From 0f5f4bdf0ab0e0f1c0c2b4b12f9dc7c85c6df981 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 15:31:39 +0000 Subject: [PATCH 001/154] Bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.14.0 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.13.1 to 2.14.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.13.1...v2.14.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 16 ++++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index eddc21cd0..0abf06a8d 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.13.1 + github.com/onsi/ginkgo/v2 v2.14.0 github.com/opencontainers/runc v1.1.11 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.18.0 @@ -100,14 +100,14 @@ require ( github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.13.0 // indirect + golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.20.0 // indirect golang.org/x/oauth2 v0.16.0 // indirect golang.org/x/sys v0.16.0 // indirect golang.org/x/term v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.14.0 // indirect + golang.org/x/tools v0.16.1 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect google.golang.org/protobuf v1.32.0 // indirect diff --git a/go.sum b/go.sum index 7041fad3e..27a40b389 100644 --- a/go.sum +++ b/go.sum @@ -281,12 +281,12 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU= -github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= +github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= +github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= -github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/opencontainers/runc v1.1.11 h1:9LjxyVlE0BPMRP2wuQDRlHV4941Jp9rc3F0+YKimopA= github.com/opencontainers/runc v1.1.11/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -432,8 +432,8 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -603,8 +603,8 @@ golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 94a635acf8fa893fa3fe605e010c6359810f5d0d Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 19 Jan 2024 01:38:48 +0530 Subject: [PATCH 002/154] bump pinned ginkgo version to v2.14.0 (#10872) --- build/run-in-docker.sh | 2 +- images/test-runner/Makefile | 4 ++-- test/e2e/run-chart-test.sh | 2 +- test/e2e/run-kind-e2e.sh | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 2e1256fb2..bfac365da 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -87,7 +87,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "FLAGS=$FLAGS" #go env - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.13.1 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.14.0 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index d6b974ba9..33d9fcb65 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -54,7 +54,7 @@ image: --build-arg YAML_LINT_VERSION=1.27.1 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ - --build-arg GINKGO_VERSION=2.13.1 \ + --build-arg GINKGO_VERSION=2.14.0 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs @@ -75,7 +75,7 @@ build: ensure-buildx --build-arg YAML_LINT_VERSION=1.27.1 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ - --build-arg GINKGO_VERSION=2.13.1 \ + --build-arg GINKGO_VERSION=2.14.0 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index eedb2bef5..1e112d28e 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.13.1 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.14.0 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run-kind-e2e.sh b/test/e2e/run-kind-e2e.sh index d213ac4b7..3cc4d2a35 100755 --- a/test/e2e/run-kind-e2e.sh +++ b/test/e2e/run-kind-e2e.sh @@ -96,7 +96,7 @@ fi if [ "${SKIP_E2E_IMAGE_CREATION}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.13.1 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.14.0 fi echo "[dev-env] .. done building controller images" From 24d0c355259f176e24f0bf8ce55d5a02dbea8b6e Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 19 Jan 2024 03:09:56 +0530 Subject: [PATCH 003/154] added instructions for basic test, to troubleshooting guide (#10873) --- docs/troubleshooting.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 0d2004092..6b841b952 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -8,6 +8,43 @@ Do not move it without providing redirects. # Troubleshooting +## A simple test of the basic ingress controller routing +- Install the ingress-nginx controller as per documentation +- Deploy the httpbun example echoserver application + ```console + $ kubectl create deploy httpbun --image registry.k8s.io/ingress-nginx/e2e-test-httpbun:v20231011-8b53cabe0 + ``` +- Create a service of --type ClusterIP for httpbun + ```console + $ kubectl expose deploy httpbun --port 80 + ``` +- Create a ingress for httpbun (This command assumes the ingressClass name to be _**nginx**_. Change the ingressClass name below, if you are using a different ingressClass name) + ```console + $ kubectl create ingress httpbun --class nginx --rule httpbun.foo.com/"*"=httpbun:80 + ``` +- Get the name of the ingress-nginx-controller pod (This command assumes that the ingress-nginx-controller was installed in the namespace called **_ingress-nginx_**) + ```console + $ kubectl -n ingress-nginx get po + ``` +- Open a terminal to tail the logs of the ingress-nginx-controller pod + ```console + $ kubectl -n ingress-nginx logs -f + ``` +- Note the last line of log messages. Hit the return/enter key a couple of times to get some blank lines. Makes it easier to mark newer log lines from your next step +- Open a second terminal, to send a request to httpbun (replace the external-ip or LB name as needed) + ```console + $ curl -v --resolve httpbun.foo.com:80: httpbun.foo.com/get + ``` +- Check if there were new log messages related to your curl command +- Provide all info and the log messages in the issue you create or in the slack chat thread, formatted as a code-snippet + - kubectl get po,svc -n ingress-nginx + - kubectl get po,svc,ing | grep -i httpbun + - kubectl describe svc httpbun + - kubectl describe ing httpbun + - Entire curl command as is and its output + - log messages of the ingress-nginx-controller pod + + ## Ingress-Controller Logs and Events There are many ways to troubleshoot the ingress-controller. The following are basic troubleshooting From dcb99b2fa92477dcfcc16799171ae67237dd590e Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 19 Jan 2024 08:41:30 +0530 Subject: [PATCH 004/154] added --user flag to pip install (#10874) --- images/test-runner/rootfs/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index f47a46aad..e6502ea68 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -120,10 +120,10 @@ RUN wget -qO /tmp/helm.tgz \ && rm -rf /tmp/* # Install a YAML Linter -RUN pip install "yamllint==$YAML_LINT_VERSION" +RUN pip install --user "yamllint==$YAML_LINT_VERSION" # Install Yamale YAML schema validator -RUN pip install "yamale==$YAMALE_VERSION" +RUN pip install --user "yamale==$YAMALE_VERSION" LABEL org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx From bf84f0eda2afe5ad138e7ee79722012f024c701a Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 19 Jan 2024 20:14:44 +0530 Subject: [PATCH 005/154] bump yamllinter to v1330 (#10875) --- images/test-runner/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 33d9fcb65..d96c6258c 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -51,7 +51,7 @@ image: --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ --build-arg CHART_TESTING_VERSION=3.8.0 \ - --build-arg YAML_LINT_VERSION=1.27.1 \ + --build-arg YAML_LINT_VERSION=1.33.0 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ --build-arg GINKGO_VERSION=2.14.0 \ @@ -72,7 +72,7 @@ build: ensure-buildx --build-arg LUAROCKS_VERSION=3.8.0 \ --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ --build-arg CHART_TESTING_VERSION=3.8.0 \ - --build-arg YAML_LINT_VERSION=1.27.1 \ + --build-arg YAML_LINT_VERSION=1.33.0 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ --build-arg GINKGO_VERSION=2.14.0 \ From 66cbd577551dc4ee0b3319bf850270d8f460d0ba Mon Sep 17 00:00:00 2001 From: Ray Huang Date: Fri, 19 Jan 2024 16:04:14 -0500 Subject: [PATCH 006/154] Improve docs for multiple instances of controller on one cluster (#10882) * Added note to include '--ingress-class-by-name=true' for Multiple Ingress controllers instruction. * Add note to include '-ingress-class-by-name=true' for Multiple Controllers instruction. --- docs/user-guide/multiple-ingress.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/multiple-ingress.md b/docs/user-guide/multiple-ingress.md index 5c1e26c7c..54a18fbb9 100644 --- a/docs/user-guide/multiple-ingress.md +++ b/docs/user-guide/multiple-ingress.md @@ -10,7 +10,9 @@ But, when user has deployed with `scope.enabled`, then the ingress class resourc If all ingress controllers respect IngressClasses (e.g. multiple instances of ingress-nginx v1.0), you can deploy two Ingress controllers by granting them control over two different IngressClasses, then selecting one of the two IngressClasses with `ingressClassName`. -First, ensure the `--controller-class=` and `--ingress-class` are set to something different on each ingress controller, If your additional ingress controller is to be installed in a namespace, where there is/are one/more-than-one ingress-nginx-controller(s) already installed, then you need to specify a different unique `--election-id` for the new instance of the controller. +First, ensure the `--controller-class=` and `--ingress-class` are set to something different on each ingress controller, If your additional ingress controller is to be installed in a namespace, where there is/are one/more-than-one ingress-nginx-controller(s) already installed, then you need to specify a different unique `--election-id` for the new instance of the controller. + +In addition, you need to specify `--ingress-class-by-name=true` in the controller args list. The `--ingress-class-by-name` defines if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false). ```yaml # ingress-nginx Deployment/Statefulset @@ -24,6 +26,7 @@ spec: - '--election-id=ingress-controller-leader' - '--controller-class=k8s.io/internal-ingress-nginx' - '--ingress-class=internal-nginx' + - '--ingress-class-by-name=true' ... ``` From c9c72c4e264a1588a3607db6baece5c363d52b8b Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 19 Jan 2024 16:33:56 -0500 Subject: [PATCH 007/154] force nginx rebuild (#10883) --- images/nginx/TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/TAG b/images/nginx/TAG index 6812f8122..81340c7e7 100644 --- a/images/nginx/TAG +++ b/images/nginx/TAG @@ -1 +1 @@ -0.0.3 \ No newline at end of file +0.0.4 From ed3f067b8f6fe17a6052ab73ad53ccc10dc95ce6 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Fri, 19 Jan 2024 19:31:41 -0300 Subject: [PATCH 008/154] Build NGINX v1.25 image (#10629) --- .github/workflows/nginx125.yaml | 167 ++++++ Makefile | 2 - images/nginx-1.25/Makefile | 59 ++ images/nginx-1.25/README.md | 3 + images/nginx-1.25/TAG | 1 + images/nginx-1.25/cloudbuild.yaml | 17 + images/nginx-1.25/rootfs/Dockerfile | 71 +++ images/nginx-1.25/rootfs/build.sh | 555 ++++++++++++++++++ .../rootfs/patches/drop-alias-root.patch | 144 +++++ test/e2e/run-e2e-suite.sh | 1 + test/e2e/run-kind-e2e.sh | 6 +- test/e2e/settings/opentelemetry.go | 22 + 12 files changed, 1043 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/nginx125.yaml create mode 100644 images/nginx-1.25/Makefile create mode 100644 images/nginx-1.25/README.md create mode 100644 images/nginx-1.25/TAG create mode 100644 images/nginx-1.25/cloudbuild.yaml create mode 100644 images/nginx-1.25/rootfs/Dockerfile create mode 100755 images/nginx-1.25/rootfs/build.sh create mode 100644 images/nginx-1.25/rootfs/patches/drop-alias-root.patch diff --git a/.github/workflows/nginx125.yaml b/.github/workflows/nginx125.yaml new file mode 100644 index 000000000..63c45d4cc --- /dev/null +++ b/.github/workflows/nginx125.yaml @@ -0,0 +1,167 @@ +name: NGINX v1.25 Image + +on: + pull_request: + branches: + - "*" + paths: + - 'images/nginx-1.25/**' + push: + branches: + - main + paths: + - 'images/nginx-1.25/**' + +permissions: + contents: read + +jobs: + changes: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + runs-on: ubuntu-latest + outputs: + nginx: ${{ steps.filter.outputs.nginx }} + tag: ${{ steps.filter.outputs.tag }} + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + id: filter + with: + token: ${{ secrets.GITHUB_TOKEN }} + filters: | + nginx: + - 'images/nginx-1.25/**' + tag: + - 'images/nginx-1.25/TAG' + + build: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + runs-on: ubuntu-latest + needs: changes + if: | + (github.event_name != 'push' && github.ref != 'refs/heads/main' && needs.changes.outputs.nginx == 'true') + env: + PLATFORMS: linux/amd64 + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Set up Go + id: go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: '1.21.5' + check-latest: true + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + with: + version: latest + platforms: ${{ env.PLATFORMS }} + - name: Prepare Host + run: | + curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl + chmod +x ./kubectl + sudo mv ./kubectl /usr/local/bin/kubectl + - name: build-image + run: | + cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t nginx-1.25:1.0.0-dev . + - name: load-image + run: | + make clean-image build + make -C test/e2e-image image + docker build \ + --platform linux \ + --no-cache \ + --build-arg BASE_IMAGE="nginx-1.25:1.0.0-dev" \ + --build-arg VERSION="0.0.1-${{ github.sha }}" \ + --build-arg TARGETARCH="amd64" \ + --build-arg COMMIT_SHA="git-${{ github.sha }}" \ + --build-arg BUILD_ID=""UNSET"" \ + -t ingress-controller/controller:1.0.0-dev rootfs + docker save \ + nginx-ingress-controller:e2e \ + ingress-controller/controller:1.0.0-dev \ + nginx-1.25:1.0.0-dev \ + | gzip > docker.tar.gz + - name: cache + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: docker.tar.gz + path: docker.tar.gz + retention-days: 2 + + e2e-test: + name: Kubernetes + runs-on: ubuntu-latest + needs: + - build + strategy: + matrix: + k8s: [v1.27.3, v1.28.0, v1.29.0] + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: cache + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: docker.tar.gz + + - name: Create Kubernetes ${{ matrix.k8s }} cluster + id: kind + run: | + kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml + + - name: Load images from cache + run: | + echo "loading docker images..." + gzip -dc docker.tar.gz | docker load + + - name: Run e2e tests + env: + KIND_CLUSTER_NAME: kind + SKIP_CLUSTER_CREATION: true + SKIP_IMAGE_CREATION: true + SKIP_OPENTELEMETRY_TESTS: true + run: | + kind get kubeconfig > $HOME/.kube/kind-config-kind + make NGINX_BASE_IMAGE="nginx-1.25:1.0.0-dev" kind-e2e-test + + push: + permissions: + contents: write + packages: write + runs-on: ubuntu-latest + needs: changes + if: | + (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.tag == 'true') + env: + PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + with: + version: latest + platforms: ${{ env.PLATFORMS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: build-image + run: | + export TAG=$(cat images/nginx-1.25/TAG) + cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push --load -t ingressnginx/nginx-1.25:${TAG} . + diff --git a/Makefile b/Makefile index cbda4dafb..964889532 100644 --- a/Makefile +++ b/Makefile @@ -68,7 +68,6 @@ image: clean-image ## Build image for a particular arch. docker build \ ${PLATFORM_FLAG} ${PLATFORM} \ --no-cache \ - --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ --build-arg TARGETARCH="$(ARCH)" \ @@ -85,7 +84,6 @@ image-chroot: clean-chroot-image ## Build image for a particular arch. echo "Building docker image ($(ARCH))..." docker build \ --no-cache \ - --pull \ --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ --build-arg VERSION="$(TAG)" \ --build-arg TARGETARCH="$(ARCH)" \ diff --git a/images/nginx-1.25/Makefile b/images/nginx-1.25/Makefile new file mode 100644 index 000000000..527dfa8fb --- /dev/null +++ b/images/nginx-1.25/Makefile @@ -0,0 +1,59 @@ +# Copyright 2024 The Kubernetes Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.DEFAULT_GOAL:=build + +# set default shell +SHELL=/bin/bash -o pipefail -o errexit + +DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) +INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh + +# 0.0.0 shouldn't clobber any released builds +SHORT_SHA ?=$(shell git rev-parse --short HEAD) +TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA) + +REGISTRY ?= gcr.io/k8s-staging-ingress-nginx + +IMAGE = $(REGISTRY)/nginx + +# required to enable buildx +export DOCKER_CLI_EXPERIMENTAL=enabled + +# build with buildx +PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x +OUTPUT= +PROGRESS=plain +build: ensure-buildx + docker buildx build \ + --platform=${PLATFORMS} $(OUTPUT) \ + --progress=$(PROGRESS) \ + --pull \ + --tag $(IMAGE):$(TAG) rootfs + +# push the cross built image +push: OUTPUT=--push +push: build + +# enable buildx +ensure-buildx: +# this is required for cloudbuild +ifeq ("$(wildcard $(INIT_BUILDX))","") + @curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash +else + @exec $(INIT_BUILDX) +endif + @echo "done" + +.PHONY: build push ensure-buildx \ No newline at end of file diff --git a/images/nginx-1.25/README.md b/images/nginx-1.25/README.md new file mode 100644 index 000000000..8d5f44a62 --- /dev/null +++ b/images/nginx-1.25/README.md @@ -0,0 +1,3 @@ +NGINX 1.25 base image + +**Don't use in production!!!** \ No newline at end of file diff --git a/images/nginx-1.25/TAG b/images/nginx-1.25/TAG new file mode 100644 index 000000000..95e94cdd3 --- /dev/null +++ b/images/nginx-1.25/TAG @@ -0,0 +1 @@ +v0.0.1 \ No newline at end of file diff --git a/images/nginx-1.25/cloudbuild.yaml b/images/nginx-1.25/cloudbuild.yaml new file mode 100644 index 000000000..e3902c785 --- /dev/null +++ b/images/nginx-1.25/cloudbuild.yaml @@ -0,0 +1,17 @@ +timeout: 10800s +options: + substitution_option: ALLOW_LOOSE + # job builds a multi-arch docker image for amd64,arm,arm64 and s390x. + machineType: E2_HIGHCPU_32 +steps: + - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90' + entrypoint: bash + env: + - DOCKER_CLI_EXPERIMENTAL=enabled + - REGISTRY=gcr.io/k8s-staging-ingress-nginx + - HOME=/root + args: + - -c + - | + gcloud auth configure-docker \ + && cd images/nginx-1.25 && make push \ No newline at end of file diff --git a/images/nginx-1.25/rootfs/Dockerfile b/images/nginx-1.25/rootfs/Dockerfile new file mode 100644 index 000000000..8996547e6 --- /dev/null +++ b/images/nginx-1.25/rootfs/Dockerfile @@ -0,0 +1,71 @@ +# Copyright 2024 The Kubernetes Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FROM alpine:3.19.0 as builder + +COPY . / + +RUN apk update \ + && apk upgrade \ + && apk add -U bash --no-cache \ + && /build.sh + +# Use a multi-stage build +FROM alpine:3.19.0 + +ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin + +ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;" +ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" + +COPY --from=builder /usr/local /usr/local +COPY --from=builder /opt /opt +COPY --from=builder /etc/nginx /etc/nginx + +RUN apk update \ + && apk upgrade \ + && apk add -U --no-cache \ + bash \ + openssl \ + pcre \ + zlib \ + ca-certificates \ + patch \ + yajl \ + lmdb \ + libxml2 \ + libmaxminddb \ + yaml-cpp \ + dumb-init \ + tzdata \ + && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \ + && adduser -S -D -H -u 101 -h /usr/local/nginx \ + -s /sbin/nologin -G www-data -g www-data www-data \ + && bash -eu -c ' \ + writeDirs=( \ + /var/log/nginx \ + /var/lib/nginx/body \ + /var/lib/nginx/fastcgi \ + /var/lib/nginx/proxy \ + /var/lib/nginx/scgi \ + /var/lib/nginx/uwsgi \ + /var/log/audit \ + ); \ + for dir in "${writeDirs[@]}"; do \ + mkdir -p ${dir}; \ + chown -R www-data.www-data ${dir}; \ + done' + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh new file mode 100755 index 000000000..d88527e88 --- /dev/null +++ b/images/nginx-1.25/rootfs/build.sh @@ -0,0 +1,555 @@ +#!/bin/bash + +# Copyright 2023 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +export NGINX_VERSION=1.25.3 + +# Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.3...master +export NDK_VERSION=v0.3.3 + +# Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.33...master +export SETMISC_VERSION=796f5a3e518748eb29a93bd450324e0ad45b704e + +# Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.34...master +export MORE_HEADERS_VERSION=v0.37 + +# Check for recent changes: https://github.com/atomx/nginx-http-auth-digest/compare/v1.0.0...atomx:master +export NGINX_DIGEST_AUTH=v1.0.0 + +# Check for recent changes: https://github.com/yaoweibin/ngx_http_substitutions_filter_module/compare/v0.6.4...master +export NGINX_SUBSTITUTIONS=e12e965ac1837ca709709f9a26f572a54d83430e + +# Check for recent changes: https://github.com/SpiderLabs/ModSecurity-nginx/compare/v1.0.3...master +export MODSECURITY_VERSION=v1.0.3 + +# Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.8...v3/master +export MODSECURITY_LIB_VERSION=v3.0.11 + +# Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.2...v3.3/master +export OWASP_MODSECURITY_CRS_VERSION=v3.3.5 + +# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.25...master +export LUA_NGX_VERSION=v0.10.26 + +# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/v0.0.13...master +export LUA_STREAM_NGX_VERSION=v0.0.14 + +# Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/8aa93ead98ba2060d4efd594ae33a35d153589bf...master +export LUA_UPSTREAM_VERSION=542be0893543a4e42d89f6dd85372972f5ff2a36 + +# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.11...openresty:master +export LUA_CJSON_VERSION=2.1.0.13 + +# Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/3.4...master +export GEOIP2_VERSION=a607a41a8115fecfc05b5c283c81532a3d605425 + +# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20230410...v2.1-agentzh +export LUAJIT_VERSION=v2.1-20231117 + +# Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/v0.04...master +export LUA_RESTY_BALANCER=1cd4363c0a239afe4765ec607dcfbbb4e5900eea + +# Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/v0.13...master +export LUA_RESTY_CACHE=99e7578465b40f36f596d099b82eab404f2b42ed + +# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.27...master +export LUA_RESTY_CORE=v0.1.28 + +# Check for recent changes: https://github.com/cloudflare/lua-resty-cookie/compare/v0.1.0...master +export LUA_RESTY_COOKIE_VERSION=f418d77082eaef48331302e84330488fdc810ef4 + +# Check for recent changes: https://github.com/openresty/lua-resty-dns/compare/v0.22...master +export LUA_RESTY_DNS=8bb53516e2933e61c317db740a9b7c2048847c2f + +# Check for recent changes: https://github.com/ledgetech/lua-resty-http/compare/v0.16.1...master +export LUA_RESTY_HTTP=v0.17.1 + +# Check for recent changes: https://github.com/openresty/lua-resty-lock/compare/v0.09...master +export LUA_RESTY_LOCK=405d0bf4cbfa74d742c6ed3158d442221e6212a9 + +# Check for recent changes: https://github.com/openresty/lua-resty-upload/compare/v0.11...master +export LUA_RESTY_UPLOAD_VERSION=979372cce011f3176af3c9aff53fd0e992c4bfd3 + +# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.15...master +export LUA_RESTY_STRING_VERSION=6f1bc21d86daef804df3cc34d6427ef68da26844 + +# Check for recent changes: https://github.com/openresty/lua-resty-memcached/compare/v0.17...master +export LUA_RESTY_MEMCACHED_VERSION=2f02b68bf65fa2332cce070674a93a69a6c7239b + +# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.30...master +export LUA_RESTY_REDIS_VERSION=8641b9f1b6f75cca50c90cf8ca5c502ad8950aa8 + +# Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/v0.6.1...master +export LUA_RESTY_IPMATCHER_VERSION=3e93c53eb8c9884efe939ef070486a0e507cc5be + +# Check for recent changes: https://github.com/ElvinEfendi/lua-resty-global-throttle/compare/v0.2.0...main +export LUA_RESTY_GLOBAL_THROTTLE_VERSION=v0.2.0 + +# Check for recent changes: https://github.com/microsoft/mimalloc/compare/v1.7.6...master +export MIMALOC_VERSION=v2.1.2 + +export BUILD_PATH=/tmp/build + +ARCH=$(uname -m) + +get_src() +{ + hash="$1" + url="$2" + dest="${3-}" + ARGS="" + f=$(basename "$url") + + echo "Downloading $url" + + curl -sSL "$url" -o "$f" + # echo "$hash $f" | sha256sum -c - || exit 10 + if [ ! -z "$dest" ]; then + mkdir ${BUILD_PATH}/${dest} + ARGS="-C ${BUILD_PATH}/${dest} --strip-components=1" + fi + tar xvzf "$f" $ARGS + rm -rf "$f" +} + +# install required packages to build +apk add \ + bash \ + gcc \ + clang \ + libc-dev \ + make \ + automake \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + alpine-sdk \ + findutils \ + curl \ + ca-certificates \ + patch \ + libaio-dev \ + openssl \ + cmake \ + util-linux \ + lmdb-tools \ + wget \ + curl-dev \ + libprotobuf \ + git g++ pkgconf flex bison doxygen yajl-dev lmdb-dev libtool autoconf libxml2 libxml2-dev \ + python3 \ + libmaxminddb-dev \ + bc \ + unzip \ + dos2unix \ + yaml-cpp \ + coreutils + +mkdir -p /etc/nginx + +mkdir --verbose -p "$BUILD_PATH" +cd "$BUILD_PATH" + +# download, verify and extract the source files +get_src 66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae \ + "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" + +get_src aa961eafb8317e0eb8da37eb6e2c9ff42267edd18b56947384e719b85188f58b \ + "https://github.com/vision5/ngx_devel_kit/archive/$NDK_VERSION.tar.gz" "ngx_devel_kit" + +get_src cd5e2cc834bcfa30149e7511f2b5a2183baf0b70dc091af717a89a64e44a2985 \ + "https://github.com/openresty/set-misc-nginx-module/archive/$SETMISC_VERSION.tar.gz" "set-misc-nginx-module" + +get_src 0c0d2ced2ce895b3f45eb2b230cd90508ab2a773299f153de14a43e44c1209b3 \ + "https://github.com/openresty/headers-more-nginx-module/archive/$MORE_HEADERS_VERSION.tar.gz" "headers-more-nginx-module" + +get_src f09851e6309560a8ff3e901548405066c83f1f6ff88aa7171e0763bd9514762b \ + "https://github.com/atomx/nginx-http-auth-digest/archive/$NGINX_DIGEST_AUTH.tar.gz" "nginx-http-auth-digest" + +get_src a98b48947359166326d58700ccdc27256d2648218072da138ab6b47de47fbd8f \ + "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/$NGINX_SUBSTITUTIONS.tar.gz" "ngx_http_substitutions_filter_module" + +get_src 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b \ + "https://github.com/SpiderLabs/ModSecurity-nginx/archive/$MODSECURITY_VERSION.tar.gz" "ModSecurity-nginx" + +get_src bc764db42830aeaf74755754b900253c233ad57498debe7a441cee2c6f4b07c2 \ + "https://github.com/openresty/lua-nginx-module/archive/$LUA_NGX_VERSION.tar.gz" "lua-nginx-module" + +get_src 01b715754a8248cc7228e0c8f97f7488ae429d90208de0481394e35d24cef32f \ + "https://github.com/openresty/stream-lua-nginx-module/archive/$LUA_STREAM_NGX_VERSION.tar.gz" "stream-lua-nginx-module" + +get_src a92c9ee6682567605ece55d4eed5d1d54446ba6fba748cff0a2482aea5713d5f \ + "https://github.com/openresty/lua-upstream-nginx-module/archive/$LUA_UPSTREAM_VERSION.tar.gz" "lua-upstream-nginx-module" + +get_src 77bbcbb24c3c78f51560017288f3118d995fe71240aa379f5818ff6b166712ff \ + "https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz" "luajit2" + +get_src b6c9c09fd43eb34a71e706ad780b2ead26549a9a9f59280fe558f5b7b980b7c6 \ + "https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz" "ngx_http_geoip2_module" + +get_src deb4ab1ffb9f3d962c4b4a2c4bdff692b86a209e3835ae71ebdf3b97189e40a9 \ + "https://github.com/openresty/lua-resty-upload/archive/$LUA_RESTY_UPLOAD_VERSION.tar.gz" "lua-resty-upload" + +get_src bdbf271003d95aa91cab0a92f24dca129e99b33f79c13ebfcdbbcbb558129491 \ + "https://github.com/openresty/lua-resty-string/archive/$LUA_RESTY_STRING_VERSION.tar.gz" "lua-resty-string" + +get_src 16d72ed133f0c6df376a327386c3ef4e9406cf51003a700737c3805770ade7c5 \ + "https://github.com/openresty/lua-resty-balancer/archive/$LUA_RESTY_BALANCER.tar.gz" "lua-resty-balancer" + +get_src 39baab9e2b31cc48cecf896cea40ef6e80559054fd8a6e440cc804a858ea84d4 \ + "https://github.com/openresty/lua-resty-core/archive/$LUA_RESTY_CORE.tar.gz" "lua-resty-core" + +get_src a77b9de160d81712f2f442e1de8b78a5a7ef0d08f13430ff619f79235db974d4 \ + "https://github.com/openresty/lua-cjson/archive/$LUA_CJSON_VERSION.tar.gz" "lua-cjson" + +get_src 5ed48c36231e2622b001308622d46a0077525ac2f751e8cc0c9905914254baa4 \ + "https://github.com/cloudflare/lua-resty-cookie/archive/$LUA_RESTY_COOKIE_VERSION.tar.gz" "lua-resty-cookie" + +get_src 573184006b98ccee2594b0d134fa4d05e5d2afd5141cbad315051ccf7e9b6403 \ + "https://github.com/openresty/lua-resty-lrucache/archive/$LUA_RESTY_CACHE.tar.gz" "lua-resty-lrucache" + +get_src b4ddcd47db347e9adf5c1e1491a6279a6ae2a3aff3155ef77ea0a65c998a69c1 \ + "https://github.com/openresty/lua-resty-lock/archive/$LUA_RESTY_LOCK.tar.gz" "lua-resty-lock" + +get_src 70e9a01eb32ccade0d5116a25bcffde0445b94ad35035ce06b94ccd260ad1bf0 \ + "https://github.com/openresty/lua-resty-dns/archive/$LUA_RESTY_DNS.tar.gz" "lua-resty-dns" + +get_src 9fcb6db95bc37b6fce77d3b3dc740d593f9d90dce0369b405eb04844d56ac43f \ + "https://github.com/ledgetech/lua-resty-http/archive/$LUA_RESTY_HTTP.tar.gz" "lua-resty-http" + +get_src 02733575c4aed15f6cab662378e4b071c0a4a4d07940c4ef19a7319e9be943d4 \ + "https://github.com/openresty/lua-resty-memcached/archive/$LUA_RESTY_MEMCACHED_VERSION.tar.gz" "lua-resty-memcached" + +get_src c15aed1a01c88a3a6387d9af67a957dff670357f5fdb4ee182beb44635eef3f1 \ + "https://github.com/openresty/lua-resty-redis/archive/$LUA_RESTY_REDIS_VERSION.tar.gz" "lua-resty-redis" + +get_src efb767487ea3f6031577b9b224467ddbda2ad51a41c5867a47582d4ad85d609e \ + "https://github.com/api7/lua-resty-ipmatcher/archive/$LUA_RESTY_IPMATCHER_VERSION.tar.gz" "lua-resty-ipmatcher" + +get_src 0fb790e394510e73fdba1492e576aaec0b8ee9ef08e3e821ce253a07719cf7ea \ + "https://github.com/ElvinEfendi/lua-resty-global-throttle/archive/$LUA_RESTY_GLOBAL_THROTTLE_VERSION.tar.gz" "lua-resty-global-throttle" + +get_src d74f86ada2329016068bc5a243268f1f555edd620b6a7d6ce89295e7d6cf18da \ + "https://github.com/microsoft/mimalloc/archive/${MIMALOC_VERSION}.tar.gz" "mimalloc" + +# improve compilation times +CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1)) + +export MAKEFLAGS=-j${CORES} +export CTEST_BUILD_FLAGS=${MAKEFLAGS} + +# Install luajit from openresty fork +export LUAJIT_LIB=/usr/local/lib +export LUA_LIB_DIR="$LUAJIT_LIB/lua" +export LUAJIT_INC=/usr/local/include/luajit-2.1 + +cd "$BUILD_PATH/luajit2" +make CCDEBUG=-g +make install + +ln -s /usr/local/bin/luajit /usr/local/bin/lua +ln -s "$LUAJIT_INC" /usr/local/include/lua + +cd "$BUILD_PATH" + +# Git tuning +git config --global --add core.compression -1 + +# Get Brotli source and deps +cd "$BUILD_PATH" +git clone --depth=100 https://github.com/google/ngx_brotli.git +cd ngx_brotli +# https://github.com/google/ngx_brotli/issues/156 +git reset --hard 63ca02abdcf79c9e788d2eedcc388d2335902e52 +git submodule init +git submodule update + +cd "$BUILD_PATH" +git clone --depth=1 https://github.com/ssdeep-project/ssdeep +cd ssdeep/ + +./bootstrap +./configure + +make +make install + +# build modsecurity library +cd "$BUILD_PATH" +git clone -n https://github.com/SpiderLabs/ModSecurity +cd ModSecurity/ +git checkout $MODSECURITY_LIB_VERSION +git submodule init +git submodule update + +sh build.sh + +# https://github.com/SpiderLabs/ModSecurity/issues/1909#issuecomment-465926762 +sed -i '115i LUA_CFLAGS="${LUA_CFLAGS} -DWITH_LUA_JIT_2_1"' build/lua.m4 +sed -i '117i AC_SUBST(LUA_CFLAGS)' build/lua.m4 + +./configure \ + --disable-doxygen-doc \ + --disable-doxygen-html \ + --disable-examples + +make +make install + +mkdir -p /etc/nginx/modsecurity +cp modsecurity.conf-recommended /etc/nginx/modsecurity/modsecurity.conf +cp unicode.mapping /etc/nginx/modsecurity/unicode.mapping + +# Replace serial logging with concurrent +sed -i 's|SecAuditLogType Serial|SecAuditLogType Concurrent|g' /etc/nginx/modsecurity/modsecurity.conf + +# Concurrent logging implies the log is stored in several files +echo "SecAuditLogStorageDir /var/log/audit/" >> /etc/nginx/modsecurity/modsecurity.conf + +# Download owasp modsecurity crs +cd /etc/nginx/ + +git clone -b $OWASP_MODSECURITY_CRS_VERSION https://github.com/coreruleset/coreruleset +mv coreruleset owasp-modsecurity-crs +cd owasp-modsecurity-crs + +mv crs-setup.conf.example crs-setup.conf +mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf +mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf +cd .. + +# OWASP CRS v3 rules +echo " +Include /etc/nginx/owasp-modsecurity-crs/crs-setup.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-922-MULTIPART-ATTACK.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf +" > /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf + +# build nginx +cd "$BUILD_PATH/nginx-$NGINX_VERSION" + +# apply nginx patches +for PATCH in `ls /patches`;do + echo "Patch: $PATCH" + if [[ "$PATCH" == *.txt ]]; then + patch -p0 < /patches/$PATCH + else + patch -p1 < /patches/$PATCH + fi +done + +WITH_FLAGS="--with-debug \ + --with-compat \ + --with-pcre-jit \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_realip_module \ + --with-http_auth_request_module \ + --with-http_addition_module \ + --with-http_gzip_static_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_realip_module \ + --with-stream_ssl_preread_module \ + --with-threads \ + --with-http_secure_link_module \ + --with-http_gunzip_module" + +# "Combining -flto with -g is currently experimental and expected to produce unexpected results." +# https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html +CC_OPT="-g -O2 -fPIE -fstack-protector-strong \ + -Wformat \ + -Werror=format-security \ + -Wno-deprecated-declarations \ + -fno-strict-aliasing \ + -D_FORTIFY_SOURCE=2 \ + --param=ssp-buffer-size=4 \ + -DTCP_FASTOPEN=23 \ + -fPIC \ + -Wno-cast-function-type" + +LD_OPT="-fPIE -fPIC -pie -Wl,-z,relro -Wl,-z,now" + +if [[ ${ARCH} != "aarch64" ]]; then + WITH_FLAGS+=" --with-file-aio" +fi + +if [[ ${ARCH} == "x86_64" ]]; then + CC_OPT+=' -m64 -mtune=generic' +fi + +WITH_MODULES=" \ + --add-module=$BUILD_PATH/ngx_devel_kit \ + --add-module=$BUILD_PATH/set-misc-nginx-module \ + --add-module=$BUILD_PATH/headers-more-nginx-module \ + --add-module=$BUILD_PATH/ngx_http_substitutions_filter_module \ + --add-module=$BUILD_PATH/lua-nginx-module \ + --add-module=$BUILD_PATH/stream-lua-nginx-module \ + --add-module=$BUILD_PATH/lua-upstream-nginx-module \ + --add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest \ + --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx \ + --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module \ + --add-dynamic-module=$BUILD_PATH/ngx_brotli" + +./configure \ + --prefix=/usr/local/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --modules-path=/etc/nginx/modules \ + --http-log-path=/var/log/nginx/access.log \ + --error-log-path=/var/log/nginx/error.log \ + --lock-path=/var/lock/nginx.lock \ + --pid-path=/run/nginx.pid \ + --http-client-body-temp-path=/var/lib/nginx/body \ + --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ + --http-proxy-temp-path=/var/lib/nginx/proxy \ + --http-scgi-temp-path=/var/lib/nginx/scgi \ + --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ + ${WITH_FLAGS} \ + --without-mail_pop3_module \ + --without-mail_smtp_module \ + --without-mail_imap_module \ + --without-http_uwsgi_module \ + --without-http_scgi_module \ + --with-cc-opt="${CC_OPT}" \ + --with-ld-opt="${LD_OPT}" \ + --user=www-data \ + --group=www-data \ + ${WITH_MODULES} + +make +make modules +make install + +cd "$BUILD_PATH/lua-resty-core" +make install + +cd "$BUILD_PATH/lua-resty-balancer" +make all +make install + +export LUA_INCLUDE_DIR=/usr/local/include/luajit-2.1 +ln -s $LUA_INCLUDE_DIR /usr/include/lua5.1 + +cd "$BUILD_PATH/lua-cjson" +make all +make install + +cd "$BUILD_PATH/lua-resty-cookie" +make all +make install + +cd "$BUILD_PATH/lua-resty-lrucache" +make install + +cd "$BUILD_PATH/lua-resty-dns" +make install + +cd "$BUILD_PATH/lua-resty-lock" +make install + +# required for OCSP verification +cd "$BUILD_PATH/lua-resty-http" +make install + +cd "$BUILD_PATH/lua-resty-upload" +make install + +cd "$BUILD_PATH/lua-resty-string" +make install + +cd "$BUILD_PATH/lua-resty-memcached" +make install + +cd "$BUILD_PATH/lua-resty-redis" +make install + +cd "$BUILD_PATH/lua-resty-ipmatcher" +INST_LUADIR=/usr/local/lib/lua make install + +cd "$BUILD_PATH/lua-resty-global-throttle" +make install + +cd "$BUILD_PATH/mimalloc" +mkdir -p out/release +cd out/release + +cmake ../.. + +make +make install + +# update image permissions +writeDirs=( \ + /etc/nginx \ + /usr/local/nginx \ + /opt/modsecurity/var/log \ + /opt/modsecurity/var/upload \ + /opt/modsecurity/var/audit \ + /var/log/audit \ + /var/log/nginx \ +); + +adduser -S -D -H -u 101 -h /usr/local/nginx -s /sbin/nologin -G www-data -g www-data www-data + +for dir in "${writeDirs[@]}"; do + mkdir -p ${dir}; + chown -R www-data.www-data ${dir}; +done + +rm -rf /etc/nginx/owasp-modsecurity-crs/.git +rm -rf /etc/nginx/owasp-modsecurity-crs/util/regression-tests + +# remove .a files +find /usr/local -name "*.a" -print | xargs /bin/rm diff --git a/images/nginx-1.25/rootfs/patches/drop-alias-root.patch b/images/nginx-1.25/rootfs/patches/drop-alias-root.patch new file mode 100644 index 000000000..a92e08bd0 --- /dev/null +++ b/images/nginx-1.25/rootfs/patches/drop-alias-root.patch @@ -0,0 +1,144 @@ +:100644 100644 c7463dcd 00000000 M src/http/ngx_http_core_module.c +diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c +index c7463dcd..e2e45931 100644 +--- a/src/http/ngx_http_core_module.c ++++ b/src/http/ngx_http_core_module.c +@@ -55,7 +55,6 @@ static char *ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); + static char *ngx_http_core_server_name(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); +-static char *ngx_http_core_root(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); + static char *ngx_http_core_limit_except(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); + static char *ngx_http_core_set_aio(ngx_conf_t *cf, ngx_command_t *cmd, +@@ -323,21 +322,6 @@ static ngx_command_t ngx_http_core_commands[] = { + offsetof(ngx_http_core_loc_conf_t, default_type), + NULL }, + +- { ngx_string("root"), +- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +- |NGX_CONF_TAKE1, +- ngx_http_core_root, +- NGX_HTTP_LOC_CONF_OFFSET, +- 0, +- NULL }, +- +- { ngx_string("alias"), +- NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, +- ngx_http_core_root, +- NGX_HTTP_LOC_CONF_OFFSET, +- 0, +- NULL }, +- + { ngx_string("limit_except"), + NGX_HTTP_LOC_CONF|NGX_CONF_BLOCK|NGX_CONF_1MORE, + ngx_http_core_limit_except, +@@ -4312,108 +4296,6 @@ ngx_http_core_server_name(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) + } + + +-static char * +-ngx_http_core_root(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +-{ +- ngx_http_core_loc_conf_t *clcf = conf; +- +- ngx_str_t *value; +- ngx_int_t alias; +- ngx_uint_t n; +- ngx_http_script_compile_t sc; +- +- alias = (cmd->name.len == sizeof("alias") - 1) ? 1 : 0; +- +- if (clcf->root.data) { +- +- if ((clcf->alias != 0) == alias) { +- return "is duplicate"; +- } +- +- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, +- "\"%V\" directive is duplicate, " +- "\"%s\" directive was specified earlier", +- &cmd->name, clcf->alias ? "alias" : "root"); +- +- return NGX_CONF_ERROR; +- } +- +- if (clcf->named && alias) { +- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, +- "the \"alias\" directive cannot be used " +- "inside the named location"); +- +- return NGX_CONF_ERROR; +- } +- +- value = cf->args->elts; +- +- if (ngx_strstr(value[1].data, "$document_root") +- || ngx_strstr(value[1].data, "${document_root}")) +- { +- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, +- "the $document_root variable cannot be used " +- "in the \"%V\" directive", +- &cmd->name); +- +- return NGX_CONF_ERROR; +- } +- +- if (ngx_strstr(value[1].data, "$realpath_root") +- || ngx_strstr(value[1].data, "${realpath_root}")) +- { +- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, +- "the $realpath_root variable cannot be used " +- "in the \"%V\" directive", +- &cmd->name); +- +- return NGX_CONF_ERROR; +- } +- +- clcf->alias = alias ? clcf->name.len : 0; +- clcf->root = value[1]; +- +- if (!alias && clcf->root.len > 0 +- && clcf->root.data[clcf->root.len - 1] == '/') +- { +- clcf->root.len--; +- } +- +- if (clcf->root.data[0] != '$') { +- if (ngx_conf_full_name(cf->cycle, &clcf->root, 0) != NGX_OK) { +- return NGX_CONF_ERROR; +- } +- } +- +- n = ngx_http_script_variables_count(&clcf->root); +- +- ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); +- sc.variables = n; +- +-#if (NGX_PCRE) +- if (alias && clcf->regex) { +- clcf->alias = NGX_MAX_SIZE_T_VALUE; +- n = 1; +- } +-#endif +- +- if (n) { +- sc.cf = cf; +- sc.source = &clcf->root; +- sc.lengths = &clcf->root_lengths; +- sc.values = &clcf->root_values; +- sc.complete_lengths = 1; +- sc.complete_values = 1; +- +- if (ngx_http_script_compile(&sc) != NGX_OK) { +- return NGX_CONF_ERROR; +- } +- } +- +- return NGX_CONF_OK; +-} +- +- + static ngx_http_method_name_t ngx_methods_names[] = { + { (u_char *) "GET", (uint32_t) ~NGX_HTTP_GET }, + { (u_char *) "HEAD", (uint32_t) ~NGX_HTTP_HEAD }, diff --git a/test/e2e/run-e2e-suite.sh b/test/e2e/run-e2e-suite.sh index 015895e56..9333ee61f 100755 --- a/test/e2e/run-e2e-suite.sh +++ b/test/e2e/run-e2e-suite.sh @@ -79,6 +79,7 @@ kubectl run --rm \ --env="FOCUS=${FOCUS}" \ --env="IS_CHROOT=${IS_CHROOT:-false}"\ --env="ENABLE_VALIDATIONS=${ENABLE_VALIDATIONS:-false}"\ + --env="SKIP_OPENTELEMETRY_TESTS=${SKIP_OPENTELEMETRY_TESTS:-false}"\ --env="E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS}" \ --env="NGINX_BASE_IMAGE=${NGINX_BASE_IMAGE}" \ --env="HTTPBUN_IMAGE=${HTTPBUN_IMAGE}" \ diff --git a/test/e2e/run-kind-e2e.sh b/test/e2e/run-kind-e2e.sh index 3cc4d2a35..8896a2b3e 100755 --- a/test/e2e/run-kind-e2e.sh +++ b/test/e2e/run-kind-e2e.sh @@ -46,7 +46,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" export TAG=1.0.0-dev export ARCH=${ARCH:-amd64} export REGISTRY=ingress-controller -NGINX_BASE_IMAGE=$(cat "$DIR"/../../NGINX_BASE) +NGINX_BASE_IMAGE=${NGINX_BASE_IMAGE:-$(cat "$DIR"/../../NGINX_BASE)} export NGINX_BASE_IMAGE=$NGINX_BASE_IMAGE export DOCKER_CLI_EXPERIMENTAL=enabled export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/kind-config-$KIND_CLUSTER_NAME}" @@ -85,10 +85,10 @@ fi if [ "${SKIP_INGRESS_IMAGE_CREATION}" = "false" ]; then echo "[dev-env] building image" if [ "${IS_CHROOT}" = "true" ]; then - make -C "${DIR}"/../../ clean-image build image-chroot + make BASE_IMAGE="${NGINX_BASE_IMAGE}" -C "${DIR}"/../../ clean-image build image-chroot docker tag ${REGISTRY}/controller-chroot:${TAG} ${REGISTRY}/controller:${TAG} else - make -C "${DIR}"/../../ clean-image build image + make BASE_IMAGE="${NGINX_BASE_IMAGE}" -C "${DIR}"/../../ clean-image build image fi echo "[dev-env] .. done building controller images" diff --git a/test/e2e/settings/opentelemetry.go b/test/e2e/settings/opentelemetry.go index b5fc6ff4e..af946f277 100644 --- a/test/e2e/settings/opentelemetry.go +++ b/test/e2e/settings/opentelemetry.go @@ -17,6 +17,7 @@ limitations under the License. package settings import ( + "os" "strings" "github.com/onsi/ginkgo/v2" @@ -39,6 +40,12 @@ const ( var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { f := framework.NewDefaultFramework("enable-opentelemetry") + shouldSkip := false + skip, ok := os.LookupEnv("SKIP_OPENTELEMETRY_TESTS") + if ok && skip == enable { + shouldSkip = true + } + ginkgo.BeforeEach(func() { f.NewEchoDeployment() }) @@ -47,6 +54,9 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should not exists opentelemetry directive", func() { + if shouldSkip { + ginkgo.Skip("skipped") + } config := map[string]string{} config[enableOpentelemetry] = disable f.SetNginxConfigMapData(config) @@ -60,6 +70,9 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should exists opentelemetry directive when is enabled", func() { + if shouldSkip { + ginkgo.Skip("skipped") + } config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath @@ -74,6 +87,9 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should include opentelemetry_trust_incoming_spans on directive when enabled", func() { + if shouldSkip { + ginkgo.Skip("skipped") + } config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath @@ -89,6 +105,9 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should not exists opentelemetry_operation_name directive when is empty", func() { + if shouldSkip { + ginkgo.Skip("skipped") + } config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath @@ -104,6 +123,9 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should exists opentelemetry_operation_name directive when is configured", func() { + if shouldSkip { + ginkgo.Skip("skipped") + } config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath From 256374079f29993e554b934ffec576b7b6fd54ac Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Sat, 20 Jan 2024 08:50:03 +0530 Subject: [PATCH 009/154] changed pip to apk in test-runner dockerfile (#10885) --- images/test-runner/rootfs/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index e6502ea68..13ca6074f 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -120,7 +120,10 @@ RUN wget -qO /tmp/helm.tgz \ && rm -rf /tmp/* # Install a YAML Linter -RUN pip install --user "yamllint==$YAML_LINT_VERSION" +# Pip not working. Check PR https://github.com/kubernetes/ingress-nginx/pull/10874 +# RUN pip install --user "yamllint==$YAML_LINT_VERSION" +RUN apk update -U \ + apk add yamllint # Install Yamale YAML schema validator RUN pip install --user "yamale==$YAMALE_VERSION" From 8227888ba0a9b09afb4514284ef89f331d4c60b9 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Sun, 21 Jan 2024 21:56:39 +0100 Subject: [PATCH 010/154] fix OpenTelemtry image build (#10888) * fix OpenTelemtry image build * use fpic --- images/opentelemetry/rootfs/CMakeLists.txt | 65 +++++++++++++++++++++- images/opentelemetry/rootfs/Dockerfile | 6 +- images/opentelemetry/rootfs/build.sh | 2 +- 3 files changed, 65 insertions(+), 8 deletions(-) diff --git a/images/opentelemetry/rootfs/CMakeLists.txt b/images/opentelemetry/rootfs/CMakeLists.txt index 2a816ebf7..a1ff85b49 100644 --- a/images/opentelemetry/rootfs/CMakeLists.txt +++ b/images/opentelemetry/rootfs/CMakeLists.txt @@ -24,7 +24,7 @@ project( set(CMAKE_CXX_STANDARD 17) set(CMAKE_CXX_EXTENSIONS OFF) set(CMAKE_CXX_STANDARD_REQUIRED ON) -set(CMAKE_CXX_FLAGS "-O2") +set(CMAKE_CXX_FLAGS "-O2 -fpic") set(CMAKE_VERBOSE_MAKEFILE ON CACHE BOOL "ON" FORCE) set(CMAKE_BUILD_TYPE @@ -69,8 +69,49 @@ set(GRPC_GIT_TAG CACHE STRING "gRPC version") include(ExternalProject) +set(ABSEIL_GIT_TAG "20230802.1" CACHE STRING "Abseil version") + +ExternalProject_Add( + Abseil + GIT_REPOSITORY https://github.com/abseil/abseil-cpp.git + GIT_TAG ${ABSEIL_GIT_TAG} + GIT_SHALLOW 1 + UPDATE_COMMAND "" + CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${STAGED_INSTALL_PREFIX} + -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} + -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER} + -DCMAKE_CXX_STANDARD=${CMAKE_CXX_STANDARD} + -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} + USES_TERMINAL_BUILD TRUE + DOWNLOAD_NO_PROGRESS TRUE + LOG_CONFIGURE TRUE + LOG_BUILD TRUE + LOG_INSTALL TRUE) + +# RE2 settings +set(RE2_GIT_TAG "2023-11-01" CACHE STRING "RE2 version") + +ExternalProject_Add( + RE2 + DEPENDS Abseil + GIT_REPOSITORY https://github.com/google/re2.git + GIT_TAG ${RE2_GIT_TAG} + GIT_SHALLOW 1 + UPDATE_COMMAND "" + CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${STAGED_INSTALL_PREFIX} + -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} + -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER} + -DCMAKE_CXX_STANDARD=${CMAKE_CXX_STANDARD} + -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} + USES_TERMINAL_BUILD TRUE + DOWNLOAD_NO_PROGRESS TRUE + LOG_CONFIGURE TRUE + LOG_BUILD TRUE + LOG_INSTALL TRUE) + ExternalProject_Add( gRPC + DEPENDS Abseil RE2 GIT_REPOSITORY https://github.com/grpc/grpc.git GIT_TAG ${GRPC_GIT_TAG} GIT_SHALLOW 1 @@ -79,6 +120,8 @@ ExternalProject_Add( -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER} -DgRPC_SSL_PROVIDER=package + -DgRPC_RE2_PROVIDER=package + -DgRPC_ABSEIL_PROVIDER=package -DOPENSSL_ROOT_DIR=OpenSSL -DgRPC_BUILD_TESTS=OFF -DBUILD_SHARED_LIBS=OFF @@ -88,7 +131,25 @@ ExternalProject_Add( -DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF -DgRPC_BUILD_GRPC_PYTHON_PLUGIN=OFF -DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF - CMAKE_CACHE_ARGS -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} + -DgRPC_BUILD_GRPC_NODE_PLUGIN=OFF + -DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=OFF + -DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF + -DgRPC_BUILD_GRPC_PYTHON_PLUGIN=OFF + -DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF + -DgRPC_USE_PROTO_LITE=OFF + -DgRPC_BUILD_CSHARP_EXT=OFF + -DgRPC_BUILD_GRPC_CSHARP_PLUGIN=OFF + -DgRPC_BUILD_GRPC_JAVA_PLUGIN=OFF + -DgRPC_BUILD_GRPC_GRPC_JAVA_PLUGIN=OFF + -DgRPC_BUILD_GRPC_WEB_PLUGIN=OFF + -DgRPC_BUILD_GRPC_C_PLUGIN=OFF + -DgRPC_BUILD_GRPC_NODE_PLUGIN=OFF + -DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=OFF + -DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF + -DgRPC_BUILD_GRPC_PYTHON_PLUGIN=OFF + -DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF + -DCMAKE_CXX_STANDARD=${CMAKE_CXX_STANDARD} + CMAKE_CACHE_ARGS -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} TEST_AFTER_INSTALL FALSE USES_TERMINAL_BUILD TRUE DOWNLOAD_NO_PROGRESS TRUE diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 8c8cb1783..e568237c2 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -28,16 +28,12 @@ ENV NINJA_STATUS "[%p/%f/%t] " # install gRPC FROM base as grpc -RUN bash /opt/third_party/build.sh -g v1.57.0 +RUN bash /opt/third_party/build.sh -g v1.60.0 -# install abseil-cpp -FROM base as absl-cpp -RUN bash /opt/third_party/build.sh -a 20230802.0 # install OpenTelemetry-cpp FROM base as otel-cpp COPY --from=grpc /opt/third_party/install/ /usr -COPY --from=absl-cpp /opt/third_party/install/ /usr RUN bash /opt/third_party/build.sh -o v1.11.0 # install otel_ngx_module.so diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index ebf95e219..8b491589f 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -148,7 +148,7 @@ get_src() install_nginx() { - export NGINX_VERSION=1.21.6 + export NGINX_VERSION=1.25.3 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main export OPENTELEMETRY_CONTRIB_COMMIT=aaa51e2297bcb34297f3c7aa44fa790497d2f7f3 From d382bc3d642ff59fecceb60d642cbfaddac07174 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 12:03:33 +0100 Subject: [PATCH 011/154] Bump actions/setup-go from 4.1.0 to 5.0.0 (#10893) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.1.0 to 5.0.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4.1.0...0c52d547c9bc32b1aa3301fd7a9cb496313a4491) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/nginx125.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nginx125.yaml b/.github/workflows/nginx125.yaml index 63c45d4cc..dfdec3c94 100644 --- a/.github/workflows/nginx125.yaml +++ b/.github/workflows/nginx125.yaml @@ -52,7 +52,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Go id: go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: '1.21.5' check-latest: true From 103dae67dc146c0174ae42c57e6afade3124aa67 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Mon, 22 Jan 2024 16:38:48 +0530 Subject: [PATCH 012/154] changed yamale install from pip to manual download & install (#10886) --- images/test-runner/rootfs/Dockerfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index 13ca6074f..26d72cb0d 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -126,7 +126,13 @@ RUN apk update -U \ apk add yamllint # Install Yamale YAML schema validator -RUN pip install --user "yamale==$YAMALE_VERSION" +# Commenting pip install yamale because broken cloudbuild https://github.com/kubernetes/ingress-nginx/pull/10885 +# RUN pip install --user "yamale==$YAMALE_VERSION" +RUN wget https://github.com/23andMe/Yamale/archive/master.zip \ + && unzip -d /tmp master.zip \ + && cd /tmp/Yamale-master \ + && python setup.py install \ + && yamale -V LABEL org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx From fb5c91c55a6e1bafa388a5af3230cd91889c1aff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 17:08:12 +0100 Subject: [PATCH 013/154] Bump actions/upload-artifact from 3.1.3 to 4.2.0 (#10896) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.2.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3.1.3...694cdabd8bdb0f10b2cea11669e1bf5453eed0a6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/nginx125.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/zz-tmpl-k8s-e2e.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e2a0d4c81..815a9b70f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -137,7 +137,7 @@ jobs: | gzip > docker.tar.gz - name: cache - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 with: name: docker.tar.gz path: docker.tar.gz diff --git a/.github/workflows/nginx125.yaml b/.github/workflows/nginx125.yaml index dfdec3c94..60bc64d02 100644 --- a/.github/workflows/nginx125.yaml +++ b/.github/workflows/nginx125.yaml @@ -91,7 +91,7 @@ jobs: nginx-1.25:1.0.0-dev \ | gzip > docker.tar.gz - name: cache - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 with: name: docker.tar.gz path: docker.tar.gz diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e5f9ce488..390dcfe46 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index 7bb0f3b7d..d2941eb15 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -49,7 +49,7 @@ jobs: make kind-e2e-test - name: Upload e2e junit-reports ${{ inputs.variation }} - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 if: success() || failure() with: name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} From 0d16193b9f50b3dd13e75fad12a88b8a6a1f2652 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 17:39:51 +0100 Subject: [PATCH 014/154] Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.15.0 (#10900) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.15.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.15.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0abf06a8d..216f446f8 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.14.0 + github.com/onsi/ginkgo/v2 v2.15.0 github.com/opencontainers/runc v1.1.11 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.18.0 diff --git a/go.sum b/go.sum index 27a40b389..ab3495e78 100644 --- a/go.sum +++ b/go.sum @@ -281,8 +281,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= -github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= +github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= +github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= From d96dcde1ba1e422e89a54ad6765320b6286cbfb1 Mon Sep 17 00:00:00 2001 From: Sujay <89520981+SD-13@users.noreply.github.com> Date: Mon, 22 Jan 2024 18:18:38 +0000 Subject: [PATCH 015/154] run ci workflow for release branches (#10819) --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 815a9b70f..eb8815fb8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,6 +13,7 @@ on: push: branches: - main + - release-* paths-ignore: - 'docs/**' - 'deploy/**' From cd6804b49bfa35d2880143486123b6f03a2378b6 Mon Sep 17 00:00:00 2001 From: Christina Waldron <72021941+cnwaldron@users.noreply.github.com> Date: Mon, 22 Jan 2024 13:24:52 -0500 Subject: [PATCH 016/154] Add step for snapshot (#10736) Only run release steps on tags to avoid failure --- .github/workflows/plugin.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index b322e69ff..9cc3a4a3c 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -22,7 +22,17 @@ jobs: go-version: '1.21.5' check-latest: true + - name: Run GoReleaser Snapshot + if: ${{ ! startsWith(github.ref, 'refs/tags/') }} + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 + with: + version: latest + args: release --snapshot --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Run GoReleaser + if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 with: version: latest @@ -31,6 +41,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update new version in krew-index + if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46 with: krew_template_file: cmd/plugin/krew.yaml From 711c7059a58a4825025596237a0138190b6b5b7e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 19:27:51 +0100 Subject: [PATCH 017/154] Bump actions/download-artifact from 3.0.2 to 4.1.1 (#10895) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3.0.2 to 4.1.1. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3.0.2...6b208ae046db98c579e8a3aa621ab581ff575935) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/nginx125.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nginx125.yaml b/.github/workflows/nginx125.yaml index 60bc64d02..4dfed9567 100644 --- a/.github/workflows/nginx125.yaml +++ b/.github/workflows/nginx125.yaml @@ -110,7 +110,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: cache - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 with: name: docker.tar.gz From f6a28feb633d1509676fb7eb8709de3f9688bb78 Mon Sep 17 00:00:00 2001 From: longwuyuan Date: Mon, 22 Jan 2024 21:52:52 +0530 Subject: [PATCH 018/154] bump ginkgo to 2-15-0 --- build/run-in-docker.sh | 2 +- images/test-runner/Makefile | 4 ++-- test/e2e/run-chart-test.sh | 2 +- test/e2e/run-kind-e2e.sh | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index bfac365da..9b1b33bf3 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -87,7 +87,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "FLAGS=$FLAGS" #go env - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.14.0 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.15.0 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index d96c6258c..5b1a87652 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -54,7 +54,7 @@ image: --build-arg YAML_LINT_VERSION=1.33.0 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ - --build-arg GINKGO_VERSION=2.14.0 \ + --build-arg GINKGO_VERSION=2.15.0 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs @@ -75,7 +75,7 @@ build: ensure-buildx --build-arg YAML_LINT_VERSION=1.33.0 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ - --build-arg GINKGO_VERSION=2.14.0 \ + --build-arg GINKGO_VERSION=2.15.0 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 1e112d28e..92e6d66aa 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.14.0 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.15.0 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run-kind-e2e.sh b/test/e2e/run-kind-e2e.sh index 8896a2b3e..5e4afb57d 100755 --- a/test/e2e/run-kind-e2e.sh +++ b/test/e2e/run-kind-e2e.sh @@ -96,7 +96,7 @@ fi if [ "${SKIP_E2E_IMAGE_CREATION}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.14.0 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.15.0 fi echo "[dev-env] .. done building controller images" From c549dc7a6aa62b96f2a86ff58eb81ab9916f08c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 22:47:12 +0100 Subject: [PATCH 019/154] Bump github/codeql-action from 3.23.0 to 3.23.1 (#10892) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.23.0...v3.23.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/images.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index f58872f87..fcb02f635 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -176,6 +176,6 @@ jobs: ignore-unfixed: true output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3.23.0 + uses: github/codeql-action/upload-sarif@v3.23.1 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 390dcfe46..cbfee59fc 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@96531062ba46eb11dee25758db76518ad30ee4cf # v2.1.37 + uses: github/codeql-action/upload-sarif@b96e5e1158e8b8f7694d677976037b27efd275d4 # v2.1.37 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 5b76aebc1..869ba472e 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@96531062ba46eb11dee25758db76518ad30ee4cf # v2.1.37 + uses: github/codeql-action/upload-sarif@b96e5e1158e8b8f7694d677976037b27efd275d4 # v2.1.37 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From e9e70c8c3d3b8ef7fa75e51fe6b05e435e54d789 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 22:50:35 +0100 Subject: [PATCH 020/154] Bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#10894) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.5 to 4.0.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/c74b580d73376b7750d3d2a50bfb8adc2c937507...4901385134134e04cec5fbe5ddfe3b2c5bd5d976) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 44dfe99fb..68822744d 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5 + uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0 From 0c3d52bade1219c1d61d486e44a91ded48766aac Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Tue, 23 Jan 2024 13:04:27 +0530 Subject: [PATCH 021/154] changed testrunner image-sha for ginkgo-2-15-0 (#10906) --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- test/e2e/run-chart-test.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 9b1b33bf3..656292680 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -44,7 +44,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20231208-4c39e6acc@sha256:0607184ca9c53c9c24a47b6f52347dd96137b05c6f276efa67051929a39e8f7a} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240122-aac5d228a@sha256:3f18286471d0d1a8a8b11c98b5477c43a747c9c9a1f08978c5b07955f1ef6474} if [[ "$RUNTIME" == podman ]]; then # Podman does not support both tag and digest diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index ed6c6d52d..05f21134f 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20231208-4c39e6acc@sha256:0607184ca9c53c9c24a47b6f52347dd96137b05c6f276efa67051929a39e8f7a" +E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20240122-aac5d228a@sha256:3f18286471d0d1a8a8b11c98b5477c43a747c9c9a1f08978c5b07955f1ef6474" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 92e6d66aa..aeeb33ac6 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -109,7 +109,7 @@ docker run --rm --interactive --network host \ --volume $KUBECONFIG:/root/.kube/config \ --volume "${DIR}/../../":/workdir \ --workdir /workdir \ - registry.k8s.io/ingress-nginx/e2e-test-runner:v20231208-4c39e6acc@sha256:0607184ca9c53c9c24a47b6f52347dd96137b05c6f276efa67051929a39e8f7a \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20240122-aac5d228a@sha256:3f18286471d0d1a8a8b11c98b5477c43a747c9c9a1f08978c5b07955f1ef6474 \ ct install \ --charts charts/ingress-nginx \ --helm-extra-args "--timeout 60s" From 760bf8eb0c8033e71398a8c95f817e8ead5e54c6 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 26 Jan 2024 23:51:16 +0530 Subject: [PATCH 022/154] fix run command in dockerfile of test-runner-image (#10921) --- images/test-runner/rootfs/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index 26d72cb0d..7128bcf70 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -123,7 +123,8 @@ RUN wget -qO /tmp/helm.tgz \ # Pip not working. Check PR https://github.com/kubernetes/ingress-nginx/pull/10874 # RUN pip install --user "yamllint==$YAML_LINT_VERSION" RUN apk update -U \ - apk add yamllint + && apk add yamllint \ + && yamllint --version # Install Yamale YAML schema validator # Commenting pip install yamale because broken cloudbuild https://github.com/kubernetes/ingress-nginx/pull/10885 From d378913c780fb92826bd87d1ff88df3efb57c149 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 26 Jan 2024 15:49:09 -0500 Subject: [PATCH 023/154] update e2e to latest Signed-off-by: James Strong --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- test/e2e/run-chart-test.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 656292680..2eb8b5890 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -44,7 +44,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240122-aac5d228a@sha256:3f18286471d0d1a8a8b11c98b5477c43a747c9c9a1f08978c5b07955f1ef6474} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240126-760bf8eb@sha256:5e676bf2e5d5d035adfc6e093abee040af08327011e72fef640fa20da73cea2e} if [[ "$RUNTIME" == podman ]]; then # Podman does not support both tag and digest diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 05f21134f..9f43c4691 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20240122-aac5d228a@sha256:3f18286471d0d1a8a8b11c98b5477c43a747c9c9a1f08978c5b07955f1ef6474" +E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20240126-760bf8eb@sha256:5e676bf2e5d5d035adfc6e093abee040af08327011e72fef640fa20da73cea2e" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index aeeb33ac6..05f199cb2 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -109,7 +109,7 @@ docker run --rm --interactive --network host \ --volume $KUBECONFIG:/root/.kube/config \ --volume "${DIR}/../../":/workdir \ --workdir /workdir \ - registry.k8s.io/ingress-nginx/e2e-test-runner:v20240122-aac5d228a@sha256:3f18286471d0d1a8a8b11c98b5477c43a747c9c9a1f08978c5b07955f1ef6474 \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20240126-760bf8eb@sha256:5e676bf2e5d5d035adfc6e093abee040af08327011e72fef640fa20da73cea2e \ ct install \ --charts charts/ingress-nginx \ --helm-extra-args "--timeout 60s" From 4e97379b4e4a5d82546ad706e405045ccad0c834 Mon Sep 17 00:00:00 2001 From: James Strong Date: Sat, 27 Jan 2024 02:45:19 -0500 Subject: [PATCH 024/154] Release controller 1.9.6 and helm 4.9.1 (#10919) Signed-off-by: James Strong --- README.md | 7 +- changelog/controller-1.9.6.md | 21 +++ changelog/controller.md.gotmpl | 2 +- charts/ingress-nginx/Chart.yaml | 12 +- charts/ingress-nginx/README.md | 12 +- .../changelog/helm-chart-4.9.1.md | 10 ++ charts/ingress-nginx/values.yaml | 10 +- deploy/static/provider/aws/deploy.yaml | 48 +++---- .../aws/nlb-with-tls-termination/deploy.yaml | 48 +++---- deploy/static/provider/baremetal/deploy.yaml | 48 +++---- deploy/static/provider/cloud/deploy.yaml | 48 +++---- deploy/static/provider/do/deploy.yaml | 48 +++---- deploy/static/provider/exoscale/deploy.yaml | 48 +++---- deploy/static/provider/kind/deploy.yaml | 48 +++---- deploy/static/provider/oracle/deploy.yaml | 48 +++---- deploy/static/provider/scw/deploy.yaml | 48 +++---- docs/e2e-tests.md | 1 + docs/examples/auth/client-certs/README.md | 126 +++++------------- .../custom-default-backend.helm.values.yaml | 2 +- .../custom-errors/custom-default-backend.yaml | 2 +- docs/examples/grpc/README.md | 1 - docs/examples/rewrite/README.md | 2 +- docs/how-it-works.md | 6 +- docs/troubleshooting.md | 39 ------ docs/user-guide/multiple-ingress.md | 7 +- .../nginx-configuration/annotations.md | 29 +--- .../nginx-configuration/configmap.md | 26 +--- .../third-party-addons/opentelemetry.md | 4 +- docs/user-guide/tls.md | 3 - 29 files changed, 318 insertions(+), 436 deletions(-) create mode 100644 changelog/controller-1.9.6.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.9.1.md diff --git a/README.md b/README.md index 047b6ce80..e955cd359 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,8 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but | Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version | |:--:|-----------------------|------------------------------|----------------|---------------|------------------------------| -| 🔄 | **v1.9.5** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.9.0* | +| 🔄 | **v1.9.6** | 1.29, 1.28, 1.27, 1.26, 1.25 | 3.19.0 | 1.21.6 | 4.9.1* | +| 🔄 | **v1.9.5** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.9.0* | | 🔄 | **v1.9.4** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.3 | | 🔄 | **v1.9.3** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* | | 🔄 | **v1.9.1** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* | @@ -47,8 +48,8 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but | 🔄 | **v1.8.2** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | | 🔄 | **v1.8.1** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | | 🔄 | **v1.8.0** | 1.27, 1.26, 1.25, 1.24 | 3.18.0 | 1.21.6 | 4.7.* | -| 🔄 | **v1.7.1** | 1.27, 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | -| 🔄 | **v1.7.0** | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | +| | **v1.7.1** | 1.27, 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | +| | **v1.7.0** | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | | | v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* | | | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* | | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 | diff --git a/changelog/controller-1.9.6.md b/changelog/controller-1.9.6.md new file mode 100644 index 000000000..ccc382644 --- /dev/null +++ b/changelog/controller-1.9.6.md @@ -0,0 +1,21 @@ +# Changelog + +### controller-v1.9.6 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c +* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.6@sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096 + +### All changes: + +* update web hook cert gen to latest release v20231226-1a7112e06 +* annotation validation: validate regex in common name annotation (#10880) +* change MODSECURITY_VERSION_LIB to 3.0.11 (#10879) +* Include SECLEVEL and STRENGTH as part of ssl-cipher list validation (#10871) + +### Dependency updates: + +* Bump github.com/opencontainers/runc from 1.1.10 to 1.1.11 (#10878) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.5...controller-v1.9.6 diff --git a/changelog/controller.md.gotmpl b/changelog/controller.md.gotmpl index e1ae13cc5..0d7ad5588 100644 --- a/changelog/controller.md.gotmpl +++ b/changelog/controller.md.gotmpl @@ -19,4 +19,4 @@ Images: * {{ . }} {{- end }} {{ end }} -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-{{ .PreviousControllerVersion }}...controller-{{ .NewControllerVersion }} +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/{{ .PreviousControllerVersion }}...{{ .NewControllerVersion }} diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 96a7edcb2..df4f6fe63 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,13 +1,10 @@ annotations: artifacthub.io/changes: |- - - "Add controller.metrics.serviceMonitor.annotations in Helm chart" - - "fix(labels): use complete labels variable on default-backend deployment" - - "chart: allow setting allocateLoadBalancerNodePorts (#10693)" - - "[release-1.9] feat(helm): add documentation about metric args (#10695)" - - "Update Ingress-Nginx version controller-v1.9.5" + - "update web hook cert gen to latest release v20231226-1a7112e06" + - "Update Ingress-Nginx version controller-v1.9.6" artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 1.9.5 +appVersion: 1.9.6 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer home: https://github.com/kubernetes/ingress-nginx @@ -17,11 +14,10 @@ keywords: - nginx kubeVersion: '>=1.20.0-0' maintainers: -- name: Gacko - name: rikatz - name: strongjz - name: tao12345666333 name: ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx -version: 4.9.0 +version: 4.9.1 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 7c351e4c8..44bb10bd7 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.9.0](https://img.shields.io/badge/Version-4.9.0-informational?style=flat-square) ![AppVersion: 1.9.5](https://img.shields.io/badge/AppVersion-1.9.5-informational?style=flat-square) +![Version: 4.9.1](https://img.shields.io/badge/Version-4.9.1-informational?style=flat-square) ![AppVersion: 1.9.6](https://img.shields.io/badge/AppVersion-1.9.6-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -253,11 +253,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v20231011-8b53cabe0"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v20231226-1a7112e06"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | @@ -317,8 +317,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `false` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e"` | | -| controller.image.digestChroot | string | `"sha256:9a8d7b25a846a6461cd044b9aea9cf6cad972bcf2e64d9fd246c0279979aad2d"` | | +| controller.image.digest | string | `"sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c"` | | +| controller.image.digestChroot | string | `"sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.readOnlyRootFilesystem | bool | `false` | | @@ -326,7 +326,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.image.runAsNonRoot | bool | `true` | | | controller.image.runAsUser | int | `101` | | | controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | -| controller.image.tag | string | `"v1.9.5"` | | +| controller.image.tag | string | `"v1.9.6"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/changelog/helm-chart-4.9.1.md b/charts/ingress-nginx/changelog/helm-chart-4.9.1.md new file mode 100644 index 000000000..c6120e736 --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.9.1.