k8s-infra-cherrypick-robot
213b723d81
fix: update kube version requirement to 1.21 ( #11279 )
...
The controller depends on the v1 version of EndpointSlice, but the discovery.k8s.io/v1 API was first introduced in Kubernetes version 1.21.
Co-authored-by: NierYYDS <141559828+NierYYDS@users.noreply.github.com>
2024-04-18 11:30:38 -07:00
Marco Ebert
84020427b1
Chart: Add unit tests for default backend & topology spread constraints. ( #11219 )
2024-04-05 15:48:15 -07:00
k8s-infra-cherrypick-robot
eab36bb868
sort default backend hpa metrics ( #11217 )
...
Co-authored-by: Jozef Halgas <halgasj@gmail.com>
2024-04-05 13:33:33 -07:00
k8s-infra-cherrypick-robot
42284d1e73
updated certgen image shatag ( #11216 )
...
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-04-05 12:03:24 -07:00
Marco Ebert
e380c5f321
Owners: Update URL in aliases.
2024-04-04 15:01:47 +00:00
k8s-infra-cherrypick-robot
30b7d16af2
Fix-semver ( #11199 )
...
Co-authored-by: Karol Kieglerski <karol.kieglerski@dynatrace.com>
2024-04-04 07:27:48 -07:00
k8s-infra-cherrypick-robot
97921626f9
refactor helm ci tests part I ( #11188 )
...
* refactor helm ci tests part I
Signed-off-by: cpanato <ctadeu@gmail.com>
* update indentation
Signed-off-by: cpanato <ctadeu@gmail.com>
* fix path
Signed-off-by: cpanato <ctadeu@gmail.com>
* more updates
Signed-off-by: cpanato <ctadeu@gmail.com>
* add helm-lint job
Signed-off-by: cpanato <ctadeu@gmail.com>
---------
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
2024-04-01 05:33:33 -07:00
k8s-infra-cherrypick-robot
02ca3e1b41
Chart: Render controller.ingressClassResource.parameters natively. ( #11126 )
...
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-14 07:52:14 -07:00
k8s-infra-cherrypick-robot
f118d67042
Chart: Align HPA & KEDA conditions. ( #11113 )
...
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-12 08:06:30 -07:00
k8s-infra-cherrypick-robot
7f8bebeb88
Chart: Improve IngressClass documentation. ( #11111 )
...
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-12 08:01:51 -07:00
k8s-infra-cherrypick-robot
2e08614265
Chart: Add Gacko to maintainers. Again. ( #11112 )
...
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-12 07:56:45 -07:00
k8s-infra-cherrypick-robot
cbf6d2a7f1
Chart: Deploy PodDisruptionBudget with KEDA. ( #11105 )
...
* feat: deploy PDB if Keda is enabled and the minimum amount of replicas is greater than 1
* feat: add the corresponding unit-test to check PDB deployment with Keda
* chore: rename the test of PDB to follow suggested pattern
* chore: update the test-case suite name to the new format
* Update charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* Update charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
---------
Co-authored-by: ramonboorges@gmail.com <ramonboorges@gmail.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-11 15:37:04 -07:00
Marco Ebert
8d3d4a33bf
Chores: Pick patches from main. ( #11103 )
...
* Release version v1.10.0
* set deploy url to v1-10-0 in docs
* quotes around numbers fort ports definitions
* Bump dorny/paths-filter from 3.0.1 to 3.0.2
Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/dorny/paths-filter/releases )
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md )
- [Commits](ebc4d7e9eb...de90cc6fb3https://github.com/aquasecurity/trivy-action ) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](84384bd6e7...062f259268https://github.com/github/codeql-action ) from 3.24.5 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](47b3d888fe...8a470fddafhttps://github.com/prometheus/common ) from 0.48.0 to 0.49.0.
- [Release notes](https://github.com/prometheus/common/releases )
- [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.49.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/common
dependency-type: direct:production
update-type: version-update:semver-minor
...
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](f95db51fdd...0d103c3126https://github.com/stretchr/testify ) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-minor
...
