DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: DevFW-CICD:main
Branches Tags
DevFW-CICD:main
DevFW-CICD:release-1.11
DevFW-CICD:release-1.12
DevFW-CICD:gh-pages
DevFW-CICD:helm-chart-4.12.1-depends
DevFW-CICD:helm-chart-4.12.1
DevFW-CICD:helm-chart-4.12.0
DevFW-CICD:controller-v1.12.0
DevFW-CICD:helm-chart-4.11.4
DevFW-CICD:controller-v1.11.4
DevFW-CICD:helm-chart-4.10.6
DevFW-CICD:controller-v1.10.6
DevFW-CICD:helm-chart-4.12.0-beta.0
DevFW-CICD:controller-v1.12.0-beta.0
DevFW-CICD:helm-chart-4.11.3
DevFW-CICD:controller-v1.11.3
DevFW-CICD:helm-chart-4.10.5
DevFW-CICD:controller-v1.10.5
DevFW-CICD:helm-chart-4.10.4
DevFW-CICD:controller-v1.10.4
DevFW-CICD:helm-chart-4.11.2
DevFW-CICD:controller-v1.11.2
DevFW-CICD:helm-chart-4.10.3
DevFW-CICD:controller-v1.10.3
DevFW-CICD:helm-chart-4.11.1
DevFW-CICD:controller-v1.11.1
DevFW-CICD:helm-chart-4.11.0
DevFW-CICD:controller-v1.11.0
DevFW-CICD:helm-chart-4.10.2
DevFW-CICD:controller-v1.10.2
DevFW-CICD:helm-chart-4.10.1
DevFW-CICD:controller-v1.10.1
DevFW-CICD:helm-chart-4.10.0
DevFW-CICD:controller-v1.10.0
DevFW-CICD:helm-chart-4.7.5
DevFW-CICD:helm-chart-4.9.1
DevFW-CICD:controller-v1.9.6
DevFW-CICD:controller-v1.8.5
DevFW-CICD:helm-chart-4.9.0
DevFW-CICD:controller-v1.9.5
DevFW-CICD:helm-chart-4.8.3
DevFW-CICD:controller-v1.9.4
DevFW-CICD:helm-chart-4.7.3
DevFW-CICD:helm-chart-4.8.2
DevFW-CICD:controller-v1.9.3
DevFW-CICD:controller-v1.8.4
DevFW-CICD:helm-chart-4.8.1
DevFW-CICD:controller-v1.9.1
DevFW-CICD:helm-chart-4.8.0
DevFW-CICD:controller-v1.9.0-beta.0
DevFW-CICD:helm-chart-4.8.0-beta.0
DevFW-CICD:helm-chart-4.7.2
DevFW-CICD:controller-v1.8.2
DevFW-CICD:controller-v1.8.1
DevFW-CICD:helm-chart-4.7.1
DevFW-CICD:controller-v1.9.0
DevFW-CICD:helm-chart-4.7.0
DevFW-CICD:controller-v1.8.0
DevFW-CICD:helm-chart-4.6.1
DevFW-CICD:controller-v1.7.1
DevFW-CICD:helm-chart-4.6.0
DevFW-CICD:controller-v1.7.0
DevFW-CICD:helm-chart-4.5.2
DevFW-CICD:controller-v1.6.4
DevFW-CICD:helm-chart-4.5.0
DevFW-CICD:helm-chart-4.4.2
DevFW-CICD:controller-v1.5.1
DevFW-CICD:helm-chart-4.4.0
DevFW-CICD:helm-chart-4.3.0
DevFW-CICD:controller-v1.4.0
DevFW-CICD:helm-chart-4.2.5
DevFW-CICD:controller-v1.3.1
DevFW-CICD:helm-chart-4.2.4
DevFW-CICD:helm-chart-4.2.3
DevFW-CICD:helm-chart-4.2.2
DevFW-CICD:helm-chart-4.2.1
DevFW-CICD:helm-chart-4.2.0
DevFW-CICD:controller-v1.3.0
DevFW-CICD:helm-chart-4.1.4
DevFW-CICD:helm-chart-4.1.3
DevFW-CICD:controller-v1.2.1
DevFW-CICD:helm-chart-4.1.2
DevFW-CICD:helm-chart-4.1.1
DevFW-CICD:helm-chart-4.1.0
DevFW-CICD:controller-v1.2.0
DevFW-CICD:helm-chart-4.1.0-beta.1
DevFW-CICD:controller-v1.2.0-beta.1
DevFW-CICD:controller-v1.2.0-beta.0
DevFW-CICD:helm-chart-4.1.0-beta.0
DevFW-CICD:helm-chart-3.41.0
DevFW-CICD:controller-v0.51.0
DevFW-CICD:helm-chart-4.0.19
DevFW-CICD:controller-v1.1.3
DevFW-CICD:helm-chart-4.0.18
DevFW-CICD:controller-v1.1.2
DevFW-CICD:helm-chart-4.0.17
DevFW-CICD:helm-chart-4.0.16
DevFW-CICD:helm-chart-4.0.15
DevFW-CICD:controller-v1.1.1
DevFW-CICD:helm-chart-4.0.13
DevFW-CICD:helm-chart-4.0.12
DevFW-CICD:helm-chart-4.0.11
DevFW-CICD:helm-chart-3.40.0
DevFW-CICD:helm-chart-4.0.10
DevFW-CICD:controller-v1.1.0
DevFW-CICD:helm-chart-4.0.9
DevFW-CICD:helm-chart-4.0.8
DevFW-CICD:helm-chart-4.0.7
DevFW-CICD:controller-v1.0.5
DevFW-CICD:helm-chart-4.0.6
DevFW-CICD:controller-v1.0.4
DevFW-CICD:helm-chart-4.0.5
DevFW-CICD:helm-chart-4.0.4
DevFW-CICD:helm-chart-3.39.0
DevFW-CICD:controller-v1.0.3
DevFW-CICD:controller-v0.49.3
DevFW-CICD:helm-chart-4.0.3
DevFW-CICD:controller-v1.0.2
DevFW-CICD:helm-chart-3.38.0
DevFW-CICD:controller-v0.49.2
DevFW-CICD:helm-chart-3.37.0
DevFW-CICD:helm-chart-4.0.2
DevFW-CICD:controller-v1.0.1
DevFW-CICD:controller-v0.49.1
DevFW-CICD:helm-chart-4.0.1
DevFW-CICD:controller-v1.0.0
DevFW-CICD:helm-chart-3.36.0
DevFW-CICD:controller-v0.49.0
DevFW-CICD:helm-chart-4.0.0-beta.3
DevFW-CICD:controller-v1.0.0-beta.3
DevFW-CICD:helm-chart-4.0.0-beta.2
DevFW-CICD:helm-chart-4.0.0
DevFW-CICD:helm-chart-3.35.0
DevFW-CICD:controller-v1.0.0-beta.1
DevFW-CICD:controller-v0.48.1
DevFW-CICD:controller-v1.0.0-alpha.2
DevFW-CICD:helm-chart-3.34.0
DevFW-CICD:controller-v0.47.0
DevFW-CICD:helm-chart-3.33.0
DevFW-CICD:helm-chart-3.32.0
DevFW-CICD:helm-chart-3.31.0
DevFW-CICD:helm-chart-3.30.0
DevFW-CICD:controller-v0.46.0
DevFW-CICD:helm-chart-3.29.0
DevFW-CICD:helm-chart-3.28.0
DevFW-CICD:controller-v0.45.0
DevFW-CICD:helm-chart-3.27.0
DevFW-CICD:helm-chart-3.26.0
DevFW-CICD:helm-chart-3.25.0
DevFW-CICD:helm-chart-3.24.0
DevFW-CICD:controller-v0.44.0
DevFW-CICD:helm-chart-3.23.0
DevFW-CICD:helm-chart-3.22.0
DevFW-CICD:helm-chart-3.21.0
DevFW-CICD:helm-chart-3.20.1
DevFW-CICD:helm-chart-3.20.0
DevFW-CICD:controller-v0.43.0
DevFW-CICD:helm-chart-3.19.0
DevFW-CICD:helm-chart-3.18.0
DevFW-CICD:controller-v0.42.0
DevFW-CICD:helm-chart-3.17.0
DevFW-CICD:helm-chart-3.16.1
DevFW-CICD:helm-chart-3.16.0
DevFW-CICD:ingress-nginx-3.15.2
DevFW-CICD:ingress-nginx-3.15.1
DevFW-CICD:ingress-nginx-3.15.0
DevFW-CICD:ingress-nginx-3.13.0
DevFW-CICD:ingress-nginx-3.12.0
DevFW-CICD:ingress-nginx-3.11.1
DevFW-CICD:ingress-nginx-3.11.0
DevFW-CICD:controller-v0.41.2
DevFW-CICD:ingress-nginx-3.10.1
DevFW-CICD:controller-v0.41.1
DevFW-CICD:ingress-nginx-3.10.0
DevFW-CICD:ingress-nginx-3.9.0
DevFW-CICD:ingress-nginx-3.8.0
DevFW-CICD:controller-v0.41.0
DevFW-CICD:ingress-nginx-3.7.1
DevFW-CICD:ingress-nginx-3.7.0
DevFW-CICD:ingress-nginx-3.6.0
DevFW-CICD:ingress-nginx-3.5.1
DevFW-CICD:ingress-nginx-3.5.0
DevFW-CICD:ingress-nginx-3.4.1
DevFW-CICD:controller-v0.40.2
DevFW-CICD:ingress-nginx-3.4.0
DevFW-CICD:controller-v0.40.1
DevFW-CICD:ingress-nginx-3.3.1
DevFW-CICD:controller-v0.40.0
DevFW-CICD:ingress-nginx-3.3.0
DevFW-CICD:ingress-nginx-3.2.0
DevFW-CICD:ingress-nginx-3.1.0
DevFW-CICD:ingress-nginx-3.0.0
DevFW-CICD:ingress-nginx-2.16.0
DevFW-CICD:ingress-nginx-2.15.0
DevFW-CICD:ingress-nginx-2.14.0
DevFW-CICD:ingress-nginx-2.13.0
DevFW-CICD:controller-v0.35.0
DevFW-CICD:ingress-nginx-2.12.1
DevFW-CICD:ingress-nginx-2.12.0
DevFW-CICD:ingress-nginx-2.11.3
DevFW-CICD:ingress-nginx-2.11.2
DevFW-CICD:controller-v0.34.1
DevFW-CICD:ingress-nginx-2.11.1
DevFW-CICD:ingress-nginx-2.11.0
DevFW-CICD:controller-v0.34.0
DevFW-CICD:ingress-nginx-2.10.0
DevFW-CICD:ingress-nginx-2.9.1
DevFW-CICD:ingress-nginx-2.9.0
DevFW-CICD:ingress-nginx-2.8.0
DevFW-CICD:ingress-nginx-2.7.1
DevFW-CICD:ingress-nginx-2.7.0
DevFW-CICD:ingress-nginx-2.6.0
DevFW-CICD:ingress-nginx-2.5.0
DevFW-CICD:ingress-nginx-2.4.0
DevFW-CICD:ingress-nginx-2.3.0
DevFW-CICD:ingress-nginx-2.2.0
DevFW-CICD:ingress-nginx-2.1.0
DevFW-CICD:ingress-nginx-2.0.3
DevFW-CICD:ingress-nginx-2.0.2
DevFW-CICD:ingress-nginx-2.0.1
DevFW-CICD:ingress-nginx-2.0.0
..
compare: DevFW-CICD:controller-v0.35.0
Branches Tags
DevFW-CICD:release-1.11
DevFW-CICD:release-1.12
DevFW-CICD:main
DevFW-CICD:gh-pages
DevFW-CICD:helm-chart-4.12.1-depends
DevFW-CICD:helm-chart-4.12.1
DevFW-CICD:helm-chart-4.12.0
DevFW-CICD:controller-v1.12.0
DevFW-CICD:helm-chart-4.11.4
DevFW-CICD:controller-v1.11.4
DevFW-CICD:helm-chart-4.10.6
DevFW-CICD:controller-v1.10.6
DevFW-CICD:helm-chart-4.12.0-beta.0
DevFW-CICD:controller-v1.12.0-beta.0
DevFW-CICD:helm-chart-4.11.3
DevFW-CICD:controller-v1.11.3
DevFW-CICD:helm-chart-4.10.5
DevFW-CICD:controller-v1.10.5
DevFW-CICD:helm-chart-4.10.4
DevFW-CICD:controller-v1.10.4
DevFW-CICD:helm-chart-4.11.2
DevFW-CICD:controller-v1.11.2
DevFW-CICD:helm-chart-4.10.3
DevFW-CICD:controller-v1.10.3
DevFW-CICD:helm-chart-4.11.1
DevFW-CICD:controller-v1.11.1
DevFW-CICD:helm-chart-4.11.0
DevFW-CICD:controller-v1.11.0
DevFW-CICD:helm-chart-4.10.2
DevFW-CICD:controller-v1.10.2
DevFW-CICD:helm-chart-4.10.1
DevFW-CICD:controller-v1.10.1
DevFW-CICD:helm-chart-4.10.0
DevFW-CICD:controller-v1.10.0
DevFW-CICD:helm-chart-4.7.5
DevFW-CICD:helm-chart-4.9.1
DevFW-CICD:controller-v1.9.6
DevFW-CICD:controller-v1.8.5
DevFW-CICD:helm-chart-4.9.0
DevFW-CICD:controller-v1.9.5
DevFW-CICD:helm-chart-4.8.3
DevFW-CICD:controller-v1.9.4
DevFW-CICD:helm-chart-4.7.3
DevFW-CICD:helm-chart-4.8.2
DevFW-CICD:controller-v1.9.3
DevFW-CICD:controller-v1.8.4
DevFW-CICD:helm-chart-4.8.1
DevFW-CICD:controller-v1.9.1
DevFW-CICD:helm-chart-4.8.0
DevFW-CICD:controller-v1.9.0-beta.0
DevFW-CICD:helm-chart-4.8.0-beta.0
DevFW-CICD:helm-chart-4.7.2
DevFW-CICD:controller-v1.8.2
DevFW-CICD:controller-v1.8.1
DevFW-CICD:helm-chart-4.7.1
DevFW-CICD:controller-v1.9.0
DevFW-CICD:helm-chart-4.7.0
DevFW-CICD:controller-v1.8.0
DevFW-CICD:helm-chart-4.6.1
DevFW-CICD:controller-v1.7.1
DevFW-CICD:helm-chart-4.6.0
DevFW-CICD:controller-v1.7.0
DevFW-CICD:helm-chart-4.5.2
DevFW-CICD:controller-v1.6.4
DevFW-CICD:helm-chart-4.5.0
DevFW-CICD:helm-chart-4.4.2
DevFW-CICD:controller-v1.5.1
DevFW-CICD:helm-chart-4.4.0
DevFW-CICD:helm-chart-4.3.0
DevFW-CICD:controller-v1.4.0
DevFW-CICD:helm-chart-4.2.5
DevFW-CICD:controller-v1.3.1
DevFW-CICD:helm-chart-4.2.4
DevFW-CICD:helm-chart-4.2.3
DevFW-CICD:helm-chart-4.2.2
DevFW-CICD:helm-chart-4.2.1
DevFW-CICD:helm-chart-4.2.0
DevFW-CICD:controller-v1.3.0
DevFW-CICD:helm-chart-4.1.4
DevFW-CICD:helm-chart-4.1.3
DevFW-CICD:controller-v1.2.1
DevFW-CICD:helm-chart-4.1.2
DevFW-CICD:helm-chart-4.1.1
DevFW-CICD:helm-chart-4.1.0
DevFW-CICD:controller-v1.2.0
DevFW-CICD:helm-chart-4.1.0-beta.1
DevFW-CICD:controller-v1.2.0-beta.1
DevFW-CICD:controller-v1.2.0-beta.0
DevFW-CICD:helm-chart-4.1.0-beta.0
DevFW-CICD:helm-chart-3.41.0
DevFW-CICD:controller-v0.51.0
DevFW-CICD:helm-chart-4.0.19
DevFW-CICD:controller-v1.1.3
DevFW-CICD:helm-chart-4.0.18
DevFW-CICD:controller-v1.1.2
DevFW-CICD:helm-chart-4.0.17
DevFW-CICD:helm-chart-4.0.16
DevFW-CICD:helm-chart-4.0.15
DevFW-CICD:controller-v1.1.1
DevFW-CICD:helm-chart-4.0.13
DevFW-CICD:helm-chart-4.0.12
DevFW-CICD:helm-chart-4.0.11
DevFW-CICD:helm-chart-3.40.0
DevFW-CICD:helm-chart-4.0.10
DevFW-CICD:controller-v1.1.0
DevFW-CICD:helm-chart-4.0.9
DevFW-CICD:helm-chart-4.0.8
DevFW-CICD:helm-chart-4.0.7
DevFW-CICD:controller-v1.0.5
DevFW-CICD:helm-chart-4.0.6
DevFW-CICD:controller-v1.0.4
DevFW-CICD:helm-chart-4.0.5
DevFW-CICD:helm-chart-4.0.4
DevFW-CICD:helm-chart-3.39.0
DevFW-CICD:controller-v1.0.3
DevFW-CICD:controller-v0.49.3
DevFW-CICD:helm-chart-4.0.3
DevFW-CICD:controller-v1.0.2
DevFW-CICD:helm-chart-3.38.0
DevFW-CICD:controller-v0.49.2
DevFW-CICD:helm-chart-3.37.0
DevFW-CICD:helm-chart-4.0.2
DevFW-CICD:controller-v1.0.1
DevFW-CICD:controller-v0.49.1
DevFW-CICD:helm-chart-4.0.1
DevFW-CICD:controller-v1.0.0
DevFW-CICD:helm-chart-3.36.0
DevFW-CICD:controller-v0.49.0
DevFW-CICD:helm-chart-4.0.0-beta.3
DevFW-CICD:controller-v1.0.0-beta.3
DevFW-CICD:helm-chart-4.0.0-beta.2
DevFW-CICD:helm-chart-4.0.0
DevFW-CICD:helm-chart-3.35.0
DevFW-CICD:controller-v1.0.0-beta.1
DevFW-CICD:controller-v0.48.1
DevFW-CICD:controller-v1.0.0-alpha.2
DevFW-CICD:helm-chart-3.34.0
DevFW-CICD:controller-v0.47.0
DevFW-CICD:helm-chart-3.33.0
DevFW-CICD:helm-chart-3.32.0
DevFW-CICD:helm-chart-3.31.0
DevFW-CICD:helm-chart-3.30.0
DevFW-CICD:controller-v0.46.0
DevFW-CICD:helm-chart-3.29.0
DevFW-CICD:helm-chart-3.28.0
DevFW-CICD:controller-v0.45.0
DevFW-CICD:helm-chart-3.27.0
DevFW-CICD:helm-chart-3.26.0
DevFW-CICD:helm-chart-3.25.0
DevFW-CICD:helm-chart-3.24.0
DevFW-CICD:controller-v0.44.0
DevFW-CICD:helm-chart-3.23.0
DevFW-CICD:helm-chart-3.22.0
DevFW-CICD:helm-chart-3.21.0
DevFW-CICD:helm-chart-3.20.1
DevFW-CICD:helm-chart-3.20.0
DevFW-CICD:controller-v0.43.0
DevFW-CICD:helm-chart-3.19.0
DevFW-CICD:helm-chart-3.18.0
DevFW-CICD:controller-v0.42.0
DevFW-CICD:helm-chart-3.17.0
DevFW-CICD:helm-chart-3.16.1
DevFW-CICD:helm-chart-3.16.0
DevFW-CICD:ingress-nginx-3.15.2
DevFW-CICD:ingress-nginx-3.15.1
DevFW-CICD:ingress-nginx-3.15.0
DevFW-CICD:ingress-nginx-3.13.0
DevFW-CICD:ingress-nginx-3.12.0
DevFW-CICD:ingress-nginx-3.11.1
DevFW-CICD:ingress-nginx-3.11.0
DevFW-CICD:controller-v0.41.2
DevFW-CICD:ingress-nginx-3.10.1
DevFW-CICD:controller-v0.41.1
DevFW-CICD:ingress-nginx-3.10.0
DevFW-CICD:ingress-nginx-3.9.0
DevFW-CICD:ingress-nginx-3.8.0
DevFW-CICD:controller-v0.41.0
DevFW-CICD:ingress-nginx-3.7.1
DevFW-CICD:ingress-nginx-3.7.0
DevFW-CICD:ingress-nginx-3.6.0
DevFW-CICD:ingress-nginx-3.5.1
DevFW-CICD:ingress-nginx-3.5.0
DevFW-CICD:ingress-nginx-3.4.1
DevFW-CICD:controller-v0.40.2
DevFW-CICD:ingress-nginx-3.4.0
DevFW-CICD:controller-v0.40.1
DevFW-CICD:ingress-nginx-3.3.1
DevFW-CICD:controller-v0.40.0
DevFW-CICD:ingress-nginx-3.3.0
DevFW-CICD:ingress-nginx-3.2.0
DevFW-CICD:ingress-nginx-3.1.0
DevFW-CICD:ingress-nginx-3.0.0
DevFW-CICD:ingress-nginx-2.16.0
DevFW-CICD:ingress-nginx-2.15.0
DevFW-CICD:ingress-nginx-2.14.0
DevFW-CICD:ingress-nginx-2.13.0
DevFW-CICD:controller-v0.35.0
DevFW-CICD:ingress-nginx-2.12.1
DevFW-CICD:ingress-nginx-2.12.0
DevFW-CICD:ingress-nginx-2.11.3
DevFW-CICD:ingress-nginx-2.11.2
DevFW-CICD:controller-v0.34.1
DevFW-CICD:ingress-nginx-2.11.1
DevFW-CICD:ingress-nginx-2.11.0
DevFW-CICD:controller-v0.34.0
DevFW-CICD:ingress-nginx-2.10.0
DevFW-CICD:ingress-nginx-2.9.1
DevFW-CICD:ingress-nginx-2.9.0
DevFW-CICD:ingress-nginx-2.8.0
DevFW-CICD:ingress-nginx-2.7.1
DevFW-CICD:ingress-nginx-2.7.0
DevFW-CICD:ingress-nginx-2.6.0
DevFW-CICD:ingress-nginx-2.5.0
DevFW-CICD:ingress-nginx-2.4.0
DevFW-CICD:ingress-nginx-2.3.0
DevFW-CICD:ingress-nginx-2.2.0
DevFW-CICD:ingress-nginx-2.1.0
DevFW-CICD:ingress-nginx-2.0.3
DevFW-CICD:ingress-nginx-2.0.2
DevFW-CICD:ingress-nginx-2.0.1
DevFW-CICD:ingress-nginx-2.0.0

No commits in common. "main" and "controller-v0.35.0" have entirely different histories.
main ... controller

1088 changed files with 80237 additions and 130713 deletions
Show stats Expand all files Collapse all files

8
.codecov.yml Normal file
View file

@ -0,0 +1,8 @@
coverage:
status:
project:
default:
target: 40%
threshold: null
patch: false
changes: false

82
.github/ISSUE_TEMPLATE/bug_report.md vendored
View file

@ -10,8 +10,7 @@ assignees: ''
<!--
Welcome to ingress-nginx! For a smooth issue process, try to answer the following questions.
Don't worry if they're not all applicable; just try to include what you can :-).
More info helps better understanding of the issue (needless to say).
Don't worry if they're not all applicable; just try to include what you can :-)
If you need to include code snippets or logs, please put them in fenced code
blocks. If they're super-long, please use the details tag like
@ -28,22 +27,7 @@ This questions are the first thing we need to know to understand the context.
-->
**What happened**:
<!-- (please include exact error messages if you can) -->
**What you expected to happen**:
<!-- What do you think went wrong? -->
**NGINX Ingress controller version** (exec into the pod and run `/nginx-ingress-controller --version`):
<!--
POD_NAMESPACE=ingress-nginx
POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
-->
**NGINX Ingress controller version**:
**Kubernetes version** (use `kubectl version`):
@ -53,36 +37,17 @@ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --vers
- **OS** (e.g. from /etc/os-release):
- **Kernel** (e.g. `uname -a`):
- **Install tools**:
- `Please mention how/where was the cluster created like kubeadm/kops/minikube/kind etc. `
- **Basic cluster related info**:
- `kubectl version`
- `kubectl get nodes -o wide`
- **How was the ingress-nginx-controller installed**:
- If helm was used then please show output of `helm ls -A | grep -i ingress`
- If helm was used then please show output of `helm -n <ingresscontrollernamespace> get values <helmreleasename>`
- If helm was not used, then copy/paste the complete precise command used to install the controller, along with the flags and options used
- if you have more than one instance of the ingress-nginx-controller installed in the same cluster, please provide details for all the instances
- **Current State of the controller**:
- `kubectl describe ingressclasses`
- `kubectl -n <ingresscontrollernamespace> get all -A -o wide`
- `kubectl -n <ingresscontrollernamespace> describe po <ingresscontrollerpodname>`
- `kubectl -n <ingresscontrollernamespace> describe svc <ingresscontrollerservicename>`
- **Current state of ingress object, if applicable**:
- `kubectl -n <appnamespace> get all,ing -o wide`
- `kubectl -n <appnamespace> describe ing <ingressname>`
- If applicable, then, your complete and exact curl/grpcurl command (redacted if required) and the reponse to the curl/grpcurl command with the -v flag
- **Others**:
- Any other related information like ;
- copy/paste of the snippet (if applicable)
- `kubectl describe ...` of any custom configmap(s) created and in use
- Any other related information that may help
**What happened**:
**How to reproduce this issue**:
<!-- (please include exact error messages if you can) -->
**What you expected to happen**:
<!-- What do you think went wrong? -->
**How to reproduce it**:
<!---
As minimally and precisely as possible. Keep in mind we do not have access to your cluster or application.
@ -95,34 +60,28 @@ Help up us (if possible) reproducing the issue using minikube or kind.
## Install the ingress controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/deploy.yaml
## Install an application that will act as default backend (is just an echo app)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/http-svc.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/http-svc.yaml
## Create an ingress (please add any additional annotation required)
echo "
apiVersion: networking.k8s.io/v1
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: foo-bar
annotations:
kubernetes.io/ingress.class: nginx
spec:
ingressClassName: nginx # omit this if you're on controller version below 1.0.0
rules:
- host: foo.bar
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: http-svc
port:
number: 80
- backend:
serviceName: http-svc
servicePort: 80
path: /
" | kubectl apply -f -
## make a request
@ -134,9 +93,6 @@ kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: foo.bar' localhost
**Anything else we need to know**:
<!-- If this is actually about documentation, uncomment the following block -->
<!-- If this is actually about documentation, add `/kind documentation` below -->
<!--
/kind documentation
/remove-kind bug
-->
/kind bug

4
.github/ISSUE_TEMPLATE/config.yml vendored
View file

@ -1,4 +0,0 @@
contact_links:
- name: Support Request/Question
url: https://kubernetes.slack.com/messages/ingress-nginx/
about: Support request or question relating to Ingress NGINX in Kubernetes Slack

20
.github/ISSUE_TEMPLATE/cve_report.md vendored
View file

@ -1,20 +0,0 @@
---
name: CVE Finding Report
about: CVE reporting for ingress-nginx
title: ''
labels: kind/bug
assignees:
- Gacko
- strongjz
---
<!-- if you found something that impacts directly ingress-nginx and
is not a public CVE yet, please reach out security@kubernetes.io" -->
<!-- What scanner and version reported the CVE? -->
<!-- What CVE was reported in the scanner findings? -->
<!-- What versions of the controller did you test with? -->
<!-- Please provider other details that will help us determine the severity of the issue -->

19
.github/ISSUE_TEMPLATE/feature_request.md vendored
View file

@ -7,15 +7,24 @@ assignees: ''
---
<!--
Welcome to ingress-nginx! For a smooth feature request process, try to
answer the following questions. Don't worry if they're not all applicable; just
try to include what you can :-)
If you need to include code snippets or logs, please put them in fenced code
blocks. If they're super-long, please use the details tag like
<details><summary>super-long log</summary> lots of stuff </details>
-->
<!-- What do you want to happen? -->
<!-- Is there currently another issue associated with this? -->
<!-- Does it require a particular kubernetes version? -->
<!-- If this is actually about documentation, uncomment the following block -->
<!-- If this is actually about documentation, add `/kind documentation` below -->
<!--
/kind documentation
/remove-kind feature
-->
/kind feature

37
.github/ISSUE_TEMPLATE/support-question.md vendored Normal file
View file

@ -0,0 +1,37 @@
---
name: Question
about: Any questions you might have.
title: ''
labels: triage/support
assignees: ''
---
<!--
Welcome to ingress-nginx!
You probably didn't want to be one this page. It shouldn't really be here anyway.
* If you want a quick response to a question, ask on the Kubernetes Slack instance in #ingress-nginx.
* If this is actually a bug or a feature request, file one of those. If you're
not sure which, just take a guess and we can always re-label.
* If you think this might turn into a bug or feature request, but you're not
sure, try asking in Slack first.
-->
<!--
Still here? Double-check that this hasn't been asked before, then put your question below
with as many details as possible.
If you need to include code snippets or logs, please put them in fenced code
blocks. If they're super-long, please use the details tag like
<details><summary>super-long log</summary> lots of stuff </details>
-->
/triage support

7
.github/PULL_REQUEST_TEMPLATE.md vendored
View file

@ -1,6 +1,5 @@
<!--- Provide a general summary of your changes in the Title above --->
<!--- Please don't @-mention people in PR or commit messages (do so in an additional comment). --->
<!--- Please make sure you title is descriptive, it is used in the Release notes to let others know what it does --->
## What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? -->
@ -10,9 +9,7 @@
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] CVE Report (Scanner found CVE and adding report)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [ ] Documentation only
## Which issue/s this PR fixes
<!--
@ -31,6 +28,6 @@ fixes #
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [ ] My change requires a change to the documentation.
- [ ] I have updated the documentation accordingly.
- [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide
- [ ] I have added unit and/or e2e tests to cover my changes.
- [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/master/CONTRIBUTING.md) guide
- [ ] I have added tests to cover my changes.
- [ ] All new and existing tests passed.