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.9.1 + +* - "update web hook cert gen to latest release v20231226-1a7112e06" +* - "Update Ingress-Nginx version controller-v1.9.6" + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.9.0...helm-chart-4.9.1 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index e010a2dbb..5e76d2fb4 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -26,9 +26,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.9.5" - digest: sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e - digestChroot: sha256:9a8d7b25a846a6461cd044b9aea9cf6cad972bcf2e64d9fd246c0279979aad2d + tag: "v1.9.6" + digest: sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096 pullPolicy: IfNotPresent runAsNonRoot: true # www-data -> uid 101 @@ -781,8 +781,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v20231011-8b53cabe0 - digest: sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + tag: v20231226-1a7112e06 + digest: sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 63eeec25b..f73e0fce0 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 spec: containers: - args: @@ -446,7 +446,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create spec: containers: @@ -547,7 +547,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: create securityContext: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch spec: containers: @@ -600,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -626,7 +626,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: nginx spec: controller: k8s.io/ingress-nginx @@ -639,7 +639,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index ca4c6d107..7f6019fbb 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -335,7 +335,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -409,7 +409,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -431,7 +431,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 spec: containers: - args: @@ -455,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -534,7 +534,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,7 +545,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create spec: containers: @@ -559,7 +559,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: create securityContext: @@ -585,7 +585,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -596,7 +596,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch spec: containers: @@ -612,7 +612,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -638,7 +638,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: nginx spec: controller: k8s.io/ingress-nginx @@ -651,7 +651,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index 0998d702c..af484aa73 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 spec: containers: - args: @@ -440,7 +440,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -516,7 +516,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -527,7 +527,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create spec: containers: @@ -541,7 +541,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: create securityContext: @@ -567,7 +567,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -578,7 +578,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch spec: containers: @@ -594,7 +594,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -620,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: nginx spec: controller: k8s.io/ingress-nginx @@ -633,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index e3941a705..8ac9dedaf 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -396,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -418,7 +418,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 spec: containers: - args: @@ -442,7 +442,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -518,7 +518,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -529,7 +529,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create spec: containers: @@ -543,7 +543,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: create securityContext: @@ -569,7 +569,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -580,7 +580,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch spec: containers: @@ -596,7 +596,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -622,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index ed9b0233e..7a49f28d0 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -421,7 +421,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 spec: containers: - args: @@ -445,7 +445,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +546,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: create securityContext: @@ -572,7 +572,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -583,7 +583,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch spec: containers: @@ -599,7 +599,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -625,7 +625,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: nginx spec: controller: k8s.io/ingress-nginx @@ -638,7 +638,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 36348d0b9..cf02501a4 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -382,7 +382,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -405,7 +405,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 spec: containers: - args: @@ -447,7 +447,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -538,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create spec: containers: @@ -552,7 +552,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: create securityContext: @@ -578,7 +578,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -589,7 +589,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch spec: containers: @@ -605,7 +605,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -631,7 +631,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: nginx spec: controller: k8s.io/ingress-nginx @@ -644,7 +644,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index a23e4299c..d27f83d9d 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 spec: containers: - args: @@ -442,7 +442,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -528,7 +528,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -539,7 +539,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create spec: containers: @@ -553,7 +553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: create securityContext: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -590,7 +590,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch spec: containers: @@ -606,7 +606,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -632,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: nginx spec: controller: k8s.io/ingress-nginx @@ -645,7 +645,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/oracle/deploy.yaml b/deploy/static/provider/oracle/deploy.yaml index 9b1fc6c73..8d2200925 100644 --- a/deploy/static/provider/oracle/deploy.yaml +++ b/deploy/static/provider/oracle/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 spec: containers: - args: @@ -446,7 +446,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create spec: containers: @@ -547,7 +547,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: create securityContext: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch spec: containers: @@ -600,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -626,7 +626,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: nginx spec: controller: k8s.io/ingress-nginx @@ -639,7 +639,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index ff02f8469..44d91e1af 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -421,7 +421,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 spec: containers: - args: @@ -445,7 +445,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +546,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: create securityContext: @@ -572,7 +572,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -583,7 +583,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission-patch spec: containers: @@ -599,7 +599,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -625,7 +625,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: nginx spec: controller: k8s.io/ingress-nginx @@ -638,7 +638,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.5 + app.kubernetes.io/version: 1.9.6 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index 8d8528b31..bbcdadfc6 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -246,6 +246,7 @@ Do not try to edit it manually. - [drops snippet more_set_header in all locations if disabled by admin](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/snippet.go#L73) ### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/sslciphers.go#L28) - [should change ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/sslciphers.go#L35) +- [should keep ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/sslciphers.go#L58) ### [stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/streamsnippet.go#L34) - [should add value of stream-snippet to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/streamsnippet.go#L41) - [should add stream-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/streamsnippet.go#L94) diff --git a/docs/examples/auth/client-certs/README.md b/docs/examples/auth/client-certs/README.md index 7aed26395..94cf6c697 100644 --- a/docs/examples/auth/client-certs/README.md +++ b/docs/examples/auth/client-certs/README.md @@ -2,117 +2,59 @@ It is possible to enable Client-Certificate Authentication by adding additional annotations to your Ingress Resource. -## 1. Prerequisites / Certificates +Before getting started you must have the following Certificates configured: -- Certificate Authority (CA) Certificate ```ca-cert.pem``` -- Server Certificate (Signed by CA) and Key ```server-cert.pem``` and ```server-key.pem``` -- Client Certificate (Signed by CA), Key and CA Certificate for following client side authentication (See Sub-Section 4 - Test) +1. CA certificate and Key (Intermediate Certs need to be in CA) +2. Server Certificate (Signed by CA) and Key (CN should be equal the hostname you will use) +3. Client Certificate (Signed by CA) and Key -:memo: If Intermediate CA-Certificates (Official CA, non-self-signed) used, they all need to be concatenated (CA authority chain) in one CA file. +For more details on the generation process, checkout the Prerequisite [docs](../../PREREQUISITES.md#client-certificate-authentication). -The following commands let you generate self-signed Certificates and Keys for testing-purpose. - -- Generate the CA Key and Certificate: - -```bash -openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca-key.der -out ca-cert.der -days 356 -nodes -subj '/CN=My Cert Authority' -``` - -- Generate the Server Key, and Certificate and Sign with the CA Certificate: - -```bash -openssl req -new -newkey rsa:4096 -keyout server-key.der -out server.csr -nodes -subj '/CN=mydomain.com' -openssl x509 -req -sha256 -days 365 -in server.csr -CA ca-cert.der -CAkey ca-key.der -set_serial 01 -out server-cert.der -``` - -:memo: The CN (Common Name) x.509 attribute for the server Certificate ***must*** match the dns hostname referenced in ingress definition, see example below. - -- Generate the Client Key, and Certificate and Sign with the CA Certificate: - -```bash -openssl req -new -newkey rsa:4096 -keyout client-key.der -out client.csr -nodes -subj '/CN=My Client' -openssl x509 -req -sha256 -days 365 -in client.csr -CA ca-cert.der -CAkey ca-key.der -set_serial 02 -out client-cert.der -``` - -## 2. Import Certificates / Keys to Kubernetes Secret-Backend - -- Convert all files specified in 1) from .der (binary format) to .pem (base64 encoded): +You can have as many certificates as you want. If they're in the binary DER format, you can convert them as the following: ```bash openssl x509 -in certificate.der -inform der -out certificate.crt -outform pem ``` -:exclamation: Kubernetes Web-Services import relies on .pem Base64-encoded format. - -:zap: There is no need to import the CA Private Key, the Private Key is used only to sign new Client Certificates by the CA. - -- Import the CA Certificate as Kubernetes sub-type ```generic/ca.crt``` +Then, you can concatenate them all into one file, named 'ca.crt' with the following: ```bash -kubectl create secret generic ca-secret --from-file=ca.crt=./ca-cert.pem +cat certificate1.crt certificate2.crt certificate3.crt >> ca.crt ``` -- Import the Server Certificate and Key as Kubernetes sub-type ```tls``` for transport layer +**Note:** Make sure that the Key Size is greater than 1024 and Hashing Algorithm (Digest) is something better than md5 +for each certificate generated. Otherwise you will receive an error. -```bash -kubectl create secret tls tls-secret --cert ./server-cert.pem --key ./server-key.pem -``` +## Creating Certificate Secrets -- Optional import CA-cert, Server-cert and Server-Key for TLS and Client-Auth +There are many different ways of configuring your secrets to enable Client-Certificate +Authentication to work properly. -```bash -kubectl create secret generic tls-and-auth --from-file=tls.crt=./server-crt.pem --from-file=tls.key=./server-key.pem --from-file=ca.crt=./ca-cert.pem -``` +* You can create a secret containing just the CA certificate and another + Secret containing the Server Certificate which is Signed by the CA. -- Optional import a CRL (Certificate Revocation List) + ```bash + kubectl create secret generic ca-secret --from-file=ca.crt=ca.crt + kubectl create secret generic tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key + ``` -```bash -kubectl create secret generic ca-secret --from-file=ca.crt=./ca-cert.pem --from-file=ca.crl=./ca-crl.pem -``` +* You can create a secret containing CA certificate along with the Server + Certificate that can be used for both TLS and Client Auth. -## 3. Annotations / Ingress-Reference + ```bash + kubectl create secret generic ca-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt + ``` -Now we are able to reference the created secrets in the ingress definition. +* If you want to also enable Certificate Revocation List verification you can + create the secret also containing the CRL file in PEM format: + ```bash + kubectl create secret generic ca-secret --from-file=ca.crt=ca.crt --from-file=ca.crl=ca.crl + ``` -:memo: The CA Certificate "authentication" will be reference in annotations. +Note: The CA Certificate must contain the trusted certificate authority chain to verify client certificates. -| Annotation | Description | Remark | -|---------------------------------------------------------------------------|----------------------------|--------------------| -| nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" | Activate Client-Auth | If "on", verify client Certificate | -| nginx.ingress.kubernetes.io/auth-tls-secret: "namespace/ca-secret" | CA "secret" reference | Secret namespace and service / ingress namespace must match | -| nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" | CA "chain" depth | How many CA levels should be processed | -| nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" | Pass Cert / Header | Pass Certificate to Web-App for e.g. parsing Client E-Mail Address x.509 Property | - -:memo: The Server Certificate for transport layer will be referenced in tls .yaml subsection. - -```yaml -tls: - - hosts: - - mydomain.com - secretName: tls-secret -``` - -## 4. Example / Test - -The working .yaml Example: [ingress.yaml](ingress.yaml) - -- Test by performing a curl / wget against the Ingress Path without the Client Cert and expect a Status Code 400 (Bad Request - No required SSL certificate was sent). -- Test by performing a curl / wget against the Ingress Path with the Client Cert and expect a Status Code 200. - -```bash -wget \ ---ca-cert=ca-cert.pem \ ---certificate=client-cert.pem \ ---private-key=client-key.pem \ -https://mydomain.com -``` - -## 5. Remarks - -| :exclamation: In future releases, CN verification seems to be "replaced" by SAN (Subject Alternate Name) for verrification, so do not forget to add | -|-----------------------------------------------------------------------------------------------------------------------------------------------------| - -```bash -openssl req -addext "subjectAltName = DNS:mydomain.com" ... -``` +## Setup Instructions +1. Add the annotations as provided in the [ingress.yaml](ingress.yaml) example to your own ingress resources as required. +2. Test by performing a curl against the Ingress Path without the Client Cert and expect a Status Code 400. +3. Test by performing a curl against the Ingress Path with the Client Cert and expect a Status Code 200. diff --git a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml index 865857dea..708a93831 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml @@ -6,7 +6,7 @@ defaultBackend: image: registry: registry.k8s.io image: ingress-nginx/nginx-errors - tag: "v20231208-4c39e6acc@sha256:c2ca20775f41c0c89906dc74a31239d94ac48e84e7c6164affed41fe669cdaa5" + tag: "v20230505@sha256:3600dcd1bbd0d05959bb01af4b272714e94d22d24a64e91838e7183c80e53f7f" extraVolumes: - name: custom-error-pages configMap: diff --git a/docs/examples/customization/custom-errors/custom-default-backend.yaml b/docs/examples/customization/custom-errors/custom-default-backend.yaml index 993f91f5b..e606c5b62 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml @@ -36,7 +36,7 @@ spec: spec: containers: - name: nginx-error-server - image: registry.k8s.io/ingress-nginx/nginx-errors:v20231208-4c39e6acc@sha256:c2ca20775f41c0c89906dc74a31239d94ac48e84e7c6164affed41fe669cdaa5 + image: registry.k8s.io/ingress-nginx/nginx-errors:v20230505@sha256:3600dcd1bbd0d05959bb01af4b272714e94d22d24a64e91838e7183c80e53f7f ports: - containerPort: 8080 # Setting the environment variable DEBUG we can see the headers sent diff --git a/docs/examples/grpc/README.md b/docs/examples/grpc/README.md index f6bd96e20..508b23fb8 100644 --- a/docs/examples/grpc/README.md +++ b/docs/examples/grpc/README.md @@ -9,7 +9,6 @@ This example demonstrates how to route traffic to a gRPC service through the Ing 3. You have the ingress-nginx-controller installed as per docs. 4. You have a backend application running a gRPC server listening for TCP traffic. If you want, you can use as an example. 5. You're also responsible for provisioning an SSL certificate for the ingress. So you need to have a valid SSL certificate, deployed as a Kubernetes secret of type `tls`, in the same namespace as the gRPC application. - - Note: To use gRPC with ingress-nginx, TLS _must_ be terminated by the ingress or gRPC server (using the `backend-protocol: "GRPCS"` annotation described below). ### Step 1: Create a Kubernetes `Deployment` for gRPC app diff --git a/docs/examples/rewrite/README.md b/docs/examples/rewrite/README.md index 16889e0bc..aadcc1e4b 100644 --- a/docs/examples/rewrite/README.md +++ b/docs/examples/rewrite/README.md @@ -31,7 +31,7 @@ Rewriting can be controlled using the following annotations: [Captured groups](https://www.regular-expressions.info/refcapture.html) are saved in numbered placeholders, chronologically, in the form `$1`, `$2` ... `$n`. These placeholders can be used as parameters in the `rewrite-target` annotation. !!! note - Please see the [FAQ](../../faq.md#validation-of-path) for Validation Of __`path`__ + Please see the [FAQ](../faq.md#validation-of-path) for Validation Of __`path`__ Create an Ingress rule with a rewrite annotation: diff --git a/docs/how-it-works.md b/docs/how-it-works.md index c347c5a6e..161803210 100644 --- a/docs/how-it-works.md +++ b/docs/how-it-works.md @@ -58,13 +58,13 @@ In a relatively big cluster with frequently deploying apps this feature saves si ### Avoiding outage from wrong configuration -Because the ingress controller works using the [synchronization loop pattern][1], it is applying the configuration for all matching objects. In case some Ingress objects have a broken configuration, for example a syntax error in the `nginx.ingress.kubernetes.io/configuration-snippet` annotation, the generated configuration becomes invalid, does not reload and hence no more ingresses will be taken into account. +Because the ingress controller works using the [synchronization loop pattern](https://coreos.com/kubernetes/docs/latest/replication-controller.html#the-reconciliation-loop-in-detail), it is applying the configuration for all matching objects. In case some Ingress objects have a broken configuration, for example a syntax error in the `nginx.ingress.kubernetes.io/configuration-snippet` annotation, the generated configuration becomes invalid, does not reload and hence no more ingresses will be taken into account. -To prevent this situation from happening, the Ingress-Nginx Controller optionally exposes a [validating admission webhook server][8] to ensure the validity of incoming ingress objects. +To prevent this situation to happen, the Ingress-Nginx Controller optionally exposes a [validating admission webhook server][8] to ensure the validity of incoming ingress objects. This webhook appends the incoming ingress objects to the list of ingresses, generates the configuration and calls nginx to ensure the configuration has no syntax errors. [0]: https://github.com/openresty/lua-nginx-module/pull/1259 -[1]: https://github.com/coreos/docs/blob/master/kubernetes/replication-controller.md#the-reconciliation-loop-in-detail +[1]: https://coreos.com/kubernetes/docs/latest/replication-controller.html#the-reconciliation-loop-in-detail [2]: https://godoc.org/k8s.io/client-go/informers#NewFilteredSharedInformerFactory [3]: https://godoc.org/k8s.io/client-go/tools/cache#ResourceEventHandlerFuncs [4]: https://github.com/kubernetes/ingress-nginx/blob/main/internal/task/queue.go#L38 diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 6b841b952..e1fd6956e 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -8,43 +8,6 @@ Do not move it without providing redirects. # Troubleshooting -## A simple test of the basic ingress controller routing -- Install the ingress-nginx controller as per documentation -- Deploy the httpbun example echoserver application - ```console - $ kubectl create deploy httpbun --image registry.k8s.io/ingress-nginx/e2e-test-httpbun:v20231011-8b53cabe0 - ``` -- Create a service of --type ClusterIP for httpbun - ```console - $ kubectl expose deploy httpbun --port 80 - ``` -- Create a ingress for httpbun (This command assumes the ingressClass name to be _**nginx**_. Change the ingressClass name below, if you are using a different ingressClass name) - ```console - $ kubectl create ingress httpbun --class nginx --rule httpbun.foo.com/"*"=httpbun:80 - ``` -- Get the name of the ingress-nginx-controller pod (This command assumes that the ingress-nginx-controller was installed in the namespace called **_ingress-nginx_**) - ```console - $ kubectl -n ingress-nginx get po - ``` -- Open a terminal to tail the logs of the ingress-nginx-controller pod - ```console - $ kubectl -n ingress-nginx logs -f - ``` -- Note the last line of log messages. Hit the return/enter key a couple of times to get some blank lines. Makes it easier to mark newer log lines from your next step -- Open a second terminal, to send a request to httpbun (replace the external-ip or LB name as needed) - ```console - $ curl -v --resolve httpbun.foo.com:80: httpbun.foo.com/get - ``` -- Check if there were new log messages related to your curl command -- Provide all info and the log messages in the issue you create or in the slack chat thread, formatted as a code-snippet - - kubectl get po,svc -n ingress-nginx - - kubectl get po,svc,ing | grep -i httpbun - - kubectl describe svc httpbun - - kubectl describe ing httpbun - - Entire curl command as is and its output - - log messages of the ingress-nginx-controller pod - - ## Ingress-Controller Logs and Events There are many ways to troubleshoot the ingress-controller. The following are basic troubleshooting @@ -456,7 +419,6 @@ spec: operator: "Exists" effect: NoSchedule ``` - * update the namespace if applicable/desired * replace `##_NODE_NAME_##` with the problematic node (or remove nodeSelector section if problem is not confined to one node) * replace `##_CONTROLLER_IMAGE_##` with the same image as in use by your ingress-nginx deployment @@ -483,7 +445,6 @@ $ capsh --decode=0000000000000400 ## Create a test pod as root (Note, this may be restricted by PodSecurityPolicy, PodSecurityAdmission/Standards, OPA Gatekeeper, etc. in which case you will need to do the appropriate workaround for testing, e.g. deploy in a new namespace without the restrictions.) To test further you may want to install additional utilities, etc. Modify the pod yaml by: - * changing runAsUser from 101 to 0 * removing the "drop..ALL" section from the capabilities. diff --git a/docs/user-guide/multiple-ingress.md b/docs/user-guide/multiple-ingress.md index 54a18fbb9..fca93ee65 100644 --- a/docs/user-guide/multiple-ingress.md +++ b/docs/user-guide/multiple-ingress.md @@ -10,9 +10,7 @@ But, when user has deployed with `scope.enabled`, then the ingress class resourc If all ingress controllers respect IngressClasses (e.g. multiple instances of ingress-nginx v1.0), you can deploy two Ingress controllers by granting them control over two different IngressClasses, then selecting one of the two IngressClasses with `ingressClassName`. -First, ensure the `--controller-class=` and `--ingress-class` are set to something different on each ingress controller, If your additional ingress controller is to be installed in a namespace, where there is/are one/more-than-one ingress-nginx-controller(s) already installed, then you need to specify a different unique `--election-id` for the new instance of the controller. - -In addition, you need to specify `--ingress-class-by-name=true` in the controller args list. The `--ingress-class-by-name` defines if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false). +First, ensure the `--controller-class=` and `--ingress-class` are set to something different on each ingress controller, If your additional ingress controller is to be installed in a namespace, where there is/are one/more-than-one ingress-nginx-controller(s) already installed, then you need to specify a different unique `--election-id` for the new instance of the controller. ```yaml # ingress-nginx Deployment/Statefulset @@ -25,8 +23,7 @@ spec: - /nginx-ingress-controller - '--election-id=ingress-controller-leader' - '--controller-class=k8s.io/internal-ingress-nginx' - - '--ingress-class=internal-nginx' - - '--ingress-class-by-name=true' + - '--ingress-class=k8s.io/internal-nginx' ... ``` diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 41a876abf..877654d12 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -50,7 +50,6 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/client-body-buffer-size](#client-body-buffer-size)|string| |[nginx.ingress.kubernetes.io/configuration-snippet](#configuration-snippet)|string| |[nginx.ingress.kubernetes.io/custom-http-errors](#custom-http-errors)|[]int| -|[nginx.ingress.kubernetes.io/disable-proxy-intercept-errors](#disable-proxy-intercept-errors)|"true" or "false"| |[nginx.ingress.kubernetes.io/default-backend](#default-backend)|string| |[nginx.ingress.kubernetes.io/enable-cors](#enable-cors)|"true" or "false"| |[nginx.ingress.kubernetes.io/cors-allow-origin](#enable-cors)|string| @@ -317,8 +316,7 @@ nginx.ingress.kubernetes.io/configuration-snippet: | more_set_headers "Request-Id: $req_id"; ``` -!!! attention -Since version 1.9.0, `"configuration-snippet"` annotation is disabled by default and has to be explicitly enabled, see [allow-snippet-annotations](./configmap.md#allow-snippet-annotations). Enabling it can be dangerous in multi-tenant clusters, as it can lead to people with otherwise limited permissions being able to retrieve all secrets on the cluster. See CVE-2021-25742 and the [related issue on github](https://github.com/kubernetes/ingress-nginx/issues/7837) for more information. +Be aware this can be dangerous in multi-tenant clusters, as it can lead to people with otherwise limited permissions being able to retrieve all secrets on the cluster. The recommended mitigation for this threat is to disable this feature, so it may not work for you. See CVE-2021-25742 and the [related issue on github](https://github.com/kubernetes/ingress-nginx/issues/7837) for more information. ### Custom HTTP Errors @@ -331,17 +329,6 @@ Example usage: nginx.ingress.kubernetes.io/custom-http-errors: "404,415" ``` -## Disable Proxy intercept Errors - -Like the [`disable-proxy-intercept-errors`](./configmap.md#disable-proxy-intercept-errors) value in the ConfigMap, this annotation allows to disable NGINX `proxy-intercept-errors` when `custom-http-errors` are set, but only for the NGINX location associated with this ingress. If a [default backend annotation](#default-backend) is specified on the ingress, the errors will be routed to that annotation's default backend service (instead of the global default backend). -Different ingresses can specify different sets of errors codes and there are UseCases where NGINX shall not intercept all errors returned from upstream. -If `disable-proxy-intercept-errors` is also specified globally, the annotation will override the global value for the given ingress' hostname and path. - -Example usage: -``` -nginx.ingress.kubernetes.io/disable-proxy-intercept-errors: "false" -``` - ### Default Backend This annotation is of the form `nginx.ingress.kubernetes.io/default-backend: ` to specify a custom default backend. This `` is a reference to a service inside of the same namespace in which you are applying this annotation. This annotation overrides the global default backend. In case the service has [multiple ports](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services), the first one is the one which will receive the backend traffic. @@ -441,9 +428,6 @@ metadata: } ``` -!!! attention -Since version 1.9.0, `"server-snippet"` annotation is disabled by default and has to be explicitly enabled, see [allow-snippet-annotations](./configmap.md#allow-snippet-annotations). Enabling it can be dangerous in multi-tenant clusters, as it can lead to people with otherwise limited permissions being able to retrieve all secrets on the cluster. See CVE-2021-25742 and the [related issue on github](https://github.com/kubernetes/ingress-nginx/issues/7837) for more information. - !!! attention This annotation can be used only once per host. @@ -521,15 +505,12 @@ nginx.ingress.kubernetes.io/auth-snippet: | ``` > Note: `nginx.ingress.kubernetes.io/auth-snippet` is an optional annotation. However, it may only be used in conjunction with `nginx.ingress.kubernetes.io/auth-url` and will be ignored if `nginx.ingress.kubernetes.io/auth-url` is not set -!!! attention -Since version 1.9.0, `"auth-snippet"` annotation is disabled by default and has to be explicitly enabled, see [allow-snippet-annotations](./configmap.md#allow-snippet-annotations). Enabling it can be dangerous in multi-tenant clusters, as it can lead to people with otherwise limited permissions being able to retrieve all secrets on the cluster. See CVE-2021-25742 and the [related issue on github](https://github.com/kubernetes/ingress-nginx/issues/7837) for more information. - !!! example Please check the [external-auth](../../examples/auth/external-auth/README.md) example. #### Global External Authentication -By default the controller redirects all requests to an existing service that provides authentication if `global-auth-url` is set in the NGINX ConfigMap. If you want to disable this behavior for a specific ingress, you can use the annotation `nginx.ingress.kubernetes.io/enable-global-auth: "false"`. +By default the controller redirects all requests to an existing service that provides authentication if `global-auth-url` is set in the NGINX ConfigMap. If you want to disable this behavior for that ingress, you can use `enable-global-auth: "false"` in the NGINX ConfigMap. `nginx.ingress.kubernetes.io/enable-global-auth`: indicates if GlobalExternalAuth configuration should be applied or not to this Ingress rule. Default values is set to `"true"`. @@ -914,9 +895,6 @@ nginx.ingress.kubernetes.io/modsecurity-snippet: | Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf ``` -!!! attention -Since version 1.9.0, `"modsecurity-snippet"` annotation is disabled by default and has to be explicitly enabled, see [allow-snippet-annotations](./configmap.md#allow-snippet-annotations). Enabling it can be dangerous in multi-tenant clusters, as it can lead to people with otherwise limited permissions being able to retrieve all secrets on the cluster. See CVE-2021-25742 and the [related issue on github](https://github.com/kubernetes/ingress-nginx/issues/7837) for more information. - ### Backend Protocol Using `backend-protocol` annotations is possible to indicate how NGINX should communicate with the backend service. (Replaces `secure-backends` in older versions) @@ -1006,6 +984,3 @@ metadata: proxy_pass 127.0.0.1:80; } ``` - -!!! attention -Since version 1.9.0, `"stream-snippet"` annotation is disabled by default and has to be explicitly enabled, see [allow-snippet-annotations](./configmap.md#allow-snippet-annotations). Enabling it can be dangerous in multi-tenant clusters, as it can lead to people with otherwise limited permissions being able to retrieve all secrets on the cluster. See CVE-2021-25742 and the [related issue on github](https://github.com/kubernetes/ingress-nginx/issues/7837) for more information. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 7038ca90d..75971b9a5 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -39,7 +39,6 @@ The following table shows a configuration option's name, type, and the default v |[http-access-log-path](#http-access-log-path)|string|""|| |[stream-access-log-path](#stream-access-log-path)|string|""|| |[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"|| -|[enable-auth-access-log](#enable-auth-access-log)|bool|"false"|| |[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"|| |[enable-modsecurity](#enable-modsecurity)|bool|"false"|| |[modsecurity-snippet](#modsecurity-snippet)|string|""|| @@ -164,7 +163,7 @@ The following table shows a configuration option's name, type, and the default v |[enable-opentelemetry](#enable-opentelemetry)|bool|"false"|| |[opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)|bool|"true"|| |[opentelemetry-operation-name](#opentelemetry-operation-name)|string|""|| -|[opentelemetry-config](#/etc/ingress-controller/telemetry/opentelemetry.toml)|string|"/etc/ingress-controller/telemetry/opentelemetry.toml"|| +|[opentelemetry-config](#/etc/nginx/opentelemetry.toml)|string|"/etc/nginx/opentelemetry.toml"|| |[otlp-collector-host](#otlp-collector-host)|string|""|| |[otlp-collector-port](#otlp-collector-port)|int|4317|| |[otel-max-queuesize](#otel-max-queuesize)|int||| @@ -180,7 +179,6 @@ The following table shows a configuration option's name, type, and the default v |[stream-snippet](#stream-snippet)|string|""|| |[location-snippet](#location-snippet)|string|""|| |[custom-http-errors](#custom-http-errors)|[]int|[]int{}|| -|[disable-proxy-intercept-errors](#disable-proxy-intercept-errors)|bool|"false"| |[proxy-body-size](#proxy-body-size)|string|"1m"|| |[proxy-connect-timeout](#proxy-connect-timeout)|int|5|| |[proxy-read-timeout](#proxy-read-timeout)|int|60|| @@ -219,7 +217,6 @@ The following table shows a configuration option's name, type, and the default v |[global-auth-snippet](#global-auth-snippet)|string|""|| |[global-auth-cache-key](#global-auth-cache-key)|string|""|| |[global-auth-cache-duration](#global-auth-cache-duration)|string|"200 202 401 5m"|| -|[global-auth-always-set-cookie](#global-auth-always-set-cookie)|bool|"false"|| |[no-auth-locations](#no-auth-locations)|string|"/.well-known/acme-challenge"|| |[block-cidrs](#block-cidrs)|[]string|""|| |[block-user-agents](#block-user-agents)|[]string|""|| @@ -266,7 +263,7 @@ Enables Ingress to parse and add *-snippet annotations/directives created by the Warning: We recommend enabling this option only if you TRUST users with permission to create Ingress objects, as this may allow a user to add restricted configurations to the final nginx.conf file -**This option is defaulted to false since v1.9.0** +**This option will be defaulted to false in the next major release** ## annotations-risk-level @@ -329,10 +326,6 @@ __Note:__ If not specified, the `access-log-path` will be used. Enables logging access to default backend. _**default:**_ is disabled. -## enable-auth-access-log - -Enables logging access to the authentication endpoint. _**default:**_ is disabled. - ## error-log-path Error log path. Goes to `/var/log/nginx/error.log` by default. @@ -727,9 +720,6 @@ Enables or disables compression of HTTP responses using the ["gzip" module](http ## use-geoip -!!! attention - GeoIP is deprecated and removed on v1.10. Users willing to use GeoIP should use GeoIP2 - Enables or disables ["geoip" module](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) that creates variables with values depending on the client IP address, using the precompiled MaxMind databases. _**default:**_ true @@ -1130,18 +1120,10 @@ You can not use this to add new locations that proxy to the Kubernetes pods, as Enables which HTTP codes should be passed for processing with the [error_page directive](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) -Setting at least one code also enables [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) if not disabled with [disable-proxy-intercept-errors](#disable-proxy-intercept-errors). +Setting at least one code also enables [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) which are required to process error_page. Example usage: `custom-http-errors: 404,415` -## disable-proxy-intercept-errors - -Allows to disable [proxy-intercept-errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors). - -Disabling [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) allows to pass upstream errors to client even if [custom-http-errors](#custom-http-errors) are set. - -Example usage: `disable-proxy-intercept-errors: "true"` - ## proxy-body-size Sets the maximum allowed size of the client request body. @@ -1299,7 +1281,7 @@ _**default:**_ "/.well-known/acme-challenge" A url to an existing service that provides authentication for all the locations. Similar to the Ingress rule annotation `nginx.ingress.kubernetes.io/auth-url`. -Locations that should not get authenticated can be listed using `no-auth-locations` See [no-auth-locations](#no-auth-locations). In addition, each service can be excluded from authentication via annotation `nginx.ingress.kubernetes.io/enable-global-auth` set to "false". +Locations that should not get authenticated can be listed using `no-auth-locations` See [no-auth-locations](#no-auth-locations). In addition, each service can be excluded from authentication via annotation `enable-global-auth` set to "false". _**default:**_ "" _References:_ [https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#external-authentication](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#external-authentication) diff --git a/docs/user-guide/third-party-addons/opentelemetry.md b/docs/user-guide/third-party-addons/opentelemetry.md index a38c9c56f..d735fca4f 100644 --- a/docs/user-guide/third-party-addons/opentelemetry.md +++ b/docs/user-guide/third-party-addons/opentelemetry.md @@ -165,7 +165,7 @@ To install the example and collectors run: kind: ConfigMap data: enable-opentelemetry: "true" - opentelemetry-config: "/etc/ingress-controller/telemetry/opentelemetry.toml" + opentelemetry-config: "/etc/nginx/opentelemetry.toml" opentelemetry-operation-name: "HTTP $request_method $service_name $uri" opentelemetry-trust-incoming-span: "true" otlp-collector-host: "otel-coll-collector.otel.svc" @@ -282,7 +282,7 @@ for common annotations and configurations: | Legacy | OpenTelemetry | |--------------------------------------------------|--------------------------------------------------| | `nginx.ingress.kubernetes.io/enable-opentracing` | `nginx.ingress.kubernetes.io/enable-opentelemetry` | -| `opentracing-trust-incoming-span` | `opentelemetry-trust-incoming-span` | +| `opentracing-trust-incoming-span` | `opentracing-trust-incoming-span` | ### Configs diff --git a/docs/user-guide/tls.md b/docs/user-guide/tls.md index f6fee6895..11338981b 100644 --- a/docs/user-guide/tls.md +++ b/docs/user-guide/tls.md @@ -127,9 +127,6 @@ ingress-nginx defaults to using TLS 1.2 and 1.3 only, with a [secure set of TLS ### Legacy TLS -!!! warning - TLSv1, TLSv1.1 are not supported in ingress-nginx v1.6.0 and above. - The default configuration, though secure, does not support some older browsers and operating systems. For instance, TLS 1.1+ is only enabled by default from Android 5.0 on. At the time of writing, From c295cd1c4bdb385f0a97371a4f4fad6470b39751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tore=20Stendal=20L=C3=B8n=C3=B8y?= Date: Sat, 27 Jan 2024 12:40:35 +0100 Subject: [PATCH 025/154] docs: update annotations docs with missing session-cookie section (#10917) --- .../nginx-configuration/annotations.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 877654d12..42dc918e3 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -97,12 +97,15 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/server-alias](#server-alias)|string| |[nginx.ingress.kubernetes.io/server-snippet](#server-snippet)|string| |[nginx.ingress.kubernetes.io/service-upstream](#service-upstream)|"true" or "false"| -|[nginx.ingress.kubernetes.io/session-cookie-name](#cookie-affinity)|string| -|[nginx.ingress.kubernetes.io/session-cookie-path](#cookie-affinity)|string| -|[nginx.ingress.kubernetes.io/session-cookie-domain](#cookie-affinity)|string| |[nginx.ingress.kubernetes.io/session-cookie-change-on-failure](#cookie-affinity)|"true" or "false"| -|[nginx.ingress.kubernetes.io/session-cookie-samesite](#cookie-affinity)|string| |[nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none](#cookie-affinity)|"true" or "false"| +|[nginx.ingress.kubernetes.io/session-cookie-domain](#cookie-affinity)|string| +|[nginx.ingress.kubernetes.io/session-cookie-expires](#cookie-affinity)|string| +|[nginx.ingress.kubernetes.io/session-cookie-max-age](#cookie-affinity)|string| +|[nginx.ingress.kubernetes.io/session-cookie-name](#cookie-affinity)|string|default "INGRESSCOOKIE"| +|[nginx.ingress.kubernetes.io/session-cookie-path](#cookie-affinity)|string| +|[nginx.ingress.kubernetes.io/session-cookie-samesite](#cookie-affinity)|string|"None", "Lax" or "Strict"| +|[nginx.ingress.kubernetes.io/session-cookie-secure](#cookie-affinity)|string| |[nginx.ingress.kubernetes.io/ssl-redirect](#server-side-https-enforcement-through-redirect)|"true" or "false"| |[nginx.ingress.kubernetes.io/ssl-passthrough](#ssl-passthrough)|"true" or "false"| |[nginx.ingress.kubernetes.io/stream-snippet](#stream-snippet)|string| @@ -193,6 +196,12 @@ Use `nginx.ingress.kubernetes.io/session-cookie-domain` to set the `Domain` attr Use `nginx.ingress.kubernetes.io/session-cookie-samesite` to apply a `SameSite` attribute to the sticky cookie. Browser accepted values are `None`, `Lax`, and `Strict`. Some browsers reject cookies with `SameSite=None`, including those created before the `SameSite=None` specification (e.g. Chrome 5X). Other browsers mistakenly treat `SameSite=None` cookies as `SameSite=Strict` (e.g. Safari running on OSX 14). To omit `SameSite=None` from browsers with these incompatibilities, add the annotation `nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"`. +Use `nginx.ingress.kubernetes.io/session-cookie-expires` to control the cookie expires, its value is a number of seconds until the cookie expires. + +Use `nginx.ingress.kubernetes.io/session-cookie-path` to control the cookie path when use-regex is set to true. + +Use `nginx.ingress.kubernetes.io/session-cookie-change-on-failure` to control the cookie change after request failure. + ### Authentication It is possible to add authentication by adding additional annotations in the Ingress rule. The source of the authentication is a secret that contains usernames and passwords. From 02e6ebc95a7615e7dfb9729f1dd11a1981d54a07 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sat, 27 Jan 2024 12:33:50 -0300 Subject: [PATCH 026/154] Add OTEL build test and for NGINX v1.25 (#10889) * Add OTEL build test * Simplify otel compilation * Remove http2 deprecated arg * Move image build to CI * Turn image from scratch to optimize usage * rollback image from scratch * Final reviews on nginx v1.25 image * Remove s390x from final image --- .github/workflows/ci.yaml | 39 ++-- .github/workflows/images.yaml | 56 ++++++ .github/workflows/nginx125.yaml | 167 ------------------ .github/workflows/zz-tmpl-k8s-e2e.yaml | 3 +- Makefile | 4 +- images/nginx-1.25/Makefile | 6 +- images/nginx-1.25/cloudbuild.yaml | 2 +- images/nginx-1.25/rootfs/Dockerfile | 3 + images/nginx-1.25/rootfs/build.sh | 45 ++++- images/opentelemetry/Makefile | 69 ++++++++ images/opentelemetry/cloudbuild.yaml | 3 +- images/opentelemetry/rootfs/CMakeLists.txt | 95 +--------- images/opentelemetry/rootfs/Dockerfile | 17 +- images/opentelemetry/rootfs/build.sh | 100 +++-------- .../ingress/controller/template/template.go | 7 +- rootfs/Dockerfile | 1 - rootfs/Dockerfile-chroot | 1 - rootfs/etc/nginx/template/nginx.tmpl | 6 +- test/e2e/settings/opentelemetry.go | 22 --- test/e2e/wait-for-nginx.sh | 10 -- 20 files changed, 247 insertions(+), 409 deletions(-) delete mode 100644 .github/workflows/nginx125.yaml create mode 100644 images/opentelemetry/Makefile diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index eb8815fb8..2c6bef636 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,6 +9,7 @@ on: - 'deploy/**' - '**.md' - 'images/**' # Images changes should be tested on their own workflow + - '!images/nginx-1.25/**' push: branches: @@ -41,6 +42,7 @@ jobs: outputs: go: ${{ steps.filter.outputs.go }} charts: ${{ steps.filter.outputs.charts }} + baseimage: ${{ steps.filter.outputs.baseimage }} steps: @@ -64,6 +66,8 @@ jobs: - 'charts/ingress-nginx/Chart.yaml' - 'charts/ingress-nginx/**/*' - 'NGINX_BASE' + baseimage: + - 'images/nginx-1.25/**' test-go: runs-on: ubuntu-latest @@ -89,8 +93,10 @@ jobs: runs-on: ubuntu-latest needs: changes if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') - + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') + + env: + PLATFORMS: linux/amd64 steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -119,7 +125,14 @@ jobs: curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl - + + - name: Build NGINX Base image + if: | + needs.changes.outputs.baseimage == 'true' + run: | + export TAG=$(cat images/nginx-1.25/TAG) + cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t gcr.io/k8s-staging-ingress-nginx/nginx-1.25:${TAG} . + - name: Build images env: TAG: 1.0.0-dev @@ -127,7 +140,8 @@ jobs: REGISTRY: ingress-controller run: | echo "building images..." - make clean-image build image image-chroot + export TAGNGINX=$(cat images/nginx-1.25/TAG) + make BASE_IMAGE=gcr.io/k8s-staging-ingress-nginx/nginx-1.25:${TAGNGINX} clean-image build image image-chroot make -C test/e2e-image image echo "creating images cache..." @@ -150,11 +164,11 @@ jobs: - changes - build if: | - (needs.changes.outputs.charts == 'true') + (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: - k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, v1.29.0] + k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] steps: - name: Checkout @@ -222,6 +236,7 @@ jobs: KIND_CLUSTER_NAME: kind SKIP_CLUSTER_CREATION: true SKIP_IMAGE_CREATION: true + SKIP_INGRESS_IMAGE_CREATION: true run: | kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-chart-tests @@ -232,10 +247,10 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: - k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, v1.29.0] + k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml with: k8s-version: ${{ matrix.k8s }} @@ -246,10 +261,10 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: - k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, v1.29.0] + k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml with: k8s-version: ${{ matrix.k8s }} @@ -261,10 +276,10 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: - k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, v1.29.0] + k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml with: k8s-version: ${{ matrix.k8s }} diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index fcb02f635..7eb07cfc3 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -36,6 +36,8 @@ jobs: kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }} ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }} nginx: ${{ steps.filter.outputs.nginx }} + nginx125: ${{ steps.filter.outputs.nginx125 }} + opentelemetry: ${{ steps.filter.outputs.opentelemetry }} steps: - name: Checkout @@ -63,6 +65,10 @@ jobs: - 'images/ext-auth-example-authsvc/**' nginx: - 'images/nginx/**' + opentelemetry: + - 'images/opentelemetry/**' + nginx125: + - 'images/nginx-1.25/TAG' #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here) cfssl: @@ -179,3 +185,53 @@ jobs: uses: github/codeql-action/upload-sarif@v3.23.1 with: sarif_file: 'trivy-results.sarif' + + opentelemetry: + runs-on: ubuntu-latest + env: + PLATFORMS: linux/amd64,linux/arm,linux/arm64 + needs: changes + if: | + (needs.changes.outputs.opentelemetry == 'true') + strategy: + matrix: + nginx: ['1.25.3', '1.21.6'] + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: image build + run: | + cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build + + nginx125: + permissions: + contents: write + packages: write + runs-on: ubuntu-latest + needs: changes + if: | + (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx125 == 'true') + env: + PLATFORMS: linux/amd64,linux/arm,linux/arm64 + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + with: + version: latest + platforms: ${{ env.PLATFORMS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: build-image + run: | + export TAG=$(cat images/nginx-1.25/TAG) + cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push --load -t ingressnginx/nginx-1.25:${TAG} . + + \ No newline at end of file diff --git a/.github/workflows/nginx125.yaml b/.github/workflows/nginx125.yaml deleted file mode 100644 index 4dfed9567..000000000 --- a/.github/workflows/nginx125.yaml +++ /dev/null @@ -1,167 +0,0 @@ -name: NGINX v1.25 Image - -on: - pull_request: - branches: - - "*" - paths: - - 'images/nginx-1.25/**' - push: - branches: - - main - paths: - - 'images/nginx-1.25/**' - -permissions: - contents: read - -jobs: - changes: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - outputs: - nginx: ${{ steps.filter.outputs.nginx }} - tag: ${{ steps.filter.outputs.tag }} - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - nginx: - - 'images/nginx-1.25/**' - tag: - - 'images/nginx-1.25/TAG' - - build: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - needs: changes - if: | - (github.event_name != 'push' && github.ref != 'refs/heads/main' && needs.changes.outputs.nginx == 'true') - env: - PLATFORMS: linux/amd64 - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Set up Go - id: go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: '1.21.5' - check-latest: true - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - with: - version: latest - platforms: ${{ env.PLATFORMS }} - - name: Prepare Host - run: | - curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl - chmod +x ./kubectl - sudo mv ./kubectl /usr/local/bin/kubectl - - name: build-image - run: | - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t nginx-1.25:1.0.0-dev . - - name: load-image - run: | - make clean-image build - make -C test/e2e-image image - docker build \ - --platform linux \ - --no-cache \ - --build-arg BASE_IMAGE="nginx-1.25:1.0.0-dev" \ - --build-arg VERSION="0.0.1-${{ github.sha }}" \ - --build-arg TARGETARCH="amd64" \ - --build-arg COMMIT_SHA="git-${{ github.sha }}" \ - --build-arg BUILD_ID=""UNSET"" \ - -t ingress-controller/controller:1.0.0-dev rootfs - docker save \ - nginx-ingress-controller:e2e \ - ingress-controller/controller:1.0.0-dev \ - nginx-1.25:1.0.0-dev \ - | gzip > docker.tar.gz - - name: cache - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 - with: - name: docker.tar.gz - path: docker.tar.gz - retention-days: 2 - - e2e-test: - name: Kubernetes - runs-on: ubuntu-latest - needs: - - build - strategy: - matrix: - k8s: [v1.27.3, v1.28.0, v1.29.0] - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: cache - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 - with: - name: docker.tar.gz - - - name: Create Kubernetes ${{ matrix.k8s }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load - - - name: Run e2e tests - env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true - SKIP_IMAGE_CREATION: true - SKIP_OPENTELEMETRY_TESTS: true - run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind - make NGINX_BASE_IMAGE="nginx-1.25:1.0.0-dev" kind-e2e-test - - push: - permissions: - contents: write - packages: write - runs-on: ubuntu-latest - needs: changes - if: | - (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.tag == 'true') - env: - PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - with: - version: latest - platforms: ${{ env.PLATFORMS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: build-image - run: | - export TAG=$(cat images/nginx-1.25/TAG) - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push --load -t ingressnginx/nginx-1.25:${TAG} . - diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index d2941eb15..7709e9637 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -41,7 +41,8 @@ jobs: env: KIND_CLUSTER_NAME: kind SKIP_CLUSTER_CREATION: true - SKIP_IMAGE_CREATION: true + SKIP_INGRESS_IMAGE_CREATION: true + SKIP_E2E_IMAGE_CREATION: true ENABLE_VALIDATIONS: ${{ inputs.variation == 'VALIDATIONS' }} IS_CHROOT: ${{ inputs.variation == 'CHROOT' }} run: | diff --git a/Makefile b/Makefile index 964889532..5a2d81dd4 100644 --- a/Makefile +++ b/Makefile @@ -231,8 +231,8 @@ ensure-buildx: show-version: echo -n $(TAG) -PLATFORMS ?= amd64 arm arm64 s390x -BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64,linux/s390x +PLATFORMS ?= amd64 arm arm64 +BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64 .PHONY: release # Build a multi-arch docker image release: ensure-buildx clean diff --git a/images/nginx-1.25/Makefile b/images/nginx-1.25/Makefile index 527dfa8fb..e03197109 100644 --- a/images/nginx-1.25/Makefile +++ b/images/nginx-1.25/Makefile @@ -22,17 +22,17 @@ INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh # 0.0.0 shouldn't clobber any released builds SHORT_SHA ?=$(shell git rev-parse --short HEAD) -TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA) +TAG ?=$(shell cat TAG) REGISTRY ?= gcr.io/k8s-staging-ingress-nginx -IMAGE = $(REGISTRY)/nginx +IMAGE = $(REGISTRY)/nginx-1.25 # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled # build with buildx -PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x +PLATFORMS?=linux/amd64,linux/arm,linux/arm64 OUTPUT= PROGRESS=plain build: ensure-buildx diff --git a/images/nginx-1.25/cloudbuild.yaml b/images/nginx-1.25/cloudbuild.yaml index e3902c785..c94539165 100644 --- a/images/nginx-1.25/cloudbuild.yaml +++ b/images/nginx-1.25/cloudbuild.yaml @@ -1,7 +1,7 @@ timeout: 10800s options: substitution_option: ALLOW_LOOSE - # job builds a multi-arch docker image for amd64,arm,arm64 and s390x. + # job builds a multi-arch docker image for amd64,arm,arm64 machineType: E2_HIGHCPU_32 steps: - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90' diff --git a/images/nginx-1.25/rootfs/Dockerfile b/images/nginx-1.25/rootfs/Dockerfile index 8996547e6..ad0c9d654 100644 --- a/images/nginx-1.25/rootfs/Dockerfile +++ b/images/nginx-1.25/rootfs/Dockerfile @@ -48,6 +48,9 @@ RUN apk update \ yaml-cpp \ dumb-init \ tzdata \ + grpc-cpp \ + libprotobuf \ + && apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing opentelemetry-cpp-exporter-otlp-common opentelemetry-cpp-exporter-otlp-grpc \ && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \ && adduser -S -D -H -u 101 -h /usr/local/nginx \ -s /sbin/nologin -G www-data -g www-data www-data \ diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh index d88527e88..0fded23d6 100755 --- a/images/nginx-1.25/rootfs/build.sh +++ b/images/nginx-1.25/rootfs/build.sh @@ -129,6 +129,7 @@ get_src() } # install required packages to build +# Dependencies from "ninja" and below are OTEL dependencies apk add \ bash \ gcc \ @@ -165,7 +166,22 @@ apk add \ unzip \ dos2unix \ yaml-cpp \ - coreutils + coreutils \ + ninja \ + gtest-dev \ + git \ + build-base \ + pkgconfig \ + c-ares-dev \ + re2-dev \ + grpc-dev \ + protobuf-dev + +apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing opentelemetry-cpp-dev + +# There is some bug with some platforms and git, so force HTTP/1.1 +git config --global http.version HTTP/1.1 +git config --global http.postBuffer 157286400 mkdir -p /etc/nginx @@ -472,6 +488,33 @@ make make modules make install +export OPENTELEMETRY_CONTRIB_COMMIT=aaa51e2297bcb34297f3c7aa44fa790497d2f7f3 +cd "$BUILD_PATH" + +git clone https://github.com/open-telemetry/opentelemetry-cpp-contrib.git opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT} + +cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT} +git reset --hard ${OPENTELEMETRY_CONTRIB_COMMIT} + +export OTEL_TEMP_INSTALL=/tmp/otel +mkdir -p ${OTEL_TEMP_INSTALL} + +cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT}/instrumentation/nginx +mkdir -p build +cd build +cmake -DCMAKE_BUILD_TYPE=Release \ + -G Ninja \ + -DCMAKE_CXX_STANDARD=17 \ + -DCMAKE_INSTALL_PREFIX=${OTEL_TEMP_INSTALL} \ + -DBUILD_SHARED_LIBS=ON \ + -DNGINX_VERSION=${NGINX_VERSION} \ + .. +cmake --build . -j ${CORES} --target install + +mkdir -p /etc/nginx/modules +cp ${OTEL_TEMP_INSTALL}/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so + + cd "$BUILD_PATH/lua-resty-core" make install diff --git a/images/opentelemetry/Makefile b/images/opentelemetry/Makefile new file mode 100644 index 000000000..eae435bef --- /dev/null +++ b/images/opentelemetry/Makefile @@ -0,0 +1,69 @@ +# Copyright 2024 The Kubernetes Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.DEFAULT_GOAL:=build + +# set default shell +SHELL=/bin/bash -o pipefail -o errexit + +DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) +INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh + +# 0.0.0 shouldn't clobber any released builds +SHORT_SHA ?=$(shell git rev-parse --short HEAD) +TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA) + +REGISTRY ?= gcr.io/k8s-staging-ingress-nginx + +IMAGE = $(REGISTRY)/opentelemetry + +# required to enable buildx +export DOCKER_CLI_EXPERIMENTAL=enabled + +# build with buildx +PLATFORMS?=linux/amd64,linux/arm,linux/arm64 +OUTPUT= +PROGRESS=plain + +precheck: +ifndef NGINX_VERSION + $(error NGINX_VERSION variable is required) +endif + +build: precheck ensure-buildx + docker buildx build \ + --label=org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx \ + --label=org.opencontainers.image.licenses=Apache-2.0 \ + --label=org.opencontainers.image.description="Ingress NGINX Opentelemetry image" \ + --platform=${PLATFORMS} $(OUTPUT) \ + --progress=$(PROGRESS) \ + --build-arg=NGINX_VERSION=$(NGINX_VERSION) \ + --pull \ + --tag $(IMAGE)-$(NGINX_VERSION):$(TAG) rootfs + +# push the cross built image +push: OUTPUT=--push +push: build + +# enable buildx +ensure-buildx: +# this is required for cloudbuild +ifeq ("$(wildcard $(INIT_BUILDX))","") + @curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash +else + @exec $(INIT_BUILDX) +endif + @echo "done" + +.PHONY: build precheck push ensure-buildx diff --git a/images/opentelemetry/cloudbuild.yaml b/images/opentelemetry/cloudbuild.yaml index 6705dac87..bc48a93f4 100644 --- a/images/opentelemetry/cloudbuild.yaml +++ b/images/opentelemetry/cloudbuild.yaml @@ -16,4 +16,5 @@ steps: - -c - | gcloud auth configure-docker \ - && cd images/ && make NAME=opentelemetry push + && cd images/opentelemetry && make NGINX_VERSION=1.25.3 push \ + && make NGINX_VERSION=1.21.6 push diff --git a/images/opentelemetry/rootfs/CMakeLists.txt b/images/opentelemetry/rootfs/CMakeLists.txt index a1ff85b49..1c68d6fc6 100644 --- a/images/opentelemetry/rootfs/CMakeLists.txt +++ b/images/opentelemetry/rootfs/CMakeLists.txt @@ -64,98 +64,9 @@ find_package(OpenSSL REQUIRED) message("OpenSSL include dir: ${OPENSSL_INCLUDE_DIR}") message("OpenSSL libraries: ${OPENSSL_LIBRARIES}") -set(GRPC_GIT_TAG - "v1.45.2" - CACHE STRING "gRPC version") - -include(ExternalProject) -set(ABSEIL_GIT_TAG "20230802.1" CACHE STRING "Abseil version") - -ExternalProject_Add( - Abseil - GIT_REPOSITORY https://github.com/abseil/abseil-cpp.git - GIT_TAG ${ABSEIL_GIT_TAG} - GIT_SHALLOW 1 - UPDATE_COMMAND "" - CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${STAGED_INSTALL_PREFIX} - -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} - -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER} - -DCMAKE_CXX_STANDARD=${CMAKE_CXX_STANDARD} - -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} - USES_TERMINAL_BUILD TRUE - DOWNLOAD_NO_PROGRESS TRUE - LOG_CONFIGURE TRUE - LOG_BUILD TRUE - LOG_INSTALL TRUE) - -# RE2 settings -set(RE2_GIT_TAG "2023-11-01" CACHE STRING "RE2 version") - -ExternalProject_Add( - RE2 - DEPENDS Abseil - GIT_REPOSITORY https://github.com/google/re2.git - GIT_TAG ${RE2_GIT_TAG} - GIT_SHALLOW 1 - UPDATE_COMMAND "" - CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${STAGED_INSTALL_PREFIX} - -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} - -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER} - -DCMAKE_CXX_STANDARD=${CMAKE_CXX_STANDARD} - -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} - USES_TERMINAL_BUILD TRUE - DOWNLOAD_NO_PROGRESS TRUE - LOG_CONFIGURE TRUE - LOG_BUILD TRUE - LOG_INSTALL TRUE) - -ExternalProject_Add( - gRPC - DEPENDS Abseil RE2 - GIT_REPOSITORY https://github.com/grpc/grpc.git - GIT_TAG ${GRPC_GIT_TAG} - GIT_SHALLOW 1 - UPDATE_COMMAND "" - CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${STAGED_INSTALL_PREFIX} - -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} - -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER} - -DgRPC_SSL_PROVIDER=package - -DgRPC_RE2_PROVIDER=package - -DgRPC_ABSEIL_PROVIDER=package - -DOPENSSL_ROOT_DIR=OpenSSL - -DgRPC_BUILD_TESTS=OFF - -DBUILD_SHARED_LIBS=OFF - -DgRPC_INSTALL=ON - -DgRPC_BUILD_GRPC_NODE_PLUGIN=OFF - -DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=OFF - -DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF - -DgRPC_BUILD_GRPC_PYTHON_PLUGIN=OFF - -DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF - -DgRPC_BUILD_GRPC_NODE_PLUGIN=OFF - -DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=OFF - -DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF - -DgRPC_BUILD_GRPC_PYTHON_PLUGIN=OFF - -DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF - -DgRPC_USE_PROTO_LITE=OFF - -DgRPC_BUILD_CSHARP_EXT=OFF - -DgRPC_BUILD_GRPC_CSHARP_PLUGIN=OFF - -DgRPC_BUILD_GRPC_JAVA_PLUGIN=OFF - -DgRPC_BUILD_GRPC_GRPC_JAVA_PLUGIN=OFF - -DgRPC_BUILD_GRPC_WEB_PLUGIN=OFF - -DgRPC_BUILD_GRPC_C_PLUGIN=OFF - -DgRPC_BUILD_GRPC_NODE_PLUGIN=OFF - -DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN=OFF - -DgRPC_BUILD_GRPC_PHP_PLUGIN=OFF - -DgRPC_BUILD_GRPC_PYTHON_PLUGIN=OFF - -DgRPC_BUILD_GRPC_RUBY_PLUGIN=OFF - -DCMAKE_CXX_STANDARD=${CMAKE_CXX_STANDARD} - CMAKE_CACHE_ARGS -DCMAKE_CXX_FLAGS:STRING=${CMAKE_CXX_FLAGS} - TEST_AFTER_INSTALL FALSE - USES_TERMINAL_BUILD TRUE - DOWNLOAD_NO_PROGRESS TRUE - LOG_CONFIGURE TRUE - LOG_BUILD TRUE - LOG_INSTALL TRUE) +find_package(Protobuf REQUIRED) +find_package(gRPC REQUIRED) +find_package(OpentelemetryCPP REQUIRED) install( DIRECTORY ${STAGED_INSTALL_PREFIX}/ diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index e568237c2..b6a0a595b 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -26,23 +26,12 @@ RUN apk update \ ENV NINJA_STATUS "[%p/%f/%t] " -# install gRPC -FROM base as grpc -RUN bash /opt/third_party/build.sh -g v1.60.0 - - -# install OpenTelemetry-cpp -FROM base as otel-cpp -COPY --from=grpc /opt/third_party/install/ /usr -RUN bash /opt/third_party/build.sh -o v1.11.0 - # install otel_ngx_module.so FROM base as nginx -COPY --from=grpc /opt/third_party/install/ /usr -COPY --from=otel-cpp /opt/third_party/install/ /usr -RUN bash /opt/third_party/build.sh -n +ARG NGINX_VERSION=1.25.3 +RUN bash /opt/third_party/build.sh -n ${NGINX_VERSION} -FROM cgr.dev/chainguard/go:latest as build-init +FROM golang:1.21.6-bullseye as build-init WORKDIR /go/src/app COPY . . diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index 8b491589f..d46ab9fe5 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -17,12 +17,12 @@ set -o errexit set -o nounset set -o pipefail - -export GRPC_GIT_TAG=${GRPC_GIT_TAG:="v1.43.2"} +set -x # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp/compare/v1.2.0...main -export OPENTELEMETRY_CPP_VERSION=${OPENTELEMETRY_CPP_VERSION:="1.2.0"} -export ABSL_CPP_VERSION=${ABSL_CPP_VERSION:="20230802.0"} -export INSTAL_DIR=/opt/third_party/install +export OPENTELEMETRY_CPP_VERSION=${OPENTELEMETRY_CPP_VERSION:="v1.11.0"} +export INSTALL_DIR=/opt/third_party/install + +export NGINX_VERSION=${NGINX_VERSION:="1.25.3"} # improve compilation times CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1)) @@ -41,10 +41,9 @@ Help() # Display Help echo "Add description of the script functions here." echo - echo "Syntax: scriptTemplate [-h|g|o|n|p|]" + echo "Syntax: scriptTemplate [-h|o|n|p|]" echo "options:" echo "h Print Help." - echo "g gRPC git tag" echo "o OpenTelemetry git tag" echo "n install nginx" echo "p prepare" @@ -53,6 +52,7 @@ Help() prepare() { + echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories apk add \ linux-headers \ cmake \ @@ -65,48 +65,26 @@ prepare() pcre-dev \ curl \ git \ - build-base -} + build-base \ + coreutils \ + build-base \ + openssl-dev \ + pkgconfig \ + c-ares-dev \ + re2-dev \ + grpc-dev \ + protobuf-dev \ + opentelemetry-cpp-dev -install_grpc() -{ - mkdir -p $BUILD_PATH/grpc - cd ${BUILD_PATH}/grpc - cmake -DCMAKE_INSTALL_PREFIX=${INSTAL_DIR} \ - -G Ninja \ - -DGRPC_GIT_TAG=${GRPC_GIT_TAG} /opt/third_party - - cmake --build . -j ${CORES} --target all install --verbose -} - -install_absl() -{ - cd ${BUILD_PATH} - export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+LD_LIBRARY_PATH:}${INSTAL_DIR}/lib:/usr/local" - export PATH="${PATH}:${INSTAL_DIR}/bin" - git clone --recurse-submodules -j ${CORES} --depth=1 -b \ - ${ABSL_CPP_VERSION} https://github.com/abseil/abseil-cpp.git abseil-cpp-${ABSL_CPP_VERSION} - cd "abseil-cpp-${ABSL_CPP_VERSION}" - mkdir -p .build - cd .build - - cmake -DCMAKE_BUILD_TYPE=Release \ - -G Ninja \ - -DCMAKE_CXX_STANDARD=17 \ - -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE \ - -DBUILD_TESTING=OFF \ - -DCMAKE_INSTALL_PREFIX=${INSTAL_DIR} \ - -DABSL_PROPAGATE_CXX_STD=ON \ - -DBUILD_SHARED_LIBS=OFF \ - .. - cmake --build . -j ${CORES} --target install + git config --global http.version HTTP/1.1 + git config --global http.postBuffer 157286400 } install_otel() { cd ${BUILD_PATH} - export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+LD_LIBRARY_PATH:}${INSTAL_DIR}/lib:/usr/local" - export PATH="${PATH}:${INSTAL_DIR}/bin" + export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+LD_LIBRARY_PATH:}${INSTALL_DIR}/lib:/usr/local" + export PATH="${PATH}:${INSTALL_DIR}/bin" git clone --recurse-submodules -j ${CORES} --depth=1 -b \ ${OPENTELEMETRY_CPP_VERSION} https://github.com/open-telemetry/opentelemetry-cpp.git opentelemetry-cpp-${OPENTELEMETRY_CPP_VERSION} cd "opentelemetry-cpp-${OPENTELEMETRY_CPP_VERSION}" @@ -118,7 +96,7 @@ install_otel() -DCMAKE_CXX_STANDARD=17 \ -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE \ -DWITH_ZIPKIN=OFF \ - -DCMAKE_INSTALL_PREFIX=${INSTAL_DIR} \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ -DBUILD_TESTING=OFF \ -DWITH_BENCHMARK=OFF \ -DWITH_FUNC_TESTS=OFF \ @@ -132,23 +110,8 @@ install_otel() cmake --build . -j ${CORES} --target install } -get_src() -{ - hash="$1" - url="$2" - f=$(basename "$url") - - echo "Downloading $url" - - curl -sSL --fail-with-body "$url" -o "$f" - echo "$hash $f" | sha256sum -c - || exit 10 - tar xzf "$f" - rm -rf "$f" -} - install_nginx() { - export NGINX_VERSION=1.25.3 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main export OPENTELEMETRY_CONTRIB_COMMIT=aaa51e2297bcb34297f3c7aa44fa790497d2f7f3 @@ -170,39 +133,28 @@ install_nginx() cmake -DCMAKE_BUILD_TYPE=Release \ -G Ninja \ -DCMAKE_CXX_STANDARD=17 \ - -DCMAKE_INSTALL_PREFIX=${INSTAL_DIR} \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ -DBUILD_SHARED_LIBS=ON \ -DNGINX_VERSION=${NGINX_VERSION} \ .. cmake --build . -j ${CORES} --target install mkdir -p /etc/nginx/modules - cp ${INSTAL_DIR}/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so + cp ${INSTALL_DIR}/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so } -while getopts ":pha:g:o:n" option; do +while getopts ":phn:" option; do case $option in h) # display Help Help exit;; - g) # install gRPC with git tag - GRPC_GIT_TAG=${OPTARG} - install_grpc - exit;; - o) # install OpenTelemetry tag - OPENTELEMETRY_CPP_VERSION=${OPTARG} - install_otel - exit;; p) # prepare prepare exit;; n) # install nginx + NGINX_VERSION=${OPTARG} install_nginx exit;; - a) # install abseil - ABSL_CPP_VERSION=${OPTARG} - install_absl - exit;; \?) Help exit;; diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index 7410ce6e0..f08eee498 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -1501,13 +1501,8 @@ func httpsListener(addresses []string, co string, tc *config.TemplateConfig) []s } } - lo = append(lo, co, "ssl") + lo = append(lo, co, "ssl;") - if tc.Cfg.UseHTTP2 { - lo = append(lo, "http2") - } - - lo = append(lo, ";") out = append(out, strings.Join(lo, " ")) } diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 86517c6c1..a04cfe3de 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -84,5 +84,4 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log ENTRYPOINT ["/usr/bin/dumb-init", "--"] - CMD ["/nginx-ingress-controller"] diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index a210aa7bf..b52cbddf9 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -119,7 +119,6 @@ RUN mkdir -p /chroot/modules_mount \ USER www-data EXPOSE 80 443 - ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["/nginx-ingress-controller"] diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 94dc12412..d58be2880 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -30,7 +30,7 @@ load_module /etc/nginx/modules/ngx_http_modsecurity_module.so; {{ end }} {{ if (shouldLoadOpentelemetryModule $cfg $servers) }} -load_module /modules_mount/etc/nginx/modules/otel/otel_ngx_module.so; +load_module /etc/nginx/modules/otel_ngx_module.so; {{ end }} daemon off; @@ -658,6 +658,10 @@ http { server { server_name {{ buildServerName $server.Hostname }} {{range $server.Aliases }}{{ . }} {{ end }}; + {{ if $cfg.UseHTTP2 }} + http2 on; + {{ end }} + {{ if gt (len $cfg.BlockUserAgents) 0 }} if ($block_ua) { return 403; diff --git a/test/e2e/settings/opentelemetry.go b/test/e2e/settings/opentelemetry.go index af946f277..b5fc6ff4e 100644 --- a/test/e2e/settings/opentelemetry.go +++ b/test/e2e/settings/opentelemetry.go @@ -17,7 +17,6 @@ limitations under the License. package settings import ( - "os" "strings" "github.com/onsi/ginkgo/v2" @@ -40,12 +39,6 @@ const ( var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { f := framework.NewDefaultFramework("enable-opentelemetry") - shouldSkip := false - skip, ok := os.LookupEnv("SKIP_OPENTELEMETRY_TESTS") - if ok && skip == enable { - shouldSkip = true - } - ginkgo.BeforeEach(func() { f.NewEchoDeployment() }) @@ -54,9 +47,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should not exists opentelemetry directive", func() { - if shouldSkip { - ginkgo.Skip("skipped") - } config := map[string]string{} config[enableOpentelemetry] = disable f.SetNginxConfigMapData(config) @@ -70,9 +60,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should exists opentelemetry directive when is enabled", func() { - if shouldSkip { - ginkgo.Skip("skipped") - } config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath @@ -87,9 +74,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should include opentelemetry_trust_incoming_spans on directive when enabled", func() { - if shouldSkip { - ginkgo.Skip("skipped") - } config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath @@ -105,9 +89,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should not exists opentelemetry_operation_name directive when is empty", func() { - if shouldSkip { - ginkgo.Skip("skipped") - } config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath @@ -123,9 +104,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should exists opentelemetry_operation_name directive when is configured", func() { - if shouldSkip { - ginkgo.Skip("skipped") - } config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath diff --git a/test/e2e/wait-for-nginx.sh b/test/e2e/wait-for-nginx.sh index 0726bde10..d2529e348 100755 --- a/test/e2e/wait-for-nginx.sh +++ b/test/e2e/wait-for-nginx.sh @@ -48,16 +48,6 @@ metadata: EOF -OTEL_MODULE=$(cat < Date: Sat, 27 Jan 2024 22:15:14 -0300 Subject: [PATCH 027/154] Bump go to v1.21.6 and set a single source of truth (#10926) --- .github/workflows/ci.yaml | 16 +++- .github/workflows/golangci-lint.yml | 5 +- .github/workflows/images.yaml | 8 +- .github/workflows/plugin.yaml | 5 +- GOLANG_VERSION | 1 + Makefile | 4 +- build/build.sh | 25 ++--- build/run-in-docker.sh | 11 +-- go.mod | 2 +- go.work | 2 +- go.work.sum | 93 ++++++++++++++++++- images/Makefile | 3 + images/custom-error-pages/rootfs/Dockerfile | 4 +- images/custom-error-pages/rootfs/go.mod | 2 +- .../rootfs/Dockerfile | 4 +- images/ext-auth-example-authsvc/rootfs/go.mod | 2 +- images/fastcgi-helloserver/rootfs/Dockerfile | 3 +- .../go-grpc-greeter-server/rootfs/Dockerfile | 4 +- images/httpbun/rootfs/Dockerfile | 4 +- images/kube-webhook-certgen/rootfs/Dockerfile | 6 +- images/kube-webhook-certgen/rootfs/go.mod | 2 +- images/opentelemetry/rootfs/go.mod | 2 +- images/test-runner/Makefile | 6 +- magefiles/go.mod | 2 +- 24 files changed, 166 insertions(+), 50 deletions(-) create mode 100644 GOLANG_VERSION diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2c6bef636..19dc44746 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -78,11 +78,14 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Get go version + run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV + - name: Set up Go id: go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.5' + go-version: ${{ env.GOLANG_VERSION }} check-latest: true - name: Run test @@ -92,6 +95,8 @@ jobs: name: Build runs-on: ubuntu-latest needs: changes + outputs: + golangversion: ${{ steps.golangversion.outputs.version }} if: | (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') @@ -100,12 +105,17 @@ jobs: steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Get go version + id: golangversion + run: | + echo "version=$(cat GOLANG_VERSION)" >> "$GITHUB_OUTPUT" - name: Set up Go id: go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.5' + go-version: ${{ steps.golangversion.outputs.version }} check-latest: true - name: Set up QEMU @@ -177,7 +187,7 @@ jobs: - name: Setup Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.5' + go-version: ${{ needs.build.outputs.golangversion }} check-latest: true - name: Install Helm Unit Test Plugin diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 0a856adeb..16c3fe8fc 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -18,11 +18,14 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Get go version + run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV + - name: Set up Go id: go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.5' + go-version: ${{ env.GOLANG_VERSION }} check-latest: true - name: golangci-lint diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 7eb07cfc3..8a41cdac6 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -142,15 +142,19 @@ jobs: (needs.changes.outputs.kube-webhook-certgen == 'true') strategy: matrix: - k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, 1.29.0] + k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, v1.29.0] steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Get go version + run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV + - name: Set up Go id: go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.5' + go-version: ${{ env.GOLANG_VERSION }} check-latest: true - name: image build run: | diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 9cc3a4a3c..fe99b2444 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -16,10 +16,13 @@ jobs: with: fetch-depth: 0 + - name: Get go version + run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV + - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: '1.21.5' + go-version: ${{ env.GOLANG_VERSION }} check-latest: true - name: Run GoReleaser Snapshot diff --git a/GOLANG_VERSION b/GOLANG_VERSION new file mode 100644 index 000000000..6e83421e4 --- /dev/null +++ b/GOLANG_VERSION @@ -0,0 +1 @@ +1.21.6 \ No newline at end of file diff --git a/Makefile b/Makefile index 5a2d81dd4..d3830f163 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,8 @@ SHELL=/bin/bash -o pipefail -o errexit # Use the 0.0 tag for testing, it shouldn't clobber any release builds TAG ?= $(shell cat TAG) +GOLANG_VERSION ?= $(shell cat GOLANG_VERSION) + # e2e settings # Allow limiting the scope of the e2e tests. By default run everything FOCUS ?= @@ -105,7 +107,7 @@ clean-chroot-image: ## Removes local image .PHONY: build build: ## Build ingress controller, debug tool and pre-stop hook. - build/run-in-docker.sh \ + E2E_IMAGE=golang:$(GOLANG_VERSION)-alpine3.19 USE_SHELL=/bin/sh build/run-in-docker.sh \ MAC_OS=$(MAC_OS) \ PKG=$(PKG) \ ARCH=$(ARCH) \ diff --git a/build/build.sh b/build/build.sh index 1ae505d91..bbcaf78e8 100755 --- a/build/build.sh +++ b/build/build.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright 2018 The Kubernetes Authors. # @@ -25,24 +25,15 @@ set -o errexit set -o nounset set -o pipefail -declare -a mandatory -mandatory=( - PKG - ARCH - COMMIT_SHA - REPO_INFO - TAG -) -for var in "${mandatory[@]}"; do - if [[ -z "${!var:-}" ]]; then - echo "Environment variable $var must be set" - exit 1 - fi -done +if [ -z "$PKG" ] || [ -z "$ARCH" ] || [ -z "$COMMIT_SHA" ] || [ -z "$REPO_INFO" ] || [ -z "$TAG" ]; then + echo "Environments PKG, ARCH, COMMIT_SHA, REPO_INFO and TAG are required" + exit 1 +fi + export CGO_ENABLED=0 -export GOARCH=${ARCH} +export GOARCH="${ARCH}" TARGETS_DIR="rootfs/bin/${ARCH}" echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} directory." @@ -75,4 +66,4 @@ ${GO_BUILD_CMD} \ -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ -X ${PKG}/version.REPO=${REPO_INFO}" \ -buildvcs=false \ - -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown" + -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown" \ No newline at end of file diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 2eb8b5890..367f6138a 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -76,12 +76,7 @@ fi USER=${USER:-nobody} -#echo "..printing env & other vars to stdout" -#echo "HOSTNAME=`hostname`" -#uname -a -#env -#echo "DIND_ENABLED=$DOCKER_IN_DOCKER_ENABLED" -#echo "done..printing env & other vars to stdout" +USE_SHELL=${USE_SHELL:-"/bin/bash"} if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh" @@ -100,5 +95,5 @@ else args="$args -v /var/run/docker.sock:/var/run/docker.sock" fi - ${RUNTIME} run $args ${E2E_IMAGE} /bin/bash -c "${FLAGS}" -fi + ${RUNTIME} run $args ${E2E_IMAGE} ${USE_SHELL} -c "${FLAGS}" +fi \ No newline at end of file diff --git a/go.mod b/go.mod index 216f446f8..00d9a4ac2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx -go 1.21.5 +go 1.21 require ( dario.cat/mergo v1.0.0 diff --git a/go.work b/go.work index 3dd9bfdee..463239b63 100644 --- a/go.work +++ b/go.work @@ -1,4 +1,4 @@ -go 1.21.5 +go 1.21 use ( . diff --git a/go.work.sum b/go.work.sum index e45006894..d73c169de 100644 --- a/go.work.sum +++ b/go.work.sum @@ -1,10 +1,13 @@ cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= +cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk= cloud.google.com/go/accessapproval v1.7.1/go.mod h1:JYczztsHRMK7NTXb6Xw+dwbs/WnOJxbo/2mTI+Kgg68= cloud.google.com/go/accesscontextmanager v1.8.1/go.mod h1:JFJHfvuaTC+++1iL1coPiG1eu5D24db2wXCDWDjIrxo= cloud.google.com/go/aiplatform v1.45.0/go.mod h1:Iu2Q7sC7QGhXUeOhAj/oCK9a+ULz1O4AotZiqjQ8MYA= +cloud.google.com/go/aiplatform v1.50.0/go.mod h1:IRc2b8XAMTa9ZmfJV1BCCQbieWWvDnP1A8znyz5N7y4= cloud.google.com/go/analytics v0.21.2/go.mod h1:U8dcUtmDmjrmUTnnnRnI4m6zKn/yaA5N9RlEkYFHpQo= +cloud.google.com/go/analytics v0.21.3/go.mod h1:U8dcUtmDmjrmUTnnnRnI4m6zKn/yaA5N9RlEkYFHpQo= cloud.google.com/go/apigateway v1.6.1/go.mod h1:ufAS3wpbRjqfZrzpvLC2oh0MFlpRJm2E/ts25yyqmXA= cloud.google.com/go/apigeeconnect v1.6.1/go.mod h1:C4awq7x0JpLtrlQCr8AzVIzAaYgngRqWf9S5Uhg+wWs= cloud.google.com/go/apigeeregistry v0.7.1/go.mod h1:1XgyjZye4Mqtw7T9TsY4NW10U7BojBvG4RMD+vRDrIw= @@ -15,97 +18,142 @@ cloud.google.com/go/asset v1.14.1/go.mod h1:4bEJ3dnHCqWCDbWJ/6Vn7GVI9LerSi7Rfdi0 cloud.google.com/go/assuredworkloads v1.11.1/go.mod h1:+F04I52Pgn5nmPG36CWFtxmav6+7Q+c5QyJoL18Lry0= cloud.google.com/go/automl v1.13.1/go.mod h1:1aowgAHWYZU27MybSCFiukPO7xnyawv7pt3zK4bheQE= cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= +cloud.google.com/go/baremetalsolution v1.2.0/go.mod h1:68wi9AwPYkEWIUT4SvSGS9UJwKzNpshjHsH4lzk8iOw= cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= +cloud.google.com/go/batch v1.4.1/go.mod h1:KdBmDD61K0ovcxoRHGrN6GmOBWeAOyCgKD0Mugx4Fkk= cloud.google.com/go/beyondcorp v0.6.1/go.mod h1:YhxDWw946SCbmcWo3fAhw3V4XZMSpQ/VYfcKGAEU8/4= +cloud.google.com/go/beyondcorp v1.0.0/go.mod h1:YhxDWw946SCbmcWo3fAhw3V4XZMSpQ/VYfcKGAEU8/4= cloud.google.com/go/bigquery v1.52.0/go.mod h1:3b/iXjRQGU4nKa87cXeg6/gogLjO8C6PmuM8i5Bi/u4= +cloud.google.com/go/bigquery v1.55.0/go.mod h1:9Y5I3PN9kQWuid6183JFhOGOW3GcirA5LpsKCUn+2ec= cloud.google.com/go/billing v1.16.0/go.mod h1:y8vx09JSSJG02k5QxbycNRrN7FGZB6F3CAcgum7jvGA= +cloud.google.com/go/billing v1.17.0/go.mod h1:Z9+vZXEq+HwH7bhJkyI4OQcR6TSbeMrjlpEjO2vzY64= cloud.google.com/go/binaryauthorization v1.6.1/go.mod h1:TKt4pa8xhowwffiBmbrbcxijJRZED4zrqnwZ1lKH51U= +cloud.google.com/go/binaryauthorization v1.7.0/go.mod h1:Zn+S6QqTMn6odcMU1zDZCJxPjU2tZPV1oDl45lWY154= cloud.google.com/go/certificatemanager v1.7.1/go.mod h1:iW8J3nG6SaRYImIa+wXQ0g8IgoofDFRp5UMzaNk1UqI= cloud.google.com/go/channel v1.16.0/go.mod h1:eN/q1PFSl5gyu0dYdmxNXscY/4Fi7ABmeHCJNf/oHmc= +cloud.google.com/go/channel v1.17.0/go.mod h1:RpbhJsGi/lXWAUM1eF4IbQGbsfVlg2o8Iiy2/YLfVT0= cloud.google.com/go/cloudbuild v1.10.1/go.mod h1:lyJg7v97SUIPq4RC2sGsz/9tNczhyv2AjML/ci4ulzU= +cloud.google.com/go/cloudbuild v1.14.0/go.mod h1:lyJg7v97SUIPq4RC2sGsz/9tNczhyv2AjML/ci4ulzU= cloud.google.com/go/clouddms v1.6.1/go.mod h1:Ygo1vL52Ov4TBZQquhz5fiw2CQ58gvu+PlS6PVXCpZI= +cloud.google.com/go/clouddms v1.7.0/go.mod h1:MW1dC6SOtI/tPNCciTsXtsGNEM0i0OccykPvv3hiYeM= cloud.google.com/go/cloudtasks v1.11.1/go.mod h1:a9udmnou9KO2iulGscKR0qBYjreuX8oHwpmFsKspEvM= +cloud.google.com/go/cloudtasks v1.12.1/go.mod h1:a9udmnou9KO2iulGscKR0qBYjreuX8oHwpmFsKspEvM= cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI= cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/contactcenterinsights v1.9.1/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM= +cloud.google.com/go/contactcenterinsights v1.10.0/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM= cloud.google.com/go/container v1.22.1/go.mod h1:lTNExE2R7f+DLbAN+rJiKTisauFCaoDq6NURZ83eVH4= +cloud.google.com/go/container v1.26.0/go.mod h1:YJCmRet6+6jnYYRS000T6k0D0xUXQgBSaJ7VwI8FBj4= cloud.google.com/go/containeranalysis v0.10.1/go.mod h1:Ya2jiILITMY68ZLPaogjmOMNkwsDrWBSTyBubGXO7j0= +cloud.google.com/go/containeranalysis v0.11.0/go.mod h1:4n2e99ZwpGxpNcz+YsFT1dfOHPQFGcAC8FN2M2/ne/U= cloud.google.com/go/datacatalog v1.14.1/go.mod h1:d2CevwTG4yedZilwe+v3E3ZBDRMobQfSG/a6cCCN5R4= +cloud.google.com/go/datacatalog v1.17.1/go.mod h1:nCSYFHgtxh2MiEktWIz71s/X+7ds/UT9kp0PC7waCzE= cloud.google.com/go/dataflow v0.9.1/go.mod h1:Wp7s32QjYuQDWqJPFFlnBKhkAtiFpMTdg00qGbnIHVw= cloud.google.com/go/dataform v0.8.1/go.mod h1:3BhPSiw8xmppbgzeBbmDvmSWlwouuJkXsXsb8UBih9M= cloud.google.com/go/datafusion v1.7.1/go.mod h1:KpoTBbFmoToDExJUso/fcCiguGDk7MEzOWXUsJo0wsI= cloud.google.com/go/datalabeling v0.8.1/go.mod h1:XS62LBSVPbYR54GfYQsPXZjTW8UxCK2fkDciSrpRFdY= cloud.google.com/go/dataplex v1.8.1/go.mod h1:7TyrDT6BCdI8/38Uvp0/ZxBslOslP2X2MPDucliyvSE= +cloud.google.com/go/dataplex v1.9.1/go.mod h1:7TyrDT6BCdI8/38Uvp0/ZxBslOslP2X2MPDucliyvSE= cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= +cloud.google.com/go/dataproc/v2 v2.2.0/go.mod h1:lZR7AQtwZPvmINx5J87DSOOpTfof9LVZju6/Qo4lmcY= cloud.google.com/go/dataqna v0.8.1/go.mod h1:zxZM0Bl6liMePWsHA8RMGAfmTG34vJMapbHAxQ5+WA8= cloud.google.com/go/datastore v1.12.1/go.mod h1:KjdB88W897MRITkvWWJrg2OUtrR5XVj1EoLgSp6/N70= +cloud.google.com/go/datastore v1.14.0/go.mod h1:GAeStMBIt9bPS7jMJA85kgkpsMkvseWWXiaHya9Jes8= cloud.google.com/go/datastream v1.9.1/go.mod h1:hqnmr8kdUBmrnk65k5wNRoHSCYksvpdZIcZIEl8h43Q= +cloud.google.com/go/datastream v1.10.0/go.mod h1:hqnmr8kdUBmrnk65k5wNRoHSCYksvpdZIcZIEl8h43Q= cloud.google.com/go/deploy v1.11.0/go.mod h1:tKuSUV5pXbn67KiubiUNUejqLs4f5cxxiCNCeyl0F2g= +cloud.google.com/go/deploy v1.13.0/go.mod h1:tKuSUV5pXbn67KiubiUNUejqLs4f5cxxiCNCeyl0F2g= cloud.google.com/go/dialogflow v1.38.0/go.mod h1:L7jnH+JL2mtmdChzAIcXQHXMvQkE3U4hTaNltEuxXn4= +cloud.google.com/go/dialogflow v1.43.0/go.mod h1:pDUJdi4elL0MFmt1REMvFkdsUTYSHq+rTCS8wg0S3+M= cloud.google.com/go/dlp v1.10.1/go.mod h1:IM8BWz1iJd8njcNcG0+Kyd9OPnqnRNkDV8j42VT5KOI= cloud.google.com/go/documentai v1.20.0/go.mod h1:yJkInoMcK0qNAEdRnqY/D5asy73tnPe88I1YTZT+a8E= +cloud.google.com/go/documentai v1.22.1/go.mod h1:LKs22aDHbJv7ufXuPypzRO7rG3ALLJxzdCXDPutw4Qc= cloud.google.com/go/domains v0.9.1/go.mod h1:aOp1c0MbejQQ2Pjf1iJvnVyT+z6R6s8pX66KaCSDYfE= cloud.google.com/go/edgecontainer v1.1.1/go.mod h1:O5bYcS//7MELQZs3+7mabRqoWQhXCzenBu0R8bz2rwk= cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= cloud.google.com/go/essentialcontacts v1.6.2/go.mod h1:T2tB6tX+TRak7i88Fb2N9Ok3PvY3UNbUsMag9/BARh4= cloud.google.com/go/eventarc v1.12.1/go.mod h1:mAFCW6lukH5+IZjkvrEss+jmt2kOdYlN8aMx3sRJiAI= +cloud.google.com/go/eventarc v1.13.0/go.mod h1:mAFCW6lukH5+IZjkvrEss+jmt2kOdYlN8aMx3sRJiAI= cloud.google.com/go/filestore v1.7.1/go.mod h1:y10jsorq40JJnjR/lQ8AfFbbcGlw3g+Dp8oN7i7FjV4= cloud.google.com/go/firestore v1.11.0/go.mod h1:b38dKhgzlmNNGTNZZwe7ZRFEuRab1Hay3/DBsIGKKy4= +cloud.google.com/go/firestore v1.13.0/go.mod h1:QojqqOh8IntInDUSTAh0c8ZsPYAr68Ma8c5DWOy8xb8= cloud.google.com/go/functions v1.15.1/go.mod h1:P5yNWUTkyU+LvW/S9O6V+V423VZooALQlqoXdoPz5AE= cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= +cloud.google.com/go/gkebackup v1.3.1/go.mod h1:vUDOu++N0U5qs4IhG1pcOnD1Mac79xWy6GoBFlWCWBU= cloud.google.com/go/gkeconnect v0.8.1/go.mod h1:KWiK1g9sDLZqhxB2xEuPV8V9NYzrqTUmQR9shJHpOZw= cloud.google.com/go/gkehub v0.14.1/go.mod h1:VEXKIJZ2avzrbd7u+zeMtW00Y8ddk/4V9511C9CQGTY= cloud.google.com/go/gkemulticloud v0.6.1/go.mod h1:kbZ3HKyTsiwqKX7Yw56+wUGwwNZViRnxWK2DVknXWfw= +cloud.google.com/go/gkemulticloud v1.0.0/go.mod h1:kbZ3HKyTsiwqKX7Yw56+wUGwwNZViRnxWK2DVknXWfw= cloud.google.com/go/gsuiteaddons v1.6.1/go.mod h1:CodrdOqRZcLp5WOwejHWYBjZvfY0kOphkAKpF/3qdZY= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= +cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= cloud.google.com/go/iap v1.8.1/go.mod h1:sJCbeqg3mvWLqjZNsI6dfAtbbV1DL2Rl7e1mTyXYREQ= +cloud.google.com/go/iap v1.9.0/go.mod h1:01OFxd1R+NFrg78S+hoPV5PxEzv22HXaNqUUlmNHFuY= cloud.google.com/go/ids v1.4.1/go.mod h1:np41ed8YMU8zOgv53MMMoCntLTn2lF+SUzlM+O3u/jw= cloud.google.com/go/iot v1.7.1/go.mod h1:46Mgw7ev1k9KqK1ao0ayW9h0lI+3hxeanz+L1zmbbbk= cloud.google.com/go/kms v1.12.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM= +cloud.google.com/go/kms v1.15.2/go.mod h1:3hopT4+7ooWRCjc2DxgnpESFxhIraaI2IpAVUEhbT/w= cloud.google.com/go/language v1.10.1/go.mod h1:CPp94nsdVNiQEt1CNjF5WkTcisLiHPyIbMhvR8H2AW0= +cloud.google.com/go/language v1.11.0/go.mod h1:uDx+pFDdAKTY8ehpWbiXyQdz8tDSYLJbQcXsCkjYyvQ= cloud.google.com/go/lifesciences v0.9.1/go.mod h1:hACAOd1fFbCGLr/+weUKRAJas82Y4vrL3O5326N//Wc= cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= +cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI= cloud.google.com/go/longrunning v0.5.0/go.mod h1:0JNuqRShmscVAhIACGtskSAWtqtOoPkwP0YF1oVEchc= cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHSQl/fRUUQJYJc= cloud.google.com/go/managedidentities v1.6.1/go.mod h1:h/irGhTN2SkZ64F43tfGPMbHnypMbu4RB3yl8YcuEak= cloud.google.com/go/maps v0.7.0/go.mod h1:3GnvVl3cqeSvgMcpRlQidXsPYuDGQ8naBis7MVzpXsY= +cloud.google.com/go/maps v1.4.0/go.mod h1:6mWTUv+WhnOwAgjVsSW2QPPECmW+s3PcRyOa9vgG/5s= cloud.google.com/go/mediatranslation v0.8.1/go.mod h1:L/7hBdEYbYHQJhX2sldtTO5SZZ1C1vkapubj0T2aGig= cloud.google.com/go/memcache v1.10.1/go.mod h1:47YRQIarv4I3QS5+hoETgKO40InqzLP6kpNLvyXuyaA= cloud.google.com/go/metastore v1.11.1/go.mod h1:uZuSo80U3Wd4zi6C22ZZliOUJ3XeM/MlYi/z5OAOWRA= +cloud.google.com/go/metastore v1.12.0/go.mod h1:uZuSo80U3Wd4zi6C22ZZliOUJ3XeM/MlYi/z5OAOWRA= cloud.google.com/go/monitoring v1.15.1/go.mod h1:lADlSAlFdbqQuwwpaImhsJXu1QSdd3ojypXrFSMr2rM= +cloud.google.com/go/monitoring v1.16.0/go.mod h1:Ptp15HgAyM1fNICAojDMoNc/wUmn67mLHQfyqbw+poY= cloud.google.com/go/networkconnectivity v1.12.1/go.mod h1:PelxSWYM7Sh9/guf8CFhi6vIqf19Ir/sbfZRUwXh92E= +cloud.google.com/go/networkconnectivity v1.13.0/go.mod h1:SAnGPes88pl7QRLUen2HmcBSE9AowVAcdug8c0RSBFk= cloud.google.com/go/networkmanagement v1.8.0/go.mod h1:Ho/BUGmtyEqrttTgWEe7m+8vDdK74ibQc+Be0q7Fof0= +cloud.google.com/go/networkmanagement v1.9.0/go.mod h1:UTUaEU9YwbCAhhz3jEOHr+2/K/MrBk2XxOLS89LQzFw= cloud.google.com/go/networksecurity v0.9.1/go.mod h1:MCMdxOKQ30wsBI1eI659f9kEp4wuuAueoC9AJKSPWZQ= cloud.google.com/go/notebooks v1.9.1/go.mod h1:zqG9/gk05JrzgBt4ghLzEepPHNwE5jgPcHZRKhlC1A8= +cloud.google.com/go/notebooks v1.10.0/go.mod h1:SOPYMZnttHxqot0SGSFSkRrwE29eqnKPBJFqgWmiK2k= cloud.google.com/go/optimization v1.4.1/go.mod h1:j64vZQP7h9bO49m2rVaTVoNM0vEBEN5eKPUPbZyXOrk= +cloud.google.com/go/optimization v1.5.0/go.mod h1:evo1OvTxeBRBu6ydPlrIRizKY/LJKo/drDMMRKqGEUU= cloud.google.com/go/orchestration v1.8.1/go.mod h1:4sluRF3wgbYVRqz7zJ1/EUNc90TTprliq9477fGobD8= cloud.google.com/go/orgpolicy v1.11.1/go.mod h1:8+E3jQcpZJQliP+zaFfayC2Pg5bmhuLK755wKhIIUCE= cloud.google.com/go/osconfig v1.12.1/go.mod h1:4CjBxND0gswz2gfYRCUoUzCm9zCABp91EeTtWXyz0tE= cloud.google.com/go/oslogin v1.10.1/go.mod h1:x692z7yAue5nE7CsSnoG0aaMbNoRJRXO4sn73R+ZqAs= cloud.google.com/go/phishingprotection v0.8.1/go.mod h1:AxonW7GovcA8qdEk13NfHq9hNx5KPtfxXNeUxTDxB6I= cloud.google.com/go/policytroubleshooter v1.7.1/go.mod h1:0NaT5v3Ag1M7U5r0GfDCpUFkWd9YqpubBWsQlhanRv0= +cloud.google.com/go/policytroubleshooter v1.9.0/go.mod h1:+E2Lga7TycpeSTj2FsH4oXxTnrbHJGRlKhVZBLGgU64= cloud.google.com/go/privatecatalog v0.9.1/go.mod h1:0XlDXW2unJXdf9zFz968Hp35gl/bhF4twwpXZAW50JA= cloud.google.com/go/pubsub v1.32.