admission-test-sa
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: ServiceAccount
      - equal:
          path: metadata.name
          value: ingress-nginx-admission-test-sa
  - it: should create a ServiceAccount with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
    set:
      controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: ServiceAccount
      - equal:
          path: automountServiceAccountToken
          value: false
--- a/charts/ingress-nginx/tests/controller-configmap_test.yaml
+++ b/charts/ingress-nginx/tests/controller-configmap_test.yaml
@ -12,3 +12,20 @@ tests:
      - equal:
          path: metadata.name
          value: RELEASE-NAME-ingress-nginx-controller
  - it: should create a ConfigMap with templated values if `controller.config` contains templates
    set:
      controller.config:
        global-rate-limit-memcached-host: "memcached.{{ .Release.Namespace }}.svc.kubernetes.local"
        global-rate-limit-memcached-port: 11211
        use-gzip: true
    asserts:
      - equal:
          path: data.global-rate-limit-memcached-host
          value: memcached.NAMESPACE.svc.kubernetes.local
      - equal:
          path: data.global-rate-limit-memcached-port
          value: "11211"
      - equal:
          path: data.use-gzip
          value: "true"
--- a/charts/ingress-nginx/tests/controller-daemonset_test.yaml
+++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml
@ -54,3 +54,106 @@ tests:
      - equal:
          path: spec.template.spec.containers[0].resources.limits.memory
          value: 512Mi
  - it: should create a DaemonSet with topology spread constraints if `controller.topologySpreadConstraints` is set
    set:
      controller.kind: DaemonSet
      controller.topologySpreadConstraints:
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
              app.kubernetes.io/instance: '{{ .Release.Name }}'
              app.kubernetes.io/component: controller
          topologyKey: topology.kubernetes.io/zone
          maxSkew: 1
          whenUnsatisfiable: ScheduleAnyway
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
              app.kubernetes.io/instance: '{{ .Release.Name }}'
              app.kubernetes.io/component: controller
          topologyKey: kubernetes.io/hostname
          maxSkew: 1
          whenUnsatisfiable: ScheduleAnyway
    asserts:
      - equal:
          path: spec.template.spec.topologySpreadConstraints
          value:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: ingress-nginx
                  app.kubernetes.io/instance: RELEASE-NAME
                  app.kubernetes.io/component: controller
              topologyKey: topology.kubernetes.io/zone
              maxSkew: 1
              whenUnsatisfiable: ScheduleAnyway
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: ingress-nginx
                  app.kubernetes.io/instance: RELEASE-NAME
                  app.kubernetes.io/component: controller
              topologyKey: kubernetes.io/hostname
              maxSkew: 1
              whenUnsatisfiable: ScheduleAnyway
  - it: should create a DaemonSet with affinity if `controller.affinity` is set
    set:
      controller.kind: DaemonSet
      controller.affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - '{{ include "ingress-nginx.name" . }}'
                  - key: app.kubernetes.io/instance
                    operator: In
                    values:
                      - '{{ .Release.Name }}'
                  - key: app.kubernetes.io/component
                    operator: In
                    values:
                      - controller
              topologyKey: kubernetes.io/hostname
    asserts:
      - equal:
          path: spec.template.spec.affinity
          value:
            podAntiAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                - labelSelector:
                    matchExpressions:
                      - key: app.kubernetes.io/name
                        operator: In
                        values:
                          - ingress-nginx
                      - key: app.kubernetes.io/instance
                        operator: In
                        values:
                          - RELEASE-NAME
                      - key: app.kubernetes.io/component
                        operator: In
                        values:
                          - controller
                  topologyKey: kubernetes.io/hostname
  - it: should create a DaemonSet with `runAsGroup` if `controller.image.runAsGroup` is set
    set:
      controller.kind: DaemonSet
      controller.image.runAsGroup: 1000
    asserts:
      - equal:
          path: spec.template.spec.containers[0].securityContext.runAsGroup
          value: 1000
  - it: should create a DaemonSet with a custom tag if `controller.image.tag` is set
    set:
      controller.kind: DaemonSet
      controller.image.tag: my-little-custom-tag
      controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
    asserts:
      - equal:
          path: spec.template.spec.containers[0].image
          value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
--- a/charts/ingress-nginx/tests/controller-deployment_test.yaml
+++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml
@ -78,3 +78,102 @@ tests:
      - equal:
          path: spec.template.spec.containers[0].resources.limits.memory
          value: 512Mi
  - it: should create a Deployment with topology spread constraints if `controller.topologySpreadConstraints` is set
    set:
      controller.topologySpreadConstraints:
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
              app.kubernetes.io/instance: '{{ .Release.Name }}'
              app.kubernetes.io/component: controller
          topologyKey: topology.kubernetes.io/zone
          maxSkew: 1
          whenUnsatisfiable: ScheduleAnyway
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
              app.kubernetes.io/instance: '{{ .Release.Name }}'
              app.kubernetes.io/component: controller
          topologyKey: kubernetes.io/hostname
          maxSkew: 1
          whenUnsatisfiable: ScheduleAnyway
    asserts:
      - equal:
          path: spec.template.spec.topologySpreadConstraints
          value:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: ingress-nginx
                  app.kubernetes.io/instance: RELEASE-NAME
                  app.kubernetes.io/component: controller
              topologyKey: topology.kubernetes.io/zone
              maxSkew: 1
              whenUnsatisfiable: ScheduleAnyway
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: ingress-nginx
                  app.kubernetes.io/instance: RELEASE-NAME
                  app.kubernetes.io/component: controller
              topologyKey: kubernetes.io/hostname
              maxSkew: 1
              whenUnsatisfiable: ScheduleAnyway
  - it: should create a Deployment with affinity if `controller.affinity` is set
    set:
      controller.affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - '{{ include "ingress-nginx.name" . }}'
                  - key: app.kubernetes.io/instance
                    operator: In
                    values:
                      - '{{ .Release.Name }}'
                  - key: app.kubernetes.io/component
                    operator: In
                    values:
                      - controller
              topologyKey: kubernetes.io/hostname
    asserts:
      - equal:
          path: spec.template.spec.affinity
          value:
            podAntiAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                - labelSelector:
                    matchExpressions:
                      - key: app.kubernetes.io/name
                        operator: In
                        values:
                          - ingress-nginx
                      - key: app.kubernetes.io/instance
                        operator: In
                        values:
                          - RELEASE-NAME
                      - key: app.kubernetes.io/component
                        operator: In
                        values:
                          - controller
                  topologyKey: kubernetes.io/hostname
  - it: should create a Deployment with `runAsGroup` if `controller.image.runAsGroup` is set
    set:
      controller.image.runAsGroup: 1000
    asserts:
      - equal:
          path: spec.template.spec.containers[0].securityContext.runAsGroup
          value: 1000
  - it: should create a Deployment with a custom tag if `controller.image.tag` is set
    set:
      controller.image.tag: my-little-custom-tag
      controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
    asserts:
      - equal:
          path: spec.template.spec.containers[0].image
          value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
--- a/charts/ingress-nginx/tests/controller-ingressclass-aliases_test.yaml
+++ b/charts/ingress-nginx/tests/controller-ingressclass-aliases_test.yaml
@ -37,6 +37,24 @@ tests:
      - notExists:
          path: metadata.annotations["ingressclass.kubernetes.io/is-default-class"]
  - it: should create an IngressClass alias with annotations if `controller.ingressClassResource.annotations` is set
    set:
      controller.ingressClassResource.aliases:
        - nginx-alias
      controller.ingressClassResource.annotations:
        my-fancy-annotation: has-a-value
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: IngressClass
      - equal:
          path: metadata.name
          value: nginx-alias
      - equal:
          path: metadata.annotations.my-fancy-annotation
          value: has-a-value
  - it: should create an IngressClass alias with controller "k8s.io/ingress-nginx-internal" if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
    set:
      controller.ingressClassResource.aliases:
--- a/charts/ingress-nginx/tests/controller-ingressclass_test.yaml
+++ b/charts/ingress-nginx/tests/controller-ingressclass_test.yaml
@ -40,6 +40,22 @@ tests:
