DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7292 commits 4 branches 217 tags 166 MiB
Commit graph

7292 commits

This branch
This branch
All branches
Author SHA1 Message Date
Marco Ebert
b8e4e3ceba Chart: Rename changelog/Changelog-*.md into changelog/helm-chart-*.md. 2023-11-28 09:20:12 +01:00
Marco Ebert
84ced1ed1c Chart: Improve changelog/helm-chart.md.gotmpl. 2023-11-28 09:20:12 +01:00
Marco Ebert
559c03d1d3 Chart: Rename changelog.md.gotmpl into changelog/helm-chart.md.gotmpl. 2023-11-28 09:20:12 +01:00
Marco Ebert
433781c918 Repository: Align changelog/controller-*.md to changelog/controller.md.gotmpl. 2023-11-28 09:20:12 +01:00
Marco Ebert
84bdad5341 Repository: Rename changelog/Changelog-*.md into changelog/controller-*.md. 2023-11-28 09:20:12 +01:00
Marco Ebert
7e34a676b9 Repository: Improve changelog/controller.md.gotmpl. 2023-11-28 09:20:12 +01:00
Marco Ebert
6cd7331bd5 Repository: Rename Changelog.md.gotmpl into changelog/controller.md.gotmpl. 2023-11-28 09:20:12 +01:00
James Strong
eb1303da02
Merge pull request #10683 from Gacko/4waw2 
Chart: Promote myself to approver & reviewer.
 2023-11-27 10:55:26 -05:00
Marco Ebert
f3f0ee539d Chart: Put me in alphabetical order. 2023-11-27 16:52:57 +01:00
Marco Ebert
e6d3bbb520 Chart: Promote myself to approver & reviewer. 2023-11-27 16:41:09 +01:00
Tore
7f723c5985
docs: add index for global-auth-always-set-cookie (#10670) 2023-11-22 11:59:09 +01:00
James Strong
c4ca77d100
Merge pull request #10668 from strongjz/nginx-1.25 
upgrade nginx
 2023-11-21 15:22:23 -05:00
James Strong
3a9cd1bd7e sremove the v 2023-11-21 13:23:04 -05:00
James Strong
1adb1116a4 remove unneeded patches 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-11-21 12:19:02 -05:00
James Strong
4e39571ed4 upgrade nginx 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-11-21 11:44:54 -05:00
Tore
cd3e5d323d
docs: Update configmap docs for enable-global-auth option (#10667) 
* docs: Include default annotation prefix is docs

Most docs includes the annotation prefix

* docs: Update annotations docs for global-auth

Correct documentation to reflect whats possible. It is not possible to use `enable-global-auth: false` in ConfigMap.
 2023-11-21 14:43:36 +01:00
Ana Claudia Riekstin
a7c40bbec4
Add missing dash (#10663) 
Add missing dash
 2023-11-21 09:24:24 +01:00
dependabot[bot]
7e2e70135e
Bump actions/dependency-review-action from 3.1.2 to 3.1.3 (#10661) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](fde92acd08...7bbfa034e7)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-20 12:51:11 +01:00
Jintao Zhang
0a054d1f58
chore(dep): change lua-resty-cookie's repo (#10630) 
since cloudflare has archived the upstream repo,
we choose a more active forked repo to use.

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2023-11-19 22:14:57 +01:00
chriss-de
ad406b64d8
Add override for proxy_intercept_errors when using Custom HTTP Errors (#9497) 
* added proxy-intercept-errors config option