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc= +cloud.google.com/go/pubsub v1.33.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc= cloud.google.com/go/pubsublite v1.8.1/go.mod h1:fOLdU4f5xldK4RGJrBMm+J7zMWNj/k4PxwEZXy39QS0= cloud.google.com/go/recaptchaenterprise/v2 v2.7.2/go.mod h1:kR0KjsJS7Jt1YSyWFkseQ756D45kaYNTlDPPaRAvDBU= cloud.google.com/go/recommendationengine v0.8.1/go.mod h1:MrZihWwtFYWDzE6Hz5nKcNz3gLizXVIDI/o3G1DLcrE= cloud.google.com/go/recommender v1.10.1/go.mod h1:XFvrE4Suqn5Cq0Lf+mCP6oBHD/yRMA8XxP5sb7Q7gpA= +cloud.google.com/go/recommender v1.11.0/go.mod h1:kPiRQhPyTJ9kyXPCG6u/dlPLbYfFlkwHNRwdzPVAoII= cloud.google.com/go/redis v1.13.1/go.mod h1:VP7DGLpE91M6bcsDdMuyCm2hIpB6Vp2hI090Mfd1tcg= cloud.google.com/go/resourcemanager v1.9.1/go.mod h1:dVCuosgrh1tINZ/RwBufr8lULmWGOkPS8gL5gqyjdT8= cloud.google.com/go/resourcesettings v1.6.1/go.mod h1:M7mk9PIZrC5Fgsu1kZJci6mpgN8o0IUzVx3eJU3y4Jw= cloud.google.com/go/retail v1.14.1/go.mod h1:y3Wv3Vr2k54dLNIrCzenyKG8g8dhvhncT2NcNjb/6gE= cloud.google.com/go/run v0.9.0/go.mod h1:Wwu+/vvg8Y+JUApMwEDfVfhetv30hCG4ZwDR/IXl2Qg= +cloud.google.com/go/run v1.2.0/go.mod h1:36V1IlDzQ0XxbQjUx6IYbw8H3TJnWvhii963WW3B/bo= cloud.google.com/go/scheduler v1.10.1/go.mod h1:R63Ldltd47Bs4gnhQkmNDse5w8gBRrhObZ54PxgR2Oo= cloud.google.com/go/secretmanager v1.11.1/go.mod h1:znq9JlXgTNdBeQk9TBW/FnR/W4uChEKGeqQWAJ8SXFw= cloud.google.com/go/security v1.15.1/go.mod h1:MvTnnbsWnehoizHi09zoiZob0iCHVcL4AUBj76h9fXA= cloud.google.com/go/securitycenter v1.23.0/go.mod h1:8pwQ4n+Y9WCWM278R8W3nF65QtY172h4S8aXyI9/hsQ= cloud.google.com/go/servicedirectory v1.10.1/go.mod h1:Xv0YVH8s4pVOwfM/1eMTl0XJ6bzIOSLDt8f8eLaGOxQ= +cloud.google.com/go/servicedirectory v1.11.0/go.mod h1:Xv0YVH8s4pVOwfM/1eMTl0XJ6bzIOSLDt8f8eLaGOxQ= cloud.google.com/go/shell v1.7.1/go.mod h1:u1RaM+huXFaTojTbW4g9P5emOrrmLE69KrxqQahKn4g= cloud.google.com/go/spanner v1.47.0/go.mod h1:IXsJwVW2j4UKs0eYDqodab6HgGuA1bViSqW4uH9lfUI= +cloud.google.com/go/spanner v1.49.0/go.mod h1:eGj9mQGK8+hkgSVbHNQ06pQ4oS+cyc4tXXd6Dif1KoM= cloud.google.com/go/speech v1.17.1/go.mod h1:8rVNzU43tQvxDaGvqOhpDqgkJTFowBpDvCJ14kGlJYo= +cloud.google.com/go/speech v1.19.0/go.mod h1:8rVNzU43tQvxDaGvqOhpDqgkJTFowBpDvCJ14kGlJYo= cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= cloud.google.com/go/storagetransfer v1.10.0/go.mod h1:DM4sTlSmGiNczmV6iZyceIh2dbs+7z2Ayg6YAiQlYfA= cloud.google.com/go/talent v1.6.2/go.mod h1:CbGvmKCG61mkdjcqTcLOkb2ZN1SrQI8MDyma2l7VD24= @@ -113,15 +161,19 @@ cloud.google.com/go/texttospeech v1.7.1/go.mod h1:m7QfG5IXxeneGqTapXNxv2ItxP/FS0 cloud.google.com/go/tpu v1.6.1/go.mod h1:sOdcHVIgDEEOKuqUoi6Fq53MKHJAtOwtz0GuKsWSH3E= cloud.google.com/go/trace v1.10.1/go.mod h1:gbtL94KE5AJLH3y+WVpfWILmqgc6dXcqgNXdOPAQTYk= cloud.google.com/go/translate v1.8.1/go.mod h1:d1ZH5aaOA0CNhWeXeC8ujd4tdCFw8XoNWRljklu5RHs= +cloud.google.com/go/translate v1.9.0/go.mod h1:d1ZH5aaOA0CNhWeXeC8ujd4tdCFw8XoNWRljklu5RHs= cloud.google.com/go/video v1.17.1/go.mod h1:9qmqPqw/Ib2tLqaeHgtakU+l5TcJxCJbhFXM7UJjVzU= +cloud.google.com/go/video v1.20.0/go.mod h1:U3G3FTnsvAGqglq9LxgqzOiBc/Nt8zis8S+850N2DUM= cloud.google.com/go/videointelligence v1.11.1/go.mod h1:76xn/8InyQHarjTWsBR058SmlPCwQjgcvoW0aZykOvo= cloud.google.com/go/vision/v2 v2.7.2/go.mod h1:jKa8oSYBWhYiXarHPvP4USxYANYUEdEsQrloLjrSwJU= cloud.google.com/go/vmmigration v1.7.1/go.mod h1:WD+5z7a/IpZ5bKK//YmT9E047AD+rjycCAvyMxGJbro= cloud.google.com/go/vmwareengine v0.4.1/go.mod h1:Px64x+BvjPZwWuc4HdmVhoygcXqEkGHXoa7uyfTgSI0= +cloud.google.com/go/vmwareengine v1.0.0/go.mod h1:Px64x+BvjPZwWuc4HdmVhoygcXqEkGHXoa7uyfTgSI0= cloud.google.com/go/vpcaccess v1.7.1/go.mod h1:FogoD46/ZU+JUBX9D606X21EnxiszYi2tArQwLY4SXs= cloud.google.com/go/webrisk v1.9.1/go.mod h1:4GCmXKcOa2BZcZPn6DCEvE7HypmEJcJkr4mtM+sqYPc= cloud.google.com/go/websecurityscanner v1.6.1/go.mod h1:Njgaw3rttgRHXzwCB8kgCYqv5/rGpFCsBOvPbYgszpg= cloud.google.com/go/workflows v1.11.1/go.mod h1:Z+t10G1wF7h8LgdY/EmRcQY8ptBD/nvofaL6FqlET6g= +cloud.google.com/go/workflows v1.12.0/go.mod h1:PYhSk2b6DhZ508tj8HXKaBh+OFe+xdl0dHF/tJdzPQM= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= @@ -141,6 +193,7 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= @@ -156,28 +209,64 @@ github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u1 github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= +github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw= github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= +github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= \ No newline at end of file +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= +google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= +google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= +google.golang.org/genproto v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:CCviP9RmpZ1mxVr8MUjCnSiY09IbAXZxhLE6EhHIdPU= +google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0= +google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk= +google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U= +google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/images/Makefile b/images/Makefile index 069ca72b9..89c6518f8 100644 --- a/images/Makefile +++ b/images/Makefile @@ -23,6 +23,8 @@ INIT_BUILDX=$(DIR)/../hack/init-buildx.sh BASE_IMAGE = $(shell cat $(DIR)/../NGINX_BASE) +GOLANG_VERSION = $(shell cat $(DIR)/../GOLANG_VERSION) + REGISTRY ?= local NAME ?= @@ -52,6 +54,7 @@ build: precheck ensure-buildx --label=org.opencontainers.image.licenses=Apache-2.0 \ --label=org.opencontainers.image.description="Ingress NGINX $(NAME) image" \ --build-arg BASE_IMAGE=$(BASE_IMAGE) \ + --build-arg GOLANG_VERSION=$(GOLANG_VERSION) \ --platform=${PLATFORMS} $(OUTPUT) \ --progress=$(PROGRESS) \ --pull $(EXTRAARGS) \ diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 5cf446962..1529e63f7 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.5-alpine3.18 as builder +ARG GOLANG_VERSION + +FROM golang:${GOLANG_VERSION}-alpine3.18 as builder RUN apk update \ && apk upgrade && apk add git diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index ce0fffd4a..37cd1fcbd 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/custom-error-pages -go 1.21.5 +go 1.21 require github.com/prometheus/client_golang v1.11.1 diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 5ae719675..ec611fa54 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,6 @@ -FROM golang:1.21.5-alpine3.18 as builder +ARG GOLANG_VERSION + +FROM golang:${GOLANG_VERSION}-alpine3.18 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod index 3608868b3..8c3abdcf2 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.mod +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -1,6 +1,6 @@ module example.com/authsvc -go 1.21.5 +go 1.21 require k8s.io/apimachinery v0.23.1 diff --git a/images/fastcgi-helloserver/rootfs/Dockerfile b/images/fastcgi-helloserver/rootfs/Dockerfile index b7d24522d..eec93c844 100755 --- a/images/fastcgi-helloserver/rootfs/Dockerfile +++ b/images/fastcgi-helloserver/rootfs/Dockerfile @@ -11,8 +11,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +ARG GOLANG_VERSION -FROM golang:1.21.5-alpine3.18 as builder +FROM golang:${GOLANG_VERSION}-alpine3.18 as builder WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi diff --git a/images/go-grpc-greeter-server/rootfs/Dockerfile b/images/go-grpc-greeter-server/rootfs/Dockerfile index 38fe73eb3..79693eaeb 100644 --- a/images/go-grpc-greeter-server/rootfs/Dockerfile +++ b/images/go-grpc-greeter-server/rootfs/Dockerfile @@ -1,4 +1,6 @@ -FROM golang:1.21.5-alpine3.18 as build +ARG GOLANG_VERSION + +FROM golang:${GOLANG_VERSION}-alpine3.18 as build WORKDIR /go/src/greeter-server diff --git a/images/httpbun/rootfs/Dockerfile b/images/httpbun/rootfs/Dockerfile index 7effc6ef5..ada137ee9 100644 --- a/images/httpbun/rootfs/Dockerfile +++ b/images/httpbun/rootfs/Dockerfile @@ -12,7 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.5 AS builder +ARG GOLANG_VERSION + +FROM golang:${GOLANG_VERSION} AS builder ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index c98585e2a..7ec098a99 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -12,10 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.21.5 as builder +ARG GOLANG_VERSION + +FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} as builder + ARG BUILDPLATFORM ARG TARGETARCH + WORKDIR /workspace COPY . . RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o kube-webhook-certgen main.go diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 893669c7b..7e321dc49 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -1,6 +1,6 @@ module github.com/jet/kube-webhook-certgen -go 1.21.5 +go 1.21 require ( github.com/onrik/logrus v0.9.0 diff --git a/images/opentelemetry/rootfs/go.mod b/images/opentelemetry/rootfs/go.mod index f34dd98ff..9c183ef06 100644 --- a/images/opentelemetry/rootfs/go.mod +++ b/images/opentelemetry/rootfs/go.mod @@ -1,3 +1,3 @@ module init-otel -go 1.21.5 +go 1.21 diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 5b1a87652..149a11fbd 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -27,6 +27,8 @@ IMAGE = $(REGISTRY)/e2e-test-runner NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE) +GOLANG_VERSION ?= $(shell cat $(DIR)/../../GOLANG_VERSION) + # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled @@ -43,7 +45,7 @@ image: --pull \ --push \ --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ - --build-arg GOLANG_VERSION=1.21.5 \ + --build-arg GOLANG_VERSION=${GOLANG_VERSION} \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.26.0 \ --build-arg RESTY_CLI_VERSION=0.27 \ @@ -64,7 +66,7 @@ build: ensure-buildx --progress=${PROGRESS} \ --pull \ --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ - --build-arg GOLANG_VERSION=1.21.5 \ + --build-arg GOLANG_VERSION=${GOLANG_VERSION} \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.26.0 \ --build-arg RESTY_CLI_VERSION=0.27 \ diff --git a/magefiles/go.mod b/magefiles/go.mod index 9409fed0d..25610b647 100644 --- a/magefiles/go.mod +++ b/magefiles/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/magefiles -go 1.21.5 +go 1.21 require ( github.com/blang/semver/v4 v4.0.0 From 7d75abb0ffab8f8d10445ef38ecd202477ed6267 Mon Sep 17 00:00:00 2001 From: Adam Jones Date: Sun, 28 Jan 2024 16:32:47 +0000 Subject: [PATCH 028/154] docs: Add vouch-proxy OAuth example (#10929) --- .../auth/oauth-external-auth/README.md | 65 +++++++++-- .../dashboard-ingress.yaml | 45 ------- .../oauth-external-auth/oauth2-proxy.yaml | 52 +++++++++ .../auth/oauth-external-auth/vouch-proxy.yaml | 110 ++++++++++++++++++ 4 files changed, 218 insertions(+), 54 deletions(-) delete mode 100644 docs/examples/auth/oauth-external-auth/dashboard-ingress.yaml create mode 100644 docs/examples/auth/oauth-external-auth/vouch-proxy.yaml diff --git a/docs/examples/auth/oauth-external-auth/README.md b/docs/examples/auth/oauth-external-auth/README.md index a08928720..b64b0e70a 100644 --- a/docs/examples/auth/oauth-external-auth/README.md +++ b/docs/examples/auth/oauth-external-auth/README.md @@ -51,25 +51,72 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using G ![Register OAuth2 Application](images/register-oauth-app-2.png) -3. Configure oauth2_proxy values in the file [`oauth2-proxy.yaml`](https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml) with the values: +3. Configure values in the file [`oauth2-proxy.yaml`](https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml) with the values: - OAUTH2_PROXY_CLIENT_ID with the github `` - OAUTH2_PROXY_CLIENT_SECRET with the github `` - OAUTH2_PROXY_COOKIE_SECRET with value of `python -c 'import os,base64; print(base64.b64encode(os.urandom(16)).decode("ascii"))'` + - (optional, but recommended) OAUTH2_PROXY_GITHUB_USERS with GitHub usernames to allow to login + - `__INGRESS_HOST__` with a valid FQDN (e.g. `foo.bar.com`) + - `__INGRESS_SECRET__` with a Secret with a valid SSL certificate -4. Customize the contents of the file [`dashboard-ingress.yaml`](https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/dashboard-ingress.yaml): - - Replace `__INGRESS_HOST__` with a valid FQDN and `__INGRESS_SECRET__` with a Secret with a valid SSL certificate. - -5. Deploy the oauth2 proxy and the ingress rules running: +4. Deploy the oauth2 proxy and the ingress rules by running: ```console - $ kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml + $ kubectl create -f oauth2-proxy.yaml ``` -### Test +#### Test -Test the oauth integration accessing the configured URL, e.g. `https://foo.bar.com` +Test the integration by accessing the configured URL, e.g. `https://foo.bar.com` + +![Register OAuth2 Application](images/github-auth.png) + +![GitHub authentication](images/oauth-login.png) + +![Kubernetes dashboard](images/dashboard.png) + + +### Example: Vouch Proxy + Kubernetes-Dashboard + +This example will show you how to deploy [`Vouch Proxy`](https://github.com/vouch/vouch-proxy) +into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using GitHub as the OAuth2 provider. + +#### Prepare + +1. Install the kubernetes dashboard + + ```console + kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml + ``` + +2. Create a [custom GitHub OAuth application](https://github.com/settings/applications/new) + + ![Register OAuth2 Application](images/register-oauth-app.png) + + - Homepage URL is the FQDN in the Ingress rule, like `https://foo.bar.com` + - Authorization callback URL is the same as the base FQDN plus `/oauth2/auth`, like `https://foo.bar.com/oauth2/auth` + + ![Register OAuth2 Application](images/register-oauth-app-2.png) + +3. Configure Vouch Proxy values in the file [`vouch-proxy.yaml`](https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/vouch-proxy.yaml) with the values: + + - VOUCH_COOKIE_DOMAIN with value of `` + - OAUTH_CLIENT_ID with the github `` + - OAUTH_CLIENT_SECRET with the github `` + - (optional, but recommended) VOUCH_WHITELIST with GitHub usernames to allow to login + - `__INGRESS_HOST__` with a valid FQDN (e.g. `foo.bar.com`) + - `__INGRESS_SECRET__` with a Secret with a valid SSL certificate + +4. Deploy Vouch Proxy and the ingress rules by running: + + ```console + $ kubectl create -f vouch-proxy.yaml + ``` + +#### Test + +Test the integration by accessing the configured URL, e.g. `https://foo.bar.com` ![Register OAuth2 Application](images/github-auth.png) diff --git a/docs/examples/auth/oauth-external-auth/dashboard-ingress.yaml b/docs/examples/auth/oauth-external-auth/dashboard-ingress.yaml deleted file mode 100644 index 198a165f4..000000000 --- a/docs/examples/auth/oauth-external-auth/dashboard-ingress.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" - nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" - name: external-auth-oauth2 - namespace: kube-system -spec: - ingressClassName: nginx - rules: - - host: __INGRESS_HOST__ - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: kubernetes-dashboard - port: - number: 80 ---- - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: oauth2-proxy - namespace: kube-system -spec: - ingressClassName: nginx - rules: - - host: __INGRESS_HOST__ - http: - paths: - - path: /oauth2 - pathType: Prefix - backend: - service: - name: oauth2-proxy - port: - number: 4180 - tls: - - hosts: - - __INGRESS_HOST__ - secretName: __INGRESS_SECRET__ diff --git a/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml b/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml index b383ab95e..3d6d41297 100644 --- a/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml +++ b/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml @@ -31,6 +31,9 @@ spec: # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' - name: OAUTH2_PROXY_COOKIE_SECRET value: SECRET + # Recommended: remove email-domain=* in args and set an allowlist + # - name: OAUTH2_PROXY_GITHUB_USERS + # value: alice,bob image: quay.io/oauth2-proxy/oauth2-proxy:latest imagePullPolicy: Always name: oauth2-proxy @@ -55,3 +58,52 @@ spec: targetPort: 4180 selector: k8s-app: oauth2-proxy + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: oauth2-proxy + namespace: kube-system +spec: + ingressClassName: nginx + rules: + - host: __INGRESS_HOST__ + http: + paths: + - path: /oauth2 + pathType: Prefix + backend: + service: + name: oauth2-proxy + port: + number: 4180 + tls: + - hosts: + - __INGRESS_HOST__ + secretName: __INGRESS_SECRET__ + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" + name: external-auth-oauth2 + namespace: kube-system +spec: + ingressClassName: nginx + rules: + - host: __INGRESS_HOST__ + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kubernetes-dashboard + port: + number: 80 diff --git a/docs/examples/auth/oauth-external-auth/vouch-proxy.yaml b/docs/examples/auth/oauth-external-auth/vouch-proxy.yaml new file mode 100644 index 000000000..05eae6d11 --- /dev/null +++ b/docs/examples/auth/oauth-external-auth/vouch-proxy.yaml @@ -0,0 +1,110 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: vouch-proxy + name: vouch-proxy + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: vouch-proxy + template: + metadata: + labels: + k8s-app: vouch-proxy + spec: + containers: + - env: + - name: VOUCH_ALLOWALLUSERS + value: true + # Recommended: remove VOUCH_ALLOWALLUSERS and set an allowlist + # - name: VOUCH_WHITELIST + # value: alice,bob + - name: VOUCH_COOKIE_DOMAIN + value: + - name: VOUCH_LISTEN + value: 0.0.0.0 + - name: VOUCH_DOCUMENT_ROOT + value: oauth2 + # See https://github.com/vouch/vouch-proxy/tree/master/config for different provider examples + - name: OAUTH_PROVIDER + value: github + - name: OAUTH_CLIENT_ID + value: + - name: OAUTH_CLIENT_SECRET + value: + image: quay.io/vouch/vouch-proxy:latest + imagePullPolicy: Always + name: vouch-proxy + ports: + - containerPort: 9090 + protocol: TCP + +--- + +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: vouch-proxy + name: vouch-proxy + namespace: kube-system +spec: + ports: + - name: http + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + k8s-app: vouch-proxy + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vouch-proxy + namespace: kube-system +spec: + ingressClassName: nginx + rules: + - host: __INGRESS_HOST__ + http: + paths: + - path: /oauth2 + pathType: Prefix + backend: + service: + name: vouch-proxy + port: + number: 9090 + tls: + - hosts: + - __INGRESS_HOST__ + secretName: __INGRESS_SECRET__ + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/validate" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/login?url=$scheme://$http_host$request_uri" + name: external-auth-oauth2 + namespace: kube-system +spec: + ingressClassName: nginx + rules: + - host: __INGRESS_HOST__ + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kubernetes-dashboard + port: + number: 80 From c660f9e3eb85cde56c0eddebb09852fcaceb42fe Mon Sep 17 00:00:00 2001 From: Adam Jones Date: Sun, 28 Jan 2024 20:30:10 +0000 Subject: [PATCH 029/154] fix: live-docs script (#10928) This commit updates the live-docs script in the Makefile to install the necessary dependencies for running mkdocs, before starting it. --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d3830f163..295cf4f01 100644 --- a/Makefile +++ b/Makefile @@ -210,8 +210,9 @@ live-docs: ## Build and launch a local copy of the documentation website in http @docker run ${PLATFORM_FLAG} ${PLATFORM} --rm -it \ -p 8000:8000 \ -v ${PWD}:/docs \ - --entrypoint mkdocs \ - ingress-nginx-docs serve --dev-addr=0.0.0.0:8000 + --entrypoint /bin/bash \ + ingress-nginx-docs \ + -c "pip install -r /docs/docs/requirements.txt && mkdocs serve --dev-addr=0.0.0.0:8000" .PHONY: misspell misspell: ## Check for spelling errors. From 16821e4871eef8857edf76428bda45f12fbb43a2 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 28 Jan 2024 18:53:29 -0300 Subject: [PATCH 030/154] Bump alpine to 3.19.1 (#10930) --- images/cfssl/TAG | 2 +- images/cfssl/rootfs/Dockerfile | 4 ++-- images/nginx-1.25/TAG | 2 +- images/nginx-1.25/rootfs/Dockerfile | 4 ++-- images/nginx/TAG | 2 +- images/nginx/rootfs/Dockerfile | 4 ++-- images/opentelemetry/TAG | 2 +- images/opentelemetry/rootfs/Dockerfile | 2 +- rootfs/Dockerfile-chroot | 2 +- test/e2e-image/Dockerfile | 2 +- 10 files changed, 13 insertions(+), 13 deletions(-) diff --git a/images/cfssl/TAG b/images/cfssl/TAG index 8ce995b80..7df503e63 100644 --- a/images/cfssl/TAG +++ b/images/cfssl/TAG @@ -1 +1 @@ -v0.0.3 \ No newline at end of file +v0.0.4 diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index 2d3f30ab4..2afc43c7a 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.19.0 +FROM alpine:3.19.1 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk update \ @@ -23,4 +23,4 @@ RUN apk update \ EXPOSE 8888 -CMD ["cfssl"] \ No newline at end of file +CMD ["cfssl"] diff --git a/images/nginx-1.25/TAG b/images/nginx-1.25/TAG index 95e94cdd3..a3dce6cd3 100644 --- a/images/nginx-1.25/TAG +++ b/images/nginx-1.25/TAG @@ -1 +1 @@ -v0.0.1 \ No newline at end of file +v0.0.2 diff --git a/images/nginx-1.25/rootfs/Dockerfile b/images/nginx-1.25/rootfs/Dockerfile index ad0c9d654..385b4ba02 100644 --- a/images/nginx-1.25/rootfs/Dockerfile +++ b/images/nginx-1.25/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.19.0 as builder +FROM alpine:3.19.1 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.19.0 +FROM alpine:3.19.1 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/nginx/TAG b/images/nginx/TAG index 81340c7e7..bbdeab622 100644 --- a/images/nginx/TAG +++ b/images/nginx/TAG @@ -1 +1 @@ -0.0.4 +0.0.5 diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index daf44f52a..3dd841c6c 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.19.0 as builder +FROM alpine:3.19.1 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.19.0 +FROM alpine:3.19.1 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/opentelemetry/TAG b/images/opentelemetry/TAG index 95e94cdd3..a3dce6cd3 100644 --- a/images/opentelemetry/TAG +++ b/images/opentelemetry/TAG @@ -1 +1 @@ -v0.0.1 \ No newline at end of file +v0.0.2 diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index b6a0a595b..bb88ec760 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.19.0 as base +FROM alpine:3.19.1 as base RUN mkdir -p /opt/third_party/install COPY . /opt/third_party/ diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index b52cbddf9..98f078261 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.19.0 +FROM alpine:3.19.1 ARG TARGETARCH ARG VERSION diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index 222156f13..6c1fbefc6 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,7 +1,7 @@ ARG E2E_BASE_IMAGE FROM ${E2E_BASE_IMAGE} AS BASE -FROM alpine:3.19.0 +FROM alpine:3.19.1 RUN apk update \ && apk upgrade && apk add -U --no-cache \ From 59daa4c32711fcb7b45e26e7ecfe5eddfefbf1b6 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 28 Jan 2024 19:49:15 -0300 Subject: [PATCH 031/154] Fixing image push (#10931) --- .github/workflows/images.yaml | 2 +- images/nginx-1.25/TAG | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 8a41cdac6..84d8ae819 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -236,6 +236,6 @@ jobs: - name: build-image run: | export TAG=$(cat images/nginx-1.25/TAG) - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push --load -t ingressnginx/nginx-1.25:${TAG} . + cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx-1.25:${TAG} . \ No newline at end of file diff --git a/images/nginx-1.25/TAG b/images/nginx-1.25/TAG index a3dce6cd3..8ce995b80 100644 --- a/images/nginx-1.25/TAG +++ b/images/nginx-1.25/TAG @@ -1 +1 @@ -v0.0.2 +v0.0.3 \ No newline at end of file From 585c297dda151c6d76bbe55102356d89d008f42c Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 28 Jan 2024 20:59:52 -0300 Subject: [PATCH 032/154] Fix golang makefile var name (#10932) --- Makefile | 7 +++++-- images/Makefile | 7 +++++-- images/test-runner/Makefile | 9 ++++++--- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 295cf4f01..8ff0f0ca0 100644 --- a/Makefile +++ b/Makefile @@ -29,7 +29,10 @@ SHELL=/bin/bash -o pipefail -o errexit # Use the 0.0 tag for testing, it shouldn't clobber any release builds TAG ?= $(shell cat TAG) -GOLANG_VERSION ?= $(shell cat GOLANG_VERSION) +# The env below is called GO_VERSION and not GOLANG_VERSION because +# the gcb image we use to build already defines GOLANG_VERSION and is a +# really old version +GO_VERSION ?= $(shell cat GOLANG_VERSION) # e2e settings # Allow limiting the scope of the e2e tests. By default run everything @@ -107,7 +110,7 @@ clean-chroot-image: ## Removes local image .PHONY: build build: ## Build ingress controller, debug tool and pre-stop hook. - E2E_IMAGE=golang:$(GOLANG_VERSION)-alpine3.19 USE_SHELL=/bin/sh build/run-in-docker.sh \ + E2E_IMAGE=golang:$(GO_VERSION)-alpine3.19 USE_SHELL=/bin/sh build/run-in-docker.sh \ MAC_OS=$(MAC_OS) \ PKG=$(PKG) \ ARCH=$(ARCH) \ diff --git a/images/Makefile b/images/Makefile index 89c6518f8..990d77231 100644 --- a/images/Makefile +++ b/images/Makefile @@ -23,7 +23,10 @@ INIT_BUILDX=$(DIR)/../hack/init-buildx.sh BASE_IMAGE = $(shell cat $(DIR)/../NGINX_BASE) -GOLANG_VERSION = $(shell cat $(DIR)/../GOLANG_VERSION) +# The env below is called GO_VERSION and not GOLANG_VERSION because +# the gcb image we use to build already defines GOLANG_VERSION and is a +# really old version +GO_VERSION = $(shell cat $(DIR)/../GOLANG_VERSION) REGISTRY ?= local NAME ?= @@ -54,7 +57,7 @@ build: precheck ensure-buildx --label=org.opencontainers.image.licenses=Apache-2.0 \ --label=org.opencontainers.image.description="Ingress NGINX $(NAME) image" \ --build-arg BASE_IMAGE=$(BASE_IMAGE) \ - --build-arg GOLANG_VERSION=$(GOLANG_VERSION) \ + --build-arg GOLANG_VERSION=$(GO_VERSION) \ --platform=${PLATFORMS} $(OUTPUT) \ --progress=$(PROGRESS) \ --pull $(EXTRAARGS) \ diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 149a11fbd..627475d22 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -27,7 +27,10 @@ IMAGE = $(REGISTRY)/e2e-test-runner NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE) -GOLANG_VERSION ?= $(shell cat $(DIR)/../../GOLANG_VERSION) +# The env below is called GO_VERSION and not GOLANG_VERSION because +# the gcb image we use to build already defines GOLANG_VERSION and is a +# really old version +GO_VERSION ?= $(shell cat $(DIR)/../../GOLANG_VERSION) # required to enable buildx export DOCKER_CLI_EXPERIMENTAL=enabled @@ -45,7 +48,7 @@ image: --pull \ --push \ --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ - --build-arg GOLANG_VERSION=${GOLANG_VERSION} \ + --build-arg GOLANG_VERSION=${GO_VERSION} \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.26.0 \ --build-arg RESTY_CLI_VERSION=0.27 \ @@ -66,7 +69,7 @@ build: ensure-buildx --progress=${PROGRESS} \ --pull \ --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ - --build-arg GOLANG_VERSION=${GOLANG_VERSION} \ + --build-arg GOLANG_VERSION=${GO_VERSION} \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.26.0 \ --build-arg RESTY_CLI_VERSION=0.27 \ From e80d648b31c45ce470922a5109a89ca2c7016cb5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 03:08:34 -0800 Subject: [PATCH 033/154] Bump dorny/paths-filter from 2.11.1 to 3.0.0 (#10934) Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 2.11.1 to 3.0.0. - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](https://github.com/dorny/paths-filter/compare/4512585405083f25c027a35db413c2b3b9006d50...0bc4621a3135347011ad047f9ecf449bf72ce2bd) --- updated-dependencies: - dependency-name: dorny/paths-filter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/docs.yaml | 2 +- .github/workflows/helm.yaml | 2 +- .github/workflows/images.yaml | 2 +- .github/workflows/zz-tmpl-images.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 19dc44746..a5fe8a922 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -49,7 +49,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index ab315b3d3..18aac62ac 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -25,7 +25,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index c6cb31320..46327244a 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -37,7 +37,7 @@ jobs: run: | ./build/run-in-docker.sh ./hack/verify-chart-lint.sh - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 84d8ae819..39c2b0a32 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml index 6f3605417..c96c97350 100644 --- a/.github/workflows/zz-tmpl-images.yaml +++ b/.github/workflows/zz-tmpl-images.yaml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} From acb46089f5a6c9da93c525f5d1c03fab27a3abd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 06:12:05 -0800 Subject: [PATCH 034/154] Bump github/codeql-action from 3.23.1 to 3.23.2 (#10935) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.1 to 3.23.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.23.1...v3.23.2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/images.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 39c2b0a32..71e3a81e6 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -186,7 +186,7 @@ jobs: ignore-unfixed: true output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3.23.1 + uses: github/codeql-action/upload-sarif@v3.23.2 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index cbfee59fc..2aaf1553c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b96e5e1158e8b8f7694d677976037b27efd275d4 # v2.1.37 + uses: github/codeql-action/upload-sarif@25f779c0f271790cfca54f1c5e868acc372ba6f1 # v2.1.37 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 869ba472e..d805103a3 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@b96e5e1158e8b8f7694d677976037b27efd275d4 # v2.1.37 + uses: github/codeql-action/upload-sarif@25f779c0f271790cfca54f1c5e868acc372ba6f1 # v2.1.37 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From a1a0e38ccaa511a8a487edeb11f60a7d8611d773 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 06:15:01 -0800 Subject: [PATCH 035/154] Bump dorny/test-reporter from 1.7.0 to 1.8.0 (#10936) Bumps [dorny/test-reporter](https://github.com/dorny/test-reporter) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/dorny/test-reporter/releases) - [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md) - [Commits](https://github.com/dorny/test-reporter/compare/afe6793191b75b608954023a46831a3fe10048d4...eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8) --- updated-dependencies: - dependency-name: dorny/test-reporter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/junit-reports.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml index 78270c5be..3b3318def 100644 --- a/.github/workflows/junit-reports.yaml +++ b/.github/workflows/junit-reports.yaml @@ -9,7 +9,7 @@ jobs: report: runs-on: ubuntu-latest steps: - - uses: dorny/test-reporter@afe6793191b75b608954023a46831a3fe10048d4 # v1.7.0 + - uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0 with: artifact: /e2e-test-reports-(.*)/ name: JEST Tests $1 # Name of the check run which will be created From 2f40b175db040e21d83f5bc089cf48e2958159c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 06:17:56 -0800 Subject: [PATCH 036/154] Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#10937) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/694cdabd8bdb0f10b2cea11669e1bf5453eed0a6...26f96dfa697d77e81fd5907df203aa23a56210a8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/zz-tmpl-k8s-e2e.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a5fe8a922..0fb0a7e8c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -162,7 +162,7 @@ jobs: | gzip > docker.tar.gz - name: cache - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: name: docker.tar.gz path: docker.tar.gz diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2aaf1553c..7544e3fb3 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index 7709e9637..6943a0854 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -50,7 +50,7 @@ jobs: make kind-e2e-test - name: Upload e2e junit-reports ${{ inputs.variation }} - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 if: success() || failure() with: name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} From e00b45beb567e6d65bb5aae6941c351e17345982 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 06:21:01 -0800 Subject: [PATCH 037/154] Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#10938) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.60.1 to 1.61.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.60.1...v1.61.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 00d9a4ac2..6bebebf67 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.18.0 - google.golang.org/grpc v1.60.1 + google.golang.org/grpc v1.61.0 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 @@ -74,7 +74,7 @@ require ( github.com/google/gofuzz v1.1.0 // indirect github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/google/uuid v1.3.1 // indirect + github.com/google/uuid v1.4.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/imdario/mergo v0.3.6 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect @@ -109,7 +109,7 @@ require ( golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.16.1 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect google.golang.org/protobuf v1.32.0 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index ab3495e78..b2075a17e 100644 --- a/go.sum +++ b/go.sum @@ -191,8 +191,8 @@ github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98/go.mod h1:czg5+yv1E0Z github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= @@ -665,8 +665,8 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 h1:6GQBEOdGkX6MMTLT9V+TjtIRZCw9VPD5Z+yHY9wMgS0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go.mod h1:v7nGkzlmW8P3n/bKmWBn2WpBjpOEx8Q6gMueudAmKfY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -679,8 +679,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU= -google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= +google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= +google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU= google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From 53dc89f0a5e35dad3382bb12bee2ecac7f0f8e53 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 05:42:39 -0800 Subject: [PATCH 038/154] Bump github.com/opencontainers/runc from 1.1.11 to 1.1.12 (#10951) Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.11 to 1.1.12. - [Release notes](https://github.com/opencontainers/runc/releases) - [Changelog](https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md) - [Commits](https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12) --- updated-dependencies: - dependency-name: github.com/opencontainers/runc dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6bebebf67..3a4d1ee1c 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 github.com/onsi/ginkgo/v2 v2.15.0 - github.com/opencontainers/runc v1.1.11 + github.com/opencontainers/runc v1.1.12 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.18.0 github.com/prometheus/client_model v0.5.0 diff --git a/go.sum b/go.sum index b2075a17e..4b80b3a6f 100644 --- a/go.sum +++ b/go.sum @@ -287,8 +287,8 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= -github.com/opencontainers/runc v1.1.11 h1:9LjxyVlE0BPMRP2wuQDRlHV4941Jp9rc3F0+YKimopA= -github.com/opencontainers/runc v1.1.11/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= +github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss= +github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= From 48b98311229913803063ed34a738fa1f8fd7c012 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Fri, 2 Feb 2024 00:03:48 +0100 Subject: [PATCH 039/154] Chart: Remove useless `default` from `_params.tpl`. (#10957) --- charts/ingress-nginx/templates/_params.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/_params.tpl b/charts/ingress-nginx/templates/_params.tpl index 47d024e85..3ca2de8a5 100644 --- a/charts/ingress-nginx/templates/_params.tpl +++ b/charts/ingress-nginx/templates/_params.tpl @@ -29,7 +29,7 @@ - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} {{- end }} {{- if and (not .Values.controller.scope.enabled) .Values.controller.scope.namespaceSelector }} -- --watch-namespace-selector={{ default "" .Values.controller.scope.namespaceSelector }} +- --watch-namespace-selector={{ .Values.controller.scope.namespaceSelector }} {{- end }} {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} From 3e740fe8e747eb37c35abb64e1d6f5db42e5b15c Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Fri, 2 Feb 2024 07:55:15 +0100 Subject: [PATCH 040/154] Chart: Set `--enable-metrics` depending on `controller.metrics.enabled`. (#10959) --- charts/ingress-nginx/templates/_params.tpl | 3 ++ .../tests/controller-daemonset_test.yaml | 31 +++++++++++++++++++ .../tests/controller-deployment_test.yaml | 16 ++++++++++ 3 files changed, 50 insertions(+) diff --git a/charts/ingress-nginx/templates/_params.tpl b/charts/ingress-nginx/templates/_params.tpl index 3ca2de8a5..0ddef0af1 100644 --- a/charts/ingress-nginx/templates/_params.tpl +++ b/charts/ingress-nginx/templates/_params.tpl @@ -54,6 +54,9 @@ {{- if .Values.controller.watchIngressWithoutClass }} - --watch-ingress-without-class=true {{- end }} +{{- if not .Values.controller.metrics.enabled }} +- --enable-metrics={{ .Values.controller.metrics.enabled }} +{{- end }} {{- if .Values.controller.enableTopologyAwareRouting }} - --enable-topology-aware-routing=true {{- end }} diff --git a/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/charts/ingress-nginx/tests/controller-daemonset_test.yaml index 2e85848b6..1d3172227 100644 --- a/charts/ingress-nginx/tests/controller-daemonset_test.yaml +++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -14,3 +14,34 @@ tests: - equal: path: metadata.name value: RELEASE-NAME-ingress-nginx-controller + + - it: should create a DaemonSet with argument `--enable-metrics=false` if `controller.metrics.enabled` is false + set: + controller.kind: DaemonSet + controller.metrics.enabled: false + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: --enable-metrics=false + + - it: should create a DaemonSet without argument `--enable-metrics=false` if `controller.metrics.enabled` is true + set: + controller.kind: DaemonSet + controller.metrics.enabled: true + asserts: + - notContains: + path: spec.template.spec.containers[0].args + content: --enable-metrics=false + + - it: should create a DaemonSet with resource limits if `controller.resources.limits` is set + set: + controller.kind: DaemonSet + controller.resources.limits.cpu: 500m + controller.resources.limits.memory: 512Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 500m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 512Mi diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml index 01844612e..86d5828c0 100644 --- a/charts/ingress-nginx/tests/controller-deployment_test.yaml +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -21,6 +21,22 @@ tests: path: spec.replicas value: 3 + - it: should create a Deployment with argument `--enable-metrics=false` if `controller.metrics.enabled` is false + set: + controller.metrics.enabled: false + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: --enable-metrics=false + + - it: should create a Deployment without argument `--enable-metrics=false` if `controller.metrics.enabled` is true + set: + controller.metrics.enabled: true + asserts: + - notContains: + path: spec.template.spec.containers[0].args + content: --enable-metrics=false + - it: should create a Deployment with resource limits if `controller.resources.limits` is set set: controller.resources.limits.cpu: 500m From 83b5ffb77feb281c9b5eacb942b2ded71d3428f5 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Fri, 2 Feb 2024 14:45:03 +0100 Subject: [PATCH 041/154] E2E Tests: Explicitly enable metrics. (#10962) --- test/e2e/wait-for-nginx.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/e2e/wait-for-nginx.sh b/test/e2e/wait-for-nginx.sh index d2529e348..ac0584962 100755 --- a/test/e2e/wait-for-nginx.sh +++ b/test/e2e/wait-for-nginx.sh @@ -89,6 +89,8 @@ controller: terminationGracePeriodSeconds: 1 admissionWebhooks: enabled: false + metrics: + enabled: true # ulimit -c unlimited # mkdir -p /tmp/coredump From 4a680c8b200cb865f8698ce0aef4123bfff32f3e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 07:09:25 -0800 Subject: [PATCH 042/154] Bump github/codeql-action from 3.23.2 to 3.24.0 (#10971) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.2 to 3.24.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.23.2...v3.24.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/images.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 71e3a81e6..bcae56657 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -186,7 +186,7 @@ jobs: ignore-unfixed: true output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3.23.2 + uses: github/codeql-action/upload-sarif@v3.24.0 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7544e3fb3..e8564ec8d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@25f779c0f271790cfca54f1c5e868acc372ba6f1 # v2.1.37 + uses: github/codeql-action/upload-sarif@39cc02b1d9c54094b4cdbc06cec937d19c16ef3b # v2.1.37 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index d805103a3..2281d846a 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@25f779c0f271790cfca54f1c5e868acc372ba6f1 # v2.1.37 + uses: github/codeql-action/upload-sarif@39cc02b1d9c54094b4cdbc06cec937d19c16ef3b # v2.1.37 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 27507157251da864766db00d04fb1b31bdd16aad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 03:50:16 -0800 Subject: [PATCH 043/154] Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (#10976) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.18.0 to 0.19.0. - [Commits](https://github.com/golang/crypto/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 3a4d1ee1c..ed534d4da 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 - golang.org/x/crypto v0.18.0 + golang.org/x/crypto v0.19.0 google.golang.org/grpc v1.61.0 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 @@ -103,8 +103,8 @@ require ( golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.20.0 // indirect golang.org/x/oauth2 v0.16.0 // indirect - golang.org/x/sys v0.16.0 // indirect - golang.org/x/term v0.16.0 // indirect + golang.org/x/sys v0.17.0 // indirect + golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.16.1 // indirect diff --git a/go.sum b/go.sum index 4b80b3a6f..f290367e8 100644 --- a/go.sum +++ b/go.sum @@ -399,8 +399,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -537,12 +537,12 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From f6b28f548a294930a8917602e6bb5a698e8f6606 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 03:53:12 -0800 Subject: [PATCH 044/154] Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#10980) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/3a919529898de77ec3da873e3063ca4b10e7f5cc...3cfe3a4abbb849e10058ce4af15d205b6da42804) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 16c3fe8fc..f6929e73c 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -29,6 +29,6 @@ jobs: check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 + uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 with: version: v1.55.2 From b0e5e9a39d7a6f587bb6ecbe4b501167ce2db750 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 03:59:07 -0800 Subject: [PATCH 045/154] Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#10979) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.16.1 to 0.17.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca...84384bd6e777ef152729993b8145ea352e9dd3ef) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/vulnerability-scans.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 2281d846a..1efd1fc0c 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -60,7 +60,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1 + uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # v0.17.0 with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' From 3408083b8013ec87a6920deb592aeb21c7e1052b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 04:02:07 -0800 Subject: [PATCH 046/154] Bump actions/download-artifact from 4.1.1 to 4.1.2 (#10981) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/6b208ae046db98c579e8a3aa621ab581ff575935...eaceaf801fd36c7dee90939fad912460b18a1ffe) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/zz-tmpl-k8s-e2e.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0fb0a7e8c..de63bd457 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -199,7 +199,7 @@ jobs: helm unittest charts/ingress-nginx -d - name: cache - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: docker.tar.gz diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index 6943a0854..563c487d3 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: cache - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: docker.tar.gz From 86f3af8dead82f2d0905dceddeba213751e15b50 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 04:31:31 -0800 Subject: [PATCH 047/154] Bump actions/upload-artifact from 4.3.0 to 4.3.1 (#10978) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/26f96dfa697d77e81fd5907df203aa23a56210a8...5d5d22a31266ced268874388b861e4b58bb5c2f3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/zz-tmpl-k8s-e2e.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index de63bd457..7a0d5cf6b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -162,7 +162,7 @@ jobs: | gzip > docker.tar.gz - name: cache - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: docker.tar.gz path: docker.tar.gz diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e8564ec8d..9d00e8c38 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index 563c487d3..20fd1053d 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -50,7 +50,7 @@ jobs: make kind-e2e-test - name: Upload e2e junit-reports ${{ inputs.variation }} - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 if: success() || failure() with: name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} From 7c3596854bc3855b99b80fcf23e1a8def7f7672f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 03:10:47 -0800 Subject: [PATCH 048/154] Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 (#10998) Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.5.0 to 0.6.0. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/compare/v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ed534d4da..7b18f3335 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/opencontainers/runc v1.1.12 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.18.0 - github.com/prometheus/client_model v0.5.0 + github.com/prometheus/client_model v0.6.0 github.com/prometheus/common v0.46.0 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index f290367e8..4dc71934f 100644 --- a/go.sum +++ b/go.sum @@ -310,8 +310,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= +github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= From 09ab0ecf8d7c3f64e53c90be44c96579b1b76352 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 03:13:28 -0800 Subject: [PATCH 049/154] Bump dorny/paths-filter from 3.0.0 to 3.0.1 (#10994) Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](https://github.com/dorny/paths-filter/compare/0bc4621a3135347011ad047f9ecf449bf72ce2bd...ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a) --- updated-dependencies: - dependency-name: dorny/paths-filter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/docs.yaml | 2 +- .github/workflows/helm.yaml | 2 +- .github/workflows/images.yaml | 2 +- .github/workflows/zz-tmpl-images.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7a0d5cf6b..d7d20a246 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -49,7 +49,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 + - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 18aac62ac..695ed2124 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -25,7 +25,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 + - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 46327244a..09d70fb7a 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -37,7 +37,7 @@ jobs: run: | ./build/run-in-docker.sh ./hack/verify-chart-lint.sh - - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 + - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index bcae56657..3794a0cfa 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 + - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml index c96c97350..fd56e986d 100644 --- a/.github/workflows/zz-tmpl-images.yaml +++ b/.github/workflows/zz-tmpl-images.yaml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 + - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} From 7edcdeefe5638fd47ae80a9a8b48884bef3e35c8 Mon Sep 17 00:00:00 2001 From: zengyuxing007 Date: Thu, 22 Feb 2024 11:00:17 +0800 Subject: [PATCH 050/154] Update ingress-path-matching.md (#11007) --- docs/user-guide/ingress-path-matching.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/ingress-path-matching.md b/docs/user-guide/ingress-path-matching.md index dd618e08b..d93e75fbb 100644 --- a/docs/user-guide/ingress-path-matching.md +++ b/docs/user-guide/ingress-path-matching.md @@ -3,7 +3,8 @@ ## Regular Expression Support !!! important - Regular expressions and wild cards are not supported in the `spec.rules.host` field. Full hostnames must be used. + Regular expressions is not supported in the `spec.rules.host` field. The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == +"*"). !!! note Please see the [FAQ](../faq.md#validation-of-path) for Validation Of __`path`__ From 536c4e7e068390282bd1239fdb70983e891edad1 Mon Sep 17 00:00:00 2001 From: zengyuxing007 Date: Thu, 22 Feb 2024 14:07:07 +0800 Subject: [PATCH 051/154] Update ingress-path-matching.md (#11008) --- docs/user-guide/ingress-path-matching.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/user-guide/ingress-path-matching.md b/docs/user-guide/ingress-path-matching.md index d93e75fbb..43d049043 100644 --- a/docs/user-guide/ingress-path-matching.md +++ b/docs/user-guide/ingress-path-matching.md @@ -3,8 +3,7 @@ ## Regular Expression Support !!! important - Regular expressions is not supported in the `spec.rules.host` field. The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == -"*"). + Regular expressions is not supported in the `spec.rules.host` field. The wildcard character '\*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "\*"). !!! note Please see the [FAQ](../faq.md#validation-of-path) for Validation Of __`path`__ From 7fdce1640bbc3acdb8405c03917ca269028bc7b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 03:17:40 -0800 Subject: [PATCH 052/154] Bump actions/dependency-review-action from 4.0.0 to 4.1.3 (#11016) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.0.0 to 4.1.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/4901385134134e04cec5fbe5ddfe3b2c5bd5d976...9129d7d40b8c12c1ed0f60400d00c92d437adcce) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 68822744d..eadf099b3 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0 + uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 From 30d0d5e4b51143d0e794076583c94446c8b2b780 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 04:25:33 -0800 Subject: [PATCH 053/154] Bump github/codeql-action from 3.24.0 to 3.24.5 (#11017) * Bump github/codeql-action from 3.24.0 to 3.24.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.24.0...v3.24.5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Update images.yaml * Update scorecards.yml * Update vulnerability-scans.yaml --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior --- .github/workflows/images.yaml | 4 ++-- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 3794a0cfa..238cc6a80 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -186,7 +186,7 @@ jobs: ignore-unfixed: true output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3.24.0 + uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: sarif_file: 'trivy-results.sarif' @@ -238,4 +238,4 @@ jobs: export TAG=$(cat images/nginx-1.25/TAG) cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx-1.25:${TAG} . - \ No newline at end of file + diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 9d00e8c38..387849a48 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@39cc02b1d9c54094b4cdbc06cec937d19c16ef3b # v2.1.37 + uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 1efd1fc0c..99e9fdfc7 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@39cc02b1d9c54094b4cdbc06cec937d19c16ef3b # v2.1.37 + uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From e78af97ecdf10187b43786df216478df6ea440d1 Mon Sep 17 00:00:00 2001 From: Milas Bowman Date: Mon, 26 Feb 2024 07:32:18 -0500 Subject: [PATCH 054/154] chore(deps): upgrade headers-more module to 0.37 (#10991) https://github.com/openresty/headers-more-nginx-module/compare/v0.34...v0.37 Signed-off-by: Milas Bowman --- images/nginx-1.25/rootfs/build.sh | 2 +- images/nginx/rootfs/build.sh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh index 0fded23d6..5324170b0 100755 --- a/images/nginx-1.25/rootfs/build.sh +++ b/images/nginx-1.25/rootfs/build.sh @@ -26,7 +26,7 @@ export NDK_VERSION=v0.3.3 # Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.33...master export SETMISC_VERSION=796f5a3e518748eb29a93bd450324e0ad45b704e -# Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.34...master +# Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.37...master export MORE_HEADERS_VERSION=v0.37 # Check for recent changes: https://github.com/atomx/nginx-http-auth-digest/compare/v1.0.0...atomx:master diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index cd319a0b9..d6e7c4a58 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -26,8 +26,8 @@ export NDK_VERSION=0.3.2 # Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.33...master export SETMISC_VERSION=0.33 -# Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.34...master -export MORE_HEADERS_VERSION=0.34 +# Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.37...master +export MORE_HEADERS_VERSION=0.37 # Check for recent changes: https://github.com/atomx/nginx-http-auth-digest/compare/v1.0.0...atomx:master export NGINX_DIGEST_AUTH=1.0.0 @@ -204,7 +204,7 @@ get_src aa961eafb8317e0eb8da37eb6e2c9ff42267edd18b56947384e719b85188f58b \ get_src cd5e2cc834bcfa30149e7511f2b5a2183baf0b70dc091af717a89a64e44a2985 \ "https://github.com/openresty/set-misc-nginx-module/archive/v$SETMISC_VERSION.tar.gz" -get_src 0c0d2ced2ce895b3f45eb2b230cd90508ab2a773299f153de14a43e44c1209b3 \ +get_src cf6e169d6b350c06d0c730b0eaf4973394026ad40094cddd3b3a5b346577019d \ "https://github.com/openresty/headers-more-nginx-module/archive/v$MORE_HEADERS_VERSION.tar.gz" get_src f09851e6309560a8ff3e901548405066c83f1f6ff88aa7171e0763bd9514762b \ From 391a304b10296cb07171a4c47e97ece81617a759 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Mon, 26 Feb 2024 20:05:00 -0300 Subject: [PATCH 055/154] Bump grpc and reintroduce OTEL compilation (#11021) * Bump grpc and reintroduce OTEL compilation * Enable s390x again --- .github/workflows/images.yaml | 2 +- images/nginx-1.25/Makefile | 2 +- images/nginx-1.25/TAG | 2 +- images/nginx-1.25/rootfs/Dockerfile | 2 +- images/nginx-1.25/rootfs/build.sh | 36 +++++++++++++++++++++++++++-- 5 files changed, 38 insertions(+), 6 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 238cc6a80..93092d80b 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -216,7 +216,7 @@ jobs: if: | (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx125 == 'true') env: - PLATFORMS: linux/amd64,linux/arm,linux/arm64 + PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/images/nginx-1.25/Makefile b/images/nginx-1.25/Makefile index e03197109..cdd3e2a3c 100644 --- a/images/nginx-1.25/Makefile +++ b/images/nginx-1.25/Makefile @@ -32,7 +32,7 @@ IMAGE = $(REGISTRY)/nginx-1.25 export DOCKER_CLI_EXPERIMENTAL=enabled # build with buildx -PLATFORMS?=linux/amd64,linux/arm,linux/arm64 +PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x OUTPUT= PROGRESS=plain build: ensure-buildx diff --git a/images/nginx-1.25/TAG b/images/nginx-1.25/TAG index 8ce995b80..a92e82754 100644 --- a/images/nginx-1.25/TAG +++ b/images/nginx-1.25/TAG @@ -1 +1 @@ -v0.0.3 \ No newline at end of file +v0.0.4 \ No newline at end of file diff --git a/images/nginx-1.25/rootfs/Dockerfile b/images/nginx-1.25/rootfs/Dockerfile index 385b4ba02..8327d99f2 100644 --- a/images/nginx-1.25/rootfs/Dockerfile +++ b/images/nginx-1.25/rootfs/Dockerfile @@ -29,6 +29,7 @@ ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1 ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" COPY --from=builder /usr/local /usr/local +COPY --from=builder /usr/lib/libopentelemetry* /usr/local/lib COPY --from=builder /opt /opt COPY --from=builder /etc/nginx /etc/nginx @@ -50,7 +51,6 @@ RUN apk update \ tzdata \ grpc-cpp \ libprotobuf \ - && apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing opentelemetry-cpp-exporter-otlp-common opentelemetry-cpp-exporter-otlp-grpc \ && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \ && adduser -S -D -H -u 101 -h /usr/local/nginx \ -s /sbin/nologin -G www-data -g www-data www-data \ diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh index 5324170b0..b449d89e4 100755 --- a/images/nginx-1.25/rootfs/build.sh +++ b/images/nginx-1.25/rootfs/build.sh @@ -104,6 +104,11 @@ export LUA_RESTY_GLOBAL_THROTTLE_VERSION=v0.2.0 # Check for recent changes: https://github.com/microsoft/mimalloc/compare/v1.7.6...master export MIMALOC_VERSION=v2.1.2 +# Check on https://github.com/open-telemetry/opentelemetry-cpp +export OPENTELEMETRY_CPP_VERSION="v1.11.0" +# Check on https://github.com/open-telemetry/opentelemetry-proto +export OPENTELEMETRY_PROTO_VERSION="v1.1.0" + export BUILD_PATH=/tmp/build ARCH=$(uname -m) @@ -119,6 +124,7 @@ get_src() echo "Downloading $url" curl -sSL "$url" -o "$f" + # TODO: Reenable checksum verification but make it smarter # echo "$hash $f" | sha256sum -c - || exit 10 if [ ! -z "$dest" ]; then mkdir ${BUILD_PATH}/${dest} @@ -177,7 +183,7 @@ apk add \ grpc-dev \ protobuf-dev -apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing opentelemetry-cpp-dev +# apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing opentelemetry-cpp-dev # There is some bug with some platforms and git, so force HTTP/1.1 git config --global http.version HTTP/1.1 @@ -195,6 +201,12 @@ get_src 66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae \ get_src aa961eafb8317e0eb8da37eb6e2c9ff42267edd18b56947384e719b85188f58b \ "https://github.com/vision5/ngx_devel_kit/archive/$NDK_VERSION.tar.gz" "ngx_devel_kit" +get_src abc123 \ + "https://github.com/open-telemetry/opentelemetry-cpp/archive/$OPENTELEMETRY_CPP_VERSION.tar.gz" "opentelemetry-cpp" + +get_src abc123 \ + "https://github.com/open-telemetry/opentelemetry-proto/archive/$OPENTELEMETRY_PROTO_VERSION.tar.gz" "opentelemetry-proto" + get_src cd5e2cc834bcfa30149e7511f2b5a2183baf0b70dc091af717a89a64e44a2985 \ "https://github.com/openresty/set-misc-nginx-module/archive/$SETMISC_VERSION.tar.gz" "set-misc-nginx-module" @@ -288,7 +300,27 @@ make install ln -s /usr/local/bin/luajit /usr/local/bin/lua ln -s "$LUAJIT_INC" /usr/local/include/lua -cd "$BUILD_PATH" +cd "$BUILD_PATH/opentelemetry-cpp" +export CXXFLAGS="-DBENCHMARK_HAS_NO_INLINE_ASSEMBLY" +cmake -B build -G Ninja -Wno-dev \ + -DOTELCPP_PROTO_PATH="${BUILD_PATH}/opentelemetry-proto/" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DBUILD_SHARED_LIBS=ON \ + -DBUILD_TESTING="OFF" \ + -DBUILD_W3CTRACECONTEXT_TEST="OFF" \ + -DCMAKE_BUILD_TYPE=None \ + -DWITH_ABSEIL=ON \ + -DWITH_STL=ON \ + -DWITH_EXAMPLES=OFF \ + -DWITH_ZPAGES=OFF \ + -DWITH_OTLP_GRPC=ON \ + -DWITH_OTLP_HTTP=ON \ + -DWITH_ZIPKIN=ON \ + -DWITH_PROMETHEUS=OFF \ + -DWITH_ASYNC_EXPORT_PREVIEW=OFF \ + -DWITH_METRICS_EXEMPLAR_PREVIEW=OFF + cmake --build build + cmake --install build # Git tuning git config --global --add core.compression -1 From 0a87031bbdba6f2cd3e66565043bd42d330858ba Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Mon, 26 Feb 2024 22:08:45 -0300 Subject: [PATCH 056/154] Bump modsecurity on nginx 1.25 (#11024) --- images/nginx-1.25/TAG | 2 +- images/nginx-1.25/rootfs/build.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/nginx-1.25/TAG b/images/nginx-1.25/TAG index a92e82754..837042c77 100644 --- a/images/nginx-1.25/TAG +++ b/images/nginx-1.25/TAG @@ -1 +1 @@ -v0.0.4 \ No newline at end of file +v0.0.5 \ No newline at end of file diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh index b449d89e4..3fe610945 100755 --- a/images/nginx-1.25/rootfs/build.sh +++ b/images/nginx-1.25/rootfs/build.sh @@ -39,7 +39,7 @@ export NGINX_SUBSTITUTIONS=e12e965ac1837ca709709f9a26f572a54d83430e export MODSECURITY_VERSION=v1.0.3 # Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.8...v3/master -export MODSECURITY_LIB_VERSION=v3.0.11 +export MODSECURITY_LIB_VERSION=v3.0.12 # Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.2...v3.3/master export OWASP_MODSECURITY_CRS_VERSION=v3.3.5 From 30c431453484783269cb1fadc86d87c29db89024 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9?= Date: Tue, 27 Feb 2024 14:41:04 +0100 Subject: [PATCH 057/154] Fix print-e2e-suite (#9536) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before: ``` $ make print-e2e-suite Reached DIND check ELSE block, inside run-in-docker.sh Compiled e2e.test Reached DIND check ELSE block, inside run-in-docker.sh + set -o errexit + set -o nounset + set -o pipefail +++ dirname hack/print-e2e-suite.sh ++ cd hack/.. ++ pwd -P + DIR=/go/src/k8s.io/ingress-nginx + /go/src/k8s.io/ingress-nginx/test/e2e/e2e.test -ginkgo.noColor -ginkgo.dryRun + sed 's|/go/src/k8s.io/ingress-nginx/|File: |g' + sed s/•//g + + head -n-3tail -n+5 You're using deprecated Ginkgo functionality: ============================================= --ginkgo.dryRun is deprecated, use --ginkgo.dry-run instead Learn more at: https://onsi.github.io/ginkgo/MIGRATING_TO_V2#changed-command-line-flags --ginkgo.noColor is deprecated, use --ginkgo.no-color instead Learn more at: https://onsi.github.io/ginkgo/MIGRATING_TO_V2#changed-command-line-flags To silence deprecations that can be silenced set the following environment variable: ACK_GINKGO_DEPRECATIONS=2.6.1 Will run 423 of 423 specs ``` After: ``` $ make print-e2e-suite Reached DIND check ELSE block, inside run-in-docker.sh Compiled e2e.test Reached DIND check ELSE block, inside run-in-docker.sh Will run 423 of 423 specs ------------------------------ [Annotations] service-upstream when using the default value (false) and enabling in the annotations should use the Service Cluster IP and Port File: test/e2e/annotations/serviceupstream.go:41 [0.000 seconds] ------------------------------ [...] ``` Signed-off-by: Hervé Werner --- hack/print-e2e-suite.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hack/print-e2e-suite.sh b/hack/print-e2e-suite.sh index e6b083d58..12b0efb13 100755 --- a/hack/print-e2e-suite.sh +++ b/hack/print-e2e-suite.sh @@ -14,8 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -if [ -n "$DEBUG" ]; then - set -x +if [ "$DEBUG" == "true" ]; then + set -x fi set -o errexit @@ -25,5 +25,6 @@ set -o pipefail DIR=$(cd $(dirname "${BASH_SOURCE}")/.. && pwd -P) $DIR/test/e2e/e2e.test \ - -ginkgo.noColor \ - -ginkgo.dryRun | sed "s|$DIR/|File: |g" | sed 's/•//g' | tail -n+5 | head -n-3 + --ginkgo.no-color \ + --ginkgo.v \ + --ginkgo.dry-run | sed "s|$DIR/|File: |g" | sed 's/•//g' | tail -n+5 | head -n-3 From 3a887f28e828fdae70d25981356014ecc12b72e8 Mon Sep 17 00:00:00 2001 From: Artur Juraszek Date: Tue, 27 Feb 2024 13:56:40 +0000 Subject: [PATCH 058/154] Properly support a TLS-wrapped OCSP responder (#10164) Current implementation of OCSP stapling makes use of the DNS caching machinery[^1], which results in resty.http not seeing the actual host name of the OCSP responder. On HTTP level, this is already mitigated via overriding the Host header, but if a given responder operates on a HTTPS endpoint (a setup which, admittedly, isn't very popular due to its chicken-and-egg caveats involved but is nonetheless legal[^2]) the connection will fail to be established. A relevant (and a bit redacted) excerpt from logs: 2023/07/02 18:13:23 [info] 112#112: *29039 [lua] dns.lua:32: cache_set(): cache set for 'my.ocsp.responder' with value of [10.1.2.3, 10.4.5.6, 10.7.8.9] and ttl of 30., context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442 2023/07/02 18:13:23 [error] 112#112: *29039 lua ssl certificate does not match host "10.1.2.3", context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442 2023/07/02 18:13:23 [error] 112#112: *29039 [lua] certificate.lua:143: fetch_and_cache_ocsp_response(): could not get OCSP response: certificate host mismatch, context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442 [^1]: https://github.com/kubernetes/ingress-nginx/blob/ebb6314/rootfs/etc/nginx/lua/certificate.lua#L81 [^2]: https://datatracker.ietf.org/doc/html/rfc2560#appendix-A.1.1 --- rootfs/etc/nginx/lua/certificate.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua index 48c8d7134..1b3d3b21f 100644 --- a/rootfs/etc/nginx/lua/certificate.lua +++ b/rootfs/etc/nginx/lua/certificate.lua @@ -103,6 +103,7 @@ local function do_ocsp_request(url, ocsp_request) ["Host"] = parsed_url[2], }, body = ocsp_request, + ssl_server_name = parsed_url[2], }) if not http_response then return nil, err From 1bc20da92f02daba83725d06fe71582deca12d62 Mon Sep 17 00:00:00 2001 From: Florian Schlichting Date: Tue, 27 Feb 2024 14:58:42 +0100 Subject: [PATCH 059/154] fix datasource, $exported_namespace variable in grafana nginx dashboard (#9092) * grafana/dashboards/nginx.json: re-add exported_namespace as a variable (was deleted entirely in #9523) * dashboards/nginx.json: switch around ingress and namespace selectors, and rename "Exported Namespace" to "Ingress Namespace" authored by tghartland at https://gist.github.com/tghartland/9147d88f991a95d4bab0fa7278c237eb * dashboards/nginx.json: make "Ingress Request Volume" and "Ingress Success Rate" panels look at selected Ingress Namespaces only, and rename two panel titels to use the renamed variable as suggested by tghartland in https://github.com/kubernetes/ingress-nginx/pull/9092#issuecomment-1285840900 * dashboards/nginx.json: apply Ingress Namespace selection to "Ingress Percentile Response Times and Transfer Rates" as well this is from https://github.com/kubernetes/ingress-nginx/pull/9092#issuecomment-1287114743 also by tghartland --- deploy/grafana/dashboards/nginx.json | 56 ++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 16 deletions(-) diff --git a/deploy/grafana/dashboards/nginx.json b/deploy/grafana/dashboards/nginx.json index 3c3205b4a..864d1dace 100644 --- a/deploy/grafana/dashboards/nginx.json +++ b/deploy/grafana/dashboards/nginx.json @@ -530,7 +530,7 @@ "steppedLine": false, "targets": [ { - "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", + "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",exported_namespace=~\"$exported_namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", "format": "time_series", "hide": false, "instant": false, @@ -637,7 +637,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",exported_namespace=~\"$exported_namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",exported_namespace=~\"$exported_namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", "format": "time_series", "instant": false, "interval": "10s", @@ -1183,7 +1183,7 @@ ], "targets": [ { - "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le, ingress))", "format": "table", "hide": false, "instant": true, @@ -1192,7 +1192,7 @@ "refId": "C" }, { - "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le, ingress))", "format": "table", "hide": false, "instant": true, @@ -1201,7 +1201,7 @@ "refId": "D" }, { - "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le, ingress))", "format": "table", "hide": false, "instant": true, @@ -1210,7 +1210,7 @@ "refId": "E" }, { - "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (ingress)", "format": "table", "hide": false, "instant": true, @@ -1220,7 +1220,7 @@ "refId": "F" }, { - "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (ingress)", "format": "table", "instant": true, "intervalFactor": 1, @@ -1312,7 +1312,7 @@ "targets": [ { "exemplar": true, - "expr": "histogram_quantile(0.80, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le))", + "expr": "histogram_quantile(0.80, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le))", "format": "time_series", "hide": false, "instant": false, @@ -1323,7 +1323,7 @@ }, { "exemplar": true, - "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le))", + "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le))", "format": "time_series", "hide": false, "instant": false, @@ -1335,7 +1335,7 @@ { "editorMode": "code", "exemplar": true, - "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le))", + "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le))", "format": "time_series", "hide": false, "instant": false, @@ -1345,7 +1345,7 @@ "refId": "E" } ], - "title": "Ingress Percentile Response Times", + "title": "Ingress Percentile Response Times (Ingress Namespaces)", "type": "timeseries" }, { @@ -1377,14 +1377,14 @@ "targets": [ { "exemplar": true, - "expr": "sum(increase(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le)", + "expr": "sum(increase(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le)", "format": "heatmap", "interval": "", "legendFormat": "{{le}}", "refId": "A" } ], - "title": "Ingress Request Latency Heatmap", + "title": "Ingress Request Latency Heatmap (Ingress Namespaces)", "tooltip": { "show": true, "showHistogram": true @@ -1561,7 +1561,31 @@ "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\",controller_class=~\"$controller_class\"}, controller_pod) ", "refresh": 1, "regex": "", - "sort": 0, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "tags": [], + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Ingress Namespace", + "multi": false, + "name": "exported_namespace", + "options": [], + "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller_pod=~\"$controller\"}, exported_namespace) ", + "refresh": 1, + "regex": "", + "sort": 1, "tagValuesQuery": "", "tags": [], "tagsQuery": "", @@ -1582,10 +1606,10 @@ "multi": false, "name": "ingress", "options": [], - "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller_pod=~\"$controller\"}, ingress) ", + "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller_pod=~\"$controller\",exported_namespace=~\"$exported_namespace\"}, ingress) ", "refresh": 1, "regex": "", - "sort": 2, + "sort": 1, "tagValuesQuery": "", "tags": [], "tagsQuery": "", From 0e3e32d0aef58ec870495268de70058c901fbc19 Mon Sep 17 00:00:00 2001 From: Samuel Vaillant Date: Tue, 27 Feb 2024 15:06:39 +0100 Subject: [PATCH 060/154] test(gzip): reach ingress (#9541) --- test/e2e/settings/gzip.go | 114 ++++++++++++++++++++++++++++++++++---- 1 file changed, 104 insertions(+), 10 deletions(-) diff --git a/test/e2e/settings/gzip.go b/test/e2e/settings/gzip.go index 68e80d3a0..6f964b859 100644 --- a/test/e2e/settings/gzip.go +++ b/test/e2e/settings/gzip.go @@ -18,6 +18,7 @@ package settings import ( "fmt" + "net/http" "strings" "github.com/onsi/ginkgo/v2" @@ -29,11 +30,27 @@ import ( var _ = framework.DescribeSetting("gzip", func() { f := framework.NewDefaultFramework("gzip") + host := "gzip" + + ginkgo.BeforeEach(func() { + f.NewHttpbinDeployment() + f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, nil)) + }) + ginkgo.It("should be disabled by default", func() { f.WaitForNginxConfiguration( func(cfg string) bool { return !strings.Contains(cfg, "gzip on;") - }) + }, + ) + + f.HTTPTestClient(). + GET("/xml"). + WithHeader("Host", host). + WithHeader("Accept-Encoding", "gzip"). + Expect(). + Status(http.StatusOK). + ContentEncoding() }) ginkgo.It("should be enabled with default settings", func() { @@ -50,7 +67,16 @@ var _ = framework.DescribeSetting("gzip", func() { strings.Contains(cfg, fmt.Sprintf("gzip_types %s;", defaultCfg.GzipTypes)) && strings.Contains(cfg, "gzip_proxied any;") && strings.Contains(cfg, "gzip_vary on;") - }) + }, + ) + + f.HTTPTestClient(). + GET("/xml"). + WithHeader("Host", host). + WithHeader("Accept-Encoding", "gzip"). + Expect(). + Status(http.StatusOK). + ContentEncoding("gzip") }) ginkgo.It("should set gzip_comp_level to 4", func() { @@ -61,7 +87,16 @@ var _ = framework.DescribeSetting("gzip", func() { func(cfg string) bool { return strings.Contains(cfg, "gzip on;") && strings.Contains(cfg, "gzip_comp_level 4;") - }) + }, + ) + + f.HTTPTestClient(). + GET("/xml"). + WithHeader("Host", host). + WithHeader("Accept-Encoding", "gzip"). + Expect(). + Status(http.StatusOK). + ContentEncoding("gzip") }) ginkgo.It("should set gzip_disable to msie6", func() { @@ -72,28 +107,87 @@ var _ = framework.DescribeSetting("gzip", func() { func(cfg string) bool { return strings.Contains(cfg, "gzip on;") && strings.Contains(cfg, `gzip_disable "msie6";`) - }) + }, + ) + + f.HTTPTestClient(). + GET("/xml"). + WithHeader("Host", host). + WithHeader("Accept-Encoding", "gzip"). + WithHeader("User-Agent", "Mozilla/4.8 [en] (Windows NT 5.1; U)"). + Expect(). + Status(http.StatusOK). + ContentEncoding("gzip") + + f.HTTPTestClient(). + GET("/xml"). + WithHeader("Host", host). + WithHeader("Accept-Encoding", "gzip"). + WithHeader("User-Agent", "Mozilla/45.0 (compatible; MSIE 6.0; Windows NT 5.1)"). + Expect(). + Status(http.StatusOK). + ContentEncoding() }) ginkgo.It("should set gzip_min_length to 100", func() { f.UpdateNginxConfigMapData("use-gzip", "true") f.UpdateNginxConfigMapData("gzip-min-length", "100") + f.UpdateNginxConfigMapData("gzip-types", "application/octet-stream") f.WaitForNginxConfiguration( func(cfg string) bool { return strings.Contains(cfg, "gzip on;") && - strings.Contains(cfg, "gzip_min_length 100;") - }) + strings.Contains(cfg, "gzip_min_length 100;") && + strings.Contains(cfg, "gzip_types application/octet-stream;") + }, + ) + + f.HTTPTestClient(). + GET("/bytes/99"). + WithHeader("Host", host). + WithHeader("Accept-Encoding", "gzip"). + Expect(). + Status(http.StatusOK). + ContentType("application/octet-stream"). + ContentEncoding() + + f.HTTPTestClient(). + GET("/bytes/100"). + WithHeader("Host", host). + WithHeader("Accept-Encoding", "gzip"). + Expect(). + Status(http.StatusOK). + ContentType("application/octet-stream"). + ContentEncoding("gzip") }) - ginkgo.It("should set gzip_types to application/javascript", func() { + ginkgo.It("should set gzip_types to text/html", func() { f.UpdateNginxConfigMapData("use-gzip", "true") - f.UpdateNginxConfigMapData("gzip-types", "application/javascript") + f.UpdateNginxConfigMapData("gzip-types", "text/html") f.WaitForNginxConfiguration( func(cfg string) bool { return strings.Contains(cfg, "gzip on;") && - strings.Contains(cfg, "gzip_types application/javascript;") - }) + strings.Contains(cfg, "gzip_types text/html;") + }, + ) + + f.HTTPTestClient(). + GET("/xml"). + WithHeader("Host", host). + WithHeader("Accept-Encoding", "gzip"). + Expect(). + Status(http.StatusOK). + ContentType("application/xml"). + ContentEncoding() + + f.HTTPTestClient(). + GET("/html"). + WithHeader("Host", host). + WithHeader("Accept-Encoding", "gzip"). + Expect(). + Status(http.StatusOK). + ContentType("text/html"). + ContentEncoding("gzip") }) }) From 58f6285c7049b25d3e3f2dac310516fc9eaf2c73 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 27 Feb 2024 12:50:45 -0300 Subject: [PATCH 061/154] Stop reporting interrupted tests (#11027) --- test/e2e/framework/framework.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index b62ad691c..4723117c8 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -25,6 +25,7 @@ import ( "k8s.io/ingress-nginx/test/e2e/framework/httpexpect" "github.com/onsi/ginkgo/v2" + ginkgotypes "github.com/onsi/ginkgo/v2/types" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" @@ -178,7 +179,7 @@ func (f *Framework) AfterEach() { assert.Nil(ginkgo.GinkgoT(), err, "deleting IngressClass") }(f.KubeClientSet, f.IngressClass) - if !ginkgo.CurrentSpecReport().Failed() { + if !ginkgo.CurrentSpecReport().Failed() || ginkgo.CurrentSpecReport().State.Is(ginkgotypes.SpecStateInterrupted) { return } From bb6d1b77be818b133286dcf449e22d772b8331d9 Mon Sep 17 00:00:00 2001 From: Bazze <1932208+Bazze@users.noreply.github.com> Date: Tue, 27 Feb 2024 18:27:48 +0100 Subject: [PATCH 062/154] Update controller-prometheusrules.yaml (#8902) As fixed in pull request #7829 for the ServiceMonitor resource, this is also needed for the PrometheusRule. When upgrading the ingress-nginx chart in our environment (via Pulumi) from a really old version to the latest (4.2.0) we noticed it wanted to delete the PrometheusRule resource. This PR should fix that. --- charts/ingress-nginx/templates/controller-prometheusrules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ingress-nginx/templates/controller-prometheusrules.yaml b/charts/ingress-nginx/templates/controller-prometheusrules.yaml index f0b93cc8c..41684c370 100644 --- a/charts/ingress-nginx/templates/controller-prometheusrules.yaml +++ b/charts/ingress-nginx/templates/controller-prometheusrules.yaml @@ -1,4 +1,4 @@ -{{- if and ( .Values.controller.metrics.enabled ) ( .Values.controller.metrics.prometheusRule.enabled ) ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) -}} +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: From b4ea953cced3890b26c7d2cdd3adb071a65d675f Mon Sep 17 00:00:00 2001 From: Khoo Hao Yit Date: Wed, 28 Feb 2024 01:41:09 +0800 Subject: [PATCH 063/154] add missing backend-protocol annotation option (#9545) --- docs/user-guide/nginx-configuration/annotations.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 42dc918e3..184c4993b 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -39,7 +39,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/auth-proxy-set-headers](#external-authentication)|string| |[nginx.ingress.kubernetes.io/auth-snippet](#external-authentication)|string| |[nginx.ingress.kubernetes.io/enable-global-auth](#external-authentication)|"true" or "false"| -|[nginx.ingress.kubernetes.io/backend-protocol](#backend-protocol)|string|HTTP,HTTPS,GRPC,GRPCS| +|[nginx.ingress.kubernetes.io/backend-protocol](#backend-protocol)|string| |[nginx.ingress.kubernetes.io/canary](#canary)|"true" or "false"| |[nginx.ingress.kubernetes.io/canary-by-header](#canary)|string| |[nginx.ingress.kubernetes.io/canary-by-header-value](#canary)|string| @@ -907,7 +907,7 @@ Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf ### Backend Protocol Using `backend-protocol` annotations is possible to indicate how NGINX should communicate with the backend service. (Replaces `secure-backends` in older versions) -Valid Values: HTTP, HTTPS, GRPC, GRPCS and FCGI +Valid Values: HTTP, HTTPS, AUTO_HTTP, GRPC, GRPCS and FCGI By default NGINX uses `HTTP`. From fa0bf819841ddf11b71a7ae1228a1761c9596e8c Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 27 Feb 2024 14:52:42 -0300 Subject: [PATCH 064/154] Bump go libraries (#11023) * Bump go libraries * Fix update codegen execution * Fix errors on klog * Fix gzip test * Bump libraries on webhook certgen * Fix webhook-certgen compilation --- cmd/nginx/logger.go | 4 +- go.mod | 107 +-- go.sum | 251 +++--- go.work.sum | 468 ++++++++++- hack/update-codegen.sh | 4 +- images/kube-webhook-certgen/TAG | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/go.mod | 72 +- images/kube-webhook-certgen/rootfs/go.sum | 764 ++---------------- internal/ingress/annotations/rewrite/main.go | 8 +- .../ingress/metric/collectors/testutils.go | 4 +- magefiles/go.mod | 17 +- magefiles/go.sum | 34 +- test/e2e/settings/gzip.go | 4 +- test/e2e/settings/pod_security_policy.go | 142 ---- .../settings/pod_security_policy_volumes.go | 127 --- 16 files changed, 765 insertions(+), 1245 deletions(-) delete mode 100644 test/e2e/settings/pod_security_policy.go delete mode 100644 test/e2e/settings/pod_security_policy_volumes.go diff --git a/cmd/nginx/logger.go b/cmd/nginx/logger.go index 323085c83..8f0db0257 100644 --- a/cmd/nginx/logger.go +++ b/cmd/nginx/logger.go @@ -33,11 +33,11 @@ func logger(address string) { server.SetFormat(syslog.RFC3164) server.SetHandler(handler) if err := server.ListenUDP(address); err != nil { - klog.Fatalf("failed bind internal syslog: %w", err) + klog.Fatalf("failed bind internal syslog: %s", err.Error()) } if err := server.Boot(); err != nil { - klog.Fatalf("failed to boot internal syslog: %w", err) + klog.Fatalf("failed to boot internal syslog: %s", err.Error()) } klog.Infof("Is Chrooted, starting logger") diff --git a/go.mod b/go.mod index 7b18f3335..1aed07bba 100644 --- a/go.mod +++ b/go.mod @@ -19,108 +19,113 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.18.