          path: metadata.annotations["ingressclass.kubernetes.io/is-default-class"]
          value: "true"
  - it: should create an IngressClass with annotations if `controller.ingressClassResource.annotations` is set
    set:
      controller.ingressClassResource.annotations:
        my-fancy-annotation: has-a-value
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: IngressClass
      - equal:
          path: metadata.name
          value: nginx
      - equal:
          path: metadata.annotations.my-fancy-annotation
          value: has-a-value
  - it: should create an IngressClass with controller "k8s.io/ingress-nginx-internal" if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
    set:
      controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
--- a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml
+++ b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml
@ -0,0 +1,146 @@
 suite: Default Backend > Deployment
 templates:
  - default-backend-deployment.yaml
 tests:
  - it: should not create a Deployment if `defaultBackend.enabled` is false
    set:
      defaultBackend.enabled: false
    asserts:
      - hasDocuments:
          count: 0
  - it: should create a Deployment if `defaultBackend.enabled` is true
    set:
      defaultBackend.enabled: true
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: Deployment
      - equal:
          path: metadata.name
          value: RELEASE-NAME-ingress-nginx-defaultbackend
  - it: should create a Deployment with 3 replicas if `defaultBackend.replicaCount` is 3
    set:
      defaultBackend.enabled: true
      defaultBackend.replicaCount: 3
    asserts:
      - equal:
          path: spec.replicas
          value: 3
  - it: should create a Deployment without replicas if `defaultBackend.autoscaling.enabled` is true
    set:
      defaultBackend.enabled: true
      defaultBackend.autoscaling.enabled: true
    asserts:
      - notExists:
          path: spec.replicas
  - it: should create a Deployment with resource limits if `defaultBackend.resources.limits` is set
    set:
      defaultBackend.enabled: true
      defaultBackend.resources.limits.cpu: 500m
      defaultBackend.resources.limits.memory: 512Mi
    asserts:
      - equal:
          path: spec.template.spec.containers[0].resources.limits.cpu
          value: 500m
      - equal:
          path: spec.template.spec.containers[0].resources.limits.memory
          value: 512Mi
  - it: should create a Deployment with topology spread constraints if `defaultBackend.topologySpreadConstraints` is set
    set:
      defaultBackend.enabled: true
      defaultBackend.topologySpreadConstraints:
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
              app.kubernetes.io/instance: '{{ .Release.Name }}'
              app.kubernetes.io/component: default-backend
          topologyKey: topology.kubernetes.io/zone
          maxSkew: 1
          whenUnsatisfiable: ScheduleAnyway
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
              app.kubernetes.io/instance: '{{ .Release.Name }}'
              app.kubernetes.io/component: default-backend
          topologyKey: kubernetes.io/hostname
          maxSkew: 1
          whenUnsatisfiable: ScheduleAnyway
    asserts:
      - equal:
          path: spec.template.spec.topologySpreadConstraints
          value:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: ingress-nginx
                  app.kubernetes.io/instance: RELEASE-NAME
                  app.kubernetes.io/component: default-backend
              topologyKey: topology.kubernetes.io/zone
              maxSkew: 1
              whenUnsatisfiable: ScheduleAnyway
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: ingress-nginx
                  app.kubernetes.io/instance: RELEASE-NAME
                  app.kubernetes.io/component: default-backend
              topologyKey: kubernetes.io/hostname
              maxSkew: 1
              whenUnsatisfiable: ScheduleAnyway
  - it: should create a Deployment with affinity if `defaultBackend.affinity` is set
    set:
      defaultBackend.enabled: true
      defaultBackend.affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - '{{ include "ingress-nginx.name" . }}'
                  - key: app.kubernetes.io/instance
                    operator: In
                    values:
                      - '{{ .Release.Name }}'
                  - key: app.kubernetes.io/component
                    operator: In
                    values:
                      - default-backend
              topologyKey: kubernetes.io/hostname
    asserts:
      - equal:
          path: spec.template.spec.affinity
          value:
            podAntiAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                - labelSelector:
                    matchExpressions:
                      - key: app.kubernetes.io/name
                        operator: In
                        values:
                          - ingress-nginx
                      - key: app.kubernetes.io/instance
                        operator: In
                        values:
                          - RELEASE-NAME
                      - key: app.kubernetes.io/component
                        operator: In
                        values:
                          - default-backend
                  topologyKey: kubernetes.io/hostname
  - it: should create a Deployment with `runAsGroup` if `defaultBackend.image.runAsGroup` is set
    set:
      defaultBackend.enabled: true
      defaultBackend.image.runAsGroup: 1000
    asserts:
      - equal:
          path: spec.template.spec.containers[0].securityContext.runAsGroup
          value: 1000
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@ -26,13 +26,17 @@ controller:
    ## for backwards compatibility consider setting the full image url via the repository value below
    ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
    ## repository:
-    tag: "v1.10.0"
+    tag: "v1.11.2"
-    digest: sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+    digest: sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
-    digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096
+    digestChroot: sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8
    pullPolicy: IfNotPresent
    runAsNonRoot: true
-    # www-data -> uid 101
+    # -- This value must not be changed using the official image.
    # uid=101(www-data) gid=82(www-data) groups=82(www-data)
    runAsUser: 101
    # -- This value must not be changed using the official image.
    # uid=101(www-data) gid=82(www-data) groups=82(www-data)
    runAsGroup: 82
    allowPrivilegeEscalation: false
    seccompProfile:
      type: RuntimeDefault
@ -45,7 +49,8 @@ controller:
  containerPort:
    http: 80
    https: 443
-  # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
+  # -- Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates.
  # Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
  config: {}
  # -- Annotations to be added to the controller config configuration configmap.
  configAnnotations: {}
@ -85,6 +90,8 @@ controller:
  enableTopologyAwareRouting: false
  # -- This configuration disable Nginx Controller Leader Election
  disableLeaderElection: false
  # -- Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s)
  electionTTL: ""
  # -- This configuration defines if Ingress Controller should allow users to set
  # their own *-snippet annotations, otherwise this is forbidden / dropped
  # when users add those annotations.
@ -122,6 +129,8 @@ controller:
    # Ingress creation gets rejected if there are multiple default IngressClasses.
    # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class
    default: false
    # -- Annotations to be added to the IngressClass resource.
    annotations: {}
    # -- Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value.
    # This value is also being set as the `--controller-class` argument of this Ingress Controller.
    # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
@ -255,11 +264,11 @@ controller:
  #         - key: app.kubernetes.io/name
  #           operator: In
  #           values:
-  #           - ingress-nginx
+  #           - '{{ include "ingress-nginx.name" . }}'
  #         - key: app.kubernetes.io/instance
  #           operator: In
  #           values:
-  #           - ingress-nginx
+  #           - '{{ .Release.Name }}'
  #         - key: app.kubernetes.io/component
  #           operator: In
  #           values:
@ -274,16 +283,16 @@ controller:
  #       - key: app.kubernetes.io/name
  #         operator: In
  #         values:
-  #         - ingress-nginx
+  #         - '{{ include "ingress-nginx.name" . }}'
  #       - key: app.kubernetes.io/instance
  #         operator: In
  #         values:
-  #         - ingress-nginx
+  #         - '{{ .Release.Name }}'
  #       - key: app.kubernetes.io/component
  #         operator: In
  #         values:
  #         - controller
-  #     topologyKey: "kubernetes.io/hostname"
+  #     topologyKey: kubernetes.io/hostname
  # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
@ -683,6 +692,7 @@ controller:
  #   containerSecurityContext:
  #     runAsNonRoot: true
  #     runAsUser: <user-id>
  #     runAsGroup: <group-id>
  #     allowPrivilegeEscalation: false
  #     seccompProfile:
  #       type: RuntimeDefault
@ -701,17 +711,18 @@ controller:
    name: opentelemetry
    image:
      registry: registry.k8s.io
-      image: ingress-nginx/opentelemetry
+      image: ingress-nginx/opentelemetry-1.25.3
      ## for backwards compatibility consider setting the full image url via the repository value below
      ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
      ## repository:
-      tag: "v20230721-3e2062ee5"
+      tag: v20240813-b933310d
-      digest: sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472
+      digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
      distroless: true
    containerSecurityContext:
