Compare commits
27 commits
main
...
helm-chart
| Author | SHA1 | Date | |
|---|---|---|---|
|
582adb44f7 | ||
|
|
2ffeb80c9e | ||
|
|
7a0e7dc3f9 | ||
|
|
8ca389235d | ||
|
|
34a35a24cf | ||
|
|
493049277b | ||
|
|
18e6eb0a31 | ||
|
|
b159577c23 | ||
|
|
3673519a73 | ||
|
|
5cc9aa1ad9 | ||
|
|
0a2ec01eb4 | ||
|
|
7ee28f431c | ||
|
|
0f5d2c6383 | ||
|
|
25b87436f7 | ||
|
|
23fa7c0450 | ||
|
|
570d0d5acb | ||
|
|
d5f3499cfe | ||
|
|
71d2346545 | ||
|
|
a15d226294 | ||
|
|
29b5519504 | ||
|
|
9f5559dcca | ||
|
|
bb265845b5 | ||
|
|
a104d4fbc3 | ||
|
|
3d277a6200 | ||
|
|
5564577f0d | ||
|
|
64e2bed508 | ||
|
|
f44bbe9b03 |
61 changed files with 1382 additions and 411 deletions
8
.github/workflows/ci.yaml
vendored
8
.github/workflows/ci.yaml
vendored
|
|
@ -46,12 +46,12 @@ jobs:
|
|||
uses: actions/checkout@v2
|
||||
|
||||
- name: Run Gosec Security Scanner
|
||||
uses: securego/gosec@master
|
||||
uses: securego/gosec@b99b5f7838e43a4104354ad92a6a1774302ee1f9
|
||||
with:
|
||||
# G601 for zz_generated.deepcopy.go
|
||||
# G306 TODO: Expect WriteFile permissions to be 0600 or less
|
||||
# G307 TODO: Deferring unsafe method "Close"
|
||||
args: -exclude=G601,G104,G204,G304,G306,G307 -tests=false -exclude-dir=test -exclude-dir=images/ -exclude-dir=docs/ ./...
|
||||
args: -exclude=G109,G601,G104,G204,G304,G306,G307 -tests=false -exclude-dir=test -exclude-dir=images/ -exclude-dir=docs/ ./...
|
||||
|
||||
build:
|
||||
name: Build
|
||||
|
|
@ -65,11 +65,11 @@ jobs:
|
|||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Go 1.16
|
||||
- name: Set up Go 1.17
|
||||
id: go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.16
|
||||
go-version: 1.17
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
|
|
|
|||
9
.github/workflows/helm.yaml
vendored
9
.github/workflows/helm.yaml
vendored
|
|
@ -4,7 +4,7 @@ on:
|
|||
push:
|
||||
branches:
|
||||
- main
|
||||
- dev-v1
|
||||
- legacy
|
||||
|
||||
jobs:
|
||||
|
||||
|
|
@ -53,10 +53,11 @@ jobs:
|
|||
git config --global user.name "$GITHUB_ACTOR"
|
||||
git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
|
||||
|
||||
- name: Run chart-releaser
|
||||
uses: helm/chart-releaser-action@v1.1.0
|
||||
- name: Helm Chart Releaser
|
||||
uses: helm/chart-releaser-action@v1.4.0
|
||||
env:
|
||||
CR_TOKEN: "${{ secrets.PERSONAL_TOKEN }}"
|
||||
CR_SKIP_EXISTING: "false"
|
||||
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
||||
CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
|
||||
with:
|
||||
charts_dir: charts
|
||||
|
|
|
|||
28
Changelog.md
28
Changelog.md
|
|
@ -1,5 +1,33 @@
|
|||
# Changelog
|
||||
|
||||
### 0.51.0
|
||||
|
||||
**Image:**
|
||||
|
||||
- k8s.gcr.io/ingress-nginx/controller:v0.51.0@sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
|
||||
This release upgrades Alpine to 3.14.4 and nginx to 1.19.10
|
||||
|
||||
Patches [OpenSSL CVE-2022-0778](https://github.com/kubernetes/ingress-nginx/issues/8339)
|
||||
|
||||
Patches [Libxml2 CVE-2022-23308](https://github.com/kubernetes/ingress-nginx/issues/8321)
|
||||
|
||||
### 0.50.0
|
||||
|
||||
**Image:**
|
||||
|
||||
- `k8s.gcr.io/ingress-nginx/controller:v0.50.0@sha256:f46fc2d161c97a9d950635acb86fb3f8d4adcfb03ee241ea89c6cde16aa3fdf8`
|
||||
|
||||
This release makes the annotation `annotation-value-word-blocklist` backwards compatible by being an empty list instead of prescribed defaults.
|
||||
Effectively reverting [7874](https://github.com/kubernetes/ingress-nginx/pull/7874) but keeping the functionality of `annotation-value-word-blocklist`
|
||||
|
||||
See Issue [7939](https://github.com/kubernetes/ingress-nginx/pull/7939) for more discussion
|
||||
|
||||
Admins should still consider putting a reasonable block list in place, more information on why can be found [here](https://github.com/kubernetes/ingress-nginx/issues/7837) and how in our documentation [here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#annotation-value-word-blocklist)
|
||||
|
||||
_Changes:_
|
||||
- [7963](https://github.com/kubernetes/ingress-nginx/pull/7963) Change sanitization message from error to warning (#7963)
|
||||
- [7942](https://github.com/kubernetes/ingress-nginx/pull/7942) update default block list,docs, tests (#7942)
|
||||
|
||||
### 0.49.0
|
||||
|
||||
|
|
|
|||
2
Makefile
2
Makefile
|
|
@ -51,7 +51,7 @@ endif
|
|||
|
||||
REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
|
||||
|
||||
BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:v20210809-g98288bc3c@sha256:f9363669cf26514c9548c1fe4f8f4e2f58dfb76616bcd638a0ff7f0ec3457c17
|
||||
BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180
|
||||
|
||||
GOARCH=$(ARCH)
|
||||
|
||||
|
|
|
|||
17
README.md
17
README.md
|
|
@ -29,13 +29,16 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi
|
|||
### Support Versions table
|
||||
|
||||
| Ingress-nginx version | k8s supported version | Alpine Version | Nginx Version |
|
||||
|-----------------------|------------- |----------------|---------------|
|
||||
| v1.0.0-alpha.2 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v1.0.0-alpha.1 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v0.49.0 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v0.48.1 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v0.47.0 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v0.46.0 | 1.21, 1.20, 1.19 | 3.13.2 | 1.19.6 |
|
||||
|-----------------------|------------------------|----------------|---------------|
|
||||
| v1.0.0-alpha.2 | 1.22, 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v1.0.0-alpha.1 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v0.51.0 | 1.21, 1.20, 1.19 | 3.14.4 | 1.19.10† |
|
||||
| v0.50.0 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† |
|
||||
| v0.49.3 | 1.21, 1.20, 1.19 | 3.14.2 | 1.19.9† |
|
||||
| v0.49.0 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v0.48.1 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v0.47.0 | 1.21, 1.20, 1.19 | 3.13.5 | 1.20.1 |
|
||||
| v0.46.0 | 1.21, 1.20, 1.19 | 3.13.2 | 1.19.6 |
|
||||
|
||||
## Get Involved
|
||||
|
||||
|
|
|
|||
2
TAG
2
TAG
|
|
@ -1 +1 @@
|
|||
v0.49.0
|
||||
v0.51.0
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ function cleanup {
|
|||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
E2E_IMAGE=${E2E_IMAGE:-k8s.gcr.io/ingress-nginx/e2e-test-runner:v20210810-g820a21a74@sha256:7d7393a8c6c72d76145282df53ea0679a5b769211fd1cd6b8910b6dda1bd986d}
|
||||
E2E_IMAGE=${E2E_IMAGE:-k8s.gcr.io/ingress-nginx/e2e-test-runner:v20210822-g5e5faa24d@sha256:55c568d9e35e15d94b3ab41fe549b8ee4cd910cc3e031ddcccd06256755c5d89}
|
||||
|
||||
DOCKER_OPTS=${DOCKER_OPTS:-}
|
||||
DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,18 @@
|
|||
|
||||
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
|
||||
|
||||
### 3.40.0
|
||||
- [7973](https://github.com/kubernetes/ingress-nginx/pull/7973) update controller version to v0.50.0
|
||||
- [7963](https://github.com/kubernetes/ingress-nginx/pull/7963) Change sanitization message from error to warning (#7963)
|
||||
- [7942](https://github.com/kubernetes/ingress-nginx/pull/7942) update default block list,docs, tests (#7942)
|
||||
|
||||
### 3.39.0
|
||||
- [7742] https://github.com/kubernetes/ingress-nginx/pull/7742 Release v0.49.3 with bugfixes
|
||||
|
||||
### 3.37.0
|
||||
- [7666] https://github.com/kubernetes/ingress-nginx/pull/7666 Add option to disable snippet annotations
|
||||
- [7671] https://github.com/kubernetes/ingress-nginx/pull/7671 Downgrade NGINX image to v1.19.9
|
||||
|
||||
### 3.34.0
|
||||
|
||||
- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
apiVersion: v2
|
||||
name: ingress-nginx
|
||||
# When the version is modified, make sure the artifacthub.io/changes list is updated
|
||||
# When the version is modified, please make sure the artifacthub.io/changes list is updated
|
||||
# Also update CHANGELOG.md
|
||||
version: 3.36.0
|
||||
appVersion: 0.49.0
|
||||
version: 3.41.0
|
||||
appVersion: 0.51.0
|
||||
home: https://github.com/kubernetes/ingress-nginx
|
||||
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
|
||||
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
|
||||
|
|
@ -14,12 +14,16 @@ sources:
|
|||
- https://github.com/kubernetes/ingress-nginx
|
||||
type: application
|
||||
maintainers:
|
||||
- name: ChiefAlexander
|
||||
- name: rikatz
|
||||
- name: strongjz
|
||||
- name: tao12345666333
|
||||
engine: gotpl
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
annotations:
|
||||
# List of changes for the release in artifacthub.io
|
||||
# https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog
|
||||
artifacthub.io/changes: |
|
||||
- Migrate the webhook-certgen program inside ingress repo.