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.46.0 + github.com/prometheus/common v0.48.0 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 - golang.org/x/crypto v0.19.0 - google.golang.org/grpc v1.61.0 - google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 + golang.org/x/crypto v0.20.0 + google.golang.org/grpc v1.62.0 + google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.27.6 - k8s.io/apiextensions-apiserver v0.27.6 - k8s.io/apimachinery v0.27.6 - k8s.io/apiserver v0.27.6 - k8s.io/cli-runtime v0.27.6 - k8s.io/client-go v0.27.6 - k8s.io/code-generator v0.27.6 - k8s.io/component-base v0.27.6 - k8s.io/klog/v2 v2.100.1 + k8s.io/api v0.29.2 + k8s.io/apiextensions-apiserver v0.29.2 + k8s.io/apimachinery v0.29.2 + k8s.io/apiserver v0.29.2 + k8s.io/cli-runtime v0.29.2 + k8s.io/client-go v0.29.2 + k8s.io/code-generator v0.29.2 + k8s.io/component-base v0.29.2 + k8s.io/klog/v2 v2.120.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 - sigs.k8s.io/controller-runtime v0.14.6 + sigs.k8s.io/controller-runtime v0.17.2 sigs.k8s.io/mdtoc v1.1.0 ) require ( + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/BurntSushi/toml v1.3.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/coreos/go-systemd/v22 v22.4.0 // indirect + github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/eapache/queue v1.1.0 // indirect - github.com/emicklei/go-restful/v3 v3.10.2 // indirect - github.com/evanphx/json-patch v4.12.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect + github.com/emicklei/go-restful/v3 v3.11.3 // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa // indirect - github.com/go-errors/errors v1.4.2 // indirect - github.com/go-logr/logr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-errors/errors v1.5.1 // indirect + github.com/go-logr/logr v1.4.1 // indirect + github.com/go-openapi/jsonpointer v0.20.2 // indirect + github.com/go-openapi/jsonreference v0.20.4 // indirect + github.com/go-openapi/swag v0.22.9 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect - github.com/godbus/dbus/v5 v5.0.6 // indirect + github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7 // indirect - github.com/google/btree v1.0.1 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect + github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47 // indirect + github.com/google/btree v1.1.2 // indirect + github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect - github.com/google/gofuzz v1.1.0 // indirect - github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/pprof v0.0.0-20240225044709-fd706174c886 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/google/uuid v1.4.0 // indirect - github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect - github.com/imdario/mergo v0.3.6 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect - github.com/moby/sys/mountinfo v0.5.0 // indirect + github.com/moby/sys/mountinfo v0.7.1 // indirect + github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect github.com/onsi/ginkgo v1.16.5 // indirect - github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect + github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/procfs v0.12.0 // indirect - github.com/sergi/go-diff v1.1.0 // indirect - github.com/sirupsen/logrus v1.9.0 // indirect - github.com/xlab/treeprint v1.1.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect + github.com/xlab/treeprint v1.2.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect github.com/yudai/pp v2.0.1+incompatible // indirect - go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.20.0 // indirect - golang.org/x/oauth2 v0.16.0 // indirect + go.starlark.net v0.0.0-20240123142251-f86470692795 // indirect + golang.org/x/mod v0.15.0 // indirect + golang.org/x/net v0.21.0 // indirect + golang.org/x/oauth2 v0.17.0 // indirect + golang.org/x/sync v0.6.0 // indirect golang.org/x/sys v0.17.0 // indirect golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.16.1 // indirect + golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.18.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c // indirect google.golang.org/protobuf v1.32.0 // indirect + gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect + k8s.io/gengo v0.0.0-20240226174109-00c4be8627da // indirect + k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b // indirect + k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.13.2 // indirect - sigs.k8s.io/kustomize/kyaml v0.14.1 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + sigs.k8s.io/kustomize/api v0.16.0 // indirect + sigs.k8s.io/kustomize/kyaml v0.16.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 4dc71934f..88d1a1a44 100644 --- a/go.sum +++ b/go.sum @@ -33,6 +33,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= @@ -59,30 +61,31 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/coreos/go-systemd/v22 v22.4.0 h1:y9YHcjnjynCd/DVbg5j9L/33jQM3MxJlbj/zWskzfGU= -github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= +github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= +github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/eapache/channels v1.1.0 h1:F1taHcn7/F0i8DYqKXJnyhJcVpp2kgFcNePxXtnyu4k= github.com/eapache/channels v1.1.0/go.mod h1:jMm2qB5Ubtg9zLd+inMZd2/NUvXgzmWXsDaLyQIGfH0= github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE= -github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.11.3 h1:yagOQz/38xJmcNeZJtrUcKjkHRltIaIFXKWeG1SkWGE= +github.com/emicklei/go-restful/v3 v3.11.3/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= -github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= @@ -90,8 +93,8 @@ github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyT github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= -github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= +github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -102,24 +105,23 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= -github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= -github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= +github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= +github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= +github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= +github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= +github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= -github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= +github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -154,14 +156,15 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7 h1:oKYOfNR7Hp6XpZ4JqolL5u642Js5Z0n7psPVl+S5heo= github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7/go.mod h1:aii0r/K0ZnHv7G0KF7xy1v0A7s2Ljrb5byB7MO5p6TU= +github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47 h1:k4Tw0nt6lwro3Uin8eqoET7MDA4JnT8YgbCjc/g5E3k= +github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= +github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= +github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -172,11 +175,13 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -186,26 +191,25 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 h1:pUa4ghanp6q4IJHwE9RwLgmVFfReJN+KbQ8ExNEUUoQ= -github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240225044709-fd706174c886 h1:JSJUTZTQT1Gzb2ROdAKOY3HwzBYcclS2GgumhMfHqjw= +github.com/google/pprof v0.0.0-20240225044709-fd706174c886/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -241,8 +245,8 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= @@ -252,8 +256,10 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mmarkdown/mmark v2.0.40+incompatible h1:vMeUeDzBK3H+/mU0oMVfMuhSXJlIA+DE/DMPQNAj5C4= github.com/mmarkdown/mmark v2.0.40+incompatible/go.mod h1:Uvmoz7tvsWpr7bMVxIpqZPyN3FbOtzDmnsJDFp7ltJs= -github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI= -github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= +github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= +github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -289,8 +295,8 @@ github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss= github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= -github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= -github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= +github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -316,8 +322,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= -github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= +github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= +github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -332,21 +338,19 @@ github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6po github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.1.3/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= @@ -356,14 +360,11 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= -github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= +github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= +github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg= github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 h1:BHyfKlQyqbsFN5p3IfnEUduWvb9is428/nNb5L3U01M= @@ -382,14 +383,14 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= -go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= +go.starlark.net v0.0.0-20240123142251-f86470692795 h1:LmbG8Pq7KDGkglKVn8VpZOZj6vb9b8nKEGcg9l03epM= +go.starlark.net v0.0.0-20240123142251-f86470692795/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -399,8 +400,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= +golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -411,6 +412,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -432,8 +435,8 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -468,16 +471,16 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= +golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -489,6 +492,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -504,7 +509,6 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -532,11 +536,12 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -556,8 +561,8 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -603,14 +608,14 @@ golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= -golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= -gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -664,9 +669,8 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c h1:NUsgEN92SQQqzfA+YtqYNqYmB3DMMYLlIwUZAQFVFbo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -679,10 +683,10 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= -google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU= -google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI= +google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= +google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= +google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab/go.mod h1:liVNnGuZDITxuksuZ+BBvdy7FcJfeNk+efF9qgqNUmc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -704,6 +708,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v5 v5.9.0 h1:hx1VU2SGj4F8r9b8GUwJLdc8DNO8sy79ZGui0G05GLo= +gopkg.in/evanphx/json-patch.v5 v5.9.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= @@ -724,7 +730,6 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -734,48 +739,48 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.27.6 h1:PBWu/lywJe2qQcshMjubzcBg7+XDZOo7O8JJAWuYtUo= -k8s.io/api v0.27.6/go.mod h1:AQYj0UsFCp3qJE7bOVnUuy4orCsXVkvHefnbYQiNWgk= -k8s.io/apiextensions-apiserver v0.27.6 h1:mOwSBJtThZhpJr+8gEkc3wFDIjq87E3JspR5mtZxIg8= -k8s.io/apiextensions-apiserver v0.27.6/go.mod h1:AVNlLYRrESG5Poo6ASRUhY2pvoKPcNt8y/IuZ4lx3o8= -k8s.io/apimachinery v0.27.6 h1:mGU8jmBq5o8mWBov+mLjdTBcU+etTE19waies4AQ6NE= -k8s.io/apimachinery v0.27.6/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/apiserver v0.27.6 h1:r/eHN8r3lG2buggHrVMy++kKhHlHn1HWSX1dqDtes54= -k8s.io/apiserver v0.27.6/go.mod h1:Xeo9OEXn2kDLK5pqspjdXQx7YKgDyKSpwIB4p0BmpAQ= -k8s.io/cli-runtime v0.27.6 h1:ik1+20C0AvxYcqEzwebH2PHOlqBTKUHZnOuPtG2CCl8= -k8s.io/cli-runtime v0.27.6/go.mod h1:+qSBK08EJL1fFvsfVNlETzsgGtxIhascIGZSuaQXQro= -k8s.io/client-go v0.27.6 h1:vzI8804gpUtpMCNaFjIFyJrifH7u//LJCJPy8fQuYQg= -k8s.io/client-go v0.27.6/go.mod h1:PMsXcDKiJTW7PHJ64oEsIUJF319wm+EFlCj76oE5QXM= -k8s.io/code-generator v0.27.6 h1:1zkSDvylcA11s91aYg5U7fZ24EXMZ+KIDOj/Z3Ti4c8= -k8s.io/code-generator v0.27.6/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww= -k8s.io/component-base v0.27.6 h1:hF5WxX7Tpi9/dXAbLjPVkIA6CA6Pi6r9JOHyo0uCDYI= -k8s.io/component-base v0.27.6/go.mod h1:NvjLtaneUeb0GgMPpCBF+4LNB9GuhDHi16uUTjBhQfU= -k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= -k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= +k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= +k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= +k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= +k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= +k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ= +k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ= +k8s.io/cli-runtime v0.29.2 h1:smfsOcT4QujeghsNjECKN3lwyX9AwcFU0nvJ7sFN3ro= +k8s.io/cli-runtime v0.29.2/go.mod h1:KLisYYfoqeNfO+MkTWvpqIyb1wpJmmFJhioA0xd4MW8= +k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= +k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/code-generator v0.29.2 h1:c9/iw2KnNpw2IRV+wwuG/Wns2TjPSgjWzbbjTevyiHI= +k8s.io/code-generator v0.29.2/go.mod h1:FwFi3C9jCrmbPjekhaCYcYG1n07CYiW1+PAPCockaos= +k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= +k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/gengo v0.0.0-20240226174109-00c4be8627da h1:uH7pylUCo++9PSvrUA34sbk4Y6PHw/bgEFa80pejI+I= +k8s.io/gengo v0.0.0-20240226174109-00c4be8627da/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= -k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b h1:1dzw/KqgSPod72SUp2tuTOmK33TlY2fHlrVU2M9VrOM= +k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.14.6 h1:oxstGVvXGNnMvY7TAESYk+lzr6S3V5VFxQ6d92KcwQA= -sigs.k8s.io/controller-runtime v0.14.6/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0= +sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= +sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.13.2 h1:kejWfLeJhUsTGioDoFNJET5LQe/ajzXhJGYoU+pJsiA= -sigs.k8s.io/kustomize/api v0.13.2/go.mod h1:DUp325VVMFVcQSq+ZxyDisA8wtldwHxLZbr1g94UHsw= -sigs.k8s.io/kustomize/kyaml v0.14.1 h1:c8iibius7l24G2wVAGZn/Va2wNys03GXLjYVIcFVxKA= -sigs.k8s.io/kustomize/kyaml v0.14.1/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4= +sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g= +sigs.k8s.io/kustomize/api v0.16.0/go.mod h1:MnFZ7IP2YqVyVwMWoRxPtgl/5hpA+eCCrQR/866cm5c= +sigs.k8s.io/kustomize/kyaml v0.16.0 h1:6J33uKSoATlKZH16unr2XOhDI+otoe2sR3M8PDzW3K0= +sigs.k8s.io/kustomize/kyaml v0.16.0/go.mod h1:xOK/7i+vmE14N2FdFyugIshB8eF6ALpy7jI87Q2nRh4= sigs.k8s.io/mdtoc v1.1.0 h1:q3YtqYzmC2e0hgLXRIOm7/QLuPux1CX3ZHCwlbABxZo= sigs.k8s.io/mdtoc v1.1.0/go.mod h1:QZLVEdHH2iNIR4uHAZyvFRtjloHgVItk8lo/mzCtq3w= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/go.work.sum b/go.work.sum index d73c169de..af236d3b1 100644 --- a/go.work.sum +++ b/go.work.sum @@ -1,180 +1,451 @@ +cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= +cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk= +cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic= +cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= cloud.google.com/go/accessapproval v1.7.1/go.mod h1:JYczztsHRMK7NTXb6Xw+dwbs/WnOJxbo/2mTI+Kgg68= +cloud.google.com/go/accessapproval v1.7.4/go.mod h1:/aTEh45LzplQgFYdQdwPMR9YdX0UlhBmvB84uAmQKUc= +cloud.google.com/go/accessapproval v1.7.5/go.mod h1:g88i1ok5dvQ9XJsxpUInWWvUBrIZhyPDPbk4T01OoJ0= cloud.google.com/go/accesscontextmanager v1.8.1/go.mod h1:JFJHfvuaTC+++1iL1coPiG1eu5D24db2wXCDWDjIrxo= +cloud.google.com/go/accesscontextmanager v1.8.4/go.mod h1:ParU+WbMpD34s5JFEnGAnPBYAgUHozaTmDJU7aCU9+M= +cloud.google.com/go/accesscontextmanager v1.8.5/go.mod h1:TInEhcZ7V9jptGNqN3EzZ5XMhT6ijWxTGjzyETwmL0Q= cloud.google.com/go/aiplatform v1.45.0/go.mod h1:Iu2Q7sC7QGhXUeOhAj/oCK9a+ULz1O4AotZiqjQ8MYA= cloud.google.com/go/aiplatform v1.50.0/go.mod h1:IRc2b8XAMTa9ZmfJV1BCCQbieWWvDnP1A8znyz5N7y4= +cloud.google.com/go/aiplatform v1.52.0/go.mod h1:pwZMGvqe0JRkI1GWSZCtnAfrR4K1bv65IHILGA//VEU= +cloud.google.com/go/aiplatform v1.58.0/go.mod h1:pwZMGvqe0JRkI1GWSZCtnAfrR4K1bv65IHILGA//VEU= +cloud.google.com/go/aiplatform v1.60.0/go.mod h1:eTlGuHOahHprZw3Hio5VKmtThIOak5/qy6pzdsqcQnM= cloud.google.com/go/analytics v0.21.2/go.mod h1:U8dcUtmDmjrmUTnnnRnI4m6zKn/yaA5N9RlEkYFHpQo= cloud.google.com/go/analytics v0.21.3/go.mod h1:U8dcUtmDmjrmUTnnnRnI4m6zKn/yaA5N9RlEkYFHpQo= +cloud.google.com/go/analytics v0.21.6/go.mod h1:eiROFQKosh4hMaNhF85Oc9WO97Cpa7RggD40e/RBy8w= +cloud.google.com/go/analytics v0.22.0/go.mod h1:eiROFQKosh4hMaNhF85Oc9WO97Cpa7RggD40e/RBy8w= +cloud.google.com/go/analytics v0.23.0/go.mod h1:YPd7Bvik3WS95KBok2gPXDqQPHy08TsCQG6CdUCb+u0= cloud.google.com/go/apigateway v1.6.1/go.mod h1:ufAS3wpbRjqfZrzpvLC2oh0MFlpRJm2E/ts25yyqmXA= +cloud.google.com/go/apigateway v1.6.4/go.mod h1:0EpJlVGH5HwAN4VF4Iec8TAzGN1aQgbxAWGJsnPCGGY= +cloud.google.com/go/apigateway v1.6.5/go.mod h1:6wCwvYRckRQogyDDltpANi3zsCDl6kWi0b4Je+w2UiI= cloud.google.com/go/apigeeconnect v1.6.1/go.mod h1:C4awq7x0JpLtrlQCr8AzVIzAaYgngRqWf9S5Uhg+wWs= +cloud.google.com/go/apigeeconnect v1.6.4/go.mod h1:CapQCWZ8TCjnU0d7PobxhpOdVz/OVJ2Hr/Zcuu1xFx0= +cloud.google.com/go/apigeeconnect v1.6.5/go.mod h1:MEKm3AiT7s11PqTfKE3KZluZA9O91FNysvd3E6SJ6Ow= cloud.google.com/go/apigeeregistry v0.7.1/go.mod h1:1XgyjZye4Mqtw7T9TsY4NW10U7BojBvG4RMD+vRDrIw= +cloud.google.com/go/apigeeregistry v0.8.2/go.mod h1:h4v11TDGdeXJDJvImtgK2AFVvMIgGWjSb0HRnBSjcX8= +cloud.google.com/go/apigeeregistry v0.8.3/go.mod h1:aInOWnqF4yMQx8kTjDqHNXjZGh/mxeNlAf52YqtASUs= cloud.google.com/go/appengine v1.8.1/go.mod h1:6NJXGLVhZCN9aQ/AEDvmfzKEfoYBlfB80/BHiKVputY= +cloud.google.com/go/appengine v1.8.4/go.mod h1:TZ24v+wXBujtkK77CXCpjZbnuTvsFNT41MUaZ28D6vg= +cloud.google.com/go/appengine v1.8.5/go.mod h1:uHBgNoGLTS5di7BvU25NFDuKa82v0qQLjyMJLuPQrVo= cloud.google.com/go/area120 v0.8.1/go.mod h1:BVfZpGpB7KFVNxPiQBuHkX6Ed0rS51xIgmGyjrAfzsg= +cloud.google.com/go/area120 v0.8.4/go.mod h1:jfawXjxf29wyBXr48+W+GyX/f8fflxp642D/bb9v68M= +cloud.google.com/go/area120 v0.8.5/go.mod h1:BcoFCbDLZjsfe4EkCnEq1LKvHSK0Ew/zk5UFu6GMyA0= cloud.google.com/go/artifactregistry v1.14.1/go.mod h1:nxVdG19jTaSTu7yA7+VbWL346r3rIdkZ142BSQqhn5E= +cloud.google.com/go/artifactregistry v1.14.6/go.mod h1:np9LSFotNWHcjnOgh8UVK0RFPCTUGbO0ve3384xyHfE= +cloud.google.com/go/artifactregistry v1.14.7/go.mod h1:0AUKhzWQzfmeTvT4SjfI4zjot72EMfrkvL9g9aRjnnM= cloud.google.com/go/asset v1.14.1/go.mod h1:4bEJ3dnHCqWCDbWJ/6Vn7GVI9LerSi7Rfdi03hd+WTQ= +cloud.google.com/go/asset v1.15.3/go.mod h1:yYLfUD4wL4X589A9tYrv4rFrba0QlDeag0CMcM5ggXU= +cloud.google.com/go/asset v1.17.0/go.mod h1:yYLfUD4wL4X589A9tYrv4rFrba0QlDeag0CMcM5ggXU= +cloud.google.com/go/asset v1.17.2/go.mod h1:SVbzde67ehddSoKf5uebOD1sYw8Ab/jD/9EIeWg99q4= cloud.google.com/go/assuredworkloads v1.11.1/go.mod h1:+F04I52Pgn5nmPG36CWFtxmav6+7Q+c5QyJoL18Lry0= +cloud.google.com/go/assuredworkloads v1.11.4/go.mod h1:4pwwGNwy1RP0m+y12ef3Q/8PaiWrIDQ6nD2E8kvWI9U= +cloud.google.com/go/assuredworkloads v1.11.5/go.mod h1:FKJ3g3ZvkL2D7qtqIGnDufFkHxwIpNM9vtmhvt+6wqk= cloud.google.com/go/automl v1.13.1/go.mod h1:1aowgAHWYZU27MybSCFiukPO7xnyawv7pt3zK4bheQE= +cloud.google.com/go/automl v1.13.4/go.mod h1:ULqwX/OLZ4hBVfKQaMtxMSTlPx0GqGbWN8uA/1EqCP8= +cloud.google.com/go/automl v1.13.5/go.mod h1:MDw3vLem3yh+SvmSgeYUmUKqyls6NzSumDm9OJ3xJ1Y= cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= cloud.google.com/go/baremetalsolution v1.2.0/go.mod h1:68wi9AwPYkEWIUT4SvSGS9UJwKzNpshjHsH4lzk8iOw= +cloud.google.com/go/baremetalsolution v1.2.3/go.mod h1:/UAQ5xG3faDdy180rCUv47e0jvpp3BFxT+Cl0PFjw5g= +cloud.google.com/go/baremetalsolution v1.2.4/go.mod h1:BHCmxgpevw9IEryE99HbYEfxXkAEA3hkMJbYYsHtIuY= cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= cloud.google.com/go/batch v1.4.1/go.mod h1:KdBmDD61K0ovcxoRHGrN6GmOBWeAOyCgKD0Mugx4Fkk= +cloud.google.com/go/batch v1.6.3/go.mod h1:J64gD4vsNSA2O5TtDB5AAux3nJ9iV8U3ilg3JDBYejU= +cloud.google.com/go/batch v1.7.0/go.mod h1:J64gD4vsNSA2O5TtDB5AAux3nJ9iV8U3ilg3JDBYejU= +cloud.google.com/go/batch v1.8.0/go.mod h1:k8V7f6VE2Suc0zUM4WtoibNrA6D3dqBpB+++e3vSGYc= cloud.google.com/go/beyondcorp v0.6.1/go.mod h1:YhxDWw946SCbmcWo3fAhw3V4XZMSpQ/VYfcKGAEU8/4= cloud.google.com/go/beyondcorp v1.0.0/go.mod h1:YhxDWw946SCbmcWo3fAhw3V4XZMSpQ/VYfcKGAEU8/4= +cloud.google.com/go/beyondcorp v1.0.3/go.mod h1:HcBvnEd7eYr+HGDd5ZbuVmBYX019C6CEXBonXbCVwJo= +cloud.google.com/go/beyondcorp v1.0.4/go.mod h1:Gx8/Rk2MxrvWfn4WIhHIG1NV7IBfg14pTKv1+EArVcc= cloud.google.com/go/bigquery v1.52.0/go.mod h1:3b/iXjRQGU4nKa87cXeg6/gogLjO8C6PmuM8i5Bi/u4= cloud.google.com/go/bigquery v1.55.0/go.mod h1:9Y5I3PN9kQWuid6183JFhOGOW3GcirA5LpsKCUn+2ec= +cloud.google.com/go/bigquery v1.57.1/go.mod h1:iYzC0tGVWt1jqSzBHqCr3lrRn0u13E8e+AqowBsDgug= +cloud.google.com/go/bigquery v1.58.0/go.mod h1:0eh4mWNY0KrBTjUzLjoYImapGORq9gEPT7MWjCy9lik= +cloud.google.com/go/bigquery v1.59.1/go.mod h1:VP1UJYgevyTwsV7desjzNzDND5p6hZB+Z8gZJN1GQUc= cloud.google.com/go/billing v1.16.0/go.mod h1:y8vx09JSSJG02k5QxbycNRrN7FGZB6F3CAcgum7jvGA= cloud.google.com/go/billing v1.17.0/go.mod h1:Z9+vZXEq+HwH7bhJkyI4OQcR6TSbeMrjlpEjO2vzY64= +cloud.google.com/go/billing v1.17.4/go.mod h1:5DOYQStCxquGprqfuid/7haD7th74kyMBHkjO/OvDtk= +cloud.google.com/go/billing v1.18.0/go.mod h1:5DOYQStCxquGprqfuid/7haD7th74kyMBHkjO/OvDtk= +cloud.google.com/go/billing v1.18.2/go.mod h1:PPIwVsOOQ7xzbADCwNe8nvK776QpfrOAUkvKjCUcpSE= cloud.google.com/go/binaryauthorization v1.6.1/go.mod h1:TKt4pa8xhowwffiBmbrbcxijJRZED4zrqnwZ1lKH51U= cloud.google.com/go/binaryauthorization v1.7.0/go.mod h1:Zn+S6QqTMn6odcMU1zDZCJxPjU2tZPV1oDl45lWY154= +cloud.google.com/go/binaryauthorization v1.7.3/go.mod h1:VQ/nUGRKhrStlGr+8GMS8f6/vznYLkdK5vaKfdCIpvU= +cloud.google.com/go/binaryauthorization v1.8.0/go.mod h1:VQ/nUGRKhrStlGr+8GMS8f6/vznYLkdK5vaKfdCIpvU= +cloud.google.com/go/binaryauthorization v1.8.1/go.mod h1:1HVRyBerREA/nhI7yLang4Zn7vfNVA3okoAR9qYQJAQ= cloud.google.com/go/certificatemanager v1.7.1/go.mod h1:iW8J3nG6SaRYImIa+wXQ0g8IgoofDFRp5UMzaNk1UqI= +cloud.google.com/go/certificatemanager v1.7.4/go.mod h1:FHAylPe/6IIKuaRmHbjbdLhGhVQ+CWHSD5Jq0k4+cCE= +cloud.google.com/go/certificatemanager v1.7.5/go.mod h1:uX+v7kWqy0Y3NG/ZhNvffh0kuqkKZIXdvlZRO7z0VtM= cloud.google.com/go/channel v1.16.0/go.mod h1:eN/q1PFSl5gyu0dYdmxNXscY/4Fi7ABmeHCJNf/oHmc= cloud.google.com/go/channel v1.17.0/go.mod h1:RpbhJsGi/lXWAUM1eF4IbQGbsfVlg2o8Iiy2/YLfVT0= +cloud.google.com/go/channel v1.17.3/go.mod h1:QcEBuZLGGrUMm7kNj9IbU1ZfmJq2apotsV83hbxX7eE= +cloud.google.com/go/channel v1.17.4/go.mod h1:QcEBuZLGGrUMm7kNj9IbU1ZfmJq2apotsV83hbxX7eE= +cloud.google.com/go/channel v1.17.5/go.mod h1:FlpaOSINDAXgEext0KMaBq/vwpLMkkPAw9b2mApQeHc= cloud.google.com/go/cloudbuild v1.10.1/go.mod h1:lyJg7v97SUIPq4RC2sGsz/9tNczhyv2AjML/ci4ulzU= cloud.google.com/go/cloudbuild v1.14.0/go.mod h1:lyJg7v97SUIPq4RC2sGsz/9tNczhyv2AjML/ci4ulzU= +cloud.google.com/go/cloudbuild v1.14.3/go.mod h1:eIXYWmRt3UtggLnFGx4JvXcMj4kShhVzGndL1LwleEM= +cloud.google.com/go/cloudbuild v1.15.0/go.mod h1:eIXYWmRt3UtggLnFGx4JvXcMj4kShhVzGndL1LwleEM= +cloud.google.com/go/cloudbuild v1.15.1/go.mod h1:gIofXZSu+XD2Uy+qkOrGKEx45zd7s28u/k8f99qKals= cloud.google.com/go/clouddms v1.6.1/go.mod h1:Ygo1vL52Ov4TBZQquhz5fiw2CQ58gvu+PlS6PVXCpZI= cloud.google.com/go/clouddms v1.7.0/go.mod h1:MW1dC6SOtI/tPNCciTsXtsGNEM0i0OccykPvv3hiYeM= +cloud.google.com/go/clouddms v1.7.3/go.mod h1:fkN2HQQNUYInAU3NQ3vRLkV2iWs8lIdmBKOx4nrL6Hc= +cloud.google.com/go/clouddms v1.7.4/go.mod h1:RdrVqoFG9RWI5AvZ81SxJ/xvxPdtcRhFotwdE79DieY= cloud.google.com/go/cloudtasks v1.11.1/go.mod h1:a9udmnou9KO2iulGscKR0qBYjreuX8oHwpmFsKspEvM= cloud.google.com/go/cloudtasks v1.12.1/go.mod h1:a9udmnou9KO2iulGscKR0qBYjreuX8oHwpmFsKspEvM= +cloud.google.com/go/cloudtasks v1.12.4/go.mod h1:BEPu0Gtt2dU6FxZHNqqNdGqIG86qyWKBPGnsb7udGY0= +cloud.google.com/go/cloudtasks v1.12.6/go.mod h1:b7c7fe4+TJsFZfDyzO51F7cjq7HLUlRi/KZQLQjDsaY= cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI= cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78= +cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= +cloud.google.com/go/compute v1.24.0/go.mod h1:kw1/T+h/+tK2LJK0wiPPx1intgdAM3j/g3hFDlscY40= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/contactcenterinsights v1.9.1/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM= cloud.google.com/go/contactcenterinsights v1.10.0/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM= +cloud.google.com/go/contactcenterinsights v1.11.3/go.mod h1:HHX5wrz5LHVAwfI2smIotQG9x8Qd6gYilaHcLLLmNis= +cloud.google.com/go/contactcenterinsights v1.12.1/go.mod h1:HHX5wrz5LHVAwfI2smIotQG9x8Qd6gYilaHcLLLmNis= +cloud.google.com/go/contactcenterinsights v1.13.0/go.mod h1:ieq5d5EtHsu8vhe2y3amtZ+BE+AQwX5qAy7cpo0POsI= cloud.google.com/go/container v1.22.1/go.mod h1:lTNExE2R7f+DLbAN+rJiKTisauFCaoDq6NURZ83eVH4= cloud.google.com/go/container v1.26.0/go.mod h1:YJCmRet6+6jnYYRS000T6k0D0xUXQgBSaJ7VwI8FBj4= +cloud.google.com/go/container v1.27.1/go.mod h1:b1A1gJeTBXVLQ6GGw9/9M4FG94BEGsqJ5+t4d/3N7O4= +cloud.google.com/go/container v1.29.0/go.mod h1:b1A1gJeTBXVLQ6GGw9/9M4FG94BEGsqJ5+t4d/3N7O4= +cloud.google.com/go/container v1.31.0/go.mod h1:7yABn5s3Iv3lmw7oMmyGbeV6tQj86njcTijkkGuvdZA= cloud.google.com/go/containeranalysis v0.10.1/go.mod h1:Ya2jiILITMY68ZLPaogjmOMNkwsDrWBSTyBubGXO7j0= cloud.google.com/go/containeranalysis v0.11.0/go.mod h1:4n2e99ZwpGxpNcz+YsFT1dfOHPQFGcAC8FN2M2/ne/U= +cloud.google.com/go/containeranalysis v0.11.3/go.mod h1:kMeST7yWFQMGjiG9K7Eov+fPNQcGhb8mXj/UcTiWw9U= +cloud.google.com/go/containeranalysis v0.11.4/go.mod h1:cVZT7rXYBS9NG1rhQbWL9pWbXCKHWJPYraE8/FTSYPE= cloud.google.com/go/datacatalog v1.14.1/go.mod h1:d2CevwTG4yedZilwe+v3E3ZBDRMobQfSG/a6cCCN5R4= cloud.google.com/go/datacatalog v1.17.1/go.mod h1:nCSYFHgtxh2MiEktWIz71s/X+7ds/UT9kp0PC7waCzE= +cloud.google.com/go/datacatalog v1.18.3/go.mod h1:5FR6ZIF8RZrtml0VUao22FxhdjkoG+a0866rEnObryM= +cloud.google.com/go/datacatalog v1.19.2/go.mod h1:2YbODwmhpLM4lOFe3PuEhHK9EyTzQJ5AXgIy7EDKTEE= +cloud.google.com/go/datacatalog v1.19.3/go.mod h1:ra8V3UAsciBpJKQ+z9Whkxzxv7jmQg1hfODr3N3YPJ4= cloud.google.com/go/dataflow v0.9.1/go.mod h1:Wp7s32QjYuQDWqJPFFlnBKhkAtiFpMTdg00qGbnIHVw= +cloud.google.com/go/dataflow v0.9.4/go.mod h1:4G8vAkHYCSzU8b/kmsoR2lWyHJD85oMJPHMtan40K8w= +cloud.google.com/go/dataflow v0.9.5/go.mod h1:udl6oi8pfUHnL0z6UN9Lf9chGqzDMVqcYTcZ1aPnCZQ= cloud.google.com/go/dataform v0.8.1/go.mod h1:3BhPSiw8xmppbgzeBbmDvmSWlwouuJkXsXsb8UBih9M= +cloud.google.com/go/dataform v0.9.1/go.mod h1:pWTg+zGQ7i16pyn0bS1ruqIE91SdL2FDMvEYu/8oQxs= +cloud.google.com/go/dataform v0.9.2/go.mod h1:S8cQUwPNWXo7m/g3DhWHsLBoufRNn9EgFrMgne2j7cI= cloud.google.com/go/datafusion v1.7.1/go.mod h1:KpoTBbFmoToDExJUso/fcCiguGDk7MEzOWXUsJo0wsI= +cloud.google.com/go/datafusion v1.7.4/go.mod h1:BBs78WTOLYkT4GVZIXQCZT3GFpkpDN4aBY4NDX/jVlM= +cloud.google.com/go/datafusion v1.7.5/go.mod h1:bYH53Oa5UiqahfbNK9YuYKteeD4RbQSNMx7JF7peGHc= cloud.google.com/go/datalabeling v0.8.1/go.mod h1:XS62LBSVPbYR54GfYQsPXZjTW8UxCK2fkDciSrpRFdY= +cloud.google.com/go/datalabeling v0.8.4/go.mod h1:Z1z3E6LHtffBGrNUkKwbwbDxTiXEApLzIgmymj8A3S8= +cloud.google.com/go/datalabeling v0.8.5/go.mod h1:IABB2lxQnkdUbMnQaOl2prCOfms20mcPxDBm36lps+s= cloud.google.com/go/dataplex v1.8.1/go.mod h1:7TyrDT6BCdI8/38Uvp0/ZxBslOslP2X2MPDucliyvSE= cloud.google.com/go/dataplex v1.9.1/go.mod h1:7TyrDT6BCdI8/38Uvp0/ZxBslOslP2X2MPDucliyvSE= +cloud.google.com/go/dataplex v1.11.1/go.mod h1:mHJYQQ2VEJHsyoC0OdNyy988DvEbPhqFs5OOLffLX0c= +cloud.google.com/go/dataplex v1.14.0/go.mod h1:mHJYQQ2VEJHsyoC0OdNyy988DvEbPhqFs5OOLffLX0c= +cloud.google.com/go/dataplex v1.14.2/go.mod h1:0oGOSFlEKef1cQeAHXy4GZPB/Ife0fz/PxBf+ZymA2U= cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= cloud.google.com/go/dataproc/v2 v2.2.0/go.mod h1:lZR7AQtwZPvmINx5J87DSOOpTfof9LVZju6/Qo4lmcY= +cloud.google.com/go/dataproc/v2 v2.2.3/go.mod h1:G5R6GBc9r36SXv/RtZIVfB8SipI+xVn0bX5SxUzVYbY= +cloud.google.com/go/dataproc/v2 v2.3.0/go.mod h1:G5R6GBc9r36SXv/RtZIVfB8SipI+xVn0bX5SxUzVYbY= +cloud.google.com/go/dataproc/v2 v2.4.0/go.mod h1:3B1Ht2aRB8VZIteGxQS/iNSJGzt9+CA0WGnDVMEm7Z4= cloud.google.com/go/dataqna v0.8.1/go.mod h1:zxZM0Bl6liMePWsHA8RMGAfmTG34vJMapbHAxQ5+WA8= +cloud.google.com/go/dataqna v0.8.4/go.mod h1:mySRKjKg5Lz784P6sCov3p1QD+RZQONRMRjzGNcFd0c= +cloud.google.com/go/dataqna v0.8.5/go.mod h1:vgihg1mz6n7pb5q2YJF7KlXve6tCglInd6XO0JGOlWM= cloud.google.com/go/datastore v1.12.1/go.mod h1:KjdB88W897MRITkvWWJrg2OUtrR5XVj1EoLgSp6/N70= cloud.google.com/go/datastore v1.14.0/go.mod h1:GAeStMBIt9bPS7jMJA85kgkpsMkvseWWXiaHya9Jes8= +cloud.google.com/go/datastore v1.15.0/go.mod h1:GAeStMBIt9bPS7jMJA85kgkpsMkvseWWXiaHya9Jes8= cloud.google.com/go/datastream v1.9.1/go.mod h1:hqnmr8kdUBmrnk65k5wNRoHSCYksvpdZIcZIEl8h43Q= cloud.google.com/go/datastream v1.10.0/go.mod h1:hqnmr8kdUBmrnk65k5wNRoHSCYksvpdZIcZIEl8h43Q= +cloud.google.com/go/datastream v1.10.3/go.mod h1:YR0USzgjhqA/Id0Ycu1VvZe8hEWwrkjuXrGbzeDOSEA= +cloud.google.com/go/datastream v1.10.4/go.mod h1:7kRxPdxZxhPg3MFeCSulmAJnil8NJGGvSNdn4p1sRZo= cloud.google.com/go/deploy v1.11.0/go.mod h1:tKuSUV5pXbn67KiubiUNUejqLs4f5cxxiCNCeyl0F2g= cloud.google.com/go/deploy v1.13.0/go.mod h1:tKuSUV5pXbn67KiubiUNUejqLs4f5cxxiCNCeyl0F2g= +cloud.google.com/go/deploy v1.14.2/go.mod h1:e5XOUI5D+YGldyLNZ21wbp9S8otJbBE4i88PtO9x/2g= +cloud.google.com/go/deploy v1.17.0/go.mod h1:XBr42U5jIr64t92gcpOXxNrqL2PStQCXHuKK5GRUuYo= +cloud.google.com/go/deploy v1.17.1/go.mod h1:SXQyfsXrk0fBmgBHRzBjQbZhMfKZ3hMQBw5ym7MN/50= cloud.google.com/go/dialogflow v1.38.0/go.mod h1:L7jnH+JL2mtmdChzAIcXQHXMvQkE3U4hTaNltEuxXn4= cloud.google.com/go/dialogflow v1.43.0/go.mod h1:pDUJdi4elL0MFmt1REMvFkdsUTYSHq+rTCS8wg0S3+M= +cloud.google.com/go/dialogflow v1.44.3/go.mod h1:mHly4vU7cPXVweuB5R0zsYKPMzy240aQdAu06SqBbAQ= +cloud.google.com/go/dialogflow v1.48.1/go.mod h1:C1sjs2/g9cEwjCltkKeYp3FFpz8BOzNondEaAlCpt+A= +cloud.google.com/go/dialogflow v1.49.0/go.mod h1:dhVrXKETtdPlpPhE7+2/k4Z8FRNUp6kMV3EW3oz/fe0= cloud.google.com/go/dlp v1.10.1/go.mod h1:IM8BWz1iJd8njcNcG0+Kyd9OPnqnRNkDV8j42VT5KOI= +cloud.google.com/go/dlp v1.11.1/go.mod h1:/PA2EnioBeXTL/0hInwgj0rfsQb3lpE3R8XUJxqUNKI= +cloud.google.com/go/dlp v1.11.2/go.mod h1:9Czi+8Y/FegpWzgSfkRlyz+jwW6Te9Rv26P3UfU/h/w= cloud.google.com/go/documentai v1.20.0/go.mod h1:yJkInoMcK0qNAEdRnqY/D5asy73tnPe88I1YTZT+a8E= cloud.google.com/go/documentai v1.22.1/go.mod h1:LKs22aDHbJv7ufXuPypzRO7rG3ALLJxzdCXDPutw4Qc= +cloud.google.com/go/documentai v1.23.5/go.mod h1:ghzBsyVTiVdkfKaUCum/9bGBEyBjDO4GfooEcYKhN+g= +cloud.google.com/go/documentai v1.23.7/go.mod h1:ghzBsyVTiVdkfKaUCum/9bGBEyBjDO4GfooEcYKhN+g= +cloud.google.com/go/documentai v1.25.0/go.mod h1:ftLnzw5VcXkLItp6pw1mFic91tMRyfv6hHEY5br4KzY= cloud.google.com/go/domains v0.9.1/go.mod h1:aOp1c0MbejQQ2Pjf1iJvnVyT+z6R6s8pX66KaCSDYfE= +cloud.google.com/go/domains v0.9.4/go.mod h1:27jmJGShuXYdUNjyDG0SodTfT5RwLi7xmH334Gvi3fY= +cloud.google.com/go/domains v0.9.5/go.mod h1:dBzlxgepazdFhvG7u23XMhmMKBjrkoUNaw0A8AQB55Y= cloud.google.com/go/edgecontainer v1.1.1/go.mod h1:O5bYcS//7MELQZs3+7mabRqoWQhXCzenBu0R8bz2rwk= +cloud.google.com/go/edgecontainer v1.1.4/go.mod h1:AvFdVuZuVGdgaE5YvlL1faAoa1ndRR/5XhXZvPBHbsE= +cloud.google.com/go/edgecontainer v1.1.5/go.mod h1:rgcjrba3DEDEQAidT4yuzaKWTbkTI5zAMu3yy6ZWS0M= cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= cloud.google.com/go/essentialcontacts v1.6.2/go.mod h1:T2tB6tX+TRak7i88Fb2N9Ok3PvY3UNbUsMag9/BARh4= +cloud.google.com/go/essentialcontacts v1.6.5/go.mod h1:jjYbPzw0x+yglXC890l6ECJWdYeZ5dlYACTFL0U/VuM= +cloud.google.com/go/essentialcontacts v1.6.6/go.mod h1:XbqHJGaiH0v2UvtuucfOzFXN+rpL/aU5BCZLn4DYl1Q= cloud.google.com/go/eventarc v1.12.1/go.mod h1:mAFCW6lukH5+IZjkvrEss+jmt2kOdYlN8aMx3sRJiAI= cloud.google.com/go/eventarc v1.13.0/go.mod h1:mAFCW6lukH5+IZjkvrEss+jmt2kOdYlN8aMx3sRJiAI= +cloud.google.com/go/eventarc v1.13.3/go.mod h1:RWH10IAZIRcj1s/vClXkBgMHwh59ts7hSWcqD3kaclg= +cloud.google.com/go/eventarc v1.13.4/go.mod h1:zV5sFVoAa9orc/52Q+OuYUG9xL2IIZTbbuTHC6JSY8s= cloud.google.com/go/filestore v1.7.1/go.mod h1:y10jsorq40JJnjR/lQ8AfFbbcGlw3g+Dp8oN7i7FjV4= +cloud.google.com/go/filestore v1.7.4/go.mod h1:S5JCxIbFjeBhWMTfIYH2Jx24J6BqjwpkkPl+nBA5DlI= +cloud.google.com/go/filestore v1.8.0/go.mod h1:S5JCxIbFjeBhWMTfIYH2Jx24J6BqjwpkkPl+nBA5DlI= +cloud.google.com/go/filestore v1.8.1/go.mod h1:MbN9KcaM47DRTIuLfQhJEsjaocVebNtNQhSLhKCF5GM= cloud.google.com/go/firestore v1.11.0/go.mod h1:b38dKhgzlmNNGTNZZwe7ZRFEuRab1Hay3/DBsIGKKy4= cloud.google.com/go/firestore v1.13.0/go.mod h1:QojqqOh8IntInDUSTAh0c8ZsPYAr68Ma8c5DWOy8xb8= +cloud.google.com/go/firestore v1.14.0/go.mod h1:96MVaHLsEhbvkBEdZgfN+AS/GIkco1LRpH9Xp9YZfzQ= cloud.google.com/go/functions v1.15.1/go.mod h1:P5yNWUTkyU+LvW/S9O6V+V423VZooALQlqoXdoPz5AE= +cloud.google.com/go/functions v1.15.4/go.mod h1:CAsTc3VlRMVvx+XqXxKqVevguqJpnVip4DdonFsX28I= +cloud.google.com/go/functions v1.16.0/go.mod h1:nbNpfAG7SG7Duw/o1iZ6ohvL7mc6MapWQVpqtM29n8k= cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= cloud.google.com/go/gkebackup v1.3.1/go.mod h1:vUDOu++N0U5qs4IhG1pcOnD1Mac79xWy6GoBFlWCWBU= +cloud.google.com/go/gkebackup v1.3.4/go.mod h1:gLVlbM8h/nHIs09ns1qx3q3eaXcGSELgNu1DWXYz1HI= +cloud.google.com/go/gkebackup v1.3.5/go.mod h1:KJ77KkNN7Wm1LdMopOelV6OodM01pMuK2/5Zt1t4Tvc= cloud.google.com/go/gkeconnect v0.8.1/go.mod h1:KWiK1g9sDLZqhxB2xEuPV8V9NYzrqTUmQR9shJHpOZw= +cloud.google.com/go/gkeconnect v0.8.4/go.mod h1:84hZz4UMlDCKl8ifVW8layK4WHlMAFeq8vbzjU0yJkw= +cloud.google.com/go/gkeconnect v0.8.5/go.mod h1:LC/rS7+CuJ5fgIbXv8tCD/mdfnlAadTaUufgOkmijuk= cloud.google.com/go/gkehub v0.14.1/go.mod h1:VEXKIJZ2avzrbd7u+zeMtW00Y8ddk/4V9511C9CQGTY= +cloud.google.com/go/gkehub v0.14.4/go.mod h1:Xispfu2MqnnFt8rV/2/3o73SK1snL8s9dYJ9G2oQMfc= +cloud.google.com/go/gkehub v0.14.5/go.mod h1:6bzqxM+a+vEH/h8W8ec4OJl4r36laxTs3A/fMNHJ0wA= cloud.google.com/go/gkemulticloud v0.6.1/go.mod h1:kbZ3HKyTsiwqKX7Yw56+wUGwwNZViRnxWK2DVknXWfw= cloud.google.com/go/gkemulticloud v1.0.0/go.mod h1:kbZ3HKyTsiwqKX7Yw56+wUGwwNZViRnxWK2DVknXWfw= +cloud.google.com/go/gkemulticloud v1.0.3/go.mod h1:7NpJBN94U6DY1xHIbsDqB2+TFZUfjLUKLjUX8NGLor0= +cloud.google.com/go/gkemulticloud v1.1.0/go.mod h1:7NpJBN94U6DY1xHIbsDqB2+TFZUfjLUKLjUX8NGLor0= +cloud.google.com/go/gkemulticloud v1.1.1/go.mod h1:C+a4vcHlWeEIf45IB5FFR5XGjTeYhF83+AYIpTy4i2Q= cloud.google.com/go/gsuiteaddons v1.6.1/go.mod h1:CodrdOqRZcLp5WOwejHWYBjZvfY0kOphkAKpF/3qdZY= +cloud.google.com/go/gsuiteaddons v1.6.4/go.mod h1:rxtstw7Fx22uLOXBpsvb9DUbC+fiXs7rF4U29KHM/pE= +cloud.google.com/go/gsuiteaddons v1.6.5/go.mod h1:Lo4P2IvO8uZ9W+RaC6s1JVxo42vgy+TX5a6hfBZ0ubs= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= +cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= +cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= cloud.google.com/go/iap v1.8.1/go.mod h1:sJCbeqg3mvWLqjZNsI6dfAtbbV1DL2Rl7e1mTyXYREQ= cloud.google.com/go/iap v1.9.0/go.mod h1:01OFxd1R+NFrg78S+hoPV5PxEzv22HXaNqUUlmNHFuY= +cloud.google.com/go/iap v1.9.3/go.mod h1:DTdutSZBqkkOm2HEOTBzhZxh2mwwxshfD/h3yofAiCw= +cloud.google.com/go/iap v1.9.4/go.mod h1:vO4mSq0xNf/Pu6E5paORLASBwEmphXEjgCFg7aeNu1w= cloud.google.com/go/ids v1.4.1/go.mod h1:np41ed8YMU8zOgv53MMMoCntLTn2lF+SUzlM+O3u/jw= +cloud.google.com/go/ids v1.4.4/go.mod h1:z+WUc2eEl6S/1aZWzwtVNWoSZslgzPxAboS0lZX0HjI= +cloud.google.com/go/ids v1.4.5/go.mod h1:p0ZnyzjMWxww6d2DvMGnFwCsSxDJM666Iir1bK1UuBo= cloud.google.com/go/iot v1.7.1/go.mod h1:46Mgw7ev1k9KqK1ao0ayW9h0lI+3hxeanz+L1zmbbbk= +cloud.google.com/go/iot v1.7.4/go.mod h1:3TWqDVvsddYBG++nHSZmluoCAVGr1hAcabbWZNKEZLk= +cloud.google.com/go/iot v1.7.5/go.mod h1:nq3/sqTz3HGaWJi1xNiX7F41ThOzpud67vwk0YsSsqs= cloud.google.com/go/kms v1.12.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM= cloud.google.com/go/kms v1.15.2/go.mod h1:3hopT4+7ooWRCjc2DxgnpESFxhIraaI2IpAVUEhbT/w= +cloud.google.com/go/kms v1.15.5/go.mod h1:cU2H5jnp6G2TDpUGZyqTCoy1n16fbubHZjmVXSMtwDI= +cloud.google.com/go/kms v1.15.7/go.mod h1:ub54lbsa6tDkUwnu4W7Yt1aAIFLnspgh0kPGToDukeI= cloud.google.com/go/language v1.10.1/go.mod h1:CPp94nsdVNiQEt1CNjF5WkTcisLiHPyIbMhvR8H2AW0= cloud.google.com/go/language v1.11.0/go.mod h1:uDx+pFDdAKTY8ehpWbiXyQdz8tDSYLJbQcXsCkjYyvQ= +cloud.google.com/go/language v1.12.2/go.mod h1:9idWapzr/JKXBBQ4lWqVX/hcadxB194ry20m/bTrhWc= +cloud.google.com/go/language v1.12.3/go.mod h1:evFX9wECX6mksEva8RbRnr/4wi/vKGYnAJrTRXU8+f8= cloud.google.com/go/lifesciences v0.9.1/go.mod h1:hACAOd1fFbCGLr/+weUKRAJas82Y4vrL3O5326N//Wc= +cloud.google.com/go/lifesciences v0.9.4/go.mod h1:bhm64duKhMi7s9jR9WYJYvjAFJwRqNj+Nia7hF0Z7JA= +cloud.google.com/go/lifesciences v0.9.5/go.mod h1:OdBm0n7C0Osh5yZB7j9BXyrMnTRGBJIZonUMxo5CzPw= cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI= +cloud.google.com/go/logging v1.9.0/go.mod h1:1Io0vnZv4onoUnsVUQY3HZ3Igb1nBchky0A0y7BBBhE= cloud.google.com/go/longrunning v0.5.0/go.mod h1:0JNuqRShmscVAhIACGtskSAWtqtOoPkwP0YF1oVEchc= cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHSQl/fRUUQJYJc= +cloud.google.com/go/longrunning v0.5.2/go.mod h1:nqo6DQbNV2pXhGDbDMoN2bWz68MjZUzqv2YttZiveCs= +cloud.google.com/go/longrunning v0.5.4/go.mod h1:zqNVncI0BOP8ST6XQD1+VcvuShMmq7+xFSzOL++V0dI= +cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s= cloud.google.com/go/managedidentities v1.6.1/go.mod h1:h/irGhTN2SkZ64F43tfGPMbHnypMbu4RB3yl8YcuEak= +cloud.google.com/go/managedidentities v1.6.4/go.mod h1:WgyaECfHmF00t/1Uk8Oun3CQ2PGUtjc3e9Alh79wyiM= +cloud.google.com/go/managedidentities v1.6.5/go.mod h1:fkFI2PwwyRQbjLxlm5bQ8SjtObFMW3ChBGNqaMcgZjI= cloud.google.com/go/maps v0.7.0/go.mod h1:3GnvVl3cqeSvgMcpRlQidXsPYuDGQ8naBis7MVzpXsY= cloud.google.com/go/maps v1.4.0/go.mod h1:6mWTUv+WhnOwAgjVsSW2QPPECmW+s3PcRyOa9vgG/5s= +cloud.google.com/go/maps v1.6.1/go.mod h1:4+buOHhYXFBp58Zj/K+Lc1rCmJssxxF4pJ5CJnhdz18= +cloud.google.com/go/maps v1.6.3/go.mod h1:VGAn809ADswi1ASofL5lveOHPnE6Rk/SFTTBx1yuOLw= +cloud.google.com/go/maps v1.6.4/go.mod h1:rhjqRy8NWmDJ53saCfsXQ0LKwBHfi6OSh5wkq6BaMhI= cloud.google.com/go/mediatranslation v0.8.1/go.mod h1:L/7hBdEYbYHQJhX2sldtTO5SZZ1C1vkapubj0T2aGig= +cloud.google.com/go/mediatranslation v0.8.4/go.mod h1:9WstgtNVAdN53m6TQa5GjIjLqKQPXe74hwSCxUP6nj4= +cloud.google.com/go/mediatranslation v0.8.5/go.mod h1:y7kTHYIPCIfgyLbKncgqouXJtLsU+26hZhHEEy80fSs= cloud.google.com/go/memcache v1.10.1/go.mod h1:47YRQIarv4I3QS5+hoETgKO40InqzLP6kpNLvyXuyaA= +cloud.google.com/go/memcache v1.10.4/go.mod h1:v/d8PuC8d1gD6Yn5+I3INzLR01IDn0N4Ym56RgikSI0= +cloud.google.com/go/memcache v1.10.5/go.mod h1:/FcblbNd0FdMsx4natdj+2GWzTq+cjZvMa1I+9QsuMA= cloud.google.com/go/metastore v1.11.1/go.mod h1:uZuSo80U3Wd4zi6C22ZZliOUJ3XeM/MlYi/z5OAOWRA= cloud.google.com/go/metastore v1.12.0/go.mod h1:uZuSo80U3Wd4zi6C22ZZliOUJ3XeM/MlYi/z5OAOWRA= +cloud.google.com/go/metastore v1.13.3/go.mod h1:K+wdjXdtkdk7AQg4+sXS8bRrQa9gcOr+foOMF2tqINE= +cloud.google.com/go/metastore v1.13.4/go.mod h1:FMv9bvPInEfX9Ac1cVcRXp8EBBQnBcqH6gz3KvJ9BAE= cloud.google.com/go/monitoring v1.15.1/go.mod h1:lADlSAlFdbqQuwwpaImhsJXu1QSdd3ojypXrFSMr2rM= cloud.google.com/go/monitoring v1.16.0/go.mod h1:Ptp15HgAyM1fNICAojDMoNc/wUmn67mLHQfyqbw+poY= +cloud.google.com/go/monitoring v1.16.3/go.mod h1:KwSsX5+8PnXv5NJnICZzW2R8pWTis8ypC4zmdRD63Tw= +cloud.google.com/go/monitoring v1.17.0/go.mod h1:KwSsX5+8PnXv5NJnICZzW2R8pWTis8ypC4zmdRD63Tw= +cloud.google.com/go/monitoring v1.18.0/go.mod h1:c92vVBCeq/OB4Ioyo+NbN2U7tlg5ZH41PZcdvfc+Lcg= cloud.google.com/go/networkconnectivity v1.12.1/go.mod h1:PelxSWYM7Sh9/guf8CFhi6vIqf19Ir/sbfZRUwXh92E= cloud.google.com/go/networkconnectivity v1.13.0/go.mod h1:SAnGPes88pl7QRLUen2HmcBSE9AowVAcdug8c0RSBFk= +cloud.google.com/go/networkconnectivity v1.14.3/go.mod h1:4aoeFdrJpYEXNvrnfyD5kIzs8YtHg945Og4koAjHQek= +cloud.google.com/go/networkconnectivity v1.14.4/go.mod h1:PU12q++/IMnDJAB+3r+tJtuCXCfwfN+C6Niyj6ji1Po= cloud.google.com/go/networkmanagement v1.8.0/go.mod h1:Ho/BUGmtyEqrttTgWEe7m+8vDdK74ibQc+Be0q7Fof0= cloud.google.com/go/networkmanagement v1.9.0/go.mod h1:UTUaEU9YwbCAhhz3jEOHr+2/K/MrBk2XxOLS89LQzFw= +cloud.google.com/go/networkmanagement v1.9.3/go.mod h1:y7WMO1bRLaP5h3Obm4tey+NquUvB93Co1oh4wpL+XcU= +cloud.google.com/go/networkmanagement v1.9.4/go.mod h1:daWJAl0KTFytFL7ar33I6R/oNBH8eEOX/rBNHrC/8TA= cloud.google.com/go/networksecurity v0.9.1/go.mod h1:MCMdxOKQ30wsBI1eI659f9kEp4wuuAueoC9AJKSPWZQ= +cloud.google.com/go/networksecurity v0.9.4/go.mod h1:E9CeMZ2zDsNBkr8axKSYm8XyTqNhiCHf1JO/Vb8mD1w= +cloud.google.com/go/networksecurity v0.9.5/go.mod h1:KNkjH/RsylSGyyZ8wXpue8xpCEK+bTtvof8SBfIhMG8= cloud.google.com/go/notebooks v1.9.1/go.mod h1:zqG9/gk05JrzgBt4ghLzEepPHNwE5jgPcHZRKhlC1A8= cloud.google.com/go/notebooks v1.10.0/go.mod h1:SOPYMZnttHxqot0SGSFSkRrwE29eqnKPBJFqgWmiK2k= +cloud.google.com/go/notebooks v1.11.2/go.mod h1:z0tlHI/lREXC8BS2mIsUeR3agM1AkgLiS+Isov3SS70= +cloud.google.com/go/notebooks v1.11.3/go.mod h1:0wQyI2dQC3AZyQqWnRsp+yA+kY4gC7ZIVP4Qg3AQcgo= cloud.google.com/go/optimization v1.4.1/go.mod h1:j64vZQP7h9bO49m2rVaTVoNM0vEBEN5eKPUPbZyXOrk= cloud.google.com/go/optimization v1.5.0/go.mod h1:evo1OvTxeBRBu6ydPlrIRizKY/LJKo/drDMMRKqGEUU= +cloud.google.com/go/optimization v1.6.2/go.mod h1:mWNZ7B9/EyMCcwNl1frUGEuY6CPijSkz88Fz2vwKPOY= +cloud.google.com/go/optimization v1.6.3/go.mod h1:8ve3svp3W6NFcAEFr4SfJxrldzhUl4VMUJmhrqVKtYA= cloud.google.com/go/orchestration v1.8.1/go.mod h1:4sluRF3wgbYVRqz7zJ1/EUNc90TTprliq9477fGobD8= +cloud.google.com/go/orchestration v1.8.4/go.mod h1:d0lywZSVYtIoSZXb0iFjv9SaL13PGyVOKDxqGxEf/qI= +cloud.google.com/go/orchestration v1.8.5/go.mod h1:C1J7HesE96Ba8/hZ71ISTV2UAat0bwN+pi85ky38Yq8= cloud.google.com/go/orgpolicy v1.11.1/go.mod h1:8+E3jQcpZJQliP+zaFfayC2Pg5bmhuLK755wKhIIUCE= +cloud.google.com/go/orgpolicy v1.11.4/go.mod h1:0+aNV/nrfoTQ4Mytv+Aw+stBDBjNf4d8fYRA9herfJI= +cloud.google.com/go/orgpolicy v1.12.0/go.mod h1:0+aNV/nrfoTQ4Mytv+Aw+stBDBjNf4d8fYRA9herfJI= +cloud.google.com/go/orgpolicy v1.12.1/go.mod h1:aibX78RDl5pcK3jA8ysDQCFkVxLj3aOQqrbBaUL2V5I= cloud.google.com/go/osconfig v1.12.1/go.mod h1:4CjBxND0gswz2gfYRCUoUzCm9zCABp91EeTtWXyz0tE= +cloud.google.com/go/osconfig v1.12.4/go.mod h1:B1qEwJ/jzqSRslvdOCI8Kdnp0gSng0xW4LOnIebQomA= +cloud.google.com/go/osconfig v1.12.5/go.mod h1:D9QFdxzfjgw3h/+ZaAb5NypM8bhOMqBzgmbhzWViiW8= cloud.google.com/go/oslogin v1.10.1/go.mod h1:x692z7yAue5nE7CsSnoG0aaMbNoRJRXO4sn73R+ZqAs= +cloud.google.com/go/oslogin v1.12.2/go.mod h1:CQ3V8Jvw4Qo4WRhNPF0o+HAM4DiLuE27Ul9CX9g2QdY= +cloud.google.com/go/oslogin v1.13.0/go.mod h1:xPJqLwpTZ90LSE5IL1/svko+6c5avZLluiyylMb/sRA= +cloud.google.com/go/oslogin v1.13.1/go.mod h1:vS8Sr/jR7QvPWpCjNqy6LYZr5Zs1e8ZGW/KPn9gmhws= cloud.google.com/go/phishingprotection v0.8.1/go.mod h1:AxonW7GovcA8qdEk13NfHq9hNx5KPtfxXNeUxTDxB6I= +cloud.google.com/go/phishingprotection v0.8.4/go.mod h1:6b3kNPAc2AQ6jZfFHioZKg9MQNybDg4ixFd4RPZZ2nE= +cloud.google.com/go/phishingprotection v0.8.5/go.mod h1:g1smd68F7mF1hgQPuYn3z8HDbNre8L6Z0b7XMYFmX7I= cloud.google.com/go/policytroubleshooter v1.7.1/go.mod h1:0NaT5v3Ag1M7U5r0GfDCpUFkWd9YqpubBWsQlhanRv0= cloud.google.com/go/policytroubleshooter v1.9.0/go.mod h1:+E2Lga7TycpeSTj2FsH4oXxTnrbHJGRlKhVZBLGgU64= +cloud.google.com/go/policytroubleshooter v1.10.2/go.mod h1:m4uF3f6LseVEnMV6nknlN2vYGRb+75ylQwJdnOXfnv0= +cloud.google.com/go/policytroubleshooter v1.10.3/go.mod h1:+ZqG3agHT7WPb4EBIRqUv4OyIwRTZvsVDHZ8GlZaoxk= cloud.google.com/go/privatecatalog v0.9.1/go.mod h1:0XlDXW2unJXdf9zFz968Hp35gl/bhF4twwpXZAW50JA= +cloud.google.com/go/privatecatalog v0.9.4/go.mod h1:SOjm93f+5hp/U3PqMZAHTtBtluqLygrDrVO8X8tYtG0= +cloud.google.com/go/privatecatalog v0.9.5/go.mod h1:fVWeBOVe7uj2n3kWRGlUQqR/pOd450J9yZoOECcQqJk= cloud.google.com/go/pubsub v1.32.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc= cloud.google.com/go/pubsub v1.33.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc= +cloud.google.com/go/pubsub v1.34.0/go.mod h1:alj4l4rBg+N3YTFDDC+/YyFTs6JAjam2QfYsddcAW4c= +cloud.google.com/go/pubsub v1.36.1/go.mod h1:iYjCa9EzWOoBiTdd4ps7QoMtMln5NwaZQpK1hbRfBDE= cloud.google.com/go/pubsublite v1.8.1/go.mod h1:fOLdU4f5xldK4RGJrBMm+J7zMWNj/k4PxwEZXy39QS0= cloud.google.com/go/recaptchaenterprise/v2 v2.7.2/go.mod h1:kR0KjsJS7Jt1YSyWFkseQ756D45kaYNTlDPPaRAvDBU= +cloud.google.com/go/recaptchaenterprise/v2 v2.8.3/go.mod h1:Dak54rw6lC2gBY8FBznpOCAR58wKf+R+ZSJRoeJok4w= +cloud.google.com/go/recaptchaenterprise/v2 v2.9.0/go.mod h1:Dak54rw6lC2gBY8FBznpOCAR58wKf+R+ZSJRoeJok4w= +cloud.google.com/go/recaptchaenterprise/v2 v2.9.2/go.mod h1:trwwGkfhCmp05Ll5MSJPXY7yvnO0p4v3orGANAFHAuU= cloud.google.com/go/recommendationengine v0.8.1/go.mod h1:MrZihWwtFYWDzE6Hz5nKcNz3gLizXVIDI/o3G1DLcrE= +cloud.google.com/go/recommendationengine v0.8.4/go.mod h1:GEteCf1PATl5v5ZsQ60sTClUE0phbWmo3rQ1Js8louU= +cloud.google.com/go/recommendationengine v0.8.5/go.mod h1:A38rIXHGFvoPvmy6pZLozr0g59NRNREz4cx7F58HAsQ= cloud.google.com/go/recommender v1.10.1/go.mod h1:XFvrE4Suqn5Cq0Lf+mCP6oBHD/yRMA8XxP5sb7Q7gpA= cloud.google.com/go/recommender v1.11.0/go.mod h1:kPiRQhPyTJ9kyXPCG6u/dlPLbYfFlkwHNRwdzPVAoII= +cloud.google.com/go/recommender v1.11.3/go.mod h1:+FJosKKJSId1MBFeJ/TTyoGQZiEelQQIZMKYYD8ruK4= +cloud.google.com/go/recommender v1.12.0/go.mod h1:+FJosKKJSId1MBFeJ/TTyoGQZiEelQQIZMKYYD8ruK4= +cloud.google.com/go/recommender v1.12.1/go.mod h1:gf95SInWNND5aPas3yjwl0I572dtudMhMIG4ni8nr+0= cloud.google.com/go/redis v1.13.1/go.mod h1:VP7DGLpE91M6bcsDdMuyCm2hIpB6Vp2hI090Mfd1tcg= +cloud.google.com/go/redis v1.14.1/go.mod h1:MbmBxN8bEnQI4doZPC1BzADU4HGocHBk2de3SbgOkqs= +cloud.google.com/go/redis v1.14.2/go.mod h1:g0Lu7RRRz46ENdFKQ2EcQZBAJ2PtJHJLuiiRuEXwyQw= cloud.google.com/go/resourcemanager v1.9.1/go.mod h1:dVCuosgrh1tINZ/RwBufr8lULmWGOkPS8gL5gqyjdT8= +cloud.google.com/go/resourcemanager v1.9.4/go.mod h1:N1dhP9RFvo3lUfwtfLWVxfUWq8+KUQ+XLlHLH3BoFJ0= +cloud.google.com/go/resourcemanager v1.9.5/go.mod h1:hep6KjelHA+ToEjOfO3garMKi/CLYwTqeAw7YiEI9x8= cloud.google.com/go/resourcesettings v1.6.1/go.mod h1:M7mk9PIZrC5Fgsu1kZJci6mpgN8o0IUzVx3eJU3y4Jw= +cloud.google.com/go/resourcesettings v1.6.4/go.mod h1:pYTTkWdv2lmQcjsthbZLNBP4QW140cs7wqA3DuqErVI= +cloud.google.com/go/resourcesettings v1.6.5/go.mod h1:WBOIWZraXZOGAgoR4ukNj0o0HiSMO62H9RpFi9WjP9I= cloud.google.com/go/retail v1.14.1/go.mod h1:y3Wv3Vr2k54dLNIrCzenyKG8g8dhvhncT2NcNjb/6gE= +cloud.google.com/go/retail v1.14.4/go.mod h1:l/N7cMtY78yRnJqp5JW8emy7MB1nz8E4t2yfOmklYfg= +cloud.google.com/go/retail v1.16.0/go.mod h1:LW7tllVveZo4ReWt68VnldZFWJRzsh9np+01J9dYWzE= cloud.google.com/go/run v0.9.0/go.mod h1:Wwu+/vvg8Y+JUApMwEDfVfhetv30hCG4ZwDR/IXl2Qg= cloud.google.com/go/run v1.2.0/go.mod h1:36V1IlDzQ0XxbQjUx6IYbw8H3TJnWvhii963WW3B/bo= +cloud.google.com/go/run v1.3.3/go.mod h1:WSM5pGyJ7cfYyYbONVQBN4buz42zFqwG67Q3ch07iK4= +cloud.google.com/go/run v1.3.4/go.mod h1:FGieuZvQ3tj1e9GnzXqrMABSuir38AJg5xhiYq+SF3o= cloud.google.com/go/scheduler v1.10.1/go.mod h1:R63Ldltd47Bs4gnhQkmNDse5w8gBRrhObZ54PxgR2Oo= +cloud.google.com/go/scheduler v1.10.4/go.mod h1:MTuXcrJC9tqOHhixdbHDFSIuh7xZF2IysiINDuiq6NI= +cloud.google.com/go/scheduler v1.10.5/go.mod h1:MTuXcrJC9tqOHhixdbHDFSIuh7xZF2IysiINDuiq6NI= +cloud.google.com/go/scheduler v1.10.6/go.mod h1:pe2pNCtJ+R01E06XCDOJs1XvAMbv28ZsQEbqknxGOuE= cloud.google.com/go/secretmanager v1.11.1/go.mod h1:znq9JlXgTNdBeQk9TBW/FnR/W4uChEKGeqQWAJ8SXFw= +cloud.google.com/go/secretmanager v1.11.4/go.mod h1:wreJlbS9Zdq21lMzWmJ0XhWW2ZxgPeahsqeV/vZoJ3w= +cloud.google.com/go/secretmanager v1.11.5/go.mod h1:eAGv+DaCHkeVyQi0BeXgAHOU0RdrMeZIASKc+S7VqH4= cloud.google.com/go/security v1.15.1/go.mod h1:MvTnnbsWnehoizHi09zoiZob0iCHVcL4AUBj76h9fXA= +cloud.google.com/go/security v1.15.4/go.mod h1:oN7C2uIZKhxCLiAAijKUCuHLZbIt/ghYEo8MqwD/Ty4= +cloud.google.com/go/security v1.15.5/go.mod h1:KS6X2eG3ynWjqcIX976fuToN5juVkF6Ra6c7MPnldtc= cloud.google.com/go/securitycenter v1.23.0/go.mod h1:8pwQ4n+Y9WCWM278R8W3nF65QtY172h4S8aXyI9/hsQ= +cloud.google.com/go/securitycenter v1.24.2/go.mod h1:l1XejOngggzqwr4Fa2Cn+iWZGf+aBLTXtB/vXjy5vXM= +cloud.google.com/go/securitycenter v1.24.3/go.mod h1:l1XejOngggzqwr4Fa2Cn+iWZGf+aBLTXtB/vXjy5vXM= +cloud.google.com/go/securitycenter v1.24.4/go.mod h1:PSccin+o1EMYKcFQzz9HMMnZ2r9+7jbc+LvPjXhpwcU= cloud.google.com/go/servicedirectory v1.10.1/go.mod h1:Xv0YVH8s4pVOwfM/1eMTl0XJ6bzIOSLDt8f8eLaGOxQ= cloud.google.com/go/servicedirectory v1.11.0/go.mod h1:Xv0YVH8s4pVOwfM/1eMTl0XJ6bzIOSLDt8f8eLaGOxQ= +cloud.google.com/go/servicedirectory v1.11.3/go.mod h1:LV+cHkomRLr67YoQy3Xq2tUXBGOs5z5bPofdq7qtiAw= +cloud.google.com/go/servicedirectory v1.11.4/go.mod h1:Bz2T9t+/Ehg6x+Y7Ycq5xiShYLD96NfEsWNHyitj1qM= cloud.google.com/go/shell v1.7.1/go.mod h1:u1RaM+huXFaTojTbW4g9P5emOrrmLE69KrxqQahKn4g= +cloud.google.com/go/shell v1.7.4/go.mod h1:yLeXB8eKLxw0dpEmXQ/FjriYrBijNsONpwnWsdPqlKM= +cloud.google.com/go/shell v1.7.5/go.mod h1:hL2++7F47/IfpfTO53KYf1EC+F56k3ThfNEXd4zcuiE= cloud.google.com/go/spanner v1.47.0/go.mod h1:IXsJwVW2j4UKs0eYDqodab6HgGuA1bViSqW4uH9lfUI= cloud.google.com/go/spanner v1.49.0/go.mod h1:eGj9mQGK8+hkgSVbHNQ06pQ4oS+cyc4tXXd6Dif1KoM= +cloud.google.com/go/spanner v1.51.0/go.mod h1:c5KNo5LQ1X5tJwma9rSQZsXNBDNvj4/n8BVc3LNahq0= +cloud.google.com/go/spanner v1.55.0/go.mod h1:HXEznMUVhC+PC+HDyo9YFG2Ajj5BQDkcbqB9Z2Ffxi0= +cloud.google.com/go/spanner v1.56.0/go.mod h1:DndqtUKQAt3VLuV2Le+9Y3WTnq5cNKrnLb/Piqcj+h0= cloud.google.com/go/speech v1.17.1/go.mod h1:8rVNzU43tQvxDaGvqOhpDqgkJTFowBpDvCJ14kGlJYo= cloud.google.com/go/speech v1.19.0/go.mod h1:8rVNzU43tQvxDaGvqOhpDqgkJTFowBpDvCJ14kGlJYo= +cloud.google.com/go/speech v1.20.1/go.mod h1:wwolycgONvfz2EDU8rKuHRW3+wc9ILPsAWoikBEWavY= +cloud.google.com/go/speech v1.21.0/go.mod h1:wwolycgONvfz2EDU8rKuHRW3+wc9ILPsAWoikBEWavY= +cloud.google.com/go/speech v1.21.1/go.mod h1:E5GHZXYQlkqWQwY5xRSLHw2ci5NMQNG52FfMU1aZrIA= +cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= +cloud.google.com/go/storage v1.36.0/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYEsng2xgOs8= cloud.google.com/go/storagetransfer v1.10.0/go.mod h1:DM4sTlSmGiNczmV6iZyceIh2dbs+7z2Ayg6YAiQlYfA= +cloud.google.com/go/storagetransfer v1.10.3/go.mod h1:Up8LY2p6X68SZ+WToswpQbQHnJpOty/ACcMafuey8gc= +cloud.google.com/go/storagetransfer v1.10.4/go.mod h1:vef30rZKu5HSEf/x1tK3WfWrL0XVoUQN/EPDRGPzjZs= cloud.google.com/go/talent v1.6.2/go.mod h1:CbGvmKCG61mkdjcqTcLOkb2ZN1SrQI8MDyma2l7VD24= +cloud.google.com/go/talent v1.6.5/go.mod h1:Mf5cma696HmE+P2BWJ/ZwYqeJXEeU0UqjHFXVLadEDI= +cloud.google.com/go/talent v1.6.6/go.mod h1:y/WQDKrhVz12WagoarpAIyKKMeKGKHWPoReZ0g8tseQ= cloud.google.com/go/texttospeech v1.7.1/go.mod h1:m7QfG5IXxeneGqTapXNxv2ItxP/FS0hCZBwXYqucgSk= +cloud.google.com/go/texttospeech v1.7.4/go.mod h1:vgv0002WvR4liGuSd5BJbWy4nDn5Ozco0uJymY5+U74= +cloud.google.com/go/texttospeech v1.7.5/go.mod h1:tzpCuNWPwrNJnEa4Pu5taALuZL4QRRLcb+K9pbhXT6M= cloud.google.com/go/tpu v1.6.1/go.mod h1:sOdcHVIgDEEOKuqUoi6Fq53MKHJAtOwtz0GuKsWSH3E= +cloud.google.com/go/tpu v1.6.4/go.mod h1:NAm9q3Rq2wIlGnOhpYICNI7+bpBebMJbh0yyp3aNw1Y= +cloud.google.com/go/tpu v1.6.5/go.mod h1:P9DFOEBIBhuEcZhXi+wPoVy/cji+0ICFi4TtTkMHSSs= cloud.google.com/go/trace v1.10.1/go.mod h1:gbtL94KE5AJLH3y+WVpfWILmqgc6dXcqgNXdOPAQTYk= +cloud.google.com/go/trace v1.10.4/go.mod h1:Nso99EDIK8Mj5/zmB+iGr9dosS/bzWCJ8wGmE6TXNWY= +cloud.google.com/go/trace v1.10.5/go.mod h1:9hjCV1nGBCtXbAE4YK7OqJ8pmPYSxPA0I67JwRd5s3M= cloud.google.com/go/translate v1.8.1/go.mod h1:d1ZH5aaOA0CNhWeXeC8ujd4tdCFw8XoNWRljklu5RHs= cloud.google.com/go/translate v1.9.0/go.mod h1:d1ZH5aaOA0CNhWeXeC8ujd4tdCFw8XoNWRljklu5RHs= +cloud.google.com/go/translate v1.9.3/go.mod h1:Kbq9RggWsbqZ9W5YpM94Q1Xv4dshw/gr/SHfsl5yCZ0= +cloud.google.com/go/translate v1.10.0/go.mod h1:Kbq9RggWsbqZ9W5YpM94Q1Xv4dshw/gr/SHfsl5yCZ0= +cloud.google.com/go/translate v1.10.1/go.mod h1:adGZcQNom/3ogU65N9UXHOnnSvjPwA/jKQUMnsYXOyk= cloud.google.com/go/video v1.17.1/go.mod h1:9qmqPqw/Ib2tLqaeHgtakU+l5TcJxCJbhFXM7UJjVzU= cloud.google.com/go/video v1.20.0/go.mod h1:U3G3FTnsvAGqglq9LxgqzOiBc/Nt8zis8S+850N2DUM= +cloud.google.com/go/video v1.20.3/go.mod h1:TnH/mNZKVHeNtpamsSPygSR0iHtvrR/cW1/GDjN5+GU= +cloud.google.com/go/video v1.20.4/go.mod h1:LyUVjyW+Bwj7dh3UJnUGZfyqjEto9DnrvTe1f/+QrW0= cloud.google.com/go/videointelligence v1.11.1/go.mod h1:76xn/8InyQHarjTWsBR058SmlPCwQjgcvoW0aZykOvo= +cloud.google.com/go/videointelligence v1.11.4/go.mod h1:kPBMAYsTPFiQxMLmmjpcZUMklJp3nC9+ipJJtprccD8= +cloud.google.com/go/videointelligence v1.11.5/go.mod h1:/PkeQjpRponmOerPeJxNPuxvi12HlW7Em0lJO14FC3I= cloud.google.com/go/vision/v2 v2.7.2/go.mod h1:jKa8oSYBWhYiXarHPvP4USxYANYUEdEsQrloLjrSwJU= +cloud.google.com/go/vision/v2 v2.7.5/go.mod h1:GcviprJLFfK9OLf0z8Gm6lQb6ZFUulvpZws+mm6yPLM= +cloud.google.com/go/vision/v2 v2.8.0/go.mod h1:ocqDiA2j97pvgogdyhoxiQp2ZkDCyr0HWpicywGGRhU= cloud.google.com/go/vmmigration v1.7.1/go.mod h1:WD+5z7a/IpZ5bKK//YmT9E047AD+rjycCAvyMxGJbro= +cloud.google.com/go/vmmigration v1.7.4/go.mod h1:yBXCmiLaB99hEl/G9ZooNx2GyzgsjKnw5fWcINRgD70= +cloud.google.com/go/vmmigration v1.7.5/go.mod h1:pkvO6huVnVWzkFioxSghZxIGcsstDvYiVCxQ9ZH3eYI= cloud.google.com/go/vmwareengine v0.4.1/go.mod h1:Px64x+BvjPZwWuc4HdmVhoygcXqEkGHXoa7uyfTgSI0= cloud.google.com/go/vmwareengine v1.0.0/go.mod h1:Px64x+BvjPZwWuc4HdmVhoygcXqEkGHXoa7uyfTgSI0= +cloud.google.com/go/vmwareengine v1.0.3/go.mod h1:QSpdZ1stlbfKtyt6Iu19M6XRxjmXO+vb5a/R6Fvy2y4= +cloud.google.com/go/vmwareengine v1.1.1/go.mod h1:nMpdsIVkUrSaX8UvmnBhzVzG7PPvNYc5BszcvIVudYs= cloud.google.com/go/vpcaccess v1.7.1/go.mod h1:FogoD46/ZU+JUBX9D606X21EnxiszYi2tArQwLY4SXs= +cloud.google.com/go/vpcaccess v1.7.4/go.mod h1:lA0KTvhtEOb/VOdnH/gwPuOzGgM+CWsmGu6bb4IoMKk= +cloud.google.com/go/vpcaccess v1.7.5/go.mod h1:slc5ZRvvjP78c2dnL7m4l4R9GwL3wDLcpIWz6P/ziig= cloud.google.com/go/webrisk v1.9.1/go.mod h1:4GCmXKcOa2BZcZPn6DCEvE7HypmEJcJkr4mtM+sqYPc= +cloud.google.com/go/webrisk v1.9.4/go.mod h1:w7m4Ib4C+OseSr2GL66m0zMBywdrVNTDKsdEsfMl7X0= +cloud.google.com/go/webrisk v1.9.5/go.mod h1:aako0Fzep1Q714cPEM5E+mtYX8/jsfegAuS8aivxy3U= cloud.google.com/go/websecurityscanner v1.6.1/go.mod h1:Njgaw3rttgRHXzwCB8kgCYqv5/rGpFCsBOvPbYgszpg= +cloud.google.com/go/websecurityscanner v1.6.4/go.mod h1:mUiyMQ+dGpPPRkHgknIZeCzSHJ45+fY4F52nZFDHm2o= +cloud.google.com/go/websecurityscanner v1.6.5/go.mod h1:QR+DWaxAz2pWooylsBF854/Ijvuoa3FCyS1zBa1rAVQ= cloud.google.com/go/workflows v1.11.1/go.mod h1:Z+t10G1wF7h8LgdY/EmRcQY8ptBD/nvofaL6FqlET6g= cloud.google.com/go/workflows v1.12.0/go.mod h1:PYhSk2b6DhZ508tj8HXKaBh+OFe+xdl0dHF/tJdzPQM= +cloud.google.com/go/workflows v1.12.3/go.mod h1:fmOUeeqEwPzIU81foMjTRQIdwQHADi/vEr1cx9R1m5g= +cloud.google.com/go/workflows v1.12.4/go.mod h1:yQ7HUqOkdJK4duVtMeBCAOPiN1ZF1E9pAMX51vpwB/w= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= +github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= +github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= +github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -186,87 +457,278 @@ github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwys github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= +github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= +github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.5/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= +github.com/go-openapi/swag v0.22.6/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= +github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= +github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= +github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= +github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw= github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= +github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= +github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= +github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= +github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= +github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= +github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= +github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= +github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= +github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= +github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= +github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= +github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= +github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= +github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= +github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= +github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= +go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= +go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= +go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI= +go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= +go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY= +go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= +go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= +go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo= +go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= +go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= +golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= +golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= +golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= +golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= +google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= +google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI= +google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk= +google.golang.org/api v0.162.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYlAHs0= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= +google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= google.golang.org/genproto v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:CCviP9RmpZ1mxVr8MUjCnSiY09IbAXZxhLE6EhHIdPU= google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0= google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk= +google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI= +google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405/go.mod h1:3WDQMjmJk36UQhjQ89emUzb1mdaHcPeeAh4SCBKznB4= +google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= +google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= +google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic= +google.golang.org/genproto v0.0.0-20231212172506-995d672761c0/go.mod h1:l/k7rMz0vFTBPy+tFSGvXEd3z+BcoG1k7EHbqm+YBsY= +google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= +google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U= google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0= +google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870= +google.golang.org/genproto/googleapis/api v0.0.0-20231030173426-d783a09b4405/go.mod h1:oT32Z4o8Zv2xPQTg0pbVaPr0MPOH6f14RgXt7zfIpwg= +google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= +google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg= +google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0= +google.golang.org/genproto/googleapis/api v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:B5xPO//w8qmBDjGReYLpR6UJPnkldGkCSMoH/2vxJeg= +google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= +google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20231212172506-995d672761c0/go.mod h1:guYXGPwC6jwxgWKW5Y405fKWOFNwlvUlUnzyp9i0uqo= google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go.mod h1:v7nGkzlmW8P3n/bKmWBn2WpBjpOEx8Q6gMueudAmKfY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014/go.mod h1:SaPjaZGWb0lPqs6Ittu0spdfrOArqji4ZdeP5IC/9N4= +google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= +google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= +google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= +google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/evanphx/json-patch.v5 v5.6.0 h1:BMT6KIwBD9CaU91PJCZIe46bDmBWa9ynTQgJIOpfQBk= +gopkg.in/evanphx/json-patch.v5 v5.6.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= +gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index fadc67633..47a104584 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -27,7 +27,7 @@ if [[ ! -d ${CODEGEN_PKG} ]]; then fi # Ensure we can execute. -chmod +x ${CODEGEN_PKG}/generate-groups.sh +chmod +x ${CODEGEN_PKG}/kube_codegen.sh # generate the code with: # --output-base because this script should also be able to run inside the vendor dir of @@ -37,7 +37,7 @@ chmod +x ${CODEGEN_PKG}/generate-groups.sh # k8s.io/ingress-nginx/pkg/client k8s.io/ingress-nginx/pkg/apis \ # nginxingress:v1alpha1 \ # --output-base "$(dirname ${BASH_SOURCE})/../../.." -${CODEGEN_PKG}/generate-groups.sh "deepcopy" \ +${CODEGEN_PKG}/kube_codegen.sh "deepcopy" \ k8s.io/ingress-nginx/internal k8s.io/ingress-nginx/pkg/apis \ .:ingress \ --output-base "$(dirname ${BASH_SOURCE})/../../.." \ diff --git a/images/kube-webhook-certgen/TAG b/images/kube-webhook-certgen/TAG index 95e94cdd3..90ab6e946 100644 --- a/images/kube-webhook-certgen/TAG +++ b/images/kube-webhook-certgen/TAG @@ -1 +1 @@ -v0.0.1 \ No newline at end of file +v0.0.2 \ No newline at end of file diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index 7ec098a99..2348db825 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -22,7 +22,7 @@ ARG TARGETARCH WORKDIR /workspace COPY . . -RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o kube-webhook-certgen main.go +RUN go mod tidy && CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -a -o kube-webhook-certgen main.go FROM --platform=$BUILDPLATFORM gcr.io/distroless/static:nonroot ARG BUILDPLATFORM diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 7e321dc49..9cb4bf263 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -3,61 +3,57 @@ module github.com/jet/kube-webhook-certgen go 1.21 require ( - github.com/onrik/logrus v0.9.0 - github.com/sirupsen/logrus v1.9.0 - github.com/spf13/cobra v1.7.0 - k8s.io/api v0.27.6 - k8s.io/apimachinery v0.27.6 - k8s.io/client-go v0.27.6 - k8s.io/kube-aggregator v0.22.6 + github.com/onrik/logrus v0.11.0 + github.com/sirupsen/logrus v1.9.3 + github.com/spf13/cobra v1.8.0 + k8s.io/api v0.29.2 + k8s.io/apimachinery v0.29.2 + k8s.io/client-go v0.29.2 + k8s.io/kube-aggregator v0.29.2 ) require ( github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.10.2 // indirect - github.com/evanphx/json-patch v4.12.0+incompatible // indirect - github.com/go-logr/logr v1.2.4 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/emicklei/go-restful/v3 v3.11.3 // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect + github.com/go-logr/logr v1.4.1 // indirect + github.com/go-openapi/jsonpointer v0.20.2 // indirect + github.com/go-openapi/jsonreference v0.20.4 // indirect + github.com/go-openapi/swag v0.22.9 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-cmp v0.5.9 // indirect - github.com/google/gofuzz v1.1.0 // indirect - github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect - github.com/google/uuid v1.3.1 // indirect - github.com/imdario/mergo v0.3.6 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/pprof v0.0.0-20240225044709-fd706174c886 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/kr/pretty v0.3.1 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/onsi/ginkgo/v2 v2.13.0 // indirect - github.com/onsi/gomega v1.27.10 // indirect + github.com/onsi/ginkgo/v2 v2.15.0 // indirect + github.com/onsi/gomega v1.30.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/stretchr/testify v1.8.4 // indirect - github.com/tidwall/gjson v1.14.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.14.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.31.0 // indirect + golang.org/x/net v0.21.0 // indirect + golang.org/x/oauth2 v0.17.0 // indirect + golang.org/x/sys v0.17.0 // indirect + golang.org/x/term v0.17.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.18.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/protobuf v1.32.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b // indirect + k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 004bd7d96..966d69209 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -1,808 +1,144 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE= -github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= -github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/emicklei/go-restful/v3 v3.11.3 h1:yagOQz/38xJmcNeZJtrUcKjkHRltIaIFXKWeG1SkWGE= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= +github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= +github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 h1:pUa4ghanp6q4IJHwE9RwLgmVFfReJN+KbQ8ExNEUUoQ= -github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20240225044709-fd706174c886 h1:JSJUTZTQT1Gzb2ROdAKOY3HwzBYcclS2GgumhMfHqjw= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/onrik/logrus v0.9.0 h1:oT7VstCUxWBoX7fswYK61fi9bzRBSpROq5CR2b7wxQo= -github.com/onrik/logrus v0.9.0/go.mod h1:qfe9NeZVAJfIxviw3cYkZo3kvBtLoPRJriAO8zl7qTk= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= -github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= -github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/onrik/logrus v0.11.0 h1:pu+BCaWL36t0yQaj/2UHK2erf88dwssAKOT51mxPUVs= +github.com/onrik/logrus v0.11.0/go.mod h1:fO2vlZwIdti6PidD3gV5YKt9Lq5ptpnP293RAe1ITwk= +github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/tidwall/gjson v1.14.0 h1:6aeJ0bzojgWLa82gDQHcx3S0Lr/O51I9bJ5nv6JFx5w= -github.com/tidwall/gjson v1.14.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= +github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= -go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= -go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.22.6/go.mod h1:q1F7IfaNrbi/83ebLy3YFQYLjPSNyunZ/IXQxMmbwCg= -k8s.io/api v0.27.6 h1:PBWu/lywJe2qQcshMjubzcBg7+XDZOo7O8JJAWuYtUo= -k8s.io/api v0.27.6/go.mod h1:AQYj0UsFCp3qJE7bOVnUuy4orCsXVkvHefnbYQiNWgk= -k8s.io/apimachinery v0.22.6/go.mod h1:ZvVLP5iLhwVFg2Yx9Gh5W0um0DUauExbRhe+2Z8I1EU= -k8s.io/apimachinery v0.27.6 h1:mGU8jmBq5o8mWBov+mLjdTBcU+etTE19waies4AQ6NE= -k8s.io/apimachinery v0.27.6/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/apiserver v0.22.6/go.mod h1:OlL1rGa2kKWGj2JEXnwBcul/BwC9Twe95gm4ohtiIIs= -k8s.io/client-go v0.22.6/go.mod h1:TffU4AV2idZGeP+g3kdFZP+oHVHWPL1JYFySOALriw0= -k8s.io/client-go v0.27.6 h1:vzI8804gpUtpMCNaFjIFyJrifH7u//LJCJPy8fQuYQg= -k8s.io/client-go v0.27.6/go.mod h1:PMsXcDKiJTW7PHJ64oEsIUJF319wm+EFlCj76oE5QXM= -k8s.io/code-generator v0.22.6/go.mod h1:iOZwYADSgFPNGWfqHFfg1V0TNJnl1t0WyZluQp4baqU= -k8s.io/component-base v0.22.6/go.mod h1:ngHLefY4J5fq2fApNdbWyj4yh0lvw36do4aAjNN8rc8= -k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= -k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-aggregator v0.22.6 h1:/iaXzOWia2dqOQkIA9eJtkmfTveJMLz3Dci9ZA/WgmU= -k8s.io/kube-aggregator v0.22.6/go.mod h1:0RSTzxqiwsj5HUlov195Z72ZKyE4qgedKXCl6sLKAjM= -k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= -k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27/go.mod h1:tq2nT0Kx7W+/f2JVE+zxYtUhdjuELJkVpNz+x/QN5R4= +k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= +k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= +k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= +k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= +k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= +k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= +k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b h1:1dzw/KqgSPod72SUp2tuTOmK33TlY2fHlrVU2M9VrOM= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/internal/ingress/annotations/rewrite/main.go b/internal/ingress/annotations/rewrite/main.go index cd9ed3993..d78a004b9 100644 --- a/internal/ingress/annotations/rewrite/main.go +++ b/internal/ingress/annotations/rewrite/main.go @@ -152,14 +152,14 @@ func (a rewrite) Parse(ing *networking.Ingress) (interface{}, error) { config.SSLRedirect, err = parser.GetBoolAnnotation(sslRedirectAnnotation, ing, a.annotationConfig.Annotations) if err != nil { if errors.IsValidationError(err) { - klog.Warningf("%sis invalid, defaulting to '%s'", sslRedirectAnnotation, a.r.GetDefaultBackend().SSLRedirect) + klog.Warningf("%s is invalid, defaulting to '%t'", sslRedirectAnnotation, a.r.GetDefaultBackend().SSLRedirect) } config.SSLRedirect = a.r.GetDefaultBackend().SSLRedirect } config.PreserveTrailingSlash, err = parser.GetBoolAnnotation(preserveTrailingSlashAnnotation, ing, a.annotationConfig.Annotations) if err != nil { if errors.IsValidationError(err) { - klog.Warningf("%sis invalid, defaulting to '%s'", preserveTrailingSlashAnnotation, a.r.GetDefaultBackend().PreserveTrailingSlash) + klog.Warningf("%s is invalid, defaulting to '%t'", preserveTrailingSlashAnnotation, a.r.GetDefaultBackend().PreserveTrailingSlash) } config.PreserveTrailingSlash = a.r.GetDefaultBackend().PreserveTrailingSlash } @@ -167,7 +167,7 @@ func (a rewrite) Parse(ing *networking.Ingress) (interface{}, error) { config.ForceSSLRedirect, err = parser.GetBoolAnnotation(forceSSLRedirectAnnotation, ing, a.annotationConfig.Annotations) if err != nil { if errors.IsValidationError(err) { - klog.Warningf("%sis invalid, defaulting to '%s'", forceSSLRedirectAnnotation, a.r.GetDefaultBackend().ForceSSLRedirect) + klog.Warningf("%s is invalid, defaulting to '%t'", forceSSLRedirectAnnotation, a.r.GetDefaultBackend().ForceSSLRedirect) } config.ForceSSLRedirect = a.r.GetDefaultBackend().ForceSSLRedirect } @@ -175,7 +175,7 @@ func (a rewrite) Parse(ing *networking.Ingress) (interface{}, error) { config.UseRegex, err = parser.GetBoolAnnotation(useRegexAnnotation, ing, a.annotationConfig.Annotations) if err != nil { if errors.IsValidationError(err) { - klog.Warningf("%sis invalid, defaulting to 'false'", useRegexAnnotation) + klog.Warningf("%s is invalid, defaulting to 'false'", useRegexAnnotation) } config.UseRegex = false } diff --git a/internal/ingress/metric/collectors/testutils.go b/internal/ingress/metric/collectors/testutils.go index 669e89e17..e59ccfd9c 100644 --- a/internal/ingress/metric/collectors/testutils.go +++ b/internal/ingress/metric/collectors/testutils.go @@ -50,7 +50,7 @@ func GatherAndCompare(_ prometheus.Collector, expected string, metricNames []str if !reflect.DeepEqual(metrics, normalizeMetricFamilies(expectedMetrics)) { // Encode the gathered output to the readable text format for comparison. var buf1 bytes.Buffer - enc := expfmt.NewEncoder(&buf1, expfmt.FmtText) + enc := expfmt.NewEncoder(&buf1, expfmt.NewFormat(expfmt.TypeTextPlain)) for _, mf := range metrics { if err := enc.Encode(mf); err != nil { return fmt.Errorf("encoding result failed: %s", err) @@ -59,7 +59,7 @@ func GatherAndCompare(_ prometheus.Collector, expected string, metricNames []str // Encode normalized expected metrics again to generate them in the same ordering // the registry does to spot differences more easily. var buf2 bytes.Buffer - enc = expfmt.NewEncoder(&buf2, expfmt.FmtText) + enc = expfmt.NewEncoder(&buf2, expfmt.NewFormat(expfmt.TypeTextPlain)) for _, mf := range normalizeMetricFamilies(expectedMetrics) { if err := enc.Encode(mf); err != nil { return fmt.Errorf("encoding result failed: %s", err) diff --git a/magefiles/go.mod b/magefiles/go.mod index 25610b647..9dddf9f71 100644 --- a/magefiles/go.mod +++ b/magefiles/go.mod @@ -8,7 +8,7 @@ require ( github.com/helm/helm v2.17.0+incompatible github.com/magefile/mage v1.15.0 github.com/vmware-labs/yaml-jsonpath v0.3.2 - golang.org/x/oauth2 v0.12.0 + golang.org/x/oauth2 v0.17.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -22,17 +22,16 @@ require ( github.com/gobwas/glob v0.2.3 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/kr/pretty v0.3.1 // indirect + github.com/kr/text v0.2.0 // indirect github.com/onsi/ginkgo v1.16.5 // indirect - github.com/onsi/gomega v1.27.10 // indirect + github.com/onsi/gomega v1.30.0 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect - github.com/stretchr/testify v1.8.4 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/net v0.17.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.31.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect + golang.org/x/crypto v0.20.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/protobuf v1.32.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/apimachinery v0.27.6 // indirect + k8s.io/apimachinery v0.29.2 // indirect k8s.io/helm v2.17.0+incompatible // indirect ) diff --git a/magefiles/go.sum b/magefiles/go.sum index f9b01b2ef..9abe8e950 100644 --- a/magefiles/go.sum +++ b/magefiles/go.sum @@ -22,7 +22,6 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -37,8 +36,7 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-github/v48 v48.2.0 h1:68puzySE6WqUY9KWmpOsDEQfDZsso98rT6pZcz9HqcE= github.com/google/go-github/v48 v48.2.0/go.mod h1:dDlehKBDo850ZPvCTK0sEqTCVWcrGl2LcDiajkYi89Y= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= @@ -67,16 +65,13 @@ github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= -github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= -github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= @@ -88,19 +83,15 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -113,10 +104,8 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= @@ -127,8 +116,7 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -137,8 +125,7 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -156,7 +143,6 @@ gopkg.in/yaml.v3 v3.0.0-20191026110619-0b21df46bc1d/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apimachinery v0.27.6 h1:mGU8jmBq5o8mWBov+mLjdTBcU+etTE19waies4AQ6NE= -k8s.io/apimachinery v0.27.6/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= +k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= k8s.io/helm v2.17.0+incompatible h1:Bpn6o1wKLYqKM3+Osh8e+1/K2g/GsQJ4F4yNF2+deao= k8s.io/helm v2.17.0+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= diff --git a/test/e2e/settings/gzip.go b/test/e2e/settings/gzip.go index 6f964b859..c7e580e07 100644 --- a/test/e2e/settings/gzip.go +++ b/test/e2e/settings/gzip.go @@ -33,8 +33,8 @@ var _ = framework.DescribeSetting("gzip", func() { host := "gzip" ginkgo.BeforeEach(func() { - f.NewHttpbinDeployment() - f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, nil)) + f.NewHttpbunDeployment() + f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, nil)) }) ginkgo.It("should be disabled by default", func() { diff --git a/test/e2e/settings/pod_security_policy.go b/test/e2e/settings/pod_security_policy.go deleted file mode 100644 index b21fb870e..000000000 --- a/test/e2e/settings/pod_security_policy.go +++ /dev/null @@ -1,142 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package settings - -import ( - "context" - "net/http" - "strconv" - "strings" - - "github.com/onsi/ginkgo/v2" - "github.com/stretchr/testify/assert" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - policyv1beta1 "k8s.io/api/policy/v1beta1" - rbacv1 "k8s.io/api/rbac/v1" - k8sErrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "k8s.io/ingress-nginx/test/e2e/framework" -) - -const ( - ingressControllerPSP = "ingress-controller-psp" -) - -var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies", func() { - f := framework.NewDefaultFramework("pod-security-policies") - - ginkgo.It("should be running with a Pod Security Policy", func() { - k8sversion, err := f.KubeClientSet.Discovery().ServerVersion() - if err != nil { - assert.Nil(ginkgo.GinkgoT(), err, "getting version") - } - - numversion, err := strconv.Atoi(k8sversion.Minor) - if err != nil { - assert.Nil(ginkgo.GinkgoT(), err, "converting version") - } - - if numversion > 24 { - ginkgo.Skip("PSP not supported in this version") - } - - psp := createPodSecurityPolicy() - _, err = f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) - if !k8sErrors.IsAlreadyExists(err) { - assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy") - } - - role, err := f.KubeClientSet.RbacV1().Roles(f.Namespace).Get(context.TODO(), "nginx-ingress", metav1.GetOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "getting ingress controller cluster role") - assert.NotNil(ginkgo.GinkgoT(), role) - - role.Rules = append(role.Rules, rbacv1.PolicyRule{ - APIGroups: []string{"policy"}, - Resources: []string{"podsecuritypolicies"}, - ResourceNames: []string{ingressControllerPSP}, - Verbs: []string{"use"}, - }) - - _, err = f.KubeClientSet.RbacV1().Roles(f.Namespace).Update(context.TODO(), role, metav1.UpdateOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller cluster role to use a pod security policy") - - // update the deployment just to trigger a rolling update and the use of the security policy - err = f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { - args := deployment.Spec.Template.Spec.Containers[0].Args - args = append(args, "--v=2") - deployment.Spec.Template.Spec.Containers[0].Args = args - _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) - - return err - }) - assert.Nil(ginkgo.GinkgoT(), err, "unexpected error updating ingress controller deployment flags") - - f.WaitForNginxListening(80) - - f.NewEchoDeployment() - - f.WaitForNginxConfiguration( - func(cfg string) bool { - return strings.Contains(cfg, "server_tokens off") - }) - - f.HTTPTestClient(). - GET("/"). - WithHeader("Host", "foo.bar.com"). - Expect(). - Status(http.StatusNotFound) - }) -}) - -func createPodSecurityPolicy() *policyv1beta1.PodSecurityPolicy { - trueValue := true - return &policyv1beta1.PodSecurityPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: ingressControllerPSP, - }, - Spec: policyv1beta1.PodSecurityPolicySpec{ - AllowPrivilegeEscalation: &trueValue, - RequiredDropCapabilities: []corev1.Capability{"All"}, - RunAsUser: policyv1beta1.RunAsUserStrategyOptions{ - Rule: "RunAsAny", - }, - SELinux: policyv1beta1.SELinuxStrategyOptions{ - Rule: "RunAsAny", - }, - FSGroup: policyv1beta1.FSGroupStrategyOptions{ - Ranges: []policyv1beta1.IDRange{ - { - Min: 1, - Max: 65535, - }, - }, - Rule: "MustRunAs", - }, - SupplementalGroups: policyv1beta1.SupplementalGroupsStrategyOptions{ - Ranges: []policyv1beta1.IDRange{ - { - Min: 1, - Max: 65535, - }, - }, - Rule: "MustRunAs", - }, - }, - } -} diff --git a/test/e2e/settings/pod_security_policy_volumes.go b/test/e2e/settings/pod_security_policy_volumes.go deleted file mode 100644 index f8fc58300..000000000 --- a/test/e2e/settings/pod_security_policy_volumes.go +++ /dev/null @@ -1,127 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package settings - -import ( - "context" - "net/http" - "strconv" - "strings" - - "github.com/onsi/ginkgo/v2" - "github.com/stretchr/testify/assert" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - k8sErrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "k8s.io/ingress-nginx/test/e2e/framework" -) - -var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with volumes", func() { - f := framework.NewDefaultFramework("pod-security-policies-volumes") - - ginkgo.It("should be running with a Pod Security Policy", func() { - k8sversion, err := f.KubeClientSet.Discovery().ServerVersion() - if err != nil { - assert.Nil(ginkgo.GinkgoT(), err, "getting version") - } - - numversion, err := strconv.Atoi(k8sversion.Minor) - if err != nil { - assert.Nil(ginkgo.GinkgoT(), err, "converting version") - } - - if numversion > 24 { - ginkgo.Skip("PSP not supported in this version") - } - psp := createPodSecurityPolicy() - _, err = f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{}) - if !k8sErrors.IsAlreadyExists(err) { - assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy") - } - - role, err := f.KubeClientSet.RbacV1().Roles(f.Namespace).Get(context.TODO(), "nginx-ingress", metav1.GetOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "getting ingress controller cluster role") - assert.NotNil(ginkgo.GinkgoT(), role) - - role.Rules = append(role.Rules, rbacv1.PolicyRule{ - APIGroups: []string{"policy"}, - Resources: []string{"podsecuritypolicies"}, - ResourceNames: []string{ingressControllerPSP}, - Verbs: []string{"use"}, - }) - - _, err = f.KubeClientSet.RbacV1().Roles(f.Namespace).Update(context.TODO(), role, metav1.UpdateOptions{}) - assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller cluster role to use a pod security policy") - - err = f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { - args := deployment.Spec.Template.Spec.Containers[0].Args - args = append(args, "--v=2") - deployment.Spec.Template.Spec.Containers[0].Args = args - - deployment.Spec.Template.Spec.Volumes = []corev1.Volume{ - { - Name: "ssl", VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, - { - Name: "tmp", VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, - } - - fsGroup := int64(33) - deployment.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{ - FSGroup: &fsGroup, - } - - deployment.Spec.