Release controller v1.10.4 & chart v4.10.4. (#11815 )

Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11811 )
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-16 08:54:28 +02:00 · 2024-08-15 05:53:18 -07:00 · 2024-08-15 10:54:07 +02:00 · 2024-08-15 08:26:51 +02:00 · 2024-08-13 11:58:42 -07:00 · 2024-08-13 03:37:28 -07:00
255 changed files with 71244 additions and 64507 deletions
--- a/hack/verify-chart-lint.sh
+++ b/hack/verify-chart-lint.sh
@ -1,6 +1,4 @@
-#!/bin/bash
-
-# Copyright 2020 The Kubernetes Authors.
+# Copyright 2024 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -13,10 +11,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+---
+remote: origin
+target-branch: main

-set -o errexit
-set -o nounset
-set -o pipefail
+validate-maintainers: false
+check-version-increment: false

-KUBE_ROOT="$( cd "$(dirname "$0")../" >/dev/null 2>&1 ; pwd -P )"
-ct lint --charts ${KUBE_ROOT}/charts/ingress-nginx --validate-maintainers=false
+chart-repos:
+  - ingress-nginx=https://kubernetes.github.io/ingress-nginx
+helm-extra-args: --timeout 800s
+
+chart-dirs:
+  - charts
--- a/.github/ISSUE_TEMPLATE/cve_report.md
+++ b/.github/ISSUE_TEMPLATE/cve_report.md
@ -4,8 +4,9 @@ about: CVE reporting for ingress-nginx
 title: ''
 labels: kind/bug
 assignees:
-    - strongjz
+    - Gacko
    - rikatz
+    - strongjz
 ---

 <!-- if you found something that impacts directly ingress-nginx and
--- a/.github/actions/mkdocs/Dockerfile
+++ b/.github/actions/mkdocs/Dockerfile
@ -1,4 +1,4 @@
-FROM squidfunk/mkdocs-material:9.4.5 
+FROM squidfunk/mkdocs-material:9.4.5

 COPY action.sh /action.sh

--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -9,6 +9,10 @@ updates:
      - "area/dependency"
      - "release-note-none"
      - "ok-to-test"
+    groups:
+      all:
+        update-types:
+          - "patch"
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
@ -17,6 +21,11 @@ updates:
      - "area/dependency"
      - "release-note-none"
      - "ok-to-test"
+    groups:
+      all:
+        update-types:
+          - "minor"
+          - "patch"
  - package-ecosystem: "docker"
    directory: "/images"
    schedule:
@ -25,3 +34,8 @@ updates:
      - "area/dependency"
      - "release-note-none"
      - "ok-to-test"
+    groups:
+      actions:
+        update-types:
+          - "minor"
+          - "patch"
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -47,9 +47,9 @@ jobs:
    steps:

      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

-      - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@ -74,17 +74,17 @@ jobs:
    runs-on: ubuntu-latest
    needs: changes
    if: |
-      (needs.changes.outputs.go == 'true')
+      (needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
      - name: Get go version
        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
-        
+
      - name: Set up Go
        id: go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GOLANG_VERSION }}
          check-latest: true
@ -99,14 +99,14 @@ jobs:
    outputs:
      golangversion: ${{ steps.golangversion.outputs.version }}
    if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true')
-     
+      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+
    env:
        PLATFORMS: linux/amd64
    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
      - name: Get go version
        id: golangversion
        run: |
@ -114,17 +114,17 @@ jobs:

      - name: Set up Go
        id: go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ steps.golangversion.outputs.version }}
          check-latest: true

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0

      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
        with:
          version: latest

@ -136,14 +136,14 @@ jobs:
          curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl
          chmod +x ./kubectl
          sudo mv ./kubectl /usr/local/bin/kubectl
-      
+
      - name: Build NGINX Base image
        if: |
          needs.changes.outputs.baseimage == 'true'
        run: |
            export TAG=$(cat images/nginx-1.25/TAG)
            cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx-1.25:${TAG} .
-    
+
      - name: Build images
        env:
          TAG: 1.0.0-dev
@ -163,33 +163,35 @@ jobs:
            | gzip > docker.tar.gz

      - name: cache
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
        with:
          name: docker.tar.gz
          path: docker.tar.gz
          retention-days: 5
-  helm:
-    name: Helm chart
+
+  helm-lint:
+    name: Helm chart lint
    runs-on: ubuntu-latest
    needs:
      - changes
-      - build
    if: |
-      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true')
-
-    strategy:
-      matrix:
-        k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
+      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Setup Go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          go-version: ${{ needs.build.outputs.golangversion }}
-          check-latest: true
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+
+      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
+        with:
+          python-version: '3.x'
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

      - name: Install Helm Unit Test Plugin
        run: |
@ -199,14 +201,8 @@ jobs:
        run: |
          helm unittest charts/ingress-nginx -d

-      - name: cache
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
-        with:
-          name: docker.tar.gz
-
-      - name: Lint
-        run: |
-          ./build/run-in-docker.sh ./hack/verify-chart-lint.sh
+      - name: Run chart-testing (lint)
+        run: ct lint --config ./.ct.yaml

      - name: Run helm-docs
        run: |
@ -227,6 +223,35 @@ jobs:
          ./ah lint -p charts/ingress-nginx || exit 1
          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz

+  helm-test:
+    name: Helm chart testing
+    runs-on: ubuntu-latest
+    needs:
+      - changes
+      - build
+      - helm-lint
+    if: |
+      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+
+    strategy:
+      matrix:
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Setup Go
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version: ${{ needs.build.outputs.golangversion }}
+          check-latest: true
+
+      - name: cache
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: docker.tar.gz
+
      - name: fix permissions
        run: |
          sudo mkdir -p $HOME/.kube
@ -258,10 +283,10 @@ jobs:
      - changes
      - build
    if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true')
+      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    strategy:
      matrix:
-        k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
    uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
    with:
      k8s-version: ${{ matrix.k8s }}
@ -272,10 +297,10 @@ jobs:
      - changes
      - build
    if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true')
+      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    strategy:
      matrix:
-        k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
    uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
    with:
      k8s-version: ${{ matrix.k8s }}
@ -287,10 +312,10 @@ jobs:
      - changes
      - build
    if: |
-      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true')
+      (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
    strategy:
      matrix:
-        k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
    uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
    with:
      k8s-version: ${{ matrix.k8s }}
--- a/.github/workflows/depreview.yaml
+++ b/.github/workflows/depreview.yaml
@ -9,6 +9,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
--- a/.github/workflows/docs.yaml
+++ b/.github/workflows/docs.yaml
@ -23,9 +23,9 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

-      - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@ -47,7 +47,7 @@ jobs:

    steps:
      - name: Checkout master
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Deploy
        uses: ./.github/actions/mkdocs
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -2,10 +2,9 @@ name: golangci-lint

 on:
  pull_request:
-    branches:
-      - "*"
    paths:
      - '**/*.go'
+      - '.github/workflows/golangci-lint.yml'

 permissions:
  contents: read
@ -16,19 +15,19 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
      - name: Get go version
        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
-      
+
      - name: Set up Go
        id: go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GOLANG_VERSION }}
          check-latest: true
-      
+
      - name: golangci-lint
-        uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
+        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
        with:
-          version: v1.55.2
+          version: v1.56
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@ -4,6 +4,9 @@ on:
  push:
    branches:
      - main
+      - release-*
+  
+  workflow_dispatch:

 permissions:
  contents: read
@ -11,19 +14,20 @@ permissions:
 jobs:

  changes:
+    runs-on: ubuntu-latest
+
    permissions:
      contents: read  # for dorny/paths-filter to fetch a list of changed files
-      pull-requests: read  # for dorny/paths-filter to read pull requests
-    runs-on: ubuntu-latest
-    if: |
-      (github.repository == 'kubernetes/ingress-nginx')
+
+    if: github.repository == 'kubernetes/ingress-nginx'
+
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
      charts: ${{ steps.filter.outputs.charts }}

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Run Artifact Hub lint
        run: |
@ -33,11 +37,13 @@ jobs:
          ./ah lint -p charts/ingress-nginx || exit 1
          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz

-      - name: Lint
-        run: |
-          ./build/run-in-docker.sh ./hack/verify-chart-lint.sh
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

-      - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1
+      - name: Run chart-testing (lint)
+        run: ct lint --target-branch ${{ github.ref_name }} --config ./.ct.yaml
+
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@ -55,16 +61,16 @@ jobs:

    needs:
      - changes
-    if: |
-      (github.repository == 'kubernetes/ingress-nginx') &&
-      (needs.changes.outputs.charts == 'true')
+
+    if: ${{ needs.changes.outputs.charts == 'true' }}

    steps:
      - name: Checkout master
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
          fetch-depth: 0
+          ref: ${{ github.ref_name }} 

      - name: Setup
        shell: bash
--- a/.github/workflows/images.yaml
+++ b/.github/workflows/images.yaml
@ -41,8 +41,8 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@ -69,7 +69,7 @@ jobs:
              - 'images/opentelemetry/**'
            nginx125:
              - 'images/nginx-1.25/TAG'
- 
+
  #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here)
  cfssl:
    needs: changes
@ -89,7 +89,6 @@ jobs:
      name: custom-error-pages
    secrets: inherit

-
  e2e-test-echo:
    needs: changes
    if: |
@ -142,17 +141,17 @@ jobs:
      (needs.changes.outputs.kube-webhook-certgen == 'true')
    strategy:
      matrix:
-        k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0, v1.29.0]
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
    steps:
    - name: Checkout
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

    - name: Get go version
      run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV

    - name: Set up Go
      id: go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
      with:
        go-version: ${{ env.GOLANG_VERSION }}
        check-latest: true
@ -179,7 +178,7 @@ jobs:
        nginx: ['1.25.3', '1.21.6']
    steps:
    - name: Checkout
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
    - name: image build
      run: |
        cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build
@ -196,17 +195,17 @@ jobs:
      PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x
    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
        with:
          version: latest
          platforms: ${{ env.PLATFORMS }}
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
@ -214,5 +213,3 @@ jobs:
        run: |
          export TAG=$(cat images/nginx-1.25/TAG)
          cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx-1.25:${TAG} .
-    
-    
--- a/.github/workflows/junit-reports.yaml
+++ b/.github/workflows/junit-reports.yaml
@ -9,7 +9,7 @@ jobs:
  report:
    runs-on: ubuntu-latest
    steps:
-      - uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0
+      - uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
        with:
          artifact: /e2e-test-reports-(.*)/
          name: JEST Tests $1               # Name of the check run which will be created
--- a/.github/workflows/perftest.yaml
+++ b/.github/workflows/perftest.yaml
@ -19,7 +19,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Install K6
        run: |
--- a/.github/workflows/plugin.yaml
+++ b/.github/workflows/plugin.yaml
@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0

@ -20,23 +20,23 @@ jobs:
        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV

      - name: Set up Go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GOLANG_VERSION }}
          check-latest: true

      - name: Run GoReleaser Snapshot
        if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
-        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
        with:
          version: latest
          args: release --snapshot --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      
+
      - name: Run GoReleaser
        if: ${{ startsWith(github.ref, 'refs/tags/') }}
-        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
        with:
          version: latest
          args: release --clean
--- a/.github/workflows/project.yml
+++ b/.github/workflows/project.yml
@ -13,7 +13,7 @@ jobs:
      repository-projects: write
      issues: write
    steps:
-      - uses: actions/add-to-project@31b3f3ccdc584546fc445612dec3f38ff5edb41c # v0.5.0
+      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
        with:
          project-url: https://github.com/orgs/kubernetes/projects/104
          github-token: ${{ secrets.PROJECT_WRITER }}
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@ -27,12 +27,12 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          persist-credentials: false

      - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
        with:
          results_file: results.sarif
          results_format: sarif
@ -51,7 +51,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
        with:
          name: SARIF file
          path: results.sarif
@ -59,6 +59,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
        with:
          sarif_file: results.sarif
--- a/.github/workflows/vulnerability-scans.yaml
+++ b/.github/workflows/vulnerability-scans.yaml
@ -22,7 +22,7 @@ jobs:
      versions: ${{ steps.version.outputs.TAGS }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0

@ -52,7 +52,7 @@ jobs:
        versions: ${{ fromJSON(needs.version.outputs.versions) }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - shell: bash
        id: test
@ -60,7 +60,7 @@ jobs:

      - name: Scan image with AquaSec/Trivy
        id: scan
-        uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # v0.17.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
        with:
          image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
          format: 'sarif'
@ -75,7 +75,7 @@ jobs:

      # This step checks out a copy of your repository.
      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
        with:
          token: ${{ github.token }}
          # Path to SARIF file relative to the root of the repository
--- a/.github/workflows/zz-tmpl-images.yaml
+++ b/.github/workflows/zz-tmpl-images.yaml
@ -31,8 +31,8 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@ -48,7 +48,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Build
        run: |
@ -67,10 +67,10 @@ jobs:
      PLATFORMS: ${{ inputs.platforms-publish }}
    steps:
    - name: Checkout
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

    - name: Login to GitHub Container Registry
-      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
--- a/.github/workflows/zz-tmpl-k8s-e2e.yaml
+++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml
@ -20,10 +20,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: cache
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: docker.tar.gz

@ -50,7 +50,7 @@ jobs:
          make kind-e2e-test

      - name: Upload e2e junit-reports ${{ inputs.variation }}
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
        if: success() || failure()
        with:
          name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }}
--- a/.golangci.yml
+++ b/.golangci.yml
@ -200,9 +200,7 @@ linters-settings:
      - stringConcatSimplify
      - stringsCompare
      - switchTrue
-      - timeCmpSimplify
      - timeExprSimplify
-      - todoCommentWithoutDetail
      - tooManyResultsChecker
      - typeAssertChain
      - typeDefFirst
--- a/2
+++ b/2
@ -1 +1 @@
-1.22.0
+1.22.6
--- a/2
+++ b/2
@ -110,7 +110,7 @@ clean-chroot-image: ## Removes local image

 .PHONY: build
 build:  ## Build ingress controller, debug tool and pre-stop hook.
-	E2E_IMAGE=golang:$(GO_VERSION)-alpine3.19 USE_SHELL=/bin/sh build/run-in-docker.sh \
+	E2E_IMAGE=golang:$(GO_VERSION)-alpine3.20 USE_SHELL=/bin/sh build/run-in-docker.sh \
 		MAC_OS=$(MAC_OS) \
 		PKG=$(PKG) \
 		ARCH=$(ARCH) \
--- a/2
+++ b/2
@ -1 +1 @@
-registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.5@sha256:cdafd6c9d36e23414ce41330a482f9136ce82fac46802809681f61cdcd5ad0bb
+registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.12@sha256:2d471b3a34dc43d10c3f3d7f2a6e8a2ecf7654a4197e56374261c1c708b16365
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners

 approvers:
 - ingress-nginx-maintainers
@ -7,6 +7,6 @@ reviewers:
 - ingress-nginx-reviewers

 emeritus_approvers:
- aledbf  # 2020-04-02
+- aledbf # 2020-04-02
 - bowei # 2022-10-12
 - ElvinEfendi # 2023-04-23
--- a/20
+++ b/20
@ -1,4 +1,4 @@
-# See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md
+# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners

 aliases:
  sig-network-leads:
@ -7,38 +7,34 @@ aliases:
  - thockin

  ingress-nginx-admins:
+  - Gacko
  - rikatz
  - strongjz

  ingress-nginx-maintainers:
+  - cpanato
+  - Gacko
+  - puerco
  - rikatz
  - strongjz
-  - cpanato
-  - puerco
  - tao12345666333

  ingress-nginx-reviewers:
+  - cpanato
+  - Gacko
+  - puerco
  - rikatz
  - strongjz
-  - puerco
-  - cpanato
  - tao12345666333

  ingress-nginx-helm-maintainers:
-  - cpanato
-  - Gacko
-  - strongjz
  - ubergesundheit

  ingress-nginx-helm-reviewers:
-  - cpanato
-  - Gacko
-  - strongjz
  - ubergesundheit

  ingress-nginx-docs-maintainers:
  - longwuyuan
-  - tao12345666333

  ingress-nginx-kube-webhook-certgen-reviewers:
  - invidian
--- a/README.md
+++ b/README.md
@ -6,13 +6,12 @@
 [![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers)
 [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md)

-
 ## Overview

 ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load
 balancer.

-[Learn more about Ingress on the main Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/).
+[Learn more about Ingress on the Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/).

 ## Get started

@ -28,7 +27,7 @@ If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.

 See [the list of releases](https://github.com/kubernetes/ingress-nginx/releases) for all changes.
 For detailed changes for each release, please check the [changelog-$version.md](./changelog) file for the release version.
-For detailed changes on the `ingress-nginx` helm chart, please check the changelog folder for a specific version
+For detailed changes on the `ingress-nginx` helm chart, please check the changelog folder for a specific version.
 [CHANGELOG-$current-version.md](./charts/ingress-nginx/changelog) file.

 ### Supported Versions table
@ -36,25 +35,25 @@ For detailed changes on the `ingress-nginx` helm chart, please check the changel
 Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for
 the versions listed. Ingress-Nginx versions **may** work on older versions, but the project does not make that guarantee.

-|  Supported  | Ingress-NGINX version | k8s supported version        | Alpine Version | Nginx Version | Helm Chart Version |
-|:--:|-----------------------|------------------------------|----------------|---------------|------------------------------|
-| 🔄 | **v1.9.6**            | 1.29, 1.28, 1.27, 1.26, 1.25        | 3.19.0         | 1.21.6        | 4.9.1*                 |
-| 🔄 | **v1.9.5**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.9.0*                       |
-| 🔄 | **v1.9.4**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3                        |
-| 🔄 | **v1.9.3**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
-| 🔄 | **v1.9.1**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
-| 🔄 | **v1.9.0**            | 1.28, 1.27, 1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*                        |
-| 🔄 | **v1.8.4**            | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
-| 🔄 | **v1.8.2**            | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
-| 🔄 | **v1.8.1**            | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*              |
-| 🔄 | **v1.8.0**            | 1.27, 1.26, 1.25, 1.24        | 3.18.0         | 1.21.6        | 4.7.*              |
-|  | **v1.7.1**            | 1.27, 1.26, 1.25, 1.24        | 3.17.2         | 1.21.6        | 4.6.*              |
-|  | **v1.7.0**            | 1.26, 1.25, 1.24             | 3.17.2         | 1.21.6        | 4.6.*              |
-|    | v1.6.4                | 1.26, 1.25, 1.24, 1.23       | 3.17.0         | 1.21.6        | 4.5.*              |
-|    | v1.5.1                | 1.25, 1.24, 1.23             | 3.16.2         | 1.21.6        | 4.4.*              |
-|    | v1.4.0                | 1.25, 1.24, 1.23, 1.22       | 3.16.2         | 1.19.10†      | 4.3.0              |
-|    | v1.3.1                | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2         | 1.19.10†      | 4.2.5              |
-|    | v1.3.0                | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0         | 1.19.10†      | 4.2.3              |
+| Supported | Ingress-NGINX version | k8s supported version         | Alpine Version | Nginx Version | Helm Chart Version |
+| :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ |
+|    🔄     | **v1.10.4**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.10.4             |
+|    🔄     | **v1.10.3**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.10.3             |
+|    🔄     | **v1.10.2**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.20.0         | 1.25.5        | 4.10.2             |
+|    🔄     | **v1.10.1**           | 1.30, 1.29, 1.28, 1.27, 1.26  | 3.19.1         | 1.25.3        | 4.10.1             |
+|    🔄     | **v1.10.0**           | 1.29, 1.28, 1.27, 1.26        | 3.19.1         | 1.25.3        | 4.10.0             |
+|           | v1.9.6                | 1.29, 1.28, 1.27, 1.26, 1.25  | 3.19.0         | 1.21.6        | 4.9.1              |
+|           | v1.9.5                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.9.0              |
+|           | v1.9.4                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3              |
+|           | v1.9.3                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*              |
+|           | v1.9.1                | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*              |
+|           | v1.9.0                | 1.28, 1.27, 1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*              |
+|           | v1.8.4                | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*              |
+|           | v1.7.1                | 1.27, 1.26, 1.25, 1.24        | 3.17.2         | 1.21.6        | 4.6.*              |
+|           | v1.6.4                | 1.26, 1.25, 1.24, 1.23        | 3.17.0         | 1.21.6        | 4.5.*              |
+|           | v1.5.1                | 1.25, 1.24, 1.23              | 3.16.2         | 1.21.6        | 4.4.*              |
+|           | v1.4.0                | 1.25, 1.24, 1.23, 1.22        | 3.16.2         | 1.19.10†      | 4.3.0              |
+|           | v1.3.1                | 1.24, 1.23, 1.22, 1.21, 1.20  | 3.16.2         | 1.19.10†      | 4.2.5              |

 See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable
 Ingress API.
@ -65,7 +64,6 @@ Thanks for taking the time to join our community and start contributing!

 - This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md).
  By participating in this project, you agree to abide by its terms.
-
 - **Contributing**: Contributions of all kinds are welcome!

  - Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we
@ -74,8 +72,8 @@ Thanks for taking the time to join our community and start contributing!
  - Submit GitHub issues for any feature enhancements, bugs, or documentation problems.
    - Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**.
  - Join our [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
-
 - **Support**:
+
  - Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users.
  - The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests.
  - **Discuss**: Tweet using the `#IngressNginx` hashtag or sharing with us [@IngressNginx](https://twitter.com/IngressNGINX).
--- a/2
+++ b/2
@ -9,6 +9,6 @@
 #
 # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
 # INSTRUCTIONS AT https://kubernetes.io/security/
-bowei
+Gacko
 rikatz
 strongjz
--- a/1
+++ b/1
@ -0,0 +1 @@
+v1.10.4
--- a/build/dev-env.sh
+++ b/build/dev-env.sh
@ -64,7 +64,7 @@ echo "[dev-env] building image"
 make build image
 docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}"

-export K8S_VERSION=${K8S_VERSION:-v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f}
+export K8S_VERSION=${K8S_VERSION:-v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245}

 KIND_CLUSTER_NAME="ingress-nginx-dev"

--- a/build/run-in-docker.sh
+++ b/build/run-in-docker.sh
@ -44,7 +44,7 @@ function cleanup {
 }
 trap cleanup EXIT

-E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240126-760bf8eb@sha256:5e676bf2e5d5d035adfc6e093abee040af08327011e72fef640fa20da73cea2e}
+E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240812-3f0129aa@sha256:95c2aaf2a66e8cbbf7a7453046f3b024383c273a0988efab841cd96116afd1a9}

 if [[ "$RUNTIME" == podman ]]; then
  # Podman does not support both tag and digest
@ -82,7 +82,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
  echo "..reached DIND check TRUE block, inside run-in-docker.sh"
  echo "FLAGS=$FLAGS"
  #go env
-  go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.15.0
+  go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.20.0
  find / -type f -name ginkgo 2>/dev/null
  which ginkgo
  /bin/bash -c "${FLAGS}"
@ -96,4 +96,4 @@ else
  fi

  ${RUNTIME} run $args ${E2E_IMAGE} ${USE_SHELL} -c "${FLAGS}"
-fi
+fi
--- a/changelog/controller-1.10.0.md
+++ b/changelog/controller-1.10.0.md
@ -0,0 +1,68 @@
+# Changelog
+
+This release is the first using NGINX v1.25.0!
+
+## Breaking changes
+* This version does not support chroot image, this will be fixed on a future minor patch release
+* This version dropped Opentracing and zipkin modules, just Opentelemetry is supported
+* This version dropped support for PodSecurityPolicy
+* This version dropped support for GeoIP (legacy). Only GeoIP2 is supported
+
+### controller-v1.10.0
+
+Images:
+
+* registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
+
+### All changes:
+
+* Start the release of v1.10.0 (#11038)
+* bump nginx and Go, remove tag file and old CI jobs (#11037)
+* Fix kubewebhook image tag (#11033)
+* add missing backend-protocol annotation option (#9545)
+* Update controller-prometheusrules.yaml (#8902)
+* Stop reporting interrupted tests (#11027)
+* test(gzip): reach ingress (#9541)
+* fix datasource, $exported_namespace variable in grafana nginx dashboard (#9092)
+* Properly support a TLS-wrapped OCSP responder (#10164)
+* Fix print-e2e-suite (#9536)
+* chore(deps): upgrade headers-more module to 0.37 (#10991)
+* Update ingress-path-matching.md (#11008)
+* Update ingress-path-matching.md (#11007)
+* E2E Tests: Explicitly enable metrics. (#10962)
+* Chart: Set `--enable-metrics` depending on `controller.metrics.enabled`. (#10959)
+* Chart: Remove useless `default` from `_params.tpl`. (#10957)
+* Fix golang makefile var name (#10932)
+* Fixing image push (#10931)
+* fix: live-docs script (#10928)
+* docs: Add vouch-proxy OAuth example (#10929)
+* Add OTEL build test and for NGINX v1.25 (#10889)
+* docs: update annotations docs with missing session-cookie section (#10917)
+* Release controller 1.9.6 and helm 4.9.1 (#10919)
+
+### Dependency updates:
+
+* Bump kubewebhook certgen (#11034)
+* Bump go libraries (#11023)
+* Bump modsecurity on nginx 1.25 (#11024)
+* Bump grpc and reintroduce OTEL compilation (#11021)
+* Bump github/codeql-action from 3.24.0 to 3.24.5 (#11017)
+* Bump actions/dependency-review-action from 4.0.0 to 4.1.3 (#11016)
+* Bump dorny/paths-filter from 3.0.0 to 3.0.1 (#10994)
+* Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 (#10998)
+* Bump actions/upload-artifact from 4.3.0 to 4.3.1 (#10978)
+* Bump actions/download-artifact from 4.1.1 to 4.1.2 (#10981)
+* Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#10979)
+* Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#10980)
+* Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (#10976)
+* Bump github/codeql-action from 3.23.2 to 3.24.0 (#10971)
+* Bump github.com/opencontainers/runc from 1.1.11 to 1.1.12 (#10951)
+* Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#10938)
+* Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#10937)
+* Bump dorny/test-reporter from 1.7.0 to 1.8.0 (#10936)
+* Bump github/codeql-action from 3.23.1 to 3.23.2 (#10935)
+* Bump dorny/paths-filter from 2.11.1 to 3.0.0 (#10934)
+* Bump alpine to 3.19.1 (#10930)
+* Bump go to v1.21.6 and set a single source of truth (#10926)
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.6...controller-v1.10.0
--- a/changelog/controller-1.10.1.md
+++ b/changelog/controller-1.10.1.md
@ -0,0 +1,57 @@
+# Changelog
+
+### controller-v1.10.1
+
+Images:
+
+* registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e
+* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.1@sha256:c155954116b397163c88afcb3252462771bd7867017e8a17623e83601bab7ac7
+
+### All changes:
+
+* start 1.10.1 build (#11246)
+* force nginx rebuild (#11245)
+* update k8s version to latest kind release (#11241)
+* remove _ssl_expire_time_seconds metric by identifier (#11239)
+* update post submit helm ci and clean up (#11221)
+* Chart: Add unit tests for default backend & topology spread constraints. (#11219)
+* sort default backend hpa metrics (#11217)
+* updated certgen image shatag (#11216)
+* changed testrunner image sha (#11211)
+* bumped certgeimage tag (#11213)
+* updated baseimage & deleted a useless file (#11209)
+* bump ginkgo to 2-17-1 in testrunner (#11204)
+* chunking related faq update (#11205)
+* Fix-semver (#11199)
+* refactor helm ci tests part I (#11188)
+* Proposal: e2e tests for regex patterns (#11185)
+* bump ginkgo to v2.17.1 (#11186)
+* fixes brotli build issue (#11187)
+* fix geoip2 configuration docs (#11151)
+* Fix typos in OTel doc (#11081) (#11129)
+* Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
+* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
+* Chart: Align HPA & KEDA conditions. (#11113)
+* Chart: Improve IngressClass documentation. (#11111)
+* Chart: Add Gacko to maintainers. Again. (#11112)
+* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
+* Chores: Pick patches from main. (#11103)
+
+### Dependency updates:
+
+* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
+* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
+* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
+* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
+* Bump github.com/prometheus/client_model in the all group (#11231)
+* Bump the all group with 3 updates (#11230)
+* Bump the all group with 2 updates (#11190)
+* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
+* Bump the all group with 3 updates (#11166)
+* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
+* Bump the all group with 4 updates (#11140)
+* Bump the all group with 1 update (#11136)
+* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
+* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
+* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)
+
--- a/changelog/controller-1.10.2.md
+++ b/changelog/controller-1.10.2.md
@ -0,0 +1,130 @@
+# Changelog
+
+### controller-v1.10.2
+
+Images:
+
+* registry.k8s.io/ingress-nginx/controller:v1.10.2@sha256:e3311b3d9671bc52d90572bcbfb7ee5b71c985d6d6cffd445c241f1e2703363c
+* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.2@sha256:c4395cba98f9721e3381d3c06e7994371bae20f5ab30e457cd7debe44a8c8c54
+
+### All changes:
+
+* update test runner to latest build (#11557)
+* add k8s 1.30 to ci build (#11553)
+* update test runner go base to 3.20 (#11550)
+* tag new test runner image with new nginx base 0.0.8 (#11549)
+* bump NGINX_BASE to v0.0.8 (#11543)
+* trigger build for NGINX-1.25 v0.0.8 (#11542)
+* Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11548)
+* [feature] bump nginx to 1.25.5 and add http3 module (#11541)
+* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11534)
+* bump alpine version to 3.20 to custom-error-pages (#11537)
+* fix: Ensure changes in MatchCN annotation are detected (#11528)
+* Docs: Add information about HTTP/3 support. (#11525)
+* Docs: Specify `ingressClass` for multi-controller setup. (#11520)
+* Docs: Improve default certificate usage. (#11519)
+* docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11500)
+* Update getting-started.md with new prerequisites (#11487)
+* Fix boolean configuration (#11484)
+* Chores: Align security contacts & chart maintainers to actual owners. (#11480)
+* CI: Bump forgotten Ginkgo versions. (#11469)
+* Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11468)
+* Owners: Promote Gacko to admin. (#11464)
+* fixed fastcgi userguide (#11455)
+* Remove unnecessary space character (#11451)
+* fix for docs issue 11432 (#11446)
+* Update index.md (#11445)
+* upgrade to alpine 3.20 (#11438)
+* update golang to 1.22.4 (#11431)
+* Adapt dashboards for Grafana 11 compatibility (#11414)
+* Rename variable to fix typo (#11413)
+* Fix helm install on cloud provider admonition block (#11412)
+* edited helm-install tips (#11411)
+* added info for aws helm install (#11410)
+* added multiplecontrollers-howto to faq (#11409)
+* removed tlsv1 & tlsv1.1 (#11408)
+* Docs: Remove opentracing and zipkin from docs (#11405)
+* Go: Sync modules from `main`. (#11398)
+* add workflow to helm release and update ct for branch (#11317)
+* Merge pull request #11277 from strongjz/chart-1.10.1 (#11314)
+* Release Helm Chart on branch update (#11306)
+* Release controller 1.10.1 (#11298)
+* fix path in file changed detected message (#11286)
+* chore: fix function names in comment (#11281)
+* fix: update kube version requirement to 1.21 (#11279)
+* release helm chart from release branch (#11278)
+* start 1.10.1 build (#11246)
+* force nginx rebuild (#11245)
+* update k8s version to latest kind release (#11241)
+* remove _ssl_expire_time_seconds metric by identifier (#11239)
+* update post submit helm ci and clean up (#11221)
+* Chart: Add unit tests for default backend & topology spread constraints. (#11219)
+* sort default backend hpa metrics (#11217)
+* updated certgen image shatag (#11216)
+* changed testrunner image sha (#11211)
+* bumped certgeimage tag (#11213)
+* updated baseimage & deleted a useless file (#11209)
+* bump ginkgo to 2-17-1 in testrunner (#11204)
+* chunking related faq update (#11205)
+* Fix-semver (#11199)
+* refactor helm ci tests part I (#11188)
+* Proposal: e2e tests for regex patterns (#11185)
+* bump ginkgo to v2.17.1 (#11186)
+* fixes brotli build issue (#11187)
+* fix geoip2 configuration docs (#11151)
+* Fix typos in OTel doc (#11081) (#11129)
+* Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
+* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
+* Chart: Align HPA & KEDA conditions. (#11113)
+* Chart: Improve IngressClass documentation. (#11111)
+* Chart: Add Gacko to maintainers. Again. (#11112)
+* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
+* Chores: Pick patches from main. (#11103)
+* Start the release of v1.10.0 (#11038)
+
+### Dependency updates:
+
+* Bump the all group with 2 updates (#11524)
+* Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11521)
+* Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11501)
+* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11479)
+* Bump the all group with 3 updates (#11478)
+* Bump the all group with 2 updates (#11477)
+* Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11471)
+* Bump sigs.k8s.io/controller-runtime in the all group (#11449)
+* Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11447)
+* Bump the all group with 3 updates (#11450)
+* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11448)
+* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11422)
+* Bump the all group with 2 updates (#11421)
+* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11423)
+* Bump the all group across 1 directory with 6 updates (#11407)
+* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11406)
+* Bump the all group with 3 updates (#11404)
+* Bump Kubernetes version on images (#11403)
+* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11402)
+* Bump the all group with 4 updates (#11380)
+* Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11301)
+* Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11300)
+* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11285)
+* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11284)
+* Bump the all group with 2 updates (#11266)
+* Bump azure/setup-helm from 3.5 to 4 (#11265)
+* Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11264)
+* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
+* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
+* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
+* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
+* Bump github.com/prometheus/client_model in the all group (#11231)
+* Bump the all group with 3 updates (#11230)
+* Bump the all group with 2 updates (#11190)
+* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
+* Bump the all group with 3 updates (#11166)
+* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
+* Bump the all group with 4 updates (#11140)
+* Bump the all group with 1 update (#11136)
+* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
+* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
+* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.1...controller-v1.10.2
--- a/changelog/controller-1.10.3.md
+++ b/changelog/controller-1.10.3.md
@ -0,0 +1,37 @@
+# Changelog
+
+### controller-v1.10.3
+
+Images:
+
+* registry.k8s.io/ingress-nginx/controller:v1.10.3@sha256:b5a5082f8e508cc1aac1c0ef101dc2f87b63d51598a5747d81d6cf6e7ba058fd
+* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.3@sha256:9033e04bd3cd01f92414f8d5999c5095734d4caceb4923942298152a38373d4b
+
+### All changes:
+
+* Images: Trigger `controller` v1.10.3 build. (#11648)
+* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11646)
+* Images: Re-run `test-runner` build. (#11643)
+* Images: Trigger `test-runner` build. (#11639)
+* Images: Bump `NGINX_BASE` to v0.0.10. (#11637)
+* Images: Trigger NGINX build. (#11631)
+* bump testing runner (#11626)
+* remove modsecurity coreruleset test files from nginx image (#11619)
+* unskip the ocsp tests and update images to fix cfssl bug (#11615)
+* Fix indent in YAML for example pod (#11609)
+* Images: Bump `test-runner`. (#11604)
+* Images: Bump `NGINX_BASE` to v0.0.9. (#11601)
+* revert module upgrade (#11595)
+* README: Fix support matrix. (#11593)
+* Mage: Stop mutating release notes. (#11582)
+* Images: Bump `kube-webhook-certgen`. (#11583)
+
+### Dependency updates:
+
+* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11622)
+* Bump the all group with 5 updates (#11613)
+* Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11579)
+* Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11577)
+* Bump the all group with 4 updates (#11574)
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.10.3
--- a/changelog/controller-1.10.4.md
+++ b/changelog/controller-1.10.4.md
@ -0,0 +1,53 @@
+# Changelog
+
+### controller-v1.10.4
+
+Images:
+
+* registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
+* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.4@sha256:bf71acf6e71830a4470e2183e3bc93c4f006b954f8a05fb434242ef0f8a24858
+
+### All changes:
+
+* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11811)
+* Images: Trigger controller build. (#11808)
+* Tests & Docs: Bump images. (#11804)
+* Images: Trigger failed builds. (#11801)
+* Images: Trigger other builds. (#11797)
+* Controller: Fix panic in alternative backend merging. (#11793)
+* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11791)
+* Images: Trigger `test-runner` build. (#11786)
+* Images: Bump `NGINX_BASE` to v0.0.12. (#11783)
+* Images: Trigger NGINX build. (#11780)
+* Cloud Build: Add missing config, remove unused ones. (#11776)
+* Generate correct output on NumCPU() when using cgroups2 (#11775)
+* Cloud Build: Tweak timeouts. (#11762)
+* Cloud Build: Fix substitutions. (#11759)
+* Cloud Build: Some chores. (#11756)
+* Go: Bump to v1.22.6. (#11748)
+* Images: Bump `NGINX_BASE` to v0.0.11. (#11744)
+* Images: Trigger NGINX build. (#11736)
+* docs: update OpenSSL Roadmap link (#11734)
+* Go: Bump to v1.22.5. (#11731)
+* Docs: Fix typo in AWS LB Controller reference (#11724)
+* Perform some cleaning operations on line breaks. (#11722)
+* Missing anchors in regular expression. (#11718)
+* Docs: Fix `from-to-www` redirect description. (#11715)
+* Chart: Remove `isControllerTagValid`. (#11714)
+* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11704)
+* Docs: Clarify `from-to-www` redirect direction. (#11692)
+* added real-client-ip faq (#11665)
+* Docs: Format NGINX configuration table. (#11660)
+
+### Dependency updates:
+
+* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11772)
+* Bump the all group with 2 updates (#11770)
+* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11768)
+* Bump the all group with 3 updates (#11729)
+* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11700)
+* Bump the all group with 2 updates (#11697)
+* Bump the all group with 4 updates (#11676)
+* Bump the all group with 2 updates (#11674)
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.3...controller-v1.10.4
--- a/charts/ingress-nginx/Chart.yaml
+++ b/charts/ingress-nginx/Chart.yaml
@ -1,10 +1,9 @@
 annotations:
-  artifacthub.io/changes: |-
-    - "update web hook cert gen to latest release v20231226-1a7112e06"
-    - "Update Ingress-Nginx version controller-v1.9.6"
+  artifacthub.io/changes: |
+    - Update Ingress-Nginx version controller-v1.10.4
  artifacthub.io/prerelease: "false"
 apiVersion: v2
-appVersion: 1.9.6
+appVersion: 1.10.4
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
  load balancer
 home: https://github.com/kubernetes/ingress-nginx
@ -12,12 +11,15 @@ icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/5
 keywords:
 - ingress
 - nginx
-kubeVersion: '>=1.20.0-0'
+kubeVersion: '>=1.21.0-0'
 maintainers:
+- name: cpanato
+- name: Gacko
+- name: puerco
 - name: rikatz
 - name: strongjz
 - name: tao12345666333
 name: ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
-version: 4.9.1
+version: 4.10.4
--- a/charts/ingress-nginx/OWNERS
+++ b/charts/ingress-nginx/OWNERS
@ -1,4 +1,4 @@
-# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners

 approvers:
 - ingress-nginx-helm-maintainers
--- a/charts/ingress-nginx/README.md
+++ b/charts/ingress-nginx/README.md
@ -2,7 +2,7 @@

 [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

-![Version: 4.9.1](https://img.shields.io/badge/Version-4.9.1-informational?style=flat-square) ![AppVersion: 1.9.6](https://img.shields.io/badge/AppVersion-1.9.6-informational?style=flat-square)
+![Version: 4.10.4](https://img.shields.io/badge/Version-4.10.4-informational?style=flat-square) ![AppVersion: 1.10.4](https://img.shields.io/badge/AppVersion-1.10.4-informational?style=flat-square)

 To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.

@ -10,7 +10,7 @@ This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kuber

 ## Requirements

-Kubernetes: `>=1.20.0-0`
+Kubernetes: `>=1.21.0-0`

 ## Get Repo Info

@ -253,11 +253,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.admissionWebhooks.namespaceSelector | object | `{}` |  |
 | controller.admissionWebhooks.objectSelector | object | `{}` |  |
 | controller.admissionWebhooks.patch.enabled | bool | `true` |  |
-| controller.admissionWebhooks.patch.image.digest | string | `"sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334"` |  |
+| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3"` |  |
 | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` |  |
 | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` |  |
-| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.0"` |  |
+| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.3"` |  |
 | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
 | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
 | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
@ -317,8 +317,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
 | controller.image.allowPrivilegeEscalation | bool | `false` |  |
 | controller.image.chroot | bool | `false` |  |
-| controller.image.digest | string | `"sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c"` |  |
-| controller.image.digestChroot | string | `"sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096"` |  |
+| controller.image.digest | string | `"sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc"` |  |
+| controller.image.digestChroot | string | `"sha256:bf71acf6e71830a4470e2183e3bc93c4f006b954f8a05fb434242ef0f8a24858"` |  |
 | controller.image.image | string | `"ingress-nginx/controller"` |  |
 | controller.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.image.readOnlyRootFilesystem | bool | `false` |  |
@ -326,14 +326,15 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.image.runAsNonRoot | bool | `true` |  |
 | controller.image.runAsUser | int | `101` |  |
 | controller.image.seccompProfile.type | string | `"RuntimeDefault"` |  |
-| controller.image.tag | string | `"v1.9.6"` |  |
+| controller.image.tag | string | `"v1.10.4"` |  |
 | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
 | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
-| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |
-| controller.ingressClassResource.default | bool | `false` | Is this the default ingressClass for the cluster |
-| controller.ingressClassResource.enabled | bool | `true` | Is this ingressClass enabled or not |
-| controller.ingressClassResource.name | string | `"nginx"` | Name of the ingressClass |
-| controller.ingressClassResource.parameters | object | `{}` | Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters. |
+| controller.ingressClassResource | object | `{"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
+| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
+| controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class |
+| controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not |
+| controller.ingressClassResource.name | string | `"nginx"` | Name of the IngressClass |
+| controller.ingressClassResource.parameters | object | `{}` | A link to a custom resource containing additional configuration for the controller. This is optional if the controller consuming this IngressClass does not require additional parameters. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
 | controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` |  |
 | controller.keda.behavior | object | `{}` |  |
 | controller.keda.cooldownPeriod | int | `300` |  |
@ -389,11 +390,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
 | controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | controller.opentelemetry.enabled | bool | `false` |  |
-| controller.opentelemetry.image.digest | string | `"sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` |  |
+| controller.opentelemetry.image.digest | string | `"sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922"` |  |
 | controller.opentelemetry.image.distroless | bool | `true` |  |
-| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry"` |  |
+| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry-1.25.3"` |  |
 | controller.opentelemetry.image.registry | string | `"registry.k8s.io"` |  |
-| controller.opentelemetry.image.tag | string | `"v20230721-3e2062ee5"` |  |
+| controller.opentelemetry.image.tag | string | `"v20240813-b933310d"` |  |
 | controller.opentelemetry.name | string | `"opentelemetry"` |  |
 | controller.opentelemetry.resources | object | `{}` |  |
 | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
--- a/charts/ingress-nginx/changelog/helm-chart-4.10.0.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.10.0.md
@ -0,0 +1,9 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.10.0
+
+* - "Update Ingress-Nginx version controller-v1.10.0"
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.9.1...helm-chart-4.10.0
--- a/charts/ingress-nginx/changelog/helm-chart-4.10.1.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.10.1.md
@ -0,0 +1,11 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.10.1
+
+* - "update post submit helm ci and clean up (#11221)"
+* - "refactor helm ci tests part I (#11188)"
+* - "Update Ingress-Nginx version controller-v1.10.1"
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.0...helm-chart-4.10.1
--- a/charts/ingress-nginx/changelog/helm-chart-4.10.2.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.10.2.md
@ -0,0 +1,18 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.10.2
+
+* Chores: Align security contacts & chart maintainers to actual owners. (#11480)
+* Fix helm install on cloud provider admonition block (#11412)
+* edited helm-install tips (#11411)
+* added info for aws helm install (#11410)
+* add workflow to helm release and update ct for branch (#11317)
+* Merge pull request #11277 from strongjz/chart-1.10.1 (#11314)
+* release helm chart from release branch (#11278)
+* update post submit helm ci and clean up (#11221)
+* refactor helm ci tests part I (#11188)
+* Update Ingress-Nginx version controller-v1.10.2
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.1...helm-chart-4.10.2
--- a/charts/ingress-nginx/changelog/helm-chart-4.10.3.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.10.3.md
@ -0,0 +1,9 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.10.3
+
+* Update Ingress-Nginx version controller-v1.10.3
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.2...helm-chart-4.10.3
--- a/charts/ingress-nginx/changelog/helm-chart-4.10.4.md
+++ b/charts/ingress-nginx/changelog/helm-chart-4.10.4.md
@ -0,0 +1,9 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.10.4
+
+* Update Ingress-Nginx version controller-v1.10.4
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.3...helm-chart-4.10.4
--- a/charts/ingress-nginx/templates/_helpers.tpl
+++ b/charts/ingress-nginx/templates/_helpers.tpl
@ -233,25 +233,6 @@ Return the appropriate apiGroup for PodSecurityPolicy.
 {{- end -}}
 {{- end -}}

-{{/*
-Check the ingress controller version tag is at most three versions behind the last release
-*/}}
-{{- define "isControllerTagValid" -}}
-{{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}}
-{{- fail "Controller container image tag should be 0.27.0 or higher" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-IngressClass parameters.
-*/}}
-{{- define "ingressClass.parameters" -}}
-  {{- if .Values.controller.ingressClassResource.parameters -}}
-          parameters:
-{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}}
-  {{ end }}
-{{- end -}}
-
 {{/*
 Extra modules.
 */}}
--- a/charts/ingress-nginx/templates/controller-daemonset.yaml
+++ b/charts/ingress-nginx/templates/controller-daemonset.yaml
@ -1,5 +1,4 @@
 {{- if eq .Values.controller.kind "DaemonSet" -}}
-{{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
--- a/charts/ingress-nginx/templates/controller-deployment.yaml
+++ b/charts/ingress-nginx/templates/controller-deployment.yaml
@ -1,5 +1,4 @@
 {{- if eq .Values.controller.kind "Deployment" -}}
-{{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -19,7 +18,7 @@ spec:
    matchLabels:
      {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: controller
-  {{- if not (or .Values.controller.autoscaling.enabled .Values.controller.keda.enabled) }}
+  {{- if eq .Values.controller.autoscaling.enabled .Values.controller.keda.enabled }}
  replicas: {{ .Values.controller.replicaCount }}
  {{- end }}
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
--- a/charts/ingress-nginx/templates/controller-ingressclass.yaml
+++ b/charts/ingress-nginx/templates/controller-ingressclass.yaml
@ -1,6 +1,4 @@
 {{- if .Values.controller.ingressClassResource.enabled -}}
-# We don't support namespaced ingressClass yet
-# So a ClusterRole and a ClusterRoleBinding is required
 apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata:
@ -11,11 +9,13 @@ metadata:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ .Values.controller.ingressClassResource.name }}
-{{- if .Values.controller.ingressClassResource.default }}
+  {{- if .Values.controller.ingressClassResource.default }}
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
-{{- end }}
+  {{- end }}
 spec:
  controller: {{ .Values.controller.ingressClassResource.controllerValue }}
-  {{ template "ingressClass.parameters" . }}
+  {{- with .Values.controller.ingressClassResource.parameters }}
+  parameters: {{ toYaml . | nindent 4 }}
+  {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/templates/controller-keda.yaml
+++ b/charts/ingress-nginx/templates/controller-keda.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.controller.keda.enabled (eq .Values.controller.kind "Deployment") -}}
+{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.keda.enabled (not .Values.controller.autoscaling.enabled) -}}
 apiVersion: {{ .Values.controller.keda.apiVersion }}
 kind: ScaledObject
 metadata:
--- a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
+++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
@ -1,4 +1,13 @@
-{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }}
+# PDB is not supported for DaemonSets.
+# https://github.com/kubernetes/kubernetes/issues/108124
+{{- if eq .Values.controller.kind "Deployment" }}
+{{- $replicas := .Values.controller.replicaCount }}
+{{- if and .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) }}
+{{- $replicas = .Values.controller.autoscaling.minReplicas }}
+{{- else if and .Values.controller.keda.enabled (not .Values.controller.autoscaling.enabled) }}
+{{- $replicas = .Values.controller.keda.minReplicas }}
+{{- end }}
+{{- if gt ($replicas | int) 1 }}
 apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
 kind: PodDisruptionBudget
 metadata:
@ -24,3 +33,4 @@ spec:
  maxUnavailable: {{ .Values.controller.maxUnavailable }}
  {{- end }}
 {{- end }}
+{{- end }}
--- a/charts/ingress-nginx/templates/controller-service-internal.yaml
+++ b/charts/ingress-nginx/templates/controller-service-internal.yaml
@ -58,7 +58,7 @@ spec:
      port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
      appProtocol: http
    {{- end }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.http))) }}
@ -70,7 +70,7 @@ spec:
      port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.internal.appProtocol) }}
      appProtocol: https
    {{- end }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.https))) }}
--- a/charts/ingress-nginx/templates/controller-service-webhook.yaml
+++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml
@ -31,7 +31,7 @@ spec:
    - name: https-webhook
      port: 443
      targetPort: webhook
-    {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+    {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
      appProtocol: https
    {{- end }}
  selector:
--- a/charts/ingress-nginx/templates/controller-service.yaml
+++ b/charts/ingress-nginx/templates/controller-service.yaml
@ -58,7 +58,7 @@ spec:
      port: {{ .Values.controller.service.ports.http }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.http }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
      appProtocol: http
    {{- end }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
@ -70,7 +70,7 @@ spec:
      port: {{ .Values.controller.service.ports.https }}
      protocol: TCP
      targetPort: {{ .Values.controller.service.targetPorts.https }}
-    {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+    {{- if and (semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
      appProtocol: https
    {{- end }}
    {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
--- a/charts/ingress-nginx/templates/default-backend-hpa.yaml
+++ b/charts/ingress-nginx/templates/default-backend-hpa.yaml
@ -21,14 +21,6 @@ spec:
  minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
  metrics:
-  {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
-  - type: Resource
-    resource:
-      name: cpu
-      target:
-        type: Utilization
-        averageUtilization: {{ . }}
-  {{- end }}
  {{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
  - type: Resource
    resource:
@ -37,4 +29,12 @@ spec:
        type: Utilization
        averageUtilization: {{ . }}
  {{- end }}
+  {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: {{ . }}
+  {{- end }}
 {{- end }}
--- a/charts/ingress-nginx/templates/default-backend-service.yaml
+++ b/charts/ingress-nginx/templates/default-backend-service.yaml
@ -32,7 +32,7 @@ spec:
      port: {{ .Values.defaultBackend.service.servicePort }}
      protocol: TCP
      targetPort: http
-    {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+    {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
      appProtocol: http
    {{- end }}
  selector:
--- a/charts/ingress-nginx/tests/controller-daemonset_test.yaml
+++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml
@ -33,6 +33,15 @@ tests:
          path: spec.template.spec.containers[0].args
          content: --enable-metrics=false

+  - it: should create a DaemonSet with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
+    set:
+      controller.kind: DaemonSet
+      controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --controller-class=k8s.io/ingress-nginx-internal
+
  - it: should create a DaemonSet with resource limits if `controller.resources.limits` is set
    set:
      controller.kind: DaemonSet
@ -45,3 +54,54 @@ tests:
      - equal:
          path: spec.template.spec.containers[0].resources.limits.memory
          value: 512Mi
+
+  - it: should create a DaemonSet with topology spread constraints if `controller.topologySpreadConstraints` is set
+    set:
+      controller.kind: DaemonSet
+      controller.topologySpreadConstraints:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
+              app.kubernetes.io/instance: '{{ .Release.Name }}'
+              app.kubernetes.io/component: controller
+          topologyKey: topology.kubernetes.io/zone
+          maxSkew: 1
+          whenUnsatisfiable: ScheduleAnyway
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
+              app.kubernetes.io/instance: '{{ .Release.Name }}'
+              app.kubernetes.io/component: controller
+          topologyKey: kubernetes.io/hostname
+          maxSkew: 1
+          whenUnsatisfiable: ScheduleAnyway
+    asserts:
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints
+          value:
+            - labelSelector:
+                matchLabels:
+                  app.kubernetes.io/name: ingress-nginx
+                  app.kubernetes.io/instance: RELEASE-NAME
+                  app.kubernetes.io/component: controller
+              topologyKey: topology.kubernetes.io/zone
+              maxSkew: 1
+              whenUnsatisfiable: ScheduleAnyway
+            - labelSelector:
+                matchLabels:
+                  app.kubernetes.io/name: ingress-nginx
+                  app.kubernetes.io/instance: RELEASE-NAME
+                  app.kubernetes.io/component: controller
+              topologyKey: kubernetes.io/hostname
+              maxSkew: 1
+              whenUnsatisfiable: ScheduleAnyway
+
+  - it: should create a DaemonSet with a custom tag if `controller.image.tag` is set
+    set:
+      controller.kind: DaemonSet
+      controller.image.tag: my-little-custom-tag
+      controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
--- a/charts/ingress-nginx/tests/controller-deployment_test.yaml
+++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml
@ -21,6 +21,28 @@ tests:
          path: spec.replicas
          value: 3

+  - it: should create a Deployment without replicas if `controller.autoscaling.enabled` is true
+    set:
+      controller.autoscaling.enabled: true
+    asserts:
+      - notExists:
+          path: spec.replicas
+
+  - it: should create a Deployment without replicas if `controller.keda.enabled` is true
+    set:
+      controller.keda.enabled: true
+    asserts:
+      - notExists:
+          path: spec.replicas
+
+  - it: should create a Deployment with replicas if `controller.autoscaling.enabled` is true and `controller.keda.enabled` is true
+    set:
+      controller.autoscaling.enabled: true
+      controller.keda.enabled: true
+    asserts:
+      - exists:
+          path: spec.replicas
+
  - it: should create a Deployment with argument `--enable-metrics=false` if `controller.metrics.enabled` is false
    set:
      controller.metrics.enabled: false
@ -37,6 +59,14 @@ tests:
          path: spec.template.spec.containers[0].args
          content: --enable-metrics=false

+  - it: should create a Deployment with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
+    set:
+      controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --controller-class=k8s.io/ingress-nginx-internal
+
  - it: should create a Deployment with resource limits if `controller.resources.limits` is set
    set:
      controller.resources.limits.cpu: 500m
@ -48,3 +78,52 @@ tests:
      - equal:
          path: spec.template.spec.containers[0].resources.limits.memory
          value: 512Mi
+
+  - it: should create a Deployment with topology spread constraints if `controller.topologySpreadConstraints` is set
+    set:
+      controller.topologySpreadConstraints:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
+              app.kubernetes.io/instance: '{{ .Release.Name }}'
+              app.kubernetes.io/component: controller
+          topologyKey: topology.kubernetes.io/zone
+          maxSkew: 1
+          whenUnsatisfiable: ScheduleAnyway
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
+              app.kubernetes.io/instance: '{{ .Release.Name }}'
+              app.kubernetes.io/component: controller
+          topologyKey: kubernetes.io/hostname
+          maxSkew: 1
+          whenUnsatisfiable: ScheduleAnyway
+    asserts:
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints
+          value:
+            - labelSelector:
+                matchLabels:
+                  app.kubernetes.io/name: ingress-nginx
+                  app.kubernetes.io/instance: RELEASE-NAME
+                  app.kubernetes.io/component: controller
+              topologyKey: topology.kubernetes.io/zone
+              maxSkew: 1
+              whenUnsatisfiable: ScheduleAnyway
+            - labelSelector:
+                matchLabels:
+                  app.kubernetes.io/name: ingress-nginx
+                  app.kubernetes.io/instance: RELEASE-NAME
+                  app.kubernetes.io/component: controller
+              topologyKey: kubernetes.io/hostname
+              maxSkew: 1
+              whenUnsatisfiable: ScheduleAnyway
+
+  - it: should create a Deployment with a custom tag if `controller.image.tag` is set
+    set:
+      controller.image.tag: my-little-custom-tag
+      controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
--- a/charts/ingress-nginx/tests/controller-hpa_test.yaml
+++ b/charts/ingress-nginx/tests/controller-hpa_test.yaml
@ -3,9 +3,8 @@ templates:
  - controller-hpa.yaml

 tests:
-  - it: should create a HPA if `controller.kind` is "Deployment" and `controller.autoscaling.enabled` is true
+  - it: should create an HPA if `controller.autoscaling.enabled` is true
    set:
-      controller.kind: Deployment
      controller.autoscaling.enabled: true
    asserts:
      - hasDocuments:
@ -15,3 +14,18 @@ tests:
      - equal:
          path: metadata.name
          value: RELEASE-NAME-ingress-nginx-controller
+
+  - it: should not create an HPA if `controller.autoscaling.enabled` is true and `controller.keda.enabled` is true
+    set:
+      controller.autoscaling.enabled: true
+      controller.keda.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should not create an HPA if `controller.kind` is "DaemonSet"
+    set:
+      controller.kind: DaemonSet
+    asserts:
+      - hasDocuments:
+          count: 0
--- a/charts/ingress-nginx/tests/controller-ingressclass_test.yaml
+++ b/charts/ingress-nginx/tests/controller-ingressclass_test.yaml
@ -0,0 +1,77 @@
+suite: Controller > IngressClass
+templates:
+  - controller-ingressclass.yaml
+
+tests:
+  - it: should create an IngressClass
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: IngressClass
+      - equal:
+          path: metadata.name
+          value: nginx
+
+  - it: should create an IngressClass with name "nginx-internal" if `controller.ingressClassResource.name` is "nginx-internal"
+    set:
+      controller.ingressClassResource.name: nginx-internal
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: IngressClass
+      - equal:
+          path: metadata.name
+          value: nginx-internal
+
+  - it: "should create an IngressClass with annotation `ingressclass.kubernetes.io/is-default-class: \"true\"` if `controller.ingressClassResource.default` is true"
+    set:
+      controller.ingressClassResource.default: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: IngressClass
+      - equal:
+          path: metadata.name
+          value: nginx
+      - equal:
+          path: metadata.annotations["ingressclass.kubernetes.io/is-default-class"]
+          value: "true"
+
+  - it: should create an IngressClass with controller "k8s.io/ingress-nginx-internal" if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
+    set:
+      controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: IngressClass
+      - equal:
+          path: metadata.name
+          value: nginx
+      - equal:
+          path: spec.controller
+          value: k8s.io/ingress-nginx-internal
+
+  - it: should create an IngressClass with parameters if `controller.ingressClassResource.parameters` is set
+    set:
+      controller.ingressClassResource.parameters:
+        apiGroup: k8s.example.com
+        kind: IngressParameters
+        name: external-lb
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: IngressClass
+      - equal:
+          path: metadata.name
+          value: nginx
+      - equal:
+          path: spec.parameters
+          value:
+            apiGroup: k8s.example.com
+            kind: IngressParameters
+            name: external-lb
--- a/charts/ingress-nginx/tests/controller-keda_test.yaml
+++ b/charts/ingress-nginx/tests/controller-keda_test.yaml
@ -3,9 +3,8 @@ templates:
  - controller-keda.yaml

 tests:
-  - it: should create a ScaledObject if `controller.kind` is "Deployment" and `controller.keda.enabled` is true
+  - it: should create a ScaledObject if `controller.keda.enabled` is true
    set:
-      controller.kind: Deployment
      controller.keda.enabled: true
    asserts:
      - hasDocuments:
@ -15,3 +14,18 @@ tests:
      - equal:
          path: metadata.name
          value: RELEASE-NAME-ingress-nginx-controller
+
+  - it: should not create a ScaledObject if `controller.keda.enabled` is true and `controller.autoscaling.enabled` is true
+    set:
+      controller.keda.enabled: true
+      controller.autoscaling.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should not create a ScaledObject if `controller.kind` is "DaemonSet"
+    set:
+      controller.kind: DaemonSet
+    asserts:
+      - hasDocuments:
+          count: 0
--- a/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml
+++ b/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml
@ -0,0 +1,73 @@
+suite: Controller > PodDisruptionBudget
+templates:
+  - controller-poddisruptionbudget.yaml
+
+tests:
+  - it: should create a PodDisruptionBudget if `controller.replicaCount` is greater than 1
+    set:
+      controller.replicaCount: 2
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: PodDisruptionBudget
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
+
+  - it: should not create a PodDisruptionBudget if `controller.replicaCount` is less than or equal 1
+    set:
+      controller.replicaCount: 1
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a PodDisruptionBudget if `controller.autoscaling.enabled` is true and `controller.autoscaling.minReplicas` is greater than 1
+    set:
+      controller.autoscaling.enabled: true
+      controller.autoscaling.minReplicas: 2
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: PodDisruptionBudget
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
+
+  - it: should not create a PodDisruptionBudget if `controller.autoscaling.enabled` is true and `controller.autoscaling.minReplicas` is less than or equal 1
+    set:
+      controller.autoscaling.enabled: true
+      controller.autoscaling.minReplicas: 1
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a PodDisruptionBudget if `controller.keda.enabled` is true and `controller.keda.minReplicas` is greater than 1
+    set:
+      controller.keda.enabled: true
+      controller.keda.minReplicas: 2
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: PodDisruptionBudget
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
+
+  - it: should not create a PodDisruptionBudget if `controller.keda.enabled` is true and `controller.keda.minReplicas` is less than or equal 1
+    set:
+      controller.keda.enabled: true
+      controller.keda.minReplicas: 1
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should not create a PodDisruptionBudget if `controller.autoscaling.enabled` is true and `controller.keda.enabled` is true
+    set:
+      controller.autoscaling.enabled: true
+      controller.keda.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
--- a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml
+++ b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml
@ -0,0 +1,53 @@
+suite: Default Backend > Deployment
+templates:
+  - default-backend-deployment.yaml
+
+tests:
+  - it: should not create a Deployment if `defaultBackend.enabled` is false
+    set:
+      defaultBackend.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a Deployment if `defaultBackend.enabled` is true
+    set:
+      defaultBackend.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Deployment
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-defaultbackend
+
+  - it: should create a Deployment with 3 replicas if `defaultBackend.replicaCount` is 3
+    set:
+      defaultBackend.enabled: true
+      defaultBackend.replicaCount: 3
+    asserts:
+      - equal:
+          path: spec.replicas
+          value: 3
+
+  - it: should create a Deployment without replicas if `defaultBackend.autoscaling.enabled` is true
+    set:
+      defaultBackend.enabled: true
+      defaultBackend.autoscaling.enabled: true
+    asserts:
+      - notExists:
+          path: spec.replicas
+
+  - it: should create a Deployment with resource limits if `defaultBackend.resources.limits` is set
+    set:
+      defaultBackend.enabled: true
+      defaultBackend.resources.limits.cpu: 500m
+      defaultBackend.resources.limits.memory: 512Mi
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.cpu
+          value: 500m
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.memory
+          value: 512Mi
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@ -26,9 +26,9 @@ controller:
    ## for backwards compatibility consider setting the full image url via the repository value below
    ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
    ## repository:
-    tag: "v1.9.6"
-    digest: sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
-    digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096
+    tag: "v1.10.4"
+    digest: sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
+    digestChroot: sha256:bf71acf6e71830a4470e2183e3bc93c4f006b954f8a05fb434242ef0f8a24858
    pullPolicy: IfNotPresent
    runAsNonRoot: true
    # www-data -> uid 101
@ -108,21 +108,30 @@ controller:
    enabled: false
  # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader'
  electionID: ""
-  ## This section refers to the creation of the IngressClass resource
-  ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19
+  # -- This section refers to the creation of the IngressClass resource.
+  # IngressClasses are immutable and cannot be changed after creation.
+  # We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required.
  ingressClassResource:
-    # -- Name of the ingressClass
+    # -- Name of the IngressClass
    name: nginx
-    # -- Is this ingressClass enabled or not
+    # -- Create the IngressClass or not
    enabled: true
-    # -- Is this the default ingressClass for the cluster
+    # -- If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation.
+    # Ingress creation gets rejected if there are multiple default IngressClasses.
+    # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class
    default: false
-    # -- Controller-value of the controller that is processing this ingressClass
-    controllerValue: "k8s.io/ingress-nginx"
-    # -- Parameters is a link to a custom resource containing additional
-    # configuration for the controller. This is optional if the controller
-    # does not require extra parameters.
+    # -- Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value.
+    # This value is also being set as the `--controller-class` argument of this Ingress Controller.
+    # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
+    controllerValue: k8s.io/ingress-nginx
+    # -- A link to a custom resource containing additional configuration for the controller.
+    # This is optional if the controller consuming this IngressClass does not require additional parameters.
+    # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
    parameters: {}
+    # parameters:
+    #   apiGroup: k8s.example.com
+    #   kind: IngressParameters
+    #   name: external-lb
  # -- For backwards compatibility with ingress.class annotation, use ingressClass.
  # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation
  ingressClass: nginx
@ -683,12 +692,12 @@ controller:
    name: opentelemetry
    image:
      registry: registry.k8s.io
-      image: ingress-nginx/opentelemetry
+      image: ingress-nginx/opentelemetry-1.25.3
      ## for backwards compatibility consider setting the full image url via the repository value below
      ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
      ## repository:
-      tag: "v20230721-3e2062ee5"
-      digest: sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472
+      tag: v20240813-b933310d
+      digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
      distroless: true
    containerSecurityContext:
      runAsNonRoot: true
@ -781,8 +790,8 @@ controller:
        ## for backwards compatibility consider setting the full image url via the repository value below
        ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
        ## repository:
-        tag: v1.4.0
-        digest: sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
+        tag: v1.4.3
+        digest: sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        pullPolicy: IfNotPresent
      # -- Provide a priority class name to the webhook patching job
      ##
@ -1077,13 +1086,13 @@ imagePullSecrets: []
 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
 ##
 tcp: {}
-#  8080: "default/example-tcp-svc:9000"
+#  "8080": "default/example-tcp-svc:9000"

 # -- UDP service key-value pairs
 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
 ##
 udp: {}
-#  53: "kube-system/kube-dns:53"
+#  "53": "kube-system/kube-dns:53"

 # -- Prefix for TCP and UDP ports names in ingress controller service
 ## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@ -1,25 +1,15 @@
-# See https://cloud.google.com/cloud-build/docs/build-config
-
-timeout: 18000s
 options:
+  # Ignore Prow provided substitutions.
  substitution_option: ALLOW_LOOSE
 steps:
-  - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90'
-    entrypoint: bash
+  - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9
    env:
-      - DOCKER_CLI_EXPERIMENTAL=enabled
      - REGISTRY=gcr.io/k8s-staging-ingress-nginx
      - REPO_INFO=https://github.com/kubernetes/ingress-nginx
-      - COMMIT_SHA=$_PULL_BASE_SHA
-      - BUILD_ID=$BUILD_ID
-      - HOME=/root
-      - USER=root
+      - COMMIT_SHA=${_PULL_BASE_SHA}
+      - BUILD_ID=${BUILD_ID}
+    entrypoint: bash
    args:
-    - -c
-    - |
-      gcloud auth configure-docker \
-      && make release
-substitutions:
-  _GIT_TAG: "12345"
-  _PULL_BASE_REF: "main"
-  _PULL_BASE_SHA: '12345'
+      - -c
+      - gcloud auth configure-docker && make release
+timeout: 1800s
--- a/cmd/dbg/main.go
+++ b/cmd/dbg/main.go
@ -47,7 +47,7 @@ func main() {
 	backendsAllCmd := &cobra.Command{
 		Use:   "all",
 		Short: "Output the all dynamic backend information as a JSON array",
-		Run: func(cmd *cobra.Command, args []string) {
+		Run: func(_ *cobra.Command, _ []string) {
 			backendsAll()
 		},
 	}
@ -56,7 +56,7 @@ func main() {
 	backendsListCmd := &cobra.Command{
 		Use:   "list",
 		Short: "Output a newline-separated list of the backend names",
-		Run: func(cmd *cobra.Command, args []string) {
+		Run: func(_ *cobra.Command, _ []string) {
 			backendsList()
 		},
 	}
@ -66,7 +66,7 @@ func main() {
 		Use:   "get [backend name]",
 		Short: "Output the backend information only for the backend that has this name",
 		Args:  cobra.ExactArgs(1),
-		Run: func(cmd *cobra.Command, args []string) {
+		Run: func(_ *cobra.Command, args []string) {
 			backendsGet(args[0])
 		},
 	}
@ -81,7 +81,7 @@ func main() {
 		Use:   "get [hostname]",
 		Short: "Get the dynamically-loaded certificate information for the given hostname",
 		Args:  cobra.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, args []string) error {
 			certGet(args[0])
 			return nil
 		},
@ -93,7 +93,7 @@ func main() {
 	generalCmd := &cobra.Command{
 		Use:   "general",
 		Short: "Output the general dynamic lua state",
-		Run: func(cmd *cobra.Command, args []string) {
+		Run: func(_ *cobra.Command, _ []string) {
 			general()
 		},
 	}
@ -102,7 +102,7 @@ func main() {
 	confCmd := &cobra.Command{
 		Use:   "conf",
 		Short: "Dump the contents of /etc/nginx/nginx.conf",
-		Run: func(cmd *cobra.Command, args []string) {
+		Run: func(_ *cobra.Command, _ []string) {
 			readNginxConf()
 		},
 	}
--- a/cmd/nginx/main.go
+++ b/cmd/nginx/main.go
@ -74,7 +74,7 @@ func main() {
 		handleFatalInitError(err)
 	}

-	if len(conf.DefaultService) > 0 {
+	if conf.DefaultService != "" {
 		err := checkService(conf.DefaultService, kubeClient)
 		if err != nil {
 			klog.Fatal(err)
@ -83,7 +83,7 @@ func main() {
 		klog.InfoS("Valid default backend", "service", conf.DefaultService)
 	}

-	if len(conf.PublishService) > 0 {
+	if conf.PublishService != "" {
 		err := checkService(conf.PublishService, kubeClient)
 		if err != nil {
 			klog.Fatal(err)
@ -235,7 +235,6 @@ func createApiserverClient(apiserverHost, rootCAFile, kubeConfig string) (*kuber
 		retries++
 		return false, nil
 	})
-
 	// err is returned in case of timeout in the exponential backoff (ErrWaitTimeout)
 	if err != nil {
 		return nil, lastErr
--- a/cmd/plugin/commands/backends/backends.go
+++ b/cmd/plugin/commands/backends/backends.go
@ -34,7 +34,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "backends",
 		Short: "Inspect the dynamic backend information of an ingress-nginx instance",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			backend, err := cmd.Flags().GetString("backend")
 			if err != nil {
 				return err
--- a/cmd/plugin/commands/certs/certs.go
+++ b/cmd/plugin/commands/certs/certs.go
@ -35,7 +35,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "certs",
 		Short: "Output the certificate data stored in an ingress-nginx pod",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			host, err := cmd.Flags().GetString("host")
 			if err != nil {
 				return err
--- a/cmd/plugin/commands/conf/conf.go
+++ b/cmd/plugin/commands/conf/conf.go
@ -36,7 +36,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "conf",
 		Short: "Inspect the generated nginx.conf",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			host, err := cmd.Flags().GetString("host")
 			if err != nil {
 				return err
--- a/cmd/plugin/commands/exec/exec.go
+++ b/cmd/plugin/commands/exec/exec.go
@ -34,7 +34,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "exec",
 		Short: "Execute a command inside an ingress-nginx pod",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, args []string) error {
 			util.PrintError(exec(flags, *pod, *deployment, *selector, *container, args, opts))
 			return nil
 		},
--- a/cmd/plugin/commands/general/general.go
+++ b/cmd/plugin/commands/general/general.go
@ -34,7 +34,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "general",
 		Short: "Inspect the other dynamic ingress-nginx information",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, _ []string) error {
 			util.PrintError(general(flags, *pod, *deployment, *selector, *container))
 			return nil
 		},
--- a/cmd/plugin/commands/info/info.go
+++ b/cmd/plugin/commands/info/info.go
@ -32,7 +32,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "info",
 		Short: "Show information about the ingress-nginx service",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			service, err := cmd.Flags().GetString("service")
 			if err != nil {
 				return err
--- a/cmd/plugin/commands/ingresses/ingresses.go
+++ b/cmd/plugin/commands/ingresses/ingresses.go
@ -36,7 +36,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 		Use:     "ingresses",
 		Aliases: []string{"ingress", "ing"},
 		Short:   "Provide a short summary of all of the ingress definitions",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			host, err := cmd.Flags().GetString("host")
 			if err != nil {
 				return err
@ -139,14 +139,14 @@ func getIngressRows(ingresses *[]networking.Ingress) []ingressRow {
 		ing := &(*ingresses)[i]
 		address := ""
 		for _, lbIng := range ing.Status.LoadBalancer.Ingress {
-			if len(lbIng.IP) > 0 {
+			if lbIng.IP != "" {
 				address = address + lbIng.IP + ","
 			}
-			if len(lbIng.Hostname) > 0 {
+			if lbIng.Hostname != "" {
 				address = address + lbIng.Hostname + ","
 			}
 		}
-		if len(address) > 0 {
+		if address != "" {
 			address = address[:len(address)-1]
 		}

@ -166,7 +166,7 @@ func getIngressRows(ingresses *[]networking.Ingress) []ingressRow {
 		}

 		// Handle catch-all ingress
-		if len(ing.Spec.Rules) == 0 && len(defaultBackendService) > 0 {
+		if len(ing.Spec.Rules) == 0 && defaultBackendService != "" {
 			row := ingressRow{
 				Namespace:   ing.Namespace,
 				IngressName: ing.Name,
--- a/cmd/plugin/commands/lint/main.go
+++ b/cmd/plugin/commands/lint/main.go
@ -38,7 +38,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "lint",
 		Short: "Inspect kubernetes resources for possible issues",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, _ []string) error {
 			err := opts.Validate()
 			if err != nil {
 				return err
@ -73,7 +73,7 @@ func createSubcommand(flags *genericclioptions.ConfigFlags, names []string, shor
 		Use:     names[0],
 		Aliases: names[1:],
 		Short:   short,
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, _ []string) error {
 			err := opts.Validate()
 			if err != nil {
 				return err
--- a/cmd/plugin/commands/logs/logs.go
+++ b/cmd/plugin/commands/logs/logs.go
@ -36,7 +36,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "logs",
 		Short: "Get the kubernetes logs for an ingress-nginx pod",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, _ []string) error {
 			util.PrintError(logs(flags, *pod, *deployment, *selector, *container, o))
 			return nil
 		},
--- a/cmd/plugin/commands/ssh/ssh.go
+++ b/cmd/plugin/commands/ssh/ssh.go
@ -32,7 +32,7 @@ func CreateCommand(flags *genericclioptions.ConfigFlags) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "ssh",
 		Short: "ssh into a running ingress-nginx pod",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, _ []string) error {
 			util.PrintError(ssh(flags, *pod, *deployment, *selector, *container))
 			return nil
 		},
--- a/deploy/grafana/dashboards/README.md
+++ b/deploy/grafana/dashboards/README.md
@ -19,7 +19,7 @@ This folder contains two dashboards that you can import.

 ### Requirements

- **Grafana v5.2.0** (or newer)
+- **Grafana v10.4.3** (or newer)

 ## 2. Request Handling Performance

@ -36,4 +36,4 @@ This folder contains two dashboards that you can import.

 ### Requirements

- **Grafana v6.6.0** (or newer)
+- **Grafana v10.4.3** (or newer)
--- a/deploy/grafana/dashboards/nginx.json
+++ b/deploy/grafana/dashboards/nginx.json
--- a/deploy/grafana/dashboards/request-handling-performance.json
+++ b/deploy/grafana/dashboards/request-handling-performance.json
--- a/deploy/static/provider/aws/deploy.yaml
+++ b/deploy/static/provider/aws/deploy.yaml
@ -15,7 +15,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 ---
@ -27,7 +27,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +39,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +129,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +148,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +230,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +249,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +269,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +288,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -344,7 +344,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -377,7 +377,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -400,7 +400,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -422,7 +422,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
    spec:
      containers:
      - args:
@ -435,6 +435,7 @@ spec:
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
+        - --enable-metrics=false
        env:
        - name: POD_NAME
          valueFrom:
@ -446,7 +447,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
+        image: registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -522,7 +523,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -533,7 +534,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -547,7 +548,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -573,7 +574,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -584,7 +585,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -600,7 +601,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -626,7 +627,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -639,7 +640,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
+++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
@ -15,7 +15,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 ---
@ -27,7 +27,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +39,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +129,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +148,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +230,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +249,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +269,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +288,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -335,7 +335,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -353,7 +353,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -386,7 +386,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -409,7 +409,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -431,7 +431,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
    spec:
      containers:
      - args:
@ -444,6 +444,7 @@ spec:
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
+        - --enable-metrics=false
        env:
        - name: POD_NAME
          valueFrom:
@ -455,7 +456,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
+        image: registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -534,7 +535,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -545,7 +546,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -559,7 +560,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -585,7 +586,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -596,7 +597,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -612,7 +613,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -638,7 +639,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -651,7 +652,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/baremetal/deploy.yaml
+++ b/deploy/static/provider/baremetal/deploy.yaml
@ -15,7 +15,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 ---
@ -27,7 +27,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +39,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +129,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +148,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +230,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +249,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +269,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +288,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -340,7 +340,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -372,7 +372,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -395,7 +395,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -417,7 +417,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
    spec:
      containers:
      - args:
@ -429,6 +429,7 @@ spec:
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
+        - --enable-metrics=false
        env:
        - name: POD_NAME
          valueFrom:
@ -440,7 +441,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
+        image: registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -516,7 +517,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -527,7 +528,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -541,7 +542,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -567,7 +568,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -578,7 +579,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -594,7 +595,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -620,7 +621,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -633,7 +634,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/cloud/deploy.yaml
+++ b/deploy/static/provider/cloud/deploy.yaml
@ -15,7 +15,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 ---
@ -27,7 +27,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +39,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +129,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +148,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +230,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +249,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +269,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +288,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -340,7 +340,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -373,7 +373,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -396,7 +396,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -418,7 +418,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
    spec:
      containers:
      - args:
@ -431,6 +431,7 @@ spec:
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
+        - --enable-metrics=false
        env:
        - name: POD_NAME
          valueFrom:
@ -442,7 +443,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
+        image: registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -518,7 +519,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -529,7 +530,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -543,7 +544,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -569,7 +570,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -580,7 +581,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -596,7 +597,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -622,7 +623,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -635,7 +636,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/do/deploy.yaml
+++ b/deploy/static/provider/do/deploy.yaml
@ -15,7 +15,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 ---
@ -27,7 +27,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +39,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +129,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +148,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +230,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +249,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +269,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +288,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -329,7 +329,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -343,7 +343,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -376,7 +376,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -399,7 +399,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -421,7 +421,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
    spec:
      containers:
      - args:
@ -434,6 +434,7 @@ spec:
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
+        - --enable-metrics=false
        env:
        - name: POD_NAME
          valueFrom:
@ -445,7 +446,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
+        image: registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -521,7 +522,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -532,7 +533,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -546,7 +547,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -572,7 +573,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -583,7 +584,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -599,7 +600,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -625,7 +626,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -638,7 +639,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/exoscale/deploy.yaml
+++ b/deploy/static/provider/exoscale/deploy.yaml
@ -15,7 +15,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 ---
@ -27,7 +27,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +39,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +129,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +148,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +230,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +249,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +269,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +288,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -349,7 +349,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -382,7 +382,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -405,7 +405,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -423,7 +423,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
    spec:
      containers:
      - args:
@ -436,6 +436,7 @@ spec:
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
+        - --enable-metrics=false
        env:
        - name: POD_NAME
          valueFrom:
@ -447,7 +448,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
+        image: registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -527,7 +528,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -538,7 +539,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -552,7 +553,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -578,7 +579,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -589,7 +590,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -605,7 +606,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -631,7 +632,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -644,7 +645,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/kind/deploy.yaml
+++ b/deploy/static/provider/kind/deploy.yaml
@ -15,7 +15,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 ---
@ -27,7 +27,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +39,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +129,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +148,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +230,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +249,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +269,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +288,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -340,7 +340,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -372,7 +372,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -395,7 +395,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -417,7 +417,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
    spec:
      containers:
      - args:
@ -430,6 +430,7 @@ spec:
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
        - --watch-ingress-without-class=true
+        - --enable-metrics=false
        - --publish-status-address=localhost
        env:
        - name: POD_NAME
@ -442,7 +443,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
+        image: registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -528,7 +529,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -539,7 +540,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -553,7 +554,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -579,7 +580,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -590,7 +591,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -606,7 +607,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -632,7 +633,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -645,7 +646,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/oracle/deploy.yaml
+++ b/deploy/static/provider/oracle/deploy.yaml
@ -15,7 +15,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 ---
@ -27,7 +27,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +39,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +129,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +148,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +230,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +249,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +269,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +288,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -328,7 +328,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -344,7 +344,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -377,7 +377,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -400,7 +400,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -422,7 +422,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
    spec:
      containers:
      - args:
@ -435,6 +435,7 @@ spec:
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
+        - --enable-metrics=false
        env:
        - name: POD_NAME
          valueFrom:
@ -446,7 +447,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
+        image: registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -522,7 +523,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -533,7 +534,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -547,7 +548,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -573,7 +574,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -584,7 +585,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -600,7 +601,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -626,7 +627,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -639,7 +640,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/deploy/static/provider/scw/deploy.yaml
+++ b/deploy/static/provider/scw/deploy.yaml
@ -15,7 +15,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 ---
@ -27,7 +27,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 ---
@ -39,7 +39,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 rules:
@ -129,7 +129,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 rules:
@ -148,7 +148,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 rules:
 - apiGroups:
@ -230,7 +230,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 rules:
 - apiGroups:
@ -249,7 +249,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
  namespace: ingress-nginx
 roleRef:
@ -269,7 +269,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
  namespace: ingress-nginx
 roleRef:
@ -288,7 +288,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -307,7 +307,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 roleRef:
  apiGroup: rbac.authorization.k8s.io
@ -329,7 +329,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 ---
@ -343,7 +343,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -376,7 +376,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
 spec:
@ -399,7 +399,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-controller
  namespace: ingress-nginx
 spec:
@ -421,7 +421,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
    spec:
      containers:
      - args:
@ -434,6 +434,7 @@ spec:
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
+        - --enable-metrics=false
        env:
        - name: POD_NAME
          valueFrom:
@ -445,7 +446,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
+        image: registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
@ -521,7 +522,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
 spec:
@ -532,7 +533,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-create
    spec:
      containers:
@ -546,7 +547,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
@ -572,7 +573,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
 spec:
@ -583,7 +584,7 @@ spec:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
-        app.kubernetes.io/version: 1.9.6
+        app.kubernetes.io/version: 1.10.4
      name: ingress-nginx-admission-patch
    spec:
      containers:
@ -599,7 +600,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
@ -625,7 +626,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: nginx
 spec:
  controller: k8s.io/ingress-nginx
@ -638,7 +639,7 @@ metadata:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: 1.10.4
  name: ingress-nginx-admission
 webhooks:
 - admissionReviewVersions:
--- a/docs/OWNERS
+++ b/docs/OWNERS
@ -1,7 +1,7 @@
-# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners

 approvers:
 - ingress-nginx-docs-maintainers

 labels:
- area/docs
+- area/docs
--- a/docs/deploy/index.md
+++ b/docs/deploy/index.md
@ -6,10 +6,10 @@ There are multiple ways to install the Ingress-Nginx Controller:
 - with `kubectl apply`, using YAML manifests;
 - with specific addons (e.g. for [minikube](#minikube) or [MicroK8s](#microk8s)).

-On most Kubernetes clusters, the ingress controller will work without requiring any extra configuration. If you want to 
-get started as fast as possible, you can check the [quick start](#quick-start) instructions. However, in many 
-environments, you can improve the performance or get better logs by enabling extra features. We recommend that you 
-check the [environment-specific instructions](#environment-specific-instructions) for details about optimizing the 
+On most Kubernetes clusters, the ingress controller will work without requiring any extra configuration. If you want to
+get started as fast as possible, you can check the [quick start](#quick-start) instructions. However, in many
+environments, you can improve the performance or get better logs by enabling extra features. We recommend that you
+check the [environment-specific instructions](#environment-specific-instructions) for details about optimizing the
 ingress controller for your particular environment or cloud provider.

 ## Contents
@ -34,11 +34,11 @@ ingress controller for your particular environment or cloud provider.
  - ... [Bare-metal](#bare-metal-clusters)
 - [Miscellaneous](#miscellaneous)

-<!-- TODO: We have subdirectories for kubernetes versions now because of a PR 
-https://github.com/kubernetes/ingress-nginx/pull/8162 . You can see this here 
-https://github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud . 
-We need to add documentation here that is clear and unambiguous in guiding users to pick the deployment manifest 
-under a subdirectory, based on the K8S version being used. But until the explicit clear docs land here, users are 
+<!-- TODO: We have subdirectories for kubernetes versions now because of a PR
+https://github.com/kubernetes/ingress-nginx/pull/8162 . You can see this here
+https://github.com/kubernetes/ingress-nginx/tree/main/deploy/static/provider/cloud .
+We need to add documentation here that is clear and unambiguous in guiding users to pick the deployment manifest
+under a subdirectory, based on the K8S version being used. But until the explicit clear docs land here, users are
 free to use those subdirectories and get the manifest(s) related to their K8S version. -->

 ## Quick start
@ -65,14 +65,33 @@ It will install the controller in the `ingress-nginx` namespace, creating that n
 helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx
 ```

+!!! attention "Helm install on AWS/GCP/Azure/Other providers"
+    The *ingress-nginx-controller helm-chart is a generic install out of the box*. The default set of helm values is **not** configured for installation on any infra provider. The annotations that are applicable to the cloud provider must be customized by the users.<br/>
+    See [AWS LB Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/service/annotations/).<br/>
+    Examples of some annotations needed for the service resource of `--type LoadBalancer` on AWS are below:
+    ```yaml
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+        service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+        service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
+        service.beta.kubernetes.io/aws-load-balancer-type: nlb
+        service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: "true"
+        service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
+        service.beta.kubernetes.io/aws-load-balancer-security-groups: "sg-something1 sg-something2"
+        service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: "somebucket"
+        service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: "ingress-nginx"
+        service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval: "5"
+    ```
+
 **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead:

 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/cloud/deploy.yaml
 ```

 !!! info
-    The YAML manifest in the command above was generated with `helm template`, so you will end up with almost the same 
+    The YAML manifest in the command above was generated with `helm template`, so you will end up with almost the same
    resources as if you had used Helm to install the controller.

 !!! attention
@ -83,6 +102,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
 ### Firewall configuration

 To check which ports are used by your installation of ingress-nginx, look at the output of `kubectl -n ingress-nginx get pod -o yaml`. In general, you need:
+
 - Port 8443 open between all hosts on which the kubernetes nodes are running. This is used for the ingress-nginx [admission controller](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/).
 - Port 80 (for HTTP) and/or 443 (for HTTPS) open to the public on the kubernetes nodes to which the DNS of your apps are pointing.

@ -94,7 +114,7 @@ A few pods should start in the `ingress-nginx` namespace:
 kubectl get pods --namespace=ingress-nginx
 ```

-After a while, they should all be running. The following command will wait for the ingress controller pod to be up, 
+After a while, they should all be running. The following command will wait for the ingress controller pod to be up,
 running, and ready:

 ```console
@ -104,7 +124,6 @@ kubectl wait --namespace ingress-nginx \
  --timeout=120s
 ```

-
 ### Local testing

 Let's create a simple web server and the associated service:
@ -135,6 +154,7 @@ kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller
  [This issue](https://github.com/kubernetes/ingress-nginx/issues/10014#issuecomment-1567791549described) shows a typical DNS problem and its solution.

 At this point, you can access your deployment using curl ;
+
 ```console
 curl --resolve demo.localdev.me:8080:127.0.0.1 http://demo.localdev.me:8080
 ```
@ -143,7 +163,7 @@ You should see a HTML response containing text like **"It works!"**.

 ### Online testing

-If your Kubernetes cluster is a "real" cluster that supports services of type `LoadBalancer`, it will have allocated an 
+If your Kubernetes cluster is a "real" cluster that supports services of type `LoadBalancer`, it will have allocated an
 external IP address or FQDN to the ingress controller.

 You can see that IP address or FQDN with the following command:
@ -152,10 +172,10 @@ You can see that IP address or FQDN with the following command:
 kubectl get service ingress-nginx-controller --namespace=ingress-nginx
 ```

-It will be the `EXTERNAL-IP` field. If that field shows `<pending>`, this means that your Kubernetes cluster wasn't 
+It will be the `EXTERNAL-IP` field. If that field shows `<pending>`, this means that your Kubernetes cluster wasn't
 able to provision the load balancer (generally, this is because it doesn't support services of type `LoadBalancer`).

-Once you have the external IP address (or FQDN), set up a DNS record pointing to it. Then you can create an ingress 
+Once you have the external IP address (or FQDN), set up a DNS record pointing to it. Then you can create an ingress
 resource. The following example assumes that you have set up a DNS record for `www.demo.io`:

 ```console
@ -164,13 +184,13 @@ kubectl create ingress demo --class=nginx \
 ```

 Alternatively, the above command can be rewritten as follows for the ```--rule``` command and below.
+
 ```console
 kubectl create ingress demo --class=nginx \
  --rule www.demo.io/=demo:80
 ```

-
-You should then be able to see the "It works!" page when you connect to http://www.demo.io/. Congratulations, 
+You should then be able to see the "It works!" page when you connect to <http://www.demo.io/>. Congratulations,
 you are serving a public website hosted on a Kubernetes cluster! 🎉

 ## Environment-specific instructions
@ -202,19 +222,19 @@ Kubernetes is available in Docker Desktop:
 - Mac, from [version 18.06.0-ce](https://docs.docker.com/docker-for-mac/release-notes/#stable-releases-of-2018)
 - Windows, from [version 18.06.0-ce](https://docs.docker.com/docker-for-windows/release-notes/#docker-community-edition-18060-ce-win70-2018-07-25)

-First, make sure that Kubernetes is enabled in the Docker settings. The command `kubectl get nodes` should show a 
+First, make sure that Kubernetes is enabled in the Docker settings. The command `kubectl get nodes` should show a
 single node called `docker-desktop`.

 The ingress controller can be installed on Docker Desktop using the default [quick start](#quick-start) instructions.

-On most systems, if you don't have any other service of type `LoadBalancer` bound to port 80, the ingress controller 
-will be assigned the `EXTERNAL-IP` of `localhost`, which means that it will be reachable on localhost:80. If that 
-doesn't work, you might have to fall back to the `kubectl port-forward` method described in the 
+On most systems, if you don't have any other service of type `LoadBalancer` bound to port 80, the ingress controller
+will be assigned the `EXTERNAL-IP` of `localhost`, which means that it will be reachable on localhost:80. If that
+doesn't work, you might have to fall back to the `kubectl port-forward` method described in the
 [local testing section](#local-testing).

 #### Rancher Desktop

-Rancher Desktop provides Kubernetes and Container Management on the desktop. Kubernetes is enabled by default in Rancher Desktop. 
+Rancher Desktop provides Kubernetes and Container Management on the desktop. Kubernetes is enabled by default in Rancher Desktop.

 Rancher Desktop uses K3s under the hood, which in turn uses Traefik as the default ingress controller for the Kubernetes cluster. To use Ingress-Nginx Controller in place of the default Traefik, disable Traefik from Preference > Kubernetes menu.

@ -222,18 +242,18 @@ Once traefik is disabled, the Ingress-Nginx Controller can be installed on Ranch

 ### Cloud deployments

-If the load balancers of your cloud provider do active healthchecks on their backends (most do), you can change the 
-`externalTrafficPolicy` of the ingress controller Service to `Local` (instead of the default `Cluster`) to save an 
-extra hop in some cases. If you're installing with Helm, this can be done by adding 
+If the load balancers of your cloud provider do active healthchecks on their backends (most do), you can change the
+`externalTrafficPolicy` of the ingress controller Service to `Local` (instead of the default `Cluster`) to save an
+extra hop in some cases. If you're installing with Helm, this can be done by adding
 `--set controller.service.externalTrafficPolicy=Local` to the `helm install` or `helm upgrade` command.

-Furthermore, if the load balancers of your cloud provider support the PROXY protocol, you can enable it, and it will 
-let the ingress controller see the real IP address of the clients. Otherwise, it will generally see the IP address of 
-the upstream load balancer. This must be done both in the ingress controller 
-(with e.g. `--set controller.config.use-proxy-protocol=true`) and in the cloud provider's load balancer configuration 
+Furthermore, if the load balancers of your cloud provider support the PROXY protocol, you can enable it, and it will
+let the ingress controller see the real IP address of the clients. Otherwise, it will generally see the IP address of
+the upstream load balancer. This must be done both in the ingress controller
+(with e.g. `--set controller.config.use-proxy-protocol=true`) and in the cloud provider's load balancer configuration
 to function correctly.

-In the following sections, we provide YAML manifests that enable these options when possible, using the specific 
+In the following sections, we provide YAML manifests that enable these options when possible, using the specific
 options of various cloud providers.

 #### AWS
@ -242,54 +262,58 @@ In AWS, we use a Network load balancer (NLB) to expose the Ingress-Nginx Control

 !!! info
    The provided templates illustrate the setup for legacy in-tree service load balancer for AWS NLB.
-    AWS provides the documentation on how to use 
-    [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html) 
+    AWS provides the documentation on how to use
+    [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html)
    with [AWS Load Balancer Controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller).

+
 ##### Network Load Balancer (NLB)

 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/aws/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/aws/deploy.yaml
 ```

 ##### TLS termination in AWS Load Balancer (NLB)

-By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. 
+By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer.
 This section explains how to do that on AWS using an NLB.

-1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template
+1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template

  ```console
-  wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
+  wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
  ```

 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster:
+
   ```
   proxy-real-ip-cidr: XXX.XXX.XXX/XX
   ```

 3. Change the AWS Certificate Manager (ACM) ID as well:
+
   ```
   arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX
   ```

 4. Deploy the manifest:
+
   ```console
   kubectl apply -f deploy.yaml
   ```

 ##### NLB Idle Timeouts

-Idle timeout value for TCP flows is 350 seconds and 
+Idle timeout value for TCP flows is 350 seconds and
 [cannot be modified](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout).

-For this reason, you need to ensure the 
-[keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) 
+For this reason, you need to ensure the
+[keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout)
 value is configured less than 350 seconds to work as expected.

 By default, NGINX `keepalive_timeout` is set to `75s`.

-More information with regard to timeouts can be found in the 
+More information with regard to timeouts can be found in the
 [official AWS documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout)

 #### GCE-GKE
@ -304,18 +328,17 @@ kubectl create clusterrolebinding cluster-admin-binding \

 Then, the ingress controller can be installed like this:

-
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/cloud/deploy.yaml
 ```

 !!! warning
-    For private clusters, you will need to either add a firewall rule that allows master nodes access to 
-    port `8443/tcp` on worker nodes, or change the existing rule that allows access to port `80/tcp`, `443/tcp` and 
-    `10254/tcp` to also allow access to port `8443/tcp`. More information can be found in the 
+    For private clusters, you will need to either add a firewall rule that allows master nodes access to
+    port `8443/tcp` on worker nodes, or change the existing rule that allows access to port `80/tcp`, `443/tcp` and
+    `10254/tcp` to also allow access to port `8443/tcp`. More information can be found in the
    [Official GCP Documentation](https://cloud.google.com/load-balancing/docs/tcp/setting-up-tcp#config-hc-firewall).

-    See the [GKE documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) 
+    See the [GKE documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules)
    on adding rules and the [Kubernetes issue](https://github.com/kubernetes/kubernetes/issues/79739) for more detail.

 Proxy-protocol is supported in GCE check the [Official Documentations on how to enable.](https://cloud.google.com/load-balancing/docs/tcp/setting-up-tcp#proxy-protocol)
@ -323,7 +346,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to
 #### Azure

 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/cloud/deploy.yaml
 ```

 More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller).
@ -331,16 +354,18 @@ More information with regard to Azure annotations for ingress controller can be
 #### Digital Ocean

 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/do/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/do/deploy.yaml
 ```
- By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data.

+- By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data.

 #### Scaleway

 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/scw/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/scw/deploy.yaml
 ```
+Refer to the [dedicated tutorial](https://www.scaleway.com/en/docs/tutorials/proxy-protocol-v2-load-balancer/#configuring-proxy-protocol-for-ingress-nginx) in the Scaleway documentation for configuring the proxy protocol for ingress-nginx with the Scaleway load balancer.
+

 #### Exoscale

@ -348,17 +373,17 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/exoscale/deploy.yaml
 ```

-The full list of annotations supported by Exoscale is available in the Exoscale Cloud Controller Manager 
+The full list of annotations supported by Exoscale is available in the Exoscale Cloud Controller Manager
 [documentation](https://github.com/exoscale/exoscale-cloud-controller-manager/blob/master/docs/service-loadbalancer.md).

 #### Oracle Cloud Infrastructure

 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/cloud/deploy.yaml
 ```

-A 
-[complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md) 
+A
+[complete list of available annotations for Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md)
 can be found in the [OCI Cloud Controller Manager](https://github.com/oracle/oci-cloud-controller-manager) documentation.

 #### OVHcloud
@ -373,15 +398,15 @@ You can find the [complete tutorial](https://docs.ovh.com/gb/en/kubernetes/insta

 ### Bare metal clusters

-This section is applicable to Kubernetes clusters deployed on bare metal servers, as well as "raw" VMs where Kubernetes 
+This section is applicable to Kubernetes clusters deployed on bare metal servers, as well as "raw" VMs where Kubernetes
 was installed manually, using generic Linux distros (like CentOS, Ubuntu...)

-For quick testing, you can use a 
-[NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). 
+For quick testing, you can use a
+[NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport).
 This should work on almost every cluster, but it will typically use a port in the range 30000-32767.

 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/baremetal/deploy.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.4/deploy/static/provider/baremetal/deploy.yaml
 ```

 For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range),
@ -401,20 +426,20 @@ kubectl exec $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version

 ### Scope

-By default, the controller watches Ingress objects from all namespaces. If you want to change this behavior, 
-use the flag `--watch-namespace` or check the Helm chart value `controller.scope` to limit the controller to a single 
+By default, the controller watches Ingress objects from all namespaces. If you want to change this behavior,
+use the flag `--watch-namespace` or check the Helm chart value `controller.scope` to limit the controller to a single
 namespace.

-See also 
-[“How to easily install multiple instances of the Ingress NGINX controller in the same cluster”](https://kubernetes.github.io/ingress-nginx/#how-to-easily-install-multiple-instances-of-the-ingress-nginx-controller-in-the-same-cluster) 
+See also
+[“How to easily install multiple instances of the Ingress NGINX controller in the same cluster”](https://kubernetes.github.io/ingress-nginx/#how-to-easily-install-multiple-instances-of-the-ingress-nginx-controller-in-the-same-cluster)
 for more details.

 ### Webhook network access

 !!! warning
    The controller uses an [admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/)
-    to validate Ingress definitions. Make sure that you don't have 
-    [Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) 
+    to validate Ingress definitions. Make sure that you don't have
+    [Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
    or additional firewalls preventing connections from the API server to the `ingress-nginx-controller-admission` service.

 ### Certificate generation
@ -435,22 +460,24 @@ You can wait until it is ready to run the next command:

 ### Running on Kubernetes versions older than 1.19

-Ingress resources evolved over time. They started with `apiVersion: extensions/v1beta1`, 
+Ingress resources evolved over time. They started with `apiVersion: extensions/v1beta1`,
 then moved to `apiVersion: networking.k8s.io/v1beta1` and more recently to `apiVersion: networking.k8s.io/v1`.

 Here is how these Ingress versions are supported in Kubernetes:
+
 - before Kubernetes 1.19, only `v1beta1` Ingress resources are supported
 - from Kubernetes 1.19 to 1.21, both `v1beta1` and `v1` Ingress resources are supported
 - in Kubernetes 1.22 and above, only `v1` Ingress resources are supported

 And here is how these Ingress versions are supported in Ingress-Nginx Controller:
+
 - before version 1.0, only `v1beta1` Ingress resources are supported
 - in version 1.0 and above, only `v1` Ingress resources are

-As a result, if you're running Kubernetes 1.19 or later, you should be able to use the latest version of the NGINX 
-Ingress Controller; but if you're using an old version of Kubernetes (1.18 or earlier) you will have to use version 0.X 
+As a result, if you're running Kubernetes 1.19 or later, you should be able to use the latest version of the NGINX
+Ingress Controller; but if you're using an old version of Kubernetes (1.18 or earlier) you will have to use version 0.X
 of the Ingress-Nginx Controller (e.g. version 0.49).

-The Helm chart of the Ingress-Nginx Controller switched to version 1 in version 4 of the chart. In other words, if 
-you're running Kubernetes 1.19 or earlier, you should use version 3.X of the chart (this can be done by adding 
+The Helm chart of the Ingress-Nginx Controller switched to version 1 in version 4 of the chart. In other words, if
+you're running Kubernetes 1.19 or earlier, you should use version 3.X of the chart (this can be done by adding
 `--version='<4'` to the `helm install` command ).
--- a/docs/developer-guide/getting-started.md
+++ b/docs/developer-guide/getting-started.md
@ -19,6 +19,10 @@ Install [Go 1.14](https://golang.org/dl/) or later.

 Install [Docker](https://docs.docker.com/engine/install/) (v19.03.0 or later with experimental feature on)

+Install [kubectl](https://kubernetes.io/docs/tasks/tools/) (1.24.0 or higher)
+
+Install [Kind](https://kind.sigs.k8s.io/)
+
 !!! important
    The majority of make tasks run as docker containers

--- a/docs/e2e-tests.md
+++ b/docs/e2e-tests.md
@ -80,7 +80,8 @@ Do not try to edit it manually.
 - [should validate auth-tls-verify-client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L208)
 - [should return 403 using auth-tls-match-cn with no matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L267)
 - [should return 200 using auth-tls-match-cn with matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L296)
- [should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L325)
+- [should reload the nginx config when auth-tls-match-cn is updated](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L325)
+- [should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/authtls.go#L368)
 ### [backend-protocol](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/backendprotocol.go#L29)
 - [should set backend protocol to https:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/backendprotocol.go#L36)
 - [should set backend protocol to https:// and use proxy_pass with lowercase annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/backendprotocol.go#L51)
@ -147,6 +148,7 @@ Do not try to edit it manually.
 - [should not allow - portless origin with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L520)
 - [should allow correct origins - missing subdomain + origin with wildcard origin and correct origin](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L540)
 - [should allow - missing origins (should allow all origins)](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L576)
+- [should allow correct origin but not others - cors allow origin annotations contain trailing comma](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/cors.go#L636)
 ### [custom-http-errors](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customhttperrors.go#L34)
 - [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/customhttperrors.go#L41)
 ### [default-backend](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/default_backend.go#L29)
@ -155,6 +157,8 @@ Do not try to edit it manually.
 - [disable-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableaccesslog.go#L35)
 - [disable-http-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableaccesslog.go#L53)
 - [disable-stream-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableaccesslog.go#L71)
+### [disable-proxy-intercept-errors](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableproxyintercepterrors.go#L31)
+- [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/disableproxyintercepterrors.go#L39)
 ### [backend-protocol - FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/fastcgi.go#L30)
 - [should use fastcgi_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/fastcgi.go#L37)
 - [should add fastcgi_index in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/fastcgi.go#L54)
@ -258,6 +262,9 @@ Do not try to edit it manually.
 ### [x-forwarded-prefix](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/xforwardedprefix.go#L28)
 - [should set the X-Forwarded-Prefix to the annotation value](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/xforwardedprefix.go#L35)
 - [should not add X-Forwarded-Prefix if the annotation value is empty](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/xforwardedprefix.go#L57)
+### [[CGroups] cgroups](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/cgroups/cgroups.go#L32)
+- [detects cgroups version v1](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/cgroups/cgroups.go#L40)
+- [detect cgroups version v2](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/cgroups/cgroups.go#L83)
 ### [Debug CLI](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/dbg/main.go#L29)
 - [should list the backend servers](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/dbg/main.go#L37)
 - [should get information for a specific backend server](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/dbg/main.go#L56)
@ -292,6 +299,10 @@ Do not try to edit it manually.
 - [should choose the correct location](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_mixed.go#L39)
 ### [[Ingress] [PathType] prefix checks](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L28)
 - [should return 404 when prefix /aaa does not match request /aaaccc](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L35)
+- [should test prefix path using simple regex pattern for /id/{int}](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L72)
+- [should test prefix path using regex pattern for /id/{int} ignoring non-digits characters at end of string](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L113)
+- [should test prefix path using fixed path size regex pattern /id/{int}{3}](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L142)
+- [should correctly route multi-segment path patterns](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/pathtype_prefix.go#L177)
 ### [[Ingress] definition without host](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/without_host.go#L31)
 - [should set ingress details variables for ingresses without a host](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/without_host.go#L34)
 - [should set ingress details variables for ingresses with host without IngressRuleValue, only Backend](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/without_host.go#L55)
@ -402,13 +413,13 @@ Do not try to edit it manually.
 - [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/global_options.go#L37)
 ### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/globalratelimit.go#L30)
 - [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/globalratelimit.go#L38)
-### [gzip](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L29)
- [should be disabled by default](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L32)
- [should be enabled with default settings](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L39)
- [should set gzip_comp_level to 4](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L56)
- [should set gzip_disable to msie6](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L67)
- [should set gzip_min_length to 100](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L78)
- [should set gzip_types to application/javascript](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L89)
+### [gzip](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L30)
+- [should be disabled by default](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L40)
+- [should be enabled with default settings](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L56)
+- [should set gzip_comp_level to 4](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L82)
+- [should set gzip_disable to msie6](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L102)
+- [should set gzip_min_length to 100](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L132)
+- [should set gzip_types to text/html](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/gzip.go#L164)
 ### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/hash-size.go#L27)
 - [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/hash-size.go#L39)
 - [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/hash-size.go#L47)
@ -478,26 +489,8 @@ Do not try to edit it manually.
 - [should include opentelemetry_trust_incoming_spans on directive when enabled](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentelemetry.go#L76)
 - [should not exists opentelemetry_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentelemetry.go#L91)
 - [should exists opentelemetry_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentelemetry.go#L106)
-### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L52)
- [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L62)
- [should exists opentracing directive when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L75)
- [should include opentracing_trust_incoming_span off directive when disabled](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L89)
- [should not exists opentracing_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L104)
- [should exists opentracing_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L119)
- [should not exists opentracing_location_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L134)
- [should exists opentracing_location_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L149)
- [should enable opentracing using zipkin](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L164)
- [should enable opentracing using jaeger](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L176)
- [should enable opentracing using jaeger with sampler host](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L188)
- [should propagate the w3c header when configured with jaeger](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L201)
- [should enable opentracing using jaeger with an HTTP endpoint](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L232)
- [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/opentracing.go#L245)
 ### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/plugins.go#L28)
 - [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/plugins.go#L35)
-### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/pod_security_policy.go#L41)
- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/pod_security_policy.go#L44)
-### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/pod_security_policy_volumes.go#L37)
- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/pod_security_policy_volumes.go#L40)
 ### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/proxy_connect_timeout.go#L29)
 - [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/proxy_connect_timeout.go#L37)
 - [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/settings/proxy_connect_timeout.go#L53)
--- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml
+++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml
@ -5,8 +5,8 @@ defaultBackend:
  enabled: true
  image:
    registry: registry.k8s.io
-    image: ingress-nginx/nginx-errors
-    tag: "v20230505@sha256:3600dcd1bbd0d05959bb01af4b272714e94d22d24a64e91838e7183c80e53f7f"
+    image: ingress-nginx/custom-error-pages
+    tag: v1.0.1@sha256:d8ab7de384cf41bdaa696354e19f1d0efbb0c9ac69f8682ffc0cc008a252eb76
  extraVolumes:
  - name: custom-error-pages
    configMap:
--- a/docs/examples/customization/custom-errors/custom-default-backend.yaml
+++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml
@ -36,7 +36,7 @@ spec:
    spec:
      containers:
      - name: nginx-error-server
-        image: registry.k8s.io/ingress-nginx/nginx-errors:v20230505@sha256:3600dcd1bbd0d05959bb01af4b272714e94d22d24a64e91838e7183c80e53f7f
+        image: registry.k8s.io/ingress-nginx/custom-error-pages:v1.0.1@sha256:d8ab7de384cf41bdaa696354e19f1d0efbb0c9ac69f8682ffc0cc008a252eb76
        ports:
        - containerPort: 8080
        # Setting the environment variable DEBUG we can see the headers sent 
--- a/docs/examples/rewrite/README.md
+++ b/docs/examples/rewrite/README.md
@ -31,7 +31,7 @@ Rewriting can be controlled using the following annotations:
    [Captured groups](https://www.regular-expressions.info/refcapture.html) are saved in numbered placeholders, chronologically, in the form `$1`, `$2` ... `$n`. These placeholders can be used as parameters in the `rewrite-target` annotation.

 !!! note
-    Please see the [FAQ](../faq.md#validation-of-path) for Validation Of __`path`__
+    Please see the [FAQ](../../faq.md#validation-of-path) for Validation Of __`path`__

 Create an Ingress rule with a rewrite annotation:

--- a/docs/faq.md
+++ b/docs/faq.md
@ -1,33 +1,190 @@

 # FAQ

+## Multiple controller in one cluster
+
+Question - How can I easily install multiple instances of the ingress-nginx controller in the same cluster?
+
+You can install them in different namespaces.
+
+- Create a new namespace
+
+  ```
+  kubectl create namespace ingress-nginx-2
+  ```
+
+- Use Helm to install the additional instance of the ingress controller
+- Ensure you have Helm working (refer to the [Helm documentation](https://helm.sh/docs/))
+- We have to assume that you have the helm repo for the ingress-nginx controller already added to your Helm config.
+  But, if you have not added the helm repo then you can do this to add the repo to your helm config;
+
+  ```
+  helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+  ```
+
+- Make sure you have updated the helm repo data;
+
+  ```
+  helm repo update
+  ```
+
+- Now, install an additional instance of the ingress-nginx controller like this:
+
+  ```
+  helm install ingress-nginx-2 ingress-nginx/ingress-nginx  \
+  --namespace ingress-nginx-2 \
+  --set controller.ingressClassResource.name=nginx-two \
+  --set controller.ingressClass=nginx-two \
+  --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
+  --set controller.ingressClassResource.enabled=true \
+  --set controller.ingressClassByName=true
+  ```
+
+If you need to install yet another instance, then repeat the procedure to create a new namespace,
+change the values such as names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs.
+
+Note that `controller.ingressClassResource.name` and `controller.ingressClass` have to be set correctly.
+The first is to create the IngressClass object and the other is to modify the deployment of the actual ingress controller pod.
+
+### I can't use multiple namespaces, what should I do?
+
+If you need to install all instances in the same namespace, then you need to specify a different **election id**, like this:
+
+```
+helm install ingress-nginx-2 ingress-nginx/ingress-nginx  \
+--namespace kube-system \
+--set controller.electionID=nginx-two-leader \
+--set controller.ingressClassResource.name=nginx-two \
+--set controller.ingressClass=nginx-two \
+--set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
+--set controller.ingressClassResource.enabled=true \
+--set controller.ingressClassByName=true
+```
+
 ## Retaining Client IPAddress

-Please read [Retain Client IPAddress Guide here](./user-guide/retaining-client-ipaddress.md).
+Question - How to obtain the real-client-ipaddress ?
+
+The goto solution for retaining the real-client IPaddress is to enable PROXY protocol.
+
+Enabling PROXY protocol has to be done on both, the Ingress NGINX controller, as well as the L4 load balancer, in front of the controller.
+
+The real-client IP address is lost by default, when traffic is forwarded over the network. But enabling PROXY protocol ensures that the connection details are retained and hence the real-client IP address doesn't get lost.
+
+Enabling proxy-protocol on the controller is documented [here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-proxy-protocol) .
+
+For enabling proxy-protocol on the LoadBalancer, please refer to the documentation of your infrastructure provider because that is where the LB is provisioned.
+
+Some more info available [here](https://kubernetes.github.io/ingress-nginx/user-guide/miscellaneous/#source-ip-address)
+
+Some more info on proxy-protocol is [here](https://kubernetes.github.io/ingress-nginx/user-guide/miscellaneous/#proxy-protocol)
+
+### client-ipaddress on single-node cluster
+
+Single node clusters are created for dev & test uses with tools like "kind" or "minikube". A trick to simulate a real use network with these clusters (kind or minikube) is to install Metallb and configure the ipaddress of the kind container or the minikube vm/container, as the starting and ending of the pool for Metallb in L2 mode. Then the host ip becomes a real client ipaddress, for curl requests sent from the host.
+
+After installing ingress-nginx controller on a kind or a minikube cluster with helm, you can configure it for real-client-ip with a simple change to the service that ingress-nginx controller creates. The service object of --type LoadBalancer has a field service.spec.externalTrafficPolicy. If you set the value of this field to "Local" then the real-ipaddress of a client is visible to the controller.
+
+```
+% kubectl explain service.spec.externalTrafficPolicy
+KIND:       Service
+VERSION:    v1
+
+FIELD: externalTrafficPolicy <string>
+
+DESCRIPTION:
+    externalTrafficPolicy describes how nodes distribute service traffic they
+    receive on one of the Service's "externally-facing" addresses (NodePorts,
+    ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will
+    configure the service in a way that assumes that external load balancers
+    will take care of balancing the service traffic between nodes, and so each
+    node will deliver traffic only to the node-local endpoints of the service,
+    without masquerading the client source IP. (Traffic mistakenly sent to a
+    node with no endpoints will be dropped.) The default value, "Cluster", uses
+    the standard behavior of routing to all endpoints evenly (possibly modified
+    by topology and other features). Note that traffic sent to an External IP or
+    LoadBalancer IP from within the cluster will always get "Cluster" semantics,
+    but clients sending to a NodePort from within the cluster may need to take
+    traffic policy into account when picking a node.
+    
+    Possible enum values:
+     - `"Cluster"` routes traffic to all endpoints.
+     - `"Local"` preserves the source IP of the traffic by routing only to
+    endpoints on the same node as the traffic was received on (dropping the
+    traffic if there are no local endpoints).
+```
+
+### client-ipaddress L7
+
+The solution is to get the real client IPaddress from the ["X-Forward-For" HTTP header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For)
+
+Example : If your application pod behind Ingress NGINX controller, uses the NGINX webserver and the reverseproxy inside it, then you can do the following to preserve the remote client IP.
+
+- First you need to make sure that the X-Forwarded-For header reaches the backend pod. This is done by using a Ingress NGINX conftroller ConfigMap key. Its documented [here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-forwarded-headers)
+
+- Next, edit `nginx.conf` file inside your app pod, to contain the directives shown below:
+
+```
+set_real_ip_from 0.0.0.0/0; # Trust all IPs (use your VPC CIDR block in production)
+real_ip_header X-Forwarded-For;
+real_ip_recursive on;
+
+log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                '$status $body_bytes_sent "$http_referer" '
+                '"$http_user_agent" '
+                'host=$host x-forwarded-for=$http_x_forwarded_for';
+
+access_log /var/log/nginx/access.log main;
+
+```

 ## Kubernetes v1.22 Migration

-If you are using Ingress objects in your cluster (running Kubernetes older than v1.22), and you plan to upgrade your Kubernetes version to K8S 1.22 or above, then please read [the migration guide here](./user-guide/k8s-122-migration.md).
+If you are using Ingress objects in your cluster (running Kubernetes older than
+version 1.22), and you plan to upgrade your Kubernetes version to K8S 1.22 or
+above, then please read [the migration guide here](./user-guide/k8s-122-migration.md).

-## Validation Of __`path`__
+## Validation Of **`path`**

- For improving security and also following desired standards on Kubernetes API spec, the next release, scheduled for v1.8.0, will include a new & optional feature of validating the value for the key `ingress.spec.rules.http.paths.path` .
+- For improving security and also following desired standards on Kubernetes API
+spec, the next release, scheduled for v1.8.0, will include a new & optional
+feature of validating the value for the key `ingress.spec.rules.http.paths.path`.

- This behavior will be disabled by default on the 1.8.0 release and enabled by default on the next breaking change release, set for 2.0.0.
+- This behavior will be disabled by default on the 1.8.0 release and enabled by
+default on the next breaking change release, set for 2.0.0.

- When "`ingress.spec.rules.http.pathType=Exact`" or "`pathType=Prefix`", this validation will limit the characters accepted on the field "`ingress.spec.rules.http.paths.path`",  to "`alphanumeric characters`", and  `"/," "_," "-."` Also, in this case, the path should start with `"/."`
+- When "`ingress.spec.rules.http.pathType=Exact`" or "`pathType=Prefix`", this
+validation will limit the characters accepted on the field "`ingress.spec.rules.http.paths.path`",
+to "`alphanumeric characters`", and  `"/," "_," "-."` Also, in this case,
+the path should start with `"/."`

- When the ingress resource path contains other characters (like on rewrite configurations), the pathType value should be "`ImplementationSpecific`".
+- When the ingress resource path contains other characters (like on rewrite
+configurations), the pathType value should be "`ImplementationSpecific`".

 - API Spec on pathType is documented [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types)

- When this option is enabled, the validation will happen on the Admission Webhook. So if any new ingress object contains characters other than  "`alphanumeric characters`", and  `"/," "_," "-."` , in the `path` field, but is not using `pathType` value as `ImplementationSpecific`, then the ingress object will be denied admission.
+- When this option is enabled, the validation will happen on the Admission
+Webhook. So if any new ingress object contains characters other than
+alphanumeric characters, and, `"/,","_","-"`, in the `path` field, but
+is not using `pathType` value as `ImplementationSpecific`, then the ingress
+object will be denied admission.

- The cluster admin should establish validation rules using mechanisms like "`Open Policy Agent`", to validate that only authorized users can use ImplementationSpecific pathType and that only the authorized characters can be used. [The configmap value is here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)
+- The cluster admin should establish validation rules using mechanisms like
+"`Open Policy Agent`", to validate that only authorized users can use
+ImplementationSpecific pathType and that only the authorized characters can be
+used. [The configmap value is here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)

 - A complete example of an Openpolicyagent gatekeeper rule is available [here](https://kubernetes.github.io/ingress-nginx/examples/openpolicyagent/)

- If you have any issues or concerns, please do one of the following: 
-  - Open a GitHub issue 
+- If you have any issues or concerns, please do one of the following:
+  - Open a GitHub issue
  - Comment in our Dev Slack Channel
-  - Open a thread in our Google Group ingress-nginx-dev@kubernetes.io
+  - Open a thread in our Google Group <ingress-nginx-dev@kubernetes.io>
+
+## Why is chunking not working since controller v1.10 ?
+
+- If your code is setting the HTTP header `"Transfer-Encoding: chunked"` and
+the controller log messages show an error about duplicate header, it is
+because of this change <http://hg.nginx.org/nginx/rev/2bf7792c262e>
+
+- More details are available in this issue <https://github.com/kubernetes/ingress-nginx/issues/11162>
--- a/docs/user-guide/fcgi-services.md
+++ b/docs/user-guide/fcgi-services.md
@ -1,5 +1,3 @@
-
-
 # Exposing FastCGI Servers

 > **FastCGI** is a [binary protocol](https://en.wikipedia.org/wiki/Binary_protocol "Binary protocol") for interfacing interactive programs with a [web server](https://en.wikipedia.org/wiki/Web_server "Web server"). [...] (It's) aim is to reduce the overhead related to interfacing between web server and CGI programs, allowing a server to handle more web page requests per unit of time.
@ -8,27 +6,60 @@

 The _ingress-nginx_ ingress controller can be used to directly expose [FastCGI](https://en.wikipedia.org/wiki/FastCGI) servers.  Enabling FastCGI in your Ingress only requires setting the _backend-protocol_ annotation to `FCGI`, and with a couple more annotations you can customize the way _ingress-nginx_ handles the communication with your FastCGI _server_.

+For most practical use-cases, php applications are a good example. PHP is not HTML so a FastCGI server like php-fpm processes a index.php script for the response to a request. See a working example below.

-## Example Objects to Expose a FastCGI Pod
+This [post in a FactCGI feature issue](https://github.com/kubernetes/ingress-nginx/issues/8207#issuecomment-2161405468) describes a test for the FastCGI feature. The same test is described below here.

-The _Pod_ example object below exposes port `9000`, which is the conventional FastCGI port.
+## Example Objects to expose a FastCGI server pod
+
+### The FasctCGI server pod
+
+The _Pod_ object example below exposes port `9000`, which is the conventional FastCGI port.

 ```yaml
 apiVersion: v1
 kind: Pod
 metadata:
  name: example-app
-labels:
-  app: example-app
+  labels:
+    app: example-app
 spec:
  containers:
  - name: example-app
-    image: example-app:1.0
+    image: php:fpm-alpine
    ports:
    - containerPort: 9000
      name: fastcgi
 ```

+- For this example to work, a HTML response should be received from the FastCGI server being exposed
+- A HTTP request to the FastCGI server pod should be sent
+- The response should be generated by a php script as that is what we are demonstrating here
+
+The image we are using here `php:fpm-alpine` does not ship with a ready to use php script inside it. So we need to provide the image with a simple php-script for this example to work.
+
+- Use `kubectl exec` to get into the example-app pod
+- You will land at the path `/var/www/html`
+- Create a simple php script there at the path /var/www/html called index.php
+- Make the index.php file look like this
+
+```
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>PHP Test</title>
+    </head>
+    <body>
+        <?php echo '<p>FastCGI Test Worked!</p>'; ?>
+    </body>
+</html>
+```
+
+- Save and exit from the shell in the pod
+- If you delete the pod, then you will have to recreate the file as this method is not persistent
+
+### The FastCGI service
+
 The _Service_ object example below matches port `9000` from the _Pod_ object above.

 ```yaml
@ -45,21 +76,41 @@ spec:
    name: fastcgi
 ```

-And the _Ingress_ and _ConfigMap_ objects below demonstrates the supported _FastCGI_ specific annotations (NGINX actually has 50 FastCGI directives, all of which have not been exposed in the ingress yet), and matches the service `example-service`, and the port named `fastcgi` from above. The _ConfigMap_ **must** be created first for the _Ingress Controller_ to be able to find it when the _Ingress_ object is created, otherwise you will need to restart the _Ingress Controller_ pods.
+### The configMap object and the ingress object
+
+The _Ingress_ and _ConfigMap_ objects below demonstrate the supported _FastCGI_ specific annotations.
+
+!!! Important
+    NGINX actually has 50 [FastCGI directives](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#directives)
+    All of the nginx directives have not been exposed in the ingress yet
+
+### The ConfigMap object
+
+This configMap object is required to set the parameters of [FastCGI directives](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#directives)
+
+!!! Attention
+    - The _ConfigMap_ **must** be created before creating the ingress object
+
+- The _Ingress Controller_ needs to find the configMap when the _Ingress_ object with the FastCGI annotations is created
+- So create the configMap before the ingress
+- If the configMap is created after the ingress is created, then you will need to restart the _Ingress Controller_ pods.

 ```yaml
-# The ConfigMap MUST be created first for the ingress controller to be able to
-# find it when the Ingress object is created.
-
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: example-cm
 data:
-  SCRIPT_FILENAME: "/example/index.php"
+  SCRIPT_FILENAME: "/var/www/html/index.php"

---
+```

+### The ingress object
+
+- Do not create the ingress shown below until you have created the configMap seen above.
+- You can see that this ingress matches the service `example-service`, and the port named `fastcgi` from above.
+
+```
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@ -83,6 +134,44 @@ spec:
              name: fastcgi
 ```

+## Send a request to the exposed FastCGI server
+
+You will have to look at the external-ip of the ingress or you have to send the HTTP request to the ClusterIP address of the ingress-nginx controller pod.
+
+```
+% curl 172.19.0.2 -H "Host: app.example.com" -vik
+*   Trying 172.19.0.2:80...
+* Connected to 172.19.0.2 (172.19.0.2) port 80
+> GET / HTTP/1.1
+> Host: app.example.com
+> User-Agent: curl/8.6.0
+> Accept: */*
+> 
+< HTTP/1.1 200 OK
+HTTP/1.1 200 OK
+< Date: Wed, 12 Jun 2024 07:11:59 GMT
+Date: Wed, 12 Jun 2024 07:11:59 GMT
+< Content-Type: text/html; charset=UTF-8
+Content-Type: text/html; charset=UTF-8
+< Transfer-Encoding: chunked
+Transfer-Encoding: chunked
+< Connection: keep-alive
+Connection: keep-alive
+< X-Powered-By: PHP/8.3.8
+X-Powered-By: PHP/8.3.8
+
+< 
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>PHP Test</title>
+    </head>
+    <body>
+        <p>FastCGI Test Worked</p>    </body>
+</html>
+
+```
+
 ## FastCGI Ingress Annotations

 To enable FastCGI, the `nginx.ingress.kubernetes.io/backend-protocol` annotation needs to be set to `FCGI`, which overrides the default `HTTP` value.
@ -114,6 +203,7 @@ data:
  SCRIPT_FILENAME: "/example/index.php"
  HTTP_PROXY: ""
 ```
+
 Using the _namespace/_ prefix is also supported, for example:

 > `nginx.ingress.kubernetes.io/fastcgi-params-configmap: "example-namespace/example-configmap"`
--- a/docs/user-guide/k8s-122-migration.md
+++ b/docs/user-guide/k8s-122-migration.md
@ -192,54 +192,3 @@ Bear in mind that if you start Ingress-Nginx B with the command line argument `-
 It is highly likely that you will also see the name of the ingress resource in the same error message.
 This error message has been observed on use the deprecated annotation (`kubernetes.io/ingress.class`) in an Ingress resource manifest.
 It is recommended to use the `.spec.ingressClassName` field of the Ingress resource, to specify the name of the IngressClass of the Ingress you are defining.
-
-## How can I easily install multiple instances of the ingress-nginx controller in the same cluster?
-
-You can install them in different namespaces.
-
- Create a new namespace
-  ```
-  kubectl create namespace ingress-nginx-2
-  ```
- Use Helm to install the additional instance of the ingress controller
- Ensure you have Helm working (refer to the [Helm documentation](https://helm.sh/docs/))
- We have to assume that you have the helm repo for the ingress-nginx controller already added to your Helm config.
-  But, if you have not added the helm repo then you can do this to add the repo to your helm config;
-  ```
-  helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
-  ```
- Make sure you have updated the helm repo data;
-  ```
-  helm repo update
-  ```
- Now, install an additional instance of the ingress-nginx controller like this:
-  ```
-  helm install ingress-nginx-2 ingress-nginx/ingress-nginx  \
-  --namespace ingress-nginx-2 \
-  --set controller.ingressClassResource.name=nginx-two \
-  --set controller.ingressClass=nginx-two \
-  --set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
-  --set controller.ingressClassResource.enabled=true \
-  --set controller.ingressClassByName=true
-  ```
-
-If you need to install yet another instance, then repeat the procedure to create a new namespace,
-change the values such as names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs.
-
-Note that `controller.ingressClassResource.name` and `controller.ingressClass` have to be set correctly.
-The first is to create the IngressClass object and the other is to modify the deployment of the actual ingress controller pod.
-
-### I can't use multiple namespaces, what should I do?
-
-If you need to install all instances in the same namespace, then you need to specify a different **election id**, like this:
-
-```
-helm install ingress-nginx-2 ingress-nginx/ingress-nginx  \
--namespace kube-system \
--set controller.electionID=nginx-two-leader \
--set controller.ingressClassResource.name=nginx-two \
--set controller.ingressClass=nginx-two \
--set controller.ingressClassResource.controllerValue="example.com/ingress-nginx-2" \
--set controller.ingressClassResource.enabled=true \
--set controller.ingressClassByName=true
-```
--- a/docs/user-guide/miscellaneous.md
+++ b/docs/user-guide/miscellaneous.md
@ -17,7 +17,7 @@ By default NGINX path type is Prefix to not break existing definitions

 ## Proxy Protocol

-If you are using a L4 proxy to forward the traffic to the NGINX pods and terminate HTTP/HTTPS there, you will lose the remote endpoint's IP address. To prevent this you could use the [Proxy Protocol](http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt) for forwarding traffic, this will send the connection details before forwarding the actual TCP connection itself.
+If you are using a L4 proxy to forward the traffic to the Ingress NGINX pods and terminate HTTP/HTTPS there, you will lose the remote endpoint's IP address. To prevent this you could use the [PROXY Protocol](http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt) for forwarding traffic, this will send the connection details before forwarding the actual TCP connection itself.

 Amongst others [ELBs in AWS](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html) and [HAProxy](http://www.haproxy.org/) support Proxy Protocol.

--- a/docs/user-guide/multiple-ingress.md
+++ b/docs/user-guide/multiple-ingress.md
@ -57,6 +57,7 @@ or if installing with Helm:
 ```yaml
 controller:
  electionID: ingress-controller-leader
+  ingressClass: internal-nginx  # default: nginx
  ingressClassResource:
    name: internal-nginx  # default: nginx
    enabled: true
--- a/docs/user-guide/nginx-configuration/annotations.md
+++ b/docs/user-guide/nginx-configuration/annotations.md
@ -123,8 +123,6 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz
 |[nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers](#ssl-ciphers)|"true" or "false"|
 |[nginx.ingress.kubernetes.io/connection-proxy-header](#connection-proxy-header)|string|
 |[nginx.ingress.kubernetes.io/enable-access-log](#enable-access-log)|"true" or "false"|
-|[nginx.ingress.kubernetes.io/enable-opentracing](#enable-opentracing)|"true" or "false"|
-|[nginx.ingress.kubernetes.io/opentracing-trust-incoming-span](#opentracing-trust-incoming-span)|"true" or "false"|
 |[nginx.ingress.kubernetes.io/enable-opentelemetry](#enable-opentelemetry)|"true" or "false"|
 |[nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-spans)|"true" or "false"|
 |[nginx.ingress.kubernetes.io/use-regex](#use-regex)|bool|
@ -640,7 +638,10 @@ To preserve the trailing slash in the URI with `ssl-redirect`, set `nginx.ingres

 ### Redirect from/to www

-In some scenarios is required to redirect from `www.domain.com` to `domain.com` or vice versa.
+In some scenarios, it is required to redirect from `www.domain.com` to `domain.com` or vice versa, which way the redirect is performed depends on the configured `host` value in the Ingress object.
+
+For example, if `.spec.rules.host` is configured with a value like `www.example.com`, then this annotation will redirect from `example.com` to `www.example.com`. If `.spec.rules.host` is configured with a value like `example.com`, so without a `www`, then this annotation will redirect from `www.example.com` to `example.com` instead.
+
 To enable this feature use the annotation `nginx.ingress.kubernetes.io/from-to-www-redirect: "true"`

 !!! attention
@ -813,24 +814,6 @@ Note that rewrite logs are sent to the error_log file at the notice level. To en
 nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
 ```

-### Enable Opentracing
-
-Opentracing can be enabled or disabled globally through the ConfigMap but this will sometimes need to be overridden
-to enable it or disable it for a specific ingress (e.g. to turn off tracing of external health check endpoints)
-
-```yaml
-nginx.ingress.kubernetes.io/enable-opentracing: "true"
-```
-
-### Opentracing Trust Incoming Span
-
-The option to trust incoming trace spans can be enabled or disabled globally through the ConfigMap but this will
-sometimes need to be overridden to enable it or disable it for a specific ingress (e.g. only enable on a private endpoint)
-
-```yaml
-nginx.ingress.kubernetes.io/opentracing-trust-incoming-span: "true"
-```
-
 ### Enable Opentelemetry

 Opentelemetry can be enabled or disabled globally through the ConfigMap but this will sometimes need to be overridden
@ -955,7 +938,7 @@ Enables a request to be mirrored to a mirror backend. Responses by mirror backen
 The mirror backend can be set by applying:

 ```yaml
-nginx.ingress.kubernetes.io/mirror-target: https://test.env.com/$request_uri
+nginx.ingress.kubernetes.io/mirror-target: https://test.env.com$request_uri
 ```

 By default the request-body is sent to the mirror backend, but can be turned off by applying:
@ -967,7 +950,7 @@ nginx.ingress.kubernetes.io/mirror-request-body: "off"
 Also by default header Host for mirrored requests will be set the same as a host part of uri in the "mirror-target" annotation. You can override it by "mirror-host" annotation:

 ```yaml
-nginx.ingress.kubernetes.io/mirror-target: https://1.2.3.4/$request_uri
+nginx.ingress.kubernetes.io/mirror-target: https://1.2.3.4$request_uri
 nginx.ingress.kubernetes.io/mirror-host: "test.env.com"
 ```

--- a/docs/user-guide/nginx-configuration/configmap.md
+++ b/docs/user-guide/nginx-configuration/configmap.md
@ -25,214 +25,207 @@ data:

 The following table shows a configuration option's name, type, and the default value:

-|name|type|default|notes|
-|:---|:---|:------|:----|
-|[add-headers](#add-headers)|string|""||
-|[allow-backend-server-header](#allow-backend-server-header)|bool|"false"||
-|[allow-cross-namespace-resources](#allow-cross-namespace-resources)|bool|"true"||
-|[allow-snippet-annotations](#allow-snippet-annotations)|bool|false||
-|[annotations-risk-level](#annotations-risk-level)|string|Critical||
-|[annotation-value-word-blocklist](#annotation-value-word-blocklist)|string array|""||
-|[hide-headers](#hide-headers)|string array|empty||
-|[access-log-params](#access-log-params)|string|""||
-|[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"||
-|[http-access-log-path](#http-access-log-path)|string|""||
-|[stream-access-log-path](#stream-access-log-path)|string|""||
-|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"||
-|[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"||
-|[enable-modsecurity](#enable-modsecurity)|bool|"false"||
-|[modsecurity-snippet](#modsecurity-snippet)|string|""||
-|[enable-owasp-modsecurity-crs](#enable-owasp-modsecurity-crs)|bool|"false"||
-|[client-header-buffer-size](#client-header-buffer-size)|string|"1k"||
-|[client-header-timeout](#client-header-timeout)|int|60||
-|[client-body-buffer-size](#client-body-buffer-size)|string|"8k"||
-|[client-body-timeout](#client-body-timeout)|int|60||
-|[disable-access-log](#disable-access-log)|bool|false||
-|[disable-ipv6](#disable-ipv6)|bool|false||
-|[disable-ipv6-dns](#disable-ipv6-dns)|bool|false||
-|[enable-underscores-in-headers](#enable-underscores-in-headers)|bool|false||
-|[enable-ocsp](#enable-ocsp)|bool|false||
-|[ignore-invalid-headers](#ignore-invalid-headers)|bool|true||
-|[retry-non-idempotent](#retry-non-idempotent)|bool|"false"||
-|[error-log-level](#error-log-level)|string|"notice"||
-|[http2-max-field-size](#http2-max-field-size)|string|""|DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers)|
-|[http2-max-header-size](#http2-max-header-size)|string|""|DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers)|
-|[http2-max-requests](#http2-max-requests)|int|0|DEPRECATED in favour of [keepalive_requests](#keepalive-requests)|
-|[http2-max-concurrent-streams](#http2-max-concurrent-streams)|int|128||
-|[hsts](#hsts)|bool|"true"||
-|[hsts-include-subdomains](#hsts-include-subdomains)|bool|"true"||
-|[hsts-max-age](#hsts-max-age)|string|"31536000"||
-|[hsts-preload](#hsts-preload)|bool|"false"||
-|[keep-alive](#keep-alive)|int|75||
-|[keep-alive-requests](#keep-alive-requests)|int|1000||
-|[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"||
-|[log-format-escape-none](#log-format-escape-none)|bool|"false"||
-|[log-format-escape-json](#log-format-escape-json)|bool|"false"||
-|[log-format-upstream](#log-format-upstream)|string|`$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`||
-|[log-format-stream](#log-format-stream)|string|`[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time`||
-|[enable-multi-accept](#enable-multi-accept)|bool|"true"||
-|[max-worker-connections](#max-worker-connections)|int|16384||
-|[max-worker-open-files](#max-worker-open-files)|int|0||
-|[map-hash-bucket-size](#max-hash-bucket-size)|int|64||
-|[nginx-status-ipv4-whitelist](#nginx-status-ipv4-whitelist)|[]string|"127.0.0.1"||
-|[nginx-status-ipv6-whitelist](#nginx-status-ipv6-whitelist)|[]string|"::1"||
-|[proxy-real-ip-cidr](#proxy-real-ip-cidr)|[]string|"0.0.0.0/0"||
-|[proxy-set-headers](#proxy-set-headers)|string|""||
-|[server-name-hash-max-size](#server-name-hash-max-size)|int|1024||
-|[server-name-hash-bucket-size](#server-name-hash-bucket-size)|int|`<size of the processor’s cache line>`|
-|[proxy-headers-hash-max-size](#proxy-headers-hash-max-size)|int|512||
-|[proxy-headers-hash-bucket-size](#proxy-headers-hash-bucket-size)|int|64||
-|[plugins](#plugins)|[]string| ||
-|[reuse-port](#reuse-port)|bool|"true"||
-|[server-tokens](#server-tokens)|bool|"false"||
-|[ssl-ciphers](#ssl-ciphers)|string|"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"||
-|[ssl-ecdh-curve](#ssl-ecdh-curve)|string|"auto"||
-|[ssl-dh-param](#ssl-dh-param)|string|""||
-|[ssl-protocols](#ssl-protocols)|string|"TLSv1.2 TLSv1.3"||
-|[ssl-session-cache](#ssl-session-cache)|bool|"true"||
-|[ssl-session-cache-size](#ssl-session-cache-size)|string|"10m"||
-|[ssl-session-tickets](#ssl-session-tickets)|bool|"false"||
-|[ssl-session-ticket-key](#ssl-session-ticket-key)|string|`<Randomly Generated>`|
-|[ssl-session-timeout](#ssl-session-timeout)|string|"10m"||
-|[ssl-buffer-size](#ssl-buffer-size)|string|"4k"||
-|[use-proxy-protocol](#use-proxy-protocol)|bool|"false"||
-|[proxy-protocol-header-timeout](#proxy-protocol-header-timeout)|string|"5s"||
-|[enable-aio-write](#enable-aio-write)|bool|"true"||
-|[use-gzip](#use-gzip)|bool|"false"||
-|[use-geoip](#use-geoip)|bool|"true"||
-|[use-geoip2](#use-geoip2)|bool|"false"||
-|[enable-brotli](#enable-brotli)|bool|"false"||
-|[brotli-level](#brotli-level)|int|4||
-|[brotli-min-length](#brotli-min-length)|int|20||
-|[brotli-types](#brotli-types)|string|"application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"||
-|[use-http2](#use-http2)|bool|"true"||
-|[gzip-disable](#gzip-disable)|string|""||
-|[gzip-level](#gzip-level)|int|1||
-|[gzip-min-length](#gzip-min-length)|int|256||
-|[gzip-types](#gzip-types)|string|"application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"||
-|[worker-processes](#worker-processes)|string|`<Number of CPUs>`||
-|[worker-cpu-affinity](#worker-cpu-affinity)|string|""||
-|[worker-shutdown-timeout](#worker-shutdown-timeout)|string|"240s"||
-|[load-balance](#load-balance)|string|"round_robin"||
-|[variables-hash-bucket-size](#variables-hash-bucket-size)|int|128||
-|[variables-hash-max-size](#variables-hash-max-size)|int|2048||
-|[upstream-keepalive-connections](#upstream-keepalive-connections)|int|320||
-|[upstream-keepalive-time](#upstream-keepalive-time)|string|"1h"||
-|[upstream-keepalive-timeout](#upstream-keepalive-timeout)|int|60||
-|[upstream-keepalive-requests](#upstream-keepalive-requests)|int|10000||
-|[limit-conn-zone-variable](#limit-conn-zone-variable)|string|"$binary_remote_addr"||
-|[proxy-stream-timeout](#proxy-stream-timeout)|string|"600s"||
-|[proxy-stream-next-upstream](#proxy-stream-next-upstream)|bool|"true"||
-|[proxy-stream-next-upstream-timeout](#proxy-stream-next-upstream-timeout)|string|"600s"||
-|[proxy-stream-next-upstream-tries](#proxy-stream-next-upstream-tries)|int|3||
-|[proxy-stream-responses](#proxy-stream-responses)|int|1||
-|[bind-address](#bind-address)|[]string|""||
-|[use-forwarded-headers](#use-forwarded-headers)|bool|"false"||
-|[enable-real-ip](#enable-real-ip)|bool|"false"||
-|[forwarded-for-header](#forwarded-for-header)|string|"X-Forwarded-For"||
-|[compute-full-forwarded-for](#compute-full-forwarded-for)|bool|"false"||
-|[proxy-add-original-uri-header](#proxy-add-original-uri-header)|bool|"false"||
-|[generate-request-id](#generate-request-id)|bool|"true"||
-|[enable-opentracing](#enable-opentracing)|bool|"false"||
-|[opentracing-operation-name](#opentracing-operation-name)|string|""||
-|[opentracing-location-operation-name](#opentracing-location-operation-name)|string|""||
-|[zipkin-collector-host](#zipkin-collector-host)|string|""||
-|[zipkin-collector-port](#zipkin-collector-port)|int|9411||
-|[zipkin-service-name](#zipkin-service-name)|string|"nginx"||
-|[zipkin-sample-rate](#zipkin-sample-rate)|float|1.0||
-|[jaeger-collector-host](#jaeger-collector-host)|string|""||
-|[jaeger-collector-port](#jaeger-collector-port)|int|6831||
-|[jaeger-endpoint](#jaeger-endpoint)|string|""||
-|[jaeger-service-name](#jaeger-service-name)|string|"nginx"||
-|[jaeger-propagation-format](#jaeger-propagation-format)|string|"jaeger"||
-|[jaeger-sampler-type](#jaeger-sampler-type)|string|"const"||
-|[jaeger-sampler-param](#jaeger-sampler-param)|string|"1"||
-|[jaeger-sampler-host](#jaeger-sampler-host)|string|"http://127.0.0.1"||
-|[jaeger-sampler-port](#jaeger-sampler-port)|int|5778||
-|[jaeger-trace-context-header-name](#jaeger-trace-context-header-name)|string|uber-trace-id||
-|[jaeger-debug-header](#jaeger-debug-header)|string|uber-debug-id||
-|[jaeger-baggage-header](#jaeger-baggage-header)|string|jaeger-baggage||
-|[jaeger-trace-baggage-header-prefix](#jaeger-trace-baggage-header-prefix)|string|uberctx-||
-|[datadog-collector-host](#datadog-collector-host)|string|""||
-|[datadog-collector-port](#datadog-collector-port)|int|8126||
-|[datadog-service-name](#datadog-service-name)|string|"nginx"||
-|[datadog-environment](#datadog-environment)|string|"prod"||
-|[datadog-operation-name-override](#datadog-operation-name-override)|string|"nginx.handle"||
-|[datadog-priority-sampling](#datadog-priority-sampling)|bool|"true"||
-|[datadog-sample-rate](#datadog-sample-rate)|float|1.0||
-|[enable-opentelemetry](#enable-opentelemetry)|bool|"false"||
-|[opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)|bool|"true"||
-|[opentelemetry-operation-name](#opentelemetry-operation-name)|string|""||
-|[opentelemetry-config](#/etc/nginx/opentelemetry.toml)|string|"/etc/nginx/opentelemetry.toml"||
-|[otlp-collector-host](#otlp-collector-host)|string|""||
-|[otlp-collector-port](#otlp-collector-port)|int|4317||
-|[otel-max-queuesize](#otel-max-queuesize)|int|||
-|[otel-schedule-delay-millis](#otel-schedule-delay-millis)|int|||
-|[otel-max-export-batch-size](#otel-max-export-batch-size)|int|||
-|[otel-service-name](#otel-service-name)|string|"nginx"||
-|[otel-sampler](#otel-sampler)|string|"AlwaysOff"||
-|[otel-sampler-parent-based](#otel-sampler-parent-based)|bool|"false"||
-|[otel-sampler-ratio](#otel-sampler-ratio)|float|0.01||
-|[main-snippet](#main-snippet)|string|""||
-|[http-snippet](#http-snippet)|string|""||
-|[server-snippet](#server-snippet)|string|""||
-|[stream-snippet](#stream-snippet)|string|""||
-|[location-snippet](#location-snippet)|string|""||
-|[custom-http-errors](#custom-http-errors)|[]int|[]int{}||
-|[proxy-body-size](#proxy-body-size)|string|"1m"||
-|[proxy-connect-timeout](#proxy-connect-timeout)|int|5||
-|[proxy-read-timeout](#proxy-read-timeout)|int|60||
-|[proxy-send-timeout](#proxy-send-timeout)|int|60||
-|[proxy-buffers-number](#proxy-buffers-number)|int|4||
-|[proxy-buffer-size](#proxy-buffer-size)|string|"4k"||
-|[proxy-cookie-path](#proxy-cookie-path)|string|"off"||
-|[proxy-cookie-domain](#proxy-cookie-domain)|string|"off"||
-|[proxy-next-upstream](#proxy-next-upstream)|string|"error timeout"||
-|[proxy-next-upstream-timeout](#proxy-next-upstream-timeout)|int|0||
-|[proxy-next-upstream-tries](#proxy-next-upstream-tries)|int|3||
-|[proxy-redirect-from](#proxy-redirect-from)|string|"off"||
-|[proxy-request-buffering](#proxy-request-buffering)|string|"on"||
-|[ssl-redirect](#ssl-redirect)|bool|"true"||
-|[force-ssl-redirect](#force-ssl-redirect)|bool|"false"||
-|[denylist-source-range](#denylist-source-range)|[]string|[]string{}||
-|[whitelist-source-range](#whitelist-source-range)|[]string|[]string{}||
-|[skip-access-log-urls](#skip-access-log-urls)|[]string|[]string{}||
-|[limit-rate](#limit-rate)|int|0||
-|[limit-rate-after](#limit-rate-after)|int|0||
-|[lua-shared-dicts](#lua-shared-dicts)|string|""||
-|[http-redirect-code](#http-redirect-code)|int|308||
-|[proxy-buffering](#proxy-buffering)|string|"off"||
-|[limit-req-status-code](#limit-req-status-code)|int|503||
-|[limit-conn-status-code](#limit-conn-status-code)|int|503||
-|[enable-syslog](#enable-syslog)|bool|false||
-|[syslog-host](#syslog-host)|string|""||
-|[syslog-port](#syslog-port)|int|514||
-|[no-tls-redirect-locations](#no-tls-redirect-locations)|string|"/.well-known/acme-challenge"||
-|[global-auth-url](#global-auth-url)|string|""||
-|[global-auth-method](#global-auth-method)|string|""||
-|[global-auth-signin](#global-auth-signin)|string|""||
-|[global-auth-signin-redirect-param](#global-auth-signin-redirect-param)|string|"rd"||
-|[global-auth-response-headers](#global-auth-response-headers)|string|""||
-|[global-auth-request-redirect](#global-auth-request-redirect)|string|""||
-|[global-auth-snippet](#global-auth-snippet)|string|""||
-|[global-auth-cache-key](#global-auth-cache-key)|string|""||
-|[global-auth-cache-duration](#global-auth-cache-duration)|string|"200 202 401 5m"||
-|[no-auth-locations](#no-auth-locations)|string|"/.well-known/acme-challenge"||
-|[block-cidrs](#block-cidrs)|[]string|""||
-|[block-user-agents](#block-user-agents)|[]string|""||
-|[block-referers](#block-referers)|[]string|""||
-|[proxy-ssl-location-only](#proxy-ssl-location-only)|bool|"false"||
-|[default-type](#default-type)|string|"text/html"||
-|[global-rate-limit-memcached-host](#global-rate-limit)|string|""||
-|[global-rate-limit-memcached-port](#global-rate-limit)|int|11211||
-|[global-rate-limit-memcached-connect-timeout](#global-rate-limit)|int|50||
-|[global-rate-limit-memcached-max-idle-timeout](#global-rate-limit)|int|10000||
-|[global-rate-limit-memcached-pool-size](#global-rate-limit)|int|50||
-|[global-rate-limit-status-code](#global-rate-limit)|int|429||
-|[service-upstream](#service-upstream)|bool|"false"||
-|[ssl-reject-handshake](#ssl-reject-handshake)|bool|"false"||
-|[debug-connections](#debug-connections)|[]string|"127.0.0.1,1.1.1.1/24"||
-|[strict-validate-path-type](#strict-validate-path-type)|bool|"false" (v1.7.x)||
+| name                                                                            | type         | default                                                                                                                                                                                                                                                                                                                                                      | notes                                                                               |
+|:--------------------------------------------------------------------------------|:-------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------|
+| [add-headers](#add-headers)                                                     | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [allow-backend-server-header](#allow-backend-server-header)                     | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [allow-cross-namespace-resources](#allow-cross-namespace-resources)             | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [allow-snippet-annotations](#allow-snippet-annotations)                         | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [annotations-risk-level](#annotations-risk-level)                               | string       | Critical                                                                                                                                                                                                                                                                                                                                                     |                                                                                     |
+| [annotation-value-word-blocklist](#annotation-value-word-blocklist)             | string array | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [hide-headers](#hide-headers)                                                   | string array | empty                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [access-log-params](#access-log-params)                                         | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [access-log-path](#access-log-path)                                             | string       | "/var/log/nginx/access.log"                                                                                                                                                                                                                                                                                                                                  |                                                                                     |
+| [http-access-log-path](#http-access-log-path)                                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [stream-access-log-path](#stream-access-log-path)                               | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [enable-access-log-for-default-backend](#enable-access-log-for-default-backend) | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [error-log-path](#error-log-path)                                               | string       | "/var/log/nginx/error.log"                                                                                                                                                                                                                                                                                                                                   |                                                                                     |
+| [enable-modsecurity](#enable-modsecurity)                                       | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [modsecurity-snippet](#modsecurity-snippet)                                     | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [enable-owasp-modsecurity-crs](#enable-owasp-modsecurity-crs)                   | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [client-header-buffer-size](#client-header-buffer-size)                         | string       | "1k"                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [client-header-timeout](#client-header-timeout)                                 | int          | 60                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [client-body-buffer-size](#client-body-buffer-size)                             | string       | "8k"                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [client-body-timeout](#client-body-timeout)                                     | int          | 60                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [disable-access-log](#disable-access-log)                                       | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [disable-ipv6](#disable-ipv6)                                                   | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [disable-ipv6-dns](#disable-ipv6-dns)                                           | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [enable-underscores-in-headers](#enable-underscores-in-headers)                 | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [enable-ocsp](#enable-ocsp)                                                     | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [ignore-invalid-headers](#ignore-invalid-headers)                               | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [retry-non-idempotent](#retry-non-idempotent)                                   | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [error-log-level](#error-log-level)                                             | string       | "notice"                                                                                                                                                                                                                                                                                                                                                     |                                                                                     |
+| [http2-max-field-size](#http2-max-field-size)                                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           | DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers) |
+| [http2-max-header-size](#http2-max-header-size)                                 | string       | ""                                                                                                                                                                                                                                                                                                                                                           | DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers) |
+| [http2-max-requests](#http2-max-requests)                                       | int          | 0                                                                                                                                                                                                                                                                                                                                                            | DEPRECATED in favour of [keepalive_requests](#keepalive-requests)                   |
+| [http2-max-concurrent-streams](#http2-max-concurrent-streams)                   | int          | 128                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [hsts](#hsts)                                                                   | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [hsts-include-subdomains](#hsts-include-subdomains)                             | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [hsts-max-age](#hsts-max-age)                                                   | string       | "31536000"                                                                                                                                                                                                                                                                                                                                                   |                                                                                     |
+| [hsts-preload](#hsts-preload)                                                   | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [keep-alive](#keep-alive)                                                       | int          | 75                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [keep-alive-requests](#keep-alive-requests)                                     | int          | 1000                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [large-client-header-buffers](#large-client-header-buffers)                     | string       | "4 8k"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [log-format-escape-none](#log-format-escape-none)                               | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [log-format-escape-json](#log-format-escape-json)                               | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [log-format-upstream](#log-format-upstream)                                     | string       | `$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`                                                         |                                                                                     |
+| [log-format-stream](#log-format-stream)                                         | string       | `[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time`                                                                                                                                                                                                                                                                   |                                                                                     |
+| [enable-multi-accept](#enable-multi-accept)                                     | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [max-worker-connections](#max-worker-connections)                               | int          | 16384                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [max-worker-open-files](#max-worker-open-files)                                 | int          | 0                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [map-hash-bucket-size](#max-hash-bucket-size)                                   | int          | 64                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [nginx-status-ipv4-whitelist](#nginx-status-ipv4-whitelist)                     | []string     | "127.0.0.1"                                                                                                                                                                                                                                                                                                                                                  |                                                                                     |
+| [nginx-status-ipv6-whitelist](#nginx-status-ipv6-whitelist)                     | []string     | "::1"                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [proxy-real-ip-cidr](#proxy-real-ip-cidr)                                       | []string     | "0.0.0.0/0"                                                                                                                                                                                                                                                                                                                                                  |                                                                                     |
+| [proxy-set-headers](#proxy-set-headers)                                         | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [server-name-hash-max-size](#server-name-hash-max-size)                         | int          | 1024                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [server-name-hash-bucket-size](#server-name-hash-bucket-size)                   | int          | `<size of the processor’s cache line>`                                                                                                                                                                                                                                                                                                                       |
+| [proxy-headers-hash-max-size](#proxy-headers-hash-max-size)                     | int          | 512                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [proxy-headers-hash-bucket-size](#proxy-headers-hash-bucket-size)               | int          | 64                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [plugins](#plugins)                                                             | []string     |                                                                                                                                                                                                                                                                                                                                                              |                                                                                     |
+| [reuse-port](#reuse-port)                                                       | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [server-tokens](#server-tokens)                                                 | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [ssl-ciphers](#ssl-ciphers)                                                     | string       | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"                                                                                                                          |                                                                                     |
+| [ssl-ecdh-curve](#ssl-ecdh-curve)                                               | string       | "auto"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [ssl-dh-param](#ssl-dh-param)                                                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [ssl-protocols](#ssl-protocols)                                                 | string       | "TLSv1.2 TLSv1.3"                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [ssl-session-cache](#ssl-session-cache)                                         | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [ssl-session-cache-size](#ssl-session-cache-size)                               | string       | "10m"                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [ssl-session-tickets](#ssl-session-tickets)                                     | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [ssl-session-ticket-key](#ssl-session-ticket-key)                               | string       | `<Randomly Generated>`                                                                                                                                                                                                                                                                                                                                       |
+| [ssl-session-timeout](#ssl-session-timeout)                                     | string       | "10m"                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [ssl-buffer-size](#ssl-buffer-size)                                             | string       | "4k"                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [use-proxy-protocol](#use-proxy-protocol)                                       | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [proxy-protocol-header-timeout](#proxy-protocol-header-timeout)                 | string       | "5s"                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [enable-aio-write](#enable-aio-write)                                           | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [use-gzip](#use-gzip)                                                           | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [use-geoip](#use-geoip)                                                         | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [use-geoip2](#use-geoip2)                                                       | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [enable-brotli](#enable-brotli)                                                 | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [brotli-level](#brotli-level)                                                   | int          | 4                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [brotli-min-length](#brotli-min-length)                                         | int          | 20                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [brotli-types](#brotli-types)                                                   | string       | "application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" |                                                                                     |
+| [use-http2](#use-http2)                                                         | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [gzip-disable](#gzip-disable)                                                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [gzip-level](#gzip-level)                                                       | int          | 1                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [gzip-min-length](#gzip-min-length)                                             | int          | 256                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [gzip-types](#gzip-types)                                                       | string       | "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"                     |                                                                                     |
+| [worker-processes](#worker-processes)                                           | string       | `<Number of CPUs>`                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [worker-cpu-affinity](#worker-cpu-affinity)                                     | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [worker-shutdown-timeout](#worker-shutdown-timeout)                             | string       | "240s"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [load-balance](#load-balance)                                                   | string       | "round_robin"                                                                                                                                                                                                                                                                                                                                                |                                                                                     |
+| [variables-hash-bucket-size](#variables-hash-bucket-size)                       | int          | 128                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [variables-hash-max-size](#variables-hash-max-size)                             | int          | 2048                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [upstream-keepalive-connections](#upstream-keepalive-connections)               | int          | 320                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [upstream-keepalive-time](#upstream-keepalive-time)                             | string       | "1h"                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [upstream-keepalive-timeout](#upstream-keepalive-timeout)                       | int          | 60                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [upstream-keepalive-requests](#upstream-keepalive-requests)                     | int          | 10000                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [limit-conn-zone-variable](#limit-conn-zone-variable)                           | string       | "$binary_remote_addr"                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [proxy-stream-timeout](#proxy-stream-timeout)                                   | string       | "600s"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [proxy-stream-next-upstream](#proxy-stream-next-upstream)                       | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [proxy-stream-next-upstream-timeout](#proxy-stream-next-upstream-timeout)       | string       | "600s"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [proxy-stream-next-upstream-tries](#proxy-stream-next-upstream-tries)           | int          | 3                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [proxy-stream-responses](#proxy-stream-responses)                               | int          | 1                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [bind-address](#bind-address)                                                   | []string     | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [use-forwarded-headers](#use-forwarded-headers)                                 | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [enable-real-ip](#enable-real-ip)                                               | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [forwarded-for-header](#forwarded-for-header)                                   | string       | "X-Forwarded-For"                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [compute-full-forwarded-for](#compute-full-forwarded-for)                       | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [proxy-add-original-uri-header](#proxy-add-original-uri-header)                 | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [generate-request-id](#generate-request-id)                                     | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [jaeger-collector-host](#jaeger-collector-host)                                 | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [jaeger-collector-port](#jaeger-collector-port)                                 | int          | 6831                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [jaeger-endpoint](#jaeger-endpoint)                                             | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [jaeger-service-name](#jaeger-service-name)                                     | string       | "nginx"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [jaeger-propagation-format](#jaeger-propagation-format)                         | string       | "jaeger"                                                                                                                                                                                                                                                                                                                                                     |                                                                                     |
+| [jaeger-sampler-type](#jaeger-sampler-type)                                     | string       | "const"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [jaeger-sampler-param](#jaeger-sampler-param)                                   | string       | "1"                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [jaeger-sampler-host](#jaeger-sampler-host)                                     | string       | "http://127.0.0.1"                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [jaeger-sampler-port](#jaeger-sampler-port)                                     | int          | 5778                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [jaeger-trace-context-header-name](#jaeger-trace-context-header-name)           | string       | uber-trace-id                                                                                                                                                                                                                                                                                                                                                |                                                                                     |
+| [jaeger-debug-header](#jaeger-debug-header)                                     | string       | uber-debug-id                                                                                                                                                                                                                                                                                                                                                |                                                                                     |
+| [jaeger-baggage-header](#jaeger-baggage-header)                                 | string       | jaeger-baggage                                                                                                                                                                                                                                                                                                                                               |                                                                                     |
+| [jaeger-trace-baggage-header-prefix](#jaeger-trace-baggage-header-prefix)       | string       | uberctx-                                                                                                                                                                                                                                                                                                                                                     |                                                                                     |
+| [datadog-collector-host](#datadog-collector-host)                               | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [datadog-collector-port](#datadog-collector-port)                               | int          | 8126                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [datadog-service-name](#datadog-service-name)                                   | string       | "nginx"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [datadog-environment](#datadog-environment)                                     | string       | "prod"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [datadog-operation-name-override](#datadog-operation-name-override)             | string       | "nginx.handle"                                                                                                                                                                                                                                                                                                                                               |                                                                                     |
+| [datadog-priority-sampling](#datadog-priority-sampling)                         | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [datadog-sample-rate](#datadog-sample-rate)                                     | float        | 1.0                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [enable-opentelemetry](#enable-opentelemetry)                                   | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)         | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [opentelemetry-operation-name](#opentelemetry-operation-name)                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [opentelemetry-config](#/etc/nginx/opentelemetry.toml)                          | string       | "/etc/nginx/opentelemetry.toml"                                                                                                                                                                                                                                                                                                                              |                                                                                     |
+| [otlp-collector-host](#otlp-collector-host)                                     | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [otlp-collector-port](#otlp-collector-port)                                     | int          | 4317                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [otel-max-queuesize](#otel-max-queuesize)                                       | int          |                                                                                                                                                                                                                                                                                                                                                              |                                                                                     |
+| [otel-schedule-delay-millis](#otel-schedule-delay-millis)                       | int          |                                                                                                                                                                                                                                                                                                                                                              |                                                                                     |
+| [otel-max-export-batch-size](#otel-max-export-batch-size)                       | int          |                                                                                                                                                                                                                                                                                                                                                              |                                                                                     |
+| [otel-service-name](#otel-service-name)                                         | string       | "nginx"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [otel-sampler](#otel-sampler)                                                   | string       | "AlwaysOff"                                                                                                                                                                                                                                                                                                                                                  |                                                                                     |
+| [otel-sampler-parent-based](#otel-sampler-parent-based)                         | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [otel-sampler-ratio](#otel-sampler-ratio)                                       | float        | 0.01                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [main-snippet](#main-snippet)                                                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [http-snippet](#http-snippet)                                                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [server-snippet](#server-snippet)                                               | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [stream-snippet](#stream-snippet)                                               | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [location-snippet](#location-snippet)                                           | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [custom-http-errors](#custom-http-errors)                                       | []int        | []int{}                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [proxy-body-size](#proxy-body-size)                                             | string       | "1m"                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [proxy-connect-timeout](#proxy-connect-timeout)                                 | int          | 5                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [proxy-read-timeout](#proxy-read-timeout)                                       | int          | 60                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [proxy-send-timeout](#proxy-send-timeout)                                       | int          | 60                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [proxy-buffers-number](#proxy-buffers-number)                                   | int          | 4                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [proxy-buffer-size](#proxy-buffer-size)                                         | string       | "4k"                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [proxy-cookie-path](#proxy-cookie-path)                                         | string       | "off"                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [proxy-cookie-domain](#proxy-cookie-domain)                                     | string       | "off"                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [proxy-next-upstream](#proxy-next-upstream)                                     | string       | "error timeout"                                                                                                                                                                                                                                                                                                                                              |                                                                                     |
+| [proxy-next-upstream-timeout](#proxy-next-upstream-timeout)                     | int          | 0                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [proxy-next-upstream-tries](#proxy-next-upstream-tries)                         | int          | 3                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [proxy-redirect-from](#proxy-redirect-from)                                     | string       | "off"                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [proxy-request-buffering](#proxy-request-buffering)                             | string       | "on"                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [ssl-redirect](#ssl-redirect)                                                   | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [force-ssl-redirect](#force-ssl-redirect)                                       | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [denylist-source-range](#denylist-source-range)                                 | []string     | []string{}                                                                                                                                                                                                                                                                                                                                                   |                                                                                     |
+| [whitelist-source-range](#whitelist-source-range)                               | []string     | []string{}                                                                                                                                                                                                                                                                                                                                                   |                                                                                     |
+| [skip-access-log-urls](#skip-access-log-urls)                                   | []string     | []string{}                                                                                                                                                                                                                                                                                                                                                   |                                                                                     |
+| [limit-rate](#limit-rate)                                                       | int          | 0                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [limit-rate-after](#limit-rate-after)                                           | int          | 0                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
+| [lua-shared-dicts](#lua-shared-dicts)                                           | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [http-redirect-code](#http-redirect-code)                                       | int          | 308                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [proxy-buffering](#proxy-buffering)                                             | string       | "off"                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [limit-req-status-code](#limit-req-status-code)                                 | int          | 503                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [limit-conn-status-code](#limit-conn-status-code)                               | int          | 503                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [enable-syslog](#enable-syslog)                                                 | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [syslog-host](#syslog-host)                                                     | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [syslog-port](#syslog-port)                                                     | int          | 514                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [no-tls-redirect-locations](#no-tls-redirect-locations)                         | string       | "/.well-known/acme-challenge"                                                                                                                                                                                                                                                                                                                                |                                                                                     |
+| [global-auth-url](#global-auth-url)                                             | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-auth-method](#global-auth-method)                                       | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-auth-signin](#global-auth-signin)                                       | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-auth-signin-redirect-param](#global-auth-signin-redirect-param)         | string       | "rd"                                                                                                                                                                                                                                                                                                                                                         |                                                                                     |
+| [global-auth-response-headers](#global-auth-response-headers)                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-auth-request-redirect](#global-auth-request-redirect)                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-auth-snippet](#global-auth-snippet)                                     | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-auth-cache-key](#global-auth-cache-key)                                 | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-auth-cache-duration](#global-auth-cache-duration)                       | string       | "200 202 401 5m"                                                                                                                                                                                                                                                                                                                                             |                                                                                     |
+| [no-auth-locations](#no-auth-locations)                                         | string       | "/.well-known/acme-challenge"                                                                                                                                                                                                                                                                                                                                |                                                                                     |
+| [block-cidrs](#block-cidrs)                                                     | []string     | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [block-user-agents](#block-user-agents)                                         | []string     | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [block-referers](#block-referers)                                               | []string     | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [proxy-ssl-location-only](#proxy-ssl-location-only)                             | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [default-type](#default-type)                                                   | string       | "text/html"                                                                                                                                                                                                                                                                                                                                                  |                                                                                     |
+| [global-rate-limit-memcached-host](#global-rate-limit)                          | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-rate-limit-memcached-port](#global-rate-limit)                          | int          | 11211                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [global-rate-limit-memcached-connect-timeout](#global-rate-limit)               | int          | 50                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-rate-limit-memcached-max-idle-timeout](#global-rate-limit)              | int          | 10000                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
+| [global-rate-limit-memcached-pool-size](#global-rate-limit)                     | int          | 50                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
+| [global-rate-limit-status-code](#global-rate-limit)                             | int          | 429                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [service-upstream](#service-upstream)                                           | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [ssl-reject-handshake](#ssl-reject-handshake)                                   | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
+| [debug-connections](#debug-connections)                                         | []string     | "127.0.0.1,1.1.1.1/24"                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [strict-validate-path-type](#strict-validate-path-type)                         | bool         | "false" (v1.7.x)                                                                                                                                                                                                                                                                                                                                             |                                                                                     |

 ## add-headers

@ -730,7 +723,7 @@ _**default:**_ true
 Enables the [geoip2 module](https://github.com/leev/ngx_http_geoip2_module) for NGINX.
 Since `0.27.0` and due to a [change in the MaxMind databases](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases) a license is required to have access to the databases.
 For this reason, it is required to define a new flag `--maxmind-license-key` in the ingress controller deployment to download the databases needed during the initialization of the ingress controller.
-Alternatively, it is possible to use a volume to mount the files `/etc/nginx/geoip/GeoLite2-City.mmdb` and `/etc/nginx/geoip/GeoLite2-ASN.mmdb`, avoiding the overhead of the download.
+Alternatively, it is possible to use a volume to mount the files `/etc/ingress-controller/geoip/GeoLite2-City.mmdb` and `/etc/ingress-controller/geoip/GeoLite2-ASN.mmdb`, avoiding the overhead of the download.

 !!! important
    If the feature is enabled but the files are missing, GeoIP2 will not be enabled.
@ -935,41 +928,6 @@ Adds an X-Original-Uri header with the original request URI to the backend reque

 Ensures that X-Request-ID is defaulted to a random value, if no X-Request-ID is present in the request

-## enable-opentracing
-
-Enables the nginx Opentracing extension. _**default:**_ is disabled
-
-_References:_
-[https://github.com/opentracing-contrib/nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing)
-
-## opentracing-operation-name
-
-Specifies a custom name for the server span. _**default:**_ is empty
-
-For example, set to "HTTP $request_method $uri".
-
-## opentracing-location-operation-name
-
-Specifies a custom name for the location span. _**default:**_ is empty
-
-For example, set to "HTTP $request_method $uri".
-
-## zipkin-collector-host
-
-Specifies the host to use when uploading traces. It must be a valid URL.
-
-## zipkin-collector-port
-
-Specifies the port to use when uploading traces. _**default:**_ 9411
-
-## zipkin-service-name
-
-Specifies the service name to use for any traces created. _**default:**_ nginx
-
-## zipkin-sample-rate
-
-Specifies sample rate for any traces created. _**default:**_ 1.0
-
 ## jaeger-collector-host

 Specifies the host to use when uploading traces. It must be a valid URL.
--- a/Show more
+++ b/Show more
 @ -1 +1 @@
 .22.0
 .22.6