      runAsNonRoot: true
      # -- The image's default user, inherited from its base image `cgr.dev/chainguard/static`.
      runAsUser: 65532
      runAsGroup: 65532
      allowPrivilegeEscalation: false
      seccompProfile:
        type: RuntimeDefault
@ -763,6 +774,7 @@ controller:
      securityContext:
        runAsNonRoot: true
        runAsUser: 65532
        runAsGroup: 65532
        allowPrivilegeEscalation: false
        seccompProfile:
          type: RuntimeDefault
@ -783,6 +795,7 @@ controller:
      securityContext:
        runAsNonRoot: true
        runAsUser: 65532
        runAsGroup: 65532
        allowPrivilegeEscalation: false
        seccompProfile:
          type: RuntimeDefault
@ -799,8 +812,8 @@ controller:
        ## for backwards compatibility consider setting the full image url via the repository value below
        ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
        ## repository:
-        tag: v1.4.0
+        tag: v1.4.3
-        digest: sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        digest: sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        pullPolicy: IfNotPresent
      # -- Provide a priority class name to the webhook patching job
      ##
@ -817,6 +830,18 @@ controller:
      labels: {}
      # -- Security context for secret creation & webhook patch pods
      securityContext: {}
      # -- Admission webhook patch job RBAC
      rbac:
        # -- Create RBAC or not
        create: true
      # -- Admission webhook patch job service account
      serviceAccount:
        # -- Create a service account or not
        create: true
        # -- Custom service account name
        name: ""
        # -- Auto-mount service account token or not
        automountServiceAccountToken: true
    # Use certmanager to generate webhook certs
    certManager:
      enabled: false
@ -946,6 +971,7 @@ defaultBackend:
    runAsNonRoot: true
    # nobody user -> uid 65534
    runAsUser: 65534
    runAsGroup: 65534
    allowPrivilegeEscalation: false
    seccompProfile:
      type: RuntimeDefault
@ -994,7 +1020,68 @@ defaultBackend:
  #    value: "value"
  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
  # -- Affinity and anti-affinity rules for server scheduling to nodes
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}
  # # An example of preferred pod anti-affinity, weight is in the range 1-100
  # podAntiAffinity:
  #   preferredDuringSchedulingIgnoredDuringExecution:
  #   - weight: 100
  #     podAffinityTerm:
  #       labelSelector:
  #         matchExpressions:
  #         - key: app.kubernetes.io/name
  #           operator: In
  #           values:
  #           - '{{ include "ingress-nginx.name" . }}'
  #         - key: app.kubernetes.io/instance
  #           operator: In
  #           values:
  #           - '{{ .Release.Name }}'
  #         - key: app.kubernetes.io/component
  #           operator: In
  #           values:
  #           - default-backend
  #       topologyKey: kubernetes.io/hostname
  # # An example of required pod anti-affinity
  # podAntiAffinity:
  #   requiredDuringSchedulingIgnoredDuringExecution:
  #   - labelSelector:
  #       matchExpressions:
  #       - key: app.kubernetes.io/name
  #         operator: In
  #         values:
  #         - '{{ include "ingress-nginx.name" . }}'
  #       - key: app.kubernetes.io/instance
  #         operator: In
  #         values:
  #         - '{{ .Release.Name }}'
  #       - key: app.kubernetes.io/component
  #         operator: In
  #         values:
  #         - default-backend
  #     topologyKey: kubernetes.io/hostname
  # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
  # Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  topologySpreadConstraints: []
  # - labelSelector:
  #     matchLabels:
  #       app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
  #       app.kubernetes.io/instance: '{{ .Release.Name }}'
  #       app.kubernetes.io/component: default-backend
  #   topologyKey: topology.kubernetes.io/zone
  #   maxSkew: 1
  #   whenUnsatisfiable: ScheduleAnyway
  # - labelSelector:
  #     matchLabels:
  #       app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
  #       app.kubernetes.io/instance: '{{ .Release.Name }}'
  #       app.kubernetes.io/component: default-backend
  #   topologyKey: kubernetes.io/hostname
  #   maxSkew: 1
  #   whenUnsatisfiable: ScheduleAnyway
  # -- Security context for default backend pods
  podSecurityContext: {}
  # -- Security context for default backend containers
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@ -1,25 +1,15 @@
 # See https://cloud.google.com/cloud-build/docs/build-config
 timeout: 18000s
 options:
  # Ignore Prow provided substitutions.
  substitution_option: ALLOW_LOOSE
 steps:
-  - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90'
+  - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9
    entrypoint: bash
    env:
      - DOCKER_CLI_EXPERIMENTAL=enabled
      - REGISTRY=gcr.io/k8s-staging-ingress-nginx
      - REPO_INFO=https://github.com/kubernetes/ingress-nginx
-      - COMMIT_SHA=$_PULL_BASE_SHA
+      - COMMIT_SHA=${_PULL_BASE_SHA}
-      - BUILD_ID=$BUILD_ID
+      - BUILD_ID=${BUILD_ID}
-      - HOME=/root
+    entrypoint: bash
      - USER=root
    args:
      - -c
-    - |
+      - gcloud auth configure-docker && make release
-      gcloud auth configure-docker \
+timeout: 1800s
      && make release
 substitutions:
  _GIT_TAG: "12345"
  _PULL_BASE_REF: "main"
  _PULL_BASE_SHA: '12345'
--- a/cmd/annotations/annotations.tmpl
+++ b/cmd/annotations/annotations.tmpl
@ -0,0 +1,7 @@
 # Annotations Scope and Risk
 |Group   |Annotation        | Risk | Scope |
 |--------|------------------|------|-------|
 {{- range $doc := . }}
 | {{ $doc.Group }} | {{ $doc.Annotation }} | {{ $doc.Risk }} | {{ $doc.Scope }} |
 {{- end }}
--- a/cmd/annotations/main.go
+++ b/cmd/annotations/main.go
@ -0,0 +1,91 @@
 /*
 Copyright 2024 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"bytes"
 	"embed"
 	"flag"
 	"fmt"
 	"os"
 	"slices"
 	"strings"
 	"text/template"
 	anns "k8s.io/ingress-nginx/internal/ingress/annotations"
 )
 type Documentation struct {
 	Group      string
 	Annotation string
 	Risk       string
 	Scope      string
 }
 var output string
 //go:embed annotations.tmpl
 var content embed.FS
 func main() {
 	flag.StringVar(&output, "output", "", "where to write documentation")
 	flag.Parse()
 	if output == "" {
 		panic(fmt.Errorf("output field is required"))
 	}
 	docEntries := make([]Documentation, 0)
 	annotationFactory := anns.NewAnnotationFactory(nil)
 	for group, val := range annotationFactory {
 		annotations := val.GetDocumentation()
 		intermediateDocs := make([]Documentation, len(annotations))
 		i := 0
 		for annotation, values := range annotations {
 			doc := Documentation{
 				Group:      group,
 				Annotation: annotation,
 				Scope:      string(values.Scope),
 				Risk:       values.Risk.ToString(),
 			}
 			intermediateDocs[i] = doc
 			i++
 		}
 		slices.SortStableFunc(intermediateDocs, func(a, b Documentation) int {
 			return strings.Compare(a.Annotation, b.Annotation)
 		})
 		docEntries = append(docEntries, intermediateDocs...)
 	}
 	slices.SortStableFunc(docEntries, func(a, b Documentation) int {
 		return strings.Compare(a.Group, b.Group)
 	})
 	tmpl, err := template.New("annotations.tmpl").ParseFS(content, "annotations.tmpl")
 	if err != nil {
 		panic(fmt.Errorf("error parsing template: %s", err))
 	}
 	tplBuffer := new(bytes.Buffer)
 	err = tmpl.Execute(tplBuffer, docEntries)
 	if err != nil {
 		panic(err)
 	}
 	tplBuffer.WriteString("\n")
 	//nolint:gosec // no need to check file permission here
 	if err := os.WriteFile(output, tplBuffer.Bytes(), 0o755); err != nil {
 		panic(err)
 	}
 }
--- a/deploy/grafana/dashboards/README.md
+++ b/deploy/grafana/dashboards/README.md
@ -19,7 +19,7 @@ This folder contains two dashboards that you can import.