2
.github/actions/mkdocs/Dockerfile vendored
View file

@ -1,4 +1,4 @@
FROM squidfunk/mkdocs-material:9.4.5
FROM squidfunk/mkdocs-material:5.2.3
COPY action.sh /action.sh

2
.github/actions/mkdocs/action.sh vendored
View file

@ -16,7 +16,7 @@
set -e
REQUIREMENTS="${GITHUB_WORKSPACE}/docs/requirements.txt"
REQUIREMENTS="${GITHUB_WORKSPACE}/requirements.txt"
if [ -f "${REQUIREMENTS}" ]; then
pip install -r "${REQUIREMENTS}"

43
.github/dependabot.yml vendored
View file

@ -1,43 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
groups:
actions:
update-types:
- "minor"
- "patch"
- package-ecosystem: "docker"
directories:
- "**/rootfs"
schedule:
interval: "weekly"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
groups:
docker:
update-types:
- "minor"
- "patch"
- package-ecosystem: "gomod"
directories:
- "/"
- "**/rootfs"
schedule:
interval: "weekly"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
groups:
go:
update-types:
- "patch"

64
.github/workflows/chart.yaml vendored
View file

@ -1,64 +0,0 @@
name: Chart
on:
push:
branches:
- main
- release-*
paths:
- charts/ingress-nginx/Chart.yaml
workflow_dispatch:
permissions:
contents: read
jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.x
- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
- name: Set up Helm Chart Testing
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
- name: Set up Artifact Hub
run: |
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.20.0/ah_1.20.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
echo "9027626f19ff9f3ac668f222917130ac885e289e922e1428bfd2e7f066324e31 /tmp/ah.tar.gz" | shasum --check
sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
- name: Set up Git
run: |
git config --global user.name "${GITHUB_ACTOR}"
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Lint chart
run: |
ct lint --config .ct.yaml
ah lint --path charts/ingress-nginx
- name: Release chart
uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
env:
CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Version }}
CR_SKIP_EXISTING: true
with:
charts_dir: charts

304
.github/workflows/ci.yaml vendored
View file

@ -4,52 +4,25 @@ on:
pull_request:
branches:
- "*"
paths-ignore:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
- '!images/nginx/**'
push:
branches:
- main
- release-*
paths-ignore:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
workflow_dispatch:
inputs:
run_e2e:
description: 'Force e2e to run'
required: false
type: boolean
permissions:
contents: read
- master
jobs:
changes:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
outputs:
go: ${{ steps.filter.outputs.go }}
charts: ${{ steps.filter.outputs.charts }}
baseimage: ${{ steps.filter.outputs.baseimage }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@v1
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
- uses: dorny/paths-filter@v2.2.0
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -61,128 +34,45 @@ jobs:
- 'rootfs/**/*'
- 'TAG'
- 'test/e2e/**/*'
- 'NGINX_BASE'
charts:
- 'charts/ingress-nginx/Chart.yaml'
- 'charts/ingress-nginx/**/*'
- 'NGINX_BASE'
baseimage:
- 'NGINX_BASE'
- 'images/nginx/**'
docs:
- '**/*.md'
lua:
- '**/*.lua'
lua-lint:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.lua == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Lint Lua
uses: lunarmodules/luacheck@v1
with:
args: --codes --globals lua_ingress --globals configuration --globals balancer --globals monitor --globals certificate --globals tcp_udp_configuration --globals tcp_udp_balancer --no-max-comment-line-length -q rootfs/etc/nginx/lua/
test-go:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: Run test
run: make test
verify-docs:
name: Verify Doc generation
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: Verify Docs
run: make verify-docs
- 'charts/ingress-nginx/*'
build:
name: Build
runs-on: ubuntu-latest
needs: changes
outputs:
golangversion: ${{ steps.golangversion.outputs.version }}
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
if: ${{ needs.changes.outputs.go == 'true' }}
env:
PLATFORMS: linux/amd64
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@v1
- name: Get go version
id: golangversion
run: |
echo "version=$(cat GOLANG_VERSION)" >> "$GITHUB_OUTPUT"
- name: Set up Go
- name: Set up Go 1.15
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
uses: actions/setup-go@v1
with:
go-version: ${{ steps.golangversion.outputs.version }}
check-latest: true
- name: Set up QEMU
uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
go-version: 1.15
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
uses: crazy-max/ghaction-docker-buildx@v1
with:
version: latest
buildx-version: latest
qemu-version: latest
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Prepare Host
run: |
curl -LO https://dl.k8s.io/release/v1.32.2/bin/linux/amd64/kubectl
sudo apt-get -qq update || true
sudo apt-get install -y pigz
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
- name: Build NGINX Base image
if: |
needs.changes.outputs.baseimage == 'true'
run: |
export TAG=$(cat images/nginx/TAG)
cd images/nginx/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx:${TAG} .
- name: Build images
env:
TAG: 1.0.0-dev
@ -190,133 +80,109 @@ jobs:
REGISTRY: ingress-controller
run: |
echo "building images..."
export TAGNGINX=$(cat images/nginx/TAG)
make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx:${TAGNGINX} clean-image build image image-chroot
make clean-image build image
make -C test/e2e-image image
echo "creating images cache..."
docker save \
nginx-ingress-controller:e2e \
ingress-controller/controller:1.0.0-dev \
ingress-controller/controller-chroot:1.0.0-dev \
| gzip > docker.tar.gz
| pigz > docker.tar.gz
- name: cache
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
uses: actions/upload-artifact@v2
with:
name: docker.tar.gz
path: docker.tar.gz
retention-days: 5
chart-lint:
name: Chart / Lint
helm:
name: Helm chart
runs-on: ubuntu-latest
needs:
- changes
if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e)
if: ${{ needs.changes.outputs.charts == 'true' }}
steps:
- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.x
- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
- name: Checkout
uses: actions/checkout@v1
- name: Set up Helm Chart Testing
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
- name: Set up Artifact Hub
- name: Lint
run: |
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.20.0/ah_1.20.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
echo "9027626f19ff9f3ac668f222917130ac885e289e922e1428bfd2e7f066324e31 /tmp/ah.tar.gz" | shasum --check
sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
./build/run-in-docker.sh ./hack/verify-chart-lint.sh
- name: Set up Helm Docs
uses: gabe565/setup-helm-docs-action@d5c35bdc9133cfbea3b671acadf50a29029e87c2 # v1.0.4
- name: Set up Helm Unit Test
run: helm plugin install https://github.com/helm-unittest/helm-unittest
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Lint chart
- name: fix permissions
run: |
ct lint --config .ct.yaml
ah lint --path charts/ingress-nginx
sudo mkdir -p $HOME/.kube
sudo chmod -R 777 $HOME/.kube
- name: Check docs
run: |
helm-docs --chart-search-root charts
git diff --exit-code charts/ingress-nginx/README.md
- name: Run tests
run: helm unittest charts/ingress-nginx --file "tests/**/*_test.yaml"
chart-test:
name: Chart / Test
runs-on: ubuntu-latest
needs:
- changes
- build
- chart-lint
if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e)
strategy:
matrix:
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download cache
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- name: Create Kubernetes cluster
id: kind
uses: engineerd/setup-kind@v0.4.0
with:
name: docker.tar.gz
version: v0.8.1
image: kindest/node:v1.18.4
- name: Load cache
run: gzip --decompress --stdout docker.tar.gz | docker load
- name: Run tests
- name: Test
env:
K8S_VERSION: ${{ matrix.k8s }}
SKIP_IMAGE_CREATION: true
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
run: |
sudo mkdir -pm 777 "${HOME}/.kube"
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-chart-tests
kubernetes:
name: Kubernetes
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
if: ${{ needs.changes.outputs.go == 'true' }}
strategy:
matrix:
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
k8s: [v1.14.10, v1.15.11, v1.16.9, v1.17.5, v1.18.4]
kubernetes-chroot:
name: Kubernetes chroot
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
variation: "CHROOT"
steps:
- name: Checkout
uses: actions/checkout@v1
- name: cache
uses: actions/download-artifact@v2
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
uses: engineerd/setup-kind@v0.4.0
with:
version: v0.8.1
config: test/e2e/kind.yaml
image: kindest/node:${{ matrix.k8s }}
- uses: geekyeggo/delete-artifact@v1
with:
name: docker.tar.gz
failOnError: false
- name: Prepare cluster for testing
id: local-path
run: |
kubectl version
echo
echo "installing helm 3..."
curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
- name: Load images from cache
run: |
echo "loading docker images..."
pigz -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test

14
.github/workflows/depreview.yaml vendored
View file

@ -1,14 +0,0 @@
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: 'Dependency Review'
uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

55
.github/workflows/docs.yaml vendored
View file

@ -1,55 +0,0 @@
name: Documentation
on:
push:
branches:
- main
permissions:
contents: read
jobs:
changes:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
if: |
(github.repository == 'kubernetes/ingress-nginx')
outputs:
docs: ${{ steps.filter.outputs.docs }}
charts: ${{ steps.filter.outputs.charts }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
docs:
- 'docs/**/*'
docs:
name: Update
runs-on: ubuntu-latest
needs:
- changes
if: |
(github.repository == 'kubernetes/ingress-nginx') &&
(needs.changes.outputs.docs == 'true')
permissions:
contents: write # needed to write releases
steps:
- name: Checkout master
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Deploy
uses: ./.github/actions/mkdocs
env:
PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

34
.github/workflows/golangci-lint.yml vendored
View file

@ -1,34 +0,0 @@
name: golangci-lint
on:
pull_request:
paths:
- '**/*.go'
- '.github/workflows/golangci-lint.yml'
permissions:
contents: read
jobs:
golangci:
name: lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: golangci-lint
uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0
with:
version: v1.62
only-new-issues: true

192
.github/workflows/images.yaml vendored
View file

@ -1,192 +0,0 @@
name: Container Images
on:
pull_request:
branches:
- "*"
paths:
- 'images/**'
push:
branches:
- main
paths:
- 'images/**'
permissions:
contents: write
packages: write
env:
PLATFORMS: linux/amd64
jobs:
changes:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
outputs:
custom-error-pages: ${{ steps.filter.outputs.custom-error-pages }}
cfssl: ${{ steps.filter.outputs.cfssl }}
fastcgi-helloserver: ${{ steps.filter.outputs.fastcgi-helloserver }}
e2e-test-echo: ${{ steps.filter.outputs.e2e-test-echo }}
go-grpc-greeter-server: ${{ steps.filter.outputs.go-grpc-greeter-server }}
httpbun: ${{ steps.filter.outputs.httpbun }}
kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }}
ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }}
nginx: ${{ steps.filter.outputs.nginx }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
custom-error-pages:
- 'images/custom-error-pages/**'
cfssl:
- 'images/cfssl/**'
fastcgi-helloserver:
- 'images/fastcgi-helloserver/**'
e2e-test-echo:
- 'images/e2e-test-echo/**'
go-grpc-greeter-server:
- 'images/go-grpc-greeter-server/**'
httpbun:
- 'images/httpbun/**'
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
ext-auth-example-authsvc:
- 'images/ext-auth-example-authsvc/**'
nginx:
- 'images/nginx/**'
#### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here)
cfssl:
needs: changes
if: |
(needs.changes.outputs.cfssl == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: cfssl
secrets: inherit
custom-error-pages:
needs: changes
if: |
(needs.changes.outputs.custom-error-pages == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: custom-error-pages
secrets: inherit
e2e-test-echo:
needs: changes
if: |
(needs.changes.outputs.e2e-test-echo == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: e2e-test-echo
secrets: inherit
ext-auth-example-authsvc:
needs: changes
if: |
(needs.changes.outputs.ext-auth-example-authsvc == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: ext-auth-example-authsvc
secrets: inherit
fastcgi-helloserver:
needs: changes
if: |
(needs.changes.outputs.fastcgi-helloserver == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: fastcgi-helloserver
secrets: inherit
go-grpc-greeter-server:
needs: changes
if: |
(needs.changes.outputs.go-grpc-greeter-server == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: go-grpc-greeter-server
secrets: inherit
httpbun:
needs: changes
if: |
(needs.changes.outputs.httpbun == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: httpbun
secrets: inherit
kube-webhook-certgen:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.kube-webhook-certgen == 'true')
strategy:
matrix:
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: image build
run: |
cd images/ && make NAME=kube-webhook-certgen build
- name: Create Kubernetes cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: image test
run: |
cd images/ && make NAME=kube-webhook-certgen test test-e2e
nginx:
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
needs: changes
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx == 'true')
env:
PLATFORMS: linux/amd64,linux/arm,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up QEMU
uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
with:
version: latest
platforms: ${{ env.PLATFORMS }}
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: build-image
run: |
export TAG=$(cat images/nginx/TAG)
cd images/nginx/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx:${TAG} .

22
.github/workflows/junit-reports.yaml vendored
View file

@ -1,22 +0,0 @@
name: 'E2E Test Report'
on:
workflow_run:
workflows: ['CI'] # runs after CI workflow
types:
- completed
permissions:
checks: write
jobs:
report:
runs-on: ubuntu-latest
steps:
- uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
with:
artifact: /e2e-test-reports-(.*)/
name: JEST Tests $1 # Name of the check run which will be created
path: 'report*.xml' # Path to test results (inside artifact .zip)
reporter: jest-junit # Format of test results
fail-on-empty: 'true'

68
.github/workflows/main.yaml vendored Normal file
View file

@ -0,0 +1,68 @@
name: Documentation and Helm chart
on:
push:
branches:
- master
jobs:
changes:
runs-on: ubuntu-latest
outputs:
docs: ${{ steps.filter.outputs.docs }}
charts: ${{ steps.filter.outputs.charts }}
steps:
- name: Checkout
uses: actions/checkout@v1
- uses: dorny/paths-filter@v2.2.0
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
docs:
- 'docs/**/*'
charts:
- 'charts/ingress-nginx/Chart.yaml'
docs:
name: Update Documentation
runs-on: ubuntu-latest
needs:
- changes
if: ${{ needs.changes.outputs.docs == 'true' }}
steps:
- name: Checkout master
uses: actions/checkout@v1
- name: Deploy docs
uses: ./.github/actions/mkdocs
env:
PERSONAL_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
chart:
name: Release Chart
runs-on: ubuntu-latest
needs:
- changes
if: ${{ needs.changes.outputs.charts == 'true' }}
steps:
- name: Checkout master
uses: actions/checkout@v1
- name: Setup
shell: bash
run: |
git config --global user.name "$GITHUB_ACTOR"
git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Run chart-releaser
uses: helm/chart-releaser-action@v1.0.0-rc.2
env:
CR_TOKEN: "${{ secrets.PERSONAL_TOKEN }}"

72
.github/workflows/perftest.yaml vendored
View file

@ -1,72 +0,0 @@
name: Performance Test
on:
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
tags:
description: 'K6 Load Test'
permissions:
contents: read
jobs:
k6_test_run:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install K6
run: |
wget https://github.com/grafana/k6/releases/download/v0.38.2/k6-v0.38.2-linux-amd64.tar.gz
echo '7c9e5a26aaa2c638c042f6dfda7416161b8d2e0d4cb930721a38083b8be109ab *k6-v0.38.2-linux-amd64.tar.gz' | shasum -c
tar -xvf k6-v0.38.2-linux-amd64.tar.gz k6-v0.38.2-linux-amd64/k6
mv k6-v0.38.2-linux-amd64/k6 .
./k6
- name: Make dev-env
run: |
mkdir $HOME/.kube
make dev-env
podName=`kubectl -n ingress-nginx get po | grep -i controller | awk '{print $1}'`
if [[ -z ${podName} ]] ; then
sleep 5
fi
kubectl wait pod -n ingress-nginx --for condition=Ready $podName
kubectl get all -A
- name: Deploy workload
run: |
kubectl create deploy k6 --image kennethreitz/httpbin --port 80 && \
kubectl expose deploy k6 --port 80 && \
kubectl create ing k6 --class nginx \
--rule test.ingress-nginx-controller.ga/*=k6:80
podName=`kubectl get po | grep -i k6 | awk '{print $1}'`
if [[ -z ${podName} ]] ; then
sleep 5
fi
kubectl wait pod --for condition=Ready $podName
kubectl get all,secrets,ing
- name: Tune OS
run : |
sudo sysctl -A 2>/dev/null | egrep -i "local_port_range|tw_reuse|tcp_timestamps"
sudo sh -c "ulimit"
sudo sysctl -w net.ipv4.ip_local_port_range="1024 65535"
sudo sysctl -w net.ipv4.tcp_tw_reuse=1
sudo sysctl -w net.ipv4.tcp_timestamps=1
sudo sh -c "ulimit "
- name: Run smoke test
run: |
vmstat -at 5 | tee vmstat_report &
#./k6 login cloud -t $K6_TOKEN
#./k6 run -o cloud ./smoketest.js
./k6 run test/k6/smoketest.js
pkill vmstat
cat vmstat_report

50
.github/workflows/plugin.yaml vendored
View file

@ -1,50 +0,0 @@
name: kubectl plugin
on:
release:
types: [published]
permissions:
contents: write # for goreleaser/goreleaser-action
jobs:
release-plugin:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: Run GoReleaser Snapshot
if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
with:
version: "~> v2"
args: release --snapshot --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
with:
version: "~> v2"
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update new version in krew-index
if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: rajatjindal/krew-release-bot@3d9faef30a82761d610544f62afddca00993eef9 # v0.0.47
with:
krew_template_file: cmd/plugin/krew.yaml

19
.github/workflows/project.yml vendored
View file

@ -1,19 +0,0 @@
name: Adds all issues
on:
issues:
types:
- opened
jobs:
add-to-project:
name: Add issue to project
runs-on: ubuntu-latest
permissions:
repository-projects: write
issues: write
steps:
- uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
with:
project-url: https://github.com/orgs/kubernetes/projects/104
github-token: ${{ secrets.PROJECT_WRITER }}

128
.github/workflows/release.txt vendored Normal file
View file

@ -0,0 +1,128 @@
name: Release
on:
watch:
types: [started]
jobs:
release:
runs-on: ubuntu-latest
if: github.actor == 'aledbf'
steps:
- name: Checkout master
uses: actions/checkout@v1
- name: Set up Go 1.14
uses: actions/setup-go@master
with:
go-version: 1.14
- name: Build krew plugin
shell: bash
run: |
export PATH=${PATH}:`go env GOPATH`/bin
make build-plugin
# - name: Build and publish images
# shell: bash
# run: |
# cat <<EOF | > build/images/nginx/aws.tfvars
# access_key = "${{ secrets.AWS_ACCESS_KEY }}"
# secret_key = "${{ secrets.AWS_ACCESS_SECRET_KEY }}"
# EOF
#
# cat <<EOF | > build/images/nginx/env.tfvars
# docker_username="${{ secrets.DOCKER_USERNAME }}"
# docker_password="${{ secrets.DOCKER_PASSWORD }}"
# EOF
#
# ./build/build-ingress-controller.sh
- name: Create env variables
shell: bash
run: |
# $(cat cmd/plugin/release/ingress-nginx.yaml)
echo "::set-env name=RELEASE_VERSION::$(make show-version)"
echo "::set-env name=RELEASE_CHANGELOG::##CHANGELOG##"
- name: Create release
id: create_release
uses: actions/create-release@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: controller-${{ env.RELEASE_VERSION }}
release_name: "NGINX: ${{ env.RELEASE_VERSION }}"
body: |
**Image:** `quay.io/kubernetes-ingress-controller/nginx-ingress-controller:${{ env.RELEASE_VERSION }}`
${{ env.RELEASE_CHANGELOG }}
Complete changelog [here](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md)
draft: false
prerelease: false
- name: Upload krew plugin Darwin
uses: actions/upload-release-asset@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cmd/plugin/release/kubectl-ingress_nginx-darwin-amd64.tar.gz
asset_name: kubectl-ingress_nginx-darwin-amd64.tar.gz
asset_content_type: application/tar+gzip
- name: Upload krew plugin Linux
uses: actions/upload-release-asset@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cmd/plugin/release/kubectl-ingress_nginx-linux-amd64.tar.gz
asset_name: kubectl-ingress_nginx-linux-amd64.tar.gz
asset_content_type: application/tar+gzip
- name: Upload krew plugin Windows
uses: actions/upload-release-asset@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cmd/plugin/release/kubectl-ingress_nginx-windows-amd64.tar.gz
asset_name: kubectl-ingress_nginx-windows-amd64.tar.gz
asset_content_type: application/tar+gzip
- name: Upload krew plugin
uses: actions/upload-release-asset@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cmd/plugin/release/ingress-nginx.yaml
asset_name: ingress-nginx.yaml
asset_content_type: text/x-yaml
- name: Create KREW_PLUGIN_BODY_PR env variable
shell: bash
run: |
echo "::set-env name=KREW_PLUGIN_BODY_PR::$(cat cmd/plugin/release/ingress-nginx.yaml)"
# - name: Open PR for new release of Krew Plugin
# uses: gha-utilities/init-pull-request@v0.1.2
# env:
# GITHUB_REPOSITORY: maintainer/repo-name
# with:
# verbose: true
# draft: false
# pull_request_token: ${{ secrets.GITHUB_TOKEN }}
# head: ingress-nginx:krew
# base: krew
# title: 'Update ingress-nginx krew plugin to ${{ env.RELEASE_VERSION }}'
# body: |
# ${{ env.KREW_PLUGIN_BODY_PR }}

64
.github/workflows/scorecards.yml vendored
View file

@ -1,64 +0,0 @@
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '20 11 * * 5'
push:
branches:
- "main"
# Declare default permissions as read only.
permissions: read-all
jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge. (Upcoming feature)
id-token: write
# Needs for private repositories.
contents: read
actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
# (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecards on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
with:
sarif_file: results.sarif

24
.github/workflows/stale.yaml vendored
View file

@ -1,24 +0,0 @@
name: 'Stale Issues and PRs'
on:
schedule:
- cron: '30 1 * * *'
jobs:
stale:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
with:
stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
stale-issue-label: lifecycle/frozen
stale-pr-label: lifecycle/frozen
days-before-issue-stale: 30
days-before-pr-stale: 45
days-before-close: -1 # dont not close issues/prs

92
.github/workflows/vulnerability-scans.yaml vendored
View file

@ -1,92 +0,0 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Vulnerability Scan
on:
workflow_dispatch:
release:
schedule:
- cron: '00 9 * * 1'
permissions:
contents: read
security-events: write
jobs:
version:
runs-on: ubuntu-latest
outputs:
versions: ${{ steps.version.outputs.TAGS }}
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Latest Tag
id: version
shell: bash
run: |
readarray -t TAGS_ARRAY <<<"$(git tag --list 'controller-v*.*.*' --sort=-version:refname | grep -v 'beta\|alpha')"
FULL_TAGS=(${TAGS_ARRAY[0]} ${TAGS_ARRAY[1]} ${TAGS_ARRAY[2]})
SHORT_TAGS=()
for i in ${FULL_TAGS[@]}
do
echo "tag: $i"
short=$(echo "$i" | cut -d - -f 2)
SHORT_TAGS+=($short)
done
echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}"
TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]"
echo "${TAGS_JSON}"
echo "TAGS=${TAGS_JSON}" >> $GITHUB_OUTPUT
scan:
runs-on: ubuntu-latest
needs: version
strategy:
matrix:
versions: ${{ fromJSON(needs.version.outputs.versions) }}
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- shell: bash
id: test
run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}"
- name: Scan image with AquaSec/Trivy
id: scan
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
with:
image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
format: 'sarif'
output: trivy-results-${{ matrix.versions }}.sarif
exit-code: 0
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
- name: Output Sarif File
shell: bash
run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
# This step checks out a copy of your repository.
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
with:
token: ${{ github.token }}
# Path to SARIF file relative to the root of the repository
sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
- name: Vulz Count
shell: bash
run: |
TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
echo "TRIVY_COUNT: $TRIVY_COUNT"
echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY
echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY

81
.github/workflows/zz-tmpl-images.yaml vendored
View file

@ -1,81 +0,0 @@
#### THIS IS A TEMPLATE ####
# This workflow is created to be a template for every time an e2e test is required,
on:
workflow_call:
inputs:
name:
required: true
type: string
platforms-test:
type: string
default: linux/amd64
platforms-publish:
type: string
default: linux/amd64
env:
PLATFORMS: ${{ inputs.platforms-test }}
permissions:
contents: write
packages: write
jobs:
changestag:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.filter.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
tag:
- 'images/**/TAG'
image-build:
name: Build
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build
run: |
cd images/ && make NAME=${{ inputs.name }} build
image-push:
name: Push
needs: changestag
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'kubernetes/ingress-nginx' && needs.changestag.outputs.tag == 'true')
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
env:
PLATFORMS: ${{ inputs.platforms-publish }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push
run: |
cd images/ && make REGISTRY=ingressnginx NAME=${{ inputs.name }} push

57
.github/workflows/zz-tmpl-k8s-e2e.yaml vendored
View file

@ -1,57 +0,0 @@
#### THIS IS A TEMPLATE ####
# This workflow is created to be a template for every time an e2e test is required,
on:
workflow_call:
inputs:
k8s-version:
required: true
type: string
variation:
type: string
permissions:
contents: read
jobs:
kubernetes:
name: Kubernetes ${{ inputs.variation }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: cache
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ inputs.k8s-version }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ inputs.k8s-version }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests ${{ inputs.variation }}
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_INGRESS_IMAGE_CREATION: true
SKIP_E2E_IMAGE_CREATION: true
IS_CHROOT: ${{ inputs.variation == 'CHROOT' }}
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports ${{ inputs.variation }}
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: success() || failure()
with:
name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }}
path: 'test/junitreports/report*.xml'

4
.gitignore vendored
View file

@ -46,7 +46,6 @@ test/e2e/e2e\.test
bin
test/e2e-image/wait-for-nginx.sh
.cache
.modcache
cover.out
# secret terraform variables
@ -58,6 +57,3 @@ images/fastcgi-helloserver/rootfs/fastcgi-helloserver
cmd/plugin/release/ingress-nginx.yaml
cmd/plugin/release/*.tar.gz
cmd/plugin/release/LICENSE
tmp/
test/junitreports/
tests/__snapshot__

236
.golangci.yml
View file

@ -1,236 +0,0 @@
run:
timeout: 10m
allow-parallel-runners: true
issues:
# Maximum issues count per one linter. Set to 0 to disable. Default is 50.
max-issues-per-linter: 0
# Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
max-same-issues: 0
linters:
disable-all: true
enable:
- asasalint
- asciicheck
- bidichk
- bodyclose
- contextcheck
- decorder
- dogsled
- dupl
- durationcheck
- errcheck
- errchkjson
- errname
- ginkgolinter
- gocheckcompilerdirectives
- goconst
- gocritic
- gocyclo
- godox
- gofmt
- gofumpt
- goheader
- goimports
- gomoddirectives
- gomodguard
- goprintffuncname
- gosec
- gosimple
- govet
- grouper
- importas
- ineffassign
- loggercheck
- makezero
- misspell
- musttag
- nakedret
- nolintlint
- nosprintfhostport
- prealloc
- predeclared
- promlinter
- reassign
- revive
- rowserrcheck
- sqlclosecheck
- staticcheck
- stylecheck
- tenv
- testableexamples
- typecheck
- unconvert
- unparam
- unused
- usestdlibvars
- whitespace
# - containedctx
# - cyclop
# - dupword
# - errorlint
# - exhaustive
# - exhaustruct
# - exportloopref
# - forbidigo
# - forcetypeassert
# - funlen
# - gci
# - gochecknoglobals
# - gochecknoinits
# - gocognit
# - godot
# - goerr113
# - gomnd
# - interfacebloat
# - ireturn
# - lll
# - maintidx
# - nestif
# - nilerr
# - nilnil
# - nlreturn
# - noctx
# - nonamedreturns
# - paralleltest
# - tagliatelle
# - testpackage
# - thelper
# - tparallel
# - varnamelen
# - wastedassign
# - wrapcheck
# - wsl
linters-settings:
gocyclo:
min-complexity: 40
godox:
keywords:
- BUG
- FIXME
- HACK
errcheck:
check-type-assertions: true
check-blank: true
gocritic:
enabled-checks:
# Diagnostic
- appendAssign
- argOrder
- badCall
- badCond
- badLock
- badRegexp
- badSorting
- builtinShadowDecl
- caseOrder
- codegenComment
- commentedOutCode
- deferInLoop
- deprecatedComment
- dupArg
- dupBranchBody
- dupCase
- dupSubExpr
- dynamicFmtString
- emptyDecl
- evalOrder
- exitAfterDefer
- externalErrorReassign
- filepathJoin
- flagDeref
- flagName
- mapKey
- nilValReturn
- offBy1
- regexpPattern
- returnAfterHttpError
- sloppyReassign
- sloppyTypeAssert
- sortSlice
- sprintfQuotedString
- sqlQuery
- syncMapLoadAndDelete
- truncateCmp
- unnecessaryDefer
- weakCond
# Performance
- appendCombine
- equalFold
- hugeParam
- indexAlloc
- preferDecodeRune
- preferFprint
- preferStringWriter
- preferWriteByte
- rangeExprCopy
- rangeValCopy
- sliceClear
- stringXbytes
# Style
- assignOp
- boolExprSimplify
- captLocal
- commentFormatting
- commentedOutImport
- defaultCaseOrder
- deferUnlambda
- docStub
- dupImport
- elseif
- emptyFallthrough
- emptyStringTest
- exposedSyncMutex
- hexLiteral
- httpNoBody
- ifElseChain
- methodExprCall
- newDeref
- octalLiteral
- preferFilepathJoin
- redundantSprint
- regexpMust
- regexpSimplify
- ruleguard
- singleCaseSwitch
- sloppyLen
- stringConcatSimplify
- stringsCompare
- switchTrue
- timeExprSimplify
- tooManyResultsChecker
- typeAssertChain
- typeDefFirst
- typeSwitchVar
- underef
- unlabelStmt
- unlambda
- unslice
- valSwap
- whyNoLint
- wrapperFunc
- yodaStyleExpr
# Opinionated
- builtinShadow
- importShadow
- initClause
- nestingReduce
- paramTypeCombine
- ptrToRefParam
- typeUnparen
- unnamedResult
- unnecessaryBlock
nolintlint:
# Enable to ensure that nolint directives are all used. Default is true.
allow-unused: false
# Exclude following linters from requiring an explanation. Default is [].
allow-no-explanation: []
# Enable to require an explanation of nonzero length after each nolint directive. Default is false.
# TODO(lint): Enforce explanations for `nolint` directives
require-explanation: false
# Enable to require nolint directives to mention the specific linter being suppressed. Default is false.
require-specific: true

29
.goreleaser.yaml
View file

@ -1,29 +0,0 @@
project_name: ingress-nginx
release:
github:
owner: kubernetes
name: ingress-nginx
builds:
- id: ingress-nginx
goos:
- darwin
- linux
- windows
goarch:
- arm64
- amd64
env:
- CGO_ENABLED=0
- GO111MODULE=on
main: cmd/plugin/main.go
binary: kubectl-ingress-nginx
ldflags: |
-s -w
-X k8s.io/ingress-nginx/version.COMMIT={{ .Commit }}
-X k8s.io/ingress-nginx/version.RELEASE={{ .Tag }}
archives:
- id: ingress-nginx
builds:
- ingress-nginx
name_template: "kubectl-{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
format: tar.gz

2
.luacheckrc
View file

@ -1,6 +1,6 @@
std = 'ngx_lua'
max_line_length = 100
exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua'}
exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua', './rootfs/etc/nginx/lua/plugins/**/test/**/*.lua'}
files["rootfs/etc/nginx/lua/lua_ingress.lua"] = {
ignore = { "122" },
-- TODO(elvinefendi) figure out why this does not work