* Bump actions/download-artifact from 4.1.2 to 4.1.4
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.1.2 to 4.1.4.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...c850b930e6https://github.com/prometheus/common ) from 0.49.0 to 0.50.0.
- [Release notes](https://github.com/prometheus/common/releases )
- [Commits](https://github.com/prometheus/common/compare/v0.49.0...v0.50.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/common
dependency-type: direct:production
update-type: version-update:semver-minor
...
* Bump the all group with 1 update
Bumps the all group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go ).
Updates `google.golang.org/grpc` from 1.62.0 to 1.62.1
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
...
* Bump the all group with 1 update
Bumps the all group with 1 update: [actions/add-to-project](https://github.com/actions/add-to-project ).
Updates `actions/add-to-project` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/actions/add-to-project/releases )
- [Commits](31b3f3ccdc...0609a2702ehttps://github.com/onsi/ginkgo ) from 2.15.0 to 2.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.15.0...v2.16.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
---------
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
Co-authored-by: Bartosz Fenski <fenio@debian.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Grinish <grinish@gmail.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
2024-03-11 14:30:46 -07:00
Ricardo Katz
7a75538dea
Bump kubewebhook certgen ( #11034 )
...
Signed-off-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
2024-02-27 21:32:13 -08:00
Bazze
bb6d1b77be
Update controller-prometheusrules.yaml ( #8902 )
...
As fixed in pull request #7829 for the ServiceMonitor resource, this is also needed for the PrometheusRule. When
upgrading the ingress-nginx chart in our environment (via Pulumi) from a really old version to the latest (4.2.0) we
noticed it wanted to delete the PrometheusRule resource. This PR should fix that.
2024-02-27 09:27:48 -08:00
Marco Ebert
3e740fe8e7
Chart: Set --enable-metrics depending on controller.metrics.enabled. ( #10959 )
2024-02-01 22:55:15 -08:00
Marco Ebert
48b9831122
Chart: Remove useless default from _params.tpl. ( #10957 )
2024-02-01 15:03:48 -08:00
James Strong
4e97379b4e
Release controller 1.9.6 and helm 4.9.1 ( #10919 )
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2024-01-26 23:45:19 -08:00
Marco Ebert
9de651aa7d
Chart: Add Gacko to maintainers. ( #10796 )
2023-12-21 14:42:18 +01:00
James Strong
0e47bfbfec
release 1.9.5 docs
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2023-12-21 10:42:28 +01:00
Mathieu Parent
9db2eb965e
Add controller.metrics.serviceMonitor.annotations in Helm chart ( #9677 )
...
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2023-12-20 23:08:50 +01:00
Joshua Sleeper
707a5a0bea
fix(labels): use complete labels variable on default-backend deployment ( #10317 )
2023-12-20 21:50:46 +01:00
Marco Ebert
0e12525bdd
Chart: Revert verion 4.8.4.
2023-12-20 19:30:43 +01:00
Marco Ebert
2f7f4d70eb
Chart: Improve #10673 .
2023-12-19 10:01:41 +01:00
AhmedGrati
6c876bba9a
fix: disable cluster wide controller role permissions ( #10659 )
...
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-12-15 14:25:39 +01:00
Stavros Foteinopoulos
be7f508c73
Add more unit tests to helm chart ( #10731 )
...
* Add more unit tests to helm chart
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
* Apply suggestions from code review
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* Apply suggestions from code review
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* Apply suggestions from code review
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* Use upstream helm-unittest repository
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
* Remove non existing value from controller unittest
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
* fix unit test
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
* Apply suggestions from code review
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* Apply suggestions from code review
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
---------
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2023-12-14 16:17:09 +01:00
Marco Ebert
97d4a83e75
Deployment/DaemonSet: Remove distroless from extraModules templating. ( #10742 )
2023-12-13 09:29:06 +01:00
patst
7e31f818ff
helm: opentelemetry addon allow configuration of registry with setting tag ( #9773 )
...
* feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon
* feat: allow configuration of registry, image, tag and digest in single values for opentelemetry addon
* add ci test file
* fix: updated helm-docs with opentelemetry image value
* fix: ci test case
* fix: ci test case set default registry, image + tag
* fix: ci test case set default registry + image
* fix: remove unrequired comment
* feat!: use extraModules helper method for templating the image value
* image definition for OTel image is now split up in image, repo and registry values
* feat!: move distroless config under the image key
* update helm-docs
* Refactor template to generate the image name
* adapt test cases for extraModules
* implement code review
* try to fix ci test for opentelemetry
2023-12-08 11:09:34 +01:00
Marco Ebert
7e54daa909
Helm Service: Align internal to external. ( #10239 )
...
* Service: Align internal to external.
* Service: Remove redundant condition.
2023-12-05 17:25:04 +01:00
Marco Ebert
815a1c56a9
Chart: Simplify image templating. ( #10708 )
2023-12-05 17:22:12 +01:00
Ofir Shtrull
83f4332572
add new serivce type for internal use ( #10727 )
...
* add new serivce type for internal use
* bump chart version
* lint
* fix tests
* fix readme
* Update charts/ingress-nginx/Chart.yaml
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* Update charts/ingress-nginx/values.yaml
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* rerun helm-docs
* Update charts/ingress-nginx/templates/controller-service-internal.yaml
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
* fix values
* fix values
---------
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2023-12-05 14:47:20 +01:00
Stavros Foteinopoulos
1f06e26080
Add extra configMaps support to helm chart ( #10673 )
...
* Add extra configMaps support to helm chart
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
* Introducing unit tests for helm chart
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
---------
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
2023-12-02 14:26:23 +01:00
Jmnote
bfc2300c3d
[charts] add controller.admissionWebhooks.networkPolicyEnabled ( #10650 )
...
* add controller.admissionWebhooks.networkPolicyEnabled
Signed-off-by: Jmnote <opcore@gmail.com>
* .Values.controller.admissionWebhooks.patch.networkPolicy.enabled
---------
Signed-off-by: Jmnote <opcore@gmail.com>
2023-11-29 22:39:51 +01:00
Marco Ebert
7b9e3566f7
Chart: Split CHANGELOG.md into changelog/helm-chart-*.md.
2023-11-28 09:52:26 +01:00
Marco Ebert
b8e4e3ceba
Chart: Rename changelog/Changelog-*.md into changelog/helm-chart-*.md.
2023-11-28 09:20:12 +01:00
Marco Ebert
84ced1ed1c
Chart: Improve changelog/helm-chart.md.gotmpl.
2023-11-28 09:20:12 +01:00
Marco Ebert
559c03d1d3
Chart: Rename changelog.md.gotmpl into changelog/helm-chart.md.gotmpl.
2023-11-28 09:20:12 +01:00
Marco Ebert
8b026f42d5
Chart: Tighten securityContexts and Pod Security Policies. ( #10491 )
...
* Values: Fix docs of `controller.podSecurityContext` & `controller.sysctls`.
* Values: Add missing `controller.containerSecurityContext`.
Already in use, but has never been added to values.
* Values: Fix docs of `defaultBackend.podSecurityContext` & `defaultBackend.containerSecurityContext`.
* Helpers: Rename `controller.containerSecurityContext` to `ingress-nginx.controller.containerSecurityContext`.
Due to alignment with other templates.
* Helpers: Improve `extraModules`.
- Make `command` a multiline list.
- Fix `toYaml` usage.
- Remove `toYaml` where not necessary.
* Helpers: Move `ingress-nginx.defaultBackend.fullname`.
* Helpers: Add `ingress-nginx.defaultBackend.containerSecurityContext`.
Extracts the default backend `securityContext` into a template, as for the controller.
* Controller: Fix indentation of `controller.podSecurityContext` & `controller.sysctls`.
* Controller: Improve `controller.extraModules` & `controller.opentelemetry`.
- Add `controller.extraModules.distroless` & `controller.extraModules.resources`.
- Add `controller.opentelemetry.name` & `controller.opentelemetry.distroless`.
- Align `extraModules` inclusion for `controller.extraModules` & `controller.opentelemetry`.