 ### Requirements
- **Grafana v5.2.0** (or newer)
+- **Grafana v10.4.3** (or newer)
 ## 2. Request Handling Performance
@ -36,4 +36,4 @@ This folder contains two dashboards that you can import.
 ### Requirements
- **Grafana v6.6.0** (or newer)
+- **Grafana v10.4.3** (or newer)
--- a/deploy/grafana/dashboards/nginx.json
+++ b/deploy/grafana/dashboards/nginx.json
--- a/deploy/grafana/dashboards/request-handling-performance.json
+++ b/deploy/grafana/dashboards/request-handling-performance.json
--- a/deploy/static/provider/aws/deploy.yaml
+++ b/deploy/static/provider/aws/deploy.yaml
@ -15,11 +15,12 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
@ -27,7 +28,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +40,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +130,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +149,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +231,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +250,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +270,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +289,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +308,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +329,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -344,7 +345,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -377,7 +378,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -400,7 +401,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -422,7 +423,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
    spec:
      containers:
      - args:
@ -447,7 +448,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -523,7 +524,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -534,7 +535,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -548,7 +549,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -574,7 +575,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -585,7 +586,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -601,7 +602,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -627,7 +628,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -640,7 +641,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
+++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
@ -15,11 +15,12 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
@ -27,7 +28,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +40,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +130,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +149,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +231,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +250,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +270,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +289,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +308,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -335,7 +336,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -353,7 +354,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -386,7 +387,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -409,7 +410,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -431,7 +432,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
    spec:
      containers:
      - args:
@ -456,7 +457,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -535,7 +536,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -546,7 +547,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -560,7 +561,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -586,7 +587,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -597,7 +598,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -613,7 +614,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -639,7 +640,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -652,7 +653,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/baremetal/deploy.yaml
+++ b/deploy/static/provider/baremetal/deploy.yaml
@ -15,11 +15,12 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
@ -27,7 +28,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +40,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +130,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +149,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +231,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +250,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +270,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +289,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +308,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +329,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -340,7 +341,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -372,7 +373,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -395,7 +396,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -417,7 +418,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
    spec:
      containers:
      - args:
@ -441,7 +442,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -517,7 +518,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -528,7 +529,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -542,7 +543,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -568,7 +569,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -579,7 +580,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -595,7 +596,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -621,7 +622,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -634,7 +635,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/cloud/deploy.yaml
+++ b/deploy/static/provider/cloud/deploy.yaml
@ -15,11 +15,12 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
@ -27,7 +28,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +40,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +130,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +149,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +231,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +250,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +270,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +289,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +308,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +329,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -340,7 +341,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -373,7 +374,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -396,7 +397,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -418,7 +419,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
    spec:
      containers:
      - args:
@ -443,7 +444,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -519,7 +520,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -530,7 +531,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -544,7 +545,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -570,7 +571,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -581,7 +582,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -597,7 +598,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -623,7 +624,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -636,7 +637,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/do/deploy.yaml
+++ b/deploy/static/provider/do/deploy.yaml
@ -15,11 +15,12 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
@ -27,7 +28,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +40,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +130,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +149,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +231,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +250,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +270,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +289,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +308,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -329,7 +330,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -343,7 +344,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -376,7 +377,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -399,7 +400,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -421,7 +422,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
    spec:
      containers:
      - args:
@ -446,7 +447,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -522,7 +523,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -533,7 +534,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -547,7 +548,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -573,7 +574,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -584,7 +585,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -600,7 +601,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -626,7 +627,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -639,7 +640,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/exoscale/deploy.yaml
+++ b/deploy/static/provider/exoscale/deploy.yaml
@ -15,11 +15,12 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
@ -27,7 +28,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +40,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +130,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +149,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +231,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +250,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +270,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +289,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +308,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +329,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -349,7 +350,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -382,7 +383,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -405,7 +406,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -423,7 +424,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
    spec:
      containers:
      - args:
@ -448,7 +449,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -528,7 +529,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -539,7 +540,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -553,7 +554,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -579,7 +580,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -590,7 +591,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -606,7 +607,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -632,7 +633,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -645,7 +646,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/kind/deploy.yaml
+++ b/deploy/static/provider/kind/deploy.yaml
@ -15,11 +15,12 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
@ -27,7 +28,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +40,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +130,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +149,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +231,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +250,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +270,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +289,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +308,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +329,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -340,7 +341,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -372,7 +373,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -395,7 +396,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -417,7 +418,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
    spec:
      containers:
      - args:
@ -443,7 +444,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -529,7 +530,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -540,7 +541,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -554,7 +555,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -580,7 +581,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -591,7 +592,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -607,7 +608,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -633,7 +634,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -646,7 +647,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/oracle/deploy.yaml
+++ b/deploy/static/provider/oracle/deploy.yaml
@ -15,11 +15,12 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
@ -27,7 +28,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +40,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +130,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +149,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +231,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +250,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +270,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +289,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +308,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +329,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -344,7 +345,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -377,7 +378,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -400,7 +401,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -422,7 +423,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
    spec:
      containers:
      - args:
@ -447,7 +448,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -523,7 +524,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -534,7 +535,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -548,7 +549,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -574,7 +575,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -585,7 +586,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -601,7 +602,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -627,7 +628,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -640,7 +641,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/scw/deploy.yaml
+++ b/deploy/static/provider/scw/deploy.yaml
@ -15,11 +15,12 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 ---
 apiVersion: v1
 automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  labels:
@ -27,7 +28,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +40,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +130,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +149,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +231,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +250,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +270,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +289,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +308,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -329,7 +330,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -343,7 +344,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -376,7 +377,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -399,7 +400,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -421,7 +422,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
    spec:
      containers:
      - args:
@ -446,7 +447,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -522,7 +523,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -533,7 +534,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -547,7 +548,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -573,7 +574,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -584,7 +585,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.10.0
+        app.kubernetes.io/version: 1.11.2
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -600,7 +601,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -626,7 +627,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -639,7 +640,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.10.0
+    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/docs/OWNERS
+++ b/docs/OWNERS
@ -1,4 +1,4 @@
-# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
 approvers:
 - ingress-nginx-docs-maintainers
--- a/docs/deploy/index.md
+++ b/docs/deploy/index.md
@ -65,10 +65,29 @@ It will install the controller in the `ingress-nginx` namespace, creating that n
 helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx
 ```
 !!! attention "Helm install on AWS/GCP/Azure/Other providers"
    The *ingress-nginx-controller helm-chart is a generic install out of the box*. The default set of helm values is **not** configured for installation on any infra provider. The annotations that are applicable to the cloud provider must be customized by the users.<br/>
    See [AWS LB Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/service/annotations/).<br/>
    Examples of some annotations needed for the service resource of `--type LoadBalancer` on AWS are below:
    ```yaml
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
        service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
        service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
        service.beta.kubernetes.io/aws-load-balancer-type: nlb
        service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: "true"
        service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
        service.beta.kubernetes.io/aws-load-balancer-security-groups: "sg-something1 sg-something2"
        service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: "somebucket"
        service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: "ingress-nginx"
        service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval: "5"
    ```
 **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead:
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml
 ```
 !!! info
@ -83,6 +102,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
 ### Firewall configuration
 To check which ports are used by your installation of ingress-nginx, look at the output of `kubectl -n ingress-nginx get pod -o yaml`. In general, you need:
 - Port 8443 open between all hosts on which the kubernetes nodes are running. This is used for the ingress-nginx [admission controller](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/).
 - Port 80 (for HTTP) and/or 443 (for HTTPS) open to the public on the kubernetes nodes to which the DNS of your apps are pointing.