|
||||
- Fix forwarding of auth-response-headers to gRPC backends
|
||||
- "#8307 Nginx v1.19.10"
|
||||
- "#8386 Alpine 3.14.4"
|
||||
- "#8339 Patch OpenSSL CVE-2022-0778"
|
||||
- "#8321 Vulnerability CVE-2022-23308 for libxml2"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
controller:
|
||||
kind: DaemonSet
|
||||
allowSnippetAnnotations: false
|
||||
admissionWebhooks:
|
||||
enabled: false
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
controller:
|
||||
autoscaling:
|
||||
enabled: true
|
||||
behavior:
|
||||
scaleDown:
|
||||
stabilizationWindowSeconds: 300
|
||||
policies:
|
||||
- type: Pods
|
||||
value: 1
|
||||
periodSeconds: 180
|
||||
admissionWebhooks:
|
||||
enabled: false
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
controller:
|
||||
config:
|
||||
use-proxy-protocol: "true"
|
||||
allowSnippetAnnotations: false
|
||||
admissionWebhooks:
|
||||
enabled: false
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ metadata:
|
|||
name: {{ include "ingress-nginx.controller.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
data:
|
||||
allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}"
|
||||
{{- if .Values.controller.addHeaders }}
|
||||
add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -22,9 +22,9 @@ spec:
|
|||
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ . }}
|
||||
|
|
@ -38,7 +38,11 @@ spec:
|
|||
averageUtilization: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.autoscalingTemplate }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.autoscaling.behavior }}
|
||||
behavior:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@ controller:
|
|||
# for backwards compatibility consider setting the full image url via the repository value below
|
||||
# use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
||||
# repository:
|
||||
tag: "v0.49.0"
|
||||
digest: sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef
|
||||
tag: "v0.51.0"
|
||||
digest: sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
pullPolicy: IfNotPresent
|
||||
# www-data -> uid 101
|
||||
runAsUser: 101
|
||||
|
|
@ -61,6 +61,12 @@ controller:
|
|||
# Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
|
||||
reportNodeInternalIp: false
|
||||
|
||||
# This configuration defines if Ingress Controller should allow users to set
|
||||
# their own *-snippet annotations, otherwise this is forbidden / dropped
|
||||
# when users add those annotations.
|
||||
# Global snippets in ConfigMap are still respected
|
||||
allowSnippetAnnotations: true
|
||||
|
||||
# Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
|
||||
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
|
||||
# is merged
|
||||
|
|
@ -335,6 +341,19 @@ controller:
|
|||
maxReplicas: 11
|
||||
targetCPUUtilizationPercentage: 50
|
||||
targetMemoryUtilizationPercentage: 50
|
||||
behavior: {}
|
||||
# scaleDown:
|
||||
# stabilizationWindowSeconds: 300
|
||||
# policies:
|
||||
# - type: Pods
|
||||
# value: 1
|
||||
# periodSeconds: 180
|
||||
# scaleUp:
|
||||
# stabilizationWindowSeconds: 300
|
||||
# policies:
|
||||
# - type: Pods
|
||||
# value: 2
|
||||
# periodSeconds: 60
|
||||
|
||||
autoscalingTemplate: []
|
||||
# Custom or additional autoscaling metrics
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -28,15 +28,16 @@ apiVersion: v1
|
|||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
data:
|
||||
allow-snippet-annotations: 'true'
|
||||
http-snippet: |
|
||||
server{
|
||||
listen 2443;
|
||||
|
|
@ -50,10 +51,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
rules:
|
||||
|
|
@ -119,10 +120,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
|
|
@ -139,10 +140,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -225,10 +226,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -247,10 +248,10 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller-admission
|
||||
|
|
@ -278,10 +279,10 @@ metadata:
|
|||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: elb
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -308,10 +309,10 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -334,7 +335,7 @@ spec:
|
|||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.51.0@sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
|
|
@ -426,10 +427,10 @@ apiVersion: admissionregistration.k8s.io/v1
|
|||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
|
|
@ -467,10 +468,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
---
|
||||
|
|
@ -483,10 +484,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -507,10 +508,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -532,10 +533,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -557,10 +558,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -582,10 +583,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -593,10 +594,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -632,10 +633,10 @@ metadata:
|
|||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -643,10 +644,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -28,25 +28,26 @@ apiVersion: v1
|
|||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
data:
|
||||
allow-snippet-annotations: 'true'
|
||||
---
|
||||
# Source: ingress-nginx/templates/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
rules:
|
||||
|
|
@ -112,10 +113,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
|
|
@ -132,10 +133,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -218,10 +219,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -240,10 +241,10 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller-admission
|
||||
|
|
@ -268,10 +269,10 @@ metadata:
|
|||
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: nlb
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -298,10 +299,10 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -324,7 +325,7 @@ spec:
|
|||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.51.0@sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
|
|
@ -413,10 +414,10 @@ apiVersion: admissionregistration.k8s.io/v1
|
|||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
|
|
@ -454,10 +455,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
---
|
||||
|
|
@ -470,10 +471,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -494,10 +495,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -519,10 +520,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -544,10 +545,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -569,10 +570,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -580,10 +581,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -619,10 +620,10 @@ metadata:
|
|||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -630,10 +631,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -28,25 +28,26 @@ apiVersion: v1
|
|||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
data:
|
||||
allow-snippet-annotations: 'true'
|
||||
---
|
||||
# Source: ingress-nginx/templates/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
rules:
|
||||
|
|
@ -112,10 +113,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
|
|
@ -132,10 +133,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -218,10 +219,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -240,10 +241,10 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller-admission
|
||||
|
|
@ -265,10 +266,10 @@ kind: Service
|
|||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -294,10 +295,10 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -320,7 +321,7 @@ spec:
|
|||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.51.0@sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
|
|
@ -408,10 +409,10 @@ apiVersion: admissionregistration.k8s.io/v1
|
|||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
|
|
@ -449,10 +450,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
---
|
||||
|
|
@ -465,10 +466,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -489,10 +490,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -514,10 +515,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -539,10 +540,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -564,10 +565,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -575,10 +576,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -614,10 +615,10 @@ metadata:
|
|||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -625,10 +626,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -28,25 +28,26 @@ apiVersion: v1
|
|||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
data:
|
||||
allow-snippet-annotations: 'true'
|
||||
---
|
||||
# Source: ingress-nginx/templates/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
rules:
|
||||
|
|
@ -112,10 +113,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
|
|
@ -132,10 +133,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -218,10 +219,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -240,10 +241,10 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller-admission
|
||||
|
|
@ -265,10 +266,10 @@ kind: Service
|
|||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -295,10 +296,10 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -321,7 +322,7 @@ spec:
|
|||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.51.0@sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
|
|
@ -410,10 +411,10 @@ apiVersion: admissionregistration.k8s.io/v1
|
|||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
|
|
@ -451,10 +452,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
---
|
||||
|
|
@ -467,10 +468,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -491,10 +492,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -516,10 +517,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -541,10 +542,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -566,10 +567,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -577,10 +578,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -616,10 +617,10 @@ metadata:
|
|||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -627,10 +628,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -28,15 +28,16 @@ apiVersion: v1
|
|||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
data:
|
||||
allow-snippet-annotations: 'true'
|
||||
use-proxy-protocol: 'true'
|
||||
---
|
||||
# Source: ingress-nginx/templates/clusterrole.yaml
|
||||
|
|
@ -44,10 +45,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
rules:
|
||||
|
|
@ -113,10 +114,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
|
|
@ -133,10 +134,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -219,10 +220,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -241,10 +242,10 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller-admission
|
||||
|
|
@ -267,10 +268,10 @@ metadata:
|
|||
annotations:
|
||||
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -297,10 +298,10 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -323,7 +324,7 @@ spec:
|
|||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.51.0@sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
|
|
@ -412,10 +413,10 @@ apiVersion: admissionregistration.k8s.io/v1
|
|||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
|
|
@ -453,10 +454,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
---
|
||||
|
|
@ -469,10 +470,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -493,10 +494,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -518,10 +519,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -543,10 +544,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -568,10 +569,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -579,10 +580,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -618,10 +619,10 @@ metadata:
|
|||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -629,10 +630,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -28,25 +28,26 @@ apiVersion: v1
|
|||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
