* feat: add grpc buffer size in the nginx template
* feat: add grpc buffer size in the configmap struct
* feat: add test for GRCP buffer size configuration in the configmap
* chore: add documentation for the grcp buffer size configuration
* fix: fix the copyright year of the test
* fix: fix import order
* fix: fix ignore for the linter - reason was missing
* chore: seems like we don't need to ignore the error handling
* feature(geoip2_autoreload): GeoIP Autoreload
feature(geoip2_autoreload): fix lint
feature(geoip2_autoreload): changing flag interval
feature(geoip2_autoreload): tests - up and running
feature(geoip2_autoreload): tests - up and running
feature(geoip2): testing
feature(geoip2): remove typo
feature(geoip2_autoreload): fixing tests
* feature(geoip2_autoreload): working
* feature(geoip2_autoreload): including tests on geoip2 test file
Bumps the all group with 1 update: [k8s.io/component-base](https://github.com/kubernetes/component-base).
Updates `k8s.io/component-base` from 0.29.2 to 0.29.3
- [Commits](https://github.com/kubernetes/component-base/compare/v0.29.2...v0.29.3)
---
updated-dependencies:
- dependency-name: k8s.io/component-base
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: deploy PDB if Keda is enabled and the minimum amount of replicas is greater than 1
* feat: add the corresponding unit-test to check PDB deployment with Keda
* chore: rename the test of PDB to follow suggested pattern
* chore: update the test-case suite name to the new format
* Update charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* Update charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
---------
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled
* revert mTLS location excluding acme-challenge since each location will match ultimately resulting in 404 for all request paths
As fixed in pull request #7829 for the ServiceMonitor resource, this is also needed for the PrometheusRule. When
upgrading the ingress-nginx chart in our environment (via Pulumi) from a really old version to the latest (4.2.0) we
noticed it wanted to delete the PrometheusRule resource. This PR should fix that.
Current implementation of OCSP stapling makes use of the DNS caching machinery[^1],
which results in resty.http not seeing the actual host name of the OCSP responder.
On HTTP level, this is already mitigated via overriding the Host header, but
if a given responder operates on a HTTPS endpoint (a setup which, admittedly, isn't
very popular due to its chicken-and-egg caveats involved but is nonetheless legal[^2])
the connection will fail to be established. A relevant (and a bit redacted) excerpt from logs:
2023/07/02 18:13:23 [info] 112#112: *29039 [lua] dns.lua:32: cache_set(): cache set for 'my.ocsp.responder' with value of [10.1.2.3, 10.4.5.6, 10.7.8.9] and ttl of 30., context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442
2023/07/02 18:13:23 [error] 112#112: *29039 lua ssl certificate does not match host "10.1.2.3", context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442
2023/07/02 18:13:23 [error] 112#112: *29039 [lua] certificate.lua:143: fetch_and_cache_ocsp_response(): could not get OCSP response: certificate host mismatch, context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442
[^1]: https://github.com/kubernetes/ingress-nginx/blob/ebb6314/rootfs/etc/nginx/lua/certificate.lua#L81
[^2]: https://datatracker.ietf.org/doc/html/rfc2560#appendix-A.1.1
Before:
```
$ make print-e2e-suite
Reached DIND check ELSE block, inside run-in-docker.sh
Compiled e2e.test
Reached DIND check ELSE block, inside run-in-docker.sh
+ set -o errexit
+ set -o nounset
+ set -o pipefail
+++ dirname hack/print-e2e-suite.sh
++ cd hack/..
++ pwd -P
+ DIR=/go/src/k8s.io/ingress-nginx
+ /go/src/k8s.io/ingress-nginx/test/e2e/e2e.test -ginkgo.noColor -ginkgo.dryRun
+ sed 's|/go/src/k8s.io/ingress-nginx/|File: |g'
+ sed s/•//g
+ + head -n-3tail -n+5
You're using deprecated Ginkgo functionality:
=============================================
--ginkgo.dryRun is deprecated, use --ginkgo.dry-run instead
Learn more at: https://onsi.github.io/ginkgo/MIGRATING_TO_V2#changed-command-line-flags
--ginkgo.noColor is deprecated, use --ginkgo.no-color instead
Learn more at: https://onsi.github.io/ginkgo/MIGRATING_TO_V2#changed-command-line-flags
To silence deprecations that can be silenced set the following environment variable:
ACK_GINKGO_DEPRECATIONS=2.6.1
Will run 423 of 423 specs
```
After:
```
$ make print-e2e-suite
Reached DIND check ELSE block, inside run-in-docker.sh
Compiled e2e.test
Reached DIND check ELSE block, inside run-in-docker.sh
Will run 423 of 423 specs
------------------------------
[Annotations] service-upstream when using the default value (false) and enabling in the annotations should use the Service Cluster IP and Port
File: test/e2e/annotations/serviceupstream.go:41
[0.000 seconds]
------------------------------
[...]
```
Signed-off-by: Hervé Werner <dud225@hotmail.com>
