chriss-de
ad406b64d8
Add override for proxy_intercept_errors when using Custom HTTP Errors ( #9497 )
...
* added proxy-intercept-errors config option
* fixed error when comparing locations
* fixed missing location config from annotation
added e2e test
* reversed logic for proxy-intercept-errors to disable-proxy-intercept-errors
* reversed logic to disable-proxy-intercept-errors
* reversed logic
* default has to be false
* put comment in same line as return
* run gofmt
* fixing wrong Boilerplate header
* updated code to new IngressAnnotation interface
* fixes to satisfy PR comments
* synced with upstream; fixed typo
* gofumpt disableproxyintercepterrors.go
* gofumpt
2023-11-17 05:43:54 +01:00
Filip Havlíček
e0446d7554
annotation validation - extended URLWithNginxVariableRegex from alphaNumericChars to extendedAlphaNumeric ( #10652 )
2023-11-15 17:40:00 +01:00
dependabot[bot]
6c92b04edc
Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1 ( #10645 )
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.13.0 to 2.13.1.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.13.0...v2.13.1 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-13 14:58:04 +01:00
dependabot[bot]
dd01a6d05a
Bump golang.org/x/crypto from 0.14.0 to 0.15.0 ( #10644 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.15.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-13 13:46:04 +01:00
dependabot[bot]
6f97533683
Bump github.com/armon/go-proxyproto ( #10643 )
...
Bumps [github.com/armon/go-proxyproto](https://github.com/armon/go-proxyproto ) from 0.0.0-20210323213023-7e956b284f0a to 0.1.0.
- [Commits](https://github.com/armon/go-proxyproto/commits/v0.1.0 )
---
updated-dependencies:
- dependency-name: github.com/armon/go-proxyproto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-13 13:43:22 +01:00
dependabot[bot]
4ccdf662d9
Bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 ( #10642 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.13.1 to 0.14.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](f78e9ecf42...2b6a709cf9
2023-11-13 13:40:31 +01:00
dependabot[bot]
211e8d8eb8
Bump actions/dependency-review-action from 3.1.1 to 3.1.2 ( #10641 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9f45b2463b...fde92acd08
2023-11-13 13:37:18 +01:00
Ardika Bagus S
da51393cac
fix(cors): ensure trailing comma treated as empty value to be ignored ( #10616 )
...
* fix(cors): ensure trailing comma treated as empty value to be ignored
Signed-off-by: Ardika Bagus <me@ardikabs.com>
* test(cors): add e2e test
Signed-off-by: Ardika Bagus <me@ardikabs.com>
---------
Signed-off-by: Ardika Bagus <me@ardikabs.com>
2023-11-07 19:02:48 +01:00
Marco Ebert
8b026f42d5
Chart: Tighten securityContexts and Pod Security Policies. ( #10491 )
...
* Values: Fix docs of `controller.podSecurityContext` & `controller.sysctls`.
* Values: Add missing `controller.containerSecurityContext`.
Already in use, but has never been added to values.
* Values: Fix docs of `defaultBackend.podSecurityContext` & `defaultBackend.containerSecurityContext`.
* Helpers: Rename `controller.containerSecurityContext` to `ingress-nginx.controller.containerSecurityContext`.
Due to alignment with other templates.
* Helpers: Improve `extraModules`.
- Make `command` a multiline list.
- Fix `toYaml` usage.
- Remove `toYaml` where not necessary.
* Helpers: Move `ingress-nginx.defaultBackend.fullname`.
* Helpers: Add `ingress-nginx.defaultBackend.containerSecurityContext`.
Extracts the default backend `securityContext` into a template, as for the controller.
* Controller: Fix indentation of `controller.podSecurityContext` & `controller.sysctls`.
* Controller: Improve `controller.extraModules` & `controller.opentelemetry`.
- Add `controller.extraModules.distroless` & `controller.extraModules.resources`.
- Add `controller.opentelemetry.name` & `controller.opentelemetry.distroless`.
- Align `extraModules` inclusion for `controller.extraModules` & `controller.opentelemetry`.
- Remove redundant whitespaces.
* Controller/PSP: Align indentation.
* Controller/PSP: Remove quotes.
* Controller/PSP: Improve comments.
* Controller/PSP: Reorder fields.
See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy .
* Admission Webhooks: Fix indentation of `controller.admissionWebhooks.patch.securityContext`.
* Admission Webhooks/PSP: Align indentation.
* Admission Webhooks/PSP: Reorder fields.
* Admission Webhooks/PSP: Align condition.
* Admission Webhooks/ClusterRole: Align PSP rule.