data:
|
||||
allow-snippet-annotations: 'true'
|
||||
---
|
||||
# Source: ingress-nginx/templates/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
rules:
|
||||
|
|
@ -112,10 +113,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
|
|
@ -132,10 +133,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -218,10 +219,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -240,10 +241,10 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller-admission
|
||||
|
|
@ -273,10 +274,10 @@ metadata:
|
|||
service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-timeout: 3s
|
||||
service.beta.kubernetes.io/exoscale-loadbalancer-service-strategy: source-hash
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -303,10 +304,10 @@ apiVersion: apps/v1
|
|||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -329,7 +330,7 @@ spec:
|
|||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.51.0@sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
|
|
@ -418,10 +419,10 @@ apiVersion: admissionregistration.k8s.io/v1
|
|||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
|
|
@ -459,10 +460,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
---
|
||||
|
|
@ -475,10 +476,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -499,10 +500,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -524,10 +525,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -549,10 +550,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -574,10 +575,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -585,10 +586,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -624,10 +625,10 @@ metadata:
|
|||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -635,10 +636,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -28,25 +28,26 @@ apiVersion: v1
|
|||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
data:
|
||||
allow-snippet-annotations: 'true'
|
||||
---
|
||||
# Source: ingress-nginx/templates/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
rules:
|
||||
|
|
@ -112,10 +113,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
|
|
@ -132,10 +133,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -218,10 +219,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -240,10 +241,10 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller-admission
|
||||
|
|
@ -265,10 +266,10 @@ kind: Service
|
|||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -294,10 +295,10 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -324,7 +325,7 @@ spec:
|
|||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.51.0@sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
|
|
@ -420,10 +421,10 @@ apiVersion: admissionregistration.k8s.io/v1
|
|||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
|
|
@ -461,10 +462,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
---
|
||||
|
|
@ -477,10 +478,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -501,10 +502,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -526,10 +527,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -551,10 +552,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -576,10 +577,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -587,10 +588,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -626,10 +627,10 @@ metadata:
|
|||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -637,10 +638,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -28,15 +28,16 @@ apiVersion: v1
|
|||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
data:
|
||||
allow-snippet-annotations: 'true'
|
||||
use-proxy-protocol: 'true'
|
||||
---
|
||||
# Source: ingress-nginx/templates/clusterrole.yaml
|
||||
|
|
@ -44,10 +45,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
rules:
|
||||
|
|
@ -113,10 +114,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
|
|
@ -133,10 +134,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -219,10 +220,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx
|
||||
|
|
@ -241,10 +242,10 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller-admission
|
||||
|
|
@ -267,10 +268,10 @@ metadata:
|
|||
annotations:
|
||||
service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: 'true'
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -297,10 +298,10 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
|
|
@ -323,7 +324,7 @@ spec:
|
|||
dnsPolicy: ClusterFirst
|
||||
containers:
|
||||
- name: controller
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef
|
||||
image: k8s.gcr.io/ingress-nginx/controller:v0.51.0@sha256:df2f0bcddb9295986f019231956fb0e78788032420b15ef99d48fcf9305e8a04
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
|
|
@ -412,10 +413,10 @@ apiVersion: admissionregistration.k8s.io/v1
|
|||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: ingress-nginx-admission
|
||||
|
|
@ -453,10 +454,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
---
|
||||
|
|
@ -469,10 +470,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -493,10 +494,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -518,10 +519,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
rules:
|
||||
|
|
@ -543,10 +544,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
roleRef:
|
||||
|
|
@ -568,10 +569,10 @@ metadata:
|
|||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -579,10 +580,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-create
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -618,10 +619,10 @@ metadata:
|
|||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
@ -629,10 +630,10 @@ spec:
|
|||
metadata:
|
||||
name: ingress-nginx-admission-patch
|
||||
labels:
|
||||
helm.sh/chart: ingress-nginx-3.36.0
|
||||
helm.sh/chart: ingress-nginx-3.41.0
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/version: 0.49.0
|
||||
app.kubernetes.io/version: 0.51.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ Kubernetes is available in Docker Desktop
|
|||
- Windows, from [version 18.06.0-ce](https://docs.docker.com/docker-for-windows/release-notes/#docker-community-edition-18060-ce-win70-2018-07-25)
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/cloud/deploy.yaml
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.51.0/deploy/static/provider/cloud/deploy.yaml
|
||||
```
|
||||
|
||||
#### minikube
|
||||
|
|
@ -82,7 +82,7 @@ In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controll
|
|||
##### Network Load Balancer (NLB)
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/aws/deploy.yaml
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.51.0/deploy/static/provider/aws/deploy.yaml
|
||||
```
|
||||
|
||||
##### TLS termination in AWS Load Balancer (ELB)
|
||||
|
|
@ -91,10 +91,10 @@ In some scenarios is required to terminate TLS in the Load Balancer and not in t
|
|||
|
||||
For this purpose we provide a template:
|
||||
|
||||
- Download [deploy-tls-termination.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/aws/deploy-tls-termination.yaml)
|
||||
- Download [deploy-tls-termination.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.51.0/deploy/static/provider/aws/deploy-tls-termination.yaml)
|
||||
|
||||
```console
|
||||
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/aws/deploy-tls-termination.yaml
|
||||
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.51.0/deploy/static/provider/aws/deploy-tls-termination.yaml
|
||||
```
|
||||
|
||||
- Edit the file and change:
|
||||
|
|
@ -140,7 +140,7 @@ More information with regards to timeouts can be found in the [official AWS docu
|
|||
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/cloud/deploy.yaml
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.51.0/deploy/static/provider/cloud/deploy.yaml
|
||||
```
|
||||
|
||||
!!! failure Important
|
||||
|
|
@ -149,7 +149,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
|
|||
#### Azure
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/cloud/deploy.yaml
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.51.0/deploy/static/provider/cloud/deploy.yaml
|
||||
```
|
||||
|
||||
More information with regards to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller).
|
||||
|
|
@ -157,13 +157,13 @@ More information with regards to Azure annotations for ingress controller can be
|
|||
#### Digital Ocean
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/do/deploy.yaml
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.51.0/deploy/static/provider/do/deploy.yaml
|
||||
```
|
||||
|
||||
#### Scaleway
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/scw/deploy.yaml
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.51.0/deploy/static/provider/scw/deploy.yaml
|
||||
```
|
||||
|
||||
#### Exoscale
|
||||
|
|
@ -187,7 +187,7 @@ A [complete list of available annotations for Oracle Cloud Infrastructure](https
|
|||
Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport):
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/baremetal/deploy.yaml
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.51.0/deploy/static/provider/baremetal/deploy.yaml
|
||||
```
|
||||
|
||||
!!! tip
|
||||
|
|
|
|||
|
|
@ -29,6 +29,8 @@ The following table shows a configuration option's name, type, and the default v
|
|||
|:---|:---|:------|
|
||||
|[add-headers](#add-headers)|string|""|
|
||||
|[allow-backend-server-header](#allow-backend-server-header)|bool|"false"|
|
||||
|[allow-snippet-annotations](#allow-snippet-annotations)|bool|true|
|
||||
|[annotation-value-word-blocklist](#annotation-value-word-blocklist)|string array|""|
|
||||
|[hide-headers](#hide-headers)|string array|empty|
|
||||
|[access-log-params](#access-log-params)|string|""|
|
||||
|[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"|
|
||||
|
|
@ -209,6 +211,27 @@ Sets custom headers from named configmap before sending traffic to the client. S
|
|||
|
||||
Enables the return of the header Server from the backend instead of the generic nginx string. _**default:**_ is disabled
|
||||
|
||||
## allow-snippet-annotations
|
||||
|
||||
Enables Ingress to parse and add *-snippet annotations/directives created by the user. _**default:**_ `true`;
|
||||
|
||||
Warning: We recommend enabling this option only if you TRUST users with permission to create Ingress objects, as this
|
||||
may allow a user to add restricted configurations to the final nginx.conf file
|
||||
|
||||
## annotation-value-word-blocklist
|
||||
|
||||
Contains a comma-separated value of chars/words that are well known of being used to abuse Ingress configuration
|
||||
and must be blocked. Related to [CVE-2021-25742](https://github.com/kubernetes/ingress-nginx/issues/7837)
|
||||
|
||||
When an annotation is detected with a value that matches one of the blocked bad words, the whole Ingress won't be configured.
|
||||
|
||||
_**default:**_ `""`
|
||||
|
||||
When doing this, the default blocklist is override, which means that the Ingress admin should add all the words
|
||||
that should be blocked, here is a suggested block list.
|
||||
|
||||
_**suggested:**_ `"load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\"`
|
||||
|
||||
## hide-headers
|
||||
|
||||
Sets additional header that will not be passed from the upstream server to the client response.
|
||||
|
|
|
|||
103
go.mod
103
go.mod
|
|
@ -1,6 +1,6 @@
|
|||
module k8s.io/ingress-nginx
|
||||
|
||||
go 1.16
|
||||
go 1.17
|
||||
|
||||
require (
|
||||
github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a
|
||||
|
|
@ -46,3 +46,104 @@ require (
|
|||
sigs.k8s.io/controller-runtime v0.9.5
|
||||
sigs.k8s.io/mdtoc v1.0.1
|
||||
)
|
||||
|
||||
require (
|
||||
cloud.google.com/go v0.81.0 // indirect
|
||||
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
|
||||
github.com/Azure/go-autorest/autorest v0.11.12 // indirect
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.5 // indirect
|
||||