17
CONTRIBUTING.md
View file

@ -2,8 +2,6 @@
Read the following guide if you're interested in contributing to Ingress. [Make Ingress-Nginx Work for you, and the Community](https://youtu.be/GDm-7BlmPPg) from KubeCon Europe 2018 is a great video to get you started!!
Note that this guide refers to contributing to actual sources of the repository. If you interested in contributing through issue triaging, have a look at [this guide](./ISSUE_TRIAGE.md).
## Contributor License Agreements
We'd love to accept your patches! Before we can take them, we have to jump a couple of legal hurdles.
@ -17,16 +15,14 @@ Follow either of the two links above to access the appropriate CLA and instructi
***NOTE***: Only original source code from you and other people that have signed the CLA can be accepted into the main repository.
## Finding Issues That Need Help
## Finding Things That Need Help
If you're new to the project and want to help, but don't know where to start, we have a semi-curated list of issues that should not need deep knowledge of the system. [Have a look and see if anything sounds interesting](https://github.com/kubernetes/ingress-nginx/issues?utf8=%E2%9C%93&q=is%3Aopen%20is%3Aissue%20label%3A%22help+wanted%22).
Alternatively, search for the label [`triage-accepted`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+is%3Aissue+label%3Atriage%2Faccepted+) if you have some experience with ingress-nginx. Note, that it could make sense to grab issues with higher priority first.
If you're new to the project and want to help, but don't know where to start, we have a semi-curated list of issues that should not need deep knowledge of the system. [Have a look and see if anything sounds interesting](https://github.com/kubernetes/ingress-nginx/issues?utf8=%E2%9C%93&q=is%3Aopen%20is%3Aissue%20label%3A%22help+wanted%22). Alternatively, read some of the docs on other controllers and try to write your own, file and fix any/all issues that come up, including gaps in documentation!
## Contributing a Patch
1. If you haven't already done so, sign a Contributor License Agreement (see details above).
1. Read the [Ingress development guide](docs/developer-guide/getting-started.md).
1. Read the [Ingress development guide](docs/development.md).
1. Fork the desired repo, develop and test your code changes.
1. Submit a pull request.
@ -34,9 +30,7 @@ All changes must be code reviewed. Coding conventions and standards are explaine
### Merge Approval
Ingress Nginx collaborators may add "/lgtm" (Looks Good To Me) to indicate that a PR is acceptable. Any change requires at least one LGTM. No pull requests can be merged until at least one Ingress Nginx collaborator signs off with an LGTM. Adding the "/lgtm" comment result in the prow bot adding the `lgtm` label. Note that a pull request still needs an `approve` label from one of the owners.
Reviewers or members who want to become reviewers according to the [k8s membership ladder](https://github.com/kubernetes/community/blob/master/community-membership.md), could actively search for [pull requests that need a review](https://github.com/kubernetes/ingress-nginx/pulls?q=is%3Aopen+is%3Apr+label%3Atriage%2Faccepted).
Ingress collaborators may add "LGTM" (Looks Good To Me) or an equivalent comment to indicate that a PR is acceptable. Any change requires at least one LGTM. No pull requests can be merged until at least one Ingress collaborator signs off with an LGTM.
## Support Channels
@ -47,6 +41,3 @@ Whether you are a user or contributor, official support channels include:
- Post: [Kubernetes Forum](https://discuss.kubernetes.io)
Before opening a new issue or submitting a new pull request, it's helpful to search the project - it's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware of.
## New Contributor Tips
If you're a new contributor, you can follow the [New Contributor Tips guide](NEW_CONTRIBUTOR.md)

1438
Changelog.md
View file

File diff suppressed because it is too large Load diff

1
GOLANG_VERSION
View file

@ -1 +0,0 @@
1.23.6

89
ISSUE_TRIAGE.md
View file

@ -1,89 +0,0 @@
# Triage Process
As any kind of contributor (triage, reviewer ...), always have in mind that if a user came to us and raised an issue, the user may have a real problem. We must assume that, and not the opposite (the user needs to prove to us that this is a bug). Keeping that in mind, **be nice with users, even if you dont agree with them**
Note that this guide refers to contributing through issue triaging. If you are interested in contributing to actual sources of the repository, see [this guide](./CONTRIBUTING.md).
## General Information
The triage process of the ingress-nginx maintainers is based on the [triage process guidelines](https://github.com/kubernetes/community/blob/master/contributors/guide/issue-triage.md) of the Kubernetes community
However the exact process of the ingress-nginx maintainers may differ in certain aspects. This doc gives a more precise overview on how the ingress-nginx maintainers approach the issue triage process and other processes that are related.
## Triage Flow (Issues)
This section describes the different stages of the triage flow for issues.
### Prepare Issues
New issues come in with the labels `needs-triage` and `needs-priority` and one of: `kind/bug`, `kind/feature` or `kind/support`. Unfortunately there are also some legacy issues that only have a `kind/*` label but neither `needs-triage` nor `needs-priority` . However for every issue that does not have the `triage-accepted` label the following steps have to be done to prepare them for further processing:
* Filter for issues [without the `triage-accepted`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+-label%3Atriage%2Faccepted+is%3Aissue) label.
* Check if all necessary information are available. This is basically true, if people filled out the issue template correctly. If necessary information is missing, ask the author to add the missing information and add the label `triage/needs-information` if not already present. If already present, send the author a friendly reminder to add those.
* Check if the used versions of ingress-nginx and Kubernetes is supported. Note that [we only support n-3 versions](https://github.com/kubernetes/ingress-nginx#support-versions-table). If the version is not supported, ask the author to upgrade to newer versions and see if the error still persists.
* Read through the issue description and comments briefly to understand what the issue is about. Also check if the kind and area is correct, and adjust it if necessary. If the issue is understandable add the label `triage-accepted`.
* If at any point you don't know how to proceed with an issue during the triage process, tag one of the [core maintainers](OWNERS_ALIASES) in the issue to raise attention or alternatively come to [this slack channel](https://kubernetes.slack.com/archives/C021E147ZA4) which may be the quicker way as people tend to miss github notifications.
Note: Issues that are stale for 90 days are being closed automatically. However we could be missing a bug here, so from time to time it makes sense to go over the closed ones and see if there is something important. Use [this filter](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aclosed+is%3Aissue+label%3Alifecycle%2Frotten+) to find those.
Who and When?
* Basically everyone who wants to contribute can do the mentioned steps at any time.
### Issue Prioritization
For all issues, where all necessary information is available thus triage is accepted, we need to do some prioritization:
* Go through all issues with label [`triage-accepted`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+is%3Aissue+label%3Atriage%2Faccepted+).
* Add appropriate priority label: `priority/backlog`, `priority/critical-urgent`, `priority/awaiting-more-evidence`, `priority/important-longterm`, `priority/important-soon` or `good first issue`
Who and When?
* Basically every contributor should be able to do that.
* Tricky/important ones could be brought up during community meetings
## Triage Flow (Pull Requests)
This section describes the different stages of the triage flow for pull requests.
### Prepare Pull Requests
Pull requests come in with the labels `needs-triage`, `needs-priority` and `needs-kind` and one that indicates the size(`size/*`). Unfortunately there are also some legacy pull requests that only have a `size/*` label but neither `needs-triage` nor `needs-priority` . However for every pull request that does not have the `triage-accepted` label the following steps should be done to prepare them for further processing:
* Filter for pull requests [without the `triage-accepted`](https://github.com/kubernetes/ingress-nginx/pulls?q=is%3Aopen+-label%3Atriage%2Faccepted+is%3Apr) label.
* Check if the cla is signed and all necessary information are available. This is basically true, if people filled out the pull request template correctly. If everything is fine add the `triage-accepted` label.
* If at any point you don't know how to proceed with an issue during the triage process, tag one of the [core maintainers](OWNERS_ALIASES) in the issue to raise attention or alternatively come to [this slack channel](https://kubernetes.slack.com/archives/C021E147ZA4) which may be the quicker way as people tend to miss github notifications.
Who and When?
* Basically everyone who wants to contribute can do the mentioned steps at any time.
### Pull Request Prioritization
For all pull requests, where all necessary information is available and cla is signed thus triage is accepted, we need to do some prioritization:
* Go through all pull requests with label [`triage-accepted`](https://github.com/kubernetes/ingress-nginx/pulls?q=is%3Aopen+is%3Apr+label%3Atriage%2Faccepted).
* Sync the `kind/*` and `priority/*` label from the linked issue for the pull request. If the pull request does not have any issue associated (which normally should not be the case), add an appropriate priority and kind label (one of: `priority/backlog`, `priority/critical-urgent`, `priority/important-longterm`, `priority/important-soon`)
Who and When?
* Basically every contributor should be able to do that.
* Tricky/important ones could be brought up during community meetings
## Labels
Labels are helpful for issues or pull requests to indicate in which lifecycle state they are currently and to categorize them. This section describes the most important ones with the additional info about how to add those. A complete label list of the Kubernetes community can be found [here](https://github.com/kubernetes/kubernetes/labels) while a complete label list for this project can be found [here](https://github.com/kubernetes/ingress-nginx/labels). However, here the most important ones:
* Triage:
* [`needs-triage`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+is%3Aissue+label%3Aneeds-triage): Indicates that the issue or pull request needs triage. Automatically added.
* [`triage/accepted`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Atriage%2Faccepted+is%3Aissue+): Indicates that the issue is ready for further processing. Add with `/triage accepted`.
* [`triage/needs-information`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Atriage%2Fneeds-information+is%3Aissue+): Indicates that the issue lacks information. Add with `/triage needs-information`.
* Kind:
* [`kind/bug`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Akind%2Fbug+is%3Aissue): Indicates that the issue is assumed to be a bug. Add with `/kind bug`. Remove with `/remove-kind bug`.
* [`kind/feature`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Akind%2Ffeature+is%3Aissue+): Indicates that the issue is a feature request. Add with `/kind feature`. Remove with `/remove-kind feature`.
* [`kind/documentation`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Akind%2Fdocumentation+is%3Aissue+): Indicates that the issue is documentation related. Add with `/kind documentation`. Remove with `/remove-kind documentation`.
* [`kind/support`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Akind%2Fsupport+is%3Aissue+): Indicates the the issue is a support request. Add with `/kind support`. Remove with `/remove-kind support`.
* Area:
* [`area/helm`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Aarea%2Fhelm+is%3Aissue+): Indicates that the issue is related to helm charts. Add with `/area helm`.
* [`area/lua`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Aarea%2Flua+is%3Aissue+): Indicates that the issue is related to lua. Add with `/area lua`.
* [`area/docs`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Aarea%2Fdocs+is%3Aissue): Indicates that the issue is related to documentation. Add with `/area docs` .
* Priority:
* [`needs-priority`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+is%3Aissue+label%3Aneeds-priority): Indicates that the issue has no prioritization yet. Automatically added.
* [`priority/critical-urgent`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Apriority%2Fcritical-urgent+is%3Aissue+): indicates that the issue has highest priority. Add with `/priority critical-urgent`.
* [`priority/important-soon`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Apriority%2Fimportant-soon+is%3Aissue+): indicates that the issue should be worked on either currently soon, ideally in time for the next release. Add with `/priority important-soon`.
* [`priority/important-longterm`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Apriority%2Fimportant-longterm+is%3Aissue+): indicates that the issue is not important for now, but should be worked on in one of the upcoming releases. Add with `/priority important-longterm`.
* [`priority/backlog`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+label%3Apriority%2Fbacklog+is%3Aissue+): Indicates that the issue has the lowest priority. Add with `/priority backlog`.
* Other:
* [`help wanted`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22): indicates that the issue needs help from a contributor. Add with `/help`.
* [`good first issue`](https://github.com/kubernetes/ingress-nginx/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22): indicates that the issue needs help from a contributor and is a good first issue for new contributors. Add with `/good-first-issue`.

300
MANUAL_RELEASE.md
View file

@ -1,300 +0,0 @@
# RELEASE PROCESS
## 1. BUILD the new Ingress-Nginx-Controller image
### a. Make changes in codebase
- Make changes as per issue
### b. Make changes to appropriate files in [images directory ](images)
- Make changes in /images
### c. Create Pull Request
- Open a Pull Request for your changes considering the following steps to fire cloudbuild of a new image for the Ingress-Nginx-Controller:
- In case of rare CVE fix or other reason to rebuild the nginx-base-image itself, look at the /images directory [NGINX Base Image](https://github.com/kubernetes/ingress-nginx/tree/main/images/nginx).
- Example [NGINX_VERSION](images/nginx/rootfs/build.sh#L21), [SHA256](images/nginx/rootfs/build.sh#L124).
- If you are updating any component in [build.sh](images/nginx/rootfs/build.sh) please also update the SHA256 checksum of that component as well, the cloud build will fail with an exit 10 if not.
### d. Merge
- Merging will fire cloudbuild, which will result in images being promoted to the [staging container registry](https://console.cloud.google.com/gcr/images/k8s-staging-ingress-nginx).
### e. Make sure cloudbuild is a success
- Wait for [cloud build](https://console.cloud.google.com/cloud-build/builds?project=k8s-staging-ingress-nginx). If you don't have access to cloudbuild, you can also have a look at [this](https://prow.k8s.io/?repo=kubernetes%2Fingress-nginx&job=post-*), to see the progress of the build.
- Proceed only after cloud-build is successful in building a new Ingress-Nginx-Controller image.
## 2. If applicable, BUILD other images
- If applicable, then build a new image of any other related component, ONLY IF APPLICABLE TO THE RELEASE
### a. If applicable then make changes in relevant codebase
- Change code as per issue
### b. Make changes to appropriate files in [images directory ](images)
- Sometimes, you may also be needing to rebuild, images for one or multiple other related components of the Ingress-Nginx-Controller ecosystem. Make changes to the required files in the /images directory, if/as applicable, in the context of the release you are attempting. :
- [e2e](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e-image)
- Update references to e2e-test-runner image [If applicable] :
- [e2e-image](https://github.com/kubernetes/ingress-nginx/blob/main/test/e2e-image/Dockerfile#L1)
- [run-in-docker.sh](https://github.com/kubernetes/ingress-nginx/blob/main/build/run-in-docker.sh#L37)
- [test-runner](https://github.com/kubernetes/ingress-nginx/tree/main/images/test-runner)
- [echo](https://github.com/kubernetes/ingress-nginx/tree/main/images/echo)
- [cfssl](https://github.com/kubernetes/ingress-nginx/tree/main/images/cfssl)
- [fastcgi-helloserver](https://github.com/kubernetes/ingress-nginx/tree/main/images/fastcgi-helloserver)
- [httpbin](https://github.com/kubernetes/ingress-nginx/tree/main/images/httpbin)
- [kube-webhook-certgen](https://github.com/kubernetes/ingress-nginx/tree/main/images/kube-webhook-certgen)
### c. Create PR
- Open pull request(s) accordingly, to fire cloudbuild for rebuilding the component's image (if applicable).
### d. Merge
- Merging will fire cloudbuild, which will result in images being promoted to the [staging container registry](https://console.cloud.google.com/gcr/images/k8s-staging-ingress-nginx).
### e. Make sure cloudbuild is a success
- Wait for [cloud build](https://console.cloud.google.com/cloud-build/builds?project=k8s-staging-ingress-nginx). If you don't have access to cloudbuild, you can also have a look at [this](https://prow.k8s.io/?repo=kubernetes%2Fingress-nginx&job=post-*), to see the progress of the build.
- Proceed only after cloud-build is successful in building a new Ingress-Nginx-Controller image.
## 3. PROMOTE the Image(s):
Promoting the images basically means that images, that were pushed to staging container registry in the steps above, now are also pushed to the public container registry. Thus are publicly available. Follow these steps to promote images:
### a. Get the sha
- Get the sha of the new image(s) of the controller, (and any other component image IF APPLICABLE to release), from the cloudbuild, from steps above
- The sha is available in output from [cloud build](https://console.cloud.google.com/cloud-build/builds?project=k8s-staging-ingress-nginx)
- The sha is also visible here https://console.cloud.google.com/gcr/images/k8s-staging-ingress-nginx/global/controller
- The sha is also visible [here](https://prow.k8s.io/?repo=kubernetes%2Fingress-nginx&job=post-*), after cloud build is finished. Click on the respective job, go to `Artifacts` section in the UI, then again `artifacts` in the directory browser. In the `build.log` at the very bottom you see something like this:
```
...
pushing manifest for us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx/controller:v1.0.2@sha256:e15fac6e8474d77e1f017edc33d804ce72a184e3c0a30963b2a0d7f0b89f6b16
...
```
### b. Add the new image to [k8s.io](http://github.com/kubernetes/k8s.io)
- The sha(s) from the step before (and the tag(s) for the new image(s) have to be added, as a new line, in a file, of the [k8s.io](http://github.com/kubernetes/k8s.io) project of Kubernetes organization.
- Fork that other project (if you don't have a fork already).
- Other project to fork [GitHub repo kubernetes/k8s.io](http://github.com/kubernetes/k8s.io)
- Fetch --all and rebase to upstream if already forked.
- Create a branch in your fork, named as the issue number for this release
- In the related branch, of your fork, edit the file /registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml.
- For making, it easier, you can edit your branch directly in the browser. But be careful about making any mistake.
- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before
- Save and commit
### c. Create PR
- Open pull request to promote the new controller image.
### d. Merge
- Merge success is required for next step
- Proceed only after cloud-build is successful in building a new Ingress-Nginx-Controller image.
## 4. PREPARE for a new Release
- Make sure to get the tag and sha of the promoted image from the step before, either from cloudbuild or from [here](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/ingress-nginx/controller).
- This involves editing of several files. So carefully follow the steps below and double check all changes with diff/grep etc., repeatedly. Mistakes here impact endusers.
### a. Make sure your git workspace is ready
- Get your git workspace ready
- If not using a pre-existing fork, then Fork the repo kubernetes/ingress-nginx
- Clone (to laptop or wherever)
- Add upstream
- Set upstream url to no_push
- Checkout & switch to branch, named as per related new-release-issue-number
- If already forked, and upstream already added, then `git fetch --all` and `git rebase upstream/main` (not origin)
- Checkout a branch in your fork's clone
- Perform any other diligence as needed
- Prefer to edit only and only in your branch, in your Fork
### b. Edit the semver tag
- [TAG](https://github.com/kubernetes/ingress-nginx/blob/main/TAG#L1)
### c. Edit the helm Chart
- Change the below-mentioned [Fields in Chart.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/Chart.yaml)
- version
- appVersion
- kubeVersion (**ONLY if applicable**)
- annotations
- artifacthub.io/prerelease: "true"
- artifacthub.io/changes: |
- Replace this line and other lines under this annotation with the Changelog. One process to generate the Changelog is described below
- Install and configure GitHub cli as per the docs of gh-cli https://cli.github.com/,
- Change dir to your clone, of your fork, of the ingress-nginx project
- Run the below command and save the output to a txt file
```
gh pr list -R kubernetes/ingress-nginx -s merged -L 38 -B main | cut -f1,2 | tee ~/Downloads/prlist.txt
```
- The -L 38 was used for 2 reasons.
- Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1. If you see the current/soon-to-be-old changelog, you can look at the most recent PR number that has been accounted for already, and start from after that last accounted for PR.
- The other reason to use -L 38 was to omit the 39th, the 40th and the 41st line in the resulting list. These were non-relevant PRs.
- If you save the output of above command to a file called prlist.txt. It looks somewhat like this ;
```
% cat ~/Downloads/prlist.txt
8129 fix syntax in docs for multi-tls example
8120 Update go in runner and release v1.1.1
8119 Update to go v1.17.6
8118 Remove deprecated libraries, update other libs
8117 Fix codegen errors
8115 chart/ghaction: set the correct permission to have access to push a release
....
```
You can delete the lines, that refer to PRs of the release process itself. We only need to list the feature/bugfix PRs. You can also delete the lines that are housekeeping or not really worth mentioning in the changelog.
- you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, it's possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links.
```
#!/usr/bin/bash
file="$1"
while read -r line; do
pr_num=`echo "$line" | cut -f1`
pr_title=`echo "$line" | cut -f2`
echo "[$pr_num](https://github.com/kubernetes/ingress-nginx/pull/$pr_num) $pr_title"
done <$file
```
- There was a parsing issue and path issue on MacOS, so above script had to be modified and MacOS monterey compatible script is below ;
```
#!/bin/bash
file="$1"
while read -r line; do
pr_num=`echo "$line" | cut -f1`
pr_title=`echo "$line" | cut -f2`
echo \""[$pr_num](https://github.com/kubernetes/ingress-nginx/pull/$pr_num) $pr_title"\"
done <$file
```
- If you saved the bash script content above, in a file like `$HOME/bin/prlist_to_changelog.sh`, then you could execute a command like this to get your prlist in a text file called changelog_content.txt;`
```
prlist_to_changelog.sh ~/Downloads/prlist.txt | tee ~/Downloads//changelog_content.txt
```
### d. Edit the values.yaml and run helm-docs
- [Fields to edit in values.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml)
- tag
- digest
- [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a Helm chart automatically. In the CI pipeline workflow of GitHub actions (.github/workflows/ci.yaml), you can see how helm-docs is used. The CI pipeline is not designed to make commits back into the project, so we need to run helm-docs manually and commit the resulting generated README.md. You can obtain a recent version of the helm-docs binary here: https://github.com/norwoodj/helm-docs/releases.
```
helm-docs --chart-search-root charts
git diff charts/ingress-nginx/README.md
```
Take care of not leaving the helm-docs executable in your clone workspace or not committing the new README.md.
### e. Edit the static manifests
- Prepare to use a script to update the edit the static manifests and set the "image", "digest", "version" etc. fields to the desired value.
- This script depends on kustomize and helm. The versions are pinned in `hack/.tool-versions` and you can use [asdf](https://github.com/asdf-vm/asdf#asdf) to install them
- Execute the script to update static manifests using that script [hack/generate-deploy-scripts.sh](https://github.com/kubernetes/ingress-nginx/blob/main/hack/generate-deploy-scripts.sh)
- Open some of the manifests and check if the script worked properly
- Use `grep -ir image: | less` on the deploy directory, to view for any misses by the script on image digest value or other undesired changes. The script should properly set the image and the digest fields to the desired tag and semver
### f. Edit the changelog
[Changelog.md](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md)
- Each time a release is made, a new section is added to the Changelog.md file
- A new section in the Changelog.md file consists of 3 components listed below
- the "Image"
- the "Description"
- the "PRs list"
- Look at the previous content to understand what the 3 components look like.
- You can easily get the "Image" from a yaml manifest but be sure to look at a manifest in your git clone now and not the upstream on github. This is because, if you are following this documentation, then you generated manifests with new updated digest for the image, in step 4e above. You also most likely promoted the new image in a step above. Look at the previous release section in Changelog.md. The format looks like `registry.k8s.io/ingress-nginx/controller:.......`. One example of a yaml file to look at is /deploy/static/provider/baremetal/deploy.yaml (in your git clone branch and not on the upstream).
- Next, you need to have a good overview of the changes introduced in this release and based on that you write a description. Look at previous descriptions. Ask the ingress-nginx-dev channel if required.
- And then you need to add a list of the PRs merged, since the previous release.
- One process to generate this list of PRs is already described above in step 4c. So if you are following this document, then you have done this already and very likely have retained the file containing the list of PRs, in the format that is needed.
### g. Edit the Documentation:
- Update the version in [docs/deploy/index.md](docs/deploy/index.md)
- Update Supported versions in the Support Versions table in the README.md
- Execute the script to update e2e docs [hack/generate-e2e-suite-doc.sh](https://github.com/kubernetes/ingress-nginx/blob/main/hack/generate-e2e-suite-doc.sh)
### h. Update README.md
- Update the table in README.md in the root of the project to reflect the support matrix. Add the new release version and details in there.
## 5. RELEASE new version
### a. Create PR
- Open PR for releasing the new version of the Ingress-Nginx-Controller ;
- Look at this PR for how it was done before [example PR](https://github.com/kubernetes/ingress-nginx/pull/7490)
- Create a PR
### b. Merge
- Merge should produce manifests as well as chart
- Check
- `helm repo update`
- `helm search repo ingress-nginx`
## 6. GitHub release
- Release to github
- Edit the ghpages file as needed
## TODO
- Automate & simplify as much as possible, whenever possible, however possible

165
Makefile
View file

@ -29,16 +29,11 @@ SHELL=/bin/bash -o pipefail -o errexit
# Use the 0.0 tag for testing, it shouldn't clobber any release builds
TAG ?= $(shell cat TAG)
# The env below is called GO_VERSION and not GOLANG_VERSION because
# the gcb image we use to build already defines GOLANG_VERSION and is a
# really old version
GO_VERSION ?= $(shell cat GOLANG_VERSION)
# e2e settings
# Allow limiting the scope of the e2e tests. By default run everything
FOCUS ?=
FOCUS ?= .*
# number of parallel test
E2E_NODES ?= 7
E2E_NODES ?= 8
# run e2e test suite with tests that check for memory leaks? (default is false)
E2E_CHECK_LEAKS ?=
@ -54,24 +49,19 @@ ifeq ($(ARCH),)
$(error mandatory variable ARCH is empty, either set it when calling the command or make sure 'go env GOARCH' works)
endif
ifneq ($(PLATFORM),)
PLATFORM_FLAG="--platform"
endif
REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
REGISTRY ?= us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx
BASE_IMAGE ?= $(shell cat NGINX_BASE)
BASE_IMAGE ?= k8s.gcr.io/ingress-nginx/nginx:v20200812-g0673e5e17@sha256:3bafc6840f2477c05eb029580fa8ecf4bd33b0f0765e3cd9cc82ad91f817ccf3
GOARCH=$(ARCH)
help: ## Display this help
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
.PHONY: image
image: clean-image ## Build image for a particular arch.
echo "Building docker image ($(ARCH))..."
docker build \
${PLATFORM_FLAG} ${PLATFORM} \
@docker build \
--no-cache \
--build-arg BASE_IMAGE="$(BASE_IMAGE)" \
--build-arg VERSION="$(TAG)" \
@ -80,123 +70,89 @@ image: clean-image ## Build image for a particular arch.
--build-arg BUILD_ID="$(BUILD_ID)" \
-t $(REGISTRY)/controller:$(TAG) rootfs
.PHONY: gosec
gosec:
docker run --rm -it -w /source/ -v "$(pwd)"/:/source securego/gosec:2.11.0 -exclude=G109,G601,G104,G204,G304,G306,G307 -tests=false -exclude-dir=test -exclude-dir=images/ -exclude-dir=docs/ /source/...
.PHONY: image-chroot
image-chroot: clean-chroot-image ## Build image for a particular arch.
echo "Building docker image ($(ARCH))..."
docker build \
--no-cache \
--build-arg BASE_IMAGE="$(BASE_IMAGE)" \
--build-arg VERSION="$(TAG)" \
--build-arg TARGETARCH="$(ARCH)" \
--build-arg COMMIT_SHA="$(COMMIT_SHA)" \
--build-arg BUILD_ID="$(BUILD_ID)" \
-t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile-chroot
.PHONY: clean-image
clean-image: ## Removes local image
echo "removing old image $(REGISTRY)/controller:$(TAG)"
@docker rmi -f $(REGISTRY)/controller:$(TAG) || true
.PHONY: clean-chroot-image
clean-chroot-image: ## Removes local image
echo "removing old image $(REGISTRY)/controller-chroot:$(TAG)"
@docker rmi -f $(REGISTRY)/controller-chroot:$(TAG) || true
.PHONY: build
build: ## Build ingress controller, debug tool and pre-stop hook.
E2E_IMAGE=golang:$(GO_VERSION)-alpine3.21 USE_SHELL=/bin/sh build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \
@build/run-in-docker.sh \
PKG=$(PKG) \
ARCH=$(ARCH) \
COMMIT_SHA=$(COMMIT_SHA) \
REPO_INFO=$(REPO_INFO) \
TAG=$(TAG) \
GOBUILD_FLAGS=$(GOBUILD_FLAGS) \
build/build.sh
.PHONY: build-plugin
build-plugin: ## Build ingress-nginx krew plugin.
@build/run-in-docker.sh \
PKG=$(PKG) \
ARCH=$(ARCH) \
COMMIT_SHA=$(COMMIT_SHA) \
REPO_INFO=$(REPO_INFO) \
TAG=$(TAG) \
GOBUILD_FLAGS=$(GOBUILD_FLAGS) \
build/build-plugin.sh
.PHONY: clean
clean: ## Remove .gocache directory.
rm -rf bin/ .gocache/ .cache/
.PHONY: verify-docs
verify-docs: ## Verify doc generation
hack/verify-annotation-docs.sh
.PHONY: static-check
static-check: ## Run verification script for boilerplate, codegen, gofmt, golint, lualint and chart-lint.
@build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \
hack/verify-all.sh
.PHONY: golint-check
golint-check:
@build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \
hack/verify-golint.sh
###############################
# Tests for ingress-nginx
###############################
.PHONY: test
test: ## Run go unit tests.
@build/run-in-docker.sh \
PKG=$(PKG) \
MAC_OS=$(MAC_OS) \
ARCH=$(ARCH) \
COMMIT_SHA=$(COMMIT_SHA) \
REPO_INFO=$(REPO_INFO) \
TAG=$(TAG) \
GOFLAGS="-buildvcs=false" \
test/test.sh
GOBUILD_FLAGS=$(GOBUILD_FLAGS) \
build/test.sh
.PHONY: lua-test
lua-test: ## Run lua unit tests.
@build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \
test/test-lua.sh
BUSTED_ARGS=$(BUSTED_ARGS) \
build/test-lua.sh
.PHONY: e2e-test
e2e-test: ## Run e2e tests (expects access to a working Kubernetes cluster).
@test/e2e/run-e2e-suite.sh
.PHONY: kind-e2e-test
kind-e2e-test: ## Run e2e tests using kind.
@test/e2e/run-kind-e2e.sh
.PHONY: kind-e2e-chart-tests
kind-e2e-chart-tests: ## Run helm chart e2e tests
@test/e2e/run-chart-test.sh
@build/run-e2e-suite.sh
.PHONY: e2e-test-binary
e2e-test-binary: ## Build binary for e2e tests.
@build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \
ginkgo build ./test/e2e
.PHONY: print-e2e-suite
print-e2e-suite: e2e-test-binary ## Prints information about the suite of e2e tests.
@build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \
hack/print-e2e-suite.sh
.PHONY: cover
cover: ## Run go coverage unit tests.
@build/cover.sh
echo "Uploading coverage results..."
@curl -s https://codecov.io/bash | bash
.PHONY: vet
vet:
@go vet $(shell go list ${PKG}/internal/... | grep -v vendor)
.PHONY: check_dead_links
check_dead_links: ## Check if the documentation contains dead links.
@docker run ${PLATFORM_FLAG} ${PLATFORM} -t \
-w /tmp \
-v $$PWD:/tmp dkhamsing/awesome_bot:1.20.0 \
@docker run -t \
-v $$PWD:/tmp aledbf/awesome_bot:0.1 \
--allow-dupe \
--allow-redirect $(shell find $$PWD -mindepth 1 -name vendor -prune -o -name .modcache -prune -o -iname Changelog.md -prune -o -name "*.md" | sed -e "s#$$PWD/##")
--allow-redirect $(shell find $$PWD -mindepth 1 -name "*.md" -printf '%P\n' | grep -v vendor | grep -v Changelog.md)
.PHONY: dev-env
dev-env: ## Starts a local Kubernetes cluster using kind, building and deploying the ingress controller.
@ -206,28 +162,29 @@ dev-env: ## Starts a local Kubernetes cluster using kind, building and deployin
dev-env-stop: ## Deletes local Kubernetes cluster created by kind.
@kind delete cluster --name ingress-nginx-dev
.PHONY: live-docs
live-docs: ## Build and launch a local copy of the documentation website in http://localhost:8000
@docker build ${PLATFORM_FLAG} ${PLATFORM} \
--no-cache \
-t ingress-nginx-docs .github/actions/mkdocs
@docker run ${PLATFORM_FLAG} ${PLATFORM} --rm -it \
live-docs: ## Build and launch a local copy of the documentation website in http://localhost:3000
@docker run --rm -it \
-p 8000:8000 \
-v ${PWD}:/docs \
--entrypoint /bin/bash \
ingress-nginx-docs \
-c "pip install -r /docs/docs/requirements.txt && mkdocs serve --dev-addr=0.0.0.0:8000"
squidfunk/mkdocs-material:5.2.3
.PHONY: misspell
misspell: ## Check for spelling errors.
@go install github.com/client9/misspell/cmd/misspell@latest
@go get github.com/client9/misspell/cmd/misspell
misspell \
-locale US \
-error \
cmd/* internal/* deploy/* docs/* design/* test/* README.md
.PHONY: kind-e2e-test
kind-e2e-test: ## Run e2e tests using kind.
@test/e2e/run.sh
.PHONY: kind-e2e-chart-tests
kind-e2e-chart-tests: ## Run helm chart e2e tests
@test/e2e/run-chart-test.sh
.PHONY: run-ingress-controller
run-ingress-controller: ## Run the ingress controller locally using a kubectl proxy connection.
@build/run-ingress-controller.sh
@ -240,43 +197,25 @@ ensure-buildx:
show-version:
echo -n $(TAG)
PLATFORMS ?= amd64 arm arm64
BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64
PLATFORMS ?= amd64 arm arm64 s390x
EMPTY :=
SPACE := $(EMPTY) $(EMPTY)
COMMA := ,
.PHONY: release # Build a multi-arch docker image
release: ensure-buildx clean
echo "Building binaries..."
$(foreach PLATFORM,$(PLATFORMS), echo -n "$(PLATFORM)..."; ARCH=$(PLATFORM) make build;)
echo "Building and pushing ingress-nginx image...$(BUILDX_PLATFORMS)"
docker buildx build \
echo "Building and pushing ingress-nginx image..."
@docker buildx build \
--no-cache \
$(MAC_DOCKER_FLAGS) \
--push \
--pull \
--progress plain \
--platform $(BUILDX_PLATFORMS) \
--platform $(subst $(SPACE),$(COMMA),$(PLATFORMS)) \
--build-arg BASE_IMAGE="$(BASE_IMAGE)" \
--build-arg VERSION="$(TAG)" \
--build-arg COMMIT_SHA="$(COMMIT_SHA)" \
--build-arg BUILD_ID="$(BUILD_ID)" \
-t $(REGISTRY)/controller:$(TAG) rootfs
docker buildx build \
--no-cache \
$(MAC_DOCKER_FLAGS) \
--push \
--pull \
--progress plain \
--platform $(BUILDX_PLATFORMS) \
--build-arg BASE_IMAGE="$(BASE_IMAGE)" \
--build-arg VERSION="$(TAG)" \
--build-arg COMMIT_SHA="$(COMMIT_SHA)" \
--build-arg BUILD_ID="$(BUILD_ID)" \
-t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile-chroot
.PHONY: build-docs
build-docs:
pip install -r docs/requirements.txt
mkdocs build --config-file mkdocs.yml