@ -104,7 +124,6 @@ kubectl wait --namespace ingress-nginx \
  --timeout=120s
 ```
 ### Local testing
 Let's create a simple web server and the associated service:
@ -135,6 +154,7 @@ kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller
  [This issue](https://github.com/kubernetes/ingress-nginx/issues/10014#issuecomment-1567791549described) shows a typical DNS problem and its solution.
 At this point, you can access your deployment using curl ;
 ```console
 curl --resolve demo.localdev.me:8080:127.0.0.1 http://demo.localdev.me:8080
 ```
@ -164,13 +184,13 @@ kubectl create ingress demo --class=nginx \
 ```
 Alternatively, the above command can be rewritten as follows for the ```--rule``` command and below.
 ```console
 kubectl create ingress demo --class=nginx \
  --rule www.demo.io/=demo:80
 ```
-
+You should then be able to see the "It works!" page when you connect to <http://www.demo.io/>. Congratulations,
 You should then be able to see the "It works!" page when you connect to http://www.demo.io/. Congratulations, 
 you are serving a public website hosted on a Kubernetes cluster! 🎉
 ## Environment-specific instructions
@ -246,10 +266,11 @@ In AWS, we use a Network load balancer (NLB) to expose the Ingress-Nginx Control
    [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html)
    with [AWS Load Balancer Controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller).
 ##### Network Load Balancer (NLB)
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/aws/deploy.yaml
 ```
 ##### TLS termination in AWS Load Balancer (NLB)
@ -257,23 +278,26 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
 By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer.
 This section explains how to do that on AWS using an NLB.
-1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template
+1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template
  ```console
-  wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
+  wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
  ```
 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster:
   ```
   proxy-real-ip-cidr: XXX.XXX.XXX/XX
   ```
 3. Change the AWS Certificate Manager (ACM) ID as well:
   ```
   arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX
   ```
 4. Deploy the manifest:
   ```console
   kubectl apply -f deploy.yaml
   ```
@ -304,9 +328,8 @@ kubectl create clusterrolebinding cluster-admin-binding \
 Then, the ingress controller can be installed like this:
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml
 ```
 !!! warning
@ -323,7 +346,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to
 #### Azure
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml
 ```
 More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller).
@ -331,16 +354,18 @@ More information with regard to Azure annotations for ingress controller can be
 #### Digital Ocean
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/do/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/do/deploy.yaml
 ```
 - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data.
 - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data.
 #### Scaleway
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/scw/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/scw/deploy.yaml
 ```
 Refer to the [dedicated tutorial](https://www.scaleway.com/en/docs/tutorials/proxy-protocol-v2-load-balancer/#configuring-proxy-protocol-for-ingress-nginx) in the Scaleway documentation for configuring the proxy protocol for ingress-nginx with the Scaleway load balancer.
 #### Exoscale
@ -354,7 +379,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale
 #### Oracle Cloud Infrastructure
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml
 ```
 A
@ -381,7 +406,7 @@ For quick testing, you can use a
 This should work on almost every cluster, but it will typically use a port in the range 30000-32767.
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/baremetal/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/baremetal/deploy.yaml
 ```
 For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range),
@ -439,11 +464,13 @@ Ingress resources evolved over time. They started with `apiVersion: extensions/v
 then moved to `apiVersion: networking.k8s.io/v1beta1` and more recently to `apiVersion: networking.k8s.io/v1`.
 Here is how these Ingress versions are supported in Kubernetes:
 - before Kubernetes 1.19, only `v1beta1` Ingress resources are supported
 - from Kubernetes 1.19 to 1.21, both `v1beta1` and `v1` Ingress resources are supported
 - in Kubernetes 1.22 and above, only `v1` Ingress resources are supported
 And here is how these Ingress versions are supported in Ingress-Nginx Controller:
 - before version 1.0, only `v1beta1` Ingress resources are supported
 - in version 1.0 and above, only `v1` Ingress resources are
--- a/docs/developer-guide/getting-started.md
+++ b/docs/developer-guide/getting-started.md
@ -19,6 +19,10 @@ Install [Go 1.14](https://golang.org/dl/) or later.
 Install [Docker](https://docs.docker.com/engine/install/) (v19.03.0 or later with experimental feature on)
 Install [kubectl](https://kubernetes.io/docs/tasks/tools/) (1.24.0 or higher)
 Install [Kind](https://kind.sigs.k8s.io/)
 !!! important
    The majority of make tasks run as docker containers
--- a/docs/e2e-tests.md
+++ b/docs/e2e-tests.md
@ -80,7 +80,8 @@ Do not try to edit it manually.
 - [should validate auth-tls-verify-client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L208)
 - [should return 403 using auth-tls-match-cn with no matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L267)
 - [should return 200 using auth-tls-match-cn with matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L296)
- [should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L325)
+- [should reload the nginx config when auth-tls-match-cn is updated](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L325)
 - [should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L368)
 ### [backend-protocol](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/backendprotocol.go#L29)
 - [should set backend protocol to https:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/backendprotocol.go#L36)
 - [should set backend protocol to https:// and use proxy_pass with lowercase annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/backendprotocol.go#L51)
@ -148,6 +149,10 @@ Do not try to edit it manually.
 - [should allow correct origins - missing subdomain + origin with wildcard origin and correct origin](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L540)
 - [should allow - missing origins (should allow all origins)](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L576)
 - [should allow correct origin but not others - cors allow origin annotations contain trailing comma](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L636)
 ### [custom-headers-*](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customheaders.go#L33)
 - [should return status code 200 when no custom-headers is configured](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customheaders.go#L40)
 - [should return status code 503 when custom-headers is configured with an invalid secret](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customheaders.go#L57)
 - [more_set_headers 'My-Custom-Header' '42';](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customheaders.go#L78)
 ### [custom-http-errors](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customhttperrors.go#L34)
 - [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customhttperrors.go#L41)
 ### [default-backend](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/default_backend.go#L29)
@ -170,11 +175,13 @@ Do not try to edit it manually.
 - [should redirect from www HTTPS to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/fromtowwwredirect.go#L64)
 ### [annotation-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/globalratelimit.go#L30)
 - [generates correct configuration](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/globalratelimit.go#L38)
-### [backend-protocol - GRPC](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L40)
+### [backend-protocol - GRPC](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L45)
- [should use grpc_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L43)
+- [should use grpc_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L48)
- [should return OK for service with backend protocol GRPC](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L68)
+- [should return OK for service with backend protocol GRPC](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L71)
- [authorization metadata should be overwritten by external auth response headers](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L129)
+- [authorization metadata should be overwritten by external auth response headers](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L132)
- [should return OK for service with backend protocol GRPCS](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L190)
+- [should return OK for service with backend protocol GRPCS](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L193)
 - [should return OK when request not exceed timeout](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L266)
 - [should return Error when request exceed timeout](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L309)
 ### [http2-push-preload](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/http2pushpreload.go#L27)
 - [enable the http2-push-preload directive](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/http2pushpreload.go#L34)
 ### [allowlist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/ipallowlist.go#L27)
@ -261,6 +268,9 @@ Do not try to edit it manually.
 ### [x-forwarded-prefix](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/xforwardedprefix.go#L28)
 - [should set the X-Forwarded-Prefix to the annotation value](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/xforwardedprefix.go#L35)
 - [should not add X-Forwarded-Prefix if the annotation value is empty](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/xforwardedprefix.go#L57)
 ### [[CGroups] cgroups](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/cgroups/cgroups.go#L32)
 - [detects cgroups version v1](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/cgroups/cgroups.go#L40)
 - [detect cgroups version v2](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/cgroups/cgroups.go#L83)
 ### [Debug CLI](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/dbg/main.go#L29)
 - [should list the backend servers](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/dbg/main.go#L37)
 - [should get information for a specific backend server](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/dbg/main.go#L56)
@ -275,6 +285,8 @@ Do not try to edit it manually.