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
|
||||
github.com/Azure/go-autorest/logger v0.2.0 // indirect
|
||||
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
|
||||
github.com/BurntSushi/toml v0.3.1 // indirect
|
||||
github.com/PuerkitoBio/purell v1.1.1 // indirect
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
|
||||
github.com/ajg/form v1.5.1 // indirect
|
||||
github.com/andybalholm/brotli v1.0.2 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/blang/semver v3.5.1+incompatible // indirect
|
||||
github.com/cespare/xxhash/v2 v2.1.1 // indirect
|
||||
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
|
||||
github.com/cyphar/filepath-securejoin v0.2.2 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/eapache/queue v1.1.0 // indirect
|
||||
github.com/emicklei/go-restful v2.9.5+incompatible // indirect
|
||||
github.com/evanphx/json-patch v4.11.0+incompatible // indirect
|
||||
github.com/fatih/structs v1.0.0 // indirect
|
||||
github.com/form3tech-oss/jwt-go v3.2.2+incompatible // indirect
|
||||
github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b // indirect
|
||||
github.com/go-errors/errors v1.0.1 // indirect
|
||||
github.com/go-logr/logr v0.4.0 // indirect
|
||||
github.com/go-openapi/jsonpointer v0.19.3 // indirect
|
||||
github.com/go-openapi/jsonreference v0.19.3 // indirect
|
||||
github.com/go-openapi/spec v0.19.5 // indirect
|
||||
github.com/go-openapi/swag v0.19.5 // indirect
|
||||
github.com/godbus/dbus/v5 v5.0.4 // indirect
|
||||
github.com/gogo/protobuf v1.3.2 // indirect
|
||||
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
|
||||
github.com/golang/protobuf v1.5.2 // indirect
|
||||
github.com/gomarkdown/markdown v0.0.0-20200824053859-8c8b3816f167 // indirect
|
||||
github.com/google/btree v1.0.0 // indirect
|
||||
github.com/google/go-cmp v0.5.5 // indirect
|
||||
github.com/google/go-querystring v1.0.0 // indirect
|
||||
github.com/google/gofuzz v1.1.0 // indirect
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
|
||||
github.com/google/uuid v1.2.0 // indirect
|
||||
github.com/googleapis/gnostic v0.5.5 // indirect
|
||||
github.com/gorilla/websocket v1.4.2 // indirect
|
||||
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
|
||||
github.com/hashicorp/golang-lru v0.5.4 // indirect
|
||||
github.com/imkira/go-interpol v1.0.0 // indirect
|
||||
github.com/inconshreveable/mousetrap v1.0.0 // indirect
|
||||
github.com/klauspost/compress v1.12.2 // indirect
|
||||
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
|
||||
github.com/mailru/easyjson v0.7.0 // indirect
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
|
||||
github.com/mmarkdown/mmark v2.0.40+incompatible // indirect
|
||||
github.com/moby/sys/mountinfo v0.4.1 // indirect
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
||||
github.com/modern-go/reflect2 v1.0.1 // indirect
|
||||
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
|
||||
github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect
|
||||
github.com/nxadm/tail v1.4.8 // indirect
|
||||
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect
|
||||
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
|
||||
github.com/prometheus/procfs v0.6.0 // indirect
|
||||
github.com/sergi/go-diff v1.1.0 // indirect
|
||||
github.com/sirupsen/logrus v1.8.1 // indirect
|
||||
github.com/valyala/bytebufferpool v1.0.0 // indirect
|
||||
github.com/valyala/fasthttp v1.27.0 // indirect
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
|
||||
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
|
||||
github.com/xeipuuv/gojsonschema v1.1.0 // indirect
|
||||
github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect
|
||||
github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 // indirect
|
||||
github.com/yudai/gojsondiff v1.0.0 // indirect
|
||||
github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect
|
||||
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
|
||||
go.uber.org/atomic v1.7.0 // indirect
|
||||
go.uber.org/multierr v1.6.0 // indirect
|
||||
go.uber.org/zap v1.18.1 // indirect
|
||||
golang.org/x/mod v0.4.2 // indirect
|
||||
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c // indirect
|
||||
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
|
||||
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect
|
||||
golang.org/x/text v0.3.6 // indirect
|
||||
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
|
||||
golang.org/x/tools v0.1.2 // indirect
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
|
||||
google.golang.org/protobuf v1.26.0 // indirect
|
||||
gopkg.in/inf.v0 v0.9.1 // indirect
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
|
||||
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 // indirect
|
||||
k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7 // indirect
|
||||
moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e // indirect
|
||||
sigs.k8s.io/kustomize/api v0.8.8 // indirect
|
||||
sigs.k8s.io/kustomize/kyaml v0.10.17 // indirect
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
|
||||
sigs.k8s.io/yaml v1.2.0 // indirect
|
||||
)
|
||||
|
|
|
|||
16
hack/boilerplate/boilerplate.generated.go.txt
Normal file
16
hack/boilerplate/boilerplate.generated.go.txt
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
/*
|
||||
Copyright 2021 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
|
|
@ -193,7 +193,7 @@ def get_regexs():
|
|||
'(%s)' % "|".join(map(lambda l: str(l), years)))
|
||||
# strip // +build \n\n build constraints
|
||||
regexs["go_build_constraints"] = re.compile(
|
||||
r"^(// \+build.*\n)+\n", re.MULTILINE)
|
||||
r"^((// \+build.*\n)|(//go:build.*\n))+\n", re.MULTILINE)
|
||||
# strip #!.* from shell scripts
|
||||
regexs["shebang"] = re.compile(r"^(#!.*\n)\n*", re.MULTILINE)
|
||||
return regexs
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
//go:build tools
|
||||
// +build tools
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -41,4 +41,4 @@ ${CODEGEN_PKG}/generate-groups.sh "deepcopy" \
|
|||
k8s.io/ingress-nginx/internal k8s.io/ingress-nginx/internal \
|
||||
.:ingress \
|
||||
--output-base "$(dirname ${BASH_SOURCE})/../../.." \
|
||||
--go-header-file ${SCRIPT_ROOT}/hack/boilerplate/boilerplate.go.txt
|
||||
--go-header-file ${SCRIPT_ROOT}/hack/boilerplate/boilerplate.generated.go.txt
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ build: ensure-buildx
|
|||
--platform=${PLATFORMS} $(OUTPUT) \
|
||||
--progress=$(PROGRESS) \
|
||||
--pull \
|
||||
--build-arg BASE_IMAGE=k8s.gcr.io/ingress-nginx/nginx:v20210809-g98288bc3c@sha256:f9363669cf26514c9548c1fe4f8f4e2f58dfb76616bcd638a0ff7f0ec3457c17 \
|
||||
--build-arg BASE_IMAGE=k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180 \
|
||||
--build-arg LUAROCKS_VERSION=3.3.1 \
|
||||
--build-arg LUAROCKS_SHA=837481e408f7c06b59befe7ec194537c657687d624894bca7f79034302141a34 \
|
||||
-t $(IMAGE):$(TAG) rootfs
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ This image provides a default configuration file with no backend servers.
|
|||
_Using docker_
|
||||
|
||||
```console
|
||||
docker run -v /some/nginx.con:/etc/nginx/nginx.conf:ro k8s.gcr.io/ingress-nginx/nginx:v20210809-g98288bc3c@sha256:f9363669cf26514c9548c1fe4f8f4e2f58dfb76616bcd638a0ff7f0ec3457c17
|
||||
docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180
|
||||
```
|
||||
|
||||
_Creating a replication controller_
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: k8s.gcr.io/ingress-nginx/nginx:v20210809-g98288bc3c@sha256:f9363669cf26514c9548c1fe4f8f4e2f58dfb76616bcd638a0ff7f0ec3457c17
|
||||
image: k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- containerPort: 443
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
|
||||
FROM alpine:3.13 as builder
|
||||
FROM alpine:3.14.2 as builder
|
||||
|
||||
COPY . /
|
||||
|
||||
|
|
@ -23,7 +23,7 @@ RUN apk update \
|
|||
&& /build.sh
|
||||
|
||||
# Use a multi-stage build
|
||||
FROM alpine:3.13
|
||||
FROM alpine:3.14.2
|
||||
|
||||
ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ set -o errexit
|
|||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
export NGINX_VERSION=1.20.1
|
||||
export NGINX_VERSION=1.19.9
|
||||
|
||||
# Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.1...master
|
||||
export NDK_VERSION=0.3.1
|
||||
|
|
@ -190,7 +190,7 @@ mkdir --verbose -p "$BUILD_PATH"
|
|||
cd "$BUILD_PATH"
|
||||
|
||||
# download, verify and extract the source files
|
||||
get_src e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49 \
|
||||
get_src 2e35dff06a9826e8aca940e9e8be46b7e4b12c19a48d55bfc2dc28fc9cc7d841 \
|
||||
"https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"
|
||||
|
||||
get_src 0e971105e210d272a497567fa2e2c256f4e39b845a5ba80d373e26ba1abfbd85 \
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ REGISTRY ?= local
|
|||
|
||||
IMAGE = $(REGISTRY)/e2e-test-runner
|
||||
|
||||
NGINX_BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:v20210809-g98288bc3c@sha256:f9363669cf26514c9548c1fe4f8f4e2f58dfb76616bcd638a0ff7f0ec3457c17
|
||||
NGINX_BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180
|
||||
|
||||
# required to enable buildx
|
||||
export DOCKER_CLI_EXPERIMENTAL=enabled
|
||||
|
|
|
|||
|
|
@ -116,6 +116,12 @@ rewrite (?i)/arcgis/services/Utilities/Geometry/GeometryServer(.*)$ /arcgis/serv
|
|||
}
|
||||
continue
|
||||
}
|
||||
if !test.expErr {
|
||||
if err != nil {
|
||||
t.Errorf("%v: didn't expected error but error was returned: %v", test.name, err)
|
||||
}
|
||||
continue
|
||||
}
|
||||
if s != test.exp {
|
||||
t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.name, test.exp, s)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -93,6 +93,15 @@ const (
|
|||
type Configuration struct {
|
||||
defaults.Backend `json:",squash"`
|
||||
|
||||
// AllowSnippetAnnotations enable users to add their own snippets via ingress annotation.
|
||||
// If disabled, only snippets added via ConfigMap are added to ingress.
|
||||
AllowSnippetAnnotations bool `json:"allow-snippet-annotations"`
|
||||
|
||||
// AnnotationValueWordBlocklist defines words that should not be part of an user annotation value
|
||||
// (can be used to run arbitrary code or configs, for example) and that should be dropped.
|
||||
// This list should be separated by "," character
|
||||
AnnotationValueWordBlocklist string `json:"annotation-value-word-blocklist"`
|
||||
|
||||
// Sets the name of the configmap that contains the headers to pass to the client
|
||||
AddHeaders string `json:"add-headers,omitempty"`
|
||||
|
||||
|
|
@ -749,7 +758,6 @@ func NewDefault() Configuration {
|
|||
defNginxStatusIpv4Whitelist := make([]string, 0)
|
||||
defNginxStatusIpv6Whitelist := make([]string, 0)
|
||||
defResponseHeaders := make([]string, 0)
|
||||
|
||||
defIPCIDR = append(defIPCIDR, "0.0.0.0/0")
|
||||
defNginxStatusIpv4Whitelist = append(defNginxStatusIpv4Whitelist, "127.0.0.1")
|
||||
defNginxStatusIpv6Whitelist = append(defNginxStatusIpv6Whitelist, "::1")
|
||||
|
|
@ -757,7 +765,10 @@ func NewDefault() Configuration {
|
|||
defGlobalExternalAuth := GlobalExternalAuth{"", "", "", "", "", append(defResponseHeaders, ""), "", "", "", []string{}, map[string]string{}}
|
||||
|
||||
cfg := Configuration{
|
||||
|
||||
AllowSnippetAnnotations: true,
|
||||
AllowBackendServerHeader: false,
|
||||
AnnotationValueWordBlocklist: "",
|
||||
AccessLogPath: "/var/log/nginx/access.log",
|
||||
AccessLogParams: "",
|
||||
EnableAccessLogForDefaultBackend: false,
|
||||
|
|
|
|||
|
|
@ -235,27 +235,43 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
|
|||
return fmt.Errorf("This deployment is trying to create a catch-all ingress while DisableCatchAll flag is set to true. Remove '.spec.backend' or set DisableCatchAll flag to false.")