* fixed error when comparing locations

* fixed missing location config from annotation
added e2e test

* reversed logic for proxy-intercept-errors to disable-proxy-intercept-errors

* reversed logic to disable-proxy-intercept-errors

* reversed logic

* default has to be false

* put comment in same line as return

* run gofmt

* fixing wrong Boilerplate header

* updated code to new IngressAnnotation interface

* fixes to satisfy PR comments

* synced with upstream; fixed typo

* gofumpt disableproxyintercepterrors.go

* gofumpt
 2023-11-17 05:43:54 +01:00
Filip Havlíček
e0446d7554
annotation validation - extended URLWithNginxVariableRegex from alphaNumericChars to extendedAlphaNumeric (#10652) 2023-11-15 17:40:00 +01:00
dependabot[bot]
6c92b04edc
Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1 (#10645) 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.13.0 to 2.13.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.13.0...v2.13.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-13 14:58:04 +01:00
dependabot[bot]
dd01a6d05a
Bump golang.org/x/crypto from 0.14.0 to 0.15.0 (#10644) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-13 13:46:04 +01:00
dependabot[bot]
6f97533683
Bump github.com/armon/go-proxyproto (#10643) 
Bumps [github.com/armon/go-proxyproto](https://github.com/armon/go-proxyproto) from 0.0.0-20210323213023-7e956b284f0a to 0.1.0.
- [Commits](https://github.com/armon/go-proxyproto/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: github.com/armon/go-proxyproto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-13 13:43:22 +01:00
dependabot[bot]
4ccdf662d9
Bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#10642) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.13.1 to 0.14.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](f78e9ecf42...2b6a709cf9)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-13 13:40:31 +01:00
dependabot[bot]
211e8d8eb8
Bump actions/dependency-review-action from 3.1.1 to 3.1.2 (#10641) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](9f45b2463b...fde92acd08)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-13 13:37:18 +01:00
Ardika Bagus S
da51393cac
fix(cors): ensure trailing comma treated as empty value to be ignored (#10616) 
* fix(cors): ensure trailing comma treated as empty value to be ignored

Signed-off-by: Ardika Bagus <me@ardikabs.com>

* test(cors): add e2e test

Signed-off-by: Ardika Bagus <me@ardikabs.com>

---------

Signed-off-by: Ardika Bagus <me@ardikabs.com>
 2023-11-07 19:02:48 +01:00
Marco Ebert
8b026f42d5
Chart: Tighten securityContexts and Pod Security Policies. (#10491) 
* Values: Fix docs of `controller.podSecurityContext` & `controller.sysctls`.

* Values: Add missing `controller.containerSecurityContext`.

Already in use, but has never been added to values.

* Values: Fix docs of `defaultBackend.podSecurityContext` & `defaultBackend.containerSecurityContext`.

* Helpers: Rename `controller.containerSecurityContext` to `ingress-nginx.controller.containerSecurityContext`.

Due to alignment with other templates.

* Helpers: Improve `extraModules`.

- Make `command` a multiline list.
- Fix `toYaml` usage.
- Remove `toYaml` where not necessary.

* Helpers: Move `ingress-nginx.defaultBackend.fullname`.

* Helpers: Add `ingress-nginx.defaultBackend.containerSecurityContext`.

Extracts the default backend `securityContext` into a template, as for the controller.

* Controller: Fix indentation of `controller.podSecurityContext` & `controller.sysctls`.

* Controller: Improve `controller.extraModules` & `controller.opentelemetry`.

- Add `controller.extraModules.distroless` & `controller.extraModules.resources`.
- Add `controller.opentelemetry.name` & `controller.opentelemetry.distroless`.
- Align `extraModules` inclusion for `controller.extraModules` & `controller.opentelemetry`.
- Remove redundant whitespaces.

* Controller/PSP: Align indentation.

* Controller/PSP: Remove quotes.

* Controller/PSP: Improve comments.

* Controller/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Admission Webhooks: Fix indentation of `controller.admissionWebhooks.patch.securityContext`.

* Admission Webhooks/PSP: Align indentation.

* Admission Webhooks/PSP: Reorder fields.

* Admission Webhooks/PSP: Align condition.

* Admission Webhooks/ClusterRole: Align PSP rule.

* Default Backend/PSP: Align indentation.

* Default Backend/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.

* Values: Tighten `controller.image`.

Due to recent changes, the controller image can be run without privilege escalation:

- https://github.com/kubernetes/ingress-nginx/issues/8499
- https://github.com/kubernetes/ingress-nginx/pull/7449

* Values: Tighten `controller.extraModules.containerSecurityContext`.

* Values: Tighten `controller.opentelemetry.containerSecurityContext`.

* Values: Tighten `controller.admissionWebhooks.*.securityContext`.

Moves the pod `securityContext` to the containers to not interfere with injected containers.