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{ - { - Name: "ssl", MountPath: "/etc/my-amazing-ssl", - }, - { - Name: "tmp", MountPath: "/my-other-tmp", - }, - } - - _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) - - return err - }) - assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment") - - f.WaitForNginxListening(80) - - f.NewEchoDeployment() - - f.WaitForNginxConfiguration( - func(cfg string) bool { - return strings.Contains(cfg, "server_tokens off") - }) - - f.HTTPTestClient(). - GET("/"). - WithHeader("Host", "foo.bar.com"). - Expect(). - Status(http.StatusNotFound) - }) -}) From 862b05d91369eb2279a3bf9eb280746ca85aed9b Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Tue, 27 Feb 2024 15:51:37 -0300 Subject: [PATCH 065/154] Fix kubewebhook image tag (#11033) --- images/kube-webhook-certgen/TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/kube-webhook-certgen/TAG b/images/kube-webhook-certgen/TAG index 90ab6e946..0d0c52f84 100644 --- a/images/kube-webhook-certgen/TAG +++ b/images/kube-webhook-certgen/TAG @@ -1 +1 @@ -v0.0.2 \ No newline at end of file +v1.4.0 From 7a75538dea40f5735862e361149f68e6a8c0f287 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 28 Feb 2024 02:32:13 -0300 Subject: [PATCH 066/154] Bump kubewebhook certgen (#11034) Signed-off-by: Ricardo Katz Co-authored-by: Jintao Zhang --- charts/ingress-nginx/README.md | 4 ++-- charts/ingress-nginx/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 44bb10bd7..5c98763cf 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -253,11 +253,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v20231226-1a7112e06"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.0"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 5e76d2fb4..487b72f81 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -781,8 +781,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v20231226-1a7112e06 - digest: sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + tag: v1.4.0 + digest: sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## From 02e3af9039bb79f1905b887ffd9c6b950f3729a0 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 28 Feb 2024 17:05:38 -0300 Subject: [PATCH 067/154] bump nginx and Go, remove tag file and old CI jobs (#11037) * bump nginx and remove tag file * Bump go, remove old CI jobs --- .github/workflows/ci.yaml | 5 +++-- .github/workflows/images.yaml | 23 ----------------------- GOLANG_VERSION | 2 +- NGINX_BASE | 2 +- TAG | 1 - 5 files changed, 5 insertions(+), 28 deletions(-) delete mode 100644 TAG diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d7d20a246..32915f4c2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -67,6 +67,7 @@ jobs: - 'charts/ingress-nginx/**/*' - 'NGINX_BASE' baseimage: + - 'NGINX_BASE' - 'images/nginx-1.25/**' test-go: @@ -141,7 +142,7 @@ jobs: needs.changes.outputs.baseimage == 'true' run: | export TAG=$(cat images/nginx-1.25/TAG) - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t gcr.io/k8s-staging-ingress-nginx/nginx-1.25:${TAG} . + cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx-1.25:${TAG} . - name: Build images env: @@ -151,7 +152,7 @@ jobs: run: | echo "building images..." export TAGNGINX=$(cat images/nginx-1.25/TAG) - make BASE_IMAGE=gcr.io/k8s-staging-ingress-nginx/nginx-1.25:${TAGNGINX} clean-image build image image-chroot + make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx-1.25:${TAGNGINX} clean-image build image image-chroot make -C test/e2e-image image echo "creating images cache..." diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 93092d80b..d125586e4 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -167,29 +167,6 @@ jobs: run: | cd images/ && make NAME=kube-webhook-certgen test test-e2e - nginx: - runs-on: ubuntu-latest - needs: changes - if: | - (needs.changes.outputs.nginx == 'true') - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: nginx-base-image - run: | - cd images/nginx/rootfs && docker build -t docker.io/nginx-test-workflow/nginx:${{ github.sha }} . - - name: Run Trivy on NGINX Image - uses: aquasecurity/trivy-action@master - with: - image-ref: 'docker.io/nginx-test-workflow/nginx:${{ github.sha }}' - format: 'sarif' - ignore-unfixed: true - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 - with: - sarif_file: 'trivy-results.sarif' - opentelemetry: runs-on: ubuntu-latest env: diff --git a/GOLANG_VERSION b/GOLANG_VERSION index 6e83421e4..80a81c0e7 100644 --- a/GOLANG_VERSION +++ b/GOLANG_VERSION @@ -1 +1 @@ -1.21.6 \ No newline at end of file +1.22.0 \ No newline at end of file diff --git a/NGINX_BASE b/NGINX_BASE index 058a89bb1..4daa5c4d3 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:v20231208-4c39e6acc@sha256:03508408458d00ba4e219d2693ba2a039ba66d4151ab9b43794f61877e0abb73 \ No newline at end of file +registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.5@sha256:cdafd6c9d36e23414ce41330a482f9136ce82fac46802809681f61cdcd5ad0bb diff --git a/TAG b/TAG deleted file mode 100644 index 57d503d1e..000000000 --- a/TAG +++ /dev/null @@ -1 +0,0 @@ -v1.9.5 From dc999d81da6d9258bf448874be5f1f0e2156ec94 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 28 Feb 2024 21:41:06 -0300 Subject: [PATCH 068/154] Release version v1.10.0 (#11039) --- README.md | 9 +-- changelog/controller-1.10.0.md | 68 +++++++++++++++++++ charts/ingress-nginx/Chart.yaml | 7 +- charts/ingress-nginx/README.md | 6 +- .../changelog/helm-chart-4.10.0.md | 9 +++ charts/ingress-nginx/values.yaml | 4 +- deploy/static/provider/aws/deploy.yaml | 49 ++++++------- .../aws/nlb-with-tls-termination/deploy.yaml | 49 ++++++------- deploy/static/provider/baremetal/deploy.yaml | 49 ++++++------- deploy/static/provider/cloud/deploy.yaml | 49 ++++++------- deploy/static/provider/do/deploy.yaml | 49 ++++++------- deploy/static/provider/exoscale/deploy.yaml | 49 ++++++------- deploy/static/provider/kind/deploy.yaml | 49 ++++++------- deploy/static/provider/oracle/deploy.yaml | 49 ++++++------- deploy/static/provider/scw/deploy.yaml | 49 ++++++------- docs/e2e-tests.md | 35 +++------- 16 files changed, 325 insertions(+), 254 deletions(-) create mode 100644 changelog/controller-1.10.0.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.10.0.md diff --git a/README.md b/README.md index e955cd359..3e6cce5e0 100644 --- a/README.md +++ b/README.md @@ -38,16 +38,17 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but | Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version | |:--:|-----------------------|------------------------------|----------------|---------------|------------------------------| +| 🔄 | **v1.10.0** | 1.29, 1.28, 1.27, 1.26 | 3.19.1 | 1.25.3 | 4.10.0* | | 🔄 | **v1.9.6** | 1.29, 1.28, 1.27, 1.26, 1.25 | 3.19.0 | 1.21.6 | 4.9.1* | | 🔄 | **v1.9.5** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.9.0* | | 🔄 | **v1.9.4** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.3 | | 🔄 | **v1.9.3** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* | | 🔄 | **v1.9.1** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* | | 🔄 | **v1.9.0** | 1.28, 1.27, 1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* | -| 🔄 | **v1.8.4** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | -| 🔄 | **v1.8.2** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | -| 🔄 | **v1.8.1** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | -| 🔄 | **v1.8.0** | 1.27, 1.26, 1.25, 1.24 | 3.18.0 | 1.21.6 | 4.7.* | +| | **v1.8.4** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | +| | **v1.8.2** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | +| | **v1.8.1** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | +| | **v1.8.0** | 1.27, 1.26, 1.25, 1.24 | 3.18.0 | 1.21.6 | 4.7.* | | | **v1.7.1** | 1.27, 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | | | **v1.7.0** | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | | | v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* | diff --git a/changelog/controller-1.10.0.md b/changelog/controller-1.10.0.md new file mode 100644 index 000000000..e0a6c9a10 --- /dev/null +++ b/changelog/controller-1.10.0.md @@ -0,0 +1,68 @@ +# Changelog + +This release is the first using NGINX v1.25.0! + +## Breaking changes +* This version does not support chroot image, this will be fixed on a future minor patch release +* This version dropped Opentracing and zipkin modules, just Opentelemetry is supported +* This version dropped support for PodSecurityPolicy +* This version dropped support for GeoIP (legacy). Only GeoIP2 is supported + +### controller-v1.10.0 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + +### All changes: + +* Start the release of v1.10.0 (#11038) +* bump nginx and Go, remove tag file and old CI jobs (#11037) +* Fix kubewebhook image tag (#11033) +* add missing backend-protocol annotation option (#9545) +* Update controller-prometheusrules.yaml (#8902) +* Stop reporting interrupted tests (#11027) +* test(gzip): reach ingress (#9541) +* fix datasource, $exported_namespace variable in grafana nginx dashboard (#9092) +* Properly support a TLS-wrapped OCSP responder (#10164) +* Fix print-e2e-suite (#9536) +* chore(deps): upgrade headers-more module to 0.37 (#10991) +* Update ingress-path-matching.md (#11008) +* Update ingress-path-matching.md (#11007) +* E2E Tests: Explicitly enable metrics. (#10962) +* Chart: Set `--enable-metrics` depending on `controller.metrics.enabled`. (#10959) +* Chart: Remove useless `default` from `_params.tpl`. (#10957) +* Fix golang makefile var name (#10932) +* Fixing image push (#10931) +* fix: live-docs script (#10928) +* docs: Add vouch-proxy OAuth example (#10929) +* Add OTEL build test and for NGINX v1.25 (#10889) +* docs: update annotations docs with missing session-cookie section (#10917) +* Release controller 1.9.6 and helm 4.9.1 (#10919) + +### Dependency updates: + +* Bump kubewebhook certgen (#11034) +* Bump go libraries (#11023) +* Bump modsecurity on nginx 1.25 (#11024) +* Bump grpc and reintroduce OTEL compilation (#11021) +* Bump github/codeql-action from 3.24.0 to 3.24.5 (#11017) +* Bump actions/dependency-review-action from 4.0.0 to 4.1.3 (#11016) +* Bump dorny/paths-filter from 3.0.0 to 3.0.1 (#10994) +* Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 (#10998) +* Bump actions/upload-artifact from 4.3.0 to 4.3.1 (#10978) +* Bump actions/download-artifact from 4.1.1 to 4.1.2 (#10981) +* Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#10979) +* Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#10980) +* Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (#10976) +* Bump github/codeql-action from 3.23.2 to 3.24.0 (#10971) +* Bump github.com/opencontainers/runc from 1.1.11 to 1.1.12 (#10951) +* Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#10938) +* Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#10937) +* Bump dorny/test-reporter from 1.7.0 to 1.8.0 (#10936) +* Bump github/codeql-action from 3.23.1 to 3.23.2 (#10935) +* Bump dorny/paths-filter from 2.11.1 to 3.0.0 (#10934) +* Bump alpine to 3.19.1 (#10930) +* Bump go to v1.21.6 and set a single source of truth (#10926) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.6...controller-v1.10.0 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index df4f6fe63..1bd30b31d 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,10 +1,9 @@ annotations: artifacthub.io/changes: |- - - "update web hook cert gen to latest release v20231226-1a7112e06" - - "Update Ingress-Nginx version controller-v1.9.6" + - "Update Ingress-Nginx version controller-v1.10.0" artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 1.9.6 +appVersion: 1.10.0 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer home: https://github.com/kubernetes/ingress-nginx @@ -20,4 +19,4 @@ maintainers: name: ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx -version: 4.9.1 +version: 4.10.0 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 5c98763cf..8f1f3491d 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.9.1](https://img.shields.io/badge/Version-4.9.1-informational?style=flat-square) ![AppVersion: 1.9.6](https://img.shields.io/badge/AppVersion-1.9.6-informational?style=flat-square) +![Version: 4.10.0](https://img.shields.io/badge/Version-4.10.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -317,7 +317,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `false` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c"` | | +| controller.image.digest | string | `"sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c"` | | | controller.image.digestChroot | string | `"sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | @@ -326,7 +326,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.image.runAsNonRoot | bool | `true` | | | controller.image.runAsUser | int | `101` | | | controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | -| controller.image.tag | string | `"v1.9.6"` | | +| controller.image.tag | string | `"v1.10.0"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/changelog/helm-chart-4.10.0.md b/charts/ingress-nginx/changelog/helm-chart-4.10.0.md new file mode 100644 index 000000000..a1f1847ec --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.10.0.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.10.0 + +* - "Update Ingress-Nginx version controller-v1.10.0" + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.9.1...helm-chart-4.10.0 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 487b72f81..71c3240fb 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -26,8 +26,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.9.6" - digest: sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + tag: "v1.10.0" + digest: sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096 pullPolicy: IfNotPresent runAsNonRoot: true diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index f73e0fce0..0e8356305 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 spec: containers: - args: @@ -435,6 +435,7 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --enable-metrics=false env: - name: POD_NAME valueFrom: @@ -446,7 +447,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create spec: containers: @@ -547,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: create securityContext: @@ -573,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch spec: containers: @@ -600,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -626,7 +627,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -639,7 +640,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 7f6019fbb..5c12ba3b9 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -335,7 +335,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -409,7 +409,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -431,7 +431,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 spec: containers: - args: @@ -444,6 +444,7 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --enable-metrics=false env: - name: POD_NAME valueFrom: @@ -455,7 +456,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -534,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -545,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create spec: containers: @@ -559,7 +560,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: create securityContext: @@ -585,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -596,7 +597,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch spec: containers: @@ -612,7 +613,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -638,7 +639,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -651,7 +652,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index af484aa73..b513fa97f 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 spec: containers: - args: @@ -429,6 +429,7 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --enable-metrics=false env: - name: POD_NAME valueFrom: @@ -440,7 +441,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -516,7 +517,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -527,7 +528,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create spec: containers: @@ -541,7 +542,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: create securityContext: @@ -567,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -578,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch spec: containers: @@ -594,7 +595,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -620,7 +621,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -633,7 +634,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 8ac9dedaf..147d76d5e 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -396,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -418,7 +418,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 spec: containers: - args: @@ -431,6 +431,7 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --enable-metrics=false env: - name: POD_NAME valueFrom: @@ -442,7 +443,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -518,7 +519,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -529,7 +530,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create spec: containers: @@ -543,7 +544,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: create securityContext: @@ -569,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -580,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch spec: containers: @@ -596,7 +597,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -622,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +636,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 7a49f28d0..801b6d75c 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -421,7 +421,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 spec: containers: - args: @@ -434,6 +434,7 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --enable-metrics=false env: - name: POD_NAME valueFrom: @@ -445,7 +446,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +547,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: create securityContext: @@ -572,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -583,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch spec: containers: @@ -599,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -625,7 +626,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -638,7 +639,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index cf02501a4..79d945a53 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -382,7 +382,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -405,7 +405,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 spec: containers: - args: @@ -436,6 +436,7 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --enable-metrics=false env: - name: POD_NAME valueFrom: @@ -447,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,7 +528,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -538,7 +539,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create spec: containers: @@ -552,7 +553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: create securityContext: @@ -578,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -589,7 +590,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch spec: containers: @@ -605,7 +606,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -631,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -644,7 +645,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index d27f83d9d..4963253c1 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 spec: containers: - args: @@ -430,6 +430,7 @@ spec: - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key - --watch-ingress-without-class=true + - --enable-metrics=false - --publish-status-address=localhost env: - name: POD_NAME @@ -442,7 +443,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -528,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -539,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create spec: containers: @@ -553,7 +554,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: create securityContext: @@ -579,7 +580,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -590,7 +591,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch spec: containers: @@ -606,7 +607,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -632,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -645,7 +646,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/oracle/deploy.yaml b/deploy/static/provider/oracle/deploy.yaml index 8d2200925..080c206a5 100644 --- a/deploy/static/provider/oracle/deploy.yaml +++ b/deploy/static/provider/oracle/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 spec: containers: - args: @@ -435,6 +435,7 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --enable-metrics=false env: - name: POD_NAME valueFrom: @@ -446,7 +447,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create spec: containers: @@ -547,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: create securityContext: @@ -573,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch spec: containers: @@ -600,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -626,7 +627,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -639,7 +640,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 44d91e1af..d98955d80 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -421,7 +421,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 spec: containers: - args: @@ -434,6 +434,7 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + - --enable-metrics=false env: - name: POD_NAME valueFrom: @@ -445,7 +446,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-create spec: containers: @@ -546,7 +547,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: create securityContext: @@ -572,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -583,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission-patch spec: containers: @@ -599,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -625,7 +626,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -638,7 +639,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.6 + app.kubernetes.io/version: 1.10.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index bbcdadfc6..b836fff6e 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -147,6 +147,7 @@ Do not try to edit it manually. - [should not allow - portless origin with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L520) - [should allow correct origins - missing subdomain + origin with wildcard origin and correct origin](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L540) - [should allow - missing origins (should allow all origins)](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L576) +- [should allow correct origin but not others - cors allow origin annotations contain trailing comma](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L636) ### [custom-http-errors](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customhttperrors.go#L34) - [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customhttperrors.go#L41) ### [default-backend](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/default_backend.go#L29) @@ -155,6 +156,8 @@ Do not try to edit it manually. - [disable-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableaccesslog.go#L35) - [disable-http-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableaccesslog.go#L53) - [disable-stream-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableaccesslog.go#L71) +### [disable-proxy-intercept-errors](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableproxyintercepterrors.go#L31) +- [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableproxyintercepterrors.go#L39) ### [backend-protocol - FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/fastcgi.go#L30) - [should use fastcgi_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/fastcgi.go#L37) - [should add fastcgi_index in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/fastcgi.go#L54) @@ -402,13 +405,13 @@ Do not try to edit it manually. - [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/global_options.go#L37) ### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/globalratelimit.go#L30) - [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/globalratelimit.go#L38) -### [gzip](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L29) -- [should be disabled by default](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L32) -- [should be enabled with default settings](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L39) -- [should set gzip_comp_level to 4](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L56) -- [should set gzip_disable to msie6](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L67) -- [should set gzip_min_length to 100](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L78) -- [should set gzip_types to application/javascript](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L89) +### [gzip](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L30) +- [should be disabled by default](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L40) +- [should be enabled with default settings](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L56) +- [should set gzip_comp_level to 4](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L82) +- [should set gzip_disable to msie6](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L102) +- [should set gzip_min_length to 100](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L132) +- [should set gzip_types to text/html](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L164) ### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/hash-size.go#L27) - [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/hash-size.go#L39) - [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/hash-size.go#L47) @@ -478,26 +481,8 @@ Do not try to edit it manually. - [should include opentelemetry_trust_incoming_spans on directive when enabled](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentelemetry.go#L76) - [should not exists opentelemetry_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentelemetry.go#L91) - [should exists opentelemetry_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentelemetry.go#L106) -### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L52) -- [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L62) -- [should exists opentracing directive when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L75) -- [should include opentracing_trust_incoming_span off directive when disabled](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L89) -- [should not exists opentracing_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L104) -- [should exists opentracing_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L119) -- [should not exists opentracing_location_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L134) -- [should exists opentracing_location_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L149) -- [should enable opentracing using zipkin](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L164) -- [should enable opentracing using jaeger](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L176) -- [should enable opentracing using jaeger with sampler host](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L188) -- [should propagate the w3c header when configured with jaeger](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L201) -- [should enable opentracing using jaeger with an HTTP endpoint](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L232) -- [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L245) ### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/plugins.go#L28) - [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/plugins.go#L35) -### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/pod_security_policy.go#L41) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/pod_security_policy.go#L44) -### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/pod_security_policy_volumes.go#L37) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/pod_security_policy_volumes.go#L40) ### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/proxy_connect_timeout.go#L29) - [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/proxy_connect_timeout.go#L37) - [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/proxy_connect_timeout.go#L53) From 41879b14f1ae2d41e3284488b3cc1132e31c8282 Mon Sep 17 00:00:00 2001 From: longwuyuan Date: Fri, 1 Mar 2024 20:56:44 +0530 Subject: [PATCH 069/154] set deploy url to v1-10-0 in docs --- docs/deploy/index.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index ae28c2502..4e6b71235 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -68,7 +68,7 @@ helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -249,7 +249,7 @@ In AWS, we use a Network load balancer (NLB) to expose the Ingress-Nginx Control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -257,10 +257,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -306,7 +306,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -323,7 +323,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -331,7 +331,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -339,7 +339,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -354,7 +354,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml ``` A @@ -381,7 +381,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), From 683105ebdcbd4b5c2029bf5eb8bfecf52d4c0242 Mon Sep 17 00:00:00 2001 From: Bartosz Fenski Date: Sun, 3 Mar 2024 07:54:36 +0100 Subject: [PATCH 070/154] quotes around numbers fort ports definitions (#11052) --- charts/ingress-nginx/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 71c3240fb..553c5e892 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -1077,13 +1077,13 @@ imagePullSecrets: [] ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md ## tcp: {} -# 8080: "default/example-tcp-svc:9000" +# "8080": "default/example-tcp-svc:9000" # -- UDP service key-value pairs ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md ## udp: {} -# 53: "kube-system/kube-dns:53" +# "53": "kube-system/kube-dns:53" # -- Prefix for TCP and UDP ports names in ingress controller service ## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration From 2a9dc340e7e5708a78e69b359b1927155a6351f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 03:21:27 -0800 Subject: [PATCH 071/154] Bump dorny/paths-filter from 3.0.1 to 3.0.2 (#11061) Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](https://github.com/dorny/paths-filter/compare/ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a...de90cc6fb38fc0963ad72b210f1f284cd68cea36) --- updated-dependencies: - dependency-name: dorny/paths-filter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/docs.yaml | 2 +- .github/workflows/helm.yaml | 2 +- .github/workflows/images.yaml | 2 +- .github/workflows/zz-tmpl-images.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 32915f4c2..9e81ddfd5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -49,7 +49,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 695ed2124..d37c1f3bf 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -25,7 +25,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 09d70fb7a..1a7eb4334 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -37,7 +37,7 @@ jobs: run: | ./build/run-in-docker.sh ./hack/verify-chart-lint.sh - - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index d125586e4..d144f2286 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml index fd56e986d..45f5d9184 100644 --- a/.github/workflows/zz-tmpl-images.yaml +++ b/.github/workflows/zz-tmpl-images.yaml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} From 6ab637d26d7e36631af8fcfc81f0fcbd59cdbf8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 03:24:14 -0800 Subject: [PATCH 072/154] Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#11058) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.17.0 to 0.18.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/84384bd6e777ef152729993b8145ea352e9dd3ef...062f2592684a31eb3aa050cc61e7ca1451cecd3d) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/vulnerability-scans.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 99e9fdfc7..e94eeee06 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -60,7 +60,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # v0.17.0 + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0 with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' From 1e79313bf50d0b4517c8712668af2a259a03261f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 03:26:51 -0800 Subject: [PATCH 073/154] Bump github/codeql-action from 3.24.5 to 3.24.6 (#11060) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/47b3d888fe66b639e431abf22ebca059152f1eea...8a470fddafa5cbb6266ee11b37ef4d8aae19c571) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 387849a48..79996ca2f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index e94eeee06..5d37ecbf8 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From b3b22dbb1d3160455d3eba4eb26b499a541166bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 06:11:33 -0800 Subject: [PATCH 074/154] Bump github.com/prometheus/common from 0.48.0 to 0.49.0 (#11056) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.49.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.49.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 1aed07bba..4ecb15ceb 100644 --- a/go.mod +++ b/go.mod @@ -17,9 +17,9 @@ require ( github.com/onsi/ginkgo/v2 v2.15.0 github.com/opencontainers/runc v1.1.12 github.com/pmezard/go-difflib v1.0.0 - github.com/prometheus/client_golang v1.18.0 + github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.48.0 + github.com/prometheus/common v0.49.0 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 diff --git a/go.sum b/go.sum index 88d1a1a44..0fdb83713 100644 --- a/go.sum +++ b/go.sum @@ -247,6 +247,7 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= @@ -310,8 +311,8 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= +github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -322,8 +323,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= -github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/common v0.49.0 h1:ToNTdK4zSnPVJmh698mGFkDor9wBI/iGaJy5dbH1EgI= +github.com/prometheus/common v0.49.0/go.mod h1:Kxm+EULxRbUkjGU6WFsQqo3ORzB4tyKvlWFOE9mB2sE= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= From 513665443af0447e320bad5cd2136ce58e186f92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 06:16:44 -0800 Subject: [PATCH 075/154] Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#11057) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/f95db51fddba0c2d1ec667646a06c2ce06100226...0d103c3126aa41d772a8362f6aa67afac040f80c) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/images.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9e81ddfd5..0bf99a413 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -124,7 +124,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 with: version: latest diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index d144f2286..e46c1b4bd 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -201,7 +201,7 @@ jobs: uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 with: version: latest platforms: ${{ env.PLATFORMS }} From f3f4f3e9d3c725136094a56217a3639fcf480df9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 07:13:08 -0800 Subject: [PATCH 076/154] Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#11055) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 4ecb15ceb..5302136d3 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/prometheus/common v0.49.0 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.9.0 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.20.0 diff --git a/go.sum b/go.sum index 0fdb83713..dd490e7ec 100644 --- a/go.sum +++ b/go.sum @@ -352,8 +352,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.1.3/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -361,8 +361,8 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= From 272712adfb44b31b3928a2b3270dd1694d1b3418 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 11:37:52 -0800 Subject: [PATCH 077/154] Bump actions/download-artifact from 4.1.2 to 4.1.4 (#11059) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.2 to 4.1.4. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/eaceaf801fd36c7dee90939fad912460b18a1ffe...c850b930e6ba138125429b7e5c93fc707a7f8427) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/zz-tmpl-k8s-e2e.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0bf99a413..edb7c1e5d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -200,7 +200,7 @@ jobs: helm unittest charts/ingress-nginx -d - name: cache - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: docker.tar.gz diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index 20fd1053d..3a8916049 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: cache - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: docker.tar.gz From 6c4f2ea03a30bf5bcdb80fffb5509be1606a9590 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 4 Mar 2024 14:45:49 -0500 Subject: [PATCH 078/154] Update README.md (#11065) remove older version, left latest for release train. --- README.md | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 3e6cce5e0..80725aa82 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load balancer. -[Learn more about Ingress on the main Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/). +[Learn more about Ingress on the Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/). ## Get started @@ -28,7 +28,7 @@ If you encounter issues, review the [troubleshooting docs](docs/troubleshooting. See [the list of releases](https://github.com/kubernetes/ingress-nginx/releases) for all changes. For detailed changes for each release, please check the [changelog-$version.md](./changelog) file for the release version. -For detailed changes on the `ingress-nginx` helm chart, please check the changelog folder for a specific version +For detailed changes on the `ingress-nginx` helm chart, please check the changelog folder for a specific version. [CHANGELOG-$current-version.md](./charts/ingress-nginx/changelog) file. ### Supported Versions table @@ -45,17 +45,12 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but | 🔄 | **v1.9.3** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* | | 🔄 | **v1.9.1** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* | | 🔄 | **v1.9.0** | 1.28, 1.27, 1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* | -| | **v1.8.4** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | -| | **v1.8.2** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | -| | **v1.8.1** | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | -| | **v1.8.0** | 1.27, 1.26, 1.25, 1.24 | 3.18.0 | 1.21.6 | 4.7.* | -| | **v1.7.1** | 1.27, 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | -| | **v1.7.0** | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | +| | v1.8.4 | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | +| | v1.7.1 | 1.27, 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | | | v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* | | | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* | | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 | | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | 4.2.5 | -| | v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | 4.2.3 | See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable Ingress API. From a302cc5ccaa62ee6c47a965240dbba98879ebf96 Mon Sep 17 00:00:00 2001 From: Grinish Date: Tue, 5 Mar 2024 22:49:14 -0700 Subject: [PATCH 079/154] docs: update the 404 link to FAQ (#11069) --- docs/examples/rewrite/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/examples/rewrite/README.md b/docs/examples/rewrite/README.md index aadcc1e4b..16889e0bc 100644 --- a/docs/examples/rewrite/README.md +++ b/docs/examples/rewrite/README.md @@ -31,7 +31,7 @@ Rewriting can be controlled using the following annotations: [Captured groups](https://www.regular-expressions.info/refcapture.html) are saved in numbered placeholders, chronologically, in the form `$1`, `$2` ... `$n`. These placeholders can be used as parameters in the `rewrite-target` annotation. !!! note - Please see the [FAQ](../faq.md#validation-of-path) for Validation Of __`path`__ + Please see the [FAQ](../../faq.md#validation-of-path) for Validation Of __`path`__ Create an Ingress rule with a rewrite annotation: From 9b63559cbb492c4ace8641b81c6adc6fc54aa9ce Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Wed, 6 Mar 2024 10:59:22 -0300 Subject: [PATCH 080/154] feature(leader_election): flag to disable leader election feature on controller (#11064) --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/templates/_params.tpl | 3 + charts/ingress-nginx/values.yaml | 2 + docs/user-guide/cli-arguments.md | 1 + internal/ingress/controller/controller.go | 2 + internal/ingress/controller/nginx.go | 38 ++++---- pkg/flags/flags.go | 4 + pkg/flags/flags_test.go | 34 +++++++ .../disableleaderelection/values.yaml | 34 +++++++ .../disableleaderelection/disable_leader.go | 93 +++++++++++++++++++ test/e2e/e2e.go | 1 + 11 files changed, 195 insertions(+), 18 deletions(-) create mode 100644 test/e2e-image/namespace-overlays/disableleaderelection/values.yaml create mode 100644 test/e2e/disableleaderelection/disable_leader.go diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 8f1f3491d..38fa071c5 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -293,6 +293,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.containerSecurityContext | object | `{}` | Security context for controller containers | | controller.customTemplate.configMapKey | string | `""` | | | controller.customTemplate.configMapName | string | `""` | | +| controller.disableLeaderElection | bool | `false` | This configuration disable Nginx Controller Leader Election | | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' | diff --git a/charts/ingress-nginx/templates/_params.tpl b/charts/ingress-nginx/templates/_params.tpl index 0ddef0af1..b2b54db19 100644 --- a/charts/ingress-nginx/templates/_params.tpl +++ b/charts/ingress-nginx/templates/_params.tpl @@ -60,6 +60,9 @@ {{- if .Values.controller.enableTopologyAwareRouting }} - --enable-topology-aware-routing=true {{- end }} +{{- if .Values.controller.disableLeaderElection }} +- --disable-leader-election=true +{{- end }} {{- range $key, $value := .Values.controller.extraArgs }} {{- /* Accept keys without values or with false as value */}} {{- if eq ($value | quote | len) 2 }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 553c5e892..3ec2e4c33 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -83,6 +83,8 @@ controller: # -- This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" # Defaults to false enableTopologyAwareRouting: false + # -- This configuration disable Nginx Controller Leader Election + disableLeaderElection: false # -- This configuration defines if Ingress Controller should allow users to set # their own *-snippet annotations, otherwise this is forbidden / dropped # when users add those annotations. diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index 07a17a271..275c753ec 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -25,6 +25,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--enable-metrics` | Enables the collection of NGINX metrics. (default true) | | `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)| | `--enable-ssl-passthrough` | Enable SSL Passthrough. (default false) | +| `--disable-leader-election` | Disable Leader Election on Nginx Controller. (default false) | | `--enable-topology-aware-routing` | Enable topology aware routing feature, needs service object annotation service.kubernetes.io/topology-mode sets to auto. (default false) | | `--exclude-socket-metrics` | Set of socket request metrics to exclude which won't be exported nor being calculated. The possible socket request metrics to exclude are documented in the monitoring guide e.g. 'nginx_ingress_controller_request_duration_seconds,nginx_ingress_controller_response_size'| | `--health-check-path` | URL path of the health check endpoint. Configured inside the NGINX status server. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. (default "/healthz") | diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index cb8d3712c..495fead15 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -100,6 +100,8 @@ type Configuration struct { EnableSSLPassthrough bool + DisableLeaderElection bool + EnableProfiling bool EnableMetrics bool diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 578d5b4e8..10aafc571 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -271,26 +271,28 @@ func (n *NGINXController) Start() { // TODO: For now, as the the IngressClass logics has changed, is up to the // cluster admin to create different Leader Election IDs. // Should revisit this in a future - electionID := n.cfg.ElectionID - setupLeaderElection(&leaderElectionConfig{ - Client: n.cfg.Client, - ElectionID: electionID, - OnStartedLeading: func(stopCh chan struct{}) { - if n.syncStatus != nil { - go n.syncStatus.Run(stopCh) - } + if !n.cfg.DisableLeaderElection { + electionID := n.cfg.ElectionID + setupLeaderElection(&leaderElectionConfig{ + Client: n.cfg.Client, + ElectionID: electionID, + OnStartedLeading: func(stopCh chan struct{}) { + if n.syncStatus != nil { + go n.syncStatus.Run(stopCh) + } - n.metricCollector.OnStartedLeading(electionID) - // manually update SSL expiration metrics - // (to not wait for a reload) - n.metricCollector.SetSSLExpireTime(n.runningConfig.Servers) - n.metricCollector.SetSSLInfo(n.runningConfig.Servers) - }, - OnStoppedLeading: func() { - n.metricCollector.OnStoppedLeading(electionID) - }, - }) + n.metricCollector.OnStartedLeading(electionID) + // manually update SSL expiration metrics + // (to not wait for a reload) + n.metricCollector.SetSSLExpireTime(n.runningConfig.Servers) + n.metricCollector.SetSSLInfo(n.runningConfig.Servers) + }, + OnStoppedLeading: func() { + n.metricCollector.OnStoppedLeading(electionID) + }, + }) + } cmd := n.command.ExecCommand() diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go index d3bc4ee86..d7157fa79 100644 --- a/pkg/flags/flags.go +++ b/pkg/flags/flags.go @@ -146,6 +146,9 @@ Requires the update-status parameter.`) enableSSLPassthrough = flags.Bool("enable-ssl-passthrough", false, `Enable SSL Passthrough.`) + disableLeaderElection = flags.Bool("disable-leader-election", false, + `Disable Leader Election on NGINX Controller.`) + disableServiceExternalName = flags.Bool("disable-svc-external-name", false, `Disable support for Services of type ExternalName.`) @@ -333,6 +336,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g MonitorMaxBatchSize: *monitorMaxBatchSize, DisableServiceExternalName: *disableServiceExternalName, EnableSSLPassthrough: *enableSSLPassthrough, + DisableLeaderElection: *disableLeaderElection, ResyncPeriod: *resyncPeriod, DefaultService: *defaultSvc, Namespace: *watchNamespace, diff --git a/pkg/flags/flags_test.go b/pkg/flags/flags_test.go index bffe2b16d..54b35dbca 100644 --- a/pkg/flags/flags_test.go +++ b/pkg/flags/flags_test.go @@ -109,3 +109,37 @@ func TestMaxmindRetryDownload(t *testing.T) { t.Fatalf("Expected an error parsing flags but none returned") } } + +func TestDisableLeaderElectionFlag(t *testing.T) { + ResetForTesting(func() { t.Fatal("Parsing failed") }) + + oldArgs := os.Args + defer func() { os.Args = oldArgs }() + os.Args = []string{"cmd", "--disable-leader-election", "--http-port", "80", "--https-port", "443"} + + _, conf, err := ParseFlags() + if err != nil { + t.Fatalf("Unexpected error parsing default flags: %v", err) + } + + if !conf.DisableLeaderElection { + t.Fatalf("Expected --disable-leader-election and conf.DisableLeaderElection as true, but found: %v", conf.DisableLeaderElection) + } +} + +func TestIfLeaderElectionDisabledFlagIsFalse(t *testing.T) { + ResetForTesting(func() { t.Fatal("Parsing failed") }) + + oldArgs := os.Args + defer func() { os.Args = oldArgs }() + os.Args = []string{"cmd", "--http-port", "80", "--https-port", "443"} + + _, conf, err := ParseFlags() + if err != nil { + t.Fatalf("Unexpected error parsing default flags: %v", err) + } + + if conf.DisableLeaderElection { + t.Fatalf("Expected --disable-leader-election and conf.DisableLeaderElection as false, but found: %v", conf.DisableLeaderElection) + } +} diff --git a/test/e2e-image/namespace-overlays/disableleaderelection/values.yaml b/test/e2e-image/namespace-overlays/disableleaderelection/values.yaml new file mode 100644 index 000000000..f312a9fb4 --- /dev/null +++ b/test/e2e-image/namespace-overlays/disableleaderelection/values.yaml @@ -0,0 +1,34 @@ +# TODO: remove the need to use fullnameOverride +fullnameOverride: nginx-ingress +controller: + image: + repository: ingress-controller/controller + chroot: true + tag: 1.0.0-dev + digest: + digestChroot: + scope: + # Necessary to allow the ingress controller to get the topology information from the nodes + enabled: false + config: + worker-processes: "1" + readinessProbe: + initialDelaySeconds: 3 + periodSeconds: 1 + livenessProbe: + initialDelaySeconds: 3 + periodSeconds: 1 + service: + type: NodePort + extraArgs: + # e2e tests do not require information about ingress status + update-status: "false" + terminationGracePeriodSeconds: 1 + admissionWebhooks: + enabled: false + + disableLeaderElection: true + +rbac: + create: true + scope: false diff --git a/test/e2e/disableleaderelection/disable_leader.go b/test/e2e/disableleaderelection/disable_leader.go new file mode 100644 index 000000000..fd7369dfb --- /dev/null +++ b/test/e2e/disableleaderelection/disable_leader.go @@ -0,0 +1,93 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package disableleaderelection + +import ( + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.IngressNginxDescribe("[Disable Leader] Routing works when leader election was disabled", func() { + f := framework.NewDefaultFramework("disableleaderelection") + + ginkgo.BeforeEach(func() { + f.NewEchoDeployment() + }) + + ginkgo.It("should create multiple ingress routings rules when leader election has disabled", func() { + host1 := "leader.election.disabled.com" + host2 := "leader.election.disabled2.com" + + ing1 := framework.NewSingleIngress(host1, "/foo", host1, f.Namespace, framework.EchoService, 80, nil) + f.EnsureIngress(ing1) + + ing2 := framework.NewSingleIngress(host2, "/ping", host2, f.Namespace, framework.EchoService, 80, nil) + f.EnsureIngress(ing2) + + f.WaitForNginxServer(host1, + func(server string) bool { + return strings.Contains(server, host1) && + strings.Contains(server, "location /foo") + }) + + f.WaitForNginxServer(host2, + func(server string) bool { + return strings.Contains(server, host2) && + strings.Contains(server, "location /ping") + }) + + f.HTTPTestClient(). + GET("/foo"). + WithHeader("Host", host1). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClient(). + GET("/bar"). + WithHeader("Host", host1). + Expect(). + Status(http.StatusNotFound) + + f.HTTPTestClient(). + GET("/foo"). + WithHeader("Host", host2). + Expect(). + Status(http.StatusNotFound) + + f.HTTPTestClient(). + GET("/ping"). + WithHeader("Host", host2). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClient(). + GET("/pong"). + WithHeader("Host", host2). + Expect(). + Status(http.StatusNotFound) + + f.HTTPTestClient(). + GET("/ping"). + WithHeader("Host", host1). + Expect(). + Status(http.StatusNotFound) + }) +}) diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index 25d714f88..9abfe7c2c 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -34,6 +34,7 @@ import ( _ "k8s.io/ingress-nginx/test/e2e/annotations/modsecurity" _ "k8s.io/ingress-nginx/test/e2e/dbg" _ "k8s.io/ingress-nginx/test/e2e/defaultbackend" + _ "k8s.io/ingress-nginx/test/e2e/disableleaderelection" _ "k8s.io/ingress-nginx/test/e2e/endpointslices" _ "k8s.io/ingress-nginx/test/e2e/gracefulshutdown" _ "k8s.io/ingress-nginx/test/e2e/ingress" From 0e11470ef335d58ddbe02020d6473654e62c5d5b Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 6 Mar 2024 09:53:45 -0500 Subject: [PATCH 081/154] bump golang (#11070) Signed-off-by: James Strong --- GOLANG_VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GOLANG_VERSION b/GOLANG_VERSION index 80a81c0e7..24b38a959 100644 --- a/GOLANG_VERSION +++ b/GOLANG_VERSION @@ -1 +1 @@ -1.22.0 \ No newline at end of file +1.22.1 \ No newline at end of file From 12fbe9b16313bf54b97b55af2dd06f29db467563 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 7 Mar 2024 11:39:53 +0100 Subject: [PATCH 082/154] golangci-lint update, ci cleanup, group dependabot updates (#11071) * bump golangci-lint to v1.56.x Signed-off-by: cpanato * cleanup empty lines Signed-off-by: cpanato * group dependabot updates Signed-off-by: cpanato * run on job changes as well Signed-off-by: cpanato * remove deprecated checks Signed-off-by: cpanato * fix lints and format Signed-off-by: cpanato --------- Signed-off-by: cpanato --- .github/actions/mkdocs/Dockerfile | 2 +- .github/dependabot.yml | 14 ++++++++++++ .github/workflows/ci.yaml | 12 +++++----- .github/workflows/golangci-lint.yml | 11 +++++----- .github/workflows/images.yaml | 5 +---- .github/workflows/plugin.yaml | 2 +- .golangci.yml | 2 -- cmd/dbg/main.go | 12 +++++----- cmd/nginx/main.go | 5 ++--- cmd/plugin/commands/backends/backends.go | 2 +- cmd/plugin/commands/certs/certs.go | 2 +- cmd/plugin/commands/conf/conf.go | 2 +- cmd/plugin/commands/exec/exec.go | 2 +- cmd/plugin/commands/general/general.go | 2 +- cmd/plugin/commands/info/info.go | 2 +- cmd/plugin/commands/ingresses/ingresses.go | 10 ++++----- cmd/plugin/commands/lint/main.go | 4 ++-- cmd/plugin/commands/logs/logs.go | 2 +- cmd/plugin/commands/ssh/ssh.go | 2 +- images/opentelemetry/rootfs/init_module.go | 1 - internal/ingress/annotations/authreq/main.go | 4 ++-- internal/ingress/annotations/canary/main.go | 4 ++-- .../annotations/parser/validators_test.go | 2 +- internal/ingress/controller/checker_test.go | 2 +- .../ingress/controller/controller_test.go | 20 ++++++++--------- internal/ingress/controller/location.go | 2 +- internal/ingress/controller/nginx.go | 1 - internal/ingress/controller/nginx_test.go | 2 +- internal/ingress/controller/status.go | 2 +- internal/ingress/controller/store/store.go | 2 +- .../ingress/controller/template/template.go | 8 +++---- .../metric/collectors/admission_test.go | 2 +- .../metric/collectors/controller_test.go | 2 +- internal/ingress/metric/collectors/socket.go | 2 +- .../ingress/metric/collectors/socket_test.go | 3 +-- .../ingress/metric/collectors/testutils.go | 2 +- internal/net/ssl/ssl.go | 1 - internal/net/ssl/ssl_test.go | 2 +- internal/nginx/maxmind.go | 2 +- magefiles/steps/release.go | 1 - magefiles/utils/e2edocs.go | 22 +++++++------------ test/e2e/framework/exec.go | 2 +- test/e2e/framework/framework.go | 6 ++--- test/e2e/framework/httpexpect/request.go | 2 +- test/e2e/tcpudp/tcp.go | 2 +- 45 files changed, 96 insertions(+), 100 deletions(-) diff --git a/.github/actions/mkdocs/Dockerfile b/.github/actions/mkdocs/Dockerfile index 378128978..f00584d32 100644 --- a/.github/actions/mkdocs/Dockerfile +++ b/.github/actions/mkdocs/Dockerfile @@ -1,4 +1,4 @@ -FROM squidfunk/mkdocs-material:9.4.5 +FROM squidfunk/mkdocs-material:9.4.5 COPY action.sh /action.sh diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5ad21ca95..69d1ba161 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,6 +9,10 @@ updates: - "area/dependency" - "release-note-none" - "ok-to-test" + groups: + all: + update-types: + - "patch" - package-ecosystem: "github-actions" directory: "/" schedule: @@ -17,6 +21,11 @@ updates: - "area/dependency" - "release-note-none" - "ok-to-test" + groups: + all: + update-types: + - "minor" + - "patch" - package-ecosystem: "docker" directory: "/images" schedule: @@ -25,3 +34,8 @@ updates: - "area/dependency" - "release-note-none" - "ok-to-test" + groups: + actions: + update-types: + - "minor" + - "patch" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index edb7c1e5d..266565578 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -78,10 +78,10 @@ jobs: steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - + - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - + - name: Set up Go id: go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 @@ -100,13 +100,13 @@ jobs: golangversion: ${{ steps.golangversion.outputs.version }} if: | (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') - + env: PLATFORMS: linux/amd64 steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - + - name: Get go version id: golangversion run: | @@ -136,14 +136,14 @@ jobs: curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl - + - name: Build NGINX Base image if: | needs.changes.outputs.baseimage == 'true' run: | export TAG=$(cat images/nginx-1.25/TAG) cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx-1.25:${TAG} . - + - name: Build images env: TAG: 1.0.0-dev diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index f6929e73c..b5ad3c93c 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -2,10 +2,9 @@ name: golangci-lint on: pull_request: - branches: - - "*" paths: - '**/*.go' + - '.github/workflows/golangci-lint.yml' permissions: contents: read @@ -17,18 +16,18 @@ jobs: steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - + - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - + - name: Set up Go id: go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: ${{ env.GOLANG_VERSION }} check-latest: true - + - name: golangci-lint uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 with: - version: v1.55.2 + version: v1.56 diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index e46c1b4bd..5effdee82 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -69,7 +69,7 @@ jobs: - 'images/opentelemetry/**' nginx125: - 'images/nginx-1.25/TAG' - + #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here) cfssl: needs: changes @@ -89,7 +89,6 @@ jobs: name: custom-error-pages secrets: inherit - e2e-test-echo: needs: changes if: | @@ -214,5 +213,3 @@ jobs: run: | export TAG=$(cat images/nginx-1.25/TAG) cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx-1.25:${TAG} . - - diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index fe99b2444..6f4804d6f 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -33,7 +33,7 @@ jobs: args: release --snapshot --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - + - name: Run GoReleaser if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 diff --git a/.golangci.yml b/.golangci.yml index 5da8f0399..0cf49e6af 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -200,9 +200,7 @@ linters-settings: - stringConcatSimplify - stringsCompare - switchTrue - - timeCmpSimplify - timeExprSimplify - - todoCommentWithoutDetail - tooManyResultsChecker - typeAssertChain - typeDefFirst diff --git a/cmd/dbg/main.go b/cmd/dbg/main.go index b63bcf5fe..ab68001c9 100644 --- a/cmd/dbg/main.go +++ b/cmd/dbg/main.go @@ -47,7 +47,7 @@ func main() { backendsAllCmd := &cobra.Command{ Use: "all", Short: "Output the all dynamic backend information as a JSON array", - Run: func(cmd *cobra.Command, args []string) { + Run: func(_ *cobra.Command, _ []string) { backendsAll() }, } @@ -56,7 +56,7 @@ func main() { backendsListCmd := &cobra.Command{ Use: "list", Short: "Output a newline-separated list of the backend names", - Run: func(cmd *cobra.Command, args []string) { + Run: func(_ *cobra.Command, _ []string) { backendsList() }, } @@ -66,7 +66,7 @@ func main() { Use: "get [backend name]", Short: "Output the backend information only for the backend that has this name", Args: cobra.ExactArgs(1), - Run: func(cmd *cobra.Command, args []string) { + Run: func(_ *cobra.Command, args []string) { backendsGet(args[0]) }, } @@ -81,7 +81,7 @@ func main() { Use: "get [hostname]", Short: "Get the dynamically-loaded certificate information for the given hostname", Args: cobra.ExactArgs(1), - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(_ *cobra.Command, args []string) error { certGet(args[0]) return nil }, @@ -93,7 +93,7 @@ func main() { generalCmd := &cobra.Command{ Use: "general", Short: "Output the general dynamic lua state", - Run: func(cmd *cobra.Command, args []string) { + Run: func(_ *cobra.Command, _ []string) { general() }, } @@ -102,7 +102,7 @@ func main() { confCmd := &cobra.Command{ Use: "conf", Short: "Dump the contents of /etc/nginx/nginx.conf", - Run: func(cmd *cobra.Command, args []string) { + Run: func(_ *cobra.Command, _ []string) { readNginxConf() }, } diff --git a/cmd/nginx/main.go b/cmd/nginx/main.go index 1d30091ef..5ab54aa93 100644 --- a/cmd/nginx/main.go +++ b/cmd/nginx/main.go @@ -74,7 +74,7 @@ func main() { handleFatalInitError(err) } - if len(conf.DefaultService) > 0 { + if conf.DefaultService != "" { err := checkService(conf.DefaultService, kubeClient) if err != nil { klog.Fatal(err) @@ -83,7 +83,7 @@ func main() { klog.InfoS("Valid default backend", "service", conf.DefaultService) } - if len(conf.PublishService) > 0 { + if conf.PublishService != "" { err := checkService(conf.PublishService, kubeClient) if err != nil { klog.Fatal(err) @@ -235,7 +235,6 @@ func createApiserverClient(apiserverHost, rootCAFile, kubeConfig string) (*kuber retries++ return false, nil }) - // err is returned in case of timeout in the exponential backoff (ErrWaitTimeout) if err != nil { return nil, lastErr diff --git a/cmd/plugin/commands/backends/backends.go b/cmd/plugin/commands/backends/backends.go index ff44fd9c2..e7bd42147 100644 --- a/cmd/plugin/commands/backends/backends.go +++ b/cmd/plugin/commands/backends/backends.go @@ -34,7 +34,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { cmd := &cobra.Command{ Use: "backends", Short: "Inspect the dynamic backend information of an ingress-nginx instance", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { backend, err := cmd.Flags().GetString("backend") if err != nil { return err diff --git a/cmd/plugin/commands/certs/certs.go b/cmd/plugin/commands/certs/certs.go index ee27cf1b1..4a7fee1cf 100644 --- a/cmd/plugin/commands/certs/certs.go +++ b/cmd/plugin/commands/certs/certs.go @@ -35,7 +35,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { cmd := &cobra.Command{ Use: "certs", Short: "Output the certificate data stored in an ingress-nginx pod", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { host, err := cmd.Flags().GetString("host") if err != nil { return err diff --git a/cmd/plugin/commands/conf/conf.go b/cmd/plugin/commands/conf/conf.go index 090fb40bb..5821b11f1 100644 --- a/cmd/plugin/commands/conf/conf.go +++ b/cmd/plugin/commands/conf/conf.go @@ -36,7 +36,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { cmd := &cobra.Command{ Use: "conf", Short: "Inspect the generated nginx.conf", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { host, err := cmd.Flags().GetString("host") if err != nil { return err diff --git a/cmd/plugin/commands/exec/exec.go b/cmd/plugin/commands/exec/exec.go index 8e853c534..a91bdb594 100644 --- a/cmd/plugin/commands/exec/exec.go +++ b/cmd/plugin/commands/exec/exec.go @@ -34,7 +34,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { cmd := &cobra.Command{ Use: "exec", Short: "Execute a command inside an ingress-nginx pod", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(_ *cobra.Command, args []string) error { util.PrintError(exec(flags, *pod, *deployment, *selector, *container, args, opts)) return nil }, diff --git a/cmd/plugin/commands/general/general.go b/cmd/plugin/commands/general/general.go index cea403562..d7b3b34f9 100644 --- a/cmd/plugin/commands/general/general.go +++ b/cmd/plugin/commands/general/general.go @@ -34,7 +34,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { cmd := &cobra.Command{ Use: "general", Short: "Inspect the other dynamic ingress-nginx information", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(_ *cobra.Command, _ []string) error { util.PrintError(general(flags, *pod, *deployment, *selector, *container)) return nil }, diff --git a/cmd/plugin/commands/info/info.go b/cmd/plugin/commands/info/info.go index 246046c3a..e0fd3aaec 100644 --- a/cmd/plugin/commands/info/info.go +++ b/cmd/plugin/commands/info/info.go @@ -32,7 +32,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { cmd := &cobra.Command{ Use: "info", Short: "Show information about the ingress-nginx service", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { service, err := cmd.Flags().GetString("service") if err != nil { return err diff --git a/cmd/plugin/commands/ingresses/ingresses.go b/cmd/plugin/commands/ingresses/ingresses.go index 8a25418db..7cb90a570 100644 --- a/cmd/plugin/commands/ingresses/ingresses.go +++ b/cmd/plugin/commands/ingresses/ingresses.go @@ -36,7 +36,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { Use: "ingresses", Aliases: []string{"ingress", "ing"}, Short: "Provide a short summary of all of the ingress definitions", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, _ []string) error { host, err := cmd.Flags().GetString("host") if err != nil { return err @@ -139,14 +139,14 @@ func getIngressRows(ingresses *[]networking.Ingress) []ingressRow { ing := &(*ingresses)[i] address := "" for _, lbIng := range ing.Status.LoadBalancer.Ingress { - if len(lbIng.IP) > 0 { + if lbIng.IP != "" { address = address + lbIng.IP + "," } - if len(lbIng.Hostname) > 0 { + if lbIng.Hostname != "" { address = address + lbIng.Hostname + "," } } - if len(address) > 0 { + if address != "" { address = address[:len(address)-1] } @@ -166,7 +166,7 @@ func getIngressRows(ingresses *[]networking.Ingress) []ingressRow { } // Handle catch-all ingress - if len(ing.Spec.Rules) == 0 && len(defaultBackendService) > 0 { + if len(ing.Spec.Rules) == 0 && defaultBackendService != "" { row := ingressRow{ Namespace: ing.Namespace, IngressName: ing.Name, diff --git a/cmd/plugin/commands/lint/main.go b/cmd/plugin/commands/lint/main.go index 847fe86c9..69ab984f5 100644 --- a/cmd/plugin/commands/lint/main.go +++ b/cmd/plugin/commands/lint/main.go @@ -38,7 +38,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { cmd := &cobra.Command{ Use: "lint", Short: "Inspect kubernetes resources for possible issues", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(_ *cobra.Command, _ []string) error { err := opts.Validate() if err != nil { return err @@ -73,7 +73,7 @@ func createSubcommand(flags *genericclioptions.ConfigFlags, names []string, shor Use: names[0], Aliases: names[1:], Short: short, - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(_ *cobra.Command, _ []string) error { err := opts.Validate() if err != nil { return err diff --git a/cmd/plugin/commands/logs/logs.go b/cmd/plugin/commands/logs/logs.go index 22068d469..d9f6e7bd8 100644 --- a/cmd/plugin/commands/logs/logs.go +++ b/cmd/plugin/commands/logs/logs.go @@ -36,7 +36,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { cmd := &cobra.Command{ Use: "logs", Short: "Get the kubernetes logs for an ingress-nginx pod", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(_ *cobra.Command, _ []string) error { util.PrintError(logs(flags, *pod, *deployment, *selector, *container, o)) return nil }, diff --git a/cmd/plugin/commands/ssh/ssh.go b/cmd/plugin/commands/ssh/ssh.go index a4762d781..c9631d10b 100644 --- a/cmd/plugin/commands/ssh/ssh.go +++ b/cmd/plugin/commands/ssh/ssh.go @@ -32,7 +32,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command { cmd := &cobra.Command{ Use: "ssh", Short: "ssh into a running ingress-nginx pod", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(_ *cobra.Command, _ []string) error { util.PrintError(ssh(flags, *pod, *deployment, *selector, *container)) return nil }, diff --git a/images/opentelemetry/rootfs/init_module.go b/images/opentelemetry/rootfs/init_module.go index bebec728f..5d285052d 100644 --- a/images/opentelemetry/rootfs/init_module.go +++ b/images/opentelemetry/rootfs/init_module.go @@ -74,7 +74,6 @@ func run() error { return nil }) - if err != nil { return fmt.Errorf("failed to copy files: %w", err) } diff --git a/internal/ingress/annotations/authreq/main.go b/internal/ingress/annotations/authreq/main.go index c66b0ed47..ad38c36b1 100644 --- a/internal/ingress/annotations/authreq/main.go +++ b/internal/ingress/annotations/authreq/main.go @@ -416,7 +416,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) { harr := strings.Split(hstr, ",") for _, header := range harr { header = strings.TrimSpace(header) - if len(header) > 0 { + if header != "" { if !ValidHeader(header) { return nil, ing_errors.NewLocationDenied("invalid headers list") } @@ -505,7 +505,7 @@ func ParseStringToCacheDurations(input string) ([]string, error) { arr := strings.Split(input, ",") for _, duration := range arr { duration = strings.TrimSpace(duration) - if len(duration) > 0 { + if duration != "" { if !ValidCacheDuration(duration) { authCacheDuration = []string{DefaultCacheDuration} return authCacheDuration, ing_errors.NewLocationDenied(fmt.Sprintf("invalid cache duration: %s", duration)) diff --git a/internal/ingress/annotations/canary/main.go b/internal/ingress/annotations/canary/main.go index be5761675..ccfe14261 100644 --- a/internal/ingress/annotations/canary/main.go +++ b/internal/ingress/annotations/canary/main.go @@ -177,8 +177,8 @@ func (c canary) Parse(ing *networking.Ingress) (interface{}, error) { config.Cookie = "" } - if !config.Enabled && (config.Weight > 0 || len(config.Header) > 0 || len(config.HeaderValue) > 0 || len(config.Cookie) > 0 || - len(config.HeaderPattern) > 0) { + if !config.Enabled && (config.Weight > 0 || config.Header != "" || config.HeaderValue != "" || config.Cookie != "" || + config.HeaderPattern != "") { return nil, errors.NewInvalidAnnotationConfiguration(canaryAnnotation, "configured but not enabled") } diff --git a/internal/ingress/annotations/parser/validators_test.go b/internal/ingress/annotations/parser/validators_test.go index 8523232a2..ed8449452 100644 --- a/internal/ingress/annotations/parser/validators_test.go +++ b/internal/ingress/annotations/parser/validators_test.go @@ -104,7 +104,7 @@ func Test_checkAnnotation(t *testing.T) { }, fields: AnnotationFields{ "otherannotation": AnnotationConfig{ - Validator: func(value string) error { return nil }, + Validator: func(_ string) error { return nil }, }, }, }, diff --git a/internal/ingress/controller/checker_test.go b/internal/ingress/controller/checker_test.go index 5fb6b09fd..a8a0b67ad 100644 --- a/internal/ingress/controller/checker_test.go +++ b/internal/ingress/controller/checker_test.go @@ -53,7 +53,7 @@ func TestNginxCheck(t *testing.T) { server := &httptest.Server{ Listener: listener, Config: &http.Server{ - Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + Handler: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusOK) fmt.Fprintf(w, "ok") }), diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index c07fcfadf..e257dd1f1 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -170,7 +170,7 @@ func (fakeTemplate) Write(conf *ngx_config.TemplateConfig) ([]byte, error) { func TestCheckIngress(t *testing.T) { defer func() { - err := filepath.Walk(os.TempDir(), func(path string, info os.FileInfo, err error) error { + err := filepath.Walk(os.TempDir(), func(path string, info os.FileInfo, _ error) error { if info.IsDir() && os.TempDir() != path { return filepath.SkipDir } @@ -1573,7 +1573,7 @@ func TestGetBackendServers(t *testing.T) { }, }, }, - Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + Validate: func(_ []*ingress.Ingress, _ []*ingress.Backend, servers []*ingress.Server) { if len(servers) != 1 { t.Errorf("servers count should be 1, got %d", len(servers)) return @@ -1640,7 +1640,7 @@ func TestGetBackendServers(t *testing.T) { }, }, }, - Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + Validate: func(_ []*ingress.Ingress, _ []*ingress.Backend, servers []*ingress.Server) { if len(servers) != 1 { t.Errorf("servers count should be 1, got %d", len(servers)) return @@ -1700,7 +1700,7 @@ func TestGetBackendServers(t *testing.T) { }, }, }, - Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + Validate: func(_ []*ingress.Ingress, _ []*ingress.Backend, servers []*ingress.Server) { if len(servers) != 1 { t.Errorf("servers count should be 1, got %d", len(servers)) return @@ -1799,7 +1799,7 @@ func TestGetBackendServers(t *testing.T) { }, }, }, - Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + Validate: func(_ []*ingress.Ingress, _ []*ingress.Backend, servers []*ingress.Server) { if len(servers) != 2 { t.Errorf("servers count should be 2, got %d", len(servers)) return @@ -2059,7 +2059,7 @@ func TestGetBackendServers(t *testing.T) { }, }, }, - Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + Validate: func(_ []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { if len(servers) != 2 { t.Errorf("servers count should be 2, got %d", len(servers)) return @@ -2190,7 +2190,7 @@ func TestGetBackendServers(t *testing.T) { }, }, }, - Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + Validate: func(ingresses []*ingress.Ingress, _ []*ingress.Backend, servers []*ingress.Server) { if len(servers) != 2 { t.Errorf("servers count should be 2, got %d", len(servers)) return @@ -2298,7 +2298,7 @@ func TestGetBackendServers(t *testing.T) { }, }, }, - Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + Validate: func(ingresses []*ingress.Ingress, _ []*ingress.Backend, servers []*ingress.Server) { if len(servers) != 2 { t.Errorf("servers count should be 2, got %d", len(servers)) return @@ -2367,7 +2367,7 @@ func TestGetBackendServers(t *testing.T) { }, }, }, - Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + Validate: func(_ []*ingress.Ingress, _ []*ingress.Backend, servers []*ingress.Server) { if len(servers) != 2 { t.Errorf("servers count should be 1, got %d", len(servers)) return @@ -2437,7 +2437,7 @@ func TestGetBackendServers(t *testing.T) { }, }, }, - Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) { + Validate: func(_ []*ingress.Ingress, _ []*ingress.Backend, servers []*ingress.Server) { if len(servers) != 2 { t.Errorf("servers count should be 2, got %d", len(servers)) return diff --git a/internal/ingress/controller/location.go b/internal/ingress/controller/location.go index 9776f8c87..221c089c2 100644 --- a/internal/ingress/controller/location.go +++ b/internal/ingress/controller/location.go @@ -100,7 +100,7 @@ func normalizePrefixPath(path string) string { } func needsRewrite(location *ingress.Location) bool { - if len(location.Rewrite.Target) > 0 && location.Rewrite.Target != location.Path { + if location.Rewrite.Target != "" && location.Rewrite.Target != location.Path { return true } diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 10aafc571..1d385e506 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -197,7 +197,6 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro filesToWatch = append(filesToWatch, path) return nil }) - if err != nil { klog.Fatalf("Error creating file watchers: %v", err) } diff --git a/internal/ingress/controller/nginx_test.go b/internal/ingress/controller/nginx_test.go index c68b0b188..27180e066 100644 --- a/internal/ingress/controller/nginx_test.go +++ b/internal/ingress/controller/nginx_test.go @@ -391,7 +391,7 @@ func TestCleanTempNginxCfg(t *testing.T) { var files []string - err = filepath.Walk(os.TempDir(), func(path string, info os.FileInfo, err error) error { + err = filepath.Walk(os.TempDir(), func(path string, info os.FileInfo, _ error) error { if info.IsDir() && os.TempDir() != path { return filepath.SkipDir } diff --git a/internal/ingress/controller/status.go b/internal/ingress/controller/status.go index e061b2cb7..6bab7c2ad 100644 --- a/internal/ingress/controller/status.go +++ b/internal/ingress/controller/status.go @@ -59,7 +59,7 @@ func setupLeaderElection(config *leaderElectionConfig) { var stopCh chan struct{} callbacks := leaderelection.LeaderCallbacks{ - OnStartedLeading: func(ctx context.Context) { + OnStartedLeading: func(_ context.Context) { klog.V(2).InfoS("I am the new leader") stopCh = make(chan struct{}) diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 4288785de..284f53209 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -292,7 +292,7 @@ func New( // the memory consumption of nginx-ingress-controller explode. // In order to avoid that we filter out labels OWNER=TILLER. labelsTweakListOptionsFunc := func(options *metav1.ListOptions) { - if len(options.LabelSelector) > 0 { + if options.LabelSelector != "" { options.LabelSelector += ",OWNER!=TILLER" } else { options.LabelSelector = "OWNER!=TILLER" diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index f08eee498..7cd6a0604 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -497,7 +497,7 @@ func buildResolvers(res, disableIpv6 interface{}) string { } func needsRewrite(location *ingress.Location) bool { - if len(location.Rewrite.Target) > 0 && location.Rewrite.Target != location.Path { + if location.Rewrite.Target != "" && location.Rewrite.Target != location.Path { return true } return false @@ -771,10 +771,10 @@ func buildProxyPass(_ string, b, loc interface{}) string { return defProxyPass } - if len(location.Rewrite.Target) > 0 { + if location.Rewrite.Target != "" { var xForwardedPrefix string - if len(location.XForwardedPrefix) > 0 { + if location.XForwardedPrefix != "" { xForwardedPrefix = fmt.Sprintf("%s X-Forwarded-Prefix %q;\n", proxySetHeader(location), location.XForwardedPrefix) } @@ -1738,7 +1738,7 @@ func buildCorsOriginRegex(corsOrigins []string) string { originsRegex := "if ($http_origin ~* (" for i, origin := range corsOrigins { originTrimmed := strings.TrimSpace(origin) - if len(originTrimmed) > 0 { + if originTrimmed != "" { builtOrigin := buildOriginRegex(originTrimmed) originsRegex += builtOrigin if i != len(corsOrigins)-1 { diff --git a/internal/ingress/metric/collectors/admission_test.go b/internal/ingress/metric/collectors/admission_test.go index 68208ad3e..a23384a88 100644 --- a/internal/ingress/metric/collectors/admission_test.go +++ b/internal/ingress/metric/collectors/admission_test.go @@ -59,7 +59,7 @@ func TestAdmissionCounters(t *testing.T) { }{ { name: "should return 0 as values on a fresh initiated collector", - test: func(am *AdmissionCollector) { + test: func(_ *AdmissionCollector) { }, want: metadataFirst + ` nginx_ingress_controller_admission_config_size{controller_class="nginx",controller_namespace="default",controller_pod="pod"} 0 diff --git a/internal/ingress/metric/collectors/controller_test.go b/internal/ingress/metric/collectors/controller_test.go index 15735df42..53a0fd31a 100644 --- a/internal/ingress/metric/collectors/controller_test.go +++ b/internal/ingress/metric/collectors/controller_test.go @@ -42,7 +42,7 @@ func TestControllerCounters(t *testing.T) { }{ { name: "should return not increment in metrics if no operations are invoked", - test: func(cm *Controller) { + test: func(_ *Controller) { }, want: metadata + ` nginx_ingress_controller_config_last_reload_successful{controller_class="nginx",controller_namespace="default",controller_pod="pod"} 0 diff --git a/internal/ingress/metric/collectors/socket.go b/internal/ingress/metric/collectors/socket.go index a70024c57..248f23f63 100644 --- a/internal/ingress/metric/collectors/socket.go +++ b/internal/ingress/metric/collectors/socket.go @@ -329,7 +329,7 @@ func (sc *SocketCollector) handleMessage(msg []byte) { continue } - if sc.reportStatusClasses && len(stats.Status) > 0 { + if sc.reportStatusClasses && stats.Status != "" { stats.Status = fmt.Sprintf("%cxx", stats.Status[0]) } diff --git a/internal/ingress/metric/collectors/socket_test.go b/internal/ingress/metric/collectors/socket_test.go index 71e9097c9..2113b4725 100644 --- a/internal/ingress/metric/collectors/socket_test.go +++ b/internal/ingress/metric/collectors/socket_test.go @@ -30,8 +30,7 @@ import ( func TestNewUDPLogListener(t *testing.T) { var count uint64 - //nolint:unparam // Unused `message` param is required by the handleMessages function - fn := func(message []byte) { + fn := func(message []byte) { //nolint:unparam,revive // Unused `message` param is required by the handleMessages function atomic.AddUint64(&count, 1) } diff --git a/internal/ingress/metric/collectors/testutils.go b/internal/ingress/metric/collectors/testutils.go index e59ccfd9c..3fc0fc754 100644 --- a/internal/ingress/metric/collectors/testutils.go +++ b/internal/ingress/metric/collectors/testutils.go @@ -109,7 +109,7 @@ func removeUnusedWhitespace(s string) string { for _, l := range lines { trimmedLine = strings.TrimSpace(l) - if len(trimmedLine) > 0 { + if trimmedLine != "" { trimmedLines = append(trimmedLines, trimmedLine) } } diff --git a/internal/net/ssl/ssl.go b/internal/net/ssl/ssl.go index 26fd706e1..f8bac2377 100644 --- a/internal/net/ssl/ssl.go +++ b/internal/net/ssl/ssl.go @@ -400,7 +400,6 @@ func getFakeHostSSLCert(host string) (cert, key []byte) { var err error priv, err = rsa.GenerateKey(rand.Reader, 2048) - if err != nil { klog.Fatalf("failed to generate fake private key: %v", err) } diff --git a/internal/net/ssl/ssl_test.go b/internal/net/ssl/ssl_test.go index 9f8c5eeae..47fa07c7c 100644 --- a/internal/net/ssl/ssl_test.go +++ b/internal/net/ssl/ssl_test.go @@ -446,7 +446,7 @@ func TestTLSKeyReloader(t *testing.T) { } watcher.load() - s := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) + s := httptest.NewUnstartedServer(http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {})) s.Config.TLSConfig = watcher.TLSConfig() s.Listener = tls.NewListener(s.Listener, s.Config.TLSConfig) go s.Start() diff --git a/internal/nginx/maxmind.go b/internal/nginx/maxmind.go index 1dc2f4d4e..3bd895b5d 100644 --- a/internal/nginx/maxmind.go +++ b/internal/nginx/maxmind.go @@ -132,7 +132,7 @@ func DownloadGeoLite2DB(attempts int, period time.Duration) error { } func createURL(mirror, licenseKey, dbName string) string { - if len(mirror) > 0 { + if mirror != "" { return fmt.Sprintf("%s/%s.tar.gz", mirror, dbName) } return fmt.Sprintf(maxmindURL, licenseKey, dbName) diff --git a/magefiles/steps/release.go b/magefiles/steps/release.go index 1ed09850f..4cb8b40bd 100644 --- a/magefiles/steps/release.go +++ b/magefiles/steps/release.go @@ -215,7 +215,6 @@ func (Release) LatestCommitLogs() { } func commitsBetweenTags(newversion, oldversion string) []string { - var newTag, oldTag string tags := getAllControllerTags() newTag, oldTag = tags[0], tags[1] diff --git a/magefiles/utils/e2edocs.go b/magefiles/utils/e2edocs.go index 2edc2ca40..2f5626db6 100644 --- a/magefiles/utils/e2edocs.go +++ b/magefiles/utils/e2edocs.go @@ -25,22 +25,19 @@ import ( "os" "path/filepath" "regexp" + "slices" "strings" "text/template" - - "slices" ) //go:embed templates/e2edocs.tpl var tplContent embed.FS -var ( - skipFiles = []string{ - "test/e2e/framework/framework.go", - "test/e2e/e2e.go", - "test/e2e/e2e_test.go", - } -) +var skipFiles = []string{ + "test/e2e/framework/framework.go", + "test/e2e/e2e.go", + "test/e2e/e2e_test.go", +} const ( testDir = "test/e2e" @@ -48,9 +45,7 @@ const ( URL = "https://github.com/kubernetes/ingress-nginx/tree/main/" ) -var ( - betweenquotes = regexp.MustCompile(`("|\')(?P.*)("|\')`) -) +var betweenquotes = regexp.MustCompile(`("|\')(?P.*)("|\')`) type E2ETemplate struct { URL string @@ -102,7 +97,7 @@ func (t *E2ETemplate) walkE2eDir(path string, d fs.DirEntry, errAggregated error fileScanner.Split(bufio.ScanLines) tests := make([]string, 0) - var lineN = 0 + lineN := 0 for fileScanner.Scan() { lineN = lineN + 1 if !containsGinkgoTest(fileScanner.Text()) { @@ -136,5 +131,4 @@ func GenerateE2EDocs() (string, error) { return "", err } return tplBuff.String(), nil - } diff --git a/test/e2e/framework/exec.go b/test/e2e/framework/exec.go index 9e4b55122..580a8f58e 100644 --- a/test/e2e/framework/exec.go +++ b/test/e2e/framework/exec.go @@ -102,7 +102,7 @@ func (f *Framework) NamespaceContent() (string, error) { } eout := strings.TrimSpace(execErr.String()) - if len(eout) > 0 { + if eout != "" { return "", fmt.Errorf("stderr: %v", eout) } diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 4723117c8..b71d84baa 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -313,7 +313,7 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b return false, nil } - if klog.V(10).Enabled() && len(o) > 0 { + if klog.V(10).Enabled() && o != "" { klog.InfoS("NGINX", "configuration", o) } @@ -335,7 +335,7 @@ func (f *Framework) matchNginxCustomConditions(from, to string, matcher func(cfg return false, nil } - if klog.V(10).Enabled() && len(o) > 0 { + if klog.V(10).Enabled() && o != "" { klog.InfoS("NGINX", "configuration", o) } @@ -501,7 +501,7 @@ func (f *Framework) newHTTPTestClient(config *tls.Config, setIngressURL bool) *h Transport: &http.Transport{ TLSClientConfig: config, }, - CheckRedirect: func(req *http.Request, via []*http.Request) error { + CheckRedirect: func(_ *http.Request, _ []*http.Request) error { return http.ErrUseLastResponse }, }, httpexpect.NewAssertReporter()) diff --git a/test/e2e/framework/httpexpect/request.go b/test/e2e/framework/httpexpect/request.go index 0ae85dd79..4daba136e 100644 --- a/test/e2e/framework/httpexpect/request.go +++ b/test/e2e/framework/httpexpect/request.go @@ -93,7 +93,7 @@ func (h *HTTPRequest) ForceResolve(ip string, port uint16) *HTTPRequest { return h } newTransport := oldTransport.Clone() - newTransport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) { + newTransport.DialContext = func(ctx context.Context, network, _ string) (net.Conn, error) { return dialer.DialContext(ctx, network, resolveAddr) } h.client.Transport = newTransport diff --git a/test/e2e/tcpudp/tcp.go b/test/e2e/tcpudp/tcp.go index f06d6c9a3..856184d18 100644 --- a/test/e2e/tcpudp/tcp.go +++ b/test/e2e/tcpudp/tcp.go @@ -133,7 +133,7 @@ var _ = framework.IngressNginxDescribe("[TCP] tcp-services", func() { // Execute the test. Use the `external name` service to resolve a domain name. resolver := net.Resolver{ PreferGo: true, - Dial: func(ctx context.Context, network, address string) (net.Conn, error) { + Dial: func(ctx context.Context, _, _ string) (net.Conn, error) { d := net.Dialer{} return d.DialContext(ctx, "tcp", fmt.Sprintf("%v:5353", ip)) }, From 7a2e4b19a1ac1ea84664c1fad6ecaeb579a60321 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Mar 2024 05:52:06 -0800 Subject: [PATCH 083/154] Bump github.com/prometheus/common from 0.49.0 to 0.50.0 (#11075) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.49.0 to 0.50.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.49.0...v0.50.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++++++------- go.sum | 28 ++++++++++++++-------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 5302136d3..45c8cd352 100644 --- a/go.mod +++ b/go.mod @@ -19,13 +19,13 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.49.0 + github.com/prometheus/common v0.50.0 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 - golang.org/x/crypto v0.20.0 + golang.org/x/crypto v0.21.0 google.golang.org/grpc v1.62.0 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 @@ -104,17 +104,17 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20240123142251-f86470692795 // indirect golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.21.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect + golang.org/x/net v0.22.0 // indirect + golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.18.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c // indirect - google.golang.org/protobuf v1.32.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index dd490e7ec..3dba34da9 100644 --- a/go.sum +++ b/go.sum @@ -323,8 +323,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.49.0 h1:ToNTdK4zSnPVJmh698mGFkDor9wBI/iGaJy5dbH1EgI= -github.com/prometheus/common v0.49.0/go.mod h1:Kxm+EULxRbUkjGU6WFsQqo3ORzB4tyKvlWFOE9mB2sE= +github.com/prometheus/common v0.50.0 h1:YSZE6aa9+luNa2da6/Tik0q0A5AbR+U003TItK57CPQ= +github.com/prometheus/common v0.50.0/go.mod h1:wHFBCEVWVmHMUpg7pYcOm2QUR/ocQdYSJVQJKnHc3xQ= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -401,8 +401,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= -golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -472,16 +472,16 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -543,12 +543,12 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -700,8 +700,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 43595fc5b700fa1a8a08829b4700e69ce2d43fe9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Mar 2024 07:00:53 -0800 Subject: [PATCH 084/154] Bump the all group with 1 update (#11072) Bumps the all group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/grpc` from 1.62.0 to 1.62.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 45c8cd352..4d9378a7b 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.21.0 - google.golang.org/grpc v1.62.0 + google.golang.org/grpc v1.62.1 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 diff --git a/go.sum b/go.sum index 3dba34da9..38259da21 100644 --- a/go.sum +++ b/go.sum @@ -684,8 +684,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= -google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab/go.mod h1:liVNnGuZDITxuksuZ+BBvdy7FcJfeNk+efF9qgqNUmc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From f3a4f071747e4ca48cb6a7cad4c5ccca38520322 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Mar 2024 08:01:56 -0800 Subject: [PATCH 085/154] Bump the all group with 1 update (#11073) Bumps the all group with 1 update: [actions/add-to-project](https://github.com/actions/add-to-project). Updates `actions/add-to-project` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/31b3f3ccdc584546fc445612dec3f38ff5edb41c...0609a2702eefb44781da00f8e04901d6e5cd2b92) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/project.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 95537e16c..2d398e24c 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -13,7 +13,7 @@ jobs: repository-projects: write issues: write steps: - - uses: actions/add-to-project@31b3f3ccdc584546fc445612dec3f38ff5edb41c # v0.5.0 + - uses: actions/add-to-project@0609a2702eefb44781da00f8e04901d6e5cd2b92 # v0.6.0 with: project-url: https://github.com/orgs/kubernetes/projects/104 github-token: ${{ secrets.PROJECT_WRITER }} From 7d12628208b9652f80d042e32ff4d266a7db9eb5 Mon Sep 17 00:00:00 2001 From: bossm8 <91630231+bossm8@users.noreply.github.com> Date: Fri, 8 Mar 2024 21:32:40 +0100 Subject: [PATCH 086/154] [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled (#11062) --- rootfs/etc/nginx/template/nginx.tmpl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index d58be2880..381fc134c 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -985,8 +985,10 @@ stream { {{ if not ( empty $server.CertificateAuth.MatchCN ) }} {{ if gt (len $server.CertificateAuth.MatchCN) 0 }} - if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) { - return 403 "client certificate unauthorized"; + location ~ ^/(?!(\.well-known/acme-challenge)) { + if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) { + return 403 "client certificate unauthorized"; + } } {{ end }} {{ end }} From 157e53b814861f57f41baf0cf4a90ec1daa0f039 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Mar 2024 12:35:08 -0800 Subject: [PATCH 087/154] Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 (#11076) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.15.0 to 2.16.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.15.0...v2.16.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4d9378a7b..6e3723b15 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.15.0 + github.com/onsi/ginkgo/v2 v2.16.0 github.com/opencontainers/runc v1.1.12 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.19.0 diff --git a/go.sum b/go.sum index 38259da21..5a40ced85 100644 --- a/go.sum +++ b/go.sum @@ -288,8 +288,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM= +github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= From 9c384c7eb85b9833bad491e14fffcfe3b9c59ee5 Mon Sep 17 00:00:00 2001 From: bossm8 <91630231+bossm8@users.noreply.github.com> Date: Sat, 9 Mar 2024 01:06:47 +0100 Subject: [PATCH 088/154] Undo #11062 since it breaks the nginx config (#11082) * [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled * revert mTLS location excluding acme-challenge since each location will match ultimately resulting in 404 for all request paths --- rootfs/etc/nginx/template/nginx.tmpl | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 381fc134c..d58be2880 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -985,10 +985,8 @@ stream { {{ if not ( empty $server.CertificateAuth.MatchCN ) }} {{ if gt (len $server.CertificateAuth.MatchCN) 0 }} - location ~ ^/(?!(\.well-known/acme-challenge)) { - if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) { - return 403 "client certificate unauthorized"; - } + if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) { + return 403 "client certificate unauthorized"; } {{ end }} {{ end }} From b5c447612c48e9d517e5c6dd4ae0f0a176203cde Mon Sep 17 00:00:00 2001 From: Ramon Borges Date: Mon, 11 Mar 2024 22:14:25 +0100 Subject: [PATCH 089/154] Chart: Deploy `PodDisruptionBudget` with KEDA. (#11032) * feat: deploy PDB if Keda is enabled and the minimum amount of replicas is greater than 1 * feat: add the corresponding unit-test to check PDB deployment with Keda * chore: rename the test of PDB to follow suggested pattern * chore: update the test-case suite name to the new format * Update charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml Co-authored-by: Marco Ebert * Update charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml Co-authored-by: Marco Ebert --------- Co-authored-by: Marco Ebert --- .../controller-poddisruptionbudget.yaml | 8 ++- .../controller-poddisruptionbudget_test.yaml | 65 +++++++++++++++++++ 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml index 8cb7d4b97..fe142a346 100644 --- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -1,4 +1,10 @@ -{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }} +{{- $replicas := .Values.controller.replicaCount }} +{{- if .Values.controller.autoscaling.enabled }} +{{- $replicas = .Values.controller.autoscaling.minReplicas }} +{{- else if .Values.controller.keda.enabled }} +{{- $replicas = .Values.controller.keda.minReplicas }} +{{- end }} +{{- if gt ($replicas | int) 1 }} apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} kind: PodDisruptionBudget metadata: diff --git a/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml b/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml new file mode 100644 index 000000000..3055d5351 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml @@ -0,0 +1,65 @@ +suite: Controller > PodDisruptionBudget +templates: + - controller-poddisruptionbudget.yaml + +tests: + - it: should create a PodDisruptionBudget if `controller.replicaCount` is greater than 1 + set: + controller.replicaCount: 2 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodDisruptionBudget + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller + + - it: should not create a PodDisruptionBudget if `controller.replicaCount` is less than or equal 1 + set: + controller.replicaCount: 1 + asserts: + - hasDocuments: + count: 0 + + - it: should create a PodDisruptionBudget if `controller.autoscaling.enabled` is true and `controller.autoscaling.minReplicas` is greater than 1 + set: + controller.autoscaling.enabled: true + controller.autoscaling.minReplicas: 2 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodDisruptionBudget + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller + + - it: should not create a PodDisruptionBudget if `controller.autoscaling.enabled` is true and `controller.autoscaling.minReplicas` is less than or equal 1 + set: + controller.autoscaling.enabled: true + controller.autoscaling.minReplicas: 1 + asserts: + - hasDocuments: + count: 0 + + - it: should create a PodDisruptionBudget if `controller.keda.enabled` is true and `controller.keda.minReplicas` is greater than 1 + set: + controller.keda.enabled: true + controller.keda.minReplicas: 2 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodDisruptionBudget + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller + + - it: should not create a PodDisruptionBudget if `controller.keda.enabled` is true and `controller.keda.minReplicas` is less than or equal 1 + set: + controller.keda.enabled: true + controller.keda.minReplicas: 1 + asserts: + - hasDocuments: + count: 0 From 2894b8a060fd50a3b991f9f084e0cbc5bae4133c Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Tue, 12 Mar 2024 14:39:07 +0100 Subject: [PATCH 090/154] Chart: Improve IngressClass documentation. (#11104) --- charts/ingress-nginx/README.md | 11 +++---- .../templates/controller-ingressclass.yaml | 2 -- charts/ingress-nginx/values.yaml | 29 ++++++++++++------- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 38fa071c5..faab94c2d 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -330,11 +330,12 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.image.tag | string | `"v1.10.0"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | -| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | -| controller.ingressClassResource.default | bool | `false` | Is this the default ingressClass for the cluster | -| controller.ingressClassResource.enabled | bool | `true` | Is this ingressClass enabled or not | -| controller.ingressClassResource.name | string | `"nginx"` | Name of the ingressClass | -| controller.ingressClassResource.parameters | object | `{}` | Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters. | +| controller.ingressClassResource | object | `{"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. | +| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class | +| controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class | +| controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not | +| controller.ingressClassResource.name | string | `"nginx"` | Name of the IngressClass | +| controller.ingressClassResource.parameters | object | `{}` | A link to a custom resource containing additional configuration for the controller. This is optional if the controller consuming this IngressClass does not require additional parameters. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class | | controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` | | | controller.keda.behavior | object | `{}` | | | controller.keda.cooldownPeriod | int | `300` | | diff --git a/charts/ingress-nginx/templates/controller-ingressclass.yaml b/charts/ingress-nginx/templates/controller-ingressclass.yaml index 9492784a2..f28c116ee 100644 --- a/charts/ingress-nginx/templates/controller-ingressclass.yaml +++ b/charts/ingress-nginx/templates/controller-ingressclass.yaml @@ -1,6 +1,4 @@ {{- if .Values.controller.ingressClassResource.enabled -}} -# We don't support namespaced ingressClass yet -# So a ClusterRole and a ClusterRoleBinding is required apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 3ec2e4c33..50f958562 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -110,21 +110,30 @@ controller: enabled: false # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' electionID: "" - ## This section refers to the creation of the IngressClass resource - ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 + # -- This section refers to the creation of the IngressClass resource. + # IngressClasses are immutable and cannot be changed after creation. + # We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. ingressClassResource: - # -- Name of the ingressClass + # -- Name of the IngressClass name: nginx - # -- Is this ingressClass enabled or not + # -- Create the IngressClass or not enabled: true - # -- Is this the default ingressClass for the cluster + # -- If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. + # Ingress creation gets rejected if there are multiple default IngressClasses. + # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class default: false - # -- Controller-value of the controller that is processing this ingressClass - controllerValue: "k8s.io/ingress-nginx" - # -- Parameters is a link to a custom resource containing additional - # configuration for the controller. This is optional if the controller - # does not require extra parameters. + # -- Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. + # This value is also being set as the `--controller-class` argument of this Ingress Controller. + # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class + controllerValue: k8s.io/ingress-nginx + # -- A link to a custom resource containing additional configuration for the controller. + # This is optional if the controller consuming this IngressClass does not require additional parameters. + # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class parameters: {} + # parameters: + # apiGroup: k8s.example.com + # kind: IngressParameters + # name: external-lb # -- For backwards compatibility with ingress.class annotation, use ingressClass. # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation ingressClass: nginx From aa5deedae3dc9d55fd12f482d92c1cb86337cc0a Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Tue, 12 Mar 2024 14:41:27 +0100 Subject: [PATCH 091/154] Chart: Add Gacko to maintainers. Again. (#11107) --- charts/ingress-nginx/Chart.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 1bd30b31d..3e977530f 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -13,6 +13,7 @@ keywords: - nginx kubeVersion: '>=1.20.0-0' maintainers: +- name: Gacko - name: rikatz - name: strongjz - name: tao12345666333 From 9480cde724d167c3246563586b5aaae86d26de00 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Tue, 12 Mar 2024 14:43:51 +0100 Subject: [PATCH 092/154] Chart: Align HPA & KEDA conditions. (#11110) --- .../templates/controller-deployment.yaml | 2 +- .../templates/controller-keda.yaml | 2 +- .../controller-poddisruptionbudget.yaml | 8 +++++-- .../tests/controller-deployment_test.yaml | 22 +++++++++++++++++++ .../tests/controller-hpa_test.yaml | 18 +++++++++++++-- .../tests/controller-keda_test.yaml | 18 +++++++++++++-- .../controller-poddisruptionbudget_test.yaml | 8 +++++++ 7 files changed, 70 insertions(+), 8 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index 5ff45585b..879802779 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -19,7 +19,7 @@ spec: matchLabels: {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} app.kubernetes.io/component: controller - {{- if not (or .Values.controller.autoscaling.enabled .Values.controller.keda.enabled) }} + {{- if eq .Values.controller.autoscaling.enabled .Values.controller.keda.enabled }} replicas: {{ .Values.controller.replicaCount }} {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} diff --git a/charts/ingress-nginx/templates/controller-keda.yaml b/charts/ingress-nginx/templates/controller-keda.yaml index 6ff9c0b22..24d30fa0a 100644 --- a/charts/ingress-nginx/templates/controller-keda.yaml +++ b/charts/ingress-nginx/templates/controller-keda.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.keda.enabled (eq .Values.controller.kind "Deployment") -}} +{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.keda.enabled (not .Values.controller.autoscaling.enabled) -}} apiVersion: {{ .Values.controller.keda.apiVersion }} kind: ScaledObject metadata: diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml index fe142a346..8e0181f9f 100644 --- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -1,7 +1,10 @@ +# PDB is not supported for DaemonSets. +# https://github.com/kubernetes/kubernetes/issues/108124 +{{- if eq .Values.controller.kind "Deployment" }} {{- $replicas := .Values.controller.replicaCount }} -{{- if .Values.controller.autoscaling.enabled }} +{{- if and .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) }} {{- $replicas = .Values.controller.autoscaling.minReplicas }} -{{- else if .Values.controller.keda.enabled }} +{{- else if and .Values.controller.keda.enabled (not .Values.controller.autoscaling.enabled) }} {{- $replicas = .Values.controller.keda.minReplicas }} {{- end }} {{- if gt ($replicas | int) 1 }} @@ -30,3 +33,4 @@ spec: maxUnavailable: {{ .Values.controller.maxUnavailable }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml index 86d5828c0..3af5ba981 100644 --- a/charts/ingress-nginx/tests/controller-deployment_test.yaml +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -21,6 +21,28 @@ tests: path: spec.replicas value: 3 + - it: should create a Deployment without replicas if `controller.autoscaling.enabled` is true + set: + controller.autoscaling.enabled: true + asserts: + - notExists: + path: spec.replicas + + - it: should create a Deployment without replicas if `controller.keda.enabled` is true + set: + controller.keda.enabled: true + asserts: + - notExists: + path: spec.replicas + + - it: should create a Deployment with replicas if `controller.autoscaling.enabled` is true and `controller.keda.enabled` is true + set: + controller.autoscaling.enabled: true + controller.keda.enabled: true + asserts: + - exists: + path: spec.replicas + - it: should create a Deployment with argument `--enable-metrics=false` if `controller.metrics.enabled` is false set: controller.metrics.enabled: false diff --git a/charts/ingress-nginx/tests/controller-hpa_test.yaml b/charts/ingress-nginx/tests/controller-hpa_test.yaml index 7cd668509..869d3a690 100644 --- a/charts/ingress-nginx/tests/controller-hpa_test.yaml +++ b/charts/ingress-nginx/tests/controller-hpa_test.yaml @@ -3,9 +3,8 @@ templates: - controller-hpa.yaml tests: - - it: should create a HPA if `controller.kind` is "Deployment" and `controller.autoscaling.enabled` is true + - it: should create an HPA if `controller.autoscaling.enabled` is true set: - controller.kind: Deployment controller.autoscaling.enabled: true asserts: - hasDocuments: @@ -15,3 +14,18 @@ tests: - equal: path: metadata.name value: RELEASE-NAME-ingress-nginx-controller + + - it: should not create an HPA if `controller.autoscaling.enabled` is true and `controller.keda.enabled` is true + set: + controller.autoscaling.enabled: true + controller.keda.enabled: true + asserts: + - hasDocuments: + count: 0 + + - it: should not create an HPA if `controller.kind` is "DaemonSet" + set: + controller.kind: DaemonSet + asserts: + - hasDocuments: + count: 0 diff --git a/charts/ingress-nginx/tests/controller-keda_test.yaml b/charts/ingress-nginx/tests/controller-keda_test.yaml index e6ca8dbfe..800283483 100644 --- a/charts/ingress-nginx/tests/controller-keda_test.yaml +++ b/charts/ingress-nginx/tests/controller-keda_test.yaml @@ -3,9 +3,8 @@ templates: - controller-keda.yaml tests: - - it: should create a ScaledObject if `controller.kind` is "Deployment" and `controller.keda.enabled` is true + - it: should create a ScaledObject if `controller.keda.enabled` is true set: - controller.kind: Deployment controller.keda.enabled: true asserts: - hasDocuments: @@ -15,3 +14,18 @@ tests: - equal: path: metadata.name value: RELEASE-NAME-ingress-nginx-controller + + - it: should not create a ScaledObject if `controller.keda.enabled` is true and `controller.autoscaling.enabled` is true + set: + controller.keda.enabled: true + controller.autoscaling.enabled: true + asserts: + - hasDocuments: + count: 0 + + - it: should not create a ScaledObject if `controller.kind` is "DaemonSet" + set: + controller.kind: DaemonSet + asserts: + - hasDocuments: + count: 0 diff --git a/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml b/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml index 3055d5351..48b4fafcc 100644 --- a/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml +++ b/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml @@ -63,3 +63,11 @@ tests: asserts: - hasDocuments: count: 0 + + - it: should not create a PodDisruptionBudget if `controller.autoscaling.enabled` is true and `controller.keda.enabled` is true + set: + controller.autoscaling.enabled: true + controller.keda.enabled: true + asserts: + - hasDocuments: + count: 0 From a2f67e2ba6962840979e056cff630947da24f805 Mon Sep 17 00:00:00 2001 From: Luca Berneking Date: Tue, 12 Mar 2024 14:51:08 +0100 Subject: [PATCH 093/154] Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11089) --- internal/ingress/metric/collectors/admission.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/ingress/metric/collectors/admission.go b/internal/ingress/metric/collectors/admission.go index 7b84325c0..456f56963 100644 --- a/internal/ingress/metric/collectors/admission.go +++ b/internal/ingress/metric/collectors/admission.go @@ -151,7 +151,7 @@ func (am *AdmissionCollector) SetAdmissionMetrics(testedIngressLength, testedIng testedIngressTime, renderingIngressLength, renderingIngressTime, - ByteFormat(int64(testedConfigurationSize)), admissionTime, + ByteFormat(int64(testedConfigurationSize)), ) } From a00a1499a0f3ea63da031698ad48e815d7f8eb99 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Mar 2024 16:51:31 -0700 Subject: [PATCH 094/154] Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11120) Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- images/kube-webhook-certgen/rootfs/go.mod | 2 +- images/kube-webhook-certgen/rootfs/go.sum | 42 ++++++++++++++++++++++- 2 files changed, 42 insertions(+), 2 deletions(-) diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 9cb4bf263..de1d86bdd 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -46,7 +46,7 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.18.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.32.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 966d69209..5f88f3da3 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -3,16 +3,23 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/go-restful/v3 v3.11.3 h1:yagOQz/38xJmcNeZJtrUcKjkHRltIaIFXKWeG1SkWGE= +github.com/emicklei/go-restful/v3 v3.11.3/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= +github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= +github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= +github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= @@ -25,8 +32,11 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20240225044709-fd706174c886 h1:JSJUTZTQT1Gzb2ROdAKOY3HwzBYcclS2GgumhMfHqjw= +github.com/google/pprof v0.0.0-20240225044709-fd706174c886/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -51,12 +61,15 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/onrik/logrus v0.11.0 h1:pu+BCaWL36t0yQaj/2UHK2erf88dwssAKOT51mxPUVs= github.com/onrik/logrus v0.11.0/go.mod h1:fO2vlZwIdti6PidD3gV5YKt9Lq5ptpnP293RAe1ITwk= github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= +github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -77,44 +90,67 @@ github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= +golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -133,12 +169,16 @@ k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTK k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b h1:1dzw/KqgSPod72SUp2tuTOmK33TlY2fHlrVU2M9VrOM= +k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From 112b9bb028da76b81c98387bacb4841a78c67e32 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Thu, 14 Mar 2024 14:23:13 +0100 Subject: [PATCH 095/154] Chart: Render `controller.ingressClassResource.parameters` natively. (#11108) --- charts/ingress-nginx/templates/_helpers.tpl | 10 --- .../templates/controller-ingressclass.yaml | 8 +- .../tests/controller-daemonset_test.yaml | 9 +++ .../tests/controller-deployment_test.yaml | 8 ++ .../tests/controller-ingressclass_test.yaml | 77 +++++++++++++++++++ 5 files changed, 99 insertions(+), 13 deletions(-) create mode 100644 charts/ingress-nginx/tests/controller-ingressclass_test.yaml diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index db1ab2e24..9ac2dc569 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -242,16 +242,6 @@ Check the ingress controller version tag is at most three versions behind the la {{- end -}} {{- end -}} -{{/* -IngressClass parameters. -*/}} -{{- define "ingressClass.parameters" -}} - {{- if .Values.controller.ingressClassResource.parameters -}} - parameters: -{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}} - {{ end }} -{{- end -}} - {{/* Extra modules. */}} diff --git a/charts/ingress-nginx/templates/controller-ingressclass.yaml b/charts/ingress-nginx/templates/controller-ingressclass.yaml index f28c116ee..e439e0adb 100644 --- a/charts/ingress-nginx/templates/controller-ingressclass.yaml +++ b/charts/ingress-nginx/templates/controller-ingressclass.yaml @@ -9,11 +9,13 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ .Values.controller.ingressClassResource.name }} -{{- if .Values.controller.ingressClassResource.default }} + {{- if .Values.controller.ingressClassResource.default }} annotations: ingressclass.kubernetes.io/is-default-class: "true" -{{- end }} + {{- end }} spec: controller: {{ .Values.controller.ingressClassResource.controllerValue }} - {{ template "ingressClass.parameters" . }} + {{- with .Values.controller.ingressClassResource.parameters }} + parameters: {{ toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/charts/ingress-nginx/tests/controller-daemonset_test.yaml index 1d3172227..316455362 100644 --- a/charts/ingress-nginx/tests/controller-daemonset_test.yaml +++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -33,6 +33,15 @@ tests: path: spec.template.spec.containers[0].args content: --enable-metrics=false + - it: should create a DaemonSet with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal" + set: + controller.kind: DaemonSet + controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: --controller-class=k8s.io/ingress-nginx-internal + - it: should create a DaemonSet with resource limits if `controller.resources.limits` is set set: controller.kind: DaemonSet diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml index 3af5ba981..eee99385d 100644 --- a/charts/ingress-nginx/tests/controller-deployment_test.yaml +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -59,6 +59,14 @@ tests: path: spec.template.spec.containers[0].args content: --enable-metrics=false + - it: should create a Deployment with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal" + set: + controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: --controller-class=k8s.io/ingress-nginx-internal + - it: should create a Deployment with resource limits if `controller.resources.limits` is set set: controller.resources.limits.cpu: 500m diff --git a/charts/ingress-nginx/tests/controller-ingressclass_test.yaml b/charts/ingress-nginx/tests/controller-ingressclass_test.yaml new file mode 100644 index 000000000..f766f922e --- /dev/null +++ b/charts/ingress-nginx/tests/controller-ingressclass_test.yaml @@ -0,0 +1,77 @@ +suite: Controller > IngressClass +templates: + - controller-ingressclass.yaml + +tests: + - it: should create an IngressClass + asserts: + - hasDocuments: + count: 1 + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: nginx + + - it: should create an IngressClass with name "nginx-internal" if `controller.ingressClassResource.name` is "nginx-internal" + set: + controller.ingressClassResource.name: nginx-internal + asserts: + - hasDocuments: + count: 1 + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: nginx-internal + + - it: "should create an IngressClass with annotation `ingressclass.kubernetes.io/is-default-class: \"true\"` if `controller.ingressClassResource.default` is true" + set: + controller.ingressClassResource.default: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: nginx + - equal: + path: metadata.annotations["ingressclass.kubernetes.io/is-default-class"] + value: "true" + + - it: should create an IngressClass with controller "k8s.io/ingress-nginx-internal" if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal" + set: + controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal + asserts: + - hasDocuments: + count: 1 + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: nginx + - equal: + path: spec.controller + value: k8s.io/ingress-nginx-internal + + - it: should create an IngressClass with parameters if `controller.ingressClassResource.parameters` is set + set: + controller.ingressClassResource.parameters: + apiGroup: k8s.example.com + kind: IngressParameters + name: external-lb + asserts: + - hasDocuments: + count: 1 + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: nginx + - equal: + path: spec.parameters + value: + apiGroup: k8s.example.com + kind: IngressParameters + name: external-lb From f0b986d93f54301eb7c643a24f1bb9981c559ac6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 07:29:03 -0700 Subject: [PATCH 096/154] Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11121) Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- magefiles/go.mod | 2 +- magefiles/go.sum | 28 +++++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/magefiles/go.mod b/magefiles/go.mod index 9dddf9f71..bdc592cdd 100644 --- a/magefiles/go.mod +++ b/magefiles/go.mod @@ -29,7 +29,7 @@ require ( github.com/sergi/go-diff v1.3.1 // indirect golang.org/x/crypto v0.20.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.32.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/apimachinery v0.29.2 // indirect diff --git a/magefiles/go.sum b/magefiles/go.sum index 9abe8e950..8130f1178 100644 --- a/magefiles/go.sum +++ b/magefiles/go.sum @@ -29,6 +29,7 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -37,6 +38,7 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github/v48 v48.2.0 h1:68puzySE6WqUY9KWmpOsDEQfDZsso98rT6pZcz9HqcE= github.com/google/go-github/v48 v48.2.0/go.mod h1:dDlehKBDo850ZPvCTK0sEqTCVWcrGl2LcDiajkYi89Y= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= @@ -66,12 +68,14 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= @@ -80,21 +84,30 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl github.com/vmware-labs/yaml-jsonpath v0.3.2 h1:/5QKeCBGdsInyDCyVNLbXyilb61MXGi9NP674f9Hobk= github.com/vmware-labs/yaml-jsonpath v0.3.2/go.mod h1:U6whw1z03QyqgWdgXxvVnQ90zN1BWz5V+51Ewf8k+rQ= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= +golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= +golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -103,20 +116,31 @@ golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -125,7 +149,8 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -144,5 +169,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= +k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= k8s.io/helm v2.17.0+incompatible h1:Bpn6o1wKLYqKM3+Osh8e+1/K2g/GsQJ4F4yNF2+deao= k8s.io/helm v2.17.0+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= From e3ea23110a6d16f5e11f8fb7b94259fb0103dd9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 07:32:08 -0700 Subject: [PATCH 097/154] Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11119) Bumps google.golang.org/protobuf from 1.28.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- images/custom-error-pages/rootfs/go.mod | 2 +- images/custom-error-pages/rootfs/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index 37cd1fcbd..eebc562a5 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -13,5 +13,5 @@ require ( github.com/prometheus/common v0.26.0 // indirect github.com/prometheus/procfs v0.6.0 // indirect golang.org/x/sys v0.1.0 // indirect - google.golang.org/protobuf v1.28.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect ) diff --git a/images/custom-error-pages/rootfs/go.sum b/images/custom-error-pages/rootfs/go.sum index a5f86cade..99c959a36 100644 --- a/images/custom-error-pages/rootfs/go.sum +++ b/images/custom-error-pages/rootfs/go.sum @@ -129,8 +129,8 @@ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miE google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 0bed0a455871a572cdf810422ede8c1501a1d736 Mon Sep 17 00:00:00 2001 From: Robert Ma Date: Thu, 14 Mar 2024 07:39:56 -0700 Subject: [PATCH 098/154] Fix typos in OTel doc (#11081) --- docs/user-guide/third-party-addons/opentelemetry.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/user-guide/third-party-addons/opentelemetry.md b/docs/user-guide/third-party-addons/opentelemetry.md index d735fca4f..e681e1c69 100644 --- a/docs/user-guide/third-party-addons/opentelemetry.md +++ b/docs/user-guide/third-party-addons/opentelemetry.md @@ -279,10 +279,10 @@ for common annotations and configurations: ### Annotations -| Legacy | OpenTelemetry | -|--------------------------------------------------|--------------------------------------------------| -| `nginx.ingress.kubernetes.io/enable-opentracing` | `nginx.ingress.kubernetes.io/enable-opentelemetry` | -| `opentracing-trust-incoming-span` | `opentracing-trust-incoming-span` | +| Legacy | OpenTelemetry | +|---------------------------------------------------------------|-----------------------------------------------------------------| +| `nginx.ingress.kubernetes.io/enable-opentracing` | `nginx.ingress.kubernetes.io/enable-opentelemetry` | +| `nginx.ingress.kubernetes.io/opentracing-trust-incoming-span` | `nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span` | ### Configs From 56a0968675d8ed2599bf9ae96c82b0a64f4dbb3d Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Sun, 17 Mar 2024 22:27:27 +0100 Subject: [PATCH 099/154] Chart: Add IngressClass aliases. (#11109) --- charts/ingress-nginx/README.md | 3 +- .../controller-ingressclass-aliases.yaml | 20 ++++ .../controller-ingressclass-aliases_test.yaml | 92 +++++++++++++++++++ charts/ingress-nginx/values.yaml | 7 ++ 4 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 charts/ingress-nginx/templates/controller-ingressclass-aliases.yaml create mode 100644 charts/ingress-nginx/tests/controller-ingressclass-aliases_test.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index faab94c2d..1f912ea09 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -330,7 +330,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.image.tag | string | `"v1.10.0"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | -| controller.ingressClassResource | object | `{"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. | +| controller.ingressClassResource | object | `{"aliases":[],"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. | +| controller.ingressClassResource.aliases | list | `[]` | Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. Useful for development environments with only one Ingress Controller but production-like Ingress resources. `default` gets enabled on the original IngressClass only. | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class | | controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class | | controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not | diff --git a/charts/ingress-nginx/templates/controller-ingressclass-aliases.yaml b/charts/ingress-nginx/templates/controller-ingressclass-aliases.yaml new file mode 100644 index 000000000..b4b20690e --- /dev/null +++ b/charts/ingress-nginx/templates/controller-ingressclass-aliases.yaml @@ -0,0 +1,20 @@ +{{- if .Values.controller.ingressClassResource.enabled -}} +{{- range .Values.controller.ingressClassResource.aliases }} +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + {{- include "ingress-nginx.labels" $ | nindent 4 }} + app.kubernetes.io/component: controller + {{- with $.Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ . }} +spec: + controller: {{ $.Values.controller.ingressClassResource.controllerValue }} + {{- with $.Values.controller.ingressClassResource.parameters }} + parameters: {{ toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/ingress-nginx/tests/controller-ingressclass-aliases_test.yaml b/charts/ingress-nginx/tests/controller-ingressclass-aliases_test.yaml new file mode 100644 index 000000000..ef0780d9c --- /dev/null +++ b/charts/ingress-nginx/tests/controller-ingressclass-aliases_test.yaml @@ -0,0 +1,92 @@ +suite: Controller > IngressClass > Aliases +templates: + - controller-ingressclass-aliases.yaml + +tests: + - it: should not create IngressClass aliases + asserts: + - hasDocuments: + count: 0 + + - it: should create an IngressClass alias with name "nginx-alias" if `controller.ingressClassResource.aliases` is set + set: + controller.ingressClassResource.aliases: + - nginx-alias + asserts: + - hasDocuments: + count: 1 + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: nginx-alias + + - it: should create an IngressClass alias without annotation `ingressclass.kubernetes.io/is-default-class` if `controller.ingressClassResource.default` is true + set: + controller.ingressClassResource.aliases: + - nginx-alias + controller.ingressClassResource.default: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: nginx-alias + - notExists: + path: metadata.annotations["ingressclass.kubernetes.io/is-default-class"] + + - it: should create an IngressClass alias with controller "k8s.io/ingress-nginx-internal" if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal" + set: + controller.ingressClassResource.aliases: + - nginx-alias + controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal + asserts: + - hasDocuments: + count: 1 + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: nginx-alias + - equal: + path: spec.controller + value: k8s.io/ingress-nginx-internal + + - it: should create an IngressClass alias with parameters if `controller.ingressClassResource.parameters` is set + set: + controller.ingressClassResource.aliases: + - nginx-alias + controller.ingressClassResource.parameters: + apiGroup: k8s.example.com + kind: IngressParameters + name: external-lb + asserts: + - hasDocuments: + count: 1 + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: nginx-alias + - equal: + path: spec.parameters + value: + apiGroup: k8s.example.com + kind: IngressParameters + name: external-lb + + - it: should create two IngressClass aliases if `controller.ingressClassResource.aliases` has two elements + set: + controller.ingressClassResource.aliases: + - nginx-alias-1 + - nginx-alias-2 + asserts: + - hasDocuments: + count: 2 + - isKind: + of: IngressClass + - matchRegex: + path: metadata.name + pattern: nginx-alias-(1|2) diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 50f958562..5be9519df 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -126,6 +126,13 @@ controller: # This value is also being set as the `--controller-class` argument of this Ingress Controller. # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class controllerValue: k8s.io/ingress-nginx + # -- Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. + # Useful for development environments with only one Ingress Controller but production-like Ingress resources. + # `default` gets enabled on the original IngressClass only. + aliases: [] + # aliases: + # - nginx-alias-1 + # - nginx-alias-2 # -- A link to a custom resource containing additional configuration for the controller. # This is optional if the controller consuming this IngressClass does not require additional parameters. # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class From d49f114af3bb758b98e93ce0445d83f3d76a6366 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 04:45:18 -0700 Subject: [PATCH 100/154] Bump the all group with 1 update (#11134) Bumps the all group with 1 update: [k8s.io/component-base](https://github.com/kubernetes/component-base). Updates `k8s.io/component-base` from 0.29.2 to 0.29.3 - [Commits](https://github.com/kubernetes/component-base/compare/v0.29.2...v0.29.3) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 6e3723b15..960df0c20 100644 --- a/go.mod +++ b/go.mod @@ -30,14 +30,14 @@ require ( google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.29.2 + k8s.io/api v0.29.3 k8s.io/apiextensions-apiserver v0.29.2 - k8s.io/apimachinery v0.29.2 + k8s.io/apimachinery v0.29.3 k8s.io/apiserver v0.29.2 k8s.io/cli-runtime v0.29.2 - k8s.io/client-go v0.29.2 + k8s.io/client-go v0.29.3 k8s.io/code-generator v0.29.2 - k8s.io/component-base v0.29.2 + k8s.io/component-base v0.29.3 k8s.io/klog/v2 v2.120.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.17.2 @@ -67,7 +67,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/gnostic-models v0.6.8 // indirect diff --git a/go.sum b/go.sum index 5a40ced85..0b21a7cc5 100644 --- a/go.sum +++ b/go.sum @@ -154,8 +154,8 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7/go.mod h1:aii0r/K0ZnHv7G0KF7xy1v0A7s2Ljrb5byB7MO5p6TU= github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47 h1:k4Tw0nt6lwro3Uin8eqoET7MDA4JnT8YgbCjc/g5E3k= github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= @@ -740,22 +740,22 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ= k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ= k8s.io/cli-runtime v0.29.2 h1:smfsOcT4QujeghsNjECKN3lwyX9AwcFU0nvJ7sFN3ro= k8s.io/cli-runtime v0.29.2/go.mod h1:KLisYYfoqeNfO+MkTWvpqIyb1wpJmmFJhioA0xd4MW8= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= k8s.io/code-generator v0.29.2 h1:c9/iw2KnNpw2IRV+wwuG/Wns2TjPSgjWzbbjTevyiHI= k8s.io/code-generator v0.29.2/go.mod h1:FwFi3C9jCrmbPjekhaCYcYG1n07CYiW1+PAPCockaos= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo= +k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio= k8s.io/gengo v0.0.0-20240226174109-00c4be8627da h1:uH7pylUCo++9PSvrUA34sbk4Y6PHw/bgEFa80pejI+I= k8s.io/gengo v0.0.0-20240226174109-00c4be8627da/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= From 9d251d955ef50aef4549598b0a68fb9525624623 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 07:00:00 -0700 Subject: [PATCH 101/154] Bump the all group with 4 updates (#11133) Bumps the all group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [docker/login-action](https://github.com/docker/login-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/checkout` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...9bb56186c3b09b4f86b1c65136769dd318469633) Updates `docker/setup-buildx-action` from 3.1.0 to 3.2.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/0d103c3126aa41d772a8362f6aa67afac040f80c...2b51285047da1547ffb1b2203d8be4c0af6b1f20) Updates `docker/login-action` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/343f7c4344506bcbf9b4de18042ae17996df046d...e92390c5fb421da1463c202d546fed0ec5c39f20) Updates `github/codeql-action` from 3.24.6 to 3.24.7 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8a470fddafa5cbb6266ee11b37ef4d8aae19c571...3ab4101902695724f9365a384f86c1074d94e18c) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 10 +++++----- .github/workflows/depreview.yaml | 2 +- .github/workflows/docs.yaml | 4 ++-- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/helm.yaml | 4 ++-- .github/workflows/images.yaml | 12 ++++++------ .github/workflows/perftest.yaml | 2 +- .github/workflows/plugin.yaml | 2 +- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/vulnerability-scans.yaml | 6 +++--- .github/workflows/zz-tmpl-images.yaml | 8 ++++---- .github/workflows/zz-tmpl-k8s-e2e.yaml | 2 +- 12 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 266565578..a033bbfa9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -77,7 +77,7 @@ jobs: (needs.changes.outputs.go == 'true') steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV @@ -105,7 +105,7 @@ jobs: PLATFORMS: linux/amd64 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Get go version id: golangversion @@ -124,7 +124,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 with: version: latest @@ -183,7 +183,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index eadf099b3..6d9f9dc8f 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: 'Dependency Review' uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index d37c1f3bf..d6182ec9c 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Deploy uses: ./.github/actions/mkdocs diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index b5ad3c93c..d287061d5 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 1a7eb4334..da86a36f0 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Run Artifact Hub lint run: | @@ -61,7 +61,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 5effdee82..e5684ba79 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -41,7 +41,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -144,7 +144,7 @@ jobs: k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, v1.29.0] steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV @@ -178,7 +178,7 @@ jobs: nginx: ['1.25.3', '1.21.6'] steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: image build run: | cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build @@ -195,17 +195,17 @@ jobs: PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Set up QEMU uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 with: version: latest platforms: ${{ env.PLATFORMS }} - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index 7f62fedf4..3650e7263 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Install K6 run: | diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 6f4804d6f..a074eaa5b 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 79996ca2f..43c63c733 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,7 +27,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: persist-credentials: false @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 5d37ecbf8..13131d633 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 @@ -52,7 +52,7 @@ jobs: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - shell: bash id: test @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml index 45f5d9184..e8fa4f472 100644 --- a/.github/workflows/zz-tmpl-images.yaml +++ b/.github/workflows/zz-tmpl-images.yaml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Build run: | @@ -67,10 +67,10 @@ jobs: PLATFORMS: ${{ inputs.platforms-publish }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index 3a8916049..ad03bf0a1 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: cache uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 From 3c4e78e6b755eb33821c4477106f424bd8792d8f Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Tue, 19 Mar 2024 11:32:15 -0300 Subject: [PATCH 102/154] feature(geoip2_autoreload): Enable GeoIP2 auto_reload config (#11079) * feature(geoip2_autoreload): GeoIP Autoreload feature(geoip2_autoreload): fix lint feature(geoip2_autoreload): changing flag interval feature(geoip2_autoreload): tests - up and running feature(geoip2_autoreload): tests - up and running feature(geoip2): testing feature(geoip2): remove typo feature(geoip2_autoreload): fixing tests * feature(geoip2_autoreload): working * feature(geoip2_autoreload): including tests on geoip2 test file --- .../nginx-configuration/configmap.md | 7 +++ internal/ingress/controller/config/config.go | 5 ++ rootfs/etc/nginx/template/nginx.tmpl | 24 ++++++++++ test/e2e/settings/geoip2.go | 48 +++++++++++++++++++ 4 files changed, 84 insertions(+) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 75971b9a5..ff23196a4 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -101,6 +101,7 @@ The following table shows a configuration option's name, type, and the default v |[use-gzip](#use-gzip)|bool|"false"|| |[use-geoip](#use-geoip)|bool|"true"|| |[use-geoip2](#use-geoip2)|bool|"false"|| +|[geoip2-autoreload-in-minutes](#geoip2-autoreload-in-minutes)|int|"0"|| |[enable-brotli](#enable-brotli)|bool|"false"|| |[brotli-level](#brotli-level)|int|4|| |[brotli-min-length](#brotli-min-length)|int|20|| @@ -737,6 +738,12 @@ Alternatively, it is possible to use a volume to mount the files `/etc/nginx/geo _**default:**_ false +## geoip2-autoreload-in-minutes + +Enables the [geoip2 module](https://github.com/leev/ngx_http_geoip2_module) autoreload in MaxMind databases setting the interval in minutes. + +_**default:**_ 0 + ## enable-brotli Enables or disables compression of HTTP responses using the ["brotli" module](https://github.com/google/ngx_brotli). diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index bad82b8b0..12bbb662a 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -436,6 +436,10 @@ type Configuration struct { // By default this is disabled UseGeoIP2 bool `json:"use-geoip2,omitempty"` + // GeoIP2AutoReloadMinutes enables autoreload on geoip2 setting the interval in minutes + // By default this is disabled using 0 + GeoIP2AutoReloadMinutes int `json:"geoip2-autoreload-in-minutes,omitempty"` + // Enables or disables the use of the NGINX Brotli Module for compression // https://github.com/google/ngx_brotli EnableBrotli bool `json:"enable-brotli,omitempty"` @@ -841,6 +845,7 @@ func NewDefault() Configuration { EnableAioWrite: true, UseGzip: false, UseGeoIP2: false, + GeoIP2AutoReloadMinutes: 0, WorkerProcesses: strconv.Itoa(runtime.NumCPU()), WorkerShutdownTimeout: "240s", VariablesHashBucketSize: 256, diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index d58be2880..d5172ff3f 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -172,6 +172,9 @@ http { {{ range $index, $file := $all.MaxmindEditionFiles }} {{ if eq $file "GeoLite2-Country.mmdb" }} geoip2 /etc/ingress-controller/geoip/GeoLite2-Country.mmdb { + {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} + auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; + {{ end }} $geoip2_country_code source=$remote_addr country iso_code; $geoip2_country_name source=$remote_addr country names en; $geoip2_country_geoname_id source=$remote_addr country geoname_id; @@ -183,6 +186,9 @@ http { {{ if eq $file "GeoIP2-Country.mmdb" }} geoip2 /etc/ingress-controller/geoip/GeoIP2-Country.mmdb { + {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} + auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; + {{ end }} $geoip2_country_code source=$remote_addr country iso_code; $geoip2_country_name source=$remote_addr country names en; $geoip2_country_geoname_id source=$remote_addr country geoname_id; @@ -194,6 +200,9 @@ http { {{ if eq $file "GeoLite2-City.mmdb" }} geoip2 /etc/ingress-controller/geoip/GeoLite2-City.mmdb { + {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} + auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; + {{ end }} $geoip2_city_country_code source=$remote_addr country iso_code; $geoip2_city_country_name source=$remote_addr country names en; $geoip2_city_country_geoname_id source=$remote_addr country geoname_id; @@ -217,6 +226,9 @@ http { {{ if eq $file "GeoIP2-City.mmdb" }} geoip2 /etc/ingress-controller/geoip/GeoIP2-City.mmdb { + {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} + auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; + {{ end }} $geoip2_city_country_code source=$remote_addr country iso_code; $geoip2_city_country_name source=$remote_addr country names en; $geoip2_city_country_geoname_id source=$remote_addr country geoname_id; @@ -240,6 +252,9 @@ http { {{ if eq $file "GeoLite2-ASN.mmdb" }} geoip2 /etc/ingress-controller/geoip/GeoLite2-ASN.mmdb { + {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} + auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; + {{ end }} $geoip2_asn source=$remote_addr autonomous_system_number; $geoip2_org source=$remote_addr autonomous_system_organization; } @@ -247,6 +262,9 @@ http { {{ if eq $file "GeoIP2-ASN.mmdb" }} geoip2 /etc/ingress-controller/geoip/GeoIP2-ASN.mmdb { + {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} + auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; + {{ end }} $geoip2_asn source=$remote_addr autonomous_system_number; $geoip2_org source=$remote_addr autonomous_system_organization; } @@ -254,6 +272,9 @@ http { {{ if eq $file "GeoIP2-ISP.mmdb" }} geoip2 /etc/ingress-controller/geoip/GeoIP2-ISP.mmdb { + {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} + auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; + {{ end }} $geoip2_isp source=$remote_addr isp; $geoip2_isp_org source=$remote_addr organization; $geoip2_asn source=$remote_addr default=0 autonomous_system_number; @@ -268,6 +289,9 @@ http { {{ if eq $file "GeoIP2-Anonymous-IP.mmdb" }} geoip2 /etc/ingress-controller/geoip/GeoIP2-Anonymous-IP.mmdb { + {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} + auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; + {{ end }} $geoip2_is_anon source=$remote_addr is_anonymous; $geoip2_is_anonymous source=$remote_addr default=0 is_anonymous; $geoip2_is_anonymous_vpn source=$remote_addr default=0 is_anonymous_vpn; diff --git a/test/e2e/settings/geoip2.go b/test/e2e/settings/geoip2.go index 7da26d810..064863734 100644 --- a/test/e2e/settings/geoip2.go +++ b/test/e2e/settings/geoip2.go @@ -124,4 +124,52 @@ var _ = framework.DescribeSetting("Geoip2", func() { Expect(). Status(http.StatusOK) }) + + ginkgo.It("should up and running nginx controller using autoreload flag", func() { + edition := "GeoLite2-Country" + + err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { + args := deployment.Spec.Template.Spec.Containers[0].Args + args = append(args, "--maxmind-edition-ids="+edition) + deployment.Spec.Template.Spec.Containers[0].Args = args + _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) + return err + }) + assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags") + + filename := fmt.Sprintf("/etc/ingress-controller/geoip/%s.mmdb", edition) + exec, err := f.ExecIngressPod(fmt.Sprintf(`sh -c "mkdir -p '%s' && wget -O '%s' '%s' 2>&1"`, filepath.Dir(filename), filename, testdataURL)) + framework.Logf(exec) + assert.Nil(ginkgo.GinkgoT(), err, fmt.Sprintln("error downloading test geoip2 db", filename)) + + f.SetNginxConfigMapData(map[string]string{ + "use-geoip2": "true", + "geoip2-autoreload-in-minutes": "5", + }) + + // Check Configmap Autoreload Patterns + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, fmt.Sprintf("geoip2 %s", filename)) && + strings.Contains(cfg, "auto_reload 5m;") + }, + ) + + // Check if Nginx could up, running and routing with auto_reload configs + host := "ping.com" + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, host) && + strings.Contains(server, "location /") + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + }) }) From c25b80ca0067f0d4adf9dd879d2477d4830bff0f Mon Sep 17 00:00:00 2001 From: dVerhees <30548963+dVerhees@users.noreply.github.com> Date: Fri, 22 Mar 2024 09:28:24 +0100 Subject: [PATCH 103/154] fix geoip2 configuration docs (#11150) --- docs/user-guide/nginx-configuration/configmap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index ff23196a4..849bbe807 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -731,7 +731,7 @@ _**default:**_ true Enables the [geoip2 module](https://github.com/leev/ngx_http_geoip2_module) for NGINX. Since `0.27.0` and due to a [change in the MaxMind databases](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases) a license is required to have access to the databases. For this reason, it is required to define a new flag `--maxmind-license-key` in the ingress controller deployment to download the databases needed during the initialization of the ingress controller. -Alternatively, it is possible to use a volume to mount the files `/etc/nginx/geoip/GeoLite2-City.mmdb` and `/etc/nginx/geoip/GeoLite2-ASN.mmdb`, avoiding the overhead of the download. +Alternatively, it is possible to use a volume to mount the files `/etc/ingress-controller/geoip/GeoLite2-City.mmdb` and `/etc/ingress-controller/geoip/GeoLite2-ASN.mmdb`, avoiding the overhead of the download. !!! important If the feature is enabled but the files are missing, GeoIP2 will not be enabled. From c0b3294bf47c00df66dc545048f550cc87f9db15 Mon Sep 17 00:00:00 2001 From: Ramon Borges Date: Sun, 24 Mar 2024 23:07:28 +0100 Subject: [PATCH 104/154] Add GRPC Buffer Size to the Configmap (#11155) * feat: add grpc buffer size in the nginx template * feat: add grpc buffer size in the configmap struct * feat: add test for GRCP buffer size configuration in the configmap * chore: add documentation for the grcp buffer size configuration * fix: fix the copyright year of the test * fix: fix import order * fix: fix ignore for the linter - reason was missing * chore: seems like we don't need to ignore the error handling --- .../nginx-configuration/configmap.md | 426 +++++++++--------- internal/ingress/controller/config/config.go | 9 +- rootfs/etc/nginx/template/nginx.tmpl | 4 + test/e2e/settings/grpc.go | 110 +++++ 4 files changed, 338 insertions(+), 211 deletions(-) create mode 100644 test/e2e/settings/grpc.go diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 849bbe807..9dad331f1 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -25,215 +25,216 @@ data: The following table shows a configuration option's name, type, and the default value: -|name|type|default|notes| -|:---|:---|:------|:----| -|[add-headers](#add-headers)|string|""|| -|[allow-backend-server-header](#allow-backend-server-header)|bool|"false"|| -|[allow-cross-namespace-resources](#allow-cross-namespace-resources)|bool|"true"|| -|[allow-snippet-annotations](#allow-snippet-annotations)|bool|false|| -|[annotations-risk-level](#annotations-risk-level)|string|Critical|| -|[annotation-value-word-blocklist](#annotation-value-word-blocklist)|string array|""|| -|[hide-headers](#hide-headers)|string array|empty|| -|[access-log-params](#access-log-params)|string|""|| -|[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"|| -|[http-access-log-path](#http-access-log-path)|string|""|| -|[stream-access-log-path](#stream-access-log-path)|string|""|| -|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"|| -|[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"|| -|[enable-modsecurity](#enable-modsecurity)|bool|"false"|| -|[modsecurity-snippet](#modsecurity-snippet)|string|""|| -|[enable-owasp-modsecurity-crs](#enable-owasp-modsecurity-crs)|bool|"false"|| -|[client-header-buffer-size](#client-header-buffer-size)|string|"1k"|| -|[client-header-timeout](#client-header-timeout)|int|60|| -|[client-body-buffer-size](#client-body-buffer-size)|string|"8k"|| -|[client-body-timeout](#client-body-timeout)|int|60|| -|[disable-access-log](#disable-access-log)|bool|false|| -|[disable-ipv6](#disable-ipv6)|bool|false|| -|[disable-ipv6-dns](#disable-ipv6-dns)|bool|false|| -|[enable-underscores-in-headers](#enable-underscores-in-headers)|bool|false|| -|[enable-ocsp](#enable-ocsp)|bool|false|| -|[ignore-invalid-headers](#ignore-invalid-headers)|bool|true|| -|[retry-non-idempotent](#retry-non-idempotent)|bool|"false"|| -|[error-log-level](#error-log-level)|string|"notice"|| -|[http2-max-field-size](#http2-max-field-size)|string|""|DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers)| -|[http2-max-header-size](#http2-max-header-size)|string|""|DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers)| -|[http2-max-requests](#http2-max-requests)|int|0|DEPRECATED in favour of [keepalive_requests](#keepalive-requests)| -|[http2-max-concurrent-streams](#http2-max-concurrent-streams)|int|128|| -|[hsts](#hsts)|bool|"true"|| -|[hsts-include-subdomains](#hsts-include-subdomains)|bool|"true"|| -|[hsts-max-age](#hsts-max-age)|string|"31536000"|| -|[hsts-preload](#hsts-preload)|bool|"false"|| -|[keep-alive](#keep-alive)|int|75|| -|[keep-alive-requests](#keep-alive-requests)|int|1000|| -|[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"|| -|[log-format-escape-none](#log-format-escape-none)|bool|"false"|| -|[log-format-escape-json](#log-format-escape-json)|bool|"false"|| -|[log-format-upstream](#log-format-upstream)|string|`$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`|| -|[log-format-stream](#log-format-stream)|string|`[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time`|| -|[enable-multi-accept](#enable-multi-accept)|bool|"true"|| -|[max-worker-connections](#max-worker-connections)|int|16384|| -|[max-worker-open-files](#max-worker-open-files)|int|0|| -|[map-hash-bucket-size](#max-hash-bucket-size)|int|64|| -|[nginx-status-ipv4-whitelist](#nginx-status-ipv4-whitelist)|[]string|"127.0.0.1"|| -|[nginx-status-ipv6-whitelist](#nginx-status-ipv6-whitelist)|[]string|"::1"|| -|[proxy-real-ip-cidr](#proxy-real-ip-cidr)|[]string|"0.0.0.0/0"|| -|[proxy-set-headers](#proxy-set-headers)|string|""|| -|[server-name-hash-max-size](#server-name-hash-max-size)|int|1024|| -|[server-name-hash-bucket-size](#server-name-hash-bucket-size)|int|``| -|[proxy-headers-hash-max-size](#proxy-headers-hash-max-size)|int|512|| -|[proxy-headers-hash-bucket-size](#proxy-headers-hash-bucket-size)|int|64|| -|[plugins](#plugins)|[]string| || -|[reuse-port](#reuse-port)|bool|"true"|| -|[server-tokens](#server-tokens)|bool|"false"|| -|[ssl-ciphers](#ssl-ciphers)|string|"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"|| -|[ssl-ecdh-curve](#ssl-ecdh-curve)|string|"auto"|| -|[ssl-dh-param](#ssl-dh-param)|string|""|| -|[ssl-protocols](#ssl-protocols)|string|"TLSv1.2 TLSv1.3"|| -|[ssl-session-cache](#ssl-session-cache)|bool|"true"|| -|[ssl-session-cache-size](#ssl-session-cache-size)|string|"10m"|| -|[ssl-session-tickets](#ssl-session-tickets)|bool|"false"|| -|[ssl-session-ticket-key](#ssl-session-ticket-key)|string|``| -|[ssl-session-timeout](#ssl-session-timeout)|string|"10m"|| -|[ssl-buffer-size](#ssl-buffer-size)|string|"4k"|| -|[use-proxy-protocol](#use-proxy-protocol)|bool|"false"|| -|[proxy-protocol-header-timeout](#proxy-protocol-header-timeout)|string|"5s"|| -|[enable-aio-write](#enable-aio-write)|bool|"true"|| -|[use-gzip](#use-gzip)|bool|"false"|| -|[use-geoip](#use-geoip)|bool|"true"|| -|[use-geoip2](#use-geoip2)|bool|"false"|| -|[geoip2-autoreload-in-minutes](#geoip2-autoreload-in-minutes)|int|"0"|| -|[enable-brotli](#enable-brotli)|bool|"false"|| -|[brotli-level](#brotli-level)|int|4|| -|[brotli-min-length](#brotli-min-length)|int|20|| -|[brotli-types](#brotli-types)|string|"application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"|| -|[use-http2](#use-http2)|bool|"true"|| -|[gzip-disable](#gzip-disable)|string|""|| -|[gzip-level](#gzip-level)|int|1|| -|[gzip-min-length](#gzip-min-length)|int|256|| -|[gzip-types](#gzip-types)|string|"application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"|| -|[worker-processes](#worker-processes)|string|``|| -|[worker-cpu-affinity](#worker-cpu-affinity)|string|""|| -|[worker-shutdown-timeout](#worker-shutdown-timeout)|string|"240s"|| -|[load-balance](#load-balance)|string|"round_robin"|| -|[variables-hash-bucket-size](#variables-hash-bucket-size)|int|128|| -|[variables-hash-max-size](#variables-hash-max-size)|int|2048|| -|[upstream-keepalive-connections](#upstream-keepalive-connections)|int|320|| -|[upstream-keepalive-time](#upstream-keepalive-time)|string|"1h"|| -|[upstream-keepalive-timeout](#upstream-keepalive-timeout)|int|60|| -|[upstream-keepalive-requests](#upstream-keepalive-requests)|int|10000|| -|[limit-conn-zone-variable](#limit-conn-zone-variable)|string|"$binary_remote_addr"|| -|[proxy-stream-timeout](#proxy-stream-timeout)|string|"600s"|| -|[proxy-stream-next-upstream](#proxy-stream-next-upstream)|bool|"true"|| -|[proxy-stream-next-upstream-timeout](#proxy-stream-next-upstream-timeout)|string|"600s"|| -|[proxy-stream-next-upstream-tries](#proxy-stream-next-upstream-tries)|int|3|| -|[proxy-stream-responses](#proxy-stream-responses)|int|1|| -|[bind-address](#bind-address)|[]string|""|| -|[use-forwarded-headers](#use-forwarded-headers)|bool|"false"|| -|[enable-real-ip](#enable-real-ip)|bool|"false"|| -|[forwarded-for-header](#forwarded-for-header)|string|"X-Forwarded-For"|| -|[compute-full-forwarded-for](#compute-full-forwarded-for)|bool|"false"|| -|[proxy-add-original-uri-header](#proxy-add-original-uri-header)|bool|"false"|| -|[generate-request-id](#generate-request-id)|bool|"true"|| -|[enable-opentracing](#enable-opentracing)|bool|"false"|| -|[opentracing-operation-name](#opentracing-operation-name)|string|""|| -|[opentracing-location-operation-name](#opentracing-location-operation-name)|string|""|| -|[zipkin-collector-host](#zipkin-collector-host)|string|""|| -|[zipkin-collector-port](#zipkin-collector-port)|int|9411|| -|[zipkin-service-name](#zipkin-service-name)|string|"nginx"|| -|[zipkin-sample-rate](#zipkin-sample-rate)|float|1.0|| -|[jaeger-collector-host](#jaeger-collector-host)|string|""|| -|[jaeger-collector-port](#jaeger-collector-port)|int|6831|| -|[jaeger-endpoint](#jaeger-endpoint)|string|""|| -|[jaeger-service-name](#jaeger-service-name)|string|"nginx"|| -|[jaeger-propagation-format](#jaeger-propagation-format)|string|"jaeger"|| -|[jaeger-sampler-type](#jaeger-sampler-type)|string|"const"|| -|[jaeger-sampler-param](#jaeger-sampler-param)|string|"1"|| -|[jaeger-sampler-host](#jaeger-sampler-host)|string|"http://127.0.0.1"|| -|[jaeger-sampler-port](#jaeger-sampler-port)|int|5778|| -|[jaeger-trace-context-header-name](#jaeger-trace-context-header-name)|string|uber-trace-id|| -|[jaeger-debug-header](#jaeger-debug-header)|string|uber-debug-id|| -|[jaeger-baggage-header](#jaeger-baggage-header)|string|jaeger-baggage|| -|[jaeger-trace-baggage-header-prefix](#jaeger-trace-baggage-header-prefix)|string|uberctx-|| -|[datadog-collector-host](#datadog-collector-host)|string|""|| -|[datadog-collector-port](#datadog-collector-port)|int|8126|| -|[datadog-service-name](#datadog-service-name)|string|"nginx"|| -|[datadog-environment](#datadog-environment)|string|"prod"|| -|[datadog-operation-name-override](#datadog-operation-name-override)|string|"nginx.handle"|| -|[datadog-priority-sampling](#datadog-priority-sampling)|bool|"true"|| -|[datadog-sample-rate](#datadog-sample-rate)|float|1.0|| -|[enable-opentelemetry](#enable-opentelemetry)|bool|"false"|| -|[opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)|bool|"true"|| -|[opentelemetry-operation-name](#opentelemetry-operation-name)|string|""|| -|[opentelemetry-config](#/etc/nginx/opentelemetry.toml)|string|"/etc/nginx/opentelemetry.toml"|| -|[otlp-collector-host](#otlp-collector-host)|string|""|| -|[otlp-collector-port](#otlp-collector-port)|int|4317|| -|[otel-max-queuesize](#otel-max-queuesize)|int||| -|[otel-schedule-delay-millis](#otel-schedule-delay-millis)|int||| -|[otel-max-export-batch-size](#otel-max-export-batch-size)|int||| -|[otel-service-name](#otel-service-name)|string|"nginx"|| -|[otel-sampler](#otel-sampler)|string|"AlwaysOff"|| -|[otel-sampler-parent-based](#otel-sampler-parent-based)|bool|"false"|| -|[otel-sampler-ratio](#otel-sampler-ratio)|float|0.01|| -|[main-snippet](#main-snippet)|string|""|| -|[http-snippet](#http-snippet)|string|""|| -|[server-snippet](#server-snippet)|string|""|| -|[stream-snippet](#stream-snippet)|string|""|| -|[location-snippet](#location-snippet)|string|""|| -|[custom-http-errors](#custom-http-errors)|[]int|[]int{}|| -|[proxy-body-size](#proxy-body-size)|string|"1m"|| -|[proxy-connect-timeout](#proxy-connect-timeout)|int|5|| -|[proxy-read-timeout](#proxy-read-timeout)|int|60|| -|[proxy-send-timeout](#proxy-send-timeout)|int|60|| -|[proxy-buffers-number](#proxy-buffers-number)|int|4|| -|[proxy-buffer-size](#proxy-buffer-size)|string|"4k"|| -|[proxy-cookie-path](#proxy-cookie-path)|string|"off"|| -|[proxy-cookie-domain](#proxy-cookie-domain)|string|"off"|| -|[proxy-next-upstream](#proxy-next-upstream)|string|"error timeout"|| -|[proxy-next-upstream-timeout](#proxy-next-upstream-timeout)|int|0|| -|[proxy-next-upstream-tries](#proxy-next-upstream-tries)|int|3|| -|[proxy-redirect-from](#proxy-redirect-from)|string|"off"|| -|[proxy-request-buffering](#proxy-request-buffering)|string|"on"|| -|[ssl-redirect](#ssl-redirect)|bool|"true"|| -|[force-ssl-redirect](#force-ssl-redirect)|bool|"false"|| -|[denylist-source-range](#denylist-source-range)|[]string|[]string{}|| -|[whitelist-source-range](#whitelist-source-range)|[]string|[]string{}|| -|[skip-access-log-urls](#skip-access-log-urls)|[]string|[]string{}|| -|[limit-rate](#limit-rate)|int|0|| -|[limit-rate-after](#limit-rate-after)|int|0|| -|[lua-shared-dicts](#lua-shared-dicts)|string|""|| -|[http-redirect-code](#http-redirect-code)|int|308|| -|[proxy-buffering](#proxy-buffering)|string|"off"|| -|[limit-req-status-code](#limit-req-status-code)|int|503|| -|[limit-conn-status-code](#limit-conn-status-code)|int|503|| -|[enable-syslog](#enable-syslog)|bool|false|| -|[syslog-host](#syslog-host)|string|""|| -|[syslog-port](#syslog-port)|int|514|| -|[no-tls-redirect-locations](#no-tls-redirect-locations)|string|"/.well-known/acme-challenge"|| -|[global-auth-url](#global-auth-url)|string|""|| -|[global-auth-method](#global-auth-method)|string|""|| -|[global-auth-signin](#global-auth-signin)|string|""|| -|[global-auth-signin-redirect-param](#global-auth-signin-redirect-param)|string|"rd"|| -|[global-auth-response-headers](#global-auth-response-headers)|string|""|| -|[global-auth-request-redirect](#global-auth-request-redirect)|string|""|| -|[global-auth-snippet](#global-auth-snippet)|string|""|| -|[global-auth-cache-key](#global-auth-cache-key)|string|""|| -|[global-auth-cache-duration](#global-auth-cache-duration)|string|"200 202 401 5m"|| -|[no-auth-locations](#no-auth-locations)|string|"/.well-known/acme-challenge"|| -|[block-cidrs](#block-cidrs)|[]string|""|| -|[block-user-agents](#block-user-agents)|[]string|""|| -|[block-referers](#block-referers)|[]string|""|| -|[proxy-ssl-location-only](#proxy-ssl-location-only)|bool|"false"|| -|[default-type](#default-type)|string|"text/html"|| -|[global-rate-limit-memcached-host](#global-rate-limit)|string|""|| -|[global-rate-limit-memcached-port](#global-rate-limit)|int|11211|| -|[global-rate-limit-memcached-connect-timeout](#global-rate-limit)|int|50|| -|[global-rate-limit-memcached-max-idle-timeout](#global-rate-limit)|int|10000|| -|[global-rate-limit-memcached-pool-size](#global-rate-limit)|int|50|| -|[global-rate-limit-status-code](#global-rate-limit)|int|429|| -|[service-upstream](#service-upstream)|bool|"false"|| -|[ssl-reject-handshake](#ssl-reject-handshake)|bool|"false"|| -|[debug-connections](#debug-connections)|[]string|"127.0.0.1,1.1.1.1/24"|| -|[strict-validate-path-type](#strict-validate-path-type)|bool|"false" (v1.7.x)|| +|name| type | default |notes| +|:---|:-------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----| +|[add-headers](#add-headers)| string | "" || +|[allow-backend-server-header](#allow-backend-server-header)| bool | "false" || +|[allow-cross-namespace-resources](#allow-cross-namespace-resources)| bool | "true" || +|[allow-snippet-annotations](#allow-snippet-annotations)| bool | false || +|[annotations-risk-level](#annotations-risk-level)| string | Critical || +|[annotation-value-word-blocklist](#annotation-value-word-blocklist)| string array | "" || +|[hide-headers](#hide-headers)| string array | empty || +|[access-log-params](#access-log-params)| string | "" || +|[access-log-path](#access-log-path)| string | "/var/log/nginx/access.log" || +|[http-access-log-path](#http-access-log-path)| string | "" || +|[stream-access-log-path](#stream-access-log-path)| string | "" || +|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)| bool | "false" || +|[error-log-path](#error-log-path)| string | "/var/log/nginx/error.log" || +|[enable-modsecurity](#enable-modsecurity)| bool | "false" || +|[modsecurity-snippet](#modsecurity-snippet)| string | "" || +|[enable-owasp-modsecurity-crs](#enable-owasp-modsecurity-crs)| bool | "false" || +|[client-header-buffer-size](#client-header-buffer-size)| string | "1k" || +|[client-header-timeout](#client-header-timeout)| int | 60 || +|[client-body-buffer-size](#client-body-buffer-size)| string | "8k" || +|[client-body-timeout](#client-body-timeout)| int | 60 || +|[disable-access-log](#disable-access-log)| bool | false || +|[disable-ipv6](#disable-ipv6)| bool | false || +|[disable-ipv6-dns](#disable-ipv6-dns)| bool | false || +|[enable-underscores-in-headers](#enable-underscores-in-headers)| bool | false || +|[enable-ocsp](#enable-ocsp)| bool | false || +|[ignore-invalid-headers](#ignore-invalid-headers)| bool | true || +|[retry-non-idempotent](#retry-non-idempotent)| bool | "false" || +|[error-log-level](#error-log-level)| string | "notice" || +|[http2-max-field-size](#http2-max-field-size)| string | "" |DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers)| +|[http2-max-header-size](#http2-max-header-size)| string | "" |DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers)| +|[http2-max-requests](#http2-max-requests)| int | 0 |DEPRECATED in favour of [keepalive_requests](#keepalive-requests)| +|[http2-max-concurrent-streams](#http2-max-concurrent-streams)| int | 128 || +|[hsts](#hsts)| bool | "true" || +|[hsts-include-subdomains](#hsts-include-subdomains)| bool | "true" || +|[hsts-max-age](#hsts-max-age)| string | "31536000" || +|[hsts-preload](#hsts-preload)| bool | "false" || +|[keep-alive](#keep-alive)| int | 75 || +|[keep-alive-requests](#keep-alive-requests)| int | 1000 || +|[large-client-header-buffers](#large-client-header-buffers)| string | "4 8k" || +|[log-format-escape-none](#log-format-escape-none)| bool | "false" || +|[log-format-escape-json](#log-format-escape-json)| bool | "false" || +|[log-format-upstream](#log-format-upstream)| string | `$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id` || +|[log-format-stream](#log-format-stream)| string | `[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time` || +|[enable-multi-accept](#enable-multi-accept)| bool | "true" || +|[max-worker-connections](#max-worker-connections)| int | 16384 || +|[max-worker-open-files](#max-worker-open-files)| int | 0 || +|[map-hash-bucket-size](#max-hash-bucket-size)| int | 64 || +|[nginx-status-ipv4-whitelist](#nginx-status-ipv4-whitelist)| []string | "127.0.0.1" || +|[nginx-status-ipv6-whitelist](#nginx-status-ipv6-whitelist)| []string | "::1" || +|[proxy-real-ip-cidr](#proxy-real-ip-cidr)| []string | "0.0.0.0/0" || +|[proxy-set-headers](#proxy-set-headers)| string | "" || +|[server-name-hash-max-size](#server-name-hash-max-size)| int | 1024 || +|[server-name-hash-bucket-size](#server-name-hash-bucket-size)| int | `` | +|[proxy-headers-hash-max-size](#proxy-headers-hash-max-size)| int | 512 || +|[proxy-headers-hash-bucket-size](#proxy-headers-hash-bucket-size)| int | 64 || +|[plugins](#plugins)| []string | || +|[reuse-port](#reuse-port)| bool | "true" || +|[server-tokens](#server-tokens)| bool | "false" || +|[ssl-ciphers](#ssl-ciphers)| string | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" || +|[ssl-ecdh-curve](#ssl-ecdh-curve)| string | "auto" || +|[ssl-dh-param](#ssl-dh-param)| string | "" || +|[ssl-protocols](#ssl-protocols)| string | "TLSv1.2 TLSv1.3" || +|[ssl-session-cache](#ssl-session-cache)| bool | "true" || +|[ssl-session-cache-size](#ssl-session-cache-size)| string | "10m" || +|[ssl-session-tickets](#ssl-session-tickets)| bool | "false" || +|[ssl-session-ticket-key](#ssl-session-ticket-key)| string | `` | +|[ssl-session-timeout](#ssl-session-timeout)| string | "10m" || +|[ssl-buffer-size](#ssl-buffer-size)| string | "4k" || +|[use-proxy-protocol](#use-proxy-protocol)| bool | "false" || +|[proxy-protocol-header-timeout](#proxy-protocol-header-timeout)| string | "5s" || +|[enable-aio-write](#enable-aio-write)| bool | "true" || +|[use-gzip](#use-gzip)| bool | "false" || +|[use-geoip](#use-geoip)| bool | "true" || +|[use-geoip2](#use-geoip2)| bool | "false" || +|[geoip2-autoreload-in-minutes](#geoip2-autoreload-in-minutes)| int | "0" || +|[enable-brotli](#enable-brotli)| bool | "false" || +|[brotli-level](#brotli-level)| int | 4 || +|[brotli-min-length](#brotli-min-length)| int | 20 || +|[brotli-types](#brotli-types)| string | "application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" || +|[use-http2](#use-http2)| bool | "true" || +|[gzip-disable](#gzip-disable)| string | "" || +|[gzip-level](#gzip-level)| int | 1 || +|[gzip-min-length](#gzip-min-length)| int | 256 || +|[gzip-types](#gzip-types)| string | "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" || +|[worker-processes](#worker-processes)| string | `` || +|[worker-cpu-affinity](#worker-cpu-affinity)| string | "" || +|[worker-shutdown-timeout](#worker-shutdown-timeout)| string | "240s" || +|[load-balance](#load-balance)| string | "round_robin" || +|[variables-hash-bucket-size](#variables-hash-bucket-size)| int | 128 || +|[variables-hash-max-size](#variables-hash-max-size)| int | 2048 || +|[upstream-keepalive-connections](#upstream-keepalive-connections)| int | 320 || +|[upstream-keepalive-time](#upstream-keepalive-time)| string | "1h" || +|[upstream-keepalive-timeout](#upstream-keepalive-timeout)| int | 60 || +|[upstream-keepalive-requests](#upstream-keepalive-requests)| int | 10000 || +|[limit-conn-zone-variable](#limit-conn-zone-variable)| string | "$binary_remote_addr" || +|[proxy-stream-timeout](#proxy-stream-timeout)| string | "600s" || +|[proxy-stream-next-upstream](#proxy-stream-next-upstream)| bool | "true" || +|[proxy-stream-next-upstream-timeout](#proxy-stream-next-upstream-timeout)| string | "600s" || +|[proxy-stream-next-upstream-tries](#proxy-stream-next-upstream-tries)| int | 3 || +|[proxy-stream-responses](#proxy-stream-responses)| int | 1 || +|[bind-address](#bind-address)| []string | "" || +|[use-forwarded-headers](#use-forwarded-headers)| bool | "false" || +|[enable-real-ip](#enable-real-ip)| bool | "false" || +|[forwarded-for-header](#forwarded-for-header)| string | "X-Forwarded-For" || +|[compute-full-forwarded-for](#compute-full-forwarded-for)| bool | "false" || +|[proxy-add-original-uri-header](#proxy-add-original-uri-header)| bool | "false" || +|[generate-request-id](#generate-request-id)| bool | "true" || +|[enable-opentracing](#enable-opentracing)| bool | "false" || +|[opentracing-operation-name](#opentracing-operation-name)| string | "" || +|[opentracing-location-operation-name](#opentracing-location-operation-name)| string | "" || +|[zipkin-collector-host](#zipkin-collector-host)| string | "" || +|[zipkin-collector-port](#zipkin-collector-port)| int | 9411 || +|[zipkin-service-name](#zipkin-service-name)| string | "nginx" || +|[zipkin-sample-rate](#zipkin-sample-rate)| float | 1.0 || +|[jaeger-collector-host](#jaeger-collector-host)| string | "" || +|[jaeger-collector-port](#jaeger-collector-port)| int | 6831 || +|[jaeger-endpoint](#jaeger-endpoint)| string | "" || +|[jaeger-service-name](#jaeger-service-name)| string | "nginx" || +|[jaeger-propagation-format](#jaeger-propagation-format)| string | "jaeger" || +|[jaeger-sampler-type](#jaeger-sampler-type)| string | "const" || +|[jaeger-sampler-param](#jaeger-sampler-param)| string | "1" || +|[jaeger-sampler-host](#jaeger-sampler-host)| string | "http://127.0.0.1" || +|[jaeger-sampler-port](#jaeger-sampler-port)| int | 5778 || +|[jaeger-trace-context-header-name](#jaeger-trace-context-header-name)| string | uber-trace-id || +|[jaeger-debug-header](#jaeger-debug-header)| string | uber-debug-id || +|[jaeger-baggage-header](#jaeger-baggage-header)| string | jaeger-baggage || +|[jaeger-trace-baggage-header-prefix](#jaeger-trace-baggage-header-prefix)| string | uberctx- || +|[datadog-collector-host](#datadog-collector-host)| string | "" || +|[datadog-collector-port](#datadog-collector-port)| int | 8126 || +|[datadog-service-name](#datadog-service-name)| string | "nginx" || +|[datadog-environment](#datadog-environment)| string | "prod" || +|[datadog-operation-name-override](#datadog-operation-name-override)| string | "nginx.handle" || +|[datadog-priority-sampling](#datadog-priority-sampling)| bool | "true" || +|[datadog-sample-rate](#datadog-sample-rate)| float | 1.0 || +|[enable-opentelemetry](#enable-opentelemetry)| bool | "false" || +|[opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)| bool | "true" || +|[opentelemetry-operation-name](#opentelemetry-operation-name)| string | "" || +|[opentelemetry-config](#/etc/nginx/opentelemetry.toml)| string | "/etc/nginx/opentelemetry.toml" || +|[otlp-collector-host](#otlp-collector-host)| string | "" || +|[otlp-collector-port](#otlp-collector-port)| int | 4317 || +|[otel-max-queuesize](#otel-max-queuesize)| int | || +|[otel-schedule-delay-millis](#otel-schedule-delay-millis)| int | || +|[otel-max-export-batch-size](#otel-max-export-batch-size)| int | || +|[otel-service-name](#otel-service-name)| string | "nginx" || +|[otel-sampler](#otel-sampler)| string | "AlwaysOff" || +|[otel-sampler-parent-based](#otel-sampler-parent-based)| bool | "false" || +|[otel-sampler-ratio](#otel-sampler-ratio)| float | 0.01 || +|[main-snippet](#main-snippet)| string | "" || +|[http-snippet](#http-snippet)| string | "" || +|[server-snippet](#server-snippet)| string | "" || +|[stream-snippet](#stream-snippet)| string | "" || +|[location-snippet](#location-snippet)| string | "" || +|[custom-http-errors](#custom-http-errors)| []int | []int{} || +|[proxy-body-size](#proxy-body-size)| string | "1m" || +|[proxy-connect-timeout](#proxy-connect-timeout)| int | 5 || +|[proxy-read-timeout](#proxy-read-timeout)| int | 60 || +|[proxy-send-timeout](#proxy-send-timeout)| int | 60 || +|[proxy-buffers-number](#proxy-buffers-number)| int | 4 || +|[proxy-buffer-size](#proxy-buffer-size)| string | "4k" || +|[proxy-cookie-path](#proxy-cookie-path)| string | "off" || +|[proxy-cookie-domain](#proxy-cookie-domain)| string | "off" || +|[proxy-next-upstream](#proxy-next-upstream)| string | "error timeout" || +|[proxy-next-upstream-timeout](#proxy-next-upstream-timeout)| int | 0 || +|[proxy-next-upstream-tries](#proxy-next-upstream-tries)| int | 3 || +|[proxy-redirect-from](#proxy-redirect-from)| string | "off" || +|[proxy-request-buffering](#proxy-request-buffering)| string | "on" || +|[ssl-redirect](#ssl-redirect)| bool | "true" || +|[force-ssl-redirect](#force-ssl-redirect)| bool | "false" || +|[denylist-source-range](#denylist-source-range)| []string | []string{} || +|[whitelist-source-range](#whitelist-source-range)| []string | []string{} || +|[skip-access-log-urls](#skip-access-log-urls)| []string | []string{} || +|[limit-rate](#limit-rate)| int | 0 || +|[limit-rate-after](#limit-rate-after)| int | 0 || +|[lua-shared-dicts](#lua-shared-dicts)| string | "" || +|[http-redirect-code](#http-redirect-code)| int | 308 || +|[proxy-buffering](#proxy-buffering)| string | "off" || +|[limit-req-status-code](#limit-req-status-code)| int | 503 || +|[limit-conn-status-code](#limit-conn-status-code)| int | 503 || +|[enable-syslog](#enable-syslog)| bool | false || +|[syslog-host](#syslog-host)| string | "" || +|[syslog-port](#syslog-port)| int | 514 || +|[no-tls-redirect-locations](#no-tls-redirect-locations)| string | "/.well-known/acme-challenge" || +|[global-auth-url](#global-auth-url)| string | "" || +|[global-auth-method](#global-auth-method)| string | "" || +|[global-auth-signin](#global-auth-signin)| string | "" || +|[global-auth-signin-redirect-param](#global-auth-signin-redirect-param)| string | "rd" || +|[global-auth-response-headers](#global-auth-response-headers)| string | "" || +|[global-auth-request-redirect](#global-auth-request-redirect)| string | "" || +|[global-auth-snippet](#global-auth-snippet)| string | "" || +|[global-auth-cache-key](#global-auth-cache-key)| string | "" || +|[global-auth-cache-duration](#global-auth-cache-duration)| string | "200 202 401 5m" || +|[no-auth-locations](#no-auth-locations)| string | "/.well-known/acme-challenge" || +|[block-cidrs](#block-cidrs)| []string | "" || +|[block-user-agents](#block-user-agents)| []string | "" || +|[block-referers](#block-referers)| []string | "" || +|[proxy-ssl-location-only](#proxy-ssl-location-only)| bool | "false" || +|[default-type](#default-type)| string | "text/html" || +|[global-rate-limit-memcached-host](#global-rate-limit)| string | "" || +|[global-rate-limit-memcached-port](#global-rate-limit)| int | 11211 || +|[global-rate-limit-memcached-connect-timeout](#global-rate-limit)| int | 50 || +|[global-rate-limit-memcached-max-idle-timeout](#global-rate-limit)| int | 10000 || +|[global-rate-limit-memcached-pool-size](#global-rate-limit)| int | 50 || +|[global-rate-limit-status-code](#global-rate-limit)| int | 429 || +|[service-upstream](#service-upstream)| bool | "false" || +|[ssl-reject-handshake](#ssl-reject-handshake)| bool | "false" || +|[debug-connections](#debug-connections)| []string | "127.0.0.1,1.1.1.1/24" || +|[strict-validate-path-type](#strict-validate-path-type)| bool | "false" (v1.7.x) || +|[grpc-buffer-size-kb](#grpc-buffer-size-kb)| int | 0 || ## add-headers @@ -1432,3 +1433,10 @@ This means that Ingress objects that rely on paths containing regex characters s The cluster admin should establish validation rules using mechanisms like [Open Policy Agent](https://www.openpolicyagent.org/) to validate that only authorized users can use `ImplementationSpecific` pathType and that only the authorized characters can be used. + +## grpc-buffer-size-kb + +Sets the configuration for the GRPC Buffer Size parameter. If not set it will use the default from NGINX. + +_References:_ +[https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size) \ No newline at end of file diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 12bbb662a..371f3069c 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -20,9 +20,8 @@ import ( "strconv" "time" - "k8s.io/klog/v2" - apiv1 "k8s.io/api/core/v1" + "k8s.io/klog/v2" "k8s.io/ingress-nginx/internal/ingress/defaults" "k8s.io/ingress-nginx/pkg/apis/ingress" @@ -752,6 +751,11 @@ type Configuration struct { // alphanumeric chars, "-", "_", "/".In case of additional characters, // like used on Rewrite configurations the user should use pathType as ImplementationSpecific StrictValidatePathType bool `json:"strict-validate-path-type"` + + // GRPCBufferSizeKb Sets the size of the buffer used for reading the response received + // from the gRPC server. The response is passed to the client synchronously, + // as soon as it is received. + GRPCBufferSizeKb int `json:"grpc-buffer-size-kb"` } // NewDefault returns the default nginx configuration @@ -917,6 +921,7 @@ func NewDefault() Configuration { GlobalRateLimitStatucCode: 429, DebugConnections: []string{}, StrictValidatePathType: false, // TODO: This will be true in future releases + GRPCBufferSizeKb: 0, } if klog.V(5).Enabled() { diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index d5172ff3f..f117070c8 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -331,6 +331,10 @@ http { client_body_buffer_size {{ $cfg.ClientBodyBufferSize }}; client_body_timeout {{ $cfg.ClientBodyTimeout }}s; + {{ if gt $cfg.GRPCBufferSizeKb 0 }} + grpc_buffer_size {{ $cfg.GRPCBufferSizeKb }}k; + {{ end }} + {{ if and (ne $cfg.HTTP2MaxHeaderSize "") (ne $cfg.HTTP2MaxFieldSize "") }} http2_max_field_size {{ $cfg.HTTP2MaxFieldSize }}; http2_max_header_size {{ $cfg.HTTP2MaxHeaderSize }}; diff --git a/test/e2e/settings/grpc.go b/test/e2e/settings/grpc.go new file mode 100644 index 000000000..fa5f35b24 --- /dev/null +++ b/test/e2e/settings/grpc.go @@ -0,0 +1,110 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package settings + +import ( + "context" + "crypto/tls" + "fmt" + "strings" + + pb "github.com/moul/pb/grpcbin/go-grpc" + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +const echoHost = "echo" + +var _ = framework.DescribeSetting("GRPC", func() { + f := framework.NewDefaultFramework("grpc-buffersize", framework.WithHTTPBunEnabled()) + + ginkgo.It("should set the correct GRPC Buffer Size", func() { + f.SetNginxConfigMapData(map[string]string{ + "grpc-buffer-size-kb": "8", + }) + + f.WaitForNginxConfiguration( + func(cfg string) bool { + return strings.Contains(cfg, "grpc_buffer_size 8k") + }) + + f.NewGRPCBinDeployment() + + host := echoHost + + svc := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: "grpcbin-test", + Namespace: f.Namespace, + }, + Spec: corev1.ServiceSpec{ + ExternalName: fmt.Sprintf("grpcbin.%v.svc.cluster.local", f.Namespace), + Type: corev1.ServiceTypeExternalName, + Ports: []corev1.ServicePort{ + { + Name: host, + Port: 9000, + TargetPort: intstr.FromInt(9000), + Protocol: "TCP", + }, + }, + }, + } + f.EnsureService(svc) + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/backend-protocol": "GRPC", + } + + ing := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, "grpcbin-test", 9000, annotations) + + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, "grpc_pass grpc://upstream_balancer;") + }) + + conn, err := grpc.Dial(f.GetNginxIP()+":443", + grpc.WithTransportCredentials( + credentials.NewTLS(&tls.Config{ + ServerName: echoHost, + InsecureSkipVerify: true, //nolint:gosec // Ignore certificate validation in testing + }), + ), + ) + assert.Nil(ginkgo.GinkgoT(), err, "error creating a connection") + defer conn.Close() + + client := pb.NewGRPCBinClient(conn) + ctx := context.Background() + + res, err := client.HeadersUnary(ctx, &pb.EmptyMessage{}) + assert.Nil(ginkgo.GinkgoT(), err) + + metadata := res.GetMetadata() + assert.Equal(ginkgo.GinkgoT(), metadata["content-type"].Values[0], "application/grpc") + assert.Equal(ginkgo.GinkgoT(), metadata[":authority"].Values[0], host) + }) +}) From 365d886c1d8db4c6e4cc543f5ee08adc5480d0d1 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Mon, 25 Mar 2024 01:44:36 +0100 Subject: [PATCH 105/154] Chores: Remove recently added whitespaces. (#11156) --- docs/user-guide/nginx-configuration/configmap.md | 4 ++-- rootfs/etc/nginx/template/nginx.tmpl | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 9dad331f1..89a35b07b 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -741,7 +741,7 @@ _**default:**_ false ## geoip2-autoreload-in-minutes -Enables the [geoip2 module](https://github.com/leev/ngx_http_geoip2_module) autoreload in MaxMind databases setting the interval in minutes. +Enables the [geoip2 module](https://github.com/leev/ngx_http_geoip2_module) autoreload in MaxMind databases setting the interval in minutes. _**default:**_ 0 @@ -1439,4 +1439,4 @@ validate that only authorized users can use `ImplementationSpecific` pathType an Sets the configuration for the GRPC Buffer Size parameter. If not set it will use the default from NGINX. _References:_ -[https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size) \ No newline at end of file +[https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index f117070c8..b3b3f8683 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -202,7 +202,7 @@ http { geoip2 /etc/ingress-controller/geoip/GeoLite2-City.mmdb { {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; - {{ end }} + {{ end }} $geoip2_city_country_code source=$remote_addr country iso_code; $geoip2_city_country_name source=$remote_addr country names en; $geoip2_city_country_geoname_id source=$remote_addr country geoname_id; @@ -228,7 +228,7 @@ http { geoip2 /etc/ingress-controller/geoip/GeoIP2-City.mmdb { {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; - {{ end }} + {{ end }} $geoip2_city_country_code source=$remote_addr country iso_code; $geoip2_city_country_name source=$remote_addr country names en; $geoip2_city_country_geoname_id source=$remote_addr country geoname_id; @@ -254,7 +254,7 @@ http { geoip2 /etc/ingress-controller/geoip/GeoLite2-ASN.mmdb { {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; - {{ end }} + {{ end }} $geoip2_asn source=$remote_addr autonomous_system_number; $geoip2_org source=$remote_addr autonomous_system_organization; } @@ -264,7 +264,7 @@ http { geoip2 /etc/ingress-controller/geoip/GeoIP2-ASN.mmdb { {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; - {{ end }} + {{ end }} $geoip2_asn source=$remote_addr autonomous_system_number; $geoip2_org source=$remote_addr autonomous_system_organization; } @@ -274,7 +274,7 @@ http { geoip2 /etc/ingress-controller/geoip/GeoIP2-ISP.mmdb { {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; - {{ end }} + {{ end }} $geoip2_isp source=$remote_addr isp; $geoip2_isp_org source=$remote_addr organization; $geoip2_asn source=$remote_addr default=0 autonomous_system_number; @@ -291,7 +291,7 @@ http { geoip2 /etc/ingress-controller/geoip/GeoIP2-Anonymous-IP.mmdb { {{ if (gt $cfg.GeoIP2AutoReloadMinutes 0) }} auto_reload {{ $cfg.GeoIP2AutoReloadMinutes }}m; - {{ end }} + {{ end }} $geoip2_is_anon source=$remote_addr is_anonymous; $geoip2_is_anonymous source=$remote_addr default=0 is_anonymous; $geoip2_is_anonymous_vpn source=$remote_addr default=0 is_anonymous_vpn; From 9e29e89c41cf5d9555dfd95338bca422d9355e7b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 04:48:48 -0700 Subject: [PATCH 106/154] Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11159) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.50.0 to 0.51.1. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.50.0...v0.51.1) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 960df0c20..a5b488044 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.50.0 + github.com/prometheus/common v0.51.1 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 0b21a7cc5..d79fb373f 100644 --- a/go.sum +++ b/go.sum @@ -323,8 +323,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.50.0 h1:YSZE6aa9+luNa2da6/Tik0q0A5AbR+U003TItK57CPQ= -github.com/prometheus/common v0.50.0/go.mod h1:wHFBCEVWVmHMUpg7pYcOm2QUR/ocQdYSJVQJKnHc3xQ= +github.com/prometheus/common v0.51.1 h1:eIjN50Bwglz6a/c3hAgSMcofL3nD+nFQkV6Dd4DsQCw= +github.com/prometheus/common v0.51.1/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= From aedb13c9faead3f486d1e5f451a37dfd72e53b77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 04:19:21 -0700 Subject: [PATCH 107/154] Bump the all group with 3 updates (#11157) Bumps the all group with 3 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [actions/add-to-project](https://github.com/actions/add-to-project) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/dependency-review-action` from 4.1.3 to 4.2.4 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/9129d7d40b8c12c1ed0f60400d00c92d437adcce...733dd5d4a5203f238c33806593ec0f5fc5343d8c) Updates `actions/add-to-project` from 0.6.0 to 0.6.1 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/0609a2702eefb44781da00f8e04901d6e5cd2b92...1b844f0c5ac6446a402e0cb3693f9be5eca188c5) Updates `github/codeql-action` from 3.24.7 to 3.24.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/3ab4101902695724f9365a384f86c1074d94e18c...1b1aada464948af03b950897e5eb522f92603cc2) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- .github/workflows/project.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 6d9f9dc8f..f890b4b4d 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 + uses: actions/dependency-review-action@733dd5d4a5203f238c33806593ec0f5fc5343d8c # v4.2.4 diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 2d398e24c..a87742e63 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -13,7 +13,7 @@ jobs: repository-projects: write issues: write steps: - - uses: actions/add-to-project@0609a2702eefb44781da00f8e04901d6e5cd2b92 # v0.6.0 + - uses: actions/add-to-project@1b844f0c5ac6446a402e0cb3693f9be5eca188c5 # v0.6.1 with: project-url: https://github.com/orgs/kubernetes/projects/104 github-token: ${{ secrets.PROJECT_WRITER }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 43c63c733..3018dee65 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 13131d633..8bc0f8e40 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 7c8af4928b9bbc02264d5c7fad95308f1744a143 Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Thu, 28 Mar 2024 10:36:23 -0300 Subject: [PATCH 108/154] Controller: Make Leader Election TTL configurable. (#11142) * feature(leader_ttl): feature to customize ttl to leader be re-elected * fix(review): docs --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/templates/_params.tpl | 3 + charts/ingress-nginx/values.yaml | 2 + docs/user-guide/cli-arguments.md | 1 + internal/ingress/controller/controller.go | 1 + internal/ingress/controller/nginx.go | 5 +- internal/ingress/controller/status.go | 11 ++-- pkg/flags/flags.go | 8 +++ pkg/flags/flags_test.go | 69 ++++++++++++++++++++++ 9 files changed, 93 insertions(+), 8 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 1f912ea09..e7298b5b7 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -297,6 +297,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | | controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' | +| controller.electionTTL | string | `""` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) | | controller.enableAnnotationValidations | bool | `false` | | | controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | | controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" Defaults to false | diff --git a/charts/ingress-nginx/templates/_params.tpl b/charts/ingress-nginx/templates/_params.tpl index b2b54db19..48569a8b0 100644 --- a/charts/ingress-nginx/templates/_params.tpl +++ b/charts/ingress-nginx/templates/_params.tpl @@ -63,6 +63,9 @@ {{- if .Values.controller.disableLeaderElection }} - --disable-leader-election=true {{- end }} +{{- if .Values.controller.electionTTL }} +- --election-ttl={{ .Values.controller.electionTTL }} +{{- end }} {{- range $key, $value := .Values.controller.extraArgs }} {{- /* Accept keys without values or with false as value */}} {{- if eq ($value | quote | len) 2 }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 5be9519df..3741323c4 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -85,6 +85,8 @@ controller: enableTopologyAwareRouting: false # -- This configuration disable Nginx Controller Leader Election disableLeaderElection: false + # -- Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) + electionTTL: "" # -- This configuration defines if Ingress Controller should allow users to set # their own *-snippet annotations, otherwise this is forbidden / dropped # when users add those annotations. diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index 275c753ec..f8fdc2ddb 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -22,6 +22,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--disable-sync-events` | Disables the creation of 'Sync' Event resources, but still logs them | | `--dynamic-configuration-retries` | Number of times to retry failed dynamic configuration before failing to sync an ingress. (default 15) | | `--election-id` | Election id to use for Ingress status updates. (default "ingress-controller-leader") | +| `--election-ttl` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) | | `--enable-metrics` | Enables the collection of NGINX metrics. (default true) | | `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)| | `--enable-ssl-passthrough` | Enable SSL Passthrough. (default false) | diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 495fead15..db786a15c 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -91,6 +91,7 @@ type Configuration struct { UpdateStatus bool UseNodeInternalIP bool ElectionID string + ElectionTTL time.Duration UpdateStatusOnShutdown bool HealthCheckHost string diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 1d385e506..0df5409f4 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -274,8 +274,9 @@ func (n *NGINXController) Start() { if !n.cfg.DisableLeaderElection { electionID := n.cfg.ElectionID setupLeaderElection(&leaderElectionConfig{ - Client: n.cfg.Client, - ElectionID: electionID, + Client: n.cfg.Client, + ElectionID: electionID, + ElectionTTL: n.cfg.ElectionTTL, OnStartedLeading: func(stopCh chan struct{}) { if n.syncStatus != nil { go n.syncStatus.Run(stopCh) diff --git a/internal/ingress/controller/status.go b/internal/ingress/controller/status.go index 6bab7c2ad..5a169e1c3 100644 --- a/internal/ingress/controller/status.go +++ b/internal/ingress/controller/status.go @@ -36,7 +36,8 @@ import ( type leaderElectionConfig struct { Client clientset.Interface - ElectionID string + ElectionID string + ElectionTTL time.Duration OnStartedLeading func(chan struct{}) OnStoppedLeading func() @@ -107,13 +108,11 @@ func setupLeaderElection(config *leaderElectionConfig) { LockConfig: resourceLockConfig, } - ttl := 30 * time.Second - elector, err = leaderelection.NewLeaderElector(leaderelection.LeaderElectionConfig{ Lock: lock, - LeaseDuration: ttl, - RenewDeadline: ttl / 2, - RetryPeriod: ttl / 4, + LeaseDuration: config.ElectionTTL, + RenewDeadline: config.ElectionTTL / 2, + RetryPeriod: config.ElectionTTL / 4, Callbacks: callbacks, }) diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go index d7157fa79..5891f636b 100644 --- a/pkg/flags/flags.go +++ b/pkg/flags/flags.go @@ -132,6 +132,9 @@ Requires setting the publish-service parameter to a valid Service reference.`) electionID = flags.String("election-id", "ingress-controller-leader", `Election id to use for Ingress status updates.`) + electionTTL = flags.Duration("election-ttl", 30*time.Second, + `Duration a leader election is valid before it's getting re-elected`) + updateStatusOnShutdown = flags.Bool("update-status-on-shutdown", true, `Update the load-balancer status of Ingress objects when the controller shuts down. Requires the update-status parameter.`) @@ -314,6 +317,10 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g } } + if *electionTTL <= 0 { + *electionTTL = 30 * time.Second + } + histogramBuckets := &collectors.HistogramBuckets{ TimeBuckets: *timeBuckets, LengthBuckets: *lengthBuckets, @@ -327,6 +334,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g KubeConfigFile: *kubeConfigFile, UpdateStatus: *updateStatus, ElectionID: *electionID, + ElectionTTL: *electionTTL, EnableProfiling: *profiling, EnableMetrics: *enableMetrics, MetricsPerHost: *metricsPerHost, diff --git a/pkg/flags/flags_test.go b/pkg/flags/flags_test.go index 54b35dbca..e51d5fa6c 100644 --- a/pkg/flags/flags_test.go +++ b/pkg/flags/flags_test.go @@ -19,6 +19,7 @@ package flags import ( "os" "testing" + "time" ) func TestNoMandatoryFlag(t *testing.T) { @@ -143,3 +144,71 @@ func TestIfLeaderElectionDisabledFlagIsFalse(t *testing.T) { t.Fatalf("Expected --disable-leader-election and conf.DisableLeaderElection as false, but found: %v", conf.DisableLeaderElection) } } + +func TestLeaderElectionTTLDefaultValue(t *testing.T) { + ResetForTesting(func() { t.Fatal("Parsing failed") }) + + oldArgs := os.Args + defer func() { os.Args = oldArgs }() + os.Args = []string{"cmd", "--http-port", "80", "--https-port", "443"} + + _, conf, err := ParseFlags() + if err != nil { + t.Fatalf("Unexpected error parsing default flags: %v", err) + } + + if conf.ElectionTTL != 30*time.Second { + t.Fatalf("Expected --election-ttl and conf.ElectionTTL as 30s, but found: %v", conf.ElectionTTL) + } +} + +func TestLeaderElectionTTLParseValueInSeconds(t *testing.T) { + ResetForTesting(func() { t.Fatal("Parsing failed") }) + + oldArgs := os.Args + defer func() { os.Args = oldArgs }() + os.Args = []string{"cmd", "--http-port", "80", "--https-port", "443", "--election-ttl", "10s"} + + _, conf, err := ParseFlags() + if err != nil { + t.Fatalf("Unexpected error parsing default flags: %v", err) + } + + if conf.ElectionTTL != 10*time.Second { + t.Fatalf("Expected --election-ttl and conf.ElectionTTL as 10s, but found: %v", conf.ElectionTTL) + } +} + +func TestLeaderElectionTTLParseValueInMinutes(t *testing.T) { + ResetForTesting(func() { t.Fatal("Parsing failed") }) + + oldArgs := os.Args + defer func() { os.Args = oldArgs }() + os.Args = []string{"cmd", "--http-port", "80", "--https-port", "443", "--election-ttl", "10m"} + + _, conf, err := ParseFlags() + if err != nil { + t.Fatalf("Unexpected error parsing default flags: %v", err) + } + + if conf.ElectionTTL != 10*time.Minute { + t.Fatalf("Expected --election-ttl and conf.ElectionTTL as 10m, but found: %v", conf.ElectionTTL) + } +} + +func TestLeaderElectionTTLParseValueInHours(t *testing.T) { + ResetForTesting(func() { t.Fatal("Parsing failed") }) + + oldArgs := os.Args + defer func() { os.Args = oldArgs }() + os.Args = []string{"cmd", "--http-port", "80", "--https-port", "443", "--election-ttl", "1h"} + + _, conf, err := ParseFlags() + if err != nil { + t.Fatalf("Unexpected error parsing default flags: %v", err) + } + + if conf.ElectionTTL != 1*time.Hour { + t.Fatalf("Expected --election-ttl and conf.ElectionTTL as 1h, but found: %v", conf.ElectionTTL) + } +} From e44cab7245ad0e0c31cb6d0c947fa1aa51cff1ba Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Fri, 29 Mar 2024 08:38:02 -0300 Subject: [PATCH 109/154] Proposal: e2e tests for regex patterns (#11174) * tests(path): proposal: e2e tests for regex patterns * gofumpt * gofumpt --- test/e2e/ingress/pathtype_prefix.go | 134 ++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) diff --git a/test/e2e/ingress/pathtype_prefix.go b/test/e2e/ingress/pathtype_prefix.go index fa664ce27..ce11ca8bf 100644 --- a/test/e2e/ingress/pathtype_prefix.go +++ b/test/e2e/ingress/pathtype_prefix.go @@ -68,4 +68,138 @@ var _ = framework.IngressNginxDescribe("[Ingress] [PathType] prefix checks", fun Expect(). Status(http.StatusOK) }) + + ginkgo.It("should test prefix path using simple regex pattern for /id/{int}", func() { + host := "echo.com.br" + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/use-regex": `true`, + } + + ing := framework.NewSingleIngress(host, "/id/[0-9]+", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.HTTPTestClient(). + GET("/id/1"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClient(). + GET("/id/12"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClient(). + GET("/id/123"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClient(). + GET("/id/aaa"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + + f.HTTPTestClient(). + GET("/id/123a"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + }) + + ginkgo.It("should test prefix path using regex pattern for /id/{int} ignoring non-digits characters at end of string", func() { + host := "echo.regex.br" + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/use-regex": `true`, + } + + ing := framework.NewSingleIngress(host, "/id/[0-9]+$", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.HTTPTestClient(). + GET("/id/1"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClient(). + GET("/id/aaa"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + + f.HTTPTestClient(). + GET("/id/123a"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + }) + + ginkgo.It("should test prefix path using fixed path size regex pattern /id/{int}{3}", func() { + host := "echo.regex.size.br" + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/use-regex": `true`, + } + + ing := framework.NewSingleIngress(host, "/id/[0-9]{3}$", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.HTTPTestClient(). + GET("/id/99"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + + f.HTTPTestClient(). + GET("/id/123"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClient(). + GET("/id/9999"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + + f.HTTPTestClient(). + GET("/id/123a"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + }) + + ginkgo.It("should correctly route multi-segment path patterns", func() { + host := "echo.multi.segment.br" + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/use-regex": `true`, + } + + ing := framework.NewSingleIngress(host, "/id/[0-9]+/post/[a-zA-Z]+$", host, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.HTTPTestClient(). + GET("/id/123/post/abc"). + WithHeader("Host", host). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClient(). + GET("/id/123/post/abc123"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + + f.HTTPTestClient(). + GET("/id/abc/post/abc"). + WithHeader("Host", host). + Expect(). + Status(http.StatusNotFound) + }) }) From 5052c8acc06a7cd9ac9e27808d65e7a7a2fcea83 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 29 Mar 2024 13:39:28 +0100 Subject: [PATCH 110/154] bump ginkgo to v2.17.1 (#11177) Signed-off-by: cpanato --- build/run-in-docker.sh | 2 +- go.mod | 10 +++--- go.sum | 20 +++++------ images/kube-webhook-certgen/rootfs/go.mod | 21 +++++------ images/kube-webhook-certgen/rootfs/go.sum | 44 +++++++++++------------ magefiles/go.mod | 9 ++--- magefiles/go.sum | 21 ++++------- test/e2e/run-chart-test.sh | 2 +- test/e2e/run-kind-e2e.sh | 2 +- 9 files changed, 63 insertions(+), 68 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 367f6138a..62bd7115c 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -82,7 +82,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "FLAGS=$FLAGS" #go env - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.15.0 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.17.1 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/go.mod b/go.mod index a5b488044..a0bb140a0 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.16.0 + github.com/onsi/ginkgo/v2 v2.17.1 github.com/opencontainers/runc v1.1.12 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.19.0 @@ -31,12 +31,12 @@ require ( gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.29.3 - k8s.io/apiextensions-apiserver v0.29.2 + k8s.io/apiextensions-apiserver v0.29.3 k8s.io/apimachinery v0.29.3 - k8s.io/apiserver v0.29.2 - k8s.io/cli-runtime v0.29.2 + k8s.io/apiserver v0.29.3 + k8s.io/cli-runtime v0.29.3 k8s.io/client-go v0.29.3 - k8s.io/code-generator v0.29.2 + k8s.io/code-generator v0.29.3 k8s.io/component-base v0.29.3 k8s.io/klog/v2 v2.120.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 diff --git a/go.sum b/go.sum index d79fb373f..4edd9fe56 100644 --- a/go.sum +++ b/go.sum @@ -288,8 +288,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM= -github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= @@ -742,18 +742,18 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= +k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI= +k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc= k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= -k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ= -k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ= -k8s.io/cli-runtime v0.29.2 h1:smfsOcT4QujeghsNjECKN3lwyX9AwcFU0nvJ7sFN3ro= -k8s.io/cli-runtime v0.29.2/go.mod h1:KLisYYfoqeNfO+MkTWvpqIyb1wpJmmFJhioA0xd4MW8= +k8s.io/apiserver v0.29.3 h1:xR7ELlJ/BZSr2n4CnD3lfA4gzFivh0wwfNfz9L0WZcE= +k8s.io/apiserver v0.29.3/go.mod h1:hrvXlwfRulbMbBgmWRQlFru2b/JySDpmzvQwwk4GUOs= +k8s.io/cli-runtime v0.29.3 h1:r68rephmmytoywkw2MyJ+CxjpasJDQY7AGc3XY2iv1k= +k8s.io/cli-runtime v0.29.3/go.mod h1:aqVUsk86/RhaGJwDhHXH0jcdqBrgdF3bZWk4Z9D4mkM= k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= -k8s.io/code-generator v0.29.2 h1:c9/iw2KnNpw2IRV+wwuG/Wns2TjPSgjWzbbjTevyiHI= -k8s.io/code-generator v0.29.2/go.mod h1:FwFi3C9jCrmbPjekhaCYcYG1n07CYiW1+PAPCockaos= +k8s.io/code-generator v0.29.3 h1:m7E25/t9R9NvejspO2zBdyu+/Gl0Z5m7dCRc680KS14= +k8s.io/code-generator v0.29.3/go.mod h1:x47ofBhN4gxYFcxeKA1PYXeaPreAGaDN85Y/lNUsPoM= k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo= k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio= k8s.io/gengo v0.0.0-20240226174109-00c4be8627da h1:uH7pylUCo++9PSvrUA34sbk4Y6PHw/bgEFa80pejI+I= diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index de1d86bdd..b1903dcf3 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -6,10 +6,10 @@ require ( github.com/onrik/logrus v0.11.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.0 - k8s.io/api v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 - k8s.io/kube-aggregator v0.29.2 + k8s.io/api v0.29.3 + k8s.io/apimachinery v0.29.3 + k8s.io/client-go v0.29.3 + k8s.io/kube-aggregator v0.29.3 ) require ( @@ -21,7 +21,7 @@ require ( github.com/go-openapi/jsonreference v0.20.4 // indirect github.com/go-openapi/swag v0.22.9 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20240225044709-fd706174c886 // indirect @@ -34,14 +34,15 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/onsi/ginkgo/v2 v2.15.0 // indirect + github.com/onsi/ginkgo/v2 v2.17.1 // indirect github.com/onsi/gomega v1.30.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect - golang.org/x/net v0.21.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + github.com/stretchr/testify v1.9.0 // indirect + golang.org/x/net v0.22.0 // indirect + golang.org/x/oauth2 v0.18.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.18.0 // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 5f88f3da3..4ec80305a 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -20,8 +20,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -60,8 +60,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/onrik/logrus v0.11.0 h1:pu+BCaWL36t0yQaj/2UHK2erf88dwssAKOT51mxPUVs= github.com/onrik/logrus v0.11.0/go.mod h1:fO2vlZwIdti6PidD3gV5YKt9Lq5ptpnP293RAe1ITwk= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -80,8 +80,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= @@ -104,10 +104,10 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -120,12 +120,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -162,16 +162,16 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= -k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= +k8s.io/kube-aggregator v0.29.3 h1:5KvTyFN8sQq2imq8tMAHWEKoE64Zg9WSMaGX78KV6ps= +k8s.io/kube-aggregator v0.29.3/go.mod h1:xGJqV/SJJ1fbwTGfQLAZfwgqX1EMoaqfotDTkDrqqSk= k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b h1:1dzw/KqgSPod72SUp2tuTOmK33TlY2fHlrVU2M9VrOM= k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= diff --git a/magefiles/go.mod b/magefiles/go.mod index bdc592cdd..d41baf17e 100644 --- a/magefiles/go.mod +++ b/magefiles/go.mod @@ -8,7 +8,7 @@ require ( github.com/helm/helm v2.17.0+incompatible github.com/magefile/mage v1.15.0 github.com/vmware-labs/yaml-jsonpath v0.3.2 - golang.org/x/oauth2 v0.17.0 + golang.org/x/oauth2 v0.18.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -20,18 +20,19 @@ require ( github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/kr/text v0.2.0 // indirect github.com/onsi/ginkgo v1.16.5 // indirect github.com/onsi/gomega v1.30.0 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/sergi/go-diff v1.3.1 // indirect - golang.org/x/crypto v0.20.0 // indirect + github.com/stretchr/testify v1.9.0 // indirect + golang.org/x/crypto v0.21.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/apimachinery v0.29.2 // indirect + k8s.io/apimachinery v0.29.3 // indirect k8s.io/helm v2.17.0+incompatible // indirect ) diff --git a/magefiles/go.sum b/magefiles/go.sum index 8130f1178..5f402c490 100644 --- a/magefiles/go.sum +++ b/magefiles/go.sum @@ -30,8 +30,7 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -79,8 +78,7 @@ github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NF github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/vmware-labs/yaml-jsonpath v0.3.2 h1:/5QKeCBGdsInyDCyVNLbXyilb61MXGi9NP674f9Hobk= github.com/vmware-labs/yaml-jsonpath v0.3.2/go.mod h1:U6whw1z03QyqgWdgXxvVnQ90zN1BWz5V+51Ewf8k+rQ= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -89,8 +87,7 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= -golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -100,10 +97,8 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -121,8 +116,7 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -168,7 +162,6 @@ gopkg.in/yaml.v3 v3.0.0-20191026110619-0b21df46bc1d/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= k8s.io/helm v2.17.0+incompatible h1:Bpn6o1wKLYqKM3+Osh8e+1/K2g/GsQJ4F4yNF2+deao= k8s.io/helm v2.17.0+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 05f199cb2..e38df8690 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.15.0 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.17.1 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run-kind-e2e.sh b/test/e2e/run-kind-e2e.sh index 5e4afb57d..891e5dbae 100755 --- a/test/e2e/run-kind-e2e.sh +++ b/test/e2e/run-kind-e2e.sh @@ -96,7 +96,7 @@ fi if [ "${SKIP_E2E_IMAGE_CREATION}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.15.0 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.17.1 fi echo "[dev-env] .. done building controller images" From 25d2758e94268559f971e8b28ddcd980f5b6448a Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Sun, 31 Mar 2024 01:23:32 +0900 Subject: [PATCH 111/154] fixes brotli build issue (#10484) --- images/nginx/rootfs/build.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index d6e7c4a58..98bb346fb 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -465,10 +465,8 @@ make install # Get Brotli source and deps cd "$BUILD_PATH" -git clone --depth=100 https://github.com/google/ngx_brotli.git +git clone --depth=1 https://github.com/google/ngx_brotli.git cd ngx_brotli -# https://github.com/google/ngx_brotli/issues/156 -git reset --hard 63ca02abdcf79c9e788d2eedcc388d2335902e52 git submodule init git submodule update From c0767ccc6164882aa83861ae0de68301f2e47505 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Sun, 31 Mar 2024 22:21:33 +0200 Subject: [PATCH 112/154] refactor helm ci tests part I (#11178) * refactor helm ci tests part I Signed-off-by: cpanato * update indentation Signed-off-by: cpanato * fix path Signed-off-by: cpanato * more updates Signed-off-by: cpanato * add helm-lint job Signed-off-by: cpanato --------- Signed-off-by: cpanato --- hack/verify-chart-lint.sh => .ct.yaml | 20 +++++---- .github/workflows/ci.yaml | 65 ++++++++++++++++++--------- charts/ingress-nginx/Chart.yaml | 14 +++--- 3 files changed, 64 insertions(+), 35 deletions(-) rename hack/verify-chart-lint.sh => .ct.yaml (67%) mode change 100755 => 100644 diff --git a/hack/verify-chart-lint.sh b/.ct.yaml old mode 100755 new mode 100644 similarity index 67% rename from hack/verify-chart-lint.sh rename to .ct.yaml index 1c661ae2b..229030219 --- a/hack/verify-chart-lint.sh +++ b/.ct.yaml @@ -1,6 +1,4 @@ -#!/bin/bash - -# Copyright 2020 The Kubernetes Authors. +# Copyright 2024 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,10 +11,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +--- +remote: origin +target-branch: main -set -o errexit -set -o nounset -set -o pipefail +validate-maintainers: false +check-version-increment: false -KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )" -ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false +chart-repos: + - ingress-nginx=https://kubernetes.github.io/ingress-nginx +helm-extra-args: --timeout 800s + +chart-dirs: + - charts diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a033bbfa9..f19b7158f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -168,28 +168,30 @@ jobs: name: docker.tar.gz path: docker.tar.gz retention-days: 5 - helm: - name: Helm chart + + helm-lint: + name: Helm chart lint runs-on: ubuntu-latest needs: - changes - - build if: | (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') - strategy: - matrix: - k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] - steps: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: ${{ needs.build.outputs.golangversion }} - check-latest: true + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: '3.x' + + - name: Set up chart-testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Install Helm Unit Test Plugin run: | @@ -199,14 +201,8 @@ jobs: run: | helm unittest charts/ingress-nginx -d - - name: cache - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 - with: - name: docker.tar.gz - - - name: Lint - run: | - ./build/run-in-docker.sh ./hack/verify-chart-lint.sh + - name: Run chart-testing (lint) + run: ct lint --config ./.ct.yaml - name: Run helm-docs run: | @@ -227,6 +223,35 @@ jobs: ./ah lint -p charts/ingress-nginx || exit 1 rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz + helm-test: + name: Helm chart testing + runs-on: ubuntu-latest + needs: + - changes + - build + - helm-lint + if: | + (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') + + strategy: + matrix: + k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] + + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: Setup Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: ${{ needs.build.outputs.golangversion }} + check-latest: true + + - name: cache + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + with: + name: docker.tar.gz + - name: fix permissions run: | sudo mkdir -p $HOME/.kube diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 3e977530f..7996c29c5 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -9,15 +9,15 @@ description: Ingress controller for Kubernetes using NGINX as a reverse proxy an home: https://github.com/kubernetes/ingress-nginx icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png keywords: -- ingress -- nginx + - ingress + - nginx kubeVersion: '>=1.20.0-0' maintainers: -- name: Gacko -- name: rikatz -- name: strongjz -- name: tao12345666333 + - name: Gacko + - name: rikatz + - name: strongjz + - name: tao12345666333 name: ingress-nginx sources: -- https://github.com/kubernetes/ingress-nginx + - https://github.com/kubernetes/ingress-nginx version: 4.10.0 From e48fbba774157d5f0c9173c69eac345ca18b1ccb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 05:39:33 -0700 Subject: [PATCH 113/154] Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11184) Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.1 to 1.0.0. - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/1b844f0c5ac6446a402e0cb3693f9be5eca188c5...2e5cc851ca7162e9eb510e6da6a5c64022e606a7) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/project.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index a87742e63..b999e29be 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -13,7 +13,7 @@ jobs: repository-projects: write issues: write steps: - - uses: actions/add-to-project@1b844f0c5ac6446a402e0cb3693f9be5eca188c5 # v0.6.1 + - uses: actions/add-to-project@2e5cc851ca7162e9eb510e6da6a5c64022e606a7 # v1.0.0 with: project-url: https://github.com/orgs/kubernetes/projects/104 github-token: ${{ secrets.PROJECT_WRITER }} From df9d0e17550d92b1fe11deecd3efa1a391c5b630 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 08:41:43 -0700 Subject: [PATCH 114/154] Bump the all group with 2 updates (#11183) Bumps the all group with 2 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `actions/dependency-review-action` from 4.2.4 to 4.2.5 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/733dd5d4a5203f238c33806593ec0f5fc5343d8c...5bbc3ba658137598168acb2ab73b21c432dd411b) Updates `aquasecurity/trivy-action` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/062f2592684a31eb3aa050cc61e7ca1451cecd3d...d710430a6722f083d3b36b8339ff66b32f22ee55) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index f890b4b4d..3b553afd4 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@733dd5d4a5203f238c33806593ec0f5fc5343d8c # v4.2.4 + uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5 diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 8bc0f8e40..2d671d966 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -60,7 +60,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0 + uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0 with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' From b233a96faaa94921ab4672a212dfff789b9c076d Mon Sep 17 00:00:00 2001 From: Karol Kieglerski Date: Thu, 4 Apr 2024 15:08:00 +0200 Subject: [PATCH 115/154] Fix-semver (#11193) --- .../ingress-nginx/templates/controller-service-internal.yaml | 4 ++-- .../ingress-nginx/templates/controller-service-webhook.yaml | 2 +- charts/ingress-nginx/templates/controller-service.yaml | 4 ++-- charts/ingress-nginx/templates/default-backend-service.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index 950eb8f05..6d0b47caf 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -58,7 +58,7 @@ spec: port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }} protocol: TCP targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }} - {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }} + {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }} appProtocol: http {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.http))) }} @@ -70,7 +70,7 @@ spec: port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }} protocol: TCP targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }} - {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }} + {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }} appProtocol: https {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.https))) }} diff --git a/charts/ingress-nginx/templates/controller-service-webhook.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml index 2d02e23aa..6dcf1a10a 100644 --- a/charts/ingress-nginx/templates/controller-service-webhook.yaml +++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml @@ -31,7 +31,7 @@ spec: - name: https-webhook port: 443 targetPort: webhook - {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} appProtocol: https {{- end }} selector: diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index 74f608536..cb78a7035 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -58,7 +58,7 @@ spec: port: {{ .Values.controller.service.ports.http }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.http }} - {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }} + {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }} appProtocol: http {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} @@ -70,7 +70,7 @@ spec: port: {{ .Values.controller.service.ports.https }} protocol: TCP targetPort: {{ .Values.controller.service.targetPorts.https }} - {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }} + {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }} appProtocol: https {{- end }} {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} diff --git a/charts/ingress-nginx/templates/default-backend-service.yaml b/charts/ingress-nginx/templates/default-backend-service.yaml index 2cccd6e9e..65b6b8362 100644 --- a/charts/ingress-nginx/templates/default-backend-service.yaml +++ b/charts/ingress-nginx/templates/default-backend-service.yaml @@ -32,7 +32,7 @@ spec: port: {{ .Values.defaultBackend.service.servicePort }} protocol: TCP targetPort: http - {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} appProtocol: http {{- end }} selector: From 404bfc348518139c1c201f459d20d02ff85a2de3 Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 4 Apr 2024 09:20:16 -0400 Subject: [PATCH 116/154] force nginx rebuild Signed-off-by: James Strong --- images/nginx-1.25/TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx-1.25/TAG b/images/nginx-1.25/TAG index 837042c77..254a9f20d 100644 --- a/images/nginx-1.25/TAG +++ b/images/nginx-1.25/TAG @@ -1 +1 @@ -v0.0.5 \ No newline at end of file +v0.0.6 \ No newline at end of file From 8d402ebfd82f512bedf096920730be89fbbc871f Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 4 Apr 2024 09:27:19 -0400 Subject: [PATCH 117/154] update test image and go version Signed-off-by: James Strong --- GOLANG_VERSION | 2 +- images/test-runner/TAG | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/GOLANG_VERSION b/GOLANG_VERSION index 24b38a959..8864ad297 100644 --- a/GOLANG_VERSION +++ b/GOLANG_VERSION @@ -1 +1 @@ -1.22.1 \ No newline at end of file +1.22.2 \ No newline at end of file diff --git a/images/test-runner/TAG b/images/test-runner/TAG index 95e94cdd3..90ab6e946 100644 --- a/images/test-runner/TAG +++ b/images/test-runner/TAG @@ -1 +1 @@ -v0.0.1 \ No newline at end of file +v0.0.2 \ No newline at end of file From bf3fa531676ce2b61effb55f5a94345dbc382d09 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Thu, 4 Apr 2024 17:01:10 +0200 Subject: [PATCH 118/154] Owners: Promote Gacko to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`. (#11165) * Owners: Sort `ingress-nginx-maintainers` & `ingress-nginx-reviewers`. * Owners: Update URL in aliases. * Images: Remove owners as it's identical to global owners. * Images: Remove global owners from `kube-webhook-certgen` owners. * Owners: Remove members from aliases covered by other aliases. ingress-nginx-helm-maintainers: - cpanato: Covered by ingress-nginx-maintainers - strongjz: Covered by ingress-nginx-maintainers ingress-nginx-helm-reviewers: - cpanato: Covered by ingress-nginx-reviewers - strongjz: Covered by ingress-nginx-reviewers ingress-nginx-docs-maintainers: - tao12345666333: Covered by ingress-nginx-maintainers * Owners: Promote myself to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`. --- OWNERS | 4 ++-- OWNERS_ALIASES | 19 +++++++------------ charts/ingress-nginx/OWNERS | 2 +- docs/OWNERS | 4 ++-- images/OWNERS | 9 --------- images/kube-webhook-certgen/OWNERS | 8 +------- rootfs/etc/nginx/lua/OWNERS | 4 ++-- 7 files changed, 15 insertions(+), 35 deletions(-) delete mode 100644 images/OWNERS diff --git a/OWNERS b/OWNERS index da1da1b2e..f1e022c38 100644 --- a/OWNERS +++ b/OWNERS @@ -1,4 +1,4 @@ -# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md +# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners approvers: - ingress-nginx-maintainers @@ -7,6 +7,6 @@ reviewers: - ingress-nginx-reviewers emeritus_approvers: -- aledbf # 2020-04-02 +- aledbf # 2020-04-02 - bowei # 2022-10-12 - ElvinEfendi # 2023-04-23 diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 44fc67d2e..fa10804ce 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -1,4 +1,4 @@ -# See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md +# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners aliases: sig-network-leads: @@ -11,34 +11,29 @@ aliases: - strongjz ingress-nginx-maintainers: + - cpanato + - Gacko + - puerco - rikatz - strongjz - - cpanato - - puerco - tao12345666333 ingress-nginx-reviewers: + - cpanato + - Gacko + - puerco - rikatz - strongjz - - puerco - - cpanato - tao12345666333 ingress-nginx-helm-maintainers: - - cpanato - - Gacko - - strongjz - ubergesundheit ingress-nginx-helm-reviewers: - - cpanato - - Gacko - - strongjz - ubergesundheit ingress-nginx-docs-maintainers: - longwuyuan - - tao12345666333 ingress-nginx-kube-webhook-certgen-reviewers: - invidian diff --git a/charts/ingress-nginx/OWNERS b/charts/ingress-nginx/OWNERS index 6b7e049ca..d588ede68 100644 --- a/charts/ingress-nginx/OWNERS +++ b/charts/ingress-nginx/OWNERS @@ -1,4 +1,4 @@ -# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md +# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners approvers: - ingress-nginx-helm-maintainers diff --git a/docs/OWNERS b/docs/OWNERS index e8b886e5b..245cb8688 100644 --- a/docs/OWNERS +++ b/docs/OWNERS @@ -1,7 +1,7 @@ -# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md +# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners approvers: - ingress-nginx-docs-maintainers labels: -- area/docs \ No newline at end of file +- area/docs diff --git a/images/OWNERS b/images/OWNERS deleted file mode 100644 index 00f162ebd..000000000 --- a/images/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md - -approvers: -- ingress-nginx-admins -- ingress-nginx-maintainers - -reviewers: -- ingress-nginx-admins -- ingress-nginx-maintainers diff --git a/images/kube-webhook-certgen/OWNERS b/images/kube-webhook-certgen/OWNERS index ad47b2e6d..b4424221c 100644 --- a/images/kube-webhook-certgen/OWNERS +++ b/images/kube-webhook-certgen/OWNERS @@ -1,10 +1,4 @@ -# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md - -approvers: -- ingress-nginx-admins -- ingress-nginx-maintainers +# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners reviewers: -- ingress-nginx-admins -- ingress-nginx-maintainers - ingress-nginx-kube-webhook-certgen-reviewers diff --git a/rootfs/etc/nginx/lua/OWNERS b/rootfs/etc/nginx/lua/OWNERS index 79814fdba..efb131316 100644 --- a/rootfs/etc/nginx/lua/OWNERS +++ b/rootfs/etc/nginx/lua/OWNERS @@ -1,4 +1,4 @@ -# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md +# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners labels: -- area/lua \ No newline at end of file +- area/lua From 622e36fd6a988d540f871a45d0cd3e08d32b29db Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 4 Apr 2024 20:37:33 +0530 Subject: [PATCH 119/154] bump ginkgo to 2-17-1 in testrunner (#11202) --- images/test-runner/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 627475d22..ac0757ab2 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -59,7 +59,7 @@ image: --build-arg YAML_LINT_VERSION=1.33.0 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ - --build-arg GINKGO_VERSION=2.15.0 \ + --build-arg GINKGO_VERSION=2.17.1 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs @@ -80,7 +80,7 @@ build: ensure-buildx --build-arg YAML_LINT_VERSION=1.33.0 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.11.2 \ - --build-arg GINKGO_VERSION=2.15.0 \ + --build-arg GINKGO_VERSION=2.17.1 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs From 3599a4c6ccea43f136baf2f184f5ad72a6f1143f Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Thu, 4 Apr 2024 20:48:53 +0530 Subject: [PATCH 120/154] chunking related faq update (#11196) --- docs/faq.md | 44 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index 253378c65..a210c221b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -7,27 +7,51 @@ Please read [Retain Client IPAddress Guide here](./user-guide/retaining-client-i ## Kubernetes v1.22 Migration -If you are using Ingress objects in your cluster (running Kubernetes older than v1.22), and you plan to upgrade your Kubernetes version to K8S 1.22 or above, then please read [the migration guide here](./user-guide/k8s-122-migration.md). +If you are using Ingress objects in your cluster (running Kubernetes older than +version 1.22), and you plan to upgrade your Kubernetes version to K8S 1.22 or +above, then please read [the migration guide here](./user-guide/k8s-122-migration.md). ## Validation Of __`path`__ -- For improving security and also following desired standards on Kubernetes API spec, the next release, scheduled for v1.8.0, will include a new & optional feature of validating the value for the key `ingress.spec.rules.http.paths.path` . +- For improving security and also following desired standards on Kubernetes API +spec, the next release, scheduled for v1.8.0, will include a new & optional +feature of validating the value for the key `ingress.spec.rules.http.paths.path`. -- This behavior will be disabled by default on the 1.8.0 release and enabled by default on the next breaking change release, set for 2.0.0. +- This behavior will be disabled by default on the 1.8.0 release and enabled by +default on the next breaking change release, set for 2.0.0. -- When "`ingress.spec.rules.http.pathType=Exact`" or "`pathType=Prefix`", this validation will limit the characters accepted on the field "`ingress.spec.rules.http.paths.path`", to "`alphanumeric characters`", and `"/," "_," "-."` Also, in this case, the path should start with `"/."` +- When "`ingress.spec.rules.http.pathType=Exact`" or "`pathType=Prefix`", this +validation will limit the characters accepted on the field "`ingress.spec.rules.http.paths.path`", +to "`alphanumeric characters`", and `"/," "_," "-."` Also, in this case, +the path should start with `"/."` -- When the ingress resource path contains other characters (like on rewrite configurations), the pathType value should be "`ImplementationSpecific`". +- When the ingress resource path contains other characters (like on rewrite +configurations), the pathType value should be "`ImplementationSpecific`". - API Spec on pathType is documented [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) -- When this option is enabled, the validation will happen on the Admission Webhook. So if any new ingress object contains characters other than "`alphanumeric characters`", and `"/," "_," "-."` , in the `path` field, but is not using `pathType` value as `ImplementationSpecific`, then the ingress object will be denied admission. +- When this option is enabled, the validation will happen on the Admission +Webhook. So if any new ingress object contains characters other than +alphanumeric characters, and, `"/,","_","-"`, in the `path` field, but +is not using `pathType` value as `ImplementationSpecific`, then the ingress +object will be denied admission. -- The cluster admin should establish validation rules using mechanisms like "`Open Policy Agent`", to validate that only authorized users can use ImplementationSpecific pathType and that only the authorized characters can be used. [The configmap value is here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) +- The cluster admin should establish validation rules using mechanisms like +"`Open Policy Agent`", to validate that only authorized users can use +ImplementationSpecific pathType and that only the authorized characters can be +used. [The configmap value is here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) - A complete example of an Openpolicyagent gatekeeper rule is available [here](https://kubernetes.github.io/ingress-nginx/examples/openpolicyagent/) -- If you have any issues or concerns, please do one of the following: - - Open a GitHub issue +- If you have any issues or concerns, please do one of the following: + - Open a GitHub issue - Comment in our Dev Slack Channel - - Open a thread in our Google Group ingress-nginx-dev@kubernetes.io + - Open a thread in our Google Group + +## Why is chunking not working since controller v1.10 ? + +- If your code is setting the HTTP header `"Transfer-Encoding: chunked"` and +the controller log messages show an error about duplicate header, it is +because of this change + +- More details are available in this issue From ad274ab2c62604a8d6b950793536df97f214a18f Mon Sep 17 00:00:00 2001 From: TheRealNoob Date: Thu, 4 Apr 2024 12:50:05 -0700 Subject: [PATCH 121/154] Chart: Make `controller.config` templatable. (#11181) * [helm] pass controller.config through tpl * add unittest * update README.md * Update charts/ingress-nginx/README.md Co-authored-by: Marco Ebert * Update charts/ingress-nginx/tests/controller-configmap_test.yaml Co-authored-by: Marco Ebert * Update charts/ingress-nginx/values.yaml Co-authored-by: Marco Ebert --------- Co-authored-by: Marco Ebert --- charts/ingress-nginx/README.md | 2 +- .../templates/controller-configmap.yaml | 2 +- .../tests/controller-configmap_test.yaml | 17 +++++++++++++++++ charts/ingress-nginx/values.yaml | 3 ++- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index e7298b5b7..f5197537e 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -285,7 +285,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | | | controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | | controller.autoscalingTemplate | list | `[]` | | -| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ | +| controller.config | object | `{}` | Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ | | controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. | | controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) | | controller.containerName | string | `"controller"` | Configures the controller container name | diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml index 662a16204..22080d115 100644 --- a/charts/ingress-nginx/templates/controller-configmap.yaml +++ b/charts/ingress-nginx/templates/controller-configmap.yaml @@ -24,5 +24,5 @@ data: ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }} {{- end }} {{- range $key, $value := .Values.controller.config }} - {{- $key | nindent 2 }}: {{ $value | quote }} + {{- $key | nindent 2 }}: {{ tpl (toString $value) $ | quote }} {{- end }} diff --git a/charts/ingress-nginx/tests/controller-configmap_test.yaml b/charts/ingress-nginx/tests/controller-configmap_test.yaml index 038760338..9cfea9800 100644 --- a/charts/ingress-nginx/tests/controller-configmap_test.yaml +++ b/charts/ingress-nginx/tests/controller-configmap_test.yaml @@ -12,3 +12,20 @@ tests: - equal: path: metadata.name value: RELEASE-NAME-ingress-nginx-controller + + - it: should create a ConfigMap with templated values if `controller.config` contains templates + set: + controller.config: + global-rate-limit-memcached-host: "memcached.{{ .Release.Namespace }}.svc.kubernetes.local" + global-rate-limit-memcached-port: 11211 + use-gzip: true + asserts: + - equal: + path: data.global-rate-limit-memcached-host + value: memcached.NAMESPACE.svc.kubernetes.local + - equal: + path: data.global-rate-limit-memcached-port + value: "11211" + - equal: + path: data.use-gzip + value: "true" diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 3741323c4..f0e5ba312 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -45,7 +45,8 @@ controller: containerPort: http: 80 https: 443 - # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ + # -- Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. + # Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ config: {} # -- Annotations to be added to the controller config configuration configmap. configAnnotations: {} From fb7db8b7815acb0a6481f80582bb45a9eace3357 Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 5 Apr 2024 08:24:16 +0530 Subject: [PATCH 122/154] updated baseimage & deleted a useless file (#11208) --- NGINX_BASE | 2 +- ingress-nginx.yaml | 68 ---------------------------------------------- 2 files changed, 1 insertion(+), 69 deletions(-) delete mode 100644 ingress-nginx.yaml diff --git a/NGINX_BASE b/NGINX_BASE index 4daa5c4d3..4d2c4917f 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.5@sha256:cdafd6c9d36e23414ce41330a482f9136ce82fac46802809681f61cdcd5ad0bb +registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.6@sha256:b3e027ab191eb9461a9bcf25092eabb1d547cba164992dbd722c1aa2b4a936ee diff --git a/ingress-nginx.yaml b/ingress-nginx.yaml deleted file mode 100644 index be66255e0..000000000 --- a/ingress-nginx.yaml +++ /dev/null @@ -1,68 +0,0 @@ -CURRENT_VERSION: "v1.5.1" -GOLANG_VERSION: "1.19.2" -GIT_TAG: "controller-v1.5.1" -NGINX_BASE_IMAGE: "registry.k8s.io/ingress-nginx/nginx:0b5e0685112e4537ee20a0bdbba451e9f6158aa3@sha256:3f5e28bb248d5170e77b77fc2a1a385724aeff41a0b34b5afad7dd9cf93de000" -NGINX_VERSION: "1.21.6" -VERSION_TABLE: - - "v1.5.1": - - Alpine: "3.16.2" - - Kubernetes: ["1.25","1.24","1.23"] - - NGINX: "1.21.6" - - CONTROLLER_IMAGE: "registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629" - - CHROOT_CONTROLLER_IMAGE: "registry.k8s.io/ingress-nginx/controller-chroot:v1.5.1@sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345" - - "v1.4.0": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.3.1": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.3.0": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.2.1": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.1.3": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.1.2": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.1.1": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.1.0": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.0.5": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.0.4": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.0.3": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.0.2": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.0.1": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" - - "v1.0.0": - - Alpine: "3.16.2" - - Kubernetes: [ "1.24","1.23", "1.22", "1.21", "1.20" ] - - NGINX: "1.19.10" From f93cfb781523c4386aa11a11327a69b5a54e9dbe Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 5 Apr 2024 15:28:19 +0530 Subject: [PATCH 123/154] changed testrunner image sha (#11207) --- build/run-in-docker.sh | 4 ++-- test/e2e-image/Makefile | 2 +- test/e2e/run-chart-test.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 62bd7115c..5d4e82a09 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -44,7 +44,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240126-760bf8eb@sha256:5e676bf2e5d5d035adfc6e093abee040af08327011e72fef640fa20da73cea2e} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240404-436df3e4@sha256:6bcba53b14d396177414e01f20e9111f1c009ac3b476a9b7668bb98d12bd5e85} if [[ "$RUNTIME" == podman ]]; then # Podman does not support both tag and digest @@ -96,4 +96,4 @@ else fi ${RUNTIME} run $args ${E2E_IMAGE} ${USE_SHELL} -c "${FLAGS}" -fi \ No newline at end of file +fi diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 9f43c4691..daba2b674 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20240126-760bf8eb@sha256:5e676bf2e5d5d035adfc6e093abee040af08327011e72fef640fa20da73cea2e" +E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20240404-436df3e4@sha256:6bcba53b14d396177414e01f20e9111f1c009ac3b476a9b7668bb98d12bd5e85" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index e38df8690..a453bd1b4 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -109,7 +109,7 @@ docker run --rm --interactive --network host \ --volume $KUBECONFIG:/root/.kube/config \ --volume "${DIR}/../../":/workdir \ --workdir /workdir \ - registry.k8s.io/ingress-nginx/e2e-test-runner:v20240126-760bf8eb@sha256:5e676bf2e5d5d035adfc6e093abee040af08327011e72fef640fa20da73cea2e \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20240404-436df3e4@sha256:6bcba53b14d396177414e01f20e9111f1c009ac3b476a9b7668bb98d12bd5e85 \ ct install \ --charts charts/ingress-nginx \ --helm-extra-args "--timeout 60s" From 7decd01468d390bd30a6c3dfd833c5c15222086b Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 5 Apr 2024 16:01:01 +0530 Subject: [PATCH 124/154] bumped certgeimage tag (#11212) --- images/kube-webhook-certgen/TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/kube-webhook-certgen/TAG b/images/kube-webhook-certgen/TAG index 0d0c52f84..66d62a800 100644 --- a/images/kube-webhook-certgen/TAG +++ b/images/kube-webhook-certgen/TAG @@ -1 +1 @@ -v1.4.0 +v1.4.1 From e9509e27aa9a6660a8bc70e96c988ce4be4aac11 Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Fri, 5 Apr 2024 08:54:48 -0300 Subject: [PATCH 125/154] feature(default_backend): topologySpreadConstraints on default backend (#11197) feature(default_backend): topologySpread support feature(default_backend): topologySpread support feature(default_backend): helm-docs feature(default_backend): helm-docs feature(default_backend): helm-docs feature(default_backend): helm-docs feature(default_backend): nit feature(default_backend): nit feature(default_backend): nit --- charts/ingress-nginx/README.md | 1 + .../templates/default-backend-deployment.yaml | 3 +++ charts/ingress-nginx/values.yaml | 19 +++++++++++++++++++ 3 files changed, 23 insertions(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index f5197537e..db162bc85 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -534,6 +534,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.serviceAccount.create | bool | `true` | | | defaultBackend.serviceAccount.name | string | `""` | | | defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | | defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index d342c8c35..dc2bbcbdd 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -109,6 +109,9 @@ spec: {{- if .Values.defaultBackend.affinity }} affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }} {{- end }} + {{- if .Values.defaultBackend.topologySpreadConstraints }} + topologySpreadConstraints: {{ tpl (toYaml .Values.defaultBackend.topologySpreadConstraints) $ | nindent 8 }} + {{- end }} terminationGracePeriodSeconds: 60 {{- if .Values.defaultBackend.extraVolumes }} volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index f0e5ba312..86e0eabce 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -998,6 +998,25 @@ defaultBackend: # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" affinity: {} + # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. + # Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: [] + # - labelSelector: + # matchLabels: + # app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' + # app.kubernetes.io/instance: '{{ .Release.Name }}' + # app.kubernetes.io/component: default-backend + # topologyKey: topology.kubernetes.io/zone + # maxSkew: 1 + # whenUnsatisfiable: ScheduleAnyway + # - labelSelector: + # matchLabels: + # app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' + # app.kubernetes.io/instance: '{{ .Release.Name }}' + # app.kubernetes.io/component: default-backend + # topologyKey: kubernetes.io/hostname + # maxSkew: 1 + # whenUnsatisfiable: ScheduleAnyway # -- Security context for default backend pods podSecurityContext: {} # -- Security context for default backend containers From 5e0792ecb56e3efef1697b27f06066a5144b8e3c Mon Sep 17 00:00:00 2001 From: Long Wu Yuan Date: Fri, 5 Apr 2024 20:46:55 +0530 Subject: [PATCH 126/154] updated certgen image shatag (#11214) --- charts/ingress-nginx/README.md | 4 ++-- charts/ingress-nginx/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index db162bc85..c3489a6c3 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -253,11 +253,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.0"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.1"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 86e0eabce..85990614b 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -802,8 +802,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.4.0 - digest: sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + tag: v1.4.1 + digest: sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## From 158ba45b0bb06d38def61fb3f385bdf350a7f784 Mon Sep 17 00:00:00 2001 From: Jozef Halgas <43298212+jozefhalgas@users.noreply.github.com> Date: Fri, 5 Apr 2024 21:10:36 +0200 Subject: [PATCH 127/154] sort default backend hpa metrics (#11215) --- .../templates/default-backend-hpa.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/ingress-nginx/templates/default-backend-hpa.yaml b/charts/ingress-nginx/templates/default-backend-hpa.yaml index 699323897..49bcdcfdc 100644 --- a/charts/ingress-nginx/templates/default-backend-hpa.yaml +++ b/charts/ingress-nginx/templates/default-backend-hpa.yaml @@ -21,14 +21,6 @@ spec: minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }} metrics: - {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ . }} - {{- end }} {{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: @@ -37,4 +29,12 @@ spec: type: Utilization averageUtilization: {{ . }} {{- end }} + {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} {{- end }} From 531b007b604afce3fee8fa23a96dc5626401f762 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Fri, 5 Apr 2024 23:19:58 +0200 Subject: [PATCH 128/154] Chart: Add unit tests for default backend & topology spread constraints. (#11218) Also remove trailing whitespaces. --- .../templates/default-backend-deployment.yaml | 2 +- .../tests/controller-daemonset_test.yaml | 41 ++++++++ .../tests/controller-deployment_test.yaml | 40 ++++++++ .../default-backend-deployment_test.yaml | 94 +++++++++++++++++++ 4 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 charts/ingress-nginx/tests/default-backend-deployment_test.yaml diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index dc2bbcbdd..6834dba07 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -111,7 +111,7 @@ spec: {{- end }} {{- if .Values.defaultBackend.topologySpreadConstraints }} topologySpreadConstraints: {{ tpl (toYaml .Values.defaultBackend.topologySpreadConstraints) $ | nindent 8 }} - {{- end }} + {{- end }} terminationGracePeriodSeconds: 60 {{- if .Values.defaultBackend.extraVolumes }} volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }} diff --git a/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/charts/ingress-nginx/tests/controller-daemonset_test.yaml index 316455362..29359fd9e 100644 --- a/charts/ingress-nginx/tests/controller-daemonset_test.yaml +++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -54,3 +54,44 @@ tests: - equal: path: spec.template.spec.containers[0].resources.limits.memory value: 512Mi + + - it: should create a DaemonSet with topology spread constraints if `controller.topologySpreadConstraints` is set + set: + controller.kind: DaemonSet + controller.topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/component: controller + topologyKey: topology.kubernetes.io/zone + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + - labelSelector: + matchLabels: + app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/component: controller + topologyKey: kubernetes.io/hostname + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + asserts: + - equal: + path: spec.template.spec.topologySpreadConstraints + value: + - labelSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/component: controller + topologyKey: topology.kubernetes.io/zone + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + - labelSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/component: controller + topologyKey: kubernetes.io/hostname + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml index eee99385d..d0330db90 100644 --- a/charts/ingress-nginx/tests/controller-deployment_test.yaml +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -78,3 +78,43 @@ tests: - equal: path: spec.template.spec.containers[0].resources.limits.memory value: 512Mi + + - it: should create a Deployment with topology spread constraints if `controller.topologySpreadConstraints` is set + set: + controller.topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/component: controller + topologyKey: topology.kubernetes.io/zone + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + - labelSelector: + matchLabels: + app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/component: controller + topologyKey: kubernetes.io/hostname + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + asserts: + - equal: + path: spec.template.spec.topologySpreadConstraints + value: + - labelSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/component: controller + topologyKey: topology.kubernetes.io/zone + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + - labelSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/component: controller + topologyKey: kubernetes.io/hostname + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway diff --git a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml new file mode 100644 index 000000000..e6fd0c541 --- /dev/null +++ b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml @@ -0,0 +1,94 @@ +suite: Default Backend > Deployment +templates: + - default-backend-deployment.yaml + +tests: + - it: should not create a Deployment if `defaultBackend.enabled` is false + set: + defaultBackend.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a Deployment if `defaultBackend.enabled` is true + set: + defaultBackend.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Deployment + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-defaultbackend + + - it: should create a Deployment with 3 replicas if `defaultBackend.replicaCount` is 3 + set: + defaultBackend.enabled: true + defaultBackend.replicaCount: 3 + asserts: + - equal: + path: spec.replicas + value: 3 + + - it: should create a Deployment without replicas if `defaultBackend.autoscaling.enabled` is true + set: + defaultBackend.enabled: true + defaultBackend.autoscaling.enabled: true + asserts: + - notExists: + path: spec.replicas + + - it: should create a Deployment with resource limits if `defaultBackend.resources.limits` is set + set: + defaultBackend.enabled: true + defaultBackend.resources.limits.cpu: 500m + defaultBackend.resources.limits.memory: 512Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 500m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 512Mi + + - it: should create a Deployment with topology spread constraints if `defaultBackend.topologySpreadConstraints` is set + set: + defaultBackend.enabled: true + defaultBackend.topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/component: default-backend + topologyKey: topology.kubernetes.io/zone + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + - labelSelector: + matchLabels: + app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/component: default-backend + topologyKey: kubernetes.io/hostname + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + asserts: + - equal: + path: spec.template.spec.topologySpreadConstraints + value: + - labelSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/component: default-backend + topologyKey: topology.kubernetes.io/zone + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway + - labelSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/component: default-backend + topologyKey: kubernetes.io/hostname + maxSkew: 1 + whenUnsatisfiable: ScheduleAnyway From 8ede0f777fa385baac04d4e7edb801e6cf2055b6 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Sat, 6 Apr 2024 00:43:09 +0200 Subject: [PATCH 129/154] update post submit helm ci and clean up (#11220) Signed-off-by: cpanato --- .github/workflows/helm.yaml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index da86a36f0..3ba506c29 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -11,12 +11,13 @@ permissions: jobs: changes: + runs-on: ubuntu-latest + permissions: contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - if: | - (github.repository == 'kubernetes/ingress-nginx') + + if: github.repository == 'kubernetes/ingress-nginx' + outputs: docs: ${{ steps.filter.outputs.docs }} charts: ${{ steps.filter.outputs.charts }} @@ -33,9 +34,11 @@ jobs: ./ah lint -p charts/ingress-nginx || exit 1 rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz - - name: Lint - run: | - ./build/run-in-docker.sh ./hack/verify-chart-lint.sh + - name: Set up chart-testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + + - name: Run chart-testing (lint) + run: ct lint --config ./.ct.yaml - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -55,9 +58,8 @@ jobs: needs: - changes - if: | - (github.repository == 'kubernetes/ingress-nginx') && - (needs.changes.outputs.charts == 'true') + + if: ${{ needs.changes.outputs.charts == 'true' }} steps: - name: Checkout master From ebc61bdea4eecea14ee168ff30b4359d218f09f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 03:50:43 -0700 Subject: [PATCH 130/154] Bump the all group with 3 updates (#11225) Bumps the all group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [dorny/test-reporter](https://github.com/dorny/test-reporter) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/setup-buildx-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/2b51285047da1547ffb1b2203d8be4c0af6b1f20...d70bba72b1f3fd22344832f00baa16ece964efeb) Updates `dorny/test-reporter` from 1.8.0 to 1.9.0 - [Release notes](https://github.com/dorny/test-reporter/releases) - [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md) - [Commits](https://github.com/dorny/test-reporter/compare/eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8...c40d89d5e987cd80f3a32b3c233556e22bdca958) Updates `github/codeql-action` from 3.24.9 to 3.24.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/1b1aada464948af03b950897e5eb522f92603cc2...4355270be187e1b672a7a1c7c7bae5afdc1ab94a) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: dorny/test-reporter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/images.yaml | 2 +- .github/workflows/junit-reports.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f19b7158f..3e7067b8f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -124,7 +124,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 with: version: latest diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index e5684ba79..4afc27aa2 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -200,7 +200,7 @@ jobs: uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 with: version: latest platforms: ${{ env.PLATFORMS }} diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml index 3b3318def..0d76abbfb 100644 --- a/.github/workflows/junit-reports.yaml +++ b/.github/workflows/junit-reports.yaml @@ -9,7 +9,7 @@ jobs: report: runs-on: ubuntu-latest steps: - - uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0 + - uses: dorny/test-reporter@c40d89d5e987cd80f3a32b3c233556e22bdca958 # v1.9.0 with: artifact: /e2e-test-reports-(.*)/ name: JEST Tests $1 # Name of the check run which will be created diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3018dee65..d00db6ba3 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 2d671d966..3a34541a5 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From a93e9b938d91dc50b5eb46b420a640f427d3665e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 04:20:12 -0700 Subject: [PATCH 131/154] Bump github.com/prometheus/client_model in the all group (#11226) Bumps the all group with 1 update: [github.com/prometheus/client_model](https://github.com/prometheus/client_model). Updates `github.com/prometheus/client_model` from 0.6.0 to 0.6.1 - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/compare/v0.6.0...v0.6.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a0bb140a0..81c402358 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/opencontainers/runc v1.1.12 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.19.0 - github.com/prometheus/client_model v0.6.0 + github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.51.1 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index 4edd9fe56..c7a4596f4 100644 --- a/go.sum +++ b/go.sum @@ -317,8 +317,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= -github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= From 3c2cf13bb693ef185258d634a20764fa851a8666 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 04:23:07 -0700 Subject: [PATCH 132/154] Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11229) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.22.0. - [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 81c402358..7b8c3beb5 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.9.0 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 - golang.org/x/crypto v0.21.0 + golang.org/x/crypto v0.22.0 google.golang.org/grpc v1.62.1 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 @@ -107,8 +107,8 @@ require ( golang.org/x/net v0.22.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.18.0 // indirect diff --git a/go.sum b/go.sum index c7a4596f4..4b635c2ad 100644 --- a/go.sum +++ b/go.sum @@ -401,8 +401,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -543,12 +543,12 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From cb315d2db437ed8f037c2d3184e8560cf2d1c6e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 05:24:01 -0700 Subject: [PATCH 133/154] Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11227) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.51.1 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.51.1...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7b8c3beb5..22b5fa450 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.1 - github.com/prometheus/common v0.51.1 + github.com/prometheus/common v0.52.2 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 4b635c2ad..2d7c137b5 100644 --- a/go.sum +++ b/go.sum @@ -323,8 +323,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.51.1 h1:eIjN50Bwglz6a/c3hAgSMcofL3nD+nFQkV6Dd4DsQCw= -github.com/prometheus/common v0.51.1/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= +github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck= +github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= From d808e389117b90ce1766a8b35278306271116bc1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 05:26:39 -0700 Subject: [PATCH 134/154] Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11228) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.1 to 1.63.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.62.1...v1.63.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 22b5fa450..2c63151a8 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.22.0 - google.golang.org/grpc v1.62.1 + google.golang.org/grpc v1.63.0 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 @@ -113,7 +113,7 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.18.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect diff --git a/go.sum b/go.sum index 2d7c137b5..77c8836fc 100644 --- a/go.sum +++ b/go.sum @@ -670,8 +670,8 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c h1:NUsgEN92SQQqzfA+YtqYNqYmB3DMMYLlIwUZAQFVFbo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de h1:cZGRis4/ot9uVm639a+rHCUaG0JJHEsdyzSQTMX+suY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -684,8 +684,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= -google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc v1.63.0 h1:WjKe+dnvABXyPJMD7KDNLxtoGk5tgk+YFWN6cBWjZE8= +google.golang.org/grpc v1.63.0/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab/go.mod h1:liVNnGuZDITxuksuZ+BBvdy7FcJfeNk+efF9qgqNUmc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From b4cae70b52d23b7fc09f8409345bf4f2cf60e05e Mon Sep 17 00:00:00 2001 From: Tony Li Date: Tue, 9 Apr 2024 03:32:21 +0800 Subject: [PATCH 135/154] remove _ssl_expire_time_seconds metric by identifier (#9706) Signed-off-by: xiayu.lyt --- internal/ingress/controller/controller.go | 3 +-- .../ingress/metric/collectors/controller.go | 24 ++++++++++++------- .../metric/collectors/controller_test.go | 13 ++++++++-- internal/ingress/metric/dummy.go | 2 +- internal/ingress/metric/main.go | 6 ++--- 5 files changed, 31 insertions(+), 17 deletions(-) diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index db786a15c..a43c143e3 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -253,9 +253,8 @@ func (n *NGINXController) syncIngress(interface{}) error { } ri := utilingress.GetRemovedIngresses(n.runningConfig, pcfg) - re := utilingress.GetRemovedHosts(n.runningConfig, pcfg) rc := utilingress.GetRemovedCertificateSerialNumbers(n.runningConfig, pcfg) - n.metricCollector.RemoveMetrics(ri, re, rc) + n.metricCollector.RemoveMetrics(ri, rc) n.runningConfig = pcfg diff --git a/internal/ingress/metric/collectors/controller.go b/internal/ingress/metric/collectors/controller.go index e1d6789bb..4ee84bc56 100644 --- a/internal/ingress/metric/collectors/controller.go +++ b/internal/ingress/metric/collectors/controller.go @@ -30,7 +30,7 @@ import ( var ( operation = []string{"controller_namespace", "controller_class", "controller_pod"} ingressOperation = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress"} - sslLabelHost = []string{"namespace", "class", "host", "secret_name"} + sslLabelHost = []string{"namespace", "class", "host", "secret_name", "identifier"} sslInfoLabels = []string{"namespace", "class", "host", "secret_name", "identifier", "issuer_organization", "issuer_common_name", "serial_number", "public_key_algorithm"} orphanityLabels = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress", "type"} ) @@ -305,6 +305,7 @@ func (cm *Controller) SetSSLExpireTime(servers []*ingress.Server) { } labels["host"] = s.Hostname labels["secret_name"] = s.SSLCert.Name + labels["identifier"] = s.SSLCert.Identifier() cm.sslExpireTime.With(labels).Set(float64(s.SSLCert.ExpireTime.Unix())) } @@ -337,9 +338,9 @@ func (cm *Controller) SetSSLInfo(servers []*ingress.Server) { } } -// RemoveMetrics removes metrics for hostnames not available anymore -func (cm *Controller) RemoveMetrics(hosts, certificates []string, registry prometheus.Gatherer) { - cm.removeSSLExpireMetrics(true, hosts, registry) +// RemoveMetrics removes metrics for certificates not available anymore by identifier +func (cm *Controller) RemoveMetrics(certificates []string, registry prometheus.Gatherer) { + cm.removeSSLExpireMetrics(true, certificates, registry) cm.removeCertificatesMetrics(true, certificates, registry) } @@ -390,14 +391,14 @@ func (cm *Controller) removeCertificatesMetrics(onlyDefinedHosts bool, certifica } } -func (cm *Controller) removeSSLExpireMetrics(onlyDefinedHosts bool, hosts []string, registry prometheus.Gatherer) { +func (cm *Controller) removeSSLExpireMetrics(onlyDefinedCerts bool, certificates []string, registry prometheus.Gatherer) { mfs, err := registry.Gather() if err != nil { klog.ErrorS(err, "Error gathering metrics") return } - toRemove := sets.NewString(hosts...) + toRemove := sets.NewString(certificates...) for _, mf := range mfs { metricName := mf.GetName() @@ -414,19 +415,24 @@ func (cm *Controller) removeSSLExpireMetrics(onlyDefinedHosts bool, hosts []stri // remove labels that are constant deleteConstants(labels) + identifier, ok := labels["identifier"] + if !ok { + continue + } + host, ok := labels["host"] if !ok { continue } - if onlyDefinedHosts && !toRemove.Has(host) { + if onlyDefinedCerts && !toRemove.Has(identifier) { continue } - klog.V(2).InfoS("Removing prometheus metric", "gauge", metricName, "host", host) + klog.V(2).InfoS("Removing prometheus metric", "gauge", metricName, "host", host, "identifier", identifier) removed := cm.sslExpireTime.Delete(labels) if !removed { - klog.V(2).InfoS("metric removed", "metric", metricName, "host", host, "labels", labels) + klog.V(2).InfoS("metric removed", "metric", metricName, "host", host, "identifier", identifier, "labels", labels) } } } diff --git a/internal/ingress/metric/collectors/controller_test.go b/internal/ingress/metric/collectors/controller_test.go index 53a0fd31a..7c7ea8a67 100644 --- a/internal/ingress/metric/collectors/controller_test.go +++ b/internal/ingress/metric/collectors/controller_test.go @@ -88,6 +88,15 @@ func TestControllerCounters(t *testing.T) { Hostname: "demo", SSLCert: &ingress.SSLCert{ ExpireTime: t1, + Certificate: &x509.Certificate{ + PublicKeyAlgorithm: x509.ECDSA, + Issuer: pkix.Name{ + CommonName: "certificate issuer", + SerialNumber: "abcd1234", + Organization: []string{"issuer org"}, + }, + SerialNumber: big.NewInt(100), + }, }, }, { @@ -102,7 +111,7 @@ func TestControllerCounters(t *testing.T) { want: ` # HELP nginx_ingress_controller_ssl_expire_time_seconds Number of seconds since 1970 to the SSL Certificate expire.\n An example to check if this certificate will expire in 10 days is: "nginx_ingress_controller_ssl_expire_time_seconds < (time() + (10 * 24 * 3600))" # TYPE nginx_ingress_controller_ssl_expire_time_seconds gauge - nginx_ingress_controller_ssl_expire_time_seconds{class="nginx",host="demo",namespace="default",secret_name=""} 1.351807721e+09 + nginx_ingress_controller_ssl_expire_time_seconds{class="nginx",host="demo",identifier="abcd1234-100",namespace="default",secret_name=""} 1.351807721e+09 `, metrics: []string{"nginx_ingress_controller_ssl_expire_time_seconds"}, }, @@ -262,7 +271,7 @@ func TestRemoveMetrics(t *testing.T) { cm.SetSSLExpireTime(servers) cm.SetSSLInfo(servers) - cm.RemoveMetrics([]string{"demo"}, []string{"abcd1234-100"}, reg) + cm.RemoveMetrics([]string{"abcd1234-100"}, reg) if err := GatherAndCompare(cm, "", []string{"nginx_ingress_controller_ssl_expire_time_seconds"}, reg); err != nil { t.Errorf("unexpected collecting result:\n%s", err) diff --git a/internal/ingress/metric/dummy.go b/internal/ingress/metric/dummy.go index a619ccbd8..7b1485280 100644 --- a/internal/ingress/metric/dummy.go +++ b/internal/ingress/metric/dummy.go @@ -54,7 +54,7 @@ func (dc DummyCollector) IncCheckCount(string, string) {} func (dc DummyCollector) IncCheckErrorCount(string, string) {} // RemoveMetrics dummy implementation -func (dc DummyCollector) RemoveMetrics(_, _, _ []string) {} +func (dc DummyCollector) RemoveMetrics(_, _ []string) {} // Start dummy implementation func (dc DummyCollector) Start(_ string) {} diff --git a/internal/ingress/metric/main.go b/internal/ingress/metric/main.go index aa35a5c51..93c31622c 100644 --- a/internal/ingress/metric/main.go +++ b/internal/ingress/metric/main.go @@ -46,7 +46,7 @@ type Collector interface { IncOrphanIngress(string, string, string) DecOrphanIngress(string, string, string) - RemoveMetrics(ingresses, endpoints, certificates []string) + RemoveMetrics(ingresses, certificates []string) SetSSLExpireTime([]*ingress.Server) SetSSLInfo(servers []*ingress.Server) @@ -131,9 +131,9 @@ func (c *collector) IncReloadErrorCount() { c.ingressController.IncReloadErrorCount() } -func (c *collector) RemoveMetrics(ingresses, hosts, certificates []string) { +func (c *collector) RemoveMetrics(ingresses, certificates []string) { c.socket.RemoveMetrics(ingresses, c.registry) - c.ingressController.RemoveMetrics(hosts, certificates, c.registry) + c.ingressController.RemoveMetrics(certificates, c.registry) } func (c *collector) Start(admissionStatus string) { From d56aacdb31a0abe59ecb78d0ad078bd833c11da1 Mon Sep 17 00:00:00 2001 From: Tony Li Date: Tue, 9 Apr 2024 17:08:48 +0800 Subject: [PATCH 136/154] Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11237) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 遐宇 --- go.mod | 2 +- go.sum | 4 ++-- go.work.sum | 5 +++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 2c63151a8..780ce5959 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.22.0 - google.golang.org/grpc v1.63.0 + google.golang.org/grpc v1.63.2 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 diff --git a/go.sum b/go.sum index 77c8836fc..b7f63c02f 100644 --- a/go.sum +++ b/go.sum @@ -684,8 +684,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.63.0 h1:WjKe+dnvABXyPJMD7KDNLxtoGk5tgk+YFWN6cBWjZE8= -google.golang.org/grpc v1.63.0/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab/go.mod h1:liVNnGuZDITxuksuZ+BBvdy7FcJfeNk+efF9qgqNUmc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= diff --git a/go.work.sum b/go.work.sum index af236d3b1..4e1cead39 100644 --- a/go.work.sum +++ b/go.work.sum @@ -535,7 +535,6 @@ github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZY github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= -github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= @@ -583,6 +582,7 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -602,6 +602,7 @@ golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -625,7 +626,6 @@ golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -684,6 +684,7 @@ google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqt google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= +google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U= From 1f4ee0e235bfbc55d750b6a20cf4133381fa7dd7 Mon Sep 17 00:00:00 2001 From: Christian Groschupp Date: Tue, 9 Apr 2024 12:25:22 +0200 Subject: [PATCH 137/154] feat: add annotation to allow to add custom response headers (#9742) * add custom headers Signed-off-by: Christian Groschupp * add tests Signed-off-by: Christian Groschupp * add docs * update copyright * change comments * add e2e test customheaders * add custom headers validation * remove escapeLiteralDollar filter * validate value in custom headers * add regex for header value * fix annotation test * Revert "remove escapeLiteralDollar filter" This reverts commit ab48392b60dee4ce146a4c17e046849f9633c7fb. * add annotationConfig * fix test * fix golangci-lint findings * fix: add missung exp module --------- Signed-off-by: Christian Groschupp --- .../nginx-configuration/annotations.md | 17 +++ .../nginx-configuration/configmap.md | 5 + go.mod | 1 + go.work.sum | 77 +++++++++++ internal/ingress/annotations/annotations.go | 3 + .../ingress/annotations/annotations_test.go | 55 +++++++- .../ingress/annotations/customheaders/main.go | 124 ++++++++++++++++++ .../annotations/customheaders/main_test.go | 113 ++++++++++++++++ internal/ingress/controller/config/config.go | 1 + internal/ingress/controller/controller.go | 1 + .../ingress/controller/template/configmap.go | 20 +++ internal/ingress/defaults/main.go | 3 + pkg/apis/ingress/types.go | 4 +- rootfs/etc/nginx/template/nginx.tmpl | 7 + test/e2e/annotations/customheaders.go | 110 ++++++++++++++++ 15 files changed, 537 insertions(+), 4 deletions(-) create mode 100644 internal/ingress/annotations/customheaders/main.go create mode 100644 internal/ingress/annotations/customheaders/main_test.go create mode 100644 test/e2e/annotations/customheaders.go diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 184c4993b..2230f80f7 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -50,6 +50,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/client-body-buffer-size](#client-body-buffer-size)|string| |[nginx.ingress.kubernetes.io/configuration-snippet](#configuration-snippet)|string| |[nginx.ingress.kubernetes.io/custom-http-errors](#custom-http-errors)|[]int| +|[nginx.ingress.kubernetes.io/custom-headers](#custom-headers)|string| |[nginx.ingress.kubernetes.io/default-backend](#default-backend)|string| |[nginx.ingress.kubernetes.io/enable-cors](#enable-cors)|"true" or "false"| |[nginx.ingress.kubernetes.io/cors-allow-origin](#enable-cors)|string| @@ -338,6 +339,22 @@ Example usage: nginx.ingress.kubernetes.io/custom-http-errors: "404,415" ``` +### Custom Headers +This annotation is of the form `nginx.ingress.kubernetes.io/custom-headers: custom-headers-configmap` to specify a configmap name that contains custom headers. This annotation uses `more_set_headers` nginx directive. + +Example configmap: +```yaml +apiVersion: v1 +data: + Content-Type: application/json +kind: ConfigMap +metadata: + name: custom-headers-configmap +``` + +!!! attention + First define the allowed response headers in [global-allowed-response-headers](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/configmap.md#global-allowed-response-headers). + ### Default Backend This annotation is of the form `nginx.ingress.kubernetes.io/default-backend: ` to specify a custom default backend. This `` is a reference to a service inside of the same namespace in which you are applying this annotation. This annotation overrides the global default backend. In case the service has [multiple ports](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services), the first one is the one which will receive the backend traffic. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 89a35b07b..52c54c4fe 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -209,6 +209,7 @@ The following table shows a configuration option's name, type, and the default v |[syslog-host](#syslog-host)| string | "" || |[syslog-port](#syslog-port)| int | 514 || |[no-tls-redirect-locations](#no-tls-redirect-locations)| string | "/.well-known/acme-challenge" || +|[global-allowed-response-headers](#global-allowed-response-headers)|string|""|| |[global-auth-url](#global-auth-url)| string | "" || |[global-auth-method](#global-auth-method)| string | "" || |[global-auth-signin](#global-auth-signin)| string | "" || @@ -1285,6 +1286,10 @@ Sets the port of syslog server. _**default:**_ 514 A comma-separated list of locations on which http requests will never get redirected to their https counterpart. _**default:**_ "/.well-known/acme-challenge" +## global-allowed-response-headers + +A comma-separated list of allowed response headers inside the [custom headers annotations](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#custom-headers) + ## global-auth-url A url to an existing service that provides authentication for all the locations. diff --git a/go.mod b/go.mod index 780ce5959..228ac7511 100644 --- a/go.mod +++ b/go.mod @@ -26,6 +26,7 @@ require ( github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.22.0 + golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e google.golang.org/grpc v1.63.2 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 diff --git a/go.work.sum b/go.work.sum index 4e1cead39..4ce702139 100644 --- a/go.work.sum +++ b/go.work.sum @@ -379,6 +379,7 @@ cloud.google.com/go/spanner v1.49.0/go.mod h1:eGj9mQGK8+hkgSVbHNQ06pQ4oS+cyc4tXX cloud.google.com/go/spanner v1.51.0/go.mod h1:c5KNo5LQ1X5tJwma9rSQZsXNBDNvj4/n8BVc3LNahq0= cloud.google.com/go/spanner v1.55.0/go.mod h1:HXEznMUVhC+PC+HDyo9YFG2Ajj5BQDkcbqB9Z2Ffxi0= cloud.google.com/go/spanner v1.56.0/go.mod h1:DndqtUKQAt3VLuV2Le+9Y3WTnq5cNKrnLb/Piqcj+h0= +cloud.google.com/go/spanner v1.57.0/go.mod h1:aXQ5QDdhPRIqVhYmnkAdwPYvj/DRN0FguclhEWw+jOo= cloud.google.com/go/speech v1.17.1/go.mod h1:8rVNzU43tQvxDaGvqOhpDqgkJTFowBpDvCJ14kGlJYo= cloud.google.com/go/speech v1.19.0/go.mod h1:8rVNzU43tQvxDaGvqOhpDqgkJTFowBpDvCJ14kGlJYo= cloud.google.com/go/speech v1.20.1/go.mod h1:wwolycgONvfz2EDU8rKuHRW3+wc9ILPsAWoikBEWavY= @@ -442,14 +443,18 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= +github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= +github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= +github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk= github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs= github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs= github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww= @@ -468,6 +473,7 @@ github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= @@ -480,7 +486,12 @@ github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQ github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= +github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= +github.com/getsentry/sentry-go v0.21.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY= +github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= +github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -491,6 +502,9 @@ github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.22.5/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= github.com/go-openapi/swag v0.22.6/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= +github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= +github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= @@ -500,8 +514,10 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= @@ -522,27 +538,42 @@ github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2e github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= +github.com/labstack/echo/v4 v4.10.2/go.mod h1:OEyqf2//K1DFdE57vw2DRgWY0M7s65IVQO2FzvI4J5k= +github.com/labstack/gommon v0.4.0/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= +github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= +github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= +github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= @@ -550,29 +581,61 @@ github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= +github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= +github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= +github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= +go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.etcd.io/etcd/api/v3 v3.5.10/go.mod h1:TidfmT4Uycad3NM/o25fG3J07odo4GBB9hoxaodFCtI= +go.etcd.io/etcd/client/pkg/v3 v3.5.10/go.mod h1:DYivfIviIuQ8+/lCq4vcxuseg2P2XbHygkKwFo9fc8U= +go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= +go.etcd.io/etcd/client/v3 v3.5.10/go.mod h1:RVeBnDz2PUEZqTpgqwAtUd8nAPf5kjyFyND7P1VkOKc= +go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= +go.etcd.io/etcd/raft/v3 v3.5.10/go.mod h1:odD6kr8XQXTy9oQnyMPBOr0TVe+gT0neQhElQ6jbGRc= +go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0/go.mod h1:SeQhzAEccGVZVEy7aH87Nh0km+utSpo1pTv6eMMop48= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= +go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I= +go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY= +go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= +go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo= +go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -614,6 +677,7 @@ golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= @@ -632,6 +696,7 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -660,6 +725,7 @@ google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWL google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI= google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk= google.golang.org/api v0.162.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYlAHs0= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -685,6 +751,7 @@ google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqt google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= +google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U= @@ -697,6 +764,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go. google.golang.org/genproto/googleapis/api v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:B5xPO//w8qmBDjGReYLpR6UJPnkldGkCSMoH/2vxJeg= google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I= +google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:PVreiBMirk8ypES6aw9d4p6iiBNSIfZEBqr3UGoAi2E= +google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw= google.golang.org/genproto/googleapis/bytestream v0.0.0-20231212172506-995d672761c0/go.mod h1:guYXGPwC6jwxgWKW5Y405fKWOFNwlvUlUnzyp9i0uqo= @@ -711,6 +780,7 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014/go.mod h1:SaPjaZGWb0lPqs6Ittu0spdfrOArqji4ZdeP5IC/9N4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= @@ -722,14 +792,21 @@ google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/evanphx/json-patch.v5 v5.6.0 h1:BMT6KIwBD9CaU91PJCZIe46bDmBWa9ynTQgJIOpfQBk= gopkg.in/evanphx/json-patch.v5 v5.6.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= +gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kms v0.29.3/go.mod h1:TBGbJKpRUMk59neTMDMddjIDL+D4HuFUbpuiuzmOPg0= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= diff --git a/internal/ingress/annotations/annotations.go b/internal/ingress/annotations/annotations.go index 302f0b4b1..0bb2ac7b8 100644 --- a/internal/ingress/annotations/annotations.go +++ b/internal/ingress/annotations/annotations.go @@ -20,6 +20,7 @@ import ( "dario.cat/mergo" "k8s.io/ingress-nginx/internal/ingress/annotations/canary" + "k8s.io/ingress-nginx/internal/ingress/annotations/customheaders" "k8s.io/ingress-nginx/internal/ingress/annotations/disableproxyintercepterrors" "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" "k8s.io/ingress-nginx/internal/ingress/annotations/opentelemetry" @@ -82,6 +83,7 @@ type Ingress struct { Canary canary.Config CertificateAuth authtls.Config ClientBodyBufferSize string + CustomHeaders customheaders.Config ConfigurationSnippet string Connection connection.Config CorsConfig cors.Config @@ -133,6 +135,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor { "Canary": canary.NewParser(cfg), "CertificateAuth": authtls.NewParser(cfg), "ClientBodyBufferSize": clientbodybuffersize.NewParser(cfg), + "CustomHeaders": customheaders.NewParser(cfg), "ConfigurationSnippet": snippet.NewParser(cfg), "Connection": connection.NewParser(cfg), "CorsConfig": cors.NewParser(cfg), diff --git a/internal/ingress/annotations/annotations_test.go b/internal/ingress/annotations/annotations_test.go index 0f4f8f7d7..5df3cdc0e 100644 --- a/internal/ingress/annotations/annotations_test.go +++ b/internal/ingress/annotations/annotations_test.go @@ -43,16 +43,20 @@ var ( annotationAffinityCookieName = parser.GetAnnotationWithPrefix("session-cookie-name") annotationUpstreamHashBy = parser.GetAnnotationWithPrefix("upstream-hash-by") annotationCustomHTTPErrors = parser.GetAnnotationWithPrefix("custom-http-errors") + annotationCustomHeaders = parser.GetAnnotationWithPrefix("custom-headers") ) type mockCfg struct { resolver.Mock - MockSecrets map[string]*apiv1.Secret - MockServices map[string]*apiv1.Service + MockSecrets map[string]*apiv1.Secret + MockServices map[string]*apiv1.Service + MockConfigMaps map[string]*apiv1.ConfigMap } func (m mockCfg) GetDefaultBackend() defaults.Backend { - return defaults.Backend{} + return defaults.Backend{ + AllowedResponseHeaders: []string{"Content-Type"}, + } } func (m mockCfg) GetSecret(name string) (*apiv1.Secret, error) { @@ -63,6 +67,10 @@ func (m mockCfg) GetService(name string) (*apiv1.Service, error) { return m.MockServices[name], nil } +func (m mockCfg) GetConfigMap(name string) (*apiv1.ConfigMap, error) { + return m.MockConfigMaps[name], nil +} + func (m mockCfg) GetAuthCertificate(name string) (*resolver.AuthSSLCert, error) { secret, err := m.GetSecret(name) if err != nil { @@ -317,3 +325,44 @@ func TestCustomHTTPErrors(t *testing.T) { } } } + +func TestCustomResponseHeaders(t *testing.T) { + mockObj := mockCfg{} + mockObj.MockConfigMaps = map[string]*apiv1.ConfigMap{} + mockObj.MockConfigMaps["custom-headers"] = &apiv1.ConfigMap{Data: map[string]string{"Content-Type": "application/json"}} + mockObj.MockConfigMaps["empty-custom-headers"] = &apiv1.ConfigMap{Data: map[string]string{}} + + ec := NewAnnotationExtractor(mockObj) + ing := buildIngress() + fooAnns := []struct { + annotations map[string]string + headers map[string]string + }{ + {map[string]string{annotationCustomHeaders: "custom-headers"}, map[string]string{"Content-Type": "application/json"}}, + {map[string]string{annotationCustomHeaders: "empty-custom-headers"}, map[string]string{}}, + {nil, map[string]string{}}, + } + + for _, foo := range fooAnns { + ing.SetAnnotations(foo.annotations) + rann, err := ec.Extract(ing) + if err != nil { + t.Errorf("error should be null: %v", err) + } + r := rann.CustomHeaders.Headers + + // Check that expected headers were created + for i := range foo.headers { + if r[i] != foo.headers[i] { + t.Errorf("Returned %v but expected %v", r, foo.headers) + } + } + + // Check that no unexpected headers were created + for i := range r { + if r[i] != foo.headers[i] { + t.Errorf("Returned %v but expected %v", r, foo.headers) + } + } + } +} diff --git a/internal/ingress/annotations/customheaders/main.go b/internal/ingress/annotations/customheaders/main.go new file mode 100644 index 000000000..774e9c3d3 --- /dev/null +++ b/internal/ingress/annotations/customheaders/main.go @@ -0,0 +1,124 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package customheaders + +import ( + "fmt" + "regexp" + + "k8s.io/klog/v2" + + networking "k8s.io/api/networking/v1" + + "golang.org/x/exp/slices" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + ing_errors "k8s.io/ingress-nginx/internal/ingress/errors" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +// Config returns the custom response headers for an Ingress rule +type Config struct { + Headers map[string]string `json:"headers,omitempty"` +} + +var ( + headerRegexp = regexp.MustCompile(`^[a-zA-Z\d\-_]+$`) + valueRegexp = regexp.MustCompile(`^[a-zA-Z\d_ :;.,\\/"'?!(){}\[\]@<>=\-+*#$&\x60|~^%]+$`) +) + +// ValidHeader checks is the provided string satisfies the header's name regex +func ValidHeader(header string) bool { + return headerRegexp.MatchString(header) +} + +// ValidValue checks is the provided string satisfies the value regex +func ValidValue(header string) bool { + return valueRegexp.MatchString(header) +} + +const ( + customHeadersConfigMapAnnotation = "custom-headers" +) + +var customHeadersAnnotation = parser.Annotation{ + Group: "backend", + Annotations: parser.AnnotationFields{ + customHeadersConfigMapAnnotation: { + Validator: parser.ValidateRegex(parser.BasicCharsRegex, true), + Scope: parser.AnnotationScopeLocation, + Risk: parser.AnnotationRiskMedium, + Documentation: `This annotation sets the name of a ConfigMap that specifies headers to pass to the client. + Only ConfigMaps on the same namespace are allowed`, + }, + }, +} + +type customHeaders struct { + r resolver.Resolver + annotationConfig parser.Annotation +} + +// NewParser creates a new custom response headers annotation parser +func NewParser(r resolver.Resolver) parser.IngressAnnotation { + return customHeaders{r: r, annotationConfig: customHeadersAnnotation} +} + +func (a customHeaders) GetDocumentation() parser.AnnotationFields { + return a.annotationConfig.Annotations +} + +// Parse parses the annotations contained in the ingress to use +// custom response headers +func (a customHeaders) Parse(ing *networking.Ingress) (interface{}, error) { + clientHeadersConfigMapName, err := parser.GetStringAnnotation(customHeadersConfigMapAnnotation, ing, a.annotationConfig.Annotations) + if err != nil { + klog.V(3).InfoS("client-headers annotation is undefined and will not be set") + } + + var headers map[string]string + defBackend := a.r.GetDefaultBackend() + + if clientHeadersConfigMapName != "" { + clientHeadersMapContents, err := a.r.GetConfigMap(clientHeadersConfigMapName) + if err != nil { + return nil, ing_errors.NewLocationDenied(fmt.Sprintf("unable to find configMap %q", clientHeadersConfigMapName)) + } + + for header, value := range clientHeadersMapContents.Data { + if !ValidHeader(header) { + return nil, ing_errors.NewLocationDenied("invalid header name in configmap") + } + if !ValidValue(value) { + return nil, ing_errors.NewLocationDenied("invalid header value in configmap") + } + if !slices.Contains(defBackend.AllowedResponseHeaders, header) { + return nil, ing_errors.NewLocationDenied(fmt.Sprintf("header %s is not allowed, defined allowed headers inside global-allowed-response-headers %v", header, defBackend.AllowedResponseHeaders)) + } + } + + headers = clientHeadersMapContents.Data + } + + return &Config{ + Headers: headers, + }, nil +} + +func (a customHeaders) Validate(anns map[string]string) error { + maxrisk := parser.StringRiskToRisk(a.r.GetSecurityConfiguration().AnnotationsRiskLevel) + return parser.CheckAnnotationRisk(anns, maxrisk, customHeadersAnnotation.Annotations) +} diff --git a/internal/ingress/annotations/customheaders/main_test.go b/internal/ingress/annotations/customheaders/main_test.go new file mode 100644 index 000000000..81c0b795a --- /dev/null +++ b/internal/ingress/annotations/customheaders/main_test.go @@ -0,0 +1,113 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package customheaders + +import ( + "reflect" + "testing" + + api "k8s.io/api/core/v1" + networking "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + "k8s.io/ingress-nginx/internal/ingress/defaults" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +func buildIngress() *networking.Ingress { + return &networking.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "foo", + Namespace: api.NamespaceDefault, + }, + Spec: networking.IngressSpec{ + DefaultBackend: &networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: "default-backend", + Port: networking.ServiceBackendPort{ + Number: 80, + }, + }, + }, + }, + } +} + +type mockBackend struct { + resolver.Mock +} + +// GetDefaultBackend returns the backend that must be used as default +func (m mockBackend) GetDefaultBackend() defaults.Backend { + return defaults.Backend{ + AllowedResponseHeaders: []string{"Content-Type", "Access-Control-Max-Age"}, + } +} + +func TestCustomHeadersParseInvalidAnnotations(t *testing.T) { + ing := buildIngress() + configMapResolver := mockBackend{} + configMapResolver.ConfigMaps = map[string]*api.ConfigMap{} + + _, err := NewParser(configMapResolver).Parse(ing) + if err != nil { + t.Errorf("expected error parsing ingress with custom-response-headers") + } + + data := map[string]string{} + data[parser.GetAnnotationWithPrefix("custom-headers")] = "custom-headers-configmap" + ing.SetAnnotations(data) + i, err := NewParser(&resolver.Mock{}).Parse(ing) + if err == nil { + t.Errorf("expected error parsing ingress with custom-response-headers") + } + if i != nil { + t.Errorf("expected %v but got %v", nil, i) + } +} + +func TestCustomHeadersParseAnnotations(t *testing.T) { + ing := buildIngress() + + data := map[string]string{} + data[parser.GetAnnotationWithPrefix("custom-headers")] = "custom-headers-configmap" + ing.SetAnnotations(data) + + configMapResolver := mockBackend{} + configMapResolver.ConfigMaps = map[string]*api.ConfigMap{} + + configMapResolver.ConfigMaps["custom-headers-configmap"] = &api.ConfigMap{Data: map[string]string{"Content-Type": "application/json", "Access-Control-Max-Age": "600"}} + + i, err := NewParser(configMapResolver).Parse(ing) + if err != nil { + t.Errorf("unexpected error parsing ingress with custom-response-headers: %s", err) + } + val, ok := i.(*Config) + if !ok { + t.Errorf("expected a *Config type") + } + + expectedResponseHeaders := map[string]string{} + expectedResponseHeaders["Content-Type"] = "application/json" + expectedResponseHeaders["Access-Control-Max-Age"] = "600" + + c := &Config{expectedResponseHeaders} + + if !reflect.DeepEqual(c, val) { + t.Errorf("expected %v but got %v", c, val) + } +} diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 371f3069c..47f2120f1 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -888,6 +888,7 @@ func NewDefault() Configuration { ProxyHTTPVersion: "1.1", ProxyMaxTempFileSize: "1024m", ServiceUpstream: false, + AllowedResponseHeaders: []string{}, }, UpstreamKeepaliveConnections: 320, UpstreamKeepaliveTime: "1h", diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index a43c143e3..2e782f485 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -1504,6 +1504,7 @@ func (n *NGINXController) createServers(data []*ingress.Ingress, func locationApplyAnnotations(loc *ingress.Location, anns *annotations.Ingress) { loc.BasicDigestAuth = anns.BasicDigestAuth loc.ClientBodyBufferSize = anns.ClientBodyBufferSize + loc.CustomHeaders = anns.CustomHeaders loc.ConfigurationSnippet = anns.ConfigurationSnippet loc.CorsConfig = anns.CorsConfig loc.ExternalAuth = anns.ExternalAuth diff --git a/internal/ingress/controller/template/configmap.go b/internal/ingress/controller/template/configmap.go index 9dc019bcc..f78dbad03 100644 --- a/internal/ingress/controller/template/configmap.go +++ b/internal/ingress/controller/template/configmap.go @@ -31,6 +31,7 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/ingress-nginx/internal/ingress/annotations/authreq" + "k8s.io/ingress-nginx/internal/ingress/annotations/customheaders" "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/controller/config" ing_net "k8s.io/ingress-nginx/internal/net" @@ -54,6 +55,7 @@ const ( nginxStatusIpv6Whitelist = "nginx-status-ipv6-whitelist" proxyHeaderTimeout = "proxy-protocol-header-timeout" workerProcesses = "worker-processes" + globalAllowedResponseHeaders = "global-allowed-response-headers" globalAuthURL = "global-auth-url" globalAuthMethod = "global-auth-method" globalAuthSignin = "global-auth-signin" @@ -115,6 +117,7 @@ func ReadConfig(src map[string]string) config.Configuration { blockUserAgentList := make([]string, 0) blockRefererList := make([]string, 0) responseHeaders := make([]string, 0) + allowedResponseHeaders := make([]string, 0) luaSharedDicts := make(map[string]int) debugConnectionsList := make([]string, 0) @@ -248,6 +251,22 @@ func ReadConfig(src map[string]string) config.Configuration { } } + // Verify that the configured global external authorization response headers are valid. if not, set the default value + if val, ok := conf[globalAllowedResponseHeaders]; ok { + delete(conf, globalAllowedResponseHeaders) + + if val != "" { + harr := splitAndTrimSpace(val, ",") + for _, header := range harr { + if !customheaders.ValidHeader(header) { + klog.Warningf("Global allowed response headers denied - %s.", header) + } else { + allowedResponseHeaders = append(allowedResponseHeaders, header) + } + } + } + } + // Verify that the configured global external authorization method is a valid HTTP method. if not, set the default value if val, ok := conf[globalAuthMethod]; ok { delete(conf, globalAuthMethod) @@ -422,6 +441,7 @@ func ReadConfig(src map[string]string) config.Configuration { to.ProxyStreamResponses = streamResponses to.DisableIpv6DNS = !ing_net.IsIPv6Enabled() to.LuaSharedDicts = luaSharedDicts + to.Backend.AllowedResponseHeaders = allowedResponseHeaders decoderConfig := &mapstructure.DecoderConfig{ Metadata: nil, diff --git a/internal/ingress/defaults/main.go b/internal/ingress/defaults/main.go index 2bb58c858..cfad388ef 100644 --- a/internal/ingress/defaults/main.go +++ b/internal/ingress/defaults/main.go @@ -176,6 +176,9 @@ type Backend struct { // By default, the NGINX ingress controller uses a list of all endpoints (Pod IP/port) in the NGINX upstream configuration. // It disables that behavior and instead uses a single upstream in NGINX, the service's Cluster IP and port. ServiceUpstream bool `json:"service-upstream"` + + // AllowedResponseHeaders allows to define allow response headers for custom header annotation + AllowedResponseHeaders []string `json:"global-allowed-response-headers"` } type SecurityConfiguration struct { diff --git a/pkg/apis/ingress/types.go b/pkg/apis/ingress/types.go index 2ad17ec3d..269814d34 100644 --- a/pkg/apis/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -27,6 +27,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/authtls" "k8s.io/ingress-nginx/internal/ingress/annotations/connection" "k8s.io/ingress-nginx/internal/ingress/annotations/cors" + "k8s.io/ingress-nginx/internal/ingress/annotations/customheaders" "k8s.io/ingress-nginx/internal/ingress/annotations/fastcgi" "k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/ipallowlist" @@ -263,7 +264,8 @@ type Location struct { BasicDigestAuth auth.Config `json:"basicDigestAuth,omitempty"` // Denied returns an error when this location cannot not be allowed // Requesting a denied location should return HTTP code 403. - Denied *string `json:"denied,omitempty"` + Denied *string `json:"denied,omitempty"` + CustomHeaders customheaders.Config `json:"customHeaders,omitempty"` // CorsConfig returns the Cors Configuration for the ingress rule // +optional CorsConfig cors.Config `json:"corsConfig,omitempty"` diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index b3b3f8683..4c0da2eb9 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -1489,6 +1489,13 @@ stream { {{ $all.Cfg.LocationSnippet }} {{ end }} + {{ if $location.CustomHeaders }} + # Custom Response Headers + {{ range $k, $v := $location.CustomHeaders.Headers }} + more_set_headers {{ printf "%s: %s" $k $v | escapeLiteralDollar | quote }}; + {{ end }} + {{ end }} + {{/* if we are sending the request to a custom default backend, we add the required headers */}} {{ if (hasPrefix $location.Backend "custom-default-backend-") }} proxy_set_header X-Code 503; diff --git a/test/e2e/annotations/customheaders.go b/test/e2e/annotations/customheaders.go new file mode 100644 index 000000000..274ce8278 --- /dev/null +++ b/test/e2e/annotations/customheaders.go @@ -0,0 +1,110 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package annotations + +import ( + "fmt" + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +const ( + customHeaderHost = "custom-headers" +) + +var _ = framework.DescribeAnnotation("custom-headers-*", func() { + f := framework.NewDefaultFramework("custom-headers") + + ginkgo.BeforeEach(func() { + f.NewEchoDeployment() + }) + + ginkgo.It("should return status code 200 when no custom-headers is configured", func() { + ing := framework.NewSingleIngress(customHeaderHost, "/", customHeaderHost, f.Namespace, framework.EchoService, 80, nil) + f.EnsureIngress(ing) + + f.WaitForNginxServer(customHeaderHost, + func(server string) bool { + return strings.Contains(server, "server_name custom-headers") + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", customHeaderHost). + Expect(). + Status(http.StatusOK). + Body().Contains(fmt.Sprintf("host=%v", customHeaderHost)) + }) + + ginkgo.It("should return status code 503 when custom-headers is configured with an invalid secret", func() { + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/custom-headers": f.Namespace + "/custom-headers", + } + + ing := framework.NewSingleIngress(customHeaderHost, "/", customHeaderHost, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(customHeaderHost, + func(server string) bool { + return strings.Contains(server, "server_name custom-headers") + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", customHeaderHost). + Expect(). + Status(http.StatusServiceUnavailable). + Body().Contains("503 Service Temporarily Unavailable") + }) + + ginkgo.It(`should set "more_set_headers 'My-Custom-Header' '42';" when custom-headers are set`, func() { + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/custom-headers": f.Namespace + "/custom-headers", + } + + f.CreateConfigMap("custom-headers", map[string]string{ + "My-Custom-Header": "42", + "My-Custom-Header-Dollar": "$remote_addr", + }) + f.UpdateNginxConfigMapData("global-allowed-response-headers", "My-Custom-Header,My-Custom-Header-Dollar") + + ing := framework.NewSingleIngress(customHeaderHost, "/", customHeaderHost, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(customHeaderHost, + func(server string) bool { + return strings.Contains(server, `more_set_headers "My-Custom-Header: 42";`) + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", customHeaderHost). + Expect(). + Status(http.StatusOK). + Header("My-Custom-Header").Contains("42") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", customHeaderHost). + Expect(). + Status(http.StatusOK). + Header("My-Custom-Header-Dollar").Contains("$remote_addr") + }) +}) From ca6d3622e5c2819a29f4a407ed272f42d10a91a9 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 9 Apr 2024 15:34:40 -0400 Subject: [PATCH 138/154] update k8s version to latest kind release (#11240) Signed-off-by: James Strong --- .github/workflows/ci.yaml | 8 ++++---- .github/workflows/images.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3e7067b8f..bc2dc24ef 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -235,7 +235,7 @@ jobs: strategy: matrix: - k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] steps: - name: Checkout @@ -286,7 +286,7 @@ jobs: (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: - k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml with: k8s-version: ${{ matrix.k8s }} @@ -300,7 +300,7 @@ jobs: (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: - k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml with: k8s-version: ${{ matrix.k8s }} @@ -315,7 +315,7 @@ jobs: (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: - k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml with: k8s-version: ${{ matrix.k8s }} diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 4afc27aa2..28bbf6692 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -141,7 +141,7 @@ jobs: (needs.changes.outputs.kube-webhook-certgen == 'true') strategy: matrix: - k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, v1.29.0] + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] steps: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 From fde59909297d5b384e5a550bec155ca37bcfad15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 08:02:17 -0700 Subject: [PATCH 139/154] Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11262) Bumps the all group with 1 update: [actions/add-to-project](https://github.com/actions/add-to-project). Updates `actions/add-to-project` from 1.0.0 to 1.0.1 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/2e5cc851ca7162e9eb510e6da6a5c64022e606a7...9bfe908f2eaa7ba10340b31e314148fcfe6a2458) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/project.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index b999e29be..59ad98a71 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -13,7 +13,7 @@ jobs: repository-projects: write issues: write steps: - - uses: actions/add-to-project@2e5cc851ca7162e9eb510e6da6a5c64022e606a7 # v1.0.0 + - uses: actions/add-to-project@9bfe908f2eaa7ba10340b31e314148fcfe6a2458 # v1.0.1 with: project-url: https://github.com/orgs/kubernetes/projects/104 github-token: ${{ secrets.PROJECT_WRITER }} From 5b8c1cd1d990b8bd206b44ec007e56730ad2260a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 08:04:36 -0700 Subject: [PATCH 140/154] Bump azure/setup-helm from 3.5 to 4 (#11263) Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.5 to 4. - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/5119fcb9089d432beecbf79bb2c7915207344b78...b7246b12e77f7134dc2d460a3d5bad15bbe29390) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bc2dc24ef..e7f2da325 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -184,7 +184,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: From b9e0c281d060ff3030daf300790a04e0fdb89a2e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 09:12:02 -0700 Subject: [PATCH 141/154] Bump the all group with 2 updates (#11261) Bumps the all group with 2 updates: [github.com/prometheus/common](https://github.com/prometheus/common) and [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Updates `github.com/prometheus/common` from 0.52.2 to 0.52.3 - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.52.2...v0.52.3) Updates `sigs.k8s.io/controller-runtime` from 0.17.2 to 0.17.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.2...v0.17.3) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 228ac7511..59701ed42 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.1 - github.com/prometheus/common v0.52.2 + github.com/prometheus/common v0.52.3 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 @@ -41,7 +41,7 @@ require ( k8s.io/component-base v0.29.3 k8s.io/klog/v2 v2.120.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 - sigs.k8s.io/controller-runtime v0.17.2 + sigs.k8s.io/controller-runtime v0.17.3 sigs.k8s.io/mdtoc v1.1.0 ) diff --git a/go.sum b/go.sum index b7f63c02f..999739793 100644 --- a/go.sum +++ b/go.sum @@ -323,8 +323,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck= -github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= +github.com/prometheus/common v0.52.3 h1:5f8uj6ZwHSscOGNdIQg6OiZv/ybiK2CO2q2drVZAQSA= +github.com/prometheus/common v0.52.3/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -770,8 +770,8 @@ pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk= +sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g= From 1dee4b131e61b0060618eabff76e26770f86135f Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 18 Apr 2024 10:30:27 -0400 Subject: [PATCH 142/154] release helm chart from release branch (#11276) Signed-off-by: James Strong --- .github/workflows/helm.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 3ba506c29..af8d91e1f 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -4,6 +4,7 @@ on: push: branches: - main + - release-* permissions: contents: read From 95554dccd25a5b6debac9a850c0b84ec2f815fe8 Mon Sep 17 00:00:00 2001 From: NierYYDS <141559828+NierYYDS@users.noreply.github.com> Date: Fri, 19 Apr 2024 01:06:32 +0800 Subject: [PATCH 143/154] fix: update kube version requirement to 1.21 (#11275) The controller depends on the v1 version of EndpointSlice, but the discovery.k8s.io/v1 API was first introduced in Kubernetes version 1.21. --- charts/ingress-nginx/Chart.yaml | 2 +- charts/ingress-nginx/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 7996c29c5..f9bb890f8 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -11,7 +11,7 @@ icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/5 keywords: - ingress - nginx -kubeVersion: '>=1.20.0-0' +kubeVersion: '>=1.21.0-0' maintainers: - name: Gacko - name: rikatz diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index c3489a6c3..1c166e05e 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -10,7 +10,7 @@ This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kuber ## Requirements -Kubernetes: `>=1.20.0-0` +Kubernetes: `>=1.21.0-0` ## Get Repo Info From e5b663690300180d0c3b0b349afaa89fbe5dd19d Mon Sep 17 00:00:00 2001 From: racequite <166888152+racequite@users.noreply.github.com> Date: Fri, 19 Apr 2024 17:25:09 +0800 Subject: [PATCH 144/154] chore: fix function names in comment (#11280) Signed-off-by: racequite --- internal/ingress/errors/errors.go | 2 +- internal/ingress/status/status.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/ingress/errors/errors.go b/internal/ingress/errors/errors.go index d70218334..62be8b77f 100644 --- a/internal/ingress/errors/errors.go +++ b/internal/ingress/errors/errors.go @@ -137,7 +137,7 @@ func IsValidationError(e error) bool { return ok } -// NewValidationError returns a new LocationDenied error +// NewRiskyAnnotations returns a new LocationDenied error func NewRiskyAnnotations(name string) error { return RiskyAnnotationError{ Reason: fmt.Errorf("annotation group %s contains risky annotation based on ingress configuration", name), diff --git a/internal/ingress/status/status.go b/internal/ingress/status/status.go index 81fb9044a..ef01cdd24 100644 --- a/internal/ingress/status/status.go +++ b/internal/ingress/status/status.go @@ -393,7 +393,7 @@ func statusAddressFromService(service string, kubeClient clientset.Interface) ([ return nil, fmt.Errorf("unable to extract IP address/es from service %v", service) } -// stringInSlice returns true if s is in list +// stringInIngresses returns true if s is in list func stringInIngresses(s string, list []v1.IngressLoadBalancerIngress) bool { for _, v := range list { if v.IP == s || v.Hostname == s { From 6bfc30a4b9de680bc5e86533d15b2f636580535a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Apr 2024 06:44:17 -0700 Subject: [PATCH 145/154] Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11283) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- images/kube-webhook-certgen/rootfs/go.mod | 2 +- images/kube-webhook-certgen/rootfs/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index b1903dcf3..94da139a2 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -39,7 +39,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/testify v1.9.0 // indirect - golang.org/x/net v0.22.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sys v0.18.0 // indirect golang.org/x/term v0.18.0 // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 4ec80305a..613ff3e2e 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -104,8 +104,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From af5cfbd0a25a8544ad51a04c0183cd6a97afc38b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Apr 2024 07:22:55 -0700 Subject: [PATCH 146/154] Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11282) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 59701ed42..c4c445a60 100644 --- a/go.mod +++ b/go.mod @@ -105,7 +105,7 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20240123142251-f86470692795 // indirect golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.22.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect golang.org/x/sys v0.19.0 // indirect diff --git a/go.sum b/go.sum index 999739793..65d5ec9b8 100644 --- a/go.sum +++ b/go.sum @@ -472,8 +472,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= From 48fbdfe3ba0c0e258890c970e2561caecea532dd Mon Sep 17 00:00:00 2001 From: Tom Hayward Date: Fri, 19 Apr 2024 08:41:08 -0700 Subject: [PATCH 147/154] fix path in file changed detected message (#11271) * fix path in file changed detected message Signed-off-by: Tom Hayward * fix typo in log message * explain code per review comments --------- Signed-off-by: Tom Hayward --- internal/ingress/controller/nginx.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 0df5409f4..b81734154 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -202,8 +202,11 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro } for _, f := range filesToWatch { + // This redeclaration is necessary for the closure to get the correct value for the iteration in go versions <1.22 + // See https://go.dev/blog/loopvar-preview + f := f _, err = file.NewFileWatcher(f, func() { - klog.InfoS("File changed detected. Reloading NGINX", "path", f) + klog.InfoS("File change detected. Reloading NGINX", "path", f) n.syncQueue.EnqueueTask(task.GetDummyObject("file-change")) }) if err != nil { From 414e0b6c181840851367d077d7b174e465162c97 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Apr 2024 10:30:01 +0000 Subject: [PATCH 148/154] Bump the all group with 5 updates Bumps the all group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.2` | `4.1.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.1` | `4.3.2` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4.1.0` | `4.2.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.4` | `4.1.5` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.24.10` | `3.25.1` | Updates `actions/checkout` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/9bb56186c3b09b4f86b1c65136769dd318469633...1d96c772d19495a3b5c517cd2bc0cb401ea0529f) Updates `actions/upload-artifact` from 4.3.1 to 4.3.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/5d5d22a31266ced268874388b861e4b58bb5c2f3...1746f4ab65b179e0ea60a494b83293b640dd5bba) Updates `azure/setup-helm` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/b7246b12e77f7134dc2d460a3d5bad15bbe29390...fe7b79cd5ee1e45176fcad797de68ecaf3ca4814) Updates `actions/download-artifact` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/c850b930e6ba138125429b7e5c93fc707a7f8427...8caf195ad4b1dee92908e23f56eeb0696f1dd42d) Updates `github/codeql-action` from 3.24.10 to 3.25.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4355270be187e1b672a7a1c7c7bae5afdc1ab94a...c7f9125735019aa87cfc361530512d50ea439c71) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 16 ++++++++-------- .github/workflows/depreview.yaml | 2 +- .github/workflows/docs.yaml | 4 ++-- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/helm.yaml | 4 ++-- .github/workflows/images.yaml | 8 ++++---- .github/workflows/perftest.yaml | 2 +- .github/workflows/plugin.yaml | 2 +- .github/workflows/scorecards.yml | 6 +++--- .github/workflows/vulnerability-scans.yaml | 6 +++--- .github/workflows/zz-tmpl-images.yaml | 6 +++--- .github/workflows/zz-tmpl-k8s-e2e.yaml | 6 +++--- 12 files changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e7f2da325..a3d0e3187 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -77,7 +77,7 @@ jobs: (needs.changes.outputs.go == 'true') steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV @@ -105,7 +105,7 @@ jobs: PLATFORMS: linux/amd64 steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Get go version id: golangversion @@ -163,7 +163,7 @@ jobs: | gzip > docker.tar.gz - name: cache - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 with: name: docker.tar.gz path: docker.tar.gz @@ -179,12 +179,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: @@ -239,7 +239,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Setup Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 @@ -248,7 +248,7 @@ jobs: check-latest: true - name: cache - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 with: name: docker.tar.gz diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 3b553afd4..bfe5ba55b 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: 'Dependency Review' uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index d6182ec9c..740b76f79 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Deploy uses: ./.github/actions/mkdocs diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index d287061d5..02ebcaa38 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index af8d91e1f..e6383c682 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Run Artifact Hub lint run: | @@ -64,7 +64,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 28bbf6692..3e9cbcbae 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -41,7 +41,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -144,7 +144,7 @@ jobs: k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV @@ -178,7 +178,7 @@ jobs: nginx: ['1.25.3', '1.21.6'] steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: image build run: | cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build @@ -195,7 +195,7 @@ jobs: PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Set up QEMU uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index 3650e7263..87c828380 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Install K6 run: | diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index a074eaa5b..def284a39 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d00db6ba3..e4a404ef8 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,7 +27,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 with: name: SARIF file path: results.sarif @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 3a34541a5..e0c1d838b 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 @@ -52,7 +52,7 @@ jobs: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - name: Checkout code - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - shell: bash id: test @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml index e8fa4f472..819a88cd4 100644 --- a/.github/workflows/zz-tmpl-images.yaml +++ b/.github/workflows/zz-tmpl-images.yaml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Build run: | @@ -67,7 +67,7 @@ jobs: PLATFORMS: ${{ inputs.platforms-publish }} steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Login to GitHub Container Registry uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index ad03bf0a1..ab2ec536a 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -20,10 +20,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: cache - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 with: name: docker.tar.gz @@ -50,7 +50,7 @@ jobs: make kind-e2e-test - name: Upload e2e junit-reports ${{ inputs.variation }} - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 if: success() || failure() with: name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} From 7379b804594c32e92410e31555030fa22eddf93c Mon Sep 17 00:00:00 2001 From: cuiyourong <166382782+cuiyourong@users.noreply.github.com> Date: Tue, 23 Apr 2024 19:27:06 +0800 Subject: [PATCH 149/154] Fix function name in comment (#11296) Signed-off-by: cuiyourong --- internal/ingress/annotations/parser/validators.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/ingress/annotations/parser/validators.go b/internal/ingress/annotations/parser/validators.go index 64a9d133d..ffb4d9ba9 100644 --- a/internal/ingress/annotations/parser/validators.go +++ b/internal/ingress/annotations/parser/validators.go @@ -190,7 +190,7 @@ func ValidateServiceName(value string) error { return nil } -// checkAnnotations will check each annotation for: +// checkAnnotation will check each annotation for: // 1 - Does it contain the internal validation and docs config? // 2 - Does the ingress contains annotations? (validate null pointers) // 3 - Does it contains a validator? Should it contain a validator (not containing is a bug!) From 51847ac1b537c547cdb7bfb06d14e6d3d8476a73 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 23 Apr 2024 09:44:12 -0400 Subject: [PATCH 150/154] Release controller 1.10.1 (#11253) Signed-off-by: James Strong --- README.md | 1 + changelog/controller-1.10.1.md | 57 +++++++++++++++++++ deploy/static/provider/aws/deploy.yaml | 48 ++++++++-------- .../aws/nlb-with-tls-termination/deploy.yaml | 48 ++++++++-------- deploy/static/provider/baremetal/deploy.yaml | 48 ++++++++-------- deploy/static/provider/cloud/deploy.yaml | 48 ++++++++-------- deploy/static/provider/do/deploy.yaml | 48 ++++++++-------- deploy/static/provider/exoscale/deploy.yaml | 48 ++++++++-------- deploy/static/provider/kind/deploy.yaml | 48 ++++++++-------- deploy/static/provider/oracle/deploy.yaml | 48 ++++++++-------- deploy/static/provider/scw/deploy.yaml | 48 ++++++++-------- docs/deploy/index.md | 20 +++---- docs/e2e-tests.md | 4 ++ 13 files changed, 288 insertions(+), 226 deletions(-) create mode 100644 changelog/controller-1.10.1.md diff --git a/README.md b/README.md index 80725aa82..b0969fdbd 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but | Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version | |:--:|-----------------------|------------------------------|----------------|---------------|------------------------------| +| 🔄 | **v1.10.1** | 1.29, 1.28, 1.27, 1.26 | 3.19.1 | 1.25.3 | 4.10.1* | | 🔄 | **v1.10.0** | 1.29, 1.28, 1.27, 1.26 | 3.19.1 | 1.25.3 | 4.10.0* | | 🔄 | **v1.9.6** | 1.29, 1.28, 1.27, 1.26, 1.25 | 3.19.0 | 1.21.6 | 4.9.1* | | 🔄 | **v1.9.5** | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.9.0* | diff --git a/changelog/controller-1.10.1.md b/changelog/controller-1.10.1.md new file mode 100644 index 000000000..40fc321fa --- /dev/null +++ b/changelog/controller-1.10.1.md @@ -0,0 +1,57 @@ +# Changelog + +### controller-v1.10.1 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e +* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.1@sha256:c155954116b397163c88afcb3252462771bd7867017e8a17623e83601bab7ac7 + +### All changes: + +* start 1.10.1 build (#11246) +* force nginx rebuild (#11245) +* update k8s version to latest kind release (#11241) +* remove _ssl_expire_time_seconds metric by identifier (#11239) +* update post submit helm ci and clean up (#11221) +* Chart: Add unit tests for default backend & topology spread constraints. (#11219) +* sort default backend hpa metrics (#11217) +* updated certgen image shatag (#11216) +* changed testrunner image sha (#11211) +* bumped certgeimage tag (#11213) +* updated baseimage & deleted a useless file (#11209) +* bump ginkgo to 2-17-1 in testrunner (#11204) +* chunking related faq update (#11205) +* Fix-semver (#11199) +* refactor helm ci tests part I (#11188) +* Proposal: e2e tests for regex patterns (#11185) +* bump ginkgo to v2.17.1 (#11186) +* fixes brotli build issue (#11187) +* fix geoip2 configuration docs (#11151) +* Fix typos in OTel doc (#11081) (#11129) +* Chart: Render `controller.ingressClassResource.parameters` natively. (#11126) +* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114) +* Chart: Align HPA & KEDA conditions. (#11113) +* Chart: Improve IngressClass documentation. (#11111) +* Chart: Add Gacko to maintainers. Again. (#11112) +* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105) +* Chores: Pick patches from main. (#11103) + +### Dependency updates: + +* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238) +* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234) +* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233) +* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232) +* Bump github.com/prometheus/client_model in the all group (#11231) +* Bump the all group with 3 updates (#11230) +* Bump the all group with 2 updates (#11190) +* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189) +* Bump the all group with 3 updates (#11166) +* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160) +* Bump the all group with 4 updates (#11140) +* Bump the all group with 1 update (#11136) +* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127) +* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128) +* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122) + diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 0e8356305..4b24f36c3 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 spec: containers: - args: @@ -447,7 +447,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: create securityContext: @@ -574,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -585,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch spec: containers: @@ -601,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -627,7 +627,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -640,7 +640,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 5c12ba3b9..4f37dd89b 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -335,7 +335,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -409,7 +409,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -431,7 +431,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 spec: containers: - args: @@ -456,7 +456,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create spec: containers: @@ -560,7 +560,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: create securityContext: @@ -586,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -597,7 +597,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch spec: containers: @@ -613,7 +613,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -639,7 +639,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -652,7 +652,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index b513fa97f..6e2ab95b7 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 spec: containers: - args: @@ -441,7 +441,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -517,7 +517,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -528,7 +528,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: create securityContext: @@ -568,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -579,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch spec: containers: @@ -595,7 +595,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -621,7 +621,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -634,7 +634,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 147d76d5e..6164992df 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -396,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -418,7 +418,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 spec: containers: - args: @@ -443,7 +443,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -519,7 +519,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -530,7 +530,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create spec: containers: @@ -544,7 +544,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: create securityContext: @@ -570,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +597,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -623,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -636,7 +636,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 801b6d75c..53fef52bb 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -421,7 +421,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 spec: containers: - args: @@ -446,7 +446,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create spec: containers: @@ -547,7 +547,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: create securityContext: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch spec: containers: @@ -600,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -626,7 +626,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -639,7 +639,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 79d945a53..26c28258a 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -382,7 +382,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -405,7 +405,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 spec: containers: - args: @@ -448,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -528,7 +528,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -539,7 +539,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create spec: containers: @@ -553,7 +553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: create securityContext: @@ -579,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -590,7 +590,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch spec: containers: @@ -606,7 +606,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -632,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -645,7 +645,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 4963253c1..d65e2cf39 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 spec: containers: - args: @@ -443,7 +443,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create spec: containers: @@ -554,7 +554,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: create securityContext: @@ -580,7 +580,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -591,7 +591,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch spec: containers: @@ -607,7 +607,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -633,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -646,7 +646,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/oracle/deploy.yaml b/deploy/static/provider/oracle/deploy.yaml index 080c206a5..fd66689e6 100644 --- a/deploy/static/provider/oracle/deploy.yaml +++ b/deploy/static/provider/oracle/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 spec: containers: - args: @@ -447,7 +447,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: create securityContext: @@ -574,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -585,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch spec: containers: @@ -601,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -627,7 +627,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -640,7 +640,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index d98955d80..fbd7a330e 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -129,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -421,7 +421,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 spec: containers: - args: @@ -446,7 +446,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c + image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-create spec: containers: @@ -547,7 +547,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: create securityContext: @@ -573,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission-patch spec: containers: @@ -600,7 +600,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -626,7 +626,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -639,7 +639,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 + app.kubernetes.io/version: 1.10.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 4e6b71235..7232b6ffd 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -68,7 +68,7 @@ helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -249,7 +249,7 @@ In AWS, we use a Network load balancer (NLB) to expose the Ingress-Nginx Control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -257,10 +257,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -306,7 +306,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -323,7 +323,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -331,7 +331,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -339,7 +339,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -354,7 +354,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml ``` A @@ -381,7 +381,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index b836fff6e..66664291b 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -295,6 +295,10 @@ Do not try to edit it manually. - [should choose the correct location](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_mixed.go#L39) ### [[Ingress] [PathType] prefix checks](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L28) - [should return 404 when prefix /aaa does not match request /aaaccc](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L35) +- [should test prefix path using simple regex pattern for /id/{int}](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L72) +- [should test prefix path using regex pattern for /id/{int} ignoring non-digits characters at end of string](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L113) +- [should test prefix path using fixed path size regex pattern /id/{int}{3}](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L142) +- [should correctly route multi-segment path patterns](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L177) ### [[Ingress] definition without host](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/without_host.go#L31) - [should set ingress details variables for ingresses without a host](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/without_host.go#L34) - [should set ingress details variables for ingresses with host without IngressRuleValue, only Backend](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/without_host.go#L55) From 0088c6c7c7a133c8c9a48e64a3270813130eaab5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Apr 2024 10:44:56 -0700 Subject: [PATCH 151/154] Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11290) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.52.3 to 0.53.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.52.3...v0.53.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c4c445a60..741d6c0eb 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.1 - github.com/prometheus/common v0.52.3 + github.com/prometheus/common v0.53.0 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 65d5ec9b8..f96723aa4 100644 --- a/go.sum +++ b/go.sum @@ -323,8 +323,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.52.3 h1:5f8uj6ZwHSscOGNdIQg6OiZv/ybiK2CO2q2drVZAQSA= -github.com/prometheus/common v0.52.3/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= +github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= +github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= From 77c28237f0faf4016780d64cb2e444a277125907 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Apr 2024 11:55:14 -0700 Subject: [PATCH 152/154] Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11291) Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.29.3 to 0.30.0. - [Commits](https://github.com/kubernetes/component-base/compare/v0.29.3...v0.30.0) --- updated-dependencies: - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 +++++++----- go.sum | 26 ++++++++++++++------------ 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 741d6c0eb..fc75ec322 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,7 @@ module k8s.io/ingress-nginx go 1.21 +toolchain go1.22.2 require ( dario.cat/mergo v1.0.0 @@ -31,14 +32,14 @@ require ( google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.29.3 + k8s.io/api v0.30.0 k8s.io/apiextensions-apiserver v0.29.3 - k8s.io/apimachinery v0.29.3 + k8s.io/apimachinery v0.30.0 k8s.io/apiserver v0.29.3 k8s.io/cli-runtime v0.29.3 - k8s.io/client-go v0.29.3 + k8s.io/client-go v0.30.0 k8s.io/code-generator v0.29.3 - k8s.io/component-base v0.29.3 + k8s.io/component-base v0.30.0 k8s.io/klog/v2 v2.120.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.17.3 @@ -122,7 +123,8 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20240226174109-00c4be8627da // indirect - k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b // indirect + k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.16.0 // indirect diff --git a/go.sum b/go.sum index f96723aa4..b99859431 100644 --- a/go.sum +++ b/go.sum @@ -292,8 +292,8 @@ github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8 github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE= +github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk= github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss= github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= @@ -740,29 +740,31 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= -k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI= k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.29.3 h1:xR7ELlJ/BZSr2n4CnD3lfA4gzFivh0wwfNfz9L0WZcE= k8s.io/apiserver v0.29.3/go.mod h1:hrvXlwfRulbMbBgmWRQlFru2b/JySDpmzvQwwk4GUOs= k8s.io/cli-runtime v0.29.3 h1:r68rephmmytoywkw2MyJ+CxjpasJDQY7AGc3XY2iv1k= k8s.io/cli-runtime v0.29.3/go.mod h1:aqVUsk86/RhaGJwDhHXH0jcdqBrgdF3bZWk4Z9D4mkM= -k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= -k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/code-generator v0.29.3 h1:m7E25/t9R9NvejspO2zBdyu+/Gl0Z5m7dCRc680KS14= k8s.io/code-generator v0.29.3/go.mod h1:x47ofBhN4gxYFcxeKA1PYXeaPreAGaDN85Y/lNUsPoM= -k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo= -k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/gengo v0.0.0-20240226174109-00c4be8627da h1:uH7pylUCo++9PSvrUA34sbk4Y6PHw/bgEFa80pejI+I= k8s.io/gengo v0.0.0-20240226174109-00c4be8627da/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b h1:1dzw/KqgSPod72SUp2tuTOmK33TlY2fHlrVU2M9VrOM= -k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= From b3152c48417ec0d8a428b794ed2a715f035cf6de Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 24 Apr 2024 09:48:42 -0400 Subject: [PATCH 153/154] Release Helm Chart on branch update Signed-off-by: James Strong --- .github/workflows/helm.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index e6383c682..e88fd8678 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -65,6 +65,7 @@ jobs: steps: - name: Checkout master uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + ref: ${{ github.ref_name }} with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 From b330f96482df33a837120b6151ee248abadad6bb Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 24 Apr 2024 10:21:27 -0400 Subject: [PATCH 154/154] fix ref error Signed-off-by: James Strong --- .github/workflows/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index e88fd8678..34af63189 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -65,10 +65,10 @@ jobs: steps: - name: Checkout master uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - ref: ${{ github.ref_name }} with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 + ref: ${{ github.ref_name }} - name: Setup shell: bash