852
NEW_CONTRIBUTOR.md
View file

@ -1,852 +0,0 @@
## New Contributor Tips
Welcome to the Ingress Nginx new contributor tips.
This guide briefly outlines the necessary knowledge & tools, required to start working on Ingress-NGINX Issues.
### Prerequisites
- Basic understanding of linux
- Familiarity with the command line on linux
- OSI Model(Links below)
### Introduction
It all starts with the OSI model...
> The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. It was the first standard model for network communications, adopted by all major computer and telecommunication companies
![Describes the 7 Layers of the OSI Model](https://i.imgur.com/qF0KjBq.png)
#### Reading material for OSI Model
[OSI Model CertificationKits](https://www.certificationkits.com/cisco-certification/cisco-ccna-640-802-exam-certification-guide/cisco-ccna-the-osi-model/)
### Approaching the problem
Not everybody knows everything. But the factors that help are a love/passion for this to begin. But to move forward, it's the approach and not the knowledge that sustains prolonged joy, while working on issues. If the approach is simple and powered by good-wishes-for-community, then info & tools are forthcoming and easy.
Here we take a bird's eye-view of the hops in the network plumbing, that a packet takes, from source to destination, when we run `curl`, from a laptop to a nginx webserver process, running in a container, inside a pod, inside a Kubernetes cluster, created using `kind` or `minikube` or any other cluster-management tool.
### [Kind](https://kind.sigs.k8s.io/) cluster example on a Linux Host
#### TL;DR
The destination of the packet from the curl command, is looked up, in the `routing table`. Based on the route, the packet first travels to the virtual bridge `172.18.0.1` interface, created by docker, when we created the kind cluster on a laptop. Next the packet is forwarded to `172.18.0.2`(See below on how we got this IP address), within the kind cluster. The `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip in this case `10.244.0.5`
Command:
```
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
230e7246a32c kindest/node:v1.24.1 "/usr/local/bin/entr…" 2 weeks ago Up 54 seconds 127.0.0.1:38143->6443/tcp kind-control-plane
# docker inspect kind-control-plane -f '{{ .NetworkSettings.Networks.kind.IPAddress }}'
172.18.0.2
```
If this part is confusing, you would first need to understand what a [bridge](https://tldp.org/HOWTO/BRIDGE-STP-HOWTO/what-is-a-bridge.html) is and what [docker network](https://docs.docker.com/network/) is.
#### The journey of a curl packet.
Let's begin with creating a [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/) Cluster on your laptop
```
# kind create cluster
```
This will create a cluster called `kind`, to view the clusters type
```
# kind get clusters   
kind
```
Kind ships with `kubectl`, so we can use that to communicate with our clusters.
```
# kubectl get no -o wide   
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
kind-control-plane Ready control-plane 5d23h v1.24.1 172.18.0.2 <none> Ubuntu 21.10 5.18.12-arch1-1 containerd://1.6.4
```
Kind creates a cluster using docker container as nodes, it does this using [containerd](https://containerd.io/) within the docker container.
The concept of Docker in Docker is very important here.
To start with simply create a nginx deployment using `kubectl`.
```
# kubectl create deployment nginx --image nginx:alpine --port=80
deployment.apps/nginx created
```
Then we expose this as a NodePort Service.
```
# kubectl expose deployment/nginx --type=NodePort
service/nginx-new exposed
```
Command: Now we can see that the service has been exposed.
```
# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
nginx NodePort 10.96.176.241 <none> 80:32329/TCP 4d8h app=nginx
```
Output Relevance: From the above output, we can see that our nginx pod is being exposed as the `NodePort` service type, and now we can curl the Node IP `172.18.0.2` with the exposed port `32329`
Command: The pod has an IP as shown below
```
# kubectl get po -o wide  
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-6c8b449b8f-pdvdk 1/1 Running 1 (32h ago) 4d8h 10.244.0.5 kind-control-plane <none> <none>
```
Command: We can use `curl` on the laptop to view the nginx container that is running on port `32329`.
```
# curl 172.18.0.2:32329
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
```
Now, we can check the ip interfaces as well subnets for our system is connected to:
```
$ ifconfig
ethbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.31.9 netmask 255.255.255.0 broadcast 192.168.31.255
inet6 fe80::7530:9ae5:3e8d:e45a prefixlen 64 scopeid 0x20<link>
ether 2e:90:b3:e8:52:5b txqueuelen 1000 (Ethernet)
RX packets 31220566 bytes 44930589084 (41.8 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18104006 bytes 1757183680 (1.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-2fffe5cd5d9e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
inet6 fc00:f853:ccd:e793::1 prefixlen 64 scopeid 0x0<global>
inet6 fe80::42:12ff:fed3:8fb0 prefixlen 64 scopeid 0x20<link>
inet6 fe80::1 prefixlen 64 scopeid 0x20<link>
ether 02:42:12:d3:8f:b0 txqueuelen 0 (Ethernet)
RX packets 3547 bytes 414792 (405.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6267 bytes 8189931 (7.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:a2ff:fe09:5edb prefixlen 64 scopeid 0x20<link>
ether 02:42:a2:09:5e:db txqueuelen 0 (Ethernet)
RX packets 14 bytes 2143 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40 bytes 6406 (6.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
```
From the above output we can see that, there are two bridges connected to our systems network interface,one is the docker default bridge`docker0` and the other created by kind
`br-2fffe5cd5d9e`.
Since kind creates nodes as containers, this is easily accessible via `docker ps`.
```
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
230e7246a32c kindest/node:v1.24.1 "/usr/local/bin/entr…" 6 days ago Up 33 hours 127.0.0.1:38143->6443/tcp kind-control-plane
```
If we do a docker `exec` we can enter the container, we can also see the network interfaces within the container.
```
# docker exec -it 230e7246a32c bash
# root@kind-control-plane:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: vethdb0d1da1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether a2:a1:ce:08:d2:39 brd ff:ff:ff:ff:ff:ff link-netns cni-ddc25710-030a-cc05-c600-5a183fae01f7
inet 10.244.0.1/32 scope global vethdb0d1da1
valid_lft forever preferred_lft forever
3: veth4d76603f@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 9a:9b:6b:3e:d1:53 brd ff:ff:ff:ff:ff:ff link-netns cni-f2270000-8fc8-6f89-e56b-4759ae10a084
inet 10.244.0.1/32 scope global veth4d76603f
valid_lft forever preferred_lft forever
4: vethcc2586d6@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 52:f9:20:63:62:a2 brd ff:ff:ff:ff:ff:ff link-netns cni-97e337cd-1322-c1fa-7523-789af94f397f
inet 10.244.0.1/32 scope global vethcc2586d6
valid_lft forever preferred_lft forever
5: veth783189a9@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether ba:e1:55:1f:6f:12 brd ff:ff:ff:ff:ff:ff link-netns cni-90849001-668a-03d2-7d9e-192de79ccc59
inet 10.244.0.1/32 scope global veth783189a9
valid_lft forever preferred_lft forever
6: veth79c98c12@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 22:05:55:c7:86:e9 brd ff:ff:ff:ff:ff:ff link-netns cni-734dfac9-9f70-ab33-265b-21569d90312a
inet 10.244.0.1/32 scope global veth79c98c12
valid_lft forever preferred_lft forever
7: veth5b221c83@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 92:3f:04:54:72:5a brd ff:ff:ff:ff:ff:ff link-netns cni-d8f6666b-1cfb-ef08-4bf8-237a7fc32da2
inet 10.244.0.1/32 scope global veth5b221c83
valid_lft forever preferred_lft forever
8: vethad630fb8@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 32:78:ec:f6:01:ea brd ff:ff:ff:ff:ff:ff link-netns cni-6cb3c179-cb17-3b81-2051-27231c44a3c4
inet 10.244.0.1/32 scope global vethad630fb8
valid_lft forever preferred_lft forever
9: veth573a629b@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether e2:57:f8:c9:bc:94 brd ff:ff:ff:ff:ff:ff link-netns cni-d2dbb903-8310-57b4-7ba4-9f353dbc79dc
inet 10.244.0.1/32 scope global veth573a629b
valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fc00:f853:ccd:e793::2/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe12:2/64 scope link
valid_lft forever preferred_lft forever
11: vethd7368e27@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 8a:74:ec:f6:d6:c9 brd ff:ff:ff:ff:ff:ff link-netns cni-7c7eb9cd-bbb1-65b0-0480-b8f1265f2f36
inet 10.244.0.1/32 scope global vethd7368e27
valid_lft forever preferred_lft forever
12: veth7cadbf2b@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 12:48:10:b7:b8:f5 brd ff:ff:ff:ff:ff:ff link-netns cni-b39e37b5-1bc8-626a-a553-a0be2f94a117
inet 10.244.0.1/32 scope global veth7cadbf2b
valid_lft forever preferred_lft forever
```
When we run `curl 172.18.0.2:32329` on the laptop it first needs to figure out where `172.18.0.2`, to do this it refers to the host routing table.
```
sudo netstat -rn    main 
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.31.1 0.0.0.0 UG 0 0 0 ethbr0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-2fffe5cd5d9e
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-be5b544733a3
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0
192.168.39.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr2
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
```
Output Relevance: From the above output, you can see that the `iface`(Interface) for `172.18.0.0` is `br-2fffe5cd5d9e`, which means traffic that needs to go to `172.18.0.0` will go through `br-2fffe5cd5d9e` which is created by docker for the kind container (this is the node in case of kind cluster).
Now we need to understand how the packet travels from the container interface to the pod with IP `10.244.0.5`. The component that handles this is called kube-proxy
So what exactly is [kube-proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy):
> Kube-Proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster
So, as we can see that kube proxy handles the network rules required to aid the communication to the pods, we will look at the [iptables](https://linux.die.net/man/8/iptables)
> `iptables` is a command line interface used to set up and maintain tables for the Netfilter firewall for IPv4, included in the Linux kernel. The firewall matches packets with rules defined in these tables and then takes the specified action on a possible match. Tables is the name for a set of chains
Command:
```
# iptables -t nat -L PREROUTING -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
DOCKER_OUTPUT all -- 0.0.0.0/0 172.18.0.1
CNI-HOSTPORT-DNAT all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
```
```
# iptables-save | grep PREROUTING
-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
```
Output Relevance:
> -A: append new iptable rule
> -j: jump to the target
> KUBE-SERVICES: target
> The above output appends a new rule for PREROUTING which every network packet will go through first as they try to access any kubernetes service
What is `PREROUTING` in iptables?
>PREROUTING: This chain is used to make any routing related decisions before (PRE) sending any packets
To dig in further we need to go to the target, `KUBE-SERVICES` for our nginx service.
```
# iptables -t nat -L KUBE-SERVICES -n| grep nginx
KUBE-SVC-2CMXP7HKUVJN7L6M tcp -- 0.0.0.0/0 10.96.176.241 /* default/nginx cluster IP */ tcp dpt:80
```
Command:
```
# iptables -t nat -L KUBE-SVC-2CMXP7HKUVJN7L6M -n
Chain KUBE-SVC-2CMXP7HKUVJN7L6M (2 references)
target prot opt source destination
KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.96.176.241 /* default/nginx cluster IP */ tcp dpt:80
KUBE-SEP-4IEO3WJHPKXV3AOH all -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx -> 10.244.0.5:80 */
# iptables -t nat -L KUBE-MARK-MASQ -n
Chain KUBE-MARK-MASQ (31 references)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000
# iptables -t nat -L KUBE-SEP-4IEO3WJHPKXV3AOH -n
Chain KUBE-SEP-4IEO3WJHPKXV3AOH (1 references)
target prot opt source destination
KUBE-MARK-MASQ all -- 10.244.0.5 0.0.0.0/0 /* default/nginx */
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx */ tcp to:10.244.0.5:80
```
```
iptables-save | grep 10.96.176.241
-A KUBE-SERVICES -d 10.96.176.241/32 -p tcp -m comment --comment "default/nginx cluster IP" -m tcp --dport 80 -j KUBE-SVC-2CMXP7HKUVJN7L6M
-A KUBE-SVC-2CMXP7HKUVJN7L6M ! -s 10.244.0.0/16 -d 10.96.176.241/32 -p tcp -m comment --comment "default/nginx cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
```
As you can see the rules added by `kube-proxy` helps the packet reach to the destination service.
### Minikube KVM VM Example on Linux
#### TL;DR
Now we look at the curl packet journey on minikube. The `routing table` is looked up to know the destination of the curl packet. The packet then first travels to the virtual bridge `192.168.39.1`, created by minikube kvm2 driver, when we created the minikube cluster, on a linux laptop. Then this packet is forwarded to `192.168.39.57`, within the minikube VM. We have docker containers running in the VM. Among them, the `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip, in this case `172.17.0.4`.
To begin with the minikube example, we first need to create a minikube cluster on a linux laptop. In this example I'll be using the `kvm2` driver option for `minikube start` command, as default.
```
minikube start
😄 minikube v1.26.0 on Arch "rolling"
🆕 Kubernetes 1.24.2 is now available. If you would like to upgrade, specify: --kubernetes-version=v1.24.2
✨ Using the kvm2 driver based on existing profile
👍 Starting control plane node minikube in cluster minikube
🏃 Updating the running kvm2 "minikube" VM ...
🐳 Preparing Kubernetes v1.23.3 on Docker 20.10.12 ...
▪ kubelet.housekeeping-interval=5m
🔎 Verifying Kubernetes components...
▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
▪ Using image registry.k8s.io/ingress-nginx/controller:v1.2.1
▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🔎 Verifying ingress addon...
🌟 Enabled addons: ingress, storage-provisioner, default-storageclass
🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
```
**Note**: The KVM driver provides a lot of options on customizing the cluster, however that is currently beyond the scope of this guide.
Next we will get the Node IP.
```
$ kubectl get no -o wide  
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
minikube Ready control-plane,master 25d v1.23.3 192.168.39.57 <none> Buildroot 2021.02.4 4.19.202 docker://20.10.12
```
Minikube creates a Virtual Machine using the KVM2 driver(Other drivers such as Virtualbox do exist see `minikube start --help` for more information ), you should be able to see this with the following output(You may have to use sudo to get this output)
```
$ virsh --connect qemu:///system list
Id Name State
--------------------------
1 minikube running
or
$ sudo virsh list
Id Name State
--------------------------
1 minikube running
```
Moving on, simply create a nginx deployment using `kubectl`.
```
# kubectl create deployment nginx --image nginx:alpine --port=80
deployment.apps/nginx created
```
Then we expose this as a NodePort Service.
```
# kubectl expose deployment/nginx --type=NodePort
service/nginx-new exposed
```
Command: Now we can see that the service has been exposed.
```
# kubectl get svc -o wide    main 
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 25d <none>
nginx-minikube NodePort 10.97.44.4 <none> 80:32007/TCP 45h app=nginx-minikube
```
Output Relevance: From the above output, we can see that our nginx pod is being exposed as the `NodePort` service type, and now we can curl the Node IP `192.168.39.57` with the exposed port `32007`
Command: The pod has an IP as shown below
```
# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-minikube-7546f79bd8-x88bt 1/1 Running 3 (43m ago) 45h 172.17.0.4 minikube <none> <none>
```
Command: We can use `curl` on the laptop to view the nginx container that is running on port `32007`.
```
curl 192.168.39.57:32007
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
```
So, how does this packet travel, lets dive in.
We can check the ip interfaces as well subnets for our system is connected to:
```
$ ifconfig
virbr2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.39.1 netmask 255.255.255.0 broadcast 192.168.39.255
ether 52:54:00:19:29:93 txqueuelen 1000 (Ethernet)
RX packets 5132 bytes 1777099 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6113 bytes 998530 (975.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:48:ee:35 txqueuelen 1000 (Ethernet)
RX packets 23648 bytes 1265196 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40751 bytes 60265308 (57.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
```
Output Relevance: From the above output you can see there are two Virtual Bridges created by minikube when we created the cluster on the network. Here, `virbr0` is the default NAT network bridge while `virbr2` is a isolated network bridge on which the pods run.
Minikube creates a Virtual Machine, to enter the virtual machine we can simply do:
```
# minikube ssh
```
The interfaces within the Virtual Machine are as follows.
```
docker0 Link encap:Ethernet HWaddr 02:42:03:24:26:78
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31478 errors:0 dropped:0 overruns:0 frame:0
TX packets:36704 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3264056 (3.1 MiB) TX bytes:14061883 (13.4 MiB)
eth0 Link encap:Ethernet HWaddr 52:54:00:C9:3A:73
inet addr:192.168.39.57 Bcast:192.168.39.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8245 errors:0 dropped:9 overruns:0 frame:0
TX packets:3876 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:812006 (792.9 KiB) TX bytes:1044724 (1020.2 KiB)
eth1 Link encap:Ethernet HWaddr 52:54:00:7B:37:79
inet addr:192.168.122.35 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4459 errors:0 dropped:9 overruns:0 frame:0
TX packets:201 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:298528 (291.5 KiB) TX bytes:25813 (25.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:946772 errors:0 dropped:0 overruns:0 frame:0
TX packets:946772 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:213465460 (203.5 MiB) TX bytes:213465460 (203.5 MiB)
vetha4f1dc5 Link encap:Ethernet HWaddr 3E:1C:FE:C9:75:86
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1413 (1.3 KiB) TX bytes:955 (955.0 B)
vethbf35613 Link encap:Ethernet HWaddr BA:31:7D:AE:2A:BF
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3526 errors:0 dropped:0 overruns:0 frame:0
TX packets:3934 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:342408 (334.3 KiB) TX bytes:380193 (371.2 KiB)
vethe092a51 Link encap:Ethernet HWaddr 8A:37:D3:D9:D9:0E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9603 errors:0 dropped:0 overruns:0 frame:0
TX packets:11151 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1199235 (1.1 MiB) TX bytes:5449408 (5.1 MiB)
```
Output Relevance: Here we have the Virtual Ethernet and we have docker bridges too since docker runs within the Virtual Machine.
When we do a `curl` to `192.168.39.57:32007` on the laptop the packet first goes to the route table
```
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.31.1 0.0.0.0 UG 0 0 0 ethbr0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-2fffe5cd5d9e
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-be5b544733a3
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 ethbr0
192.168.39.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr2
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
```
Output Relevance: As you can see multiple routes are defined here, of which our Virtual Machine Node IP(192.168.39.57) is also shown in the table, so the packet now knows where it has to go.
With that clear we now know how the packet goes from the laptop to the virtual bridge and then enters the Virtual Machine.
Inside the virtual machine, [kube-proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy) handles the routing using iptables.
So what exactly is [kube-proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy)(For those who skipped the kind example):
> Kube-Proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster
So, as we can see that kube proxy handles the network rules required to aid the communication to the pods, we will look at the [iptables](https://linux.die.net/man/8/iptables)
> `iptables` is a command line interface used to set up and maintain tables for the Netfilter firewall for IPv4, included in the Linux kernel. The firewall matches packets with rules defined in these tables and then takes the specified action on a possible match. Tables is the name for a set of chains
Command:
```
# minikube ssh  
_ _
_ _ ( ) ( )
___ ___ (_) ___ (_)| |/') _ _ | |_ __
/' _ ` _ `\| |/' _ `\| || , < ( ) ( )| '_`\ /'__`\
| ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )( ___/
(_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____)
$ sudo iptables -t nat -L PREROUTING -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
$ iptables-save | grep PREROUTING
-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
```
Output Relevance:
> -A: append new iptable rule
> -j: jump to the target
> KUBE-SERVICES: target
> The above output appends a new rule for PREROUTING which every network packet will go through first as they try to access any kubernetes service
What is `PREROUTING` in iptables?
>PREROUTING: This chain is used to make any routing related decisions before (PRE) sending any packets
To dig in further we need to go to the target, `KUBE-SERVICES` for our nginx service.
```
# iptables -t nat -L KUBE-SERVICES -n| grep nginx
KUBE-SVC-NRDCJV6H42SDXARP tcp -- 0.0.0.0/0 10.97.44.4 /* default/nginx-minikube cluster IP */ tcp dpt:80
```
Command:
```
$ sudo iptables -t nat -L| grep KUBE-SVC-NRDCJV6H42SDXARP
KUBE-SVC-NRDCJV6H42SDXARP tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx-minikube */ tcp dpt:32007
KUBE-SVC-NRDCJV6H42SDXARP tcp -- 0.0.0.0/0 10.97.44.4 /* default/nginx-minikube cluster IP */ tcp dpt:80
$ sudo iptables -t nat -L KUBE-MARK-MASQ -n
Chain KUBE-MARK-MASQ (19 references)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000
sudo iptables-save | grep 172.17.0.4
-A KUBE-SEP-AHQQ7ZFXMEBNX76B -s 172.17.0.4/32 -m comment --comment "default/nginx-minikube" -j KUBE-MARK-MASQ
-A KUBE-SEP-AHQQ7ZFXMEBNX76B -p tcp -m comment --comment "default/nginx-minikube" -m tcp -j DNAT --to-destination 172.17.0.4:80
```
As you can see the rules added by kube-proxy helps the packet reach to the destination service.
### Connection termination
Connection termination is a type of event that occurs when there are load balancers present, the information for this is quite scarce, however I've found the following article, [IBM - Network Termination](https://www.ibm.com/docs/en/sva/9.0.4?topic=balancer-network-termination) that describes what it means by connection termination between clients(laptop) and server(load balancer) and the various other services.
### Different types of connection errors.
The following article on [TCP/IP errors](https://www.ibm.com/docs/en/db2/11.1?topic=message-tcpip-errors) has a list of the important tcp timeout errors that we need to know.
| Common TCP/IP errors | Meaning |
| -------- | -------- |
| Resource temporarily unavailable.| Self-explanatory. |
| No space is left on a device or system table.|The disk partition is full|
|No route to the host is available.|The routing table doesn't know where to route the packet.|
|Connection was reset by the partner.|This usually means the packet was dropped as soon as it reached the server can be due to a firewall.|
|The connection was timed out.|This indicates the firewall blocking your connection or the connection took too long.|
## OSI Model Layer 7 (Application Layer)
[What is layer 7?](https://www.cloudflare.com/learning/ddos/what-is-layer-7/)
#### Summary
Layer 7 refers to the seventh and topmost layer of the Open Systems Interconnect (OSI) Model known as the application layer. This is the highest layer which supports end-user processes and applications. Layer 7 identifies the communicating parties and the quality of service between them, considers privacy and user authentication, as well as identifies any constraints on the data syntax. This layer is wholly application-specific.
## Setting up Ingress-Nginx Controller
Since we are doing this on our local laptop, we are going to use the following tools:
- [Minikube using KVM driver](https://minikube.sigs.k8s.io/docs/start/) - The host is linux-based in our example
- [Metallb](https://metallb.universe.tf/) - Baremetal load-balancer.
- [KVM](https://www.linux-kvm.org/page/Main_Page) / [Oracle VirtualBox](https://www.virtualbox.org/wiki/Downloads) / [VMWare](https://www.vmware.com/in/products/workstation-pro.html)
### So let's begin with Metallb and Ingress-Nginx setup.
For setting up metallb, we are going to follow the below steps:
- To begin the installation, we will execute:
```
minikube start
```
- To install Metallb, one can install it using the [manifest](https://metallb.universe.tf/installation/#installation-by-manifest) or by using [helm](https://metallb.universe.tf/installation/#installation-with-helm), for now we will use the Manifest method:
```
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.4/config/manifests/metallb-native.yaml
```
- We need to now configure Metallb, we are using [Layer 2 configuration](https://metallb.universe.tf/configuration/#announce-the-service-ips), let's head over to the [Metallb Configuration](https://metallb.universe.tf/configuration/) website, here you will see how to setup metallb.
>Layer 2 mode does not require the IPs to be bound to the network interfaces of your worker nodes. It works by responding to ARP requests on your local network directly, to give the machines MAC address to clients.
In order to advertise the IP coming from an IPAddressPool, an L2Advertisement instance must be associated to the IPAddressPool.
- We have modified the IP address pool so that our loadbalancer knows which subnet to choose an IP from.Since we have only one minikube IP we need to modify the code given in the documentation.
Save this as `metallb-config.yaml`:
```
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
# The configuration website show's you this
#- 192.168.10.0/24
#- 192.168.9.1-192.168.9.5
#- fc00:f853:0ccd:e799::/124
# We are going to change this to `minikube ip` as such
- 192.168.39.57/32
```
Now deploy it using `kubectl`
```
kubectl apply -f metallb-config.yaml
```
- Now that metallb is setup, let's install [ingress-nginx](https://kubernetes.github.io/ingress-nginx/deploy/#quick-start) on the laptop.
Note: We are using the install by manifest option from the Installation manual
```
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml
```
or one can also install it using the minikube addons:
```
minikube addons enable ingress
```
- Once your Ingress-Nginx controller is created you can run the following commands to see the output of the setup done.
```
kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-65bld 0/1 Completed 0 14m
ingress-nginx-admission-patch-rwq4x 0/1 Completed 0 14m
ingress-nginx-controller-6dc865cd86-7c5zd 1/1 Running 0 14m
```
The Ingress controller creates a Service with the type LoadBalancer and metallb provides the IP address.
```
kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.108.154.53 192.168.39.223 80:30367/TCP,443:31491/TCP 4d15h
ingress-nginx-controller-admission ClusterIP 10.98.54.3 <none> 443/TCP 4d15h
```
#### Creating an Ingress
We will deploy a `httpd` service in a `httpd` namespace and create a ingress for it.
First, let's create a namespace.
```
kubectl create namespace httpd
```
Next we will create a deployment
```
kubectl create deployment httpd -n httpd --image=httpd:alpine
```
Now, In order to create a service, let's expose this deployment
```
kubectl expose deployment -n httpd httpd --port 80
```
Let's check the `pod` that is created
```
kubectl get po -n httpd
NAME READY STATUS RESTARTS AGE
httpd-fb7fcdc77-w287c 1/1 Running 0 64s
```
Let's list the services in the `httpd` namespace
```
kubectl get svc -n httpd
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpd ClusterIP 10.104.111.0 <none> 80/TCP 13s
```
Once we have this we can now create an ingress using the following
```
kubectl -n httpd create ingress httpd --class nginx --rule httpd.dev.leonnunes.com/"*"=httpd:80
```
The above output, creates an ingress, for us with the rule to match the service if the host is `httpd.dev.leonnunes.com`. The class here is retrieved from the below command.
To list the `ingressclasses` use
```
kubectl get ingressclasses
NAME CONTROLLER PARAMETERS AGE
nginx k8s.io/ingress-nginx <none> 6h49m
```
The following command shows the ingress created
```
$ kubectl get ingress -A -o wide
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
httpd httpd nginx httpd.dev.leonnunes.com 192.168.39.223 80 11d
```
To test if the rule works we can now do
```
$ minikube ip
192.168.39.223
$ curl --resolve httpd.dev.leonnunes.com:80:192.168.39.223 httpd.dev.leonnunes.com
<html><body><h1>It works!</h1></body></html>
or
curl -H "Host: httpd.dev.leonnunes.com" 192.168.39.223
```
#### Example of Information found on layer 7
We have setup `Ingress-Nginx`, using `nginx` as a class and `httpd` for this example.
In order to display the info on Layer - 7, we have extracted the Layer 7 information from a simple `curl` request, and then using `tcpdump` command within the `httpd` pod we extracted the network packets and opened it using the `Wireshark` utility.
Below given is the output that is important:
```bash
Frame 4: 391 bytes on wire (3128 bits), 391 bytes captured (3128 bits)
Linux cooked capture v2
Internet Protocol Version 4, Src: 172.17.0.4, Dst: 172.17.0.3
Transmission Control Protocol, Src Port: 49074, Dst Port: 80, Seq: 1, Ack: 1, Len: 319
Hypertext Transfer Protocol
GET / HTTP/1.1\r\n
Host: httpd.dev.leonnunes.com\r\n
X-Request-ID: 6e1a790412a0d1615dc0231358dc9c8b\r\n
X-Real-IP: 172.17.0.1\r\n
X-Forwarded-For: 172.17.0.1\r\n
X-Forwarded-Host: httpd.dev.leonnunes.com\r\n
X-Forwarded-Port: 80\r\n
X-Forwarded-Proto: http\r\n
X-Forwarded-Scheme: http\r\n
X-Scheme: http\r\n
User-Agent: curl/7.84.0\r\n
Accept: */*\r\n
\r\n
[Full request URI: http://httpd.dev.leonnunes.com/]
[HTTP request 1/1]
[Response in frame: 6]
```
The above output shows the information that the `httpd` pod receives. The `curl` command sends the host header, `Host: httpd.dev.leonnunes.com`, to the nginx controller, that then matches the rule and sends the information to the right controller
The following output shows what is sent via the laptop.
```
curl --resolve httpd.dev.leonnunes.com:80:192.168.39.57 -H "Host: httpd.dev.leonnunes.com" 192.168.39.57 -vL
* Added httpd.dev.leonnunes.com:80:192.168.39.57 to DNS cache
* Trying 192.168.39.57:80...
* Connected to 192.168.39.57 (192.168.39.57) port 80 (#0)
> GET / HTTP/1.1
> Host: httpd.dev.leonnunes.com
> User-Agent: curl/7.84.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Mon, 22 Aug 2022 16:05:27 GMT
< Content-Type: text/html
< Content-Length: 45
< Connection: keep-alive
< Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
< ETag: "2d-432a5e4a73a80"
< Accept-Ranges: bytes
<
<html><body><h1>It works!</h1></body></html>
* Connection #0 to host 192.168.39.57 left intact
```
As you can see from the above output there are several headers added to the curl output after it reaches the `httpd` pod, these headers are added by the Ingress Nginx Controller.
### References
#### Basics of Networking
- https://www.cisco.com/en/US/docs/security/vpn5000/manager/reference/guide/appA.html
- http://web.stanford.edu/class/cs101/
- https://www.geeksforgeeks.org/basics-computer-networking/
- Subnetting
- https://www.computernetworkingnotes.com/ccna-study-guide/subnetting-tutorial-subnetting-explained-with-examples.html
#### Video Links
- https://www.youtube.com/playlist?list=PLhfrWIlLOoKPc2RecyiM_A9nf3fUU3e6g
- https://www.youtube.com/watch?v=S7MNX_UD7vY&list=PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P
### Topics to read about
- Docker in Docker
- [Docker/Containers](https://www.oreilly.com/library/view/docker-deep-dive/9781800565135/)
- Containers
### Basics of Kubernetes
#### Reading Material
- https://nubenetes.com/kubernetes-tutorials/
- https://kubernetes.io/docs/concepts/
#### Video Material
- [Techworld with Nana 101](https://www.youtube.com/playlist?list=PLy7NrYWoggjziYQIDorlXjTvvwweTYoNC)
- [Jeff Geerling Kubernetes 101](https://www.youtube.com/watch?v=IcslsH7OoYo&list=PL2_OBreMn7FoYmfx27iSwocotjiikS5BD)
#### Hands-On Kubernetes
- https://kube.academy/
- https://www.civo.com/academy
### Networking in Kubernetes
- [Kubernetes Networking 101](https://youtu.be/CYnwBIpvSlM?t=284)
- [CNCF Kubernetes 101](https://www.youtube.com/watch?v=cUGXu2tiZMc)
### Tools/Commands to help with troubleshooting.
- [mtr](https://www.redhat.com/sysadmin/linux-mtr-command) - Tracing the packet from the source to destination
- [tcpdump](https://linuxconfig.org/how-to-use-tcpdump-command-on-linux) - Monitor packets
- [wireshark](https://www.lifewire.com/wireshark-tutorial-4143298) - Read/Sniff packets
- [nslookup](https://phoenixnap.com/kb/nslookup-command) - Lookup Nameservers
- [netstat](https://www.lifewire.com/netstat-command-2618098) - List network details
- [curl](https://linuxhandbook.com/curl-command-examples/) - Curl a website from the command line
- [ifconfig](https://www.tecmint.com/ifconfig-command-examples/)/[ip](https://www.geeksforgeeks.org/ip-command-in-linux-with-examples/) - Show ip address configuration
- [dig](https://www.geeksforgeeks.org/dig-command-in-linux-with-examples/) - Query Nameservers
- [ipcalc](https://www.linux.com/topic/networking/how-calculate-network-addresses-ipcalc/) - Calculate IP addresses
- Advanced Tools for troubleshooting
- [Netshoot](https://github.com/nicolaka/netshoot) - Troubleshoot Networks
- Cluster Creation tools
- [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
- [minikube](https://minikube.sigs.k8s.io/docs/start/)
- MacOS users
- [docker-mac-net-connect](https://github.com/chipmk/docker-mac-net-connect) - See this [issue](https://github.com/kubernetes/minikube/issues/7332)