|
||||
}
|
||||
|
||||
if parser.AnnotationsPrefix != parser.DefaultAnnotationsPrefix {
|
||||
for key := range ing.ObjectMeta.GetAnnotations() {
|
||||
cfg := n.store.GetBackendConfiguration()
|
||||
cfg.Resolver = n.resolver
|
||||
|
||||
var arrayBadWords []string
|
||||
|
||||
if cfg.AnnotationValueWordBlocklist != "" {
|
||||
arrayBadWords = strings.Split(strings.TrimSpace(cfg.AnnotationValueWordBlocklist), ",")
|
||||
}
|
||||
|
||||
for key, value := range ing.ObjectMeta.GetAnnotations() {
|
||||
|
||||
if parser.AnnotationsPrefix != parser.DefaultAnnotationsPrefix {
|
||||
if strings.HasPrefix(key, fmt.Sprintf("%s/", parser.DefaultAnnotationsPrefix)) {
|
||||
return fmt.Errorf("This deployment has a custom annotation prefix defined. Use '%s' instead of '%s'", parser.AnnotationsPrefix, parser.DefaultAnnotationsPrefix)
|
||||
}
|
||||
}
|
||||
|
||||
if strings.HasPrefix(key, fmt.Sprintf("%s/", parser.AnnotationsPrefix)) && len(arrayBadWords) != 0 {
|
||||
for _, forbiddenvalue := range arrayBadWords {
|
||||
if strings.Contains(value, strings.TrimSpace(forbiddenvalue)) {
|
||||
return fmt.Errorf("%s annotation contains invalid word %s", key, forbiddenvalue)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !cfg.AllowSnippetAnnotations && strings.HasSuffix(key, "-snippet") {
|
||||
return fmt.Errorf("%s annotation cannot be used. Snippet directives are disabled by the Ingress administrator", key)
|
||||
}
|
||||
|
||||
if len(cfg.GlobalRateLimitMemcachedHost) == 0 && strings.HasPrefix(key, fmt.Sprintf("%s/%s", parser.AnnotationsPrefix, "global-rate-limit")) {
|
||||
return fmt.Errorf("'global-rate-limit*' annotations require 'global-rate-limit-memcached-host' settings configured in the global configmap")
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
k8s.SetDefaultNGINXPathType(ing)
|
||||
|
||||
cfg := n.store.GetBackendConfiguration()
|
||||
cfg.Resolver = n.resolver
|
||||
|
||||
if len(cfg.GlobalRateLimitMemcachedHost) == 0 {
|
||||
for key := range ing.ObjectMeta.GetAnnotations() {
|
||||
if strings.HasPrefix(key, fmt.Sprintf("%s/%s", parser.AnnotationsPrefix, "global-rate-limit")) {
|
||||
return fmt.Errorf("'global-rate-limit*' annotations require 'global-rate-limit-memcached-host' settings configured in the global configmap")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
allIngresses := n.store.ListIngresses()
|
||||
|
||||
filter := func(toCheck *ingress.Ingress) bool {
|
||||
|
|
@ -508,6 +524,30 @@ func (n *NGINXController) getConfiguration(ingresses []*ingress.Ingress) (sets.S
|
|||
}
|
||||
}
|
||||
|
||||
func dropSnippetDirectives(anns *annotations.Ingress, ingKey string) {
|
||||
if anns != nil {
|
||||
if anns.ConfigurationSnippet != "" {
|
||||
klog.V(3).Infof("Ingress %q tried to use configuration-snippet and the annotation is disabled by the admin. Removing the annotation", ingKey)
|
||||
anns.ConfigurationSnippet = ""
|
||||
}
|
||||
if anns.ServerSnippet != "" {
|
||||
klog.V(3).Infof("Ingress %q tried to use server-snippet and the annotation is disabled by the admin. Removing the annotation", ingKey)
|
||||
anns.ServerSnippet = ""
|
||||
}
|
||||
|
||||
if anns.ModSecurity.Snippet != "" {
|
||||
klog.V(3).Infof("Ingress %q tried to use modsecurity-snippet and the annotation is disabled by the admin. Removing the annotation", ingKey)
|
||||
anns.ModSecurity.Snippet = ""
|
||||
}
|
||||
|
||||
if anns.ExternalAuth.AuthSnippet != "" {
|
||||
klog.V(3).Infof("Ingress %q tried to use auth-snippet and the annotation is disabled by the admin. Removing the annotation", ingKey)
|
||||
anns.ExternalAuth.AuthSnippet = ""
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// getBackendServers returns a list of Upstream and Server to be used by the
|
||||
// backend. An upstream can be used in multiple servers if the namespace,
|
||||
// service name and port are the same.
|
||||
|
|
@ -522,6 +562,10 @@ func (n *NGINXController) getBackendServers(ingresses []*ingress.Ingress) ([]*in
|
|||
ingKey := k8s.MetaNamespaceKey(ing)
|
||||
anns := ing.ParsedAnnotations
|
||||
|
||||
if !n.store.GetBackendConfiguration().AllowSnippetAnnotations {
|
||||
dropSnippetDirectives(anns, ingKey)
|
||||
}
|
||||
|
||||
for _, rule := range ing.Spec.Rules {
|
||||
host := rule.Host
|
||||
if host == "" {
|
||||
|
|
@ -789,6 +833,11 @@ func (n *NGINXController) createUpstreams(data []*ingress.Ingress, du *ingress.B
|
|||
|
||||
for _, ing := range data {
|
||||
anns := ing.ParsedAnnotations
|
||||
ingKey := k8s.MetaNamespaceKey(ing)
|
||||
|
||||
if !n.store.GetBackendConfiguration().AllowSnippetAnnotations {
|
||||
dropSnippetDirectives(anns, ingKey)
|
||||
}
|
||||
|
||||
var defBackend string
|
||||
if ing.Spec.Backend != nil {
|
||||
|
|
@ -1069,6 +1118,10 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
|
|||
ingKey := k8s.MetaNamespaceKey(ing)
|
||||
anns := ing.ParsedAnnotations
|
||||
|
||||
if !n.store.GetBackendConfiguration().AllowSnippetAnnotations {
|
||||
dropSnippetDirectives(anns, ingKey)
|
||||
}
|
||||
|
||||
// default upstream name
|
||||
un := du.Name
|
||||
|
||||
|
|
@ -1145,6 +1198,10 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
|
|||
ingKey := k8s.MetaNamespaceKey(ing)
|
||||
anns := ing.ParsedAnnotations
|
||||
|
||||
if !n.store.GetBackendConfiguration().AllowSnippetAnnotations {
|
||||
dropSnippetDirectives(anns, ingKey)
|
||||
}
|
||||
|
||||
if anns.Canary.Enabled {
|
||||
klog.V(2).Infof("Ingress %v is marked as Canary, ignoring", ingKey)
|
||||
continue
|
||||
|
|
@ -1638,7 +1695,7 @@ func checkOverlap(ing *networking.Ingress, ingresses []*ingress.Ingress, servers
|
|||
return fmt.Errorf(`host "%s" and path "%s" is already defined in ingress %s/%s`, rule.Host, path.Path, existing.Namespace, existing.Name)
|
||||
}
|
||||
|
||||
if annotationErr == errors.ErrMissingAnnotations && existingAnnotationErr == existingAnnotationErr {
|
||||
if annotationErr == errors.ErrMissingAnnotations && existingAnnotationErr == errors.ErrMissingAnnotations {
|
||||
return fmt.Errorf(`host "%s" and path "%s" is already defined in ingress %s/%s`, rule.Host, path.Path, existing.Namespace, existing.Name)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ import (
|
|||
"k8s.io/ingress-nginx/internal/ingress"
|
||||
"k8s.io/ingress-nginx/internal/ingress/annotations"
|
||||
"k8s.io/ingress-nginx/internal/ingress/annotations/canary"
|
||||
"k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist"
|
||||
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
|
||||
"k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl"
|
||||
"k8s.io/ingress-nginx/internal/ingress/annotations/sessionaffinity"
|
||||
|
|
@ -56,11 +57,12 @@ import (
|
|||
)
|
||||
|
||||
type fakeIngressStore struct {
|
||||
ingresses []*ingress.Ingress
|
||||
ingresses []*ingress.Ingress
|
||||
configuration ngx_config.Configuration
|
||||
}
|
||||
|
||||
func (fakeIngressStore) GetBackendConfiguration() ngx_config.Configuration {
|
||||
return ngx_config.Configuration{}
|
||||
func (fis fakeIngressStore) GetBackendConfiguration() ngx_config.Configuration {
|
||||
return fis.configuration
|
||||
}
|
||||
|
||||
func (fakeIngressStore) GetConfigMap(key string) (*corev1.ConfigMap, error) {
|
||||
|
|
@ -246,6 +248,9 @@ func TestCheckIngress(t *testing.T) {
|
|||
})
|
||||
|
||||
t.Run("When the default annotation prefix is used despite an override", func(t *testing.T) {
|
||||
defer func() {
|
||||
parser.AnnotationsPrefix = "nginx.ingress.kubernetes.io"
|
||||
}()
|
||||
parser.AnnotationsPrefix = "ingress.kubernetes.io"
|
||||
ing.ObjectMeta.Annotations["nginx.ingress.kubernetes.io/backend-protocol"] = "GRPC"
|
||||
nginx.command = testNginxTestCommand{
|
||||
|
|
@ -257,6 +262,44 @@ func TestCheckIngress(t *testing.T) {
|
|||
}
|
||||
})
|
||||
|
||||
t.Run("When snippets are disabled and user tries to use snippet annotation", func(t *testing.T) {
|
||||
nginx.store = fakeIngressStore{
|
||||
ingresses: []*ingress.Ingress{},
|
||||
configuration: ngx_config.Configuration{
|
||||
AllowSnippetAnnotations: false,
|
||||
},
|
||||
}
|
||||
nginx.command = testNginxTestCommand{
|
||||
t: t,
|
||||
err: nil,
|
||||
}
|
||||
ing.ObjectMeta.Annotations["nginx.ingress.kubernetes.io/server-snippet"] = "bla"
|
||||
if err := nginx.CheckIngress(ing); err == nil {
|
||||
t.Errorf("with a snippet annotation, ingresses using the default should be rejected")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("When invalid directives are used in annotation values", func(t *testing.T) {
|
||||
nginx.store = fakeIngressStore{
|
||||