 - [should return a self generated SSL certificate](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/defaultbackend/ssl.go#L29)
 ### [[Default Backend] change default settings](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/defaultbackend/with_hosts.go#L30)
 - [should apply the annotation to the default backend](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/defaultbackend/with_hosts.go#L38)
 ### [[Disable Leader] Routing works when leader election was disabled](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/disableleaderelection/disable_leader.go#L28)
 - [should create multiple ingress routings rules when leader election has disabled](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/disableleaderelection/disable_leader.go#L35)
 ### [[Endpointslices] long service name](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/endpointslices/longname.go#L29)
 - [should return 200 when service name has max allowed number of characters 63](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/endpointslices/longname.go#L38)
 ### [[TopologyHints] topology aware routing](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/endpointslices/topology.go#L34)
@ -295,6 +307,10 @@ Do not try to edit it manually.
 - [should choose the correct location](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_mixed.go#L39)
 ### [[Ingress] [PathType] prefix checks](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L28)
 - [should return 404 when prefix /aaa does not match request /aaaccc](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L35)
 - [should test prefix path using simple regex pattern for /id/{int}](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L72)
 - [should test prefix path using regex pattern for /id/{int} ignoring non-digits characters at end of string](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L113)
 - [should test prefix path using fixed path size regex pattern /id/{int}{3}](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L142)
 - [should correctly route multi-segment path patterns](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L177)
 ### [[Ingress] definition without host](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/without_host.go#L31)
 - [should set ingress details variables for ingresses without a host](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/without_host.go#L34)
 - [should set ingress details variables for ingresses with host without IngressRuleValue, only Backend](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/without_host.go#L55)
@ -388,6 +404,7 @@ Do not try to edit it manually.
 ### [Geoip2](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/geoip2.go#L36)
 - [should include geoip2 line in config when enabled and db file exists](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/geoip2.go#L45)
 - [should only allow requests from specific countries](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/geoip2.go#L69)
 - [should up and running nginx controller using autoreload flag](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/geoip2.go#L128)
 ### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/global_access_block.go#L28)
 - [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/global_access_block.go#L38)
 - [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/global_access_block.go#L55)
@ -405,6 +422,8 @@ Do not try to edit it manually.
 - [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/global_options.go#L37)
 ### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/globalratelimit.go#L30)
 - [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/globalratelimit.go#L38)
 ### [GRPC](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/grpc.go#L39)
 - [should set the correct GRPC Buffer Size](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/grpc.go#L42)
 ### [gzip](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L30)
 - [should be disabled by default](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L40)
 - [should be enabled with default settings](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L56)
--- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml
+++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml
@ -5,8 +5,8 @@ defaultBackend:
  enabled: true
  image:
    registry: registry.k8s.io
-    image: ingress-nginx/nginx-errors
+    image: ingress-nginx/custom-error-pages
-    tag: "v20230505@sha256:3600dcd1bbd0d05959bb01af4b272714e94d22d24a64e91838e7183c80e53f7f"
+    tag: v1.0.1@sha256:d8ab7de384cf41bdaa696354e19f1d0efbb0c9ac69f8682ffc0cc008a252eb76
  extraVolumes:
  - name: custom-error-pages
    configMap:
--- a/docs/examples/customization/custom-errors/custom-default-backend.yaml
+++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml
@ -36,7 +36,7 @@ spec:
    spec:
      containers:
      - name: nginx-error-server
-        image: registry.k8s.io/ingress-nginx/nginx-errors:v20230505@sha256:3600dcd1bbd0d05959bb01af4b272714e94d22d24a64e91838e7183c80e53f7f
+        image: registry.k8s.io/ingress-nginx/custom-error-pages:v1.0.1@sha256:d8ab7de384cf41bdaa696354e19f1d0efbb0c9ac69f8682ffc0cc008a252eb76
        ports:
        - containerPort: 8080
        # Setting the environment variable DEBUG we can see the headers sent 
--- a/docs/examples/grpc/README.md
+++ b/docs/examples/grpc/README.md
@ -166,11 +166,9 @@ This example demonstrates how to route traffic to a gRPC service through the Ing
 ### Notes on using response/request streams
 > `grpc_read_timeout` and `grpc_send_timeout` will be set as `proxy_read_timeout` and `proxy_send_timeout` when you set backend protocol to `GRPC` or `GRPCS`.
 1. If your server only does response streaming and you expect a stream to be open longer than 60 seconds, you will have to change the `grpc_read_timeout` to accommodate this.
 2. If your service only does request streaming and you expect a stream to be open longer than 60 seconds, you have to change the
 `grpc_send_timeout` and the `client_body_timeout`.
 3. If you do both response and request streaming with an open stream longer than 60 seconds, you have to change all three timeouts: `grpc_read_timeout`, `grpc_send_timeout` and `client_body_timeout`.
 Values for the timeouts must be specified as e.g. `"1200s"`.
 > On the most recent versions of ingress-nginx, changing these timeouts requires using the `nginx.ingress.kubernetes.io/server-snippet` annotation. There are plans for future releases to allow using the Kubernetes annotations to define each timeout separately.
--- a/docs/faq.md
+++ b/docs/faq.md
@ -1,33 +1,190 @@
 # FAQ
 ## Multiple controller in one cluster
 Question - How can I easily install multiple instances of the ingress-nginx controller in the same cluster?
 You can install them in different namespaces.
 - Create a new namespace
  ```
  kubectl create namespace ingress-nginx-2
  ```
 - Use Helm to install the additional instance of the ingress controller
 - Ensure you have Helm working (refer to the [Helm documentation](https://helm.sh/docs/))
 - We have to assume that you have the helm repo for the ingress-nginx controller already added to your Helm config.
  But, if you have not added the helm repo then you can do this to add the repo to your helm config;
  ```
  helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
  ```
 - Make sure you have updated the helm repo data;
  ```
  helm repo update
  ```
 - Now, install an additional instance of the ingress-nginx controller like this:
  ```
  helm install ingress-nginx-2 ingress-nginx/ingress-nginx  \
  --namespace ingress-nginx-2 \
  --set controller.ingressClassResource.name=nginx-two \
  --set controller.ingressClass=nginx-two \
  --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
  --set controller.ingressClassResource.enabled=true \
  --set controller.ingressClassByName=true
  ```
 If you need to install yet another instance, then repeat the procedure to create a new namespace,
 change the values such as names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs.
 Note that `controller.ingressClassResource.name` and `controller.ingressClass` have to be set correctly.
 The first is to create the IngressClass object and the other is to modify the deployment of the actual ingress controller pod.
 ### I can't use multiple namespaces, what should I do?
 If you need to install all instances in the same namespace, then you need to specify a different **election id**, like this:
 ```
 helm install ingress-nginx-2 ingress-nginx/ingress-nginx  \
 --namespace kube-system \
 --set controller.electionID=nginx-two-leader \
 --set controller.ingressClassResource.name=nginx-two \
 --set controller.ingressClass=nginx-two \
 --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
 --set controller.ingressClassResource.enabled=true \
 --set controller.ingressClassByName=true
 ```
 ## Retaining Client IPAddress
-Please read [Retain Client IPAddress Guide here](./user-guide/retaining-client-ipaddress.md).
+Question - How to obtain the real-client-ipaddress ?
 The goto solution for retaining the real-client IPaddress is to enable PROXY protocol.
 Enabling PROXY protocol has to be done on both, the Ingress NGINX controller, as well as the L4 load balancer, in front of the controller.
 The real-client IP address is lost by default, when traffic is forwarded over the network. But enabling PROXY protocol ensures that the connection details are retained and hence the real-client IP address doesn't get lost.
 Enabling proxy-protocol on the controller is documented [here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-proxy-protocol) .
 For enabling proxy-protocol on the LoadBalancer, please refer to the documentation of your infrastructure provider because that is where the LB is provisioned.
 Some more info available [here](https://kubernetes.github.io/ingress-nginx/user-guide/miscellaneous/#source-ip-address)
 Some more info on proxy-protocol is [here](https://kubernetes.github.io/ingress-nginx/user-guide/miscellaneous/#proxy-protocol)
 ### client-ipaddress on single-node cluster
 Single node clusters are created for dev & test uses with tools like "kind" or "minikube". A trick to simulate a real use network with these clusters (kind or minikube) is to install Metallb and configure the ipaddress of the kind container or the minikube vm/container, as the starting and ending of the pool for Metallb in L2 mode. Then the host ip becomes a real client ipaddress, for curl requests sent from the host.