9
NEW_RELEASE_PROCESS.md
View file

@ -1,9 +0,0 @@
# Semi-Automated Release Process
1. Update TAG
2. Cloud Build
3. k8s.io PR
4. git pull origin main
5. git checkout -b $RELEASE_VERSION
6. mage release:newrelease $RELEASE_VERSION
7. Wait for PR

1
NGINX_BASE
View file

@ -1 +0,0 @@
registry.k8s.io/ingress-nginx/nginx:v2.0.0@sha256:3e7bda4cf5111d283ed1e4ff5cc9a2b5cdc5ebe62d50ba67473d3e25b1389133

16
OWNERS
View file

@ -1,13 +1,11 @@
# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
approvers:
- ingress-nginx-maintainers
- ingress-nginx-admins
- ingress-nginx-maintainers
- ElvinEfendi
reviewers:
- ingress-nginx-reviewers
emeritus_approvers:
- aledbf # 2020-04-02
- bowei # 2022-10-12
- ElvinEfendi # 2023-04-23
- rikatz # 2024-12-15
- aledbf
- ElvinEfendi
- cmluciano

23
OWNERS_ALIASES
View file

@ -1,17 +1,12 @@
# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
# See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md
aliases:
sig-network-leads:
- caseydavenport
- dcbw
- thockin
ingress-nginx-admins:
- bowei
- aledbf
ingress-nginx-maintainers:
- cpanato
- Gacko
- strongjz
- tao12345666333
ingress-nginx-reviewers:
- cpanato
- Gacko
- strongjz
- tao12345666333
ingress-nginx-docs-maintainers:
- longwuyuan
- aledbf

105
README.md
View file

@ -1,94 +1,57 @@
# Ingress NGINX Controller
## Help us to improve the NGINX Ingress controller [completing the survey](https://docs.google.com/forms/d/15ULTOvYDsV920V0GWrspew4yyjEmTAi740Wr34UgKwA/viewform)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/5691/badge)](https://bestpractices.coreinfrastructure.org/projects/5691)
---
# NGINX Ingress Controller
[![Coverage Status](https://codecov.io/gh/kubernetes/ingress-nginx/branch/master/graph/badge.svg)](https://codecov.io/gh/kubernetes/ingress-nginx)
[![Go Report Card](https://goreportcard.com/badge/github.com/kubernetes/ingress-nginx)](https://goreportcard.com/report/github.com/kubernetes/ingress-nginx)
[![GitHub license](https://img.shields.io/github/license/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE)
[![GitHub license](https://img.shields.io/github/license/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/blob/master/LICENSE)
[![GitHub stars](https://img.shields.io/github/stars/kubernetes/ingress-nginx.svg)](https://github.com/kubernetes/ingress-nginx/stargazers)
[![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md)
[![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/master/CONTRIBUTING.md)
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx?ref=badge_shield)
## Overview
ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load
balancer.
ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load balancer.
[Learn more about Ingress on the Kubernetes documentation site](https://kubernetes.io/docs/concepts/services-networking/ingress/).
Learn more about Ingress on the main [Kubernetes](https://kubernetes.io/docs/concepts/services-networking/ingress/) documentation site.
## Get started
See the [Getting Started](https://kubernetes.github.io/ingress-nginx/deploy/) document.
Do not use in multi-tenant Kubernetes production installations. This project assumes that users that can create Ingress objects are administrators of the cluster. See the [FAQ](https://kubernetes.github.io/ingress-nginx/faq/#faq) for more.
## Troubleshooting
If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.md),
[file an issue](https://github.com/kubernetes/ingress-nginx/issues), or talk to us on the
[#ingress-nginx channel](https://kubernetes.slack.com/messages/ingress-nginx) on the Kubernetes Slack server.
If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.md), [file an issue](https://github.com/kubernetes/ingress-nginx/issues), or talk to us on the [#ingress-nginx channel](https://kubernetes.slack.com/messages/ingress-nginx) on the Kubernetes Slack server.
## Changelog
See [the list of releases](https://github.com/kubernetes/ingress-nginx/releases) for all changes.
For detailed changes for each release, please check the [changelog-$version.md](./changelog) file for the release version.
For detailed changes on the `ingress-nginx` helm chart, please check the changelog folder for a specific version.
[CHANGELOG-$current-version.md](./charts/ingress-nginx/changelog) file.
### Supported Versions table
Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for
the versions listed. Ingress-Nginx versions **may** work on older versions, but the project does not make that guarantee.
| Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version |
| :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ |
| 🔄 | **v1.12.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.21.0 | 1.25.5 | 4.12.0 |
| 🔄 | **v1.12.0-beta.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.20.3 | 1.25.5 | 4.12.0-beta.0 |
| 🔄 | **v1.11.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.11.4 |
| 🔄 | **v1.11.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.11.3 |
| 🔄 | **v1.11.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.2 |
| 🔄 | **v1.11.1** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.1 |
| 🔄 | **v1.11.0** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.0 |
| | **v1.10.6** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.10.6 |
| | **v1.10.5** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.10.5 |
| | **v1.10.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.4 |
| | **v1.10.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.3 |
| | **v1.10.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.2 |
| | **v1.10.1** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.19.1 | 1.25.3 | 4.10.1 |
| | **v1.10.0** | 1.29, 1.28, 1.27, 1.26 | 3.19.1 | 1.25.3 | 4.10.0 |
| | v1.9.6 | 1.29, 1.28, 1.27, 1.26, 1.25 | 3.19.0 | 1.21.6 | 4.9.1 |
| | v1.9.5 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.9.0 |
| | v1.9.4 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.3 |
| | v1.9.3 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* |
| | v1.9.1 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* |
| | v1.9.0 | 1.28, 1.27, 1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* |
| | v1.8.4 | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* |
| | v1.7.1 | 1.27, 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* |
| | v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* |
| | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* |
| | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 |
| | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | 4.2.5 |
See [this article](https://kubernetes.io/blog/2021/07/26/update-with-ingress-nginx/) if you want upgrade to the stable
Ingress API.
## Get Involved
## Contributing
Thanks for taking the time to join our community and start contributing!
- This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md).
By participating in this project, you agree to abide by its terms.
- **Contributing**: Contributions of all kinds are welcome!
- This project adheres to the [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md). By participating in this project, you agree to abide by its terms.
- See [CONTRIBUTING.md](CONTRIBUTING.md) for information about setting up your environment, the workflow that we expect, and instructions on the developer certificate of origin that we require.
- Check out the [open issues](https://github.com/kubernetes/ingress-nginx).
- Join our Kubernetes Slack channel: [#ingress-nginx](https://kubernetes.slack.com/messages/CANQGM8BA/)
- Read [`CONTRIBUTING.md`](CONTRIBUTING.md) for information about setting up your environment, the workflow that we
expect, and instructions on the developer certificate of origin that we require.
- Join our Kubernetes Slack channel for developer discussion : [#ingress-nginx-dev](https://kubernetes.slack.com/archives/C021E147ZA4).
- Submit GitHub issues for any feature enhancements, bugs, or documentation problems.
- Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**.
- Join our [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
- **Support**:
## Changelog
- Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users.
- The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests.
- **Discuss**: Tweet using the `#IngressNginx` hashtag or sharing with us [@IngressNginx](https://twitter.com/IngressNGINX).
See [the list of releases](https://github.com/kubernetes/ingress-nginx/releases) to find out about feature changes
For detailed changes for each release; please check the [Changelog.md](Changelog.md)
# Get Involved
- **Contributing**: Pull requests are welcome!
- Read [`CONTRIBUTING.md`](CONTRIBUTING.md) and check out [help-wanted](https://github.com/kubernetes/ingress-nginx/labels/help%20wanted) issues
- Submit github issues for any feature enhancements, bugs or documentation problems
- **Support**: Join to [Kubernetes Slack](http://slack.kubernetes.io/) in the [#ingress-nginx](https://kubernetes.slack.com/messages/CANQGM8BA/) channel to ask questions to get support from the maintainers and other users
- The [github issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests.
- **Discuss**: Tweet using the `#IngressNginx` hashtag
## Issues
Please make sure to read the [Issue Reporting Checklist](https://github.com/kubernetes/ingress-nginx/blob/master/CONTRIBUTING.md#issue-reporting-guidelines) before opening an issue. Issues not conforming to the guidelines **may be closed immediately**.
## License
[Apache License 2.0](https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE)
[Apache License 2.0](https://github.com/kubernetes/ingress-nginx/blob/master/LICENSE)

4
SECURITY_CONTACTS
View file

@ -9,5 +9,5 @@
#
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
# INSTRUCTIONS AT https://kubernetes.io/security/
Gacko
strongjz
aledbf

1
TAG Normal file
View file

@ -0,0 +1 @@
v0.35.0

79
build/build-plugin.sh Executable file
View file

@ -0,0 +1,79 @@
#!/bin/bash
# Copyright 2018 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
if [ -n "$DEBUG" ]; then
set -x
fi
set -o errexit
set -o nounset
set -o pipefail
declare -a mandatory
mandatory=(
PKG
ARCH
COMMIT_SHA
REPO_INFO
TAG
)
missing=false
for var in "${mandatory[@]}"; do
if [[ -z "${!var:-}" ]]; then
echo "Environment variable $var must be set"
missing=true
fi
done
if [ "$missing" = true ]; then
exit 1
fi
export CGO_ENABLED=0
release=cmd/plugin/release
function build_for_arch(){
os=$1
arch=$2
extension=$3
env GOOS="${os}" GOARCH="${arch}" go build \
"${GOBUILD_FLAGS}" \
-trimpath -ldflags="-buildid= -w -s" \
-X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${COMMIT_SHA} \
-X ${PKG}/version.REPO=${REPO_INFO}" \
-o "${release}/kubectl-ingress_nginx${extension}" "${PKG}/cmd/plugin"
cp LICENSE ${release}
tar -C "${release}" -zcvf "${release}/kubectl-ingress_nginx-${os}-${arch}.tar.gz" "kubectl-ingress_nginx${extension}" LICENSE
rm "${release}/kubectl-ingress_nginx${extension}"
hash=$(sha256sum "${release}/kubectl-ingress_nginx-${os}-${arch}.tar.gz" | awk '{ print $1 }')
sed -i "s/%%%shasum_${os}_${arch}%%%/${hash}/g" "${release}/ingress-nginx.yaml"
}
rm -rf "${release}"
mkdir "${release}"
cp cmd/plugin/ingress-nginx.yaml.tmpl "${release}/ingress-nginx.yaml"
sed -i "s/%%%tag%%%/${TAG}/g" ${release}/ingress-nginx.yaml
build_for_arch darwin amd64 ''
build_for_arch linux amd64 ''
build_for_arch windows amd64 '.exe'

77
build/build.sh
View file

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
# Copyright 2018 The Kubernetes Authors.
#
@ -14,56 +14,55 @@
# See the License for the specific language governing permissions and
# limitations under the License.
GO_BUILD_CMD="go build"
#if [ -n "$DEBUG" ]; then
# set -x
# GO_BUILD_CMD="go build -v"
#fi
if [ -n "$DEBUG" ]; then
set -x
fi
set -o errexit
set -o nounset
set -o pipefail
declare -a mandatory
mandatory=(
PKG
ARCH
COMMIT_SHA
REPO_INFO
TAG
)
if [ -z "$PKG" ] || [ -z "$ARCH" ] || [ -z "$COMMIT_SHA" ] || [ -z "$REPO_INFO" ] || [ -z "$TAG" ]; then
echo "Environments PKG, ARCH, COMMIT_SHA, REPO_INFO and TAG are required"
exit 1
missing=false
for var in "${mandatory[@]}"; do
if [[ -z "${!var:-}" ]]; then
echo "Environment variable $var must be set"
missing=true
fi
done
if [ "$missing" = true ]; then
exit 1
fi
export CGO_ENABLED=0
export GOARCH="${ARCH}"
export GOARCH=${ARCH}
TARGETS_DIR="rootfs/bin/${ARCH}"
echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} directory."
echo "Building ${PKG}/cmd/nginx"
${GO_BUILD_CMD} \
go build \
-trimpath -ldflags="-buildid= -w -s \
-X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${COMMIT_SHA} \
-X ${PKG}/version.REPO=${REPO_INFO}" \
-buildvcs=false \
-o "${TARGETS_DIR}/nginx-ingress-controller" "${PKG}/cmd/nginx"
-X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${COMMIT_SHA} \
-X ${PKG}/version.REPO=${REPO_INFO}" \
-o "rootfs/bin/${ARCH}/nginx-ingress-controller" "${PKG}/cmd/nginx"
echo "Building ${PKG}/cmd/dbg"
${GO_BUILD_CMD} \
go build \
-trimpath -ldflags="-buildid= -w -s \
-X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${COMMIT_SHA} \
-X ${PKG}/version.REPO=${REPO_INFO}" \
-buildvcs=false \
-o "${TARGETS_DIR}/dbg" "${PKG}/cmd/dbg"
-X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${COMMIT_SHA} \
-X ${PKG}/version.REPO=${REPO_INFO}" \
-o "rootfs/bin/${ARCH}/dbg" "${PKG}/cmd/dbg"
echo "Building ${PKG}/cmd/waitshutdown"
${GO_BUILD_CMD} \
go build \
-trimpath -ldflags="-buildid= -w -s \
-X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${COMMIT_SHA} \
-X ${PKG}/version.REPO=${REPO_INFO}" \
-buildvcs=false \
-o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown"
-X ${PKG}/version.RELEASE=${TAG} \
-X ${PKG}/version.COMMIT=${COMMIT_SHA} \
-X ${PKG}/version.REPO=${REPO_INFO}" \
-o "rootfs/bin/${ARCH}/wait-shutdown" "${PKG}/cmd/waitshutdown"

42
build/dev-env.sh
View file

@ -36,7 +36,7 @@ if ! command -v kind &> /dev/null; then
fi
if ! command -v kubectl &> /dev/null; then
echo "Please install kubectl 1.24.0 or higher"
echo "Please install kubectl 1.15 or higher"
exit 1
fi
@ -45,18 +45,15 @@ if ! command -v helm &> /dev/null; then
exit 1
fi
function ver { printf "%d%03d%03d" $(echo "$1" | tr '.' ' '); }
HELM_VERSION=$(helm version 2>&1 | cut -f1 -d"," | grep -oE '[0-9]+\.[0-9]+\.[0-9]+') || true
echo $HELM_VERSION
if [[ $(ver $HELM_VERSION) -lt $(ver "3.10.0") ]]; then
echo "Please upgrade helm to v3.10.0 or higher"
HELM_VERSION=$(helm version 2>&1 | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+') || true
if [[ ${HELM_VERSION} < "v3.0.0" ]]; then
echo "Please upgrade helm to v3.0.0 or higher"
exit 1
fi
KUBE_CLIENT_VERSION=$(kubectl version --client -oyaml 2>/dev/null | grep "minor:" | awk '{print $2}' | tr -d '"') || true
if [[ ${KUBE_CLIENT_VERSION} -lt 24 ]]; then
echo "Please update kubectl to 1.24.2 or higher"
KUBE_CLIENT_VERSION=$(kubectl version --client --short | awk '{print $3}' | cut -d. -f2) || true
if [[ ${KUBE_CLIENT_VERSION} -lt 14 ]]; then
echo "Please update kubectl to 1.15 or higher"
exit 1
fi
@ -64,13 +61,32 @@ echo "[dev-env] building image"
make build image
docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}"
export K8S_VERSION=${K8S_VERSION:-v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027}
export K8S_VERSION=${K8S_VERSION:-v1.18.4@sha256:d8ff5fc405fc679dd3dd0cccc01543ba4942ed90823817d2e9e2c474a5343c4f}
KIND_CLUSTER_NAME="ingress-nginx-dev"
if ! kind get clusters -q | grep -q ${KIND_CLUSTER_NAME}; then
echo "[dev-env] creating Kubernetes cluster with kind"
kind create cluster --name ${KIND_CLUSTER_NAME} --image "kindest/node:${K8S_VERSION}" --config ${DIR}/kind.yaml
echo "[dev-env] creating Kubernetes cluster with kind"
cat <<EOF | kind create cluster --name ${KIND_CLUSTER_NAME} --image "kindest/node:${K8S_VERSION}" --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
authorization-mode: "AlwaysAllow"
extraPortMappings:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP
EOF
else
echo "[dev-env] using existing Kubernetes kind cluster"
fi

18
build/kind.yaml
View file

@ -1,18 +0,0 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
authorization-mode: "AlwaysAllow"
extraPortMappings:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP

47
test/e2e/run-e2e-suite.sh → build/run-e2e-suite.sh
View file

@ -14,16 +14,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
if [ -n "$DEBUG" ]; then
if ! [ -z "$DEBUG" ]; then
set -x
else
trap cleanup EXIT
fi
function cleanup {
kubectl delete pod e2e 2>/dev/null || true
}
set -o errexit
set -o nounset
set -o pipefail
@ -49,9 +43,16 @@ if [ "$missing" = true ]; then
exit 1
fi
BASEDIR=$(dirname "$0")
NGINX_BASE_IMAGE=$(cat $BASEDIR/../../NGINX_BASE)
HTTPBUN_IMAGE=$(cat $BASEDIR/HTTPBUN_IMAGE)
function cleanup {
kubectl delete pod e2e 2>/dev/null || true
}
trap cleanup EXIT
E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS:-}
FOCUS=${FOCUS:-.*}
export E2E_CHECK_LEAKS
export FOCUS
echo -e "${BGREEN}Granting permissions to ingress-nginx e2e service account...${NC}"
kubectl create serviceaccount ingress-nginx-e2e || true
@ -61,14 +62,11 @@ kubectl create clusterrolebinding permissive-binding \
--user=kubelet \
--serviceaccount=default:ingress-nginx-e2e || true
VER=$(kubectl version --client=false -o json |jq '.serverVersion.minor |tonumber')
if [ $VER -lt 24 ]; then
echo -e "${BGREEN}Waiting service account...${NC}"; \
until kubectl get secret | grep -q -e ^ingress-nginx-e2e-token; do \
echo -e "waiting for api token"; \
sleep 3; \
done
fi
echo -e "${BGREEN}Waiting service account...${NC}"; \
until kubectl get secret | grep -q -e ^ingress-nginx-e2e-token; do \
echo -e "waiting for api token"; \
sleep 3; \
done
echo -e "Starting the e2e test pod"
@ -77,19 +75,6 @@ kubectl run --rm \
--restart=Never \
--env="E2E_NODES=${E2E_NODES}" \
--env="FOCUS=${FOCUS}" \
--env="IS_CHROOT=${IS_CHROOT:-false}"\
--env="SKIP_OPENTELEMETRY_TESTS=${SKIP_OPENTELEMETRY_TESTS:-false}"\
--env="E2E_CHECK_LEAKS=${E2E_CHECK_LEAKS}" \
--env="NGINX_BASE_IMAGE=${NGINX_BASE_IMAGE}" \
--env="HTTPBUN_IMAGE=${HTTPBUN_IMAGE}" \
--overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "ingress-nginx-e2e"}}' \
e2e --image=nginx-ingress-controller:e2e
# Get the junit-reports stored in the configMaps created during e2etests
echo "Getting the report file out now.."
reportsDir="test/junitreports"
reportFile="report-e2e-test-suite.xml.gz"
mkdir -p $reportsDir
cd $reportsDir
kubectl get cm $reportFile -o "jsonpath={.binaryData['${reportFile//\./\\.}']}" | base64 -d | gunzip > ${reportFile%\.gz}
echo "done getting the report file out.."

64
build/run-in-docker.sh
View file

@ -14,39 +14,27 @@
# See the License for the specific language governing permissions and
# limitations under the License.
DEBUG=${DEBUG:-"false"}
if [ "$DEBUG" == "true" ]; then
if [ -n "$DEBUG" ]; then
set -x
fi
RUNTIME=${RUNTIME:-"docker"}
set -o errexit
set -o nounset
set -o pipefail
# temporal directory for the /etc/ingress-controller directory
if [[ "$OSTYPE" == darwin* ]]; then
mkdir -p "tmp"
INGRESS_VOLUME=$(pwd)/$(mktemp -d tmp/XXXXXX)
else
INGRESS_VOLUME=$(mktemp -d)
fi
INGRESS_VOLUME=$(mktemp -d)
# make sure directory for SSL cert storage exists under ingress volume
mkdir "${INGRESS_VOLUME}/ssl"
if [[ "$OSTYPE" == darwin* ]]; then
INGRESS_VOLUME=/private$INGRESS_VOLUME
fi
function cleanup {
rm -rf "${INGRESS_VOLUME}"
}
trap cleanup EXIT
E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441}
if [[ "$RUNTIME" == podman ]]; then
# Podman does not support both tag and digest
E2E_IMAGE=$(echo $E2E_IMAGE | awk -F "@sha" '{print $1}')
fi
E2E_IMAGE=${E2E_IMAGE:-k8s.gcr.io/ingress-nginx/e2e-test-runner:v20200812-gf6dce060b@sha256:a2b6585d6badd2bbf8805cb1f576e7eb6be8fd1e5ece7c362eaa9610f22786ba}
DOCKER_OPTS=${DOCKER_OPTS:-}
DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-}
@ -64,33 +52,21 @@ fi
# create output directory as current user to avoid problem with docker.
mkdir -p "${KUBE_ROOT}/bin" "${KUBE_ROOT}/bin/${ARCH}"
PLATFORM="${PLATFORM:-}"
if [[ -n "$PLATFORM" ]]; then
PLATFORM_FLAG=--platform
else
PLATFORM_FLAG=
fi
USER=${USER:-nobody}
USE_SHELL=${USE_SHELL:-"/bin/bash"}
if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
echo "..reached DIND check TRUE block, inside run-in-docker.sh"
echo "FLAGS=$FLAGS"
#go env
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.22.2
find / -type f -name ginkgo 2>/dev/null
which ginkgo
/bin/bash -c "${FLAGS}"
else
echo "Reached DIND check ELSE block, inside run-in-docker.sh"
args="${PLATFORM_FLAG} ${PLATFORM} --tty --rm ${DOCKER_OPTS} -e DEBUG=${DEBUG} -e GOCACHE="/go/src/${PKG}/.cache" -e GOMODCACHE="/go/src/${PKG}/.modcache" -e DOCKER_IN_DOCKER_ENABLED="true" -v "${HOME}/.kube:${HOME}/.kube" -v "${KUBE_ROOT}:/go/src/${PKG}" -v "${KUBE_ROOT}/bin/${ARCH}:/go/bin/linux_${ARCH}" -v "${INGRESS_VOLUME}:/etc/ingress-controller/" -w "/go/src/${PKG}""
if [[ "$RUNTIME" == "docker" ]]; then
args="$args -v /var/run/docker.sock:/var/run/docker.sock"
fi
${RUNTIME} run $args ${E2E_IMAGE} ${USE_SHELL} -c "${FLAGS}"
docker run \
--tty \
--rm \
${DOCKER_OPTS} \
-e GOCACHE="/go/src/${PKG}/.cache" \
-e DOCKER_IN_DOCKER_ENABLED="true" \
-v "${HOME}/.kube:${HOME}/.kube" \
-v "${KUBE_ROOT}:/go/src/${PKG}" \
-v "${KUBE_ROOT}/bin/${ARCH}:/go/bin/linux_${ARCH}" \
-v "/var/run/docker.sock:/var/run/docker.sock" \
-v "${INGRESS_VOLUME}:/etc/ingress-controller/" \
-w "/go/src/${PKG}" \
-u $(id -u ${USER}):$(id -g ${USER}) \
${E2E_IMAGE} /bin/bash -c "${FLAGS}"
fi

2
build/run-ingress-controller.sh
View file

@ -49,7 +49,7 @@ fi
SSL_VOLUME=$(mktemp -d)
function cleanup {
echo -e "${BGREEN}Stopping kubectl proxy${NC}"
echo -e "${BGREEN}Stoping kubectl proxy${NC}"
rm -rf "${SSL_VOLUME}"
kill "$proxy_pid"
}

28
test/test-lua.sh → build/test-lua.sh
View file

@ -25,22 +25,12 @@ set -o pipefail
BUSTED_ARGS="-v --pattern=_test"
SHDICT_ARGS=(
"-I" "./rootfs/etc/nginx/lua"
"--shdict" "configuration_data 5M"
"--shdict" "certificate_data 16M"
"--shdict" "certificate_servers 1M"
"--shdict" "ocsp_response_cache 1M"
"--shdict" "balancer_ewma 1M"
"--shdict" "quota_tracker 1M"
"--shdict" "high_throughput_tracker 1M"
"--shdict" "balancer_ewma_last_touched_at 1M"
"--shdict" "balancer_ewma_locks 512k"
"./rootfs/etc/nginx/lua/test/run.lua"
)
if [ $# -eq 0 ]; then
resty "${SHDICT_ARGS[@]}" ./rootfs/etc/nginx/lua/test/ ${BUSTED_ARGS}
else
resty "${SHDICT_ARGS[@]}" $@ ${BUSTED_ARGS}
fi
resty \
-I ./rootfs/etc/nginx/lua \
--shdict "configuration_data 5M" \
--shdict "certificate_data 16M" \
--shdict "certificate_servers 1M" \
--shdict "balancer_ewma 1M" \
--shdict "balancer_ewma_last_touched_at 1M" \
--shdict "balancer_ewma_locks 512k" \
./rootfs/etc/nginx/lua/test/run.lua ${BUSTED_ARGS} ./rootfs/etc/nginx/lua/test/ ./rootfs/etc/nginx/lua/plugins/**/test

1
test/test.sh → build/test.sh
View file

@ -23,7 +23,6 @@ set -o errexit
set -o nounset
set -o pipefail
mkdir -p /tmp/nginx
if [ -z "${PKG}" ]; then
echo "PKG must be set"
exit 1

68
changelog/controller-1.10.0.md
View file

@ -1,68 +0,0 @@
# Changelog
This release is the first using NGINX v1.25.0!
## Breaking changes
* This version does not support chroot image, this will be fixed on a future minor patch release
* This version dropped Opentracing and zipkin modules, just Opentelemetry is supported
* This version dropped support for PodSecurityPolicy
* This version dropped support for GeoIP (legacy). Only GeoIP2 is supported
### controller-v1.10.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
### All changes:
* Start the release of v1.10.0 (#11038)
* bump nginx and Go, remove tag file and old CI jobs (#11037)
* Fix kubewebhook image tag (#11033)
* add missing backend-protocol annotation option (#9545)
* Update controller-prometheusrules.yaml (#8902)
* Stop reporting interrupted tests (#11027)
* test(gzip): reach ingress (#9541)
* fix datasource, $exported_namespace variable in grafana nginx dashboard (#9092)
* Properly support a TLS-wrapped OCSP responder (#10164)
* Fix print-e2e-suite (#9536)
* chore(deps): upgrade headers-more module to 0.37 (#10991)
* Update ingress-path-matching.md (#11008)
* Update ingress-path-matching.md (#11007)
* E2E Tests: Explicitly enable metrics. (#10962)
* Chart: Set `--enable-metrics` depending on `controller.metrics.enabled`. (#10959)
* Chart: Remove useless `default` from `_params.tpl`. (#10957)
* Fix golang makefile var name (#10932)
* Fixing image push (#10931)
* fix: live-docs script (#10928)
* docs: Add vouch-proxy OAuth example (#10929)
* Add OTEL build test and for NGINX v1.25 (#10889)
* docs: update annotations docs with missing session-cookie section (#10917)
* Release controller 1.9.6 and helm 4.9.1 (#10919)
### Dependency updates:
* Bump kubewebhook certgen (#11034)
* Bump go libraries (#11023)
* Bump modsecurity on nginx 1.25 (#11024)
* Bump grpc and reintroduce OTEL compilation (#11021)
* Bump github/codeql-action from 3.24.0 to 3.24.5 (#11017)
* Bump actions/dependency-review-action from 4.0.0 to 4.1.3 (#11016)
* Bump dorny/paths-filter from 3.0.0 to 3.0.1 (#10994)
* Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 (#10998)
* Bump actions/upload-artifact from 4.3.0 to 4.3.1 (#10978)
* Bump actions/download-artifact from 4.1.1 to 4.1.2 (#10981)
* Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#10979)
* Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#10980)
* Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (#10976)
* Bump github/codeql-action from 3.23.2 to 3.24.0 (#10971)
* Bump github.com/opencontainers/runc from 1.1.11 to 1.1.12 (#10951)
* Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#10938)
* Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#10937)
* Bump dorny/test-reporter from 1.7.0 to 1.8.0 (#10936)
* Bump github/codeql-action from 3.23.1 to 3.23.2 (#10935)
* Bump dorny/paths-filter from 2.11.1 to 3.0.0 (#10934)
* Bump alpine to 3.19.1 (#10930)
* Bump go to v1.21.6 and set a single source of truth (#10926)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.6...controller-v1.10.0