- Remove redundant whitespaces.
* Controller/PSP: Align indentation.
* Controller/PSP: Remove quotes.
* Controller/PSP: Improve comments.
* Controller/PSP: Reorder fields.
See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy .
* Admission Webhooks: Fix indentation of `controller.admissionWebhooks.patch.securityContext`.
* Admission Webhooks/PSP: Align indentation.
* Admission Webhooks/PSP: Reorder fields.
* Admission Webhooks/PSP: Align condition.
* Admission Webhooks/ClusterRole: Align PSP rule.
* Default Backend/PSP: Align indentation.
* Default Backend/PSP: Reorder fields.
See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy .
* Values: Tighten `controller.image`.
Due to recent changes, the controller image can be run without privilege escalation:
- https://github.com/kubernetes/ingress-nginx/issues/8499
- https://github.com/kubernetes/ingress-nginx/pull/7449
* Values: Tighten `controller.extraModules.containerSecurityContext`.
* Values: Tighten `controller.opentelemetry.containerSecurityContext`.
* Values: Tighten `controller.admissionWebhooks.*.securityContext`.
Moves the pod `securityContext` to the containers to not interfere with injected containers.
* Values: Tighten `defaultBackend.image`.
2023-11-07 18:52:36 +01:00
Marco Ebert
6499a6bd04
Chart: Fix pod selectors in NOTES.txt. ( #10617 )
...
Also improve other `kubectl` commands.
2023-11-07 18:46:40 +01:00
Leonardo Taccari
870847ad4c
Comment NGINXCertificateExpiry alert label matcher ( #10613 )
...
If a valid certificate is passed via `--default-ssl-certificate` it is
probably desiderable that we check its expiration!
Add a comment to explain that.
2023-11-05 12:23:43 +01:00
Philipp B
d6a0f46c32
chart: allow setting allocateLoadBalancerNodePorts ( #10585 )
...
Signed-off-by: Philipp Born <git@pborn.eu>
2023-11-02 22:45:46 +01:00
Leonardo Taccari
dc659b252d
Ignore fake certificate for NGINXCertificateExpiry ( #10505 )
...
The fake certificate is only a fallback and it is okay-ish if it
expires.
Do not alert for its expiration.
2023-11-02 21:11:03 +01:00
Marco Ebert
9cb3919e84
Chart: Improve #10539 . ( #10565 )
...
* Helpers: Align `ingress-nginx.namespace` to `ingress-nginx.name`.
* Templates: Remove quotes.
In alignment to others. Also does not make sense as `namespace` must conform to DNS.
* Admission Webhooks/Validating Webhook: Make use of `ingress-nginx.namespace`.
* KEDA: Remove comment.
* Templates: Add forgotten namespace definitions.
2023-11-01 22:59:56 +01:00
Pierre Ozoux
e805d4955d
feat(helm): add documentation about metric args ( #10590 )
...
* feat(helm): add documentation about metric args
This helps documenting this issue:
https://github.com/kubernetes/ingress-nginx/issues/8233
and relates to this documentation:
https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/monitoring.md#histogram-buckets
* fix
2023-11-01 13:57:39 +01:00
Roberto Devesa
b37f86026e
Fix typo ( #10594 )
2023-11-01 13:36:08 +01:00
Marco Ebert
0120a2df48
Admission Webhook: Truncate name. ( #10523 )
2023-10-29 18:26:05 +01:00
Ricardo Katz
5583f90c7f
Release v1.9.4 ( #10568 )
2023-10-25 18:33:49 +02:00
jasine
7ce6cc88d8
feat: add namespace overrides ( #10539 )
...
* feat: add namespace overrides
* add value in readme
* fix: readme description
* fix: description in value
* fix: set max length and trim last "-"
2023-10-24 19:53:46 +02:00
Matt Clegg
b9d8bb406c
DOCS Remove support for running Both ( #10255 )
2023-10-12 19:51:40 +02:00
James Strong
6f2ad83b0d
release 1.9.3
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2023-10-12 09:51:50 -04:00