 After installing ingress-nginx controller on a kind or a minikube cluster with helm, you can configure it for real-client-ip with a simple change to the service that ingress-nginx controller creates. The service object of --type LoadBalancer has a field service.spec.externalTrafficPolicy. If you set the value of this field to "Local" then the real-ipaddress of a client is visible to the controller.
 ```
 % kubectl explain service.spec.externalTrafficPolicy
 KIND:       Service
 VERSION:    v1
 FIELD: externalTrafficPolicy <string>
 DESCRIPTION:
    externalTrafficPolicy describes how nodes distribute service traffic they
    receive on one of the Service's "externally-facing" addresses (NodePorts,
    ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will
    configure the service in a way that assumes that external load balancers
    will take care of balancing the service traffic between nodes, and so each
    node will deliver traffic only to the node-local endpoints of the service,
    without masquerading the client source IP. (Traffic mistakenly sent to a
    node with no endpoints will be dropped.) The default value, "Cluster", uses
    the standard behavior of routing to all endpoints evenly (possibly modified
    by topology and other features). Note that traffic sent to an External IP or
    LoadBalancer IP from within the cluster will always get "Cluster" semantics,
    but clients sending to a NodePort from within the cluster may need to take
    traffic policy into account when picking a node.
    Possible enum values:
     - `"Cluster"` routes traffic to all endpoints.
     - `"Local"` preserves the source IP of the traffic by routing only to
    endpoints on the same node as the traffic was received on (dropping the
    traffic if there are no local endpoints).
 ```
 ### client-ipaddress L7
 The solution is to get the real client IPaddress from the ["X-Forward-For" HTTP header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For)
 Example : If your application pod behind Ingress NGINX controller, uses the NGINX webserver and the reverseproxy inside it, then you can do the following to preserve the remote client IP.
 - First you need to make sure that the X-Forwarded-For header reaches the backend pod. This is done by using a Ingress NGINX conftroller ConfigMap key. Its documented [here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-forwarded-headers)
 - Next, edit `nginx.conf` file inside your app pod, to contain the directives shown below:
 ```
 set_real_ip_from 0.0.0.0/0; # Trust all IPs (use your VPC CIDR block in production)
 real_ip_header X-Forwarded-For;
 real_ip_recursive on;
 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" '
                'host=$host x-forwarded-for=$http_x_forwarded_for';
 access_log /var/log/nginx/access.log main;
 ```
 ## Kubernetes v1.22 Migration
-If you are using Ingress objects in your cluster (running Kubernetes older than v1.22), and you plan to upgrade your Kubernetes version to K8S 1.22 or above, then please read [the migration guide here](./user-guide/k8s-122-migration.md).
+If you are using Ingress objects in your cluster (running Kubernetes older than
 version 1.22), and you plan to upgrade your Kubernetes version to K8S 1.22 or
 above, then please read [the migration guide here](./user-guide/k8s-122-migration.md).
-## Validation Of __`path`__
+## Validation Of **`path`**
- For improving security and also following desired standards on Kubernetes API spec, the next release, scheduled for v1.8.0, will include a new & optional feature of validating the value for the key `ingress.spec.rules.http.paths.path` .
+- For improving security and also following desired standards on Kubernetes API
 spec, the next release, scheduled for v1.8.0, will include a new & optional
 feature of validating the value for the key `ingress.spec.rules.http.paths.path`.
- This behavior will be disabled by default on the 1.8.0 release and enabled by default on the next breaking change release, set for 2.0.0.
+- This behavior will be disabled by default on the 1.8.0 release and enabled by
 default on the next breaking change release, set for 2.0.0.
- When "`ingress.spec.rules.http.pathType=Exact`" or "`pathType=Prefix`", this validation will limit the characters accepted on the field "`ingress.spec.rules.http.paths.path`",  to "`alphanumeric characters`", and  `"/," "_," "-."` Also, in this case, the path should start with `"/."`
+- When "`ingress.spec.rules.http.pathType=Exact`" or "`pathType=Prefix`", this
 validation will limit the characters accepted on the field "`ingress.spec.rules.http.paths.path`",
 to "`alphanumeric characters`", and  `"/," "_," "-."` Also, in this case,
 the path should start with `"/."`
- When the ingress resource path contains other characters (like on rewrite configurations), the pathType value should be "`ImplementationSpecific`".
+- When the ingress resource path contains other characters (like on rewrite
 configurations), the pathType value should be "`ImplementationSpecific`".
 - API Spec on pathType is documented [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types)
- When this option is enabled, the validation will happen on the Admission Webhook. So if any new ingress object contains characters other than  "`alphanumeric characters`", and  `"/," "_," "-."` , in the `path` field, but is not using `pathType` value as `ImplementationSpecific`, then the ingress object will be denied admission.
+- When this option is enabled, the validation will happen on the Admission
 Webhook. So if any new ingress object contains characters other than
 alphanumeric characters, and, `"/,","_","-"`, in the `path` field, but
 is not using `pathType` value as `ImplementationSpecific`, then the ingress
 object will be denied admission.
- The cluster admin should establish validation rules using mechanisms like "`Open Policy Agent`", to validate that only authorized users can use ImplementationSpecific pathType and that only the authorized characters can be used. [The configmap value is here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)
+- The cluster admin should establish validation rules using mechanisms like
 "`Open Policy Agent`", to validate that only authorized users can use
 ImplementationSpecific pathType and that only the authorized characters can be
 used. [The configmap value is here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)
 - A complete example of an Openpolicyagent gatekeeper rule is available [here](https://kubernetes.github.io/ingress-nginx/examples/openpolicyagent/)
 - If you have any issues or concerns, please do one of the following:
  - Open a GitHub issue
  - Comment in our Dev Slack Channel
-  - Open a thread in our Google Group ingress-nginx-dev@kubernetes.io
+  - Open a thread in our Google Group <ingress-nginx-dev@kubernetes.io>
 ## Why is chunking not working since controller v1.10 ?
 - If your code is setting the HTTP header `"Transfer-Encoding: chunked"` and
 the controller log messages show an error about duplicate header, it is
 because of this change <http://hg.nginx.org/nginx/rev/2bf7792c262e>
 - More details are available in this issue <https://github.com/kubernetes/ingress-nginx/issues/11162>
--- a/docs/user-guide/cli-arguments.md
+++ b/docs/user-guide/cli-arguments.md
@ -22,6 +22,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment
 | `--disable-sync-events` | Disables the creation of 'Sync' Event resources, but still logs them |
 | `--dynamic-configuration-retries` | Number of times to retry failed dynamic configuration before failing to sync an ingress. (default 15) |
 | `--election-id`                    | Election id to use for Ingress status updates. (default "ingress-controller-leader") |
 | `--election-ttl`                  | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) |
 | `--enable-metrics`                 | Enables the collection of NGINX metrics. (default true) |
 | `--enable-ssl-chain-completion`    | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)|
 | `--enable-ssl-passthrough`         | Enable SSL Passthrough. (default false) |
--- a/docs/user-guide/fcgi-services.md
+++ b/docs/user-guide/fcgi-services.md
@ -1,5 +1,3 @@
 # Exposing FastCGI Servers
 > **FastCGI** is a [binary protocol](https://en.wikipedia.org/wiki/Binary_protocol "Binary protocol") for interfacing interactive programs with a [web server](https://en.wikipedia.org/wiki/Web_server "Web server"). [...] (It's) aim is to reduce the overhead related to interfacing between web server and CGI programs, allowing a server to handle more web page requests per unit of time.
@ -8,10 +6,15 @@
 The _ingress-nginx_ ingress controller can be used to directly expose [FastCGI](https://en.wikipedia.org/wiki/FastCGI) servers.  Enabling FastCGI in your Ingress only requires setting the _backend-protocol_ annotation to `FCGI`, and with a couple more annotations you can customize the way _ingress-nginx_ handles the communication with your FastCGI _server_.
 For most practical use-cases, php applications are a good example. PHP is not HTML so a FastCGI server like php-fpm processes a index.php script for the response to a request. See a working example below.