57
changelog/controller-1.10.1.md
View file

@ -1,57 +0,0 @@
# Changelog
### controller-v1.10.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.1@sha256:c155954116b397163c88afcb3252462771bd7867017e8a17623e83601bab7ac7
### All changes:
* start 1.10.1 build (#11246)
* force nginx rebuild (#11245)
* update k8s version to latest kind release (#11241)
* remove _ssl_expire_time_seconds metric by identifier (#11239)
* update post submit helm ci and clean up (#11221)
* Chart: Add unit tests for default backend & topology spread constraints. (#11219)
* sort default backend hpa metrics (#11217)
* updated certgen image shatag (#11216)
* changed testrunner image sha (#11211)
* bumped certgeimage tag (#11213)
* updated baseimage & deleted a useless file (#11209)
* bump ginkgo to 2-17-1 in testrunner (#11204)
* chunking related faq update (#11205)
* Fix-semver (#11199)
* refactor helm ci tests part I (#11188)
* Proposal: e2e tests for regex patterns (#11185)
* bump ginkgo to v2.17.1 (#11186)
* fixes brotli build issue (#11187)
* fix geoip2 configuration docs (#11151)
* Fix typos in OTel doc (#11081) (#11129)
* Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
* Chart: Align HPA & KEDA conditions. (#11113)
* Chart: Improve IngressClass documentation. (#11111)
* Chart: Add Gacko to maintainers. Again. (#11112)
* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
* Chores: Pick patches from main. (#11103)
### Dependency updates:
* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
* Bump github.com/prometheus/client_model in the all group (#11231)
* Bump the all group with 3 updates (#11230)
* Bump the all group with 2 updates (#11190)
* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
* Bump the all group with 3 updates (#11166)
* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
* Bump the all group with 4 updates (#11140)
* Bump the all group with 1 update (#11136)
* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)

130
changelog/controller-1.10.2.md
View file

@ -1,130 +0,0 @@
# Changelog
### controller-v1.10.2
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.2@sha256:e3311b3d9671bc52d90572bcbfb7ee5b71c985d6d6cffd445c241f1e2703363c
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.2@sha256:c4395cba98f9721e3381d3c06e7994371bae20f5ab30e457cd7debe44a8c8c54
### All changes:
* update test runner to latest build (#11557)
* add k8s 1.30 to ci build (#11553)
* update test runner go base to 3.20 (#11550)
* tag new test runner image with new nginx base 0.0.8 (#11549)
* bump NGINX_BASE to v0.0.8 (#11543)
* trigger build for NGINX-1.25 v0.0.8 (#11542)
* Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11548)
* [feature] bump nginx to 1.25.5 and add http3 module (#11541)
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11534)
* bump alpine version to 3.20 to custom-error-pages (#11537)
* fix: Ensure changes in MatchCN annotation are detected (#11528)
* Docs: Add information about HTTP/3 support. (#11525)
* Docs: Specify `ingressClass` for multi-controller setup. (#11520)
* Docs: Improve default certificate usage. (#11519)
* docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11500)
* Update getting-started.md with new prerequisites (#11487)
* Fix boolean configuration (#11484)
* Chores: Align security contacts & chart maintainers to actual owners. (#11480)
* CI: Bump forgotten Ginkgo versions. (#11469)
* Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11468)
* Owners: Promote Gacko to admin. (#11464)
* fixed fastcgi userguide (#11455)
* Remove unnecessary space character (#11451)
* fix for docs issue 11432 (#11446)
* Update index.md (#11445)
* upgrade to alpine 3.20 (#11438)
* update golang to 1.22.4 (#11431)
* Adapt dashboards for Grafana 11 compatibility (#11414)
* Rename variable to fix typo (#11413)
* Fix helm install on cloud provider admonition block (#11412)
* edited helm-install tips (#11411)
* added info for aws helm install (#11410)
* added multiplecontrollers-howto to faq (#11409)
* removed tlsv1 & tlsv1.1 (#11408)
* Docs: Remove opentracing and zipkin from docs (#11405)
* Go: Sync modules from `main`. (#11398)
* add workflow to helm release and update ct for branch (#11317)
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11314)
* Release Helm Chart on branch update (#11306)
* Release controller 1.10.1 (#11298)
* fix path in file changed detected message (#11286)
* chore: fix function names in comment (#11281)
* fix: update kube version requirement to 1.21 (#11279)
* release helm chart from release branch (#11278)
* start 1.10.1 build (#11246)
* force nginx rebuild (#11245)
* update k8s version to latest kind release (#11241)
* remove _ssl_expire_time_seconds metric by identifier (#11239)
* update post submit helm ci and clean up (#11221)
* Chart: Add unit tests for default backend & topology spread constraints. (#11219)
* sort default backend hpa metrics (#11217)
* updated certgen image shatag (#11216)
* changed testrunner image sha (#11211)
* bumped certgeimage tag (#11213)
* updated baseimage & deleted a useless file (#11209)
* bump ginkgo to 2-17-1 in testrunner (#11204)
* chunking related faq update (#11205)
* Fix-semver (#11199)
* refactor helm ci tests part I (#11188)
* Proposal: e2e tests for regex patterns (#11185)
* bump ginkgo to v2.17.1 (#11186)
* fixes brotli build issue (#11187)
* fix geoip2 configuration docs (#11151)
* Fix typos in OTel doc (#11081) (#11129)
* Chart: Render `controller.ingressClassResource.parameters` natively. (#11126)
* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11114)
* Chart: Align HPA & KEDA conditions. (#11113)
* Chart: Improve IngressClass documentation. (#11111)
* Chart: Add Gacko to maintainers. Again. (#11112)
* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11105)
* Chores: Pick patches from main. (#11103)
* Start the release of v1.10.0 (#11038)
### Dependency updates:
* Bump the all group with 2 updates (#11524)
* Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11521)
* Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11501)
* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11479)
* Bump the all group with 3 updates (#11478)
* Bump the all group with 2 updates (#11477)
* Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11471)
* Bump sigs.k8s.io/controller-runtime in the all group (#11449)
* Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11447)
* Bump the all group with 3 updates (#11450)
* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11448)
* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11422)
* Bump the all group with 2 updates (#11421)
* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11423)
* Bump the all group across 1 directory with 6 updates (#11407)
* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11406)
* Bump the all group with 3 updates (#11404)
* Bump Kubernetes version on images (#11403)
* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11402)
* Bump the all group with 4 updates (#11380)
* Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11301)
* Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11300)
* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11285)
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11284)
* Bump the all group with 2 updates (#11266)
* Bump azure/setup-helm from 3.5 to 4 (#11265)
* Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11264)
* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
* Bump github.com/prometheus/client_model in the all group (#11231)
* Bump the all group with 3 updates (#11230)
* Bump the all group with 2 updates (#11190)
* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
* Bump the all group with 3 updates (#11166)
* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
* Bump the all group with 4 updates (#11140)
* Bump the all group with 1 update (#11136)
* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.1...controller-v1.10.2

37
changelog/controller-1.10.3.md
View file

@ -1,37 +0,0 @@
# Changelog
### controller-v1.10.3
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.3@sha256:b5a5082f8e508cc1aac1c0ef101dc2f87b63d51598a5747d81d6cf6e7ba058fd
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.3@sha256:9033e04bd3cd01f92414f8d5999c5095734d4caceb4923942298152a38373d4b
### All changes:
* Images: Trigger `controller` v1.10.3 build. (#11648)
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11646)
* Images: Re-run `test-runner` build. (#11643)
* Images: Trigger `test-runner` build. (#11639)
* Images: Bump `NGINX_BASE` to v0.0.10. (#11637)
* Images: Trigger NGINX build. (#11631)
* bump testing runner (#11626)
* remove modsecurity coreruleset test files from nginx image (#11619)
* unskip the ocsp tests and update images to fix cfssl bug (#11615)
* Fix indent in YAML for example pod (#11609)
* Images: Bump `test-runner`. (#11604)
* Images: Bump `NGINX_BASE` to v0.0.9. (#11601)
* revert module upgrade (#11595)
* README: Fix support matrix. (#11593)
* Mage: Stop mutating release notes. (#11582)
* Images: Bump `kube-webhook-certgen`. (#11583)
### Dependency updates:
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11622)
* Bump the all group with 5 updates (#11613)
* Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11579)
* Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11577)
* Bump the all group with 4 updates (#11574)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.10.3

53
changelog/controller-1.10.4.md
View file

@ -1,53 +0,0 @@
# Changelog
### controller-v1.10.4
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.4@sha256:505b9048c02dde3d6c8667bf0b52aba7b36adf7b03da34c47d5fa312d2d4c6fc
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.4@sha256:bf71acf6e71830a4470e2183e3bc93c4f006b954f8a05fb434242ef0f8a24858
### All changes:
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11811)
* Images: Trigger controller build. (#11808)
* Tests & Docs: Bump images. (#11804)
* Images: Trigger failed builds. (#11801)
* Images: Trigger other builds. (#11797)
* Controller: Fix panic in alternative backend merging. (#11793)
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11791)
* Images: Trigger `test-runner` build. (#11786)
* Images: Bump `NGINX_BASE` to v0.0.12. (#11783)
* Images: Trigger NGINX build. (#11780)
* Cloud Build: Add missing config, remove unused ones. (#11776)
* Generate correct output on NumCPU() when using cgroups2 (#11775)
* Cloud Build: Tweak timeouts. (#11762)
* Cloud Build: Fix substitutions. (#11759)
* Cloud Build: Some chores. (#11756)
* Go: Bump to v1.22.6. (#11748)
* Images: Bump `NGINX_BASE` to v0.0.11. (#11744)
* Images: Trigger NGINX build. (#11736)
* docs: update OpenSSL Roadmap link (#11734)
* Go: Bump to v1.22.5. (#11731)
* Docs: Fix typo in AWS LB Controller reference (#11724)
* Perform some cleaning operations on line breaks. (#11722)
* Missing anchors in regular expression. (#11718)
* Docs: Fix `from-to-www` redirect description. (#11715)
* Chart: Remove `isControllerTagValid`. (#11714)
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11704)
* Docs: Clarify `from-to-www` redirect direction. (#11692)
* added real-client-ip faq (#11665)
* Docs: Format NGINX configuration table. (#11660)
### Dependency updates:
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11772)
* Bump the all group with 2 updates (#11770)
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11768)
* Bump the all group with 3 updates (#11729)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11700)
* Bump the all group with 2 updates (#11697)
* Bump the all group with 4 updates (#11676)
* Bump the all group with 2 updates (#11674)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.3...controller-v1.10.4

90
changelog/controller-1.10.5.md
View file

@ -1,90 +0,0 @@
# Changelog
### controller-v1.10.5
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.5@sha256:c84d11b1f7bd14ebbf49918a7f0dc01b31c0c6e757e0129520ea93453096315c
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.5@sha256:030a43bdd5f0212a7e135cc4da76b15a6706ef65a6824eb4cc401f87a81c2987
### All changes:
* Images: Trigger controller build. (#12133)
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12146)
* Images: Trigger `e2e-test-echo` build. (#12142)
* Images: Drop `s390x`. (#12139)
* Images: Build `s390x` controller. (#12128)
* Chart: Bump Kube Webhook CertGen. (#12122)
* Tests & Docs: Bump images. (#12120)
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12116)
* Images: Trigger other builds. (#12111)
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12104)
* Images: Trigger `test-runner` build. (#12101)
* Docs: Add a multi-tenant warning. (#12098)
* Go: Bump to v1.22.8. (#12093)
* Images: Bump `NGINX_BASE` to v0.1.0. (#12079)
* Images: Trigger NGINX build. (#12077)
* Images: Remove NGINX v1.21. (#12057)
* GitHub: Improve Dependabot. (#12037)
* Chart: Improve CI. (#12029)
* Chart: Extend image tests. (#12026)
* Docs: Add health check annotations for AWS. (#12021)
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12007)
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12001)
* Chart: Align default backend `PodDisruptionBudget`. (#11998)
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11985)
* Chart: Improve default backend service account. (#11973)
* Go: Bump to v1.22.7. (#11969)
* Images: Bump OpenTelemetry C++ Contrib. (#11950)
* Docs: Add note about `--watch-namespace`. (#11948)
* Images: Use latest Alpine 3.20 everywhere. (#11945)
* Fix minor typos (#11940)
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11933)
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11920)
* Images: Trigger `test-runner` build. (#11918)
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11888)
* Annotations: Allow commas in URLs. (#11886)
* CI: Grant checks write permissions to E2E Test Report. (#11884)
* Update maxmind post link about geolite2 license changes (#11880)
* Go: Sync `go.work.sum`. (#11876)
* Replace deprecated queue method (#11858)
* Auto-generate annotation docs (#11835)
### Dependency updates:
* Bump the actions group with 3 updates (#12150)
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12108)
* Bump the actions group with 3 updates (#12096)
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12088)
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12086)
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12084)
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12082)
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12054)
* Bump the go group across 1 directory with 3 updates (#12052)
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12048)
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12044)
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12045)
* Bump the all group with 2 updates (#12035)
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12015)
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12013)
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12011)
* Bump the all group with 2 updates (#11979)
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11978)
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11960)
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11959)
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11956)
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11929)
* Bump the all group with 2 updates (#11924)
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11912)
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11907)
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11906)
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11905)
* Bump the all group with 2 updates (#11870)
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11869)
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11848)
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11847)
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11846)
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11841)
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11833)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.4...controller-v1.10.5

92
changelog/controller-1.10.6.md
View file

@ -1,92 +0,0 @@
# Changelog
### controller-v1.10.6
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.6@sha256:b6fbd102255edb3ba8e5421feebe14fd3e94cf53d199af9e40687f536152189c
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.6@sha256:44ceedafc0e04a75521b5d472c1b6b5cc08afb8038b5bbfd79c21d066ccf300e
### All changes:
* Images: Trigger controller build. (#12611)
* Chart: Bump Kube Webhook CertGen. (#12608)
* Tests & Docs: Bump images. (#12605)
* Images: Trigger other builds (2/2). (#12598)
* Images: Trigger other builds (1/2). (#12597)
* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12592)
* Images: Trigger `test-runner` build. (#12586)
* Images: Bump `NGINX_BASE` to v0.2.0. (#12584)
* Images: Trigger NGINX build. (#12578)
* Go: Clean `go.work.sum`. (#12575)
* Repository: Update owners. (#12570)
* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12563)
* CI: Update KIND images. (#12559)
* Images: Bump Alpine to v3.21. (#12530)
* Docs: Add guide on how to set a Maintenance Page. (#12527)
* rikatz is stepping down (#12518)
* rikatz is stepping down (#12497)
* Go: Bump to v1.23.4. (#12485)
* Plugin: Bump `goreleaser` to v2. (#12442)
* GitHub: Fix `exec` in issue template. (#12389)
* CI: Update KIND images. (#12368)
* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12341)
* Go: Bump to v1.23.3. (#12339)
* Auth TLS: Add `_` to redirect RegEx. (#12328)
* Auth TLS: Improve redirect RegEx. (#12321)
* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12314)
* Images: Trigger `test-runner` build. (#12307)
* Config: Fix panic on invalid `lua-shared-dict`. (#12282)
* Docs: fix limit-rate-after references (#12280)
* Chart: Rework ServiceMonitor. (#12268)
* Chart: Add ServiceAccount tests. (#12266)
* CI: Fix chart testing. (#12260)
* [fix] fix nginx temp configs cleanup (#12224)
* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12204)
* Docs: Add Pod Security Admission. (#12198)
* Docs: Clarify external & service port in TCP/UDP services explanation. (#12194)
### Dependency updates:
* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12565)
* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12557)
* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12552)
* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12549)
* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12546)
* Bump the actions group with 2 updates (#12543)
* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12540)
* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12514)
* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12511)
* Bump the actions group with 3 updates (#12508)
* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12504)
* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12501)
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12478)
* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12473)
* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12466)
* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12463)
* Bump the go group across 1 directory with 2 updates (#12459)
* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12425)
* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12416)
* Bump the go group across 3 directories with 10 updates (#12414)
* Bump the actions group with 3 updates (#12410)
* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12382)
* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12375)
* Bump golangci-lint on actions and disable deprecated linters (#12363)
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12356)
* Bump the actions group with 3 updates (#12353)
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12351)
* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12297)
* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12294)
* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12290)
* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12275)
* Bump the go group across 3 directories with 11 updates (#12246)
* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12241)
* Bump the actions group with 5 updates (#12243)
* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12219)
* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12215)
* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12191)
* Bump the go group across 2 directories with 1 update (#12189)
* Bump the actions group with 2 updates (#12185)
* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12184)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.5...controller-v1.10.6

164
changelog/controller-1.11.0.md
View file

@ -1,164 +0,0 @@
# Changelog
### controller-v1.11.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.0@sha256:a886e56d532d1388c77c8340261149d974370edca1093af4c97a96fb1467cb39
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.0@sha256:f16dfed1c94d216b65e5dcb7508ab46148641a99649c5a700749db6f01a7039e
### All changes:
* update test runner to latest build (#11558)
* add k8s 1.30 to ci build (#11554)
* update test runner go base to 3.20 (#11552)
* tag new test runner image with new nginx base 0.0.8 (#11551)
* bump NGINX_BASE to v0.0.8 (#11544)
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
* trigger build for NGINX-1.25 v0.0.8 (#11539)
* bump alpine version to 3.20 to custom-error-pages (#11538)
* fix: Ensure changes in MatchCN annotation are detected (#11529)
* Docs: Add information about HTTP/3 support. (#11513)
* Docs: Specify `ingressClass` for multi-controller setup. (#11493)
* Docs: Improve default certificate usage. (#11504)
* Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11511)
* docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11495)
* Update getting-started.md with new prerequisites (#11486)
* [feature] bump nginx to 1.25.5 and add http3 module (#11470)
* Fix boolean configuration (#11483)
* Chores: Align security contacts & chart maintainers to actual owners. (#11465)
* CI: Bump forgotten Ginkgo versions. (#11467)
* Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11462)
* Owners: Promote Gacko to admin. (#11463)
* Chart: Make pod affinity templatable. (#11453)
* fixed fastcgi userguide (#11454)
* Remove unnecessary space character (#11434)
* upgrade to alpine 3.20 (#11428)
* fix for docs issue 11432 (#11433)
* Update index.md (#11437)
* update golang to 1.22.4 (#11427)
* Chart: Fix `IngressClass` annotations. (#11416)
* Chart: Make admission webhook patch job RBAC configurable. (#11376)
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
* Chart: Remove `controller.enableWorkerSerialReloads`. (#11400)
* Adapt dashboards for Grafana 11 compatibility (#11399)
* Rename variable to fix typo (#11395)
* Fix helm install on cloud provider admonition block (#11394)
* edited helm-install tips (#11393)
* added info for aws helm install (#11390)
* added multiplecontrollers-howto to faq (#11389)
* removed tlsv1 & tlsv1.1 (#11343)
* feat: Add grpc timeouts annotations (#11258)
* sfix position of options (#11379)
* add workflow to helm release and update ct for branch (#11378)
* Accept user defined annotations in IngressClass (#11362)
* Docs: Remove opentracing and zipkin from docs (#11361)
* Allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads which can lead to high resource usage and OOMKill (#10884)
* chore(deps): group update k8s.io packages to v0.30.0 (#11344)
* Fix function name in comment (#11296)
* fix path in file changed detected message (#11271)
* chore: fix function names in comment (#11280)
* fix: update kube version requirement to 1.21 (#11275)
* release helm chart from release branch (#11276)
* update k8s version to latest kind release (#11240)
* feat: add annotation to allow to add custom response headers (#9742)
* remove _ssl_expire_time_seconds metric by identifier (#9706)
* update post submit helm ci and clean up (#11220)
* Chart: Add unit tests for default backend & topology spread constraints. (#11218)
* sort default backend hpa metrics (#11215)
* updated certgen image shatag (#11214)
* feature(default_backend): topologySpreadConstraints on default backend (#11197)
* bumped certgeimage tag (#11212)
* changed testrunner image sha (#11207)
* updated baseimage & deleted a useless file (#11208)
* Chart: Make `controller.config` templatable. (#11181)
* chunking related faq update (#11196)
* bump ginkgo to 2-17-1 in testrunner (#11202)
* Owners: Promote Gacko to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`. (#11165)
* Fix-semver (#11193)
* refactor helm ci tests part I (#11178)
* fixes brotli build issue (#10484)
* bump ginkgo to v2.17.1 (#11177)
* Proposal: e2e tests for regex patterns (#11174)
* Controller: Make Leader Election TTL configurable. (#11142)
* Chores: Remove recently added whitespaces. (#11156)
* Add GRPC Buffer Size to the Configmap (#11155)
* fix geoip2 configuration docs (#11150)
* feature(geoip2_autoreload): Enable GeoIP2 auto_reload config (#11079)
* Chart: Add IngressClass aliases. (#11109)
* Fix typos in OTel doc (#11081)
* Chart: Render `controller.ingressClassResource.parameters` natively. (#11108)
* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11089)
* Chart: Align HPA & KEDA conditions. (#11110)
* Chart: Add Gacko to maintainers. Again. (#11107)
* Chart: Improve IngressClass documentation. (#11104)
* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11032)
* Undo #11062 since it breaks the nginx config (#11082)
* [mTLS] Fix acme verification when mTLS and Client CN verification is enabled (#11062)
* golangci-lint update, ci cleanup, group dependabot updates (#11071)
* bump golang (#11070)
* feature(leader_election): flag to disable leader election feature on controller (#11064)
* docs: update the 404 link to FAQ (#11069)
* Update README.md (#11065)
* quotes around numbers fort ports definitions (#11052)
### Dependency updates:
* Bump the all group with 2 updates (#11523)
* Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11499)
* Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11497)
* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11475)
* Bump the all group with 3 updates (#11474)
* Bump the all group with 2 updates (#11476)
* Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11442)
* Bump the all group with 3 updates (#11443)
* Bump sigs.k8s.io/controller-runtime in the all group (#11440)
* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11444)
* Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11441)
* Bump the all group with 2 updates (#11419)
* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11418)
* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11417)
* Bump the all group across 1 directory with 3 updates (#11384)
* Bump the all group across 1 directory with 6 updates (#11383)
* Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#11357)
* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11355)
* Bump the all group with 3 updates (#11348)
* Bump Kubernetes version on images (#11346)
* Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.18.1 (#11345)
* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11328)
* Bump the all group with 4 updates (#11327)
* Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11291)
* Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11290)
* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11282)
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11283)
* Bump the all group with 2 updates (#11261)
* Bump azure/setup-helm from 3.5 to 4 (#11263)
* Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11262)
* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11237)
* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11228)
* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11227)
* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11229)
* Bump github.com/prometheus/client_model in the all group (#11226)
* Bump the all group with 3 updates (#11225)
* Bump the all group with 2 updates (#11183)
* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11184)
* Bump the all group with 3 updates (#11157)
* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11159)
* Bump the all group with 4 updates (#11133)
* Bump the all group with 1 update (#11134)
* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11119)
* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11121)
* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11120)
* Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 (#11076)
* Bump the all group with 1 update (#11073)
* Bump the all group with 1 update (#11072)
* Bump github.com/prometheus/common from 0.49.0 to 0.50.0 (#11075)
* Bump actions/download-artifact from 4.1.2 to 4.1.4 (#11059)
* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#11055)
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#11057)
* Bump github.com/prometheus/common from 0.48.0 to 0.49.0 (#11056)
* Bump github/codeql-action from 3.24.5 to 3.24.6 (#11060)
* Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#11058)
* Bump dorny/paths-filter from 3.0.1 to 3.0.2 (#11061)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.11.0

45
changelog/controller-1.11.1.md
View file

@ -1,45 +0,0 @@
# Changelog
### controller-v1.11.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.1@sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.1@sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
### All changes:
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11647)
* Images: Re-run `test-runner` build. (#11644)
* Images: Trigger `test-runner` build. (#11640)
* Images: Bump `NGINX_BASE` to v0.0.10. (#11638)
* Images: Trigger NGINX build. (#11632)
* bump testing runner (#11627)
* remove modsecurity coreruleset test files from nginx image (#11620)
* unskip the ocsp tests and update images to fix cfssl bug (#11616)
* Fix indent in YAML for example pod (#11610)
* Images: Bump `test-runner`. (#11605)
* Images: Bump `NGINX_BASE` to v0.0.9. (#11602)
* revert module upgrade (#11597)
* Release: Apply changes from `main`. (#11589)
* Mage: Stop mutating release notes. (#11581)
* Images: Bump `kube-webhook-certgen`. (#11584)
* update test runner to latest build (#11558)
* add k8s 1.30 to ci build (#11554)
* update test runner go base to 3.20 (#11552)
* tag new test runner image with new nginx base 0.0.8 (#11551)
* bump NGINX_BASE to v0.0.8 (#11544)
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
* trigger build for NGINX-1.25 v0.0.8 (#11539)
* bump alpine version to 3.20 to custom-error-pages (#11538)
* fix: Ensure changes in MatchCN annotation are detected (#11529)
### Dependency updates:
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11621)
* Bump the all group with 5 updates (#11614)
* Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11580)
* Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11576)
* Bump the all group with 4 updates (#11575)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.11.1

54
changelog/controller-1.11.2.md
View file

@ -1,54 +0,0 @@
# Changelog
### controller-v1.11.2
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.2@sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8
### All changes:
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11812)
* Images: Trigger controller build. (#11807)
* Tests & Docs: Bump images. (#11805)
* Images: Trigger failed builds. (#11802)
* Images: Trigger other builds. (#11798)
* Controller: Fix panic in alternative backend merging. (#11794)
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11792)
* Images: Trigger `test-runner` build. (#11787)
* Images: Bump `NGINX_BASE` to v0.0.12. (#11784)
* Images: Trigger NGINX build. (#11781)
* Cloud Build: Add missing config, remove unused ones. (#11777)
* Generate correct output on NumCPU() when using cgroups2 (#11778)
* Cloud Build: Tweak timeouts. (#11763)
* Cloud Build: Fix substitutions. (#11760)
* Cloud Build: Some chores. (#11757)
* Go: Bump to v1.22.6. (#11749)
* Images: Bump `NGINX_BASE` to v0.0.11. (#11743)
* Images: Trigger NGINX build. (#11737)
* docs: update OpenSSL Roadmap link (#11733)
* Go: Bump to v1.22.5. (#11732)
* Docs: Fix typo in AWS LB Controller reference (#11725)
* Perform some cleaning operations on line breaks. (#11721)
* Missing anchors in regular expression. (#11719)
* Docs: Fix `from-to-www` redirect description. (#11716)
* Chart: Remove `isControllerTagValid`. (#11713)
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11705)
* Docs: Clarify `from-to-www` redirect direction. (#11693)
* added real-client-ip faq (#11664)
* Docs: Format NGINX configuration table. (#11662)
* Docs: Update version in `deploy/index.md`. (#11652)
### Dependency updates:
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11773)
* Bump the all group with 2 updates (#11771)
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11769)
* Bump the all group with 3 updates (#11728)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11701)
* Bump the all group with 2 updates (#11698)
* Bump the all group with 4 updates (#11677)
* Bump the all group with 2 updates (#11675)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.1...controller-v1.11.2

91
changelog/controller-1.11.3.md
View file

@ -1,91 +0,0 @@
# Changelog
### controller-v1.11.3
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.3@sha256:22701f0fc0f2dd209ef782f4e281bfe2d8cccd50ededa00aec88e0cdbe7edd14
### All changes:
* Images: Trigger controller build. (#12134)
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12145)
* Images: Trigger `e2e-test-echo` build. (#12141)
* Images: Drop `s390x`. (#12138)
* Images: Build `s390x` controller. (#12127)
* Chart: Bump Kube Webhook CertGen. (#12123)
* Tests & Docs: Bump images. (#12121)
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12117)
* Images: Trigger other builds. (#12112)
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12105)
* Images: Trigger `test-runner` build. (#12102)
* Docs: Add a multi-tenant warning. (#12099)
* Go: Bump to v1.22.8. (#12094)
* Images: Bump `NGINX_BASE` to v0.1.0. (#12080)
* Images: Trigger NGINX build. (#12076)
* Images: Remove NGINX v1.21. (#12058)
* GitHub: Improve Dependabot. (#12038)
* Chart: Improve CI. (#12030)
* Chart: Extend image tests. (#12027)
* Docs: Add health check annotations for AWS. (#12020)
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12006)
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12002)
* Chart: Align default backend `PodDisruptionBudget`. (#11999)
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11986)
* Chart: Improve default backend service account. (#11974)
* Go: Bump to v1.22.7. (#11970)
* Images: Bump OpenTelemetry C++ Contrib. (#11951)
* Docs: Add note about `--watch-namespace`. (#11949)
* Images: Use latest Alpine 3.20 everywhere. (#11946)
* Fix minor typos (#11941)
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11934)
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11921)
* Images: Trigger `test-runner` build. (#11917)
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11889)
* Annotations: Allow commas in URLs. (#11887)
* CI: Grant checks write permissions to E2E Test Report. (#11885)
* Chart: Use generic values for `ConfigMap` test. (#11879)
* Update maxmind post link about geolite2 license changes (#11881)
* Go: Sync `go.work.sum`. (#11875)
* Replace deprecated queue method (#11859)
* Auto-generate annotation docs (#11831)
### Dependency updates:
* Bump the actions group with 3 updates (#12149)
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12109)
* Bump the actions group with 3 updates (#12097)
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12089)
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12087)
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12085)
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12083)
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12055)
* Bump the go group across 1 directory with 3 updates (#12053)
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12049)
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12047)
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12046)
* Bump the all group with 2 updates (#12036)
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12016)
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12014)
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12012)
* Bump the all group with 2 updates (#11981)
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11980)
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11961)
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11958)
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11957)
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11930)
* Bump the all group with 2 updates (#11925)
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11913)
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11910)
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11909)
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11908)
* Bump the all group with 2 updates (#11871)
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11868)
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11840)
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11839)
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11837)
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11836)
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11834)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.2...controller-v1.11.3