ingresses: []*ingress.Ingress{},
|
||||
configuration: ngx_config.Configuration{
|
||||
AnnotationValueWordBlocklist: "invalid_directive, another_directive",
|
||||
},
|
||||
}
|
||||
nginx.command = testNginxTestCommand{
|
||||
t: t,
|
||||
err: nil,
|
||||
}
|
||||
ing.ObjectMeta.Annotations["nginx.ingress.kubernetes.io/custom-headers"] = "invalid_directive"
|
||||
if err := nginx.CheckIngress(ing); err == nil {
|
||||
t.Errorf("with an invalid value in annotation the ingress should be rejected")
|
||||
}
|
||||
ing.ObjectMeta.Annotations["nginx.ingress.kubernetes.io/custom-headers"] = "another_directive"
|
||||
if err := nginx.CheckIngress(ing); err == nil {
|
||||
t.Errorf("with an invalid value in annotation the ingress should be rejected")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("When a new catch-all ingress is being created despite catch-alls being disabled ", func(t *testing.T) {
|
||||
backendBefore := ing.Spec.Backend
|
||||
disableCatchAllBefore := nginx.cfg.DisableCatchAll
|
||||
|
|
@ -284,6 +327,9 @@ func TestCheckIngress(t *testing.T) {
|
|||
})
|
||||
|
||||
t.Run("When the ingress is in a different namespace than the watched one", func(t *testing.T) {
|
||||
defer func() {
|
||||
nginx.cfg.Namespace = "test-namespace"
|
||||
}()
|
||||
nginx.command = testNginxTestCommand{
|
||||
t: t,
|
||||
err: fmt.Errorf("test error"),
|
||||
|
|
@ -2075,6 +2121,83 @@ func TestGetBackendServers(t *testing.T) {
|
|||
}
|
||||
},
|
||||
},
|
||||
{
|
||||
Ingresses: []*ingress.Ingress{
|
||||
{
|
||||
Ingress: networking.Ingress{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "not-allowed-snippet",
|
||||
Namespace: "default",
|
||||
Annotations: map[string]string{
|
||||
"nginx.ingress.kubernetes.io/server-snippet": "bla",
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": "blo",
|
||||
"nginx.ingress.kubernetes.io/whitelist-source-range": "10.0.0.0/24",
|
||||
},
|
||||
},
|
||||
Spec: networking.IngressSpec{
|
||||
Rules: []networking.IngressRule{
|
||||
{
|
||||
Host: "example.com",
|
||||
IngressRuleValue: networking.IngressRuleValue{
|
||||
HTTP: &networking.HTTPIngressRuleValue{
|
||||
Paths: []networking.HTTPIngressPath{
|
||||
{
|
||||
Path: "/path1",
|
||||
PathType: &pathTypePrefix,
|
||||
Backend: networking.IngressBackend{
|
||||
ServiceName: "path1-svc",
|
||||
ServicePort: intstr.IntOrString{
|
||||
Type: intstr.Int,
|
||||
IntVal: 80,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
ParsedAnnotations: &annotations.Ingress{
|
||||
Whitelist: ipwhitelist.SourceRange{CIDR: []string{"10.0.0.0/24"}},
|
||||
ServerSnippet: "bla",
|
||||
ConfigurationSnippet: "blo",
|
||||
},
|
||||
},
|
||||
},
|
||||
Validate: func(ingresses []*ingress.Ingress, upstreams []*ingress.Backend, servers []*ingress.Server) {
|
||||
if len(servers) != 2 {
|
||||
t.Errorf("servers count should be 2, got %d", len(servers))
|
||||
return
|
||||
}
|
||||
s := servers[1]
|
||||
|
||||
if s.ServerSnippet != "" {
|
||||
t.Errorf("server snippet should be empty, got '%s'", s.ServerSnippet)
|
||||
}
|
||||
|
||||
if s.Locations[0].ConfigurationSnippet != "" {
|
||||
t.Errorf("config snippet should be empty, got '%s'", s.Locations[0].ConfigurationSnippet)
|
||||
}
|
||||
|
||||
if len(s.Locations[0].Whitelist.CIDR) != 1 || s.Locations[0].Whitelist.CIDR[0] != "10.0.0.0/24" {
|
||||
t.Errorf("allow list was incorrectly dropped, len should be 1 and contain 10.0.0.0/24")
|
||||
}
|
||||
|
||||
},
|
||||
SetConfigMap: func(ns string) *v1.ConfigMap {
|
||||
return &v1.ConfigMap{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "config",
|
||||
SelfLink: fmt.Sprintf("/api/v1/namespaces/%s/configmaps/config", ns),
|
||||
},
|
||||
Data: map[string]string{
|
||||
"allow-snippet-annotations": "false",
|
||||
},
|
||||
}
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, testCase := range testCases {
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import (
|
|||
"os"
|
||||
"reflect"
|
||||
"sort"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
|
|
@ -630,6 +631,21 @@ func hasCatchAllIngressRule(spec networkingv1beta1.IngressSpec) bool {
|
|||
return spec.Backend != nil
|
||||
}
|
||||
|
||||
func checkBadAnnotationValue(annotations map[string]string, badwords string) error {
|
||||
arraybadWords := strings.Split(strings.TrimSpace(badwords), ",")
|
||||
|
||||
for annotation, value := range annotations {
|
||||
if strings.HasPrefix(annotation, fmt.Sprintf("%s/", parser.AnnotationsPrefix)) {
|
||||
for _, forbiddenvalue := range arraybadWords {
|
||||
if strings.Contains(value, forbiddenvalue) {
|
||||
return fmt.Errorf("%s annotation contains invalid word %s", annotation, forbiddenvalue)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// syncIngress parses ingress annotations converting the value of the
|
||||
// annotation to a go struct
|
||||
func (s *k8sStore) syncIngress(ing *networkingv1beta1.Ingress) {
|
||||
|
|
@ -638,6 +654,14 @@ func (s *k8sStore) syncIngress(ing *networkingv1beta1.Ingress) {
|
|||
|
||||
copyIng := &networkingv1beta1.Ingress{}
|
||||
ing.ObjectMeta.DeepCopyInto(©Ing.ObjectMeta)
|
||||
|
||||
if s.backendConfig.AnnotationValueWordBlocklist != "" {
|
||||
if err := checkBadAnnotationValue(copyIng.Annotations, s.backendConfig.AnnotationValueWordBlocklist); err != nil {
|
||||
klog.Warningf("skipping ingress %s: %s", key, err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
ing.Spec.DeepCopyInto(©Ing.Spec)
|
||||
ing.Status.DeepCopyInto(©Ing.Status)
|
||||
|
||||
|
|
|
|||
|
|
@ -62,6 +62,9 @@ const (
|
|||
|
||||
// Writer is the interface to render a template
|
||||
type Writer interface {
|
||||
// Write renders the template.
|
||||
// NOTE: Implementors must ensure that the content of the returned slice is not modified by the implementation
|
||||
// after the return of this function.
|
||||
Write(conf config.TemplateConfig) ([]byte, error)
|
||||
}
|
||||
|
||||
|
|
@ -201,7 +204,12 @@ func (t *Template) Write(conf config.TemplateConfig) ([]byte, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
return outCmdBuf.Bytes(), nil
|
||||
// make a copy to ensure that we are no longer modifying the content of the buffer
|
||||
out := outCmdBuf.Bytes()
|
||||
res := make([]byte, len(out))
|
||||
copy(res, out)
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
var (
|
||||
|
|
@ -1103,7 +1111,7 @@ func buildOpentracing(c interface{}, s interface{}) string {
|
|||
buf := bytes.NewBufferString("")
|
||||
|
||||
if cfg.DatadogCollectorHost != "" {
|
||||
buf.WriteString("opentracing_load_tracer /usr/local/lib64/libdd_opentracing.so /etc/nginx/opentracing.json;")
|
||||
buf.WriteString("opentracing_load_tracer /usr/local/lib/libdd_opentracing.so /etc/nginx/opentracing.json;")
|
||||
} else if cfg.ZipkinCollectorHost != "" {
|
||||
buf.WriteString("opentracing_load_tracer /usr/local/lib/libzipkin_opentracing_plugin.so /etc/nginx/opentracing.json;")
|
||||
} else if cfg.JaegerCollectorHost != "" || cfg.JaegerEndpoint != "" {
|
||||
|
|
|
|||
|
|
@ -1288,7 +1288,7 @@ func TestBuildOpenTracing(t *testing.T) {
|
|||
EnableOpentracing: true,
|
||||
DatadogCollectorHost: "datadog-host.com",
|
||||
}
|
||||
expected = "opentracing_load_tracer /usr/local/lib64/libdd_opentracing.so /etc/nginx/opentracing.json;\r\n"
|
||||
expected = "opentracing_load_tracer /usr/local/lib/libdd_opentracing.so /etc/nginx/opentracing.json;\r\n"
|
||||
actual = buildOpentracing(cfgDatadog, []*ingress.Server{})
|
||||
|
||||
if expected != actual {
|
||||
|
|
@ -1312,7 +1312,7 @@ func TestBuildOpenTracing(t *testing.T) {
|
|||
OpentracingOperationName: "my-operation-name",
|
||||
OpentracingLocationOperationName: "my-location-operation-name",
|
||||
}
|
||||
expected = "opentracing_load_tracer /usr/local/lib64/libdd_opentracing.so /etc/nginx/opentracing.json;\r\n"
|
||||
expected = "opentracing_load_tracer /usr/local/lib/libdd_opentracing.so /etc/nginx/opentracing.json;\r\n"
|
||||
expected += "opentracing_operation_name \"my-operation-name\";\n"
|
||||
expected += "opentracing_location_operation_name \"my-location-operation-name\";\n"
|
||||
actual = buildOpentracing(cfgOpenTracing, []*ingress.Server{})
|
||||
|
|
|
|||
|
|
@ -215,8 +215,21 @@ func (s *statusSync) runningAddresses() ([]string, error) {
|
|||
}
|
||||
|
||||
func (s *statusSync) isRunningMultiplePods() bool {
|
||||
|
||||
// As a standard, app.kubernetes.io are "reserved well-known" labels.
|
||||
// In our case, we add those labels as identifiers of the Ingress
|
||||
// deployment in this namespace, so we can select it as a set of Ingress instances.