-## Example Objects to Expose a FastCGI Pod
+This [post in a FactCGI feature issue](https://github.com/kubernetes/ingress-nginx/issues/8207#issuecomment-2161405468) describes a test for the FastCGI feature. The same test is described below here.
-The _Pod_ example object below exposes port `9000`, which is the conventional FastCGI port.
+## Example Objects to expose a FastCGI server pod
 ### The FasctCGI server pod
 The _Pod_ object example below exposes port `9000`, which is the conventional FastCGI port.
 ```yaml
 apiVersion: v1
@ -23,12 +26,40 @@ labels:
 spec:
  containers:
  - name: example-app
-    image: example-app:1.0
+    image: php:fpm-alpine
    ports:
    - containerPort: 9000
      name: fastcgi
 ```
 - For this example to work, a HTML response should be received from the FastCGI server being exposed
 - A HTTP request to the FastCGI server pod should be sent
 - The response should be generated by a php script as that is what we are demonstrating here
 The image we are using here `php:fpm-alpine` does not ship with a ready to use php script inside it. So we need to provide the image with a simple php-script for this example to work.
 - Use `kubectl exec` to get into the example-app pod
 - You will land at the path `/var/www/html`
 - Create a simple php script there at the path /var/www/html called index.php
 - Make the index.php file look like this
 ```
 <!DOCTYPE html>
 <html>
    <head>
        <title>PHP Test</title>
    </head>
    <body>
        <?php echo '<p>FastCGI Test Worked!</p>'; ?>
    </body>
 </html>
 ```
 - Save and exit from the shell in the pod
 - If you delete the pod, then you will have to recreate the file as this method is not persistent
 ### The FastCGI service
 The _Service_ object example below matches port `9000` from the _Pod_ object above.
 ```yaml
@ -45,21 +76,41 @@ spec:
    name: fastcgi
 ```
-And the _Ingress_ and _ConfigMap_ objects below demonstrates the supported _FastCGI_ specific annotations (NGINX actually has 50 FastCGI directives, all of which have not been exposed in the ingress yet), and matches the service `example-service`, and the port named `fastcgi` from above. The _ConfigMap_ **must** be created first for the _Ingress Controller_ to be able to find it when the _Ingress_ object is created, otherwise you will need to restart the _Ingress Controller_ pods.
+### The configMap object and the ingress object
 The _Ingress_ and _ConfigMap_ objects below demonstrate the supported _FastCGI_ specific annotations.
 !!! Important
    NGINX actually has 50 [FastCGI directives](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#directives)
    All of the nginx directives have not been exposed in the ingress yet
 ### The ConfigMap object
 This configMap object is required to set the parameters of [FastCGI directives](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#directives)
 !!! Attention
    - The _ConfigMap_ **must** be created before creating the ingress object
 - The _Ingress Controller_ needs to find the configMap when the _Ingress_ object with the FastCGI annotations is created
 - So create the configMap before the ingress
 - If the configMap is created after the ingress is created, then you will need to restart the _Ingress Controller_ pods.
 ```yaml
 # The ConfigMap MUST be created first for the ingress controller to be able to
 # find it when the Ingress object is created.
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: example-cm
 data:
-  SCRIPT_FILENAME: "/example/index.php"
+  SCRIPT_FILENAME: "/var/www/html/index.php"
---
+```
 ### The ingress object
 - Do not create the ingress shown below until you have created the configMap seen above.
 - You can see that this ingress matches the service `example-service`, and the port named `fastcgi` from above.
 ```
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@ -83,6 +134,44 @@ spec:
              name: fastcgi
 ```
 ## Send a request to the exposed FastCGI server
 You will have to look at the external-ip of the ingress or you have to send the HTTP request to the ClusterIP address of the ingress-nginx controller pod.
 ```
 % curl 172.19.0.2 -H "Host: app.example.com" -vik
 *   Trying 172.19.0.2:80...
 * Connected to 172.19.0.2 (172.19.0.2) port 80
 > GET / HTTP/1.1
 > Host: app.example.com
 > User-Agent: curl/8.6.0
 > Accept: */*
 > 
 < HTTP/1.1 200 OK
 HTTP/1.1 200 OK
 < Date: Wed, 12 Jun 2024 07:11:59 GMT
 Date: Wed, 12 Jun 2024 07:11:59 GMT
 < Content-Type: text/html; charset=UTF-8
 Content-Type: text/html; charset=UTF-8
 < Transfer-Encoding: chunked
 Transfer-Encoding: chunked
 < Connection: keep-alive
 Connection: keep-alive
 < X-Powered-By: PHP/8.3.8
 X-Powered-By: PHP/8.3.8
 < 
 <!DOCTYPE html>
 <html>
    <head>
        <title>PHP Test</title>
    </head>
    <body>
        <p>FastCGI Test Worked</p>    </body>
 </html>
 ```
 ## FastCGI Ingress Annotations
 To enable FastCGI, the `nginx.ingress.kubernetes.io/backend-protocol` annotation needs to be set to `FCGI`, which overrides the default `HTTP` value.
@ -114,6 +203,7 @@ data:
  SCRIPT_FILENAME: "/example/index.php"
  HTTP_PROXY: ""
 ```
 Using the _namespace/_ prefix is also supported, for example:
 > `nginx.ingress.kubernetes.io/fastcgi-params-configmap: "example-namespace/example-configmap"`
--- a/docs/user-guide/k8s-122-migration.md
+++ b/docs/user-guide/k8s-122-migration.md
@ -192,54 +192,3 @@ Bear in mind that if you start Ingress-Nginx B with the command line argument `-
 It is highly likely that you will also see the name of the ingress resource in the same error message.
 This error message has been observed on use the deprecated annotation (`kubernetes.io/ingress.class`) in an Ingress resource manifest.
 It is recommended to use the `.spec.ingressClassName` field of the Ingress resource, to specify the name of the IngressClass of the Ingress you are defining.
 ## How can I easily install multiple instances of the ingress-nginx controller in the same cluster?
 You can install them in different namespaces.
 - Create a new namespace
  ```
  kubectl create namespace ingress-nginx-2
  ```
 - Use Helm to install the additional instance of the ingress controller
 - Ensure you have Helm working (refer to the [Helm documentation](https://helm.sh/docs/))
 - We have to assume that you have the helm repo for the ingress-nginx controller already added to your Helm config.
  But, if you have not added the helm repo then you can do this to add the repo to your helm config;
  ```
  helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
  ```
 - Make sure you have updated the helm repo data;
  ```
  helm repo update
  ```
 - Now, install an additional instance of the ingress-nginx controller like this:
  ```
  helm install ingress-nginx-2 ingress-nginx/ingress-nginx  \
  --namespace ingress-nginx-2 \
  --set controller.ingressClassResource.name=nginx-two \
  --set controller.ingressClass=nginx-two \
  --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
  --set controller.ingressClassResource.enabled=true \
  --set controller.ingressClassByName=true
  ```
 If you need to install yet another instance, then repeat the procedure to create a new namespace,
 change the values such as names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs.
 Note that `controller.ingressClassResource.name` and `controller.ingressClass` have to be set correctly.
 The first is to create the IngressClass object and the other is to modify the deployment of the actual ingress controller pod.
 ### I can't use multiple namespaces, what should I do?
 If you need to install all instances in the same namespace, then you need to specify a different **election id**, like this:
 ```
 helm install ingress-nginx-2 ingress-nginx/ingress-nginx  \
 --namespace kube-system \
 --set controller.electionID=nginx-two-leader \
 --set controller.ingressClassResource.name=nginx-two \
 --set controller.ingressClass=nginx-two \
 --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
 --set controller.ingressClassResource.enabled=true \
 --set controller.ingressClassByName=true
 ```
--- a/Show more
+++ b/Show more
`@ -1 +1 @@`
	`registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.5@sha256:cdafd6c9d36e23414ce41330a482f9136ce82fac46802809681f61cdcd5ad0bb`	`registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.12@sha256:2d471b3a34dc43d10c3f3d7f2a6e8a2ecf7654a4197e56374261c1c708b16365`