94
changelog/controller-1.11.4.md
View file

@ -1,94 +0,0 @@
# Changelog
### controller-v1.11.4
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.4@sha256:981a97d78bee3109c0b149946c07989f8f1478a9265031d2d23dea839ba05b52
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.4@sha256:f29d0f9e7a9ef4947eda59ed0c09ec13380b13639d1518cf1ab8ec09c3e22ef8
### All changes:
* Images: Trigger controller build. (#12610)
* Chart: Bump Kube Webhook CertGen. (#12607)
* Tests & Docs: Bump images. (#12604)
* Images: Trigger other builds (2/2). (#12600)
* Images: Trigger other builds (1/2). (#12596)
* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12591)
* Images: Trigger `test-runner` build. (#12588)
* Images: Bump `NGINX_BASE` to v0.2.0. (#12583)
* Images: Trigger NGINX build. (#12577)
* Go: Clean `go.work.sum`. (#12574)
* Repository: Update owners. (#12569)
* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12562)
* CI: Update KIND images. (#12558)
* Images: Bump Alpine to v3.21. (#12529)
* Docs: Add guide on how to set a Maintenance Page. (#12526)
* rikatz is stepping down (#12517)
* rikatz is stepping down (#12495)
* Go: Bump to v1.23.4. (#12484)
* Plugin: Bump `goreleaser` to v2. (#12441)
* GitHub: Fix `exec` in issue template. (#12388)
* CI: Update KIND images. (#12365)
* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12343)
* Go: Bump to v1.23.3. (#12338)
* Auth TLS: Add `_` to redirect RegEx. (#12327)
* Auth TLS: Improve redirect RegEx. (#12322)
* Update custom headers annotation documentation (#12319)
* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12313)
* Images: Trigger `test-runner` build. (#12306)
* Config: Fix panic on invalid `lua-shared-dict`. (#12284)
* Docs: fix limit-rate-after references (#12279)
* Chart: Rework ServiceMonitor. (#12270)
* Chart: Add ServiceAccount tests. (#12264)
* CI: Fix chart testing. (#12259)
* [fix] fix nginx temp configs cleanup (#12223)
* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12203)
* Docs: Add Pod Security Admission. (#12197)
* Docs: Clarify external & service port in TCP/UDP services explanation. (#12193)
* Docs: Goodbye, v1.10. (#12159)
### Dependency updates:
* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12567)
* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12556)
* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12551)
* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12548)
* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12545)
* Bump the actions group with 2 updates (#12542)
* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12539)
* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12513)
* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12510)
* Bump the actions group with 3 updates (#12507)
* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12503)
* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12500)
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12477)
* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12475)
* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12465)
* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12462)
* Bump the go group across 1 directory with 2 updates (#12458)
* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12427)
* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12417)
* Bump the go group across 3 directories with 10 updates (#12415)
* Bump the actions group with 3 updates (#12411)
* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12381)
* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12374)
* Bump golangci-lint on actions and disable deprecated linters (#12362)
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12355)
* Bump the actions group with 3 updates (#12352)
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12350)
* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12298)
* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12295)
* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12289)
* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12274)
* Bump the go group across 3 directories with 11 updates (#12245)
* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12239)
* Bump the actions group with 5 updates (#12240)
* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12220)
* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12216)
* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12190)
* Bump the go group across 2 directories with 1 update (#12187)
* Bump the actions group with 2 updates (#12181)
* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12179)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.3...controller-v1.11.4

216
changelog/controller-1.12.0-beta.0.md
View file

@ -1,216 +0,0 @@
# Changelog
### controller-v1.12.0-beta.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.12.0-beta.0@sha256:9724476b928967173d501040631b23ba07f47073999e80e34b120e8db5f234d5
* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.0-beta.0@sha256:6e2f8f52e1f2571ff65bc4fc4826d5282d5def5835ec4ab433dcb8e659b2fbac
### All changes:
* Images: Trigger controller build. (#12154)
* ⚠️ Metrics: Disable by default. (#12153) ⚠️
This changes the default of the following CLI arguments:
* `--enable-metrics` gets disabled by default.
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12147)
* Images: Trigger `e2e-test-echo` build. (#12140)
* ⚠️ Images: Drop `s390x`. (#12137) ⚠️
Support for the `s390x` architecture has already been removed from the controller image. This also removes it from the NGINX base image and CI relevant images.
* Images: Build `s390x` controller. (#12126)
* Chart: Bump Kube Webhook CertGen. (#12119)
* Tests & Docs: Bump images. (#12118)
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12113)
* Images: Trigger other builds. (#12110)
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12103)
* Images: Trigger `test-runner` build. (#12100)
* Docs: Add a multi-tenant warning. (#12091)
* Go: Bump to v1.22.8. (#12069)
* Images: Bump `NGINX_BASE` to v1.0.0. (#12066)
* Images: Trigger NGINX build. (#12063)
* Images: Remove NGINX v1.21. (#12031)
* Chart: Add `controller.metrics.service.enabled`. (#12056)
* GitHub: Improve Dependabot. (#12033)
* Chart: Add `global.image.registry`. (#12028)
* ⚠️ Images: Remove OpenTelemetry. (#12024) ⚠️
OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
* Chart: Improve CI. (#12003)
* Chart: Extend image tests. (#12025)
* Chart: Add `controller.progressDeadlineSeconds`. (#12017)
* Docs: Add health check annotations for AWS. (#12018)
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12005)
* Chart: Implement `unhealthyPodEvictionPolicy`. (#11992)
* Chart: Add `defaultBackend.maxUnavailable`. (#11995)
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12000)
* Chart: Align default backend `PodDisruptionBudget`. (#11993)
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#10274)
* ⚠️ Chart: Remove Pod Security Policy. (#11971) ⚠️
This removes Pod Security Policies and related resources from the chart.
* Chart: Improve default backend service account. (#11972)
* Go: Bump to v1.22.7. (#11943)
* NGINX: Remove inline Lua from template. (#11806)
* Images: Bump OpenTelemetry C++ Contrib. (#11629)
* Docs: Add note about `--watch-namespace`. (#11947)
* Images: Use latest Alpine 3.20 everywhere. (#11944)
* Fix minor typos (#11935)
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11931)
* Allow any protocol for cors origins (#11153)
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11919)
* Images: Trigger `test-runner` build. (#11916)
* Chart: Add `controller.metrics.prometheusRule.annotations`. (#11849)
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11883)
* Annotations: Allow commas in URLs. (#11882)
* CI: Grant checks write permissions to E2E Test Report. (#11862)
* Chart: Use generic values for `ConfigMap` test. (#11877)
* Security: Follow-up on recent changes. (#11874)
* Lua: Remove plugins from `.luacheckrc` & E2E docs. (#11872)
* Dashboard: Remove `ingress_upstream_latency_seconds`. (#11878)
* Metrics: Add `--metrics-per-undefined-host` argument. (#11818)
* Update maxmind post link about geolite2 license changes (#11861)
* ⚠️ Remove global-rate-limit feature (#11851) ⚠️
This removes the following configuration options:
* `global-rate-limit-memcached-host`
* `global-rate-limit-memcached-port`
* `global-rate-limit-memcached-connect-timeout`
* `global-rate-limit-memcached-max-idle-timeout`
* `global-rate-limit-memcached-pool-size`
* `global-rate-limit-status-code`
It also removes the following annotations:
* `global-rate-limit`
* `global-rate-limit-window`
* `global-rate-limit-key`
* `global-rate-limit-ignored-cidrs`
* Revert "docs: Add deployment for AWS NLB Proxy." (#11857)
* Add custom code handling for temporal redirect (#10651)
* Add native histogram support for histogram metrics (#9971)
* Replace deprecated queue method (#11853)
* ⚠️ Enable security features by default (#11819) ⚠️
This changes the default of the following CLI arguments:
* `--enable-annotation-validation` gets enabled by default.
It also changes the default of the following configuration options:
* `allow-cross-namespace-resources` gets disabled by default.
* `annotations-risk-level` gets lowered to "High" by default.
* `strict-validate-path-type` gets enabled by default.
* docs: Add deployment for AWS NLB Proxy. (#9565)
* ⚠️ Remove 3rd party lua plugin support (#11821) ⚠️
This removes the following configuration options:
* `plugins`
It also removes support for user provided Lua plugins in the `/etc/nginx/lua/plugins` directory.
* Auto-generate annotation docs (#11820)
* ⚠️ Metrics: Remove `ingress_upstream_latency_seconds`. (#11795) ⚠️
This metric has already been deprecated and is now getting removed.
* Release controller v1.11.2/v1.10.4 & chart v4.11.2/v4.10.4. (#11816)
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11809)
* Tests & Docs: Bump images. (#11803)
* Images: Trigger failed builds. (#11800)
* Images: Trigger other builds. (#11796)
* Controller: Fix panic in alternative backend merging. (#11789)
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11788)
* Images: Trigger `test-runner` build. (#11785)
* Images: Bump `NGINX_BASE` to v0.0.12. (#11782)
* Images: Trigger NGINX build. (#11779)
* Cloud Build: Add missing config, remove unused ones. (#11774)
* Cloud Build: Tweak timeouts. (#11761)
* Cloud Build: Fix substitutions. (#11758)
* Cloud Build: Some chores. (#11633)
* Go: Bump to v1.22.6. (#11747)
* Images: Bump `NGINX_BASE` to v0.0.11. (#11741)
* Images: Trigger NGINX build. (#11735)
* docs: update OpenSSL Roadmap link (#11730)
* Go: Bump to v1.22.5. (#11634)
* Docs: Fix typo in AWS LB Controller reference (#11723)
* Perform some cleaning operations on line breaks. (#11720)
* Missing anchors in regular expression. (#11717)
* Docs: Fix `from-to-www` redirect description. (#11712)
* Chart: Remove `isControllerTagValid`. (#11710)
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11702)
* Chart: Explicitly set `runAsGroup`. (#11679)
* Docs: Clarify `from-to-www` redirect direction. (#11682)
* added real-client-ip faq (#11663)
* Docs: Format NGINX configuration table. (#11659)
* Release controller v1.11.1/v1.10.3 & chart v4.11.1/v4.10.3. (#11654)
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11645)
* Images: Trigger `test-runner` build. (#11636)
* Images: Bump `NGINX_BASE` to v0.0.10. (#11635)
* remove modsecurity coreruleset test files from nginx image (#11617)
* unskip the ocsp tests and update images to fix cfssl bug (#11606)
* Fix indent in YAML for example pod (#11598)
* Images: Bump `test-runner`. (#11600)
* Images: Bump `NGINX_BASE` to v0.0.9. (#11599)
* revert module upgrade (#11594)
* README: Fix support matrix. (#11586)
* Repository: Add changelogs from `release-v1.10`. (#11587)
### Dependency updates:
* Bump the actions group with 3 updates (#12152)
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12107)
* Bump the actions group with 3 updates (#12092)
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12062)
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12060)
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12059)
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12061)
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12051)
* Bump the go group across 1 directory with 3 updates (#12050)
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12043)
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12041)
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12040)
* Bump the all group with 2 updates (#12032)
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12010)
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12009)
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12008)
* Bump the all group with 2 updates (#11977)
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11976)
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11954)
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11955)
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11953)
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11928)
* Bump the all group with 2 updates (#11922)
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11901)
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11902)
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11903)
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11904)
* Bump the all group with 2 updates (#11865)
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11867)
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11832)
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11823)
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11822)
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11825)
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11826)
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11766)
* Bump the all group with 2 updates (#11767)
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11765)
* Bump the all group with 3 updates (#11727)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11696)
* Bump the all group with 2 updates (#11695)
* Bump the all group with 4 updates (#11673)
* Bump the all group with 2 updates (#11672)
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11522)
* Bump the all group with 5 updates (#11611)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.12.0-beta.0

294
changelog/controller-1.12.0.md
View file

@ -1,294 +0,0 @@
# Changelog
### controller-v1.12.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa
* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.0@sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3
### All changes:
* Images: Trigger controller build. (#12609)
* Chart: Bump Kube Webhook CertGen. (#12606)
* Tests & Docs: Bump images. (#12603)
* Images: Trigger other builds (2/2). (#12599)
* Images: Trigger other builds (1/2). (#12595)
* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12590)
* Images: Trigger `test-runner` build. (#12587)
* Images: Bump `NGINX_BASE` to v1.1.0. (#12582)
* Images: Trigger NGINX build. (#12579)
* Go: Clean `go.work.sum`. (#12573)
* Repository: Update owners. (#12568)
* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12561)
* CI: Update KIND images. (#12560)
* Images: Bump Alpine to v3.21. (#12528)
* Docs: Add guide on how to set a Maintenance Page. (#12525)
* rikatz is stepping down (#12516)
* rikatz is stepping down (#12494)
* Go: Bump to v1.23.4. (#12483)
* Plugin: Bump `goreleaser` to v2. (#12440)
* GitHub: Fix `exec` in issue template. (#12387)
* CI: Update KIND images. (#12367)
* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12342)
* Go: Bump to v1.23.3. (#12337)
* Auth TLS: Add `_` to redirect RegEx. (#12326)
* Auth TLS: Improve redirect RegEx. (#12323)
* Update custom headers annotation documentation (#12318)
* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12312)
* Docs: Add CPU usage note for `--metrics-per-undefined-host`. (#12310)
* Images: Trigger `test-runner` build. (#12308)
* Config: Fix panic on invalid `lua-shared-dict`. (#12283)
* Docs: fix limit-rate-after references (#12278)
* Chart: Rework ServiceMonitor. (#12269)
* Chart: Add ServiceAccount tests. (#12263)
* CI: Fix chart testing. (#12258)
* [fix] fix nginx temp configs cleanup (#12225)
* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12202)
* Docs: Add Pod Security Admission. (#12195)
* Docs: Clarify external & service port in TCP/UDP services explanation. (#12192)
* Images: Trigger controller build. (#12154)
* ⚠️ Metrics: Disable by default. (#12153) ⚠️
This changes the default of the following CLI arguments:
* `--enable-metrics` gets disabled by default.
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12147)
* Images: Trigger `e2e-test-echo` build. (#12140)
* ⚠️ Images: Drop `s390x`. (#12137) ⚠️
Support for the `s390x` architecture has already been removed from the controller image. This also removes it from the NGINX base image and CI relevant images.
* Images: Build `s390x` controller. (#12126)
* Chart: Bump Kube Webhook CertGen. (#12119)
* Tests & Docs: Bump images. (#12118)
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12113)
* Images: Trigger other builds. (#12110)
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12103)
* Images: Trigger `test-runner` build. (#12100)
* Docs: Add a multi-tenant warning. (#12091)
* Go: Bump to v1.22.8. (#12069)
* Images: Bump `NGINX_BASE` to v1.0.0. (#12066)
* Images: Trigger NGINX build. (#12063)
* Images: Remove NGINX v1.21. (#12031)
* Chart: Add `controller.metrics.service.enabled`. (#12056)
* GitHub: Improve Dependabot. (#12033)
* Chart: Add `global.image.registry`. (#12028)
* ⚠️ Images: Remove OpenTelemetry. (#12024) ⚠️
OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
* Chart: Improve CI. (#12003)
* Chart: Extend image tests. (#12025)
* Chart: Add `controller.progressDeadlineSeconds`. (#12017)
* Docs: Add health check annotations for AWS. (#12018)
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12005)
* Chart: Implement `unhealthyPodEvictionPolicy`. (#11992)
* Chart: Add `defaultBackend.maxUnavailable`. (#11995)
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12000)
* Chart: Align default backend `PodDisruptionBudget`. (#11993)
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#10274)
* ⚠️ Chart: Remove Pod Security Policy. (#11971) ⚠️
This removes Pod Security Policies and related resources from the chart.
* Chart: Improve default backend service account. (#11972)
* Go: Bump to v1.22.7. (#11943)
* NGINX: Remove inline Lua from template. (#11806)
* Images: Bump OpenTelemetry C++ Contrib. (#11629)
* Docs: Add note about `--watch-namespace`. (#11947)
* Images: Use latest Alpine 3.20 everywhere. (#11944)
* Fix minor typos (#11935)
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11931)
* Allow any protocol for cors origins (#11153)
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11919)
* Images: Trigger `test-runner` build. (#11916)
* Chart: Add `controller.metrics.prometheusRule.annotations`. (#11849)
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11883)
* Annotations: Allow commas in URLs. (#11882)
* CI: Grant checks write permissions to E2E Test Report. (#11862)
* Chart: Use generic values for `ConfigMap` test. (#11877)
* Security: Follow-up on recent changes. (#11874)
* Lua: Remove plugins from `.luacheckrc` & E2E docs. (#11872)
* Dashboard: Remove `ingress_upstream_latency_seconds`. (#11878)
* Metrics: Add `--metrics-per-undefined-host` argument. (#11818)
* Update maxmind post link about geolite2 license changes (#11861)
* ⚠️ Remove global-rate-limit feature (#11851) ⚠️
This removes the following configuration options:
* `global-rate-limit-memcached-host`
* `global-rate-limit-memcached-port`
* `global-rate-limit-memcached-connect-timeout`
* `global-rate-limit-memcached-max-idle-timeout`
* `global-rate-limit-memcached-pool-size`
* `global-rate-limit-status-code`
It also removes the following annotations:
* `global-rate-limit`
* `global-rate-limit-window`
* `global-rate-limit-key`
* `global-rate-limit-ignored-cidrs`
* Revert "docs: Add deployment for AWS NLB Proxy." (#11857)
* Add custom code handling for temporal redirect (#10651)
* Add native histogram support for histogram metrics (#9971)
* Replace deprecated queue method (#11853)
* ⚠️ Enable security features by default (#11819) ⚠️
This changes the default of the following CLI arguments:
* `--enable-annotation-validation` gets enabled by default.
It also changes the default of the following configuration options:
* `allow-cross-namespace-resources` gets disabled by default.
* `annotations-risk-level` gets lowered to "High" by default.
* `strict-validate-path-type` gets enabled by default.
* docs: Add deployment for AWS NLB Proxy. (#9565)
* ⚠️ Remove 3rd party lua plugin support (#11821) ⚠️
This removes the following configuration options:
* `plugins`
It also removes support for user provided Lua plugins in the `/etc/nginx/lua/plugins` directory.
* Auto-generate annotation docs (#11820)
* ⚠️ Metrics: Remove `ingress_upstream_latency_seconds`. (#11795) ⚠️
This metric has already been deprecated and is now getting removed.
* Release controller v1.11.2/v1.10.4 & chart v4.11.2/v4.10.4. (#11816)
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11809)
* Tests & Docs: Bump images. (#11803)
* Images: Trigger failed builds. (#11800)
* Images: Trigger other builds. (#11796)
* Controller: Fix panic in alternative backend merging. (#11789)
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11788)
* Images: Trigger `test-runner` build. (#11785)
* Images: Bump `NGINX_BASE` to v0.0.12. (#11782)
* Images: Trigger NGINX build. (#11779)
* Cloud Build: Add missing config, remove unused ones. (#11774)
* Cloud Build: Tweak timeouts. (#11761)
* Cloud Build: Fix substitutions. (#11758)
* Cloud Build: Some chores. (#11633)
* Go: Bump to v1.22.6. (#11747)
* Images: Bump `NGINX_BASE` to v0.0.11. (#11741)
* Images: Trigger NGINX build. (#11735)
* docs: update OpenSSL Roadmap link (#11730)
* Go: Bump to v1.22.5. (#11634)
* Docs: Fix typo in AWS LB Controller reference (#11723)
* Perform some cleaning operations on line breaks. (#11720)
* Missing anchors in regular expression. (#11717)
* Docs: Fix `from-to-www` redirect description. (#11712)
* Chart: Remove `isControllerTagValid`. (#11710)
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11702)
* Chart: Explicitly set `runAsGroup`. (#11679)
* Docs: Clarify `from-to-www` redirect direction. (#11682)
* added real-client-ip faq (#11663)
* Docs: Format NGINX configuration table. (#11659)
* Release controller v1.11.1/v1.10.3 & chart v4.11.1/v4.10.3. (#11654)
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11645)
* Images: Trigger `test-runner` build. (#11636)
* Images: Bump `NGINX_BASE` to v0.0.10. (#11635)
* remove modsecurity coreruleset test files from nginx image (#11617)
* unskip the ocsp tests and update images to fix cfssl bug (#11606)
* Fix indent in YAML for example pod (#11598)
* Images: Bump `test-runner`. (#11600)
* Images: Bump `NGINX_BASE` to v0.0.9. (#11599)
* revert module upgrade (#11594)
* README: Fix support matrix. (#11586)
* Repository: Add changelogs from `release-v1.10`. (#11587)
### Dependency updates:
* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12566)
* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12555)
* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12550)
* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12547)
* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12544)
* Bump the actions group with 2 updates (#12541)
* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12538)
* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12512)
* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12509)
* Bump the actions group with 3 updates (#12506)
* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12505)
* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12502)
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12476)
* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12472)
* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12464)
* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12461)
* Bump the go group across 1 directory with 2 updates (#12460)
* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12426)
* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12418)
* Bump the go group across 3 directories with 10 updates (#12413)
* Bump the actions group with 3 updates (#12412)
* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12380)
* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12373)
* Bump golangci-lint on actions and disable deprecated linters (#12361)
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12357)
* Bump the actions group with 3 updates (#12354)
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12349)
* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12299)
* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12296)
* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12288)
* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12273)
* Bump the go group across 3 directories with 11 updates (#12244)
* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12242)
* Bump the actions group with 5 updates (#12236)
* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12218)
* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12217)
* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12188)
* Bump the go group across 2 directories with 1 update (#12186)
* Bump the actions group with 2 updates (#12180)
* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12178)
* Bump the actions group with 3 updates (#12152)
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12107)
* Bump the actions group with 3 updates (#12092)
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12062)
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12060)
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12059)
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12061)
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12051)
* Bump the go group across 1 directory with 3 updates (#12050)
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12043)
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12041)
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12040)
* Bump the all group with 2 updates (#12032)
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12010)
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12009)
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12008)
* Bump the all group with 2 updates (#11977)
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11976)
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11954)
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11955)
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11953)
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11928)
* Bump the all group with 2 updates (#11922)
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11901)
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11902)
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11903)
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11904)
* Bump the all group with 2 updates (#11865)
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11867)
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11832)
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11823)
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11822)
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11825)
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11826)
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11766)
* Bump the all group with 2 updates (#11767)
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11765)
* Bump the all group with 3 updates (#11727)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11696)
* Bump the all group with 2 updates (#11695)
* Bump the all group with 4 updates (#11673)
* Bump the all group with 2 updates (#11672)
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11522)
* Bump the all group with 5 updates (#11611)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.12.0

138
changelog/controller-1.6.4.md
View file

@ -1,138 +0,0 @@
# Changelog
### 1.6.4
Images:
* registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
* registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81
### All changes:
* remove tests and regex path checks (#9626)
* Fix incorrect annotation name in upstream hashing configuration (#9617)
* Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614)
* Revert Implement pathType validation (#9511) (#9607)
* update history and allow to pass a target test (#9605)
* Allow to pass a target test (#9542)
* Replace deprecated command with environment file (#9581)
* build 1.6.2 to fix (#9569)
* add lint on chart before release (#9570)
* tcpproxy: increase buffer size to 16K (#9548)
* Move and spell-check Kubernetes 1.22 migration FAQ (#9544)
* Add CORS template check inside location for externalAuth.SignURL (#8814)
* fix(grafana-dashboard): remove hardcoded namespace references (#9523)
* Replace deprecated command with environment file (#9581)
* add lint on chart before release (#9570)
* Switch logic on path type validation and setting it to false (#9543)
* tcpproxy: increase buffer size to 16K (#9548)
* Move and spell-check Kubernetes 1.22 migration FAQ (#9544)
* Add CORS template check inside location for externalAuth.SignURL (#8814)
* fix(grafana-dashboard): remove hardcoded namespace references (#9523)
* Align default value for keepalive_request with NGINX default (#9518)
* feat(configmap): expose gzip-disable (#9505)
* Values: Add missing `controller.metrics.service.labels`. (#9501)
* Add docs about orphan_ingress metric (#9514)
* Add new prometheus metric for orphaned ingress (#8230)
* Sanitise request metrics in monitoring docs (#9384)
* Change default value of enable-brotli (#9500)
* feat: support topology aware hints (#9165)
* Remove 1.5.2 from readme (#9498)
* Remove nonexistent load flag from docker build commands (#9122)
* added option to disable sync event creation (#8528)
* Add buildResolvers to the stream module (#9184)
* fix: disable auth access logs (#9049)
* Adding ipdenylist annotation (#8795)
* Add update updateStrategy and minReadySeconds for defaultBackend (#8506)
* Fix indentation on serviceAccount annotation (#9129)
* Update monitoring.md (#9269)
* add github actions stale bot (#9439)
* Admission Webhooks/Job: Add `NetworkPolicy`. (#9218)
* update OpenTelemetry image (#9491)
* bump OpenTelemetry (#9489)
* Optional podman support (#9294)
* fix change images (#9463)
* move tests to gh actions (#9461)
* Automated Release Controller 1.5.2 (#9455)
* Add sslpassthrough tests (#9457)
* updated the link in RELEASE.md file (#9456)
* restart 1.5.2 release process (#9450)
* Update command line arguments documentation (#9224)
* start release 1.5.2 (#9445)
* upgrade nginx base image (#9436)
* test the new e2e test images (#9444)
* avoid builds and tests for non-code changes (#9392)
* CI updates (#9440)
* HPA: Add `controller.autoscaling.annotations` to `values.yaml`. (#9253)
* update the nginx run container for alpine:3.17.0 (#9430)
* cleanup: remove ioutil for new go version (#9427)
* start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417)
* ci: remove setup-helm step (#9404)
* ci: remove setup-kind step (#9401)
* Add reporter for all tests (#9395)
* added action for issues to project (#9386)
* doc: update NEW_CONTRIBUTOR.md (#9381)
* feat(helm): Optionally use cert-manager instead admission patch (#9279)
* integrated junit-reports with ghactions (#9361)
* [user-guide configmap] fix doc for global-auth-snippet (#9372)
* update OpenTelemetry image (#9308)
* fix: missing CORS headers when auth fails (#9251)
* Fix styling in canary annotation docs. (#9259)
* resolved ginkgo deprecation message (#9365)
* Enable profiler-address to be configured (#9311)
* ModSecurity dependencies update to avoid Memory Leaks (#9330)
* fix(hpa): deprecated api version, bump to v2 (#9348)
* fix(typo): pluralize provider (#9346)
* removed deprecation message for ingressClass annotation (#9357)
* added ginkgo junit reports (#9350)
* Fix typos found by codespell (#9353)
* bumped ginkgo to v2.5.1 in testrunner (#9340)
* create nsswitch-conf if missing (#9339)
* remove the configmap related permissions (#9310)
* remove hardcoded datasource from grafana dashboard (#9284)
* update gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b to 3.0.0 (#9277)
* added SAN to cert create command (#9295)
* Missing controller.ingressClass (#9304)
* OpenTelemetry static linking (#9286)
* Fixed indentation in commented-out autoscaling (#9225)
* run helm release on main only and when the chart/value changes only (#9290)
* fix broken annotation yaml (#9243)
* PDB: Add `maxUnavailable`. (#9278)
* add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242)
### Dependency updates:
* Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555)
* Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553)
* Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552)
* Bump google.golang.org/grpc from 1.51.0 to 1.52.0 (#9512)
* Bump `client-go` to remove dependence on go-autorest dependency (#9488)
* Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555)
* Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553)
* Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552)
* Bump google.golang.org/grpc from 1.51.0 to 1.52.0 (#9512)
* Bump `client-go` to remove dependence on go-autorest dependency (#9488)
* Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (#9494)
* Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397)
* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432)
* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421)
* Bump github/codeql-action from 2.1.36 to 2.1.37 (#9423)
* Bump actions/checkout from 3.1.0 to 3.2.0 (#9425)
* Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#9426)
* Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#9424)
* Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#9422)
* Bump github.com/prometheus/common from 0.37.0 to 0.39.0 (#9416)
* Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9408)
* Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9398)
* Bump github/codeql-action from 2.1.35 to 2.1.36 (#9400)
* Bump actions/setup-go from 3.3.1 to 3.4.0 (#9370)
* Bump github/codeql-action from 2.1.31 to 2.1.35 (#9369)
* Bump google.golang.org/grpc from 1.50.1 to 1.51.0 (#9316)
* Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 (#9298)
* Bump actions/dependency-review-action from 3.0.0 to 3.0.1 (#9319)
* Bump golang.org/x/crypto from 0.1.0 to 0.3.0 (#9318)
* Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.1 (#9317)
* Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301)
* Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.6.4

80
changelog/controller-1.7.0.md
View file

@ -1,80 +0,0 @@
# Changelog
### 1.7.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc
### All changes:
* kick off 1.7.0 build (#9775)
* Update exposing-tcp-udp-services.md (#9777)
* feat: OpenTelemetry module integration (#9062)
* drop k8s 1.23 support (#9772)
* Fix canary-weight-total annotation ignored in rule backends (#9729)
* fix: controller psp's volume config (#9740)
* Fix several Helm YAML issues with extraModules and extraInitContainers (#9709)
* docs(helm): fix value key in readme for enabling certManager (#9640)
* updated digest and sha for e2e-test-echo (#9760)
* updated digest and sha for e2e-test-fastcgi-helloserver (#9759)
* updated digest and sha for opentelemetry (#9758)
* updated digest and sha for e2e-test-cfssl (#9757)
* updated kube-webhook-certgen digest and tags (#9756)
* updated nginx-error digest and tags (#9755)
* added upgrade ginkgo documentation for contributors (#9753)
* changes Makefile of echo folder to trigger code-build (#9754)
* Chart: Drop `controller.headers`, rework DH param secret. (#9659)
* updated NGINX_BASE image with latest tag (#9747)
* Deployment/DaemonSet: Label pods using `ingress-nginx.labels`. (#9732)
* bumped ginkgo to v2.9.0 (#9722)
* HPA: autoscaling/v2beta1 deprecated, bump apiVersion to v2 for defaultBackend (#9731)
* update to golang 1.20 (#9690)
* Indent values.yaml using 2 instead of 4 spaces (#9656)
* fix some comments (#9688)
* migrate mitchellh/hashstructure to v2 (#9651)
* changed v1.6.3 to v1.6.4 on deploy docs (#9647)
* controller: Don't panic when ready condition in a endpointslice is missing (#9550)
* Rework Ginkgo usage (#9522)
* code clean for fsnotify (#9571)
* Optimize the document for readability (#9551)
* sets.String is deprecated: use generic Set instead. new ways: s1 := Set[string]{} s2 := New[string]() (#9589)
* Adjust the import package order and use http library variables (#9587)
* Optimize the judgment mode to remove redundant transformations (#9588)
* Fix rewrite example (#9633)
* remove tests and regex path checks (#9626)
* Fix incorrect annotation name in upstream hashing configuration (#9617)
* Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614)
### Dependency updates:
* Bump aquasecurity/trivy-action from 0.8.0 to 0.9.2 (#9767)
* Bump k8s.io/component-base from 0.26.2 to 0.26.3 (#9764)
* Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#9766)
* Bump actions/add-to-project from 0.4.0 to 0.4.1 (#9765)
* Bump actions/dependency-review-action from 3.0.2 to 3.0.3 (#9727)
* Bump github.com/prometheus/common from 0.41.0 to 0.42.0 (#9724)
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#9723)
* Bump actions/download-artifact from 3.0.1 to 3.0.2 (#9721)
* Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#9718)
* Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#9717)
* Bump docker/setup-buildx-action from 2.2.1 to 2.5.0 (#9719)
* Bump helm/chart-releaser-action from 1.4.1 to 1.5.0 (#9720)
* Bump github.com/onsi/ginkgo/v2 from 2.6.1 to 2.9.0 (#9695)
* Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 (#9694)
* Bump golang.org/x/crypto in /magefiles (#9691)
* Bump k8s.io/component-base from 0.26.1 to 0.26.2 (#9696)
* Bump github.com/prometheus/common from 0.40.0 to 0.41.0 (#9698)
* Bump sigs.k8s.io/controller-runtime from 0.14.2 to 0.14.5 (#9697)
* Bump golang.org/x/net in /magefiles (#9692)
* Bump golang.org/x/sys in /images/custom-error-pages/rootfs (#9671)
* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#9675)
* Bump github.com/prometheus/common from 0.39.0 to 0.40.0 (#9653)
* Bump golang.org/x/net from 0.6.0 to 0.7.0 (#9646)
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#9645)
* Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#9610)
* Bump github.com/prometheus/client_golang (#9630)
* Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#9609)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.6.3...controller-controller-v1.7.0