* Values: Tighten `defaultBackend.image`.
 2023-11-07 18:52:36 +01:00
Marco Ebert
6499a6bd04
Chart: Fix pod selectors in NOTES.txt. (#10617) 
Also improve other `kubectl` commands.
 2023-11-07 18:46:40 +01:00
dependabot[bot]
9f92ea2285
Bump github.com/opencontainers/runc from 1.1.9 to 1.1.10 (#10624) 
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.9 to 1.1.10.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.10/CHANGELOG.md)
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-07 04:49:44 +01:00
dependabot[bot]
0930782817
Bump aquasecurity/trivy-action from 0.13.0 to 0.13.1 (#10620) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](b77b85c025...f78e9ecf42)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-07 04:46:54 +01:00
dependabot[bot]
c32d4262e1
Bump actions/dependency-review-action from 3.1.0 to 3.1.1 (#10619) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](6c5ccdad46...9f45b2463b)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-07 04:44:02 +01:00
dependabot[bot]
98b8f2e547
Bump helm/chart-releaser-action from 1.5.0 to 1.6.0 (#10621) 
Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/helm/chart-releaser-action/releases)
- [Commits](be16258da8...a917fd15b2)

---
updated-dependencies:
- dependency-name: helm/chart-releaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 14:19:04 +01:00
dependabot[bot]
63cd83ddaf
Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#10625) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 12:46:31 +01:00
Leonardo Taccari
870847ad4c
Comment NGINXCertificateExpiry alert label matcher (#10613) 
If a valid certificate is passed via `--default-ssl-certificate` it is
probably desiderable that we check its expiration!

Add a comment to explain that.
 2023-11-05 12:23:43 +01:00
Ricardo Katz
30820a5acc
Deprecate opentracing (#10615) 2023-11-05 01:58:35 +01:00
Ricardo Katz
9ed0d7f7af
Separate third party NGINX configuration (#10470) 
* Document container separation

* Separate configurations
 2023-11-03 14:46:32 +01:00
Philipp B
d6a0f46c32
chart: allow setting allocateLoadBalancerNodePorts (#10585) 
Signed-off-by: Philipp Born <git@pborn.eu>
 2023-11-02 22:45:46 +01:00
Leonardo Taccari
dc659b252d
Ignore fake certificate for NGINXCertificateExpiry (#10505) 
The fake certificate is only a fallback and it is okay-ish if it
expires.

Do not alert for its expiration.
 2023-11-02 21:11:03 +01:00
Jeremy Cocks
7f45fabde5
remove unsupported bold release from README (#10605) 
Co-authored-by: netyaroze <jeremy@jeremy.cx>
 2023-11-02 20:58:36 +01:00
Simon Wessel
13d95d026a
fix: adjust unfulfillable validation check for session-cookie-samesite annotation (#10600) 2023-11-01 23:09:00 +01:00
Matt Dainty
9cdd51d5dc
fix: Validate x-forwarded-prefix annotation with RegexPathWithCapture (#10598) 2023-11-01 23:08:51 +01:00
Marco Ebert
9cb3919e84
Chart: Improve #10539. (#10565) 
* Helpers: Align `ingress-nginx.namespace` to `ingress-nginx.name`.

* Templates: Remove quotes.

In alignment to others. Also does not make sense as `namespace` must conform to DNS.

* Admission Webhooks/Validating Webhook: Make use of `ingress-nginx.namespace`.

* KEDA: Remove comment.

* Templates: Add forgotten namespace definitions.
 2023-11-01 22:59:56 +01:00
Pierre Ozoux
e805d4955d
feat(helm): add documentation about metric args (#10590) 
* feat(helm): add documentation about metric args

This helps documenting this issue:
https://github.com/kubernetes/ingress-nginx/issues/8233

and relates to this documentation:
https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/monitoring.md#histogram-buckets

* fix
 2023-11-01 13:57:39 +01:00
Roberto Devesa
b37f86026e
Fix typo (#10594) 2023-11-01 13:36:08 +01:00
dependabot[bot]
cf156c7390
Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#10587) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](483ef80eb9...0864cf1902)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-30 14:24:22 +01:00
dependabot[bot]
ecbf1851bb
Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 (#10586) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.12.0 to 0.13.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](fbd16365eb...b77b85c025)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-30 14:21:49 +01:00
Marco Ebert
0120a2df48
Admission Webhook: Truncate name. (#10523) 2023-10-29 18:26:05 +01:00
dependabot[bot]
f59738c753
Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 (#10579) 
Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/fsnotify/fsnotify/releases)
- [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fsnotify/fsnotify/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/fsnotify/fsnotify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-27 13:52:29 +02:00
Michael Dreher
8c3aeaae4a
Increase HSTS max-age to default to one year (#10564) 2023-10-27 12:50:37 +02:00