DevFW-CICD/ingress-nginx-helm

Author	SHA1	Message	Date
James Strong	f685c9b379	force rebuild for curl cve Signed-off-by: James Strong <james.strong@chainguard.dev>	2022-12-21 12:36:20 -05:00
James Strong	c648595cd7	update the nginx run container for alpine:3.17.0 (#9430 ) Signed-off-by: James Strong <james.strong@chainguard.dev> Signed-off-by: James Strong <james.strong@chainguard.dev>	2022-12-20 19:55:25 -08:00
James Strong	e3e0d9c1f4	start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417 ) * start upgrade to 1.19.4 Signed-off-by: James Strong <james.strong@chainguard.dev> * add matrix to image test-image Signed-off-by: James Strong <james.strong@chainguard.dev> * update to alpine 3.17 Signed-off-by: James Strong <james.strong@chainguard.dev> * remove need for curl Signed-off-by: James Strong <james.strong@chainguard.dev> Signed-off-by: James Strong <james.strong@chainguard.dev>	2022-12-18 17:07:43 -08:00
Adam Hukalowicz	49bd5dd763	ModSecurity dependencies update to avoid Memory Leaks (#9330 ) * Update ModSecurity to latest head * modsecurity version pinned	2022-12-04 11:39:54 -08:00
Jintao Zhang	0b5e068511	chore: update NGINX to 1.21.6 (#9231 ) Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>	2022-10-31 07:10:45 -07:00
Jintao Zhang	bf8362cb50	chore: bump NGINX version v1.21.4 (#8889 ) * chore: bump NGINX version v1.21.4 Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> * chore: bump all others Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> * apply all patches Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> * fix files hash Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> * fix ajp module Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>	2022-10-28 16:40:39 -07:00
Nicolas Julian	855bcbce34	Update Version ModSecurity and Coreruleset (#9086 ) This is related to some new bugs that found in LiveHackingEvent 1337up0522. The latest coreruleset need ModSecurity version 2.9.6 or 3.0.8 - https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec - https://coreruleset.org/20220920/crs-version-3-3-4-and-3-2-3/ - https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ - https://github.com/coreruleset/coreruleset/releases/tag/v3.3.4	2022-09-27 06:59:51 -07:00
Long Wu Yuan	9fdbef829c	bump alpine to v3.16.2 (#8934 )	2022-08-18 05:54:36 -07:00
David Goffredo	18ee046b43	update dd-opentracing-cpp version in nginx build script (#8848 ) * update dd-opentracing-cpp version in nginx build script * idiomatic placement of "v" prefix in Datadog plugin version tag	2022-07-23 11:02:57 -07:00
Long Wu Yuan	f0ff7e841d	bump to alpine-3.16.1 (#8858 )	2022-07-23 07:24:57 -07:00
Guilhem Lettron	0049796682	feat: update mimalloc to 1.7.6 (#8827 ) Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>	2022-07-17 12:13:20 -07:00
Long Wu Yuan	8baac4214a	changed to alpine-v3.16 (#8793 )	2022-07-08 06:57:46 -07:00
Daniel Schulze	0ff500c23f	Working OpenTelemetry sidecar (base nginx image) (#8719 ) * Delete entrypoint script and add sidecar lib path * make otel libs path otel specific * add description * remove library path adaption from nginx base image	2022-06-23 08:29:42 -07:00
Sara Saei	3410655065	update nginx otel LD_LIBRARY_PATH (#8641 )	2022-05-29 12:44:51 -07:00
Ehsan Saei	ac3bbaf068	update LD_LIBRARY_PATH for OpenTelemetry use (#8628 )	2022-05-24 10:15:26 -07:00
Ricardo Katz	cd6f88af3f	Add patch to remove root and alias directives (#8624 )	2022-05-23 20:13:10 -07:00
Ricardo Katz	81c2afd975	update base images and protobuf gomod (#8478 )	2022-04-15 12:53:12 -07:00
Long Wu Yuan	87979099fd	set execute bit on entrypoint.sh (#8404 )	2022-03-31 04:25:00 -07:00
Aditya Kamath	5402d35663	Add execute permissions to nginx image entrypoint.sh (#8403 )	2022-03-31 03:37:01 -07:00
James Strong	5298448865	downgrade to 3.14.4 and fix tag (#8386 ) Signed-off-by: James Strong <strong.james.e@gmail.com>	2022-03-25 10:21:58 -07:00
James Strong	40bb6c3d2e	update cloud build (#8349 )	2022-03-17 12:02:41 -07:00
James Strong	2fefd714bd	update tag and force a new build Signed-off-by: James Strong <strong.james.e@gmail.com>	2022-03-16 12:57:48 -04:00
James Strong	1953efa9d8	Bumping alpine base to 3.15	2022-03-16 11:52:38 -04:00
sskserk	01b92b8b3a	Nginx v1.19.10 (#8307 )	2022-03-14 08:55:57 -07:00
Damien Mathieu	15b0aba03b	First sidecar module: OpenTelemetry (#8013 ) * remove opentelemetry from main nginx image * add opentelemetry sidecar image * handle extra modules in helm chart * fix running helm chart * mount the modules volume in the init container * merge the mounted folder * fix the otel image * fix licence year * fix cloudbuild image * use the same nginx version as in the main image * only retrieve /etc/nginx/modules for now	2022-01-16 13:33:28 -08:00
dmitry-j-mikhin	8ccec84496	fix nginx compilation flags (#8023 ) * use '-O2' instead of '-Og' '-O2' produce production optimized binary while '-Og' is used mostly for debugging * use '-mtune=generic' instead of '-mtune=native' '-mtune=native' produce optimal code for builder host system, but it can be sub-optimal for execution host system	2021-12-12 05:25:58 -08:00
Damien Mathieu	eb482db5b3	disable opentelemetry on arm (#7831 )	2021-10-24 12:12:21 -07:00
Damien Mathieu	9da4d87d0c	Properly check whether we can install opentelemetry, and switch it back to main repo (#7803 ) * check for the exact value of USE_OPENTELEMETRY * use latest commit from the main opentelemetry-cpp-contrib repo	2021-10-12 12:16:34 -07:00
Damien Mathieu	0c16980018	add OpenTelemetry to nginx base image (#7669 )	2021-10-11 06:16:40 -07:00
Ricardo Katz	5662db4509	Fix resty balancer checksum and location (#7703 )	2021-09-26 10:28:21 -07:00
Jintao Zhang	0606ef8282	fix: upgrade lua-resty-balancer to v0.04 (#7702 ) it has two important bugfix: 1. should force convert weight to a number since it may cause dead loop when weight is a string type "0". 2. out-of-bounds memory writing may happen in chash_point_sort. Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>	2021-09-26 08:50:23 -07:00
Jintao Zhang	498892514d	Downgrade nginx to v1.19 (#7639 ) Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>	2021-09-15 11:08:11 -07:00
Ricardo Katz	4ce0227268	Remove addgroup directive from alpine building	2021-09-04 02:12:50 -03:00
Ricardo Katz	cb8ebcb880	update alpine and remove buildx restriction (#7583 )	2021-09-02 11:59:39 -07:00
Elvin Efendi	8951b7e22a	Revert "Update base nginx" (#7558 ) * Revert "Update base nginx (#7552)" This reverts commit `c6bc9870f1`. * keep alpine bump	2021-08-28 07:38:52 -07:00
Elvin Efendi	c6bc9870f1	Update base nginx (#7552 ) * upgrade alpine * use nginx 1.19.9 and corresponding patches from openresty * include openresty CVE-2021-23017 patch too	2021-08-27 07:20:05 -07:00
Ricardo Katz	90c79689c4	Release v1 (#7470 ) * Drop v1beta1 from ingress nginx (#7156) * Drop v1beta1 from ingress nginx Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix intorstr logic in controller Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * fixing admission Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * more intorstr fixing * correct template rendering Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix e2e tests for v1 api Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix gofmt errors * This is finally working...almost there... Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Re-add removed validation of AdmissionReview * Prepare for v1.0.0-alpha.1 release Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Update changelog and matrix table for v1.0.0-alpha.1 (#7274) Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * add docs for syslog feature (#7219) * Fix link to e2e-tests.md in developer-guide (#7201) * Use ENV expansion for namespace in args (#7146) Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does. * chart: using Helm builtin capabilities check (#7190) Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> * Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944) It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780 * Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107) * Fix MaxWorkerOpenFiles calculation on high cores nodes * Add e2e test for rlimit_nofile * Fix doc for max-worker-open-files * ingress/tcp: add additional error logging on failed (#7208) * Add file containing stable release (#7313) * Handle named (non-numeric) ports correctly (#7311) Signed-off-by: Carlos Panato <ctadeu@gmail.com> * Updated v1beta1 to v1 as its deprecated (#7308) * remove mercurial from build (#7031) * Retry to download maxmind DB if it fails (#7242) * Retry to download maxmind DB if it fails. Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Add retries count arg, move retry logic into DownloadGeoLite2DB function Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Reorder parameters in DownloadGeoLite2DB Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Remove hardcoded value Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com> * Release v1.0.0-alpha.1 * Add changelog for v1.0.0-alpha.2 * controller: ignore non-service backends (#7332) * controller: ignore non-service backends Signed-off-by: Carlos Panato <ctadeu@gmail.com> * update per feedback Signed-off-by: Carlos Panato <ctadeu@gmail.com> * fix: allow scope/tcp/udp configmap namespace to altered (#7161) * Lower webhook timeout for digital ocean (#7319) * Lower webhook timeout for digital ocean * Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29 * update OWNERS and aliases files (#7365) (#7366) Signed-off-by: Carlos Panato <ctadeu@gmail.com> * Downgrade Lua modules for s390x (#7355) Downgrade Lua modules to last known working version. * Fix IngressClass logic for newer releases (#7341) * Fix IngressClass logic for newer releases Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Change e2e tests for the new IngressClass presence * Fix chart and admission tests Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix helm chart test Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com> * Fix reviews * Remove ingressclass code from admission * update tag to v1.0.0-beta.1 * update readme and changelog for v1.0.0-beta.1 * Release v1.0.0-beta.1 - helm and manifests (#7422) * Change the order of annotation just to trigger a new helm release (#7425) * [cherry-pick] Add dev-v1 branch into helm releaser (#7428) * Add dev-v1 branch into helm releaser (#7424) * chore: add link for artifacthub.io/prerelease annotations Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com> * k8s job ci pipeline for dev-v1 br v1.22.0 (#7453) * k8s job ci pipeline for dev-v1 br v1.22.0 Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com> * k8s job ci pipeline for dev-v1 br v1.21.2 Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com> * remove v1.21.1 version Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com> * Add controller.watchIngressWithoutClass config option (#7459) Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com> * Release new helm chart with certgen fixed (#7478) * Update go version, modules and remove ioutil * Release new helm chart with certgen fixed * changed appversion, chartversion, TAG, image (#7490) * Fix CI conflict * Fix CI conflict * Fix build.sh from rebase process * Fix controller_test post rebase Co-authored-by: Tianhao Guo <rggth09@gmail.com> Co-authored-by: Ray <61553+rctay@users.noreply.github.com> Co-authored-by: Bill Cassidy <cassid4@gmail.com> Co-authored-by: Jintao Zhang <tao12345666333@163.com> Co-authored-by: Sathish Ramani <rsathishx87@gmail.com> Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com> Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com> Co-authored-by: Tom Hayward <thayward@infoblox.com> Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com> Co-authored-by: Tore <tore.lonoy@gmail.com> Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl> Co-authored-by: Shahid <shahid@us.ibm.com> Co-authored-by: James Strong <strong.james.e@gmail.com> Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com> Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com> Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com> Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>	2021-08-21 13:42:00 -07:00
Noah Ispas	98288bc3ca	Update versions of components for base image (#7411 ) * update versions and checksums * change requests from PR	2021-08-09 04:55:30 -07:00
James Strong	6aab4c2919	The actual sah256 sum for nginx 1.20.1 (#7183 )	2021-05-30 11:46:25 -07:00
James Strong	be85bc0d7f	Update the sha for nginx 1.21.1 (#7182 ) Update the sha for nginx 1.21.1	2021-05-30 11:32:25 -07:00
Shiming Zhang	e780c0b188	Upgrade Nginx to 1.20.1 (#7179 )	2021-05-30 11:10:25 -07:00
Matthew Silverman	5794a9360a	build yaml-cpp lib in image builder	2021-03-24 13:55:12 -04:00
Matthew Silverman	723729922a	update tracing libraries remove unused boost_static option	2021-03-23 19:09:23 -04:00
Manuel Alejandro de Brito Fontes	ba05026037	Update alpine to 3.13	2021-01-15 19:16:58 -03:00
Elvin Efendi	dfed436b9a	fix ipmatcher installation	2021-01-04 13:09:37 -05:00
Manuel Alejandro de Brito Fontes	0cca8e83ce	Update nginx alpine image to 3.12	2020-12-30 17:42:10 -03:00
Elvin Efendi	a3f1c2ad3b	include lua-resty-ipmatcher and lua-resty-global-throttle inn the base image	2020-12-30 11:36:49 -05:00
Elvin Efendi	0830b21a5b	include new resty lua libs in base image	2020-12-24 12:43:10 -05:00
Manuel Alejandro de Brito Fontes	a48ae42034	Update nginx to 1.19.6	2020-12-15 17:14:46 -03:00
Manuel Alejandro de Brito Fontes	68c57386d0	Update nginx to 1.19.5	2020-11-27 14:19:20 -03:00

1 2 3

146 commits