* Default Backend/PSP: Align indentation.
* Default Backend/PSP: Reorder fields.
See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy .
* Values: Tighten `controller.image`.
Due to recent changes, the controller image can be run without privilege escalation:
- https://github.com/kubernetes/ingress-nginx/issues/8499
- https://github.com/kubernetes/ingress-nginx/pull/7449
* Values: Tighten `controller.extraModules.containerSecurityContext`.
* Values: Tighten `controller.opentelemetry.containerSecurityContext`.
* Values: Tighten `controller.admissionWebhooks.*.securityContext`.
Moves the pod `securityContext` to the containers to not interfere with injected containers.
* Values: Tighten `defaultBackend.image`.
2023-11-07 18:52:36 +01:00
Marco Ebert
6499a6bd04
Chart: Fix pod selectors in NOTES.txt. ( #10617 )
...
Also improve other `kubectl` commands.
2023-11-07 18:46:40 +01:00
dependabot[bot]
9f92ea2285
Bump github.com/opencontainers/runc from 1.1.9 to 1.1.10 ( #10624 )
...
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc ) from 1.1.9 to 1.1.10.
- [Release notes](https://github.com/opencontainers/runc/releases )
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.10/CHANGELOG.md )
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-07 04:49:44 +01:00
dependabot[bot]
0930782817
Bump aquasecurity/trivy-action from 0.13.0 to 0.13.1 ( #10620 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](b77b85c025...f78e9ecf42
2023-11-07 04:46:54 +01:00
dependabot[bot]
c32d4262e1
Bump actions/dependency-review-action from 3.1.0 to 3.1.1 ( #10619 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](6c5ccdad46...9f45b2463b
2023-11-07 04:44:02 +01:00
dependabot[bot]
98b8f2e547
Bump helm/chart-releaser-action from 1.5.0 to 1.6.0 ( #10621 )
...
Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/helm/chart-releaser-action/releases )
- [Commits](be16258da8...a917fd15b2
2023-11-06 14:19:04 +01:00
dependabot[bot]
63cd83ddaf
Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 ( #10625 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-06 12:46:31 +01:00
Leonardo Taccari
870847ad4c
Comment NGINXCertificateExpiry alert label matcher ( #10613 )
...
If a valid certificate is passed via `--default-ssl-certificate` it is
probably desiderable that we check its expiration!
Add a comment to explain that.
2023-11-05 12:23:43 +01:00
Ricardo Katz
30820a5acc
Deprecate opentracing ( #10615 )
2023-11-05 01:58:35 +01:00
Ricardo Katz
9ed0d7f7af
Separate third party NGINX configuration ( #10470 )
...
* Document container separation
* Separate configurations
2023-11-03 14:46:32 +01:00
Philipp B
d6a0f46c32
chart: allow setting allocateLoadBalancerNodePorts ( #10585 )
...
Signed-off-by: Philipp Born <git@pborn.eu>
2023-11-02 22:45:46 +01:00
Leonardo Taccari
dc659b252d
Ignore fake certificate for NGINXCertificateExpiry ( #10505 )
...
The fake certificate is only a fallback and it is okay-ish if it
expires.
Do not alert for its expiration.
2023-11-02 21:11:03 +01:00
Jeremy Cocks
7f45fabde5
remove unsupported bold release from README ( #10605 )
...
Co-authored-by: netyaroze <jeremy@jeremy.cx>
2023-11-02 20:58:36 +01:00
Simon Wessel
13d95d026a
fix: adjust unfulfillable validation check for session-cookie-samesite annotation ( #10600 )
2023-11-01 23:09:00 +01:00
Matt Dainty
9cdd51d5dc
fix: Validate x-forwarded-prefix annotation with RegexPathWithCapture ( #10598 )
2023-11-01 23:08:51 +01:00
Marco Ebert
9cb3919e84
Chart: Improve #10539 . ( #10565 )
...
* Helpers: Align `ingress-nginx.namespace` to `ingress-nginx.name`.
* Templates: Remove quotes.
In alignment to others. Also does not make sense as `namespace` must conform to DNS.
* Admission Webhooks/Validating Webhook: Make use of `ingress-nginx.namespace`.
* KEDA: Remove comment.
* Templates: Add forgotten namespace definitions.
2023-11-01 22:59:56 +01:00
Pierre Ozoux
e805d4955d
feat(helm): add documentation about metric args ( #10590 )
...
* feat(helm): add documentation about metric args
This helps documenting this issue:
https://github.com/kubernetes/ingress-nginx/issues/8233
and relates to this documentation:
https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/monitoring.md#histogram-buckets
* fix
2023-11-01 13:57:39 +01:00
Roberto Devesa
b37f86026e
Fix typo ( #10594 )
2023-11-01 13:36:08 +01:00
dependabot[bot]
cf156c7390
Bump ossf/scorecard-action from 2.3.0 to 2.3.1 ( #10587 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902
2023-10-30 14:24:22 +01:00
dependabot[bot]
ecbf1851bb
Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 ( #10586 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.12.0 to 0.13.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](fbd16365eb...b77b85c025
2023-10-30 14:21:49 +01:00
Marco Ebert
0120a2df48
Admission Webhook: Truncate name. ( #10523 )
2023-10-29 18:26:05 +01:00
dependabot[bot]
f59738c753
Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 ( #10579 )
...
Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/fsnotify/fsnotify/releases )
- [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md )
- [Commits](https://github.com/fsnotify/fsnotify/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/fsnotify/fsnotify
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 13:52:29 +02:00
Michael Dreher
8c3aeaae4a
Increase HSTS max-age to default to one year ( #10564 )
2023-10-27 12:50:37 +02:00
dependabot[bot]
7e7001d2a0
Bump google.golang.org/grpc from 1.58.3 to 1.59.0 ( #10549 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.58.3 to 1.59.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.3...v1.59.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 12:38:50 +02:00
dependabot[bot]
2b42e3dbad
Bump github.com/prometheus/common from 0.44.0 to 0.45.0 ( #10547 )
...
Bumps [github.com/prometheus/common](https://github.com/prometheus/common ) from 0.44.0 to 0.45.0.
- [Release notes](https://github.com/prometheus/common/releases )
- [Commits](https://github.com/prometheus/common/compare/v0.44.0...v0.45.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/common
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 12:33:44 +02:00
James Strong
29a75418e6
Merge pull request #10576 from kubernetes/strongjz-patch-1
...
Update TAG
2023-10-26 07:35:04 -04:00
James Strong
5a63aaf36e
Update TAG
2023-10-26 07:34:46 -04:00
Ricardo Katz
5583f90c7f
Release v1.9.4 ( #10568 )
2023-10-25 18:33:49 +02:00
dependabot[bot]
15021952e1
Bump actions/checkout from 4.1.0 to 4.1.1 ( #10551 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-24 20:55:07 +02:00
jasine
7ce6cc88d8
feat: add namespace overrides ( #10539 )
...
* feat: add namespace overrides
* add value in readme
* fix: readme description
* fix: description in value
* fix: set max length and trim last "-"
2023-10-24 19:53:46 +02:00
Long Wu Yuan
b97bc81b38
changed readme as per issue 10556 ( #10558 )
2023-10-24 05:08:14 +02:00
Able Lv
560771ee80
Docs: Fixed broken link of "synchronization loop pattern" on how-it-works.md ( #10554 )
2023-10-24 03:43:29 +02:00
Able Lv
72fb480b81
Fix list item format on troubleshooting.md ( #10552 )
2023-10-24 03:40:56 +02:00
Marcelo Cyreno
b1ac371dee
Documenting flag enable-auth-access-log ( #10518 ) ( #10535 )
2023-10-19 03:43:20 +02:00
Ricardo Katz
a879829408
Fix fcgi configmap value parsing ( #10528 )
2023-10-17 01:10:16 +02:00
dependabot[bot]
96112d93f4
Bump dorny/test-reporter from 1.6.0 to 1.7.0 ( #10529 )
...
Bumps [dorny/test-reporter](https://github.com/dorny/test-reporter ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/dorny/test-reporter/releases )
- [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md )
- [Commits](c9b3d0e2bd...afe6793191
2023-10-16 13:57:36 +02:00
Jintao Zhang
0055ba3ea6
Remove legacy GeoIP from image ( #10500 )
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
2023-10-16 00:41:51 +02:00
Ricardo Katz
9db8fe51c8
Update mkdocs version ( #10522 )
2023-10-12 16:30:12 -03:00
Matt Clegg
b9d8bb406c
DOCS Remove support for running Both ( #10255 )
2023-10-12 19:51:40 +02:00
Tyler Brewer
2f7486b709
explicitly state TLS termination location ( #10516 )
2023-10-12 18:02:46 +02:00
James Strong
895bb1511d
Merge pull request #10520 from strongjz/release-v1.9.3
...
release 1.9.3
2023-10-12 10:05:51 -04:00
James Strong
6f2ad83b0d
release 1.9.3
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2023-10-12 09:51:50 -04:00