|
||||
// As those labels are also generated as part of a HELM deployment, we can be "safe" they
|
||||
// cover 95% of the cases
|
||||
podLabel := make(map[string]string)
|
||||
for k, v := range k8s.IngressPodDetails.Labels {
|
||||
if k != "pod-template-hash" && k != "controller-revision-hash" && k != "pod-template-generation" {
|
||||
podLabel[k] = v
|
||||
}
|
||||
}
|
||||
|
||||
pods, err := s.Client.CoreV1().Pods(k8s.IngressPodDetails.Namespace).List(context.TODO(), metav1.ListOptions{
|
||||
LabelSelector: labels.SelectorFromSet(k8s.IngressPodDetails.Labels).String(),
|
||||
LabelSelector: labels.SelectorFromSet(podLabel).String(),
|
||||
})
|
||||
if err != nil {
|
||||
return false
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
//go:build linux
|
||||
// +build linux
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
//go:build !linux
|
||||
// +build !linux
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -429,7 +429,7 @@ http {
|
|||
|
||||
# turn on session caching to drastically improve performance
|
||||
{{ if $cfg.SSLSessionCache }}
|
||||
ssl_session_cache builtin:1000 shared:SSL:{{ $cfg.SSLSessionCacheSize }};
|
||||
ssl_session_cache shared:SSL:{{ $cfg.SSLSessionCacheSize }};
|
||||
ssl_session_timeout {{ $cfg.SSLSessionTimeout }};
|
||||
{{ end }}
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
controller-v0.49.0
|
||||
controller-v0.51.0
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20210810-g820a21a74@sha256:7d7393a8c6c72d76145282df53ea0679a5b769211fd1cd6b8910b6dda1bd986d AS BASE
|
||||
FROM k8s.gcr.io/ingress-nginx/e2e-test-runner:v20210822-g5e5faa24d@sha256:55c568d9e35e15d94b3ab41fe549b8ee4cd910cc3e031ddcccd06256755c5d89 AS BASE
|
||||
|
||||
FROM alpine:3.12
|
||||
|
||||
|
|
|
|||
|
|
@ -146,6 +146,34 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() {
|
|||
}
|
||||
})
|
||||
|
||||
ginkgo.It("should return an error if there is an invalid value in some annotation", func() {
|
||||
host := "admission-test"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/connection-proxy-header": "a;}",
|
||||
}
|
||||
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "}")
|
||||
|
||||
firstIngress := framework.NewSingleIngress("first-ingress", "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
_, err := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
|
||||
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error")
|
||||
})
|
||||
|
||||
ginkgo.It("should return an error if there is a forbidden value in some annotation", func() {
|
||||
host := "admission-test"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/connection-proxy-header": "set_by_lua",
|
||||
}
|
||||
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "set_by_lua")
|
||||
|
||||
firstIngress := framework.NewSingleIngress("first-ingress", "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
_, err := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
|
||||
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error")
|
||||
})
|
||||
|
||||
ginkgo.It("should not return an error if the Ingress V1 definition is valid", func() {
|
||||
if !f.IsIngressV1Ready {
|
||||
ginkgo.Skip("Test requires Kubernetes v1.19 or higher")
|
||||
|
|
@ -178,6 +206,17 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() {
|
|||
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid configuration should return an error")
|
||||
}
|
||||
})
|
||||
|
||||
ginkgo.It("should return an error if there is an invalid value in some annotation", func() {
|
||||
host := "admission-test"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/connection-proxy-header": "a;}",
|
||||
}
|
||||
firstIngress := framework.NewSingleIngress("first-ingress", "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
_, err := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
|
||||
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error")
|
||||
})
|
||||
})
|
||||
|
||||
func uninstallChart(f *framework.Framework) error {
|
||||
|
|
|
|||
|
|
@ -40,6 +40,11 @@ var _ = framework.DescribeAnnotation("annotation-global-rate-limit", func() {
|
|||
annotations["nginx.ingress.kubernetes.io/global-rate-limit"] = "5"
|
||||
annotations["nginx.ingress.kubernetes.io/global-rate-limit-window"] = "2m"
|
||||
|
||||
// We need to allow { and } characters for this annotation to work
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "load_module, lua_package, _by_lua, location, root")
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
ing = f.EnsureIngress(ing)
|
||||
namespace := strings.Replace(string(ing.UID), "-", "", -1)
|
||||
|
|
|
|||
|
|
@ -165,7 +165,9 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
|
|||
"nginx.ingress.kubernetes.io/enable-modsecurity": "true",
|
||||
"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
|
||||
}
|
||||
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "load_module, lua_package, _by_lua, location, root, {, }")
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
ing := framework.NewSingleIngress(host, "/", host, nameSpace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
|
|
@ -198,7 +200,9 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
|
|||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
|
||||
}
|
||||
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "load_module, lua_package, _by_lua, location, root, {, }")
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
ing := framework.NewSingleIngress(host, "/", host, nameSpace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
|
|
@ -232,7 +236,9 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
|
|||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
|
||||
}
|
||||
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "load_module, lua_package, _by_lua, location, root, {, }")
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
ing := framework.NewSingleIngress(host, "/", host, nameSpace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
|
|
@ -268,7 +274,9 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
|
|||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
|
||||
}
|
||||
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "load_module, lua_package, _by_lua, location, root, {, }")
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
ing := framework.NewSingleIngress(host, "/", host, nameSpace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
|
|
@ -282,7 +290,7 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return true
|
||||
return strings.Contains(server, "SecRequestBodyAccess On")
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -292,4 +300,46 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
|
|||
Expect().
|
||||
Status(http.StatusForbidden)
|
||||
})
|
||||
|
||||
ginkgo.It("should enable modsecurity through the config map but ignore snippet as disabled by admin", func() {
|
||||
host := "modsecurity.foo.com"
|
||||
nameSpace := f.Namespace
|
||||
|
||||
snippet := `SecRequestBodyAccess On
|
||||
SecAuditEngine RelevantOnly
|
||||
SecAuditLogParts ABIJDEFHZ
|
||||
SecAuditLog /dev/stdout
|
||||
SecAuditLogType Serial
|
||||
SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
|
||||
}
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "load_module, lua_package, _by_lua, location, root, {, }")
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
ing := framework.NewSingleIngress(host, "/", host, nameSpace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
expectedComment := "SecRuleEngine On"
|
||||
|
||||
f.SetNginxConfigMapData(map[string]string{
|
||||
"enable-modsecurity": "true",
|
||||
"enable-owasp-modsecurity-crs": "true",
|
||||
"allow-snippet-annotations": "false",
|
||||
"modsecurity-snippet": expectedComment,
|
||||
})
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return !strings.Contains(server, "block-ua")
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
WithHeader("User-Agent", "block-ua").
|
||||
Expect().
|
||||
Status(http.StatusOK)
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||
package annotations
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
|
|
@ -35,8 +36,8 @@ var _ = framework.DescribeAnnotation("server-snippet", func() {
|
|||
host := "serversnippet.foo.com"
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/server-snippet": `
|
||||
more_set_headers "Content-Length: $content_length";
|
||||
more_set_headers "Content-Type: $content_type";`,
|
||||
more_set_headers "Foo: Bar";
|
||||
more_set_headers "Xpto: Lalala";`,
|
||||
}
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
|
|
@ -44,8 +45,50 @@ var _ = framework.DescribeAnnotation("server-snippet", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, `more_set_headers "Content-Length: $content_length`) &&
|
||||
strings.Contains(server, `more_set_headers "Content-Type: $content_type";`)
|
||||
return strings.Contains(server, `more_set_headers "Foo: Bar`) &&
|
||||
strings.Contains(server, `more_set_headers "Xpto: Lalala";`)
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK).Headers().
|
||||
ValueEqual("Foo", []string{"Bar"}).
|
||||
ValueEqual("Xpto", []string{"Lalala"})
|
||||
})
|
||||
|
||||
ginkgo.It(`drops server snippet if disabled by the administrator`, func() {
|
||||
host := "noserversnippet.foo.com"
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/server-snippet": `
|
||||
more_set_headers "Foo: Bar";
|
||||
more_set_headers "Xpto: Lalala";`,
|
||||
}
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.UpdateNginxConfigMapData("allow-snippet-annotations", "false")
|
||||
defer func() {
|
||||
// Return to the original value
|
||||
f.UpdateNginxConfigMapData("allow-snippet-annotations", "true")
|
||||
}()
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return !strings.Contains(server, `more_set_headers "Foo: Bar`) &&
|
||||
!strings.Contains(server, `more_set_headers "Xpto: Lalala";`)
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK).Headers().
|
||||
NotContainsKey("Foo").
|
||||
NotContainsKey("Xpto")
|
||||
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||
package annotations
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
|
|
@ -31,11 +32,11 @@ var _ = framework.DescribeAnnotation("configuration-snippet", func() {
|
|||
f.NewEchoDeployment()
|
||||
})
|
||||
|
||||
ginkgo.It(`set snippet "more_set_headers "Request-Id: $req_id";" in all locations"`, func() {
|
||||
ginkgo.It(`set snippet "more_set_headers "Foo1: Bar1";" in all locations"`, func() {
|
||||
host := "configurationsnippet.foo.com"
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `
|
||||
more_set_headers "Request-Id: $req_id";`,
|
||||
more_set_headers "Foo1: Bar1";`,
|
||||
}
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
|
|
@ -43,7 +44,44 @@ var _ = framework.DescribeAnnotation("configuration-snippet", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, `more_set_headers "Request-Id: $req_id";`)
|
||||
return strings.Contains(server, `more_set_headers "Foo1: Bar1";`)
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK).Headers().
|
||||
ValueEqual("Foo1", []string{"Bar1"})
|
||||
})
|
||||
|
||||
ginkgo.It(`drops snippet "more_set_headers "Foo1: Bar1";" in all locations if disabled by admin"`, func() {
|
||||
host := "noconfigurationsnippet.foo.com"
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `
|
||||
more_set_headers "Foo1: Bar1";`,
|
||||
}
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.UpdateNginxConfigMapData("allow-snippet-annotations", "false")
|
||||
defer func() {
|
||||
// Return to the original value
|
||||
f.UpdateNginxConfigMapData("allow-snippet-annotations", "true")
|
||||
}()
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return !strings.Contains(server, `more_set_headers "Foo1: Bar1";`)
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK).Headers().
|
||||
NotContainsKey("Foo1")
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ const SlowEchoService = "slow-echo"
|
|||
const HTTPBinService = "httpbin"
|
||||
|
||||
// NginxBaseImage use for testing
|
||||
const NginxBaseImage = "k8s.gcr.io/ingress-nginx/nginx:v20210809-g98288bc3c@sha256:f9363669cf26514c9548c1fe4f8f4e2f58dfb76616bcd638a0ff7f0ec3457c17"
|
||||
const NginxBaseImage = "k8s.gcr.io/ingress-nginx/nginx:5402d35663917ccbbf77ff48a22b8c6f77097f48@sha256:ec8a104df307f5c6d68157b7ac8e5e1e2c2f0ea07ddf25bb1c6c43c67e351180"
|
||||
|
||||
// NewEchoDeployment creates a new single replica deployment of the echoserver image in a particular namespace
|
||||
func (f *Framework) NewEchoDeployment() {
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ const (
|
|||
Poll = 2 * time.Second
|
||||
|
||||
// DefaultTimeout time to wait for operations to complete
|
||||
DefaultTimeout = 5 * time.Minute
|
||||
DefaultTimeout = 90 * time.Second
|
||||
)
|
||||
|
||||
func nowStamp() string {
|
||||
|
|
|
|||
|
|
@ -44,14 +44,14 @@ var _ = framework.IngressNginxDescribe("[Ingress] [PathType] mix Exact and Prefi
|
|||
host := "mixed.path"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_input_headers "pathType: exact";more_set_input_headers "pathlocation: /";`,
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_input_headers "pathType: exact";more_set_input_headers "pathheader: /";`,
|
||||
}
|
||||
ing := framework.NewSingleIngress("exact-root", "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &exactPathType
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
annotations = map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_input_headers "pathType: prefix";more_set_input_headers "pathlocation: /";`,
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_input_headers "pathType: prefix";more_set_input_headers "pathheader: /";`,
|
||||
}
|
||||
ing = framework.NewSingleIngress("prefix-root", "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
|
@ -74,7 +74,7 @@ var _ = framework.IngressNginxDescribe("[Ingress] [PathType] mix Exact and Prefi
|
|||
|
||||
assert.NotContains(ginkgo.GinkgoT(), body, "pathtype=prefix")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathtype=exact")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathlocation=/")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathheader=/")
|
||||
|
||||
ginkgo.By("Checking prefix request to /bar")
|
||||
body = f.HTTPTestClient().
|
||||
|
|
@ -87,17 +87,17 @@ var _ = framework.IngressNginxDescribe("[Ingress] [PathType] mix Exact and Prefi
|
|||
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathtype=prefix")
|
||||
assert.NotContains(ginkgo.GinkgoT(), body, "pathtype=exact")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathlocation=/")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathheader=/")
|
||||
|
||||
annotations = map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_input_headers "pathType: exact";more_set_input_headers "pathlocation: /foo";`,
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_input_headers "pathType: exact";more_set_input_headers "pathheader: /foo";`,
|
||||
}
|
||||
ing = framework.NewSingleIngress("exact-foo", "/foo", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
ing.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &exactPathType
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
annotations = map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_input_headers "pathType: prefix";more_set_input_headers "pathlocation: /foo";`,
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `more_set_input_headers "pathType: prefix";more_set_input_headers "pathheader: /foo";`,
|
||||
}
|
||||
ing = framework.NewSingleIngress("prefix-foo", "/foo", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing)
|
||||
|
|
@ -120,7 +120,7 @@ var _ = framework.IngressNginxDescribe("[Ingress] [PathType] mix Exact and Prefi
|
|||
|
||||
assert.NotContains(ginkgo.GinkgoT(), body, "pathtype=prefix")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathtype=exact")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathlocation=/foo")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathheader=/foo")
|
||||
|
||||
ginkgo.By("Checking prefix request to /foo/bar")
|
||||
body = f.HTTPTestClient().
|
||||
|
|
@ -132,7 +132,7 @@ var _ = framework.IngressNginxDescribe("[Ingress] [PathType] mix Exact and Prefi
|
|||
Raw()
|
||||
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathtype=prefix")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathlocation=/foo")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathheader=/foo")
|
||||
|
||||
ginkgo.By("Checking prefix request to /foobar")
|
||||
body = f.HTTPTestClient().
|
||||
|
|
@ -144,6 +144,6 @@ var _ = framework.IngressNginxDescribe("[Ingress] [PathType] mix Exact and Prefi
|
|||
Raw()
|
||||
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathtype=prefix")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathlocation=/")
|
||||
assert.Contains(ginkgo.GinkgoT(), body, "pathheader=/")
|
||||
})
|
||||
})
|
||||
|
|
|
|||
164
test/e2e/settings/badannotationvalues.go
Normal file
164
test/e2e/settings/badannotationvalues.go
Normal file
|
|
@ -0,0 +1,164 @@
|
|||
/*
|
||||
Copyright 2021 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package settings
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
|
||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||
)
|
||||
|
||||
var _ = framework.DescribeAnnotation("Bad annotation values", func() {
|
||||
f := framework.NewDefaultFramework("bad-annotation")
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
f.NewEchoDeployment()
|
||||
})
|
||||
|
||||
ginkgo.It("[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation", func() {
|
||||
host := "invalid-value-test"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `
|
||||
# abc { }`,
|
||||
}
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.UpdateNginxConfigMapData("allow-snippet-annotations", "true")
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "something_forbidden,otherthing_forbidden,{")
|
||||
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return !strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return !strings.Contains(server, "# abc { }")
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusNotFound)
|
||||
})
|
||||
|
||||
ginkgo.It("[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation", func() {
|
||||
host := "forbidden-value-test"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `
|
||||
default_type text/plain;
|
||||
content_by_lua_block {
|
||||
ngx.say("Hello World")
|
||||
}`,
|
||||
}
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.UpdateNginxConfigMapData("allow-snippet-annotations", "true")
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "something_forbidden,otherthing_forbidden,content_by_lua_block")
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return !strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return !strings.Contains(server, `ngx.say("Hello World")`)
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusNotFound)
|
||||
})
|
||||
|
||||
ginkgo.It("[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place", func() {
|
||||
|
||||
hostValid := "custom-allowed-value-test"
|
||||
annotationsValid := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `
|
||||
# bla_by_lua`,
|
||||
}
|
||||
|
||||
ingValid := framework.NewSingleIngress(hostValid, "/", hostValid, f.Namespace, framework.EchoService, 80, annotationsValid)
|
||||
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
f.EnsureIngress(ingValid)
|
||||
|
||||
f.WaitForNginxServer(hostValid,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s ;", hostValid))
|
||||
})
|
||||
|
||||
f.WaitForNginxServer(hostValid,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, "# bla_by_lua")
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", hostValid).
|
||||
Expect().
|
||||
Status(http.StatusOK)
|
||||
})
|
||||
|
||||
ginkgo.It("[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass", func() {
|
||||
host := "custom-forbidden-value-test"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": `
|
||||
# something_forbidden`,
|
||||
}
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "something_forbidden,otherthing_forbidden")
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return !strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return !strings.Contains(server, "# something_forbidden")
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusNotFound)
|
||||
|
||||
})
|
||||
})
|
||||
149
test/e2e/settings/server_snippet.go
Normal file
149
test/e2e/settings/server_snippet.go
Normal file
|
|
@ -0,0 +1,149 @@
|
|||
/*
|
||||
Copyright 2021 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package settings
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
|
||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||
)
|
||||
|
||||
var _ = framework.DescribeSetting("configmap server-snippet", func() {
|
||||
f := framework.NewDefaultFramework("cm-server-snippet")
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
f.NewEchoDeployment()
|
||||
})
|
||||
|
||||
ginkgo.It("should add value of server-snippet setting to all ingress config", func() {
|
||||
host := "serverglobalsnippet1.foo.com"
|
||||
hostAnnots := "serverannotssnippet1.foo.com"
|
||||
|
||||
f.SetNginxConfigMapData(map[string]string{
|
||||
"server-snippet": `
|
||||
more_set_headers "Globalfoo: Foooo";`,
|
||||
})
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/server-snippet": `
|
||||
more_set_headers "Foo: Bar";
|
||||
more_set_headers "Xpto: Lalala";`,
|
||||
}
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
ing1 := framework.NewSingleIngress(hostAnnots, "/", hostAnnots, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing1)
|
||||
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, `more_set_headers "Globalfoo: Foooo`) &&
|
||||
!strings.Contains(server, `more_set_headers "Foo: Bar";`) &&
|
||||
!strings.Contains(server, `more_set_headers "Xpto: Lalala";`)
|
||||
})
|
||||
|
||||
f.WaitForNginxServer(hostAnnots,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, `more_set_headers "Globalfoo: Foooo`) &&
|
||||
strings.Contains(server, `more_set_headers "Foo: Bar";`) &&
|
||||
strings.Contains(server, `more_set_headers "Xpto: Lalala";`)
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK).Headers().
|
||||
ValueEqual("Globalfoo", []string{"Foooo"}).
|
||||
NotContainsKey("Foo").
|
||||
NotContainsKey("Xpto")
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", hostAnnots).
|
||||
Expect().
|
||||
Status(http.StatusOK).Headers().
|
||||
ValueEqual("Foo", []string{"Bar"}).
|
||||
ValueEqual("Xpto", []string{"Lalala"}).
|
||||
ValueEqual("Globalfoo", []string{"Foooo"})
|
||||
})
|
||||
|
||||
ginkgo.It("should add global server-snippet and drop annotations per admin config", func() {
|
||||
host := "serverglobalsnippet2.foo.com"
|
||||
hostAnnots := "serverannotssnippet2.foo.com"
|
||||
|
||||
f.SetNginxConfigMapData(map[string]string{
|
||||
"allow-snippet-annotations": "false",
|
||||
"server-snippet": `
|
||||
more_set_headers "Globalfoo: Foooo";`,
|
||||
})
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/server-snippet": `
|
||||
more_set_headers "Foo: Bar";
|
||||
more_set_headers "Xpto: Lalala";`,
|
||||
}
|
||||
|
||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
|
||||
f.EnsureIngress(ing)
|
||||
|
||||
ing1 := framework.NewSingleIngress(hostAnnots, "/", hostAnnots, f.Namespace, framework.EchoService, 80, annotations)
|
||||
f.EnsureIngress(ing1)
|
||||
|
||||
// Sleep a while just to guarantee that the configmap is applied
|
||||
framework.Sleep()
|
||||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, `more_set_headers "Globalfoo: Foooo`) &&
|
||||
!strings.Contains(server, `more_set_headers "Foo: Bar";`) &&
|
||||
!strings.Contains(server, `more_set_headers "Xpto: Lalala";`)
|
||||
})
|
||||
|
||||
f.WaitForNginxServer(hostAnnots,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, `more_set_headers "Globalfoo: Foooo`) &&
|
||||
!strings.Contains(server, `more_set_headers "Foo: Bar";`) &&
|
||||
!strings.Contains(server, `more_set_headers "Xpto: Lalala";`)
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", host).
|
||||
Expect().
|
||||
Status(http.StatusOK).Headers().
|
||||
ValueEqual("Globalfoo", []string{"Foooo"}).
|
||||
NotContainsKey("Foo").
|
||||
NotContainsKey("Xpto")
|
||||
|
||||
f.HTTPTestClient().
|
||||
GET("/").
|
||||
WithHeader("Host", hostAnnots).
|
||||
Expect().
|
||||
Status(http.StatusOK).Headers().
|
||||
ValueEqual("Globalfoo", []string{"Foooo"}).
|
||||
NotContainsKey("Foo").
|
||||
NotContainsKey("Xpto")
|
||||
})
|
||||
})
|
||||
Loading…
Reference in a new issue