54
changelog/controller-1.7.1.md
View file

@ -1,54 +0,0 @@
# Changelog
### 1.7.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988
### All changes:
* Update TAG - 1.7.1 (#9922)
* Update dependabot to watch docker images (#9600)
* [helm] Support custom port configuration for internal service (#9846)
* Add support for --container flag (#9703)
* Fix typo in OpenTelemetry (#9903)
* ensure make lua-test runs locally (#9902)
* update k8s.io dependencies to v0.26.4 (#9893)
* Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803)
* I have not been able to fulfill my maintainer responsibilities for a while already, making it official now. (#9883)
* Update k8s versions (#9879)
* README: Update `external-dns` link. (#9866)
* Fastcgi configmap should be on the same namespace of ingress (#9863)
* Deprecate and remove influxdb feature (#9861)
* Remove deprecated annotation secure-upstream (#9862)
* Exclude socket metrics (#9770)
* Chart: Improve `README.md`. (#9831)
* update all container tags with date and sha, upgrade all containers (#9834)
* updated NGINX_BASE image in project (#9829)
* ISO 8601 date format (#9682)
* Values: Fix indention of commented values. (#9812)
* The Ingress-Nginx project recently released version 1.7.0 of the controller, but the deployment documentation still referenced version 1.6.4. This commit updates the documentation to reference the latest version, ensuring that users have access to the most up-to-date information. Fixes#9787 (#9788)
### Dependency updates:
* Bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 (#9912)
* Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#9868)
* Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#9888)
* Bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 (#9867)
* Bump actions/checkout from 3.5.0 to 3.5.2 (#9870)
* Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#9838)
* Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#9839)
* Bump actions/add-to-project from 0.4.1 to 0.5.0 (#9840)
* Bump actions/checkout from 3.4.0 to 3.5.0 (#9798)
* Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#9823)
* Bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#9806)
* Bump actions/stale from 7.0.0 to 8.0.0 (#9799)
* Bump rajatjindal/krew-release-bot from 0.0.43 to 0.0.46 (#9797)
* Bump actions/setup-go from 3.5.0 to 4.0.0 (#9796)
* Bump github.com/imdario/mergo from 0.3.13 to 0.3.15 (#9795)
* Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#9794)
* Bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#9822)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.0...controller-controller-v1.7.1

64
changelog/controller-1.8.0.md
View file

@ -1,64 +0,0 @@
# Changelog
### 1.8.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.8.0@sha256:744ae2afd433a395eeb13dc03d3313facba92e96ad71d9feaafc85925493fee3
* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.0@sha256:a45e41cd2b7670adf829759878f512d4208d0aec1869dae593a0fecd09a5e49e
### Important changes:
* Validate path types (#9967)
* images: upgrade to Alpine 3.18 (#9997)
* Update documentation to reflect project name; Ingress-Nginx Controller
For improving security, our 1.8.0 release includes a [new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) that limits the characters accepted on ".spec paths.path" when pathType=Exact or athType=Prefix, to alphanumeric characters only.
More information can be found on our [Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing), our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)
### Community Updates
We are now posting updates and release to our twitter handle, [@IngressNginx](https://twitter.com/IngressNGINX) and
on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
### All changes:
* Add legacy to OpenTelemetry migration doc (#10011)
* changed tagsha to recent builds (#10001)
* change to alpine318 baseimage (#10000)
* images: upgrade to Alpine 3.18 (#9997)
* openssl CVE fix (#9996)
* PodDisruptionBudget spec logic update (#9904)
* Admission warning (#9975)
* Add OPA examples on pathType restrictions (#9992)
* updated testrunner image tag+sha (#9987)
* bumped ginkgo to v2.9.5 (#9985)
* helm: Fix opentelemetry module installation for daemonset (#9792)
* OpenTelemetry default config (#9978)
* Correct annotations in monitoring docs (#9976)
* fix: avoid builds and tests for changes to markdown (#9962)
* Validate path types (#9967)
* HPA: Use capabilities & align manifests. (#9521)
* Use dl.k8s.io instead of hardcoded GCS URIs (#9946)
* add option for annotations in PodDisruptionBudget (#9843)
* chore: update httpbin to httpbun (#9919)
* image_update (#9942)
* Add geoname id value into $geoip2_*_geoname_id variables (#9527)
* Update annotations.md (#9933)
* Update charts/* to keep project name display aligned (#9931)
* Keep project name display aligned (#9920)
### Dependencies updates:
* Bump github.com/imdario/mergo from 0.3.15 to 0.3.16 (#10008)
* Bump github.com/prometheus/common from 0.43.0 to 0.44.0 (#10007)
* Bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 (#9913)
* Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.5 (#9980)
* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#9982)
* Bump actions/setup-go from 4.0.0 to 4.0.1 (#9984)
* Bump securego/gosec from 2.15.0 to 2.16.0 (#9983)
* Bump github.com/prometheus/common from 0.42.0 to 0.43.0 (#9981)
* Bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 (#9937)
* Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#9936)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0

69
changelog/controller-1.8.1.md
View file

@ -1,69 +0,0 @@
# Changelog
### 1.8.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.1@sha256:e0d4121e3c5e39de9122e55e331a32d5ebf8d4d257227cb93ab54a1b912a7627
### All changes:
* netlify: Only trigger preview when there are changes in docs. (#10144)
* changed to updated baseimage and reverted tag (#10143)
* Fix loadBalancerClass value (#10139)
* Added a doc line to the missing helm value service.internal.loadBalancerIP (#9406)
* Set grpc :authority header from request header (#8912)
* bump pinned golang to 1.20.5 (#10127)
* update test runner (#10125)
* chore: remove echo from snippet tests (#10110)
* Update typo in docs for lb scheme (#10117)
* golang 1.20.5 bump (#10120)
* feat(helm): Add loadBalancerClass (#9562)
* chore: remove echo friom canary tests (#10089)
* fix: obsolete warnings (#10029)
* docs: change Dockefile url ref main (#10087)
* Revert "Remove fastcgi feature" (#10081)
* docs: add netlify configuration (#10073)
* add distroless otel init (#10035)
* chore: move httpbun to be part of framework (#9955)
* Remove fastcgi feature (#9864)
* Fix mirror-target values without path separator and port (#9889)
* Adding feature to upgrade Oracle Cloud Infrastructure's Flexible Load Balancer and adjusting Health Check that were critical in the previous configuration (#9961)
* add support for keda fallback settings (#9993)
* unnecessary use of fmt.Sprint (S1039) (#10049)
* chore: pkg imported more than once (#10048)
* tracing: upgrade to dd-opentracing-cpp v1.3.7 (#10031)
* fix: add canary to sidebar in examples (#10068)
* docs: add lua testing documentation (#10060)
* docs: canary weighted deployments example (#10067)
* Update Internal Load Balancer docs (#10062)
* fix broken kubernetes.io/user-guide/ docs links (#10055)
* docs: Updated the content of deploy/rbac.md (#10054)
* ensured hpa mem spec before cpu spec (#10043)
* Fix typo in controller_test (#10034)
* chore(dep): upgrade github.com/emicklei/go-restful/v3 to 3.10 (#10028)
* Upgrade to Golang 1.20.4 (#10016)
* perf: avoid unnecessary byte/string conversion (#10012)
* added note on dns for localtesting (#10021)
* added helmshowvalues example (#10019)
* release controller 1.8.0 and chart 4.7.0 (#10017)
### Dependency updates:
* Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#10133)
* Bump google.golang.org/grpc from 1.56.0 to 1.56.1 (#10134)
* Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (#10106)
* Bump golang.org/x/crypto from 0.9.0 to 0.10.0 (#10105)
* Bump google.golang.org/grpc from 1.55.0 to 1.56.0 (#10103)
* Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (#10101)
* Bump docker/setup-buildx-action from 2.6.0 to 2.7.0 (#10102)
* Bump actions/checkout from 3.5.2 to 3.5.3 (#10076)
* Bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (#10075)
* Bump aquasecurity/trivy-action from 0.10.0 to 0.11.2 (#10078)
* Bump docker/setup-buildx-action from 2.5.0 to 2.6.0 (#10077)
* Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#10042)
* Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#10041)
* Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#10005)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.0...controller-controller-v1.8.1

19
changelog/controller-1.8.2.md
View file

@ -1,19 +0,0 @@
# Changelog
### 1.8.2
Images:
* registry.k8s.io/ingress-nginx/controller:v1.8.2@sha256:74834d3d25b336b62cabeb8bf7f1d788706e2cf1cfd64022de4137ade8881ff2
* registry.k8s.io/ingress-nginx/controller-chroot:v1.8.2@sha256:1317a563219f755a6094d990057c78e5c4dcea5e31f4ce1db8641e732a7d6133
### All changes:
* Release v1.8.2 and Update Go to v1.21.1 (#10379)
* Making auth access logs optional (#10380)
* [release-1.8] Disable Modsecurity from internal processing which affects large ingresses (#10375)
* promote distroless otel init image (#10270)
* [release-1.8] Update images tags after adding git data in gcloud (#10233)
* [release-1.8] Golang 1.20.6 for test runner (#10231)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.8.1...controller-controller-v1.8.2

95
changelog/controller-1.9.0-beta.0.md
View file

@ -1,95 +0,0 @@
# Changelog
### 1.9.0-beta.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.0-beta.0@sha256:531377e4cc9dc62af40d742402222603259673f5a755a64d74122f256dfad8f9
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0-beta.0@sha256:60b4c95349ce2a81a3b2a76423ee483b847b89d3fa8cb148468434f606f3fa0c
### All changes:
* Rework mage (#10418)
* Start release of v1.9.0 beta0 (#10407)
* Update k8s versions on CI (#10406)
* Add a flag to enable or disable aio_write (#10394)
* Update external-articles.md - advanced setup with GKE/Cloud Armor/IAP (#10372)
* Fix e2e test suite doc (#10396)
* Disable user snippets per default (#10393)
* Deployment/DaemonSet: Fix templating & value. (#10240)
* Fix deferInLoop error (#10387)
* Remove gofmt (#10385)
* Deployment/DaemonSet: Template `topologySpreadConstraints`. (#10259)
* release notes 1.8.2 (#10389)
* fix: remove curl on base container #9716 (#10306)
* Fix http default backend test (#10382)
* Add golangci github action and replace the deprecated golint (#10187)
* BUGFIX incorrect indentation (#10254)
* Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352)
* fix: path with special characters warning #10281 #10308 (#10330)
* Fix golangci-lint errors (#10196)
* chore(build): Fix Run make dev-env syntax error (#10294)
* Add firewall configuration to quick start documentation (#10357)
* Making auth access logs optional (#10335)
* Fix “dev-env” Makefile target to work with kubectl 1.28+ (#10350)
* fix: update action file to auto release plugin #10197 (#10321)
* Use gzip instead of pigz in CI (#10348)
* Disable Modsecurity from internal processing which affects large ingresses (#10316)
* fix: add /etc/mime.types #10309 (#10310)
* Remove curl dependencies in e2e tests #9716 (#10296)
* docs: swap explanation to match example (#10220)
* ci(helm): fix Helm Chart release action 422 error (#10237)
* helm: Use .Release.Namespace as default for ServiceMonitor namespace (#10249)
* Updated index.md - Fix typos (#10256)
* Handle request_id variable correctly in auth requests (#9219)
* test kind updates (#10272)
* promote distroless otel init image (#10257)
* [helm] configure allow to configure hostAliases (#10180)
* Add rolling update strategy to each static deployment file (#10129)
* Implement annotation validation (#9673)
* Golang 1.20.6 for test runner (#10230)
* [helm] pass service annotations through helm tpl engine (#10084)
* Ignore deployment template's replicas if KEDA is enabled (#9534)
* chore: bump OpenResty to v1.21.4.2 (#10219)
* Scanning port 10247 lead to tcp connection 502 error (#9815)
* revise Datadog trace sampling configuration (#10151)
* Clarify TCP/UDP service docs (#10146)
* Exposed continent data as variable in the case of Maxmind city files (#10157)
* Cleanup errcheck code (#10166)
* Fix golang-ci linter errors (#10128)
* Deprecate and remove AJP support (#10158)
* release notes 1.8.1 (#10161)
### Dependency updates:
* Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355)
* Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399)
* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403)
* Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#10402)
* Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#10404)
* Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#10400)
* Bump google.golang.org/grpc from 1.57.0 to 1.58.0 (#10398)
* Bump actions/dependency-review-action from 3.0.8 to 3.1.0 (#10401)
* Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 (#10373)
* Bump github.com/cyphar/filepath-securejoin in /magefiles (#10374)
* Bump Go version to 1.21.1 (#10377)
* Bump Go version to 1.21.1 on testrunner (#10378)
* Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 (#10365)
* Bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#10353)
* Bump actions/checkout from 3.5.3 to 3.6.0 (#10354)
* Bump actions/dependency-review-action from 3.0.6 to 3.0.8 (#10333)
* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10313)
* Bump securego/gosec from 2.16.0 to 2.17.0 (#10332)
* Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (#10314)
* Bump github.com/opencontainers/runc from 1.1.8 to 1.1.9 (#10298)
* Bump k8s.io/component-base from 0.26.4 to 0.27.4 (Replace Topology Aware Hints with Topology Aware Routing) (#10282)
* Bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#10258)
* Bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#10280)
* Bump github.com/opencontainers/runc from 1.1.7 to 1.1.8 (#10244)
* Bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#10193)
* Bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#10207)
* Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192)
* Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191)
* Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0-beta.0

95
changelog/controller-1.9.0.md
View file

@ -1,95 +0,0 @@
# Changelog
### 1.9.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.0@sha256:c15d1a617858d90fb8f8a2dd60b0676f2bb85c54e3ed11511794b86ec30c8c60
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.0@sha256:d9fa7a136de2104fb2ecfcf1666978bfab927f4a125b75c0fb471e6104366ab5
### All changes:
* Rework mage (#10418)
* Start release of v1.9.0 beta0 (#10407)
* Update k8s versions on CI (#10406)
* Add a flag to enable or disable aio_write (#10394)
* Update external-articles.md - advanced setup with GKE/Cloud Armor/IAP (#10372)
* Fix e2e test suite doc (#10396)
* Disable user snippets per default (#10393)
* Deployment/DaemonSet: Fix templating & value. (#10240)
* Fix deferInLoop error (#10387)
* Remove gofmt (#10385)
* Deployment/DaemonSet: Template `topologySpreadConstraints`. (#10259)
* release notes 1.8.2 (#10389)
* fix: remove curl on base container #9716 (#10306)
* Fix http default backend test (#10382)
* Add golangci github action and replace the deprecated golint (#10187)
* BUGFIX incorrect indentation (#10254)
* Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352)
* fix: path with special characters warning #10281 #10308 (#10330)
* Fix golangci-lint errors (#10196)
* chore(build): Fix Run make dev-env syntax error (#10294)
* Add firewall configuration to quick start documentation (#10357)
* Making auth access logs optional (#10335)
* Fix “dev-env” Makefile target to work with kubectl 1.28+ (#10350)
* fix: update action file to auto release plugin #10197 (#10321)
* Use gzip instead of pigz in CI (#10348)
* Disable Modsecurity from internal processing which affects large ingresses (#10316)
* fix: add /etc/mime.types #10309 (#10310)
* Remove curl dependencies in e2e tests #9716 (#10296)
* docs: swap explanation to match example (#10220)
* ci(helm): fix Helm Chart release action 422 error (#10237)
* helm: Use .Release.Namespace as default for ServiceMonitor namespace (#10249)
* Updated index.md - Fix typos (#10256)
* Handle request_id variable correctly in auth requests (#9219)
* test kind updates (#10272)
* promote distroless otel init image (#10257)
* [helm] configure allow to configure hostAliases (#10180)
* Add rolling update strategy to each static deployment file (#10129)
* Implement annotation validation (#9673)
* Golang 1.20.6 for test runner (#10230)
* [helm] pass service annotations through helm tpl engine (#10084)
* Ignore deployment template's replicas if KEDA is enabled (#9534)
* chore: bump OpenResty to v1.21.4.2 (#10219)
* Scanning port 10247 lead to tcp connection 502 error (#9815)
* revise Datadog trace sampling configuration (#10151)
* Clarify TCP/UDP service docs (#10146)
* Exposed continent data as variable in the case of Maxmind city files (#10157)
* Cleanup errcheck code (#10166)
* Fix golang-ci linter errors (#10128)
* Deprecate and remove AJP support (#10158)
* release notes 1.8.1 (#10161)
### Dependency updates:
* Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.12.0 (#10355)
* Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#10399)
* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10403)
* Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#10402)
* Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#10404)
* Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#10400)
* Bump google.golang.org/grpc from 1.57.0 to 1.58.0 (#10398)
* Bump actions/dependency-review-action from 3.0.8 to 3.1.0 (#10401)
* Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 (#10373)
* Bump github.com/cyphar/filepath-securejoin in /magefiles (#10374)
* Bump Go version to 1.21.1 (#10377)
* Bump Go version to 1.21.1 on testrunner (#10378)
* Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 (#10365)
* Bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#10353)
* Bump actions/checkout from 3.5.3 to 3.6.0 (#10354)
* Bump actions/dependency-review-action from 3.0.6 to 3.0.8 (#10333)
* Bump actions/setup-go from 4.0.1 to 4.1.0 (#10313)
* Bump securego/gosec from 2.16.0 to 2.17.0 (#10332)
* Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (#10314)
* Bump github.com/opencontainers/runc from 1.1.8 to 1.1.9 (#10298)
* Bump k8s.io/component-base from 0.26.4 to 0.27.4 (Replace Topology Aware Hints with Topology Aware Routing) (#10282)
* Bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#10258)
* Bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#10280)
* Bump github.com/opencontainers/runc from 1.1.7 to 1.1.8 (#10244)
* Bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#10193)
* Bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#10207)
* Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#10192)
* Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#10191)
* Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#10165)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-release-1.8...controller-controller-v1.9.0

21
changelog/controller-1.9.1.md
View file

@ -1,21 +0,0 @@
# Changelog
### 1.9.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.1@sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.1@sha256:2ac744ef08850ee86ad7162451a6879f47c1a41c6a757f6b6f913c52103b8836
### All changes:
* upgrade owasp modsecurity core rule set to v3.3.5 (#10437)
* Start v1.9.1 release (#10463)
* Accept backend protocol on any case (#10461)
* Chart: Rework network policies. (#10438)
### Dependency updates:
* Bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#10436)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.0...controller-controller-v1.9.1

29
changelog/controller-1.9.3.md
View file

@ -1,29 +0,0 @@
# Changelog
### 1.9.3
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.3@sha256:8fd21d59428507671ce0fb47f818b1d859c92d2ad07bb7c947268d433030ba98
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.3@sha256:df4931fd6859fbf1a71e785f02a44b2f9a16f010ae852c442e9bb779cbefdc86
### All changes:
* update nginx base, httpbun, e2e, helm webhook cert gen (#10506)
* added warning for configuration-snippets usage (#10492)
* Remove legacy GeoIP from controller (#10495)
* add upstream patch for CVE-2023-44487 (#10494)
* Revert "Remove curl from nginx base image (#10477)" (#10479)
* update error and otel to have all the arch we support (#10476)
* Remove curl from nginx base image (#10477)
### Dependency updates:
* Bump x/net (#10514)
* Bump curl and Go version (#10503)
* Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#10496)
* Bump github.com/prometheus/client_model (#10486)
* Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#10487)
* Bump golang.org/x/crypto from 0.13.0 to 0.14.0 (#10485)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.1...controller-controller-v1.9.3

14
changelog/controller-1.9.4.md
View file

@ -1,14 +0,0 @@
# Changelog
### 1.9.4
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.4@sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26
### All changes:
* Cherry pick fcgi fix and release v1.9.4 (#10544)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.9.3...controller-controller-v1.9.4

37
changelog/controller-1.9.5.md
View file

@ -1,37 +0,0 @@
# Changelog
### controller-v1.9.5
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.5@sha256:9a8d7b25a846a6461cd044b9aea9cf6cad972bcf2e64d9fd246c0279979aad2d
### All changes:
* update nginx build (#10781)
* update images from golang upgrade (#10762)
* fix: remove tcpproxy copy error handling (#10715)
* Ignore fake certificate for NGINXCertificateExpiry (#10694)
* Comment NGINXCertificateExpiry alert label matcher (#10692)
* chart: allow setting allocateLoadBalancerNodePorts (#10693)
* [release-1.9] feat(helm): add documentation about metric args (#10695)
* chore(dep): change lua-resty-cookie's repo (#10691)
* annotation validation - extended URLWithNginxVariableRegex from alphaNumericChars to extendedAlphaNumeric (#10656)
* fix: adjust unfulfillable validation check for session-cookie-samesite annotation (#10604)
* fix: Validate x-forwarded-prefix annotation with RegexPathWithCapture (#10603)
* Increase HSTS max-age to default to one year (#10580)
* [release-1.9] update nginx base, httpbun, e2e, helm webhook cert gen (#10507)
* [release-1.9] add upstream patch for CVE-2023-44487 (#10499)
* fix brotli build issues (#10468)
* upgrade owasp modsecurity core rule set to v3.3.5 (#10437)
* Accept backend protocol on any case (#10461)
* Chart: Rework network policies. (#10438)
* Rework mage (#10418)
### Dependency updates:
* Bump x/net (#10517)
* Bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#10436)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.4...controller-v1.9.5

21
changelog/controller-1.9.6.md
View file

@ -1,21 +0,0 @@
# Changelog
### controller-v1.9.6
Images:
* registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.6@sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096
### All changes:
* update web hook cert gen to latest release v20231226-1a7112e06
* annotation validation: validate regex in common name annotation (#10880)
* change MODSECURITY_VERSION_LIB to 3.0.11 (#10879)
* Include SECLEVEL and STRENGTH as part of ssl-cipher list validation (#10871)
### Dependency updates:
* Bump github.com/opencontainers/runc from 1.1.10 to 1.1.11 (#10878)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.5...controller-v1.9.6

22
changelog/controller.md.gotmpl
View file

@ -1,22 +0,0 @@
# Changelog
### {{ .NewControllerVersion }}
{{ with .ControllerImages }}
Images:
{{ range . }}
* {{ .Registry }}/{{ .Name }}:{{ .Tag}}@{{ .Digest }}
{{- end }}
{{ end }}
{{- with .Updates }}
### All changes:
{{ range . }}
* {{ . }}
{{- end }}
{{ end }}
{{- with .DepUpdates }}
### Dependency updates:
{{ range . }}
* {{ . }}
{{- end }}
{{ end }}
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/{{ .PreviousControllerVersion }}...{{ .NewControllerVersion }}

1
charts/ingress-nginx/.helmignore
View file

@ -20,4 +20,3 @@
.idea/
*.tmproj
.vscode/
__snapshot__

32
charts/ingress-nginx/Chart.yaml
View file

@ -1,24 +1,16 @@
annotations:
artifacthub.io/changes: |
- 'CI: Fix chart testing. (#12258)'
- Update Ingress-Nginx version controller-v1.12.0
artifacthub.io/prerelease: "false"
apiVersion: v2
appVersion: 1.12.0
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
load balancer
apiVersion: v1
name: ingress-nginx
version: 2.13.0
appVersion: 0.35.0
home: https://github.com/kubernetes/ingress-nginx
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
keywords:
- ingress
- nginx
kubeVersion: '>=1.21.0-0'
maintainers:
- name: cpanato
- name: Gacko
- name: strongjz
- name: tao12345666333
name: ingress-nginx
- ingress
- nginx
sources:
- https://github.com/kubernetes/ingress-nginx
version: 4.12.0
- https://github.com/kubernetes/ingress-nginx
maintainers:
- name: ChiefAlexander
engine: gotpl
kubeVersion: ">=1.10.0-0"

7
charts/ingress-nginx/OWNERS
View file

@ -1,4 +1,5 @@
# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
approvers:
- ChiefAlexander
labels:
- area/helm
reviewers:
- ChiefAlexander

468
charts/ingress-nginx/README.md
View file

@ -2,29 +2,30 @@
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
![Version: 4.12.0](https://img.shields.io/badge/Version-4.12.0-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square)
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
To use, add the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Requirements
## Prerequisites
Kubernetes: `>=1.21.0-0`
- Kubernetes 1.6+
## Get Repo Info
```console
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add stable https://kubernetes-charts.storage.googleapis.com/
helm repo update
```
## Install Chart
**Important:** only helm3 is supported
```console
helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
# Helm 3
$ helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
# Helm 2
$ helm install --name [RELEASE_NAME] ingress-nginx/ingress-nginx
```
The command deploys ingress-nginx on the Kubernetes cluster in the default configuration.
@ -36,7 +37,11 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
## Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
# Helm 3
$ helm uninstall [RELEASE_NAME]
# Helm 2
# helm delete --purge [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
@ -46,11 +51,16 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc
## Upgrading Chart
```console
helm upgrade [RELEASE_NAME] [CHART] --install
# Helm 3 or 2
$ helm upgrade [RELEASE_NAME] [CHART] --install
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading With Zero Downtime in Production
By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
@ -61,6 +71,7 @@ There are two main ways to migrate a release from `stable/nginx-ingress` to `ing
1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
@ -69,7 +80,11 @@ Note that there are some different and upgraded configurations between the two c
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
```console
helm show values ingress-nginx/ingress-nginx
# Helm 2
$ helm inspect values ingress-nginx/ingress-nginx
# Helm 3
$ helm show values ingress-nginx/ingress-nginx
```
### PodDisruptionBudget
@ -79,22 +94,21 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https:
### Prometheus Metrics
The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`.
### ingress-nginx nginx\_status page/stats server
Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller:
Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller:
- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server
- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230) to re-enable the http server
### ExternalDNS Service Configuration
Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service:
```yaml
controller:
@ -105,7 +119,7 @@ controller:
### AWS L7 ELB with SSL Termination
Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml):
Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/master/deploy/aws/l7/service-l7.yaml):
```yaml
controller:
@ -120,6 +134,19 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
```
### AWS route53-mapper
To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label:
```yaml
controller:
service:
labels:
dns: "route53"
annotations:
domainName: "kubernetes-example.com"
```
### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
@ -143,10 +170,8 @@ controller:
internal:
enabled: true
annotations:
# Create internal NLB
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
# Create internal ELB(Deprecated)
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# Create internal ELB
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
# Any other annotation can be declared here.
```
@ -157,66 +182,21 @@ controller:
service:
internal:
enabled: true
annotations:
# Create internal LB. More information: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing
# For GKE versions 1.17 and later
networking.gke.io/load-balancer-type: "Internal"
# For earlier versions
# cloud.google.com/load-balancer-type: "Internal"
# Any other annotation can be declared here.
```
Example for Azure:
```yaml
controller:
service:
annotations:
# Create internal LB
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
cloud.google.com/load-balancer-type: "Internal"
# Any other annotation can be declared here.
```
Example for Oracle Cloud Infrastructure:
```yaml
controller:
service:
annotations:
# Create internal LB
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
The load balancer annotations of more cloud service providers can be found: [Internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer).
An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
### Ingress Admission Webhooks
With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
**This feature is enabled by default since 0.31.0.**
With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
#### How the Chart Configures the Hooks
A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate.
3. Validating and Mutating webhook configurations are created in the cluster.
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
#### Alternatives
It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enabled` value to true.
Please ensure that cert-manager is correctly installed and configured.
### Helm Error When Upgrading: spec.clusterIP: Invalid value: ""
If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
@ -228,349 +208,3 @@ Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: In
Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
### Pod Security Admission
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
Example:
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commonLabels | object | `{}` | |
| controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers |
| controller.admissionWebhooks.annotations | object | `{}` | |
| controller.admissionWebhooks.certManager.admissionCert.duration | string | `""` | |
| controller.admissionWebhooks.certManager.enabled | bool | `false` | |
| controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | |
| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | |
| controller.admissionWebhooks.createSecretJob.name | string | `"create"` | |
| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | |
| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
| controller.admissionWebhooks.enabled | bool | `true` | |
| controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use |
| controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | |
| controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks |
| controller.admissionWebhooks.name | string | `"admission"` | |
| controller.admissionWebhooks.namespaceSelector | object | `{}` | |
| controller.admissionWebhooks.objectSelector | object | `{}` | |
| controller.admissionWebhooks.patch.enabled | bool | `true` | |
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:0de05718b59dc33b57ddfb4d8ad5f637cefd13eafdec0e1579d782b3483c27c3"` | |
| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.admissionWebhooks.patch.image.tag | string | `"v1.5.1"` | |
| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | |
| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
| controller.admissionWebhooks.patch.rbac | object | `{"create":true}` | Admission webhook patch job RBAC |
| controller.admissionWebhooks.patch.rbac.create | bool | `true` | Create RBAC or not |
| controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods |
| controller.admissionWebhooks.patch.serviceAccount | object | `{"automountServiceAccountToken":true,"create":true,"name":""}` | Admission webhook patch job service account |
| controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token or not |
| controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not |
| controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name |
| controller.admissionWebhooks.patch.tolerations | list | `[]` | |
| controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` | |
| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | |
| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
| controller.admissionWebhooks.port | int | `8443` | |
| controller.admissionWebhooks.service.annotations | object | `{}` | |
| controller.admissionWebhooks.service.externalIPs | list | `[]` | |
| controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | |
| controller.admissionWebhooks.service.servicePort | int | `443` | |
| controller.admissionWebhooks.service.type | string | `"ClusterIP"` | |
| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # |
| controller.allowSnippetAnnotations | bool | `false` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected |
| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # |
| controller.autoscaling.annotations | object | `{}` | |
| controller.autoscaling.behavior | object | `{}` | |
| controller.autoscaling.enabled | bool | `false` | |
| controller.autoscaling.maxReplicas | int | `11` | |
| controller.autoscaling.minReplicas | int | `1` | |
| controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
| controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
| controller.autoscalingTemplate | list | `[]` | |
| controller.config | object | `{}` | Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
| controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
| controller.containerName | string | `"controller"` | Configures the controller container name |
| controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on |
| controller.containerSecurityContext | object | `{}` | Security context for controller containers |
| controller.customTemplate.configMapKey | string | `""` | |
| controller.customTemplate.configMapName | string | `""` | |
| controller.disableLeaderElection | bool | `false` | This configuration disable Nginx Controller Leader Election |
| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |
| controller.electionTTL | string | `""` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) |
| controller.enableAnnotationValidations | bool | `true` | |
| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # |
| controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" Defaults to false |
| controller.extraArgs | object | `{}` | Additional command line arguments to pass to Ingress-Nginx Controller E.g. to specify the default SSL certificate you can use |
| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. |
| controller.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. |
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. |
| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. |
| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. |
| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. |
| controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. |
| controller.hostAliases | list | `[]` | Optionally customize the pod hostAliases. |
| controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged |
| controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not |
| controller.hostPort.ports.http | int | `80` | 'hostPort' http port |
| controller.hostPort.ports.https | int | `443` | 'hostPort' https port |
| controller.hostname | object | `{}` | Optionally customize the pod hostname. |
| controller.image.allowPrivilegeEscalation | bool | `false` | |
| controller.image.chroot | bool | `false` | |
| controller.image.digest | string | `"sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa"` | |
| controller.image.digestChroot | string | `"sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3"` | |
| controller.image.image | string | `"ingress-nginx/controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.readOnlyRootFilesystem | bool | `false` | |
| controller.image.runAsGroup | int | `82` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
| controller.image.runAsNonRoot | bool | `true` | |
| controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
| controller.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.image.tag | string | `"v1.12.0"` | |
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
| controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
| controller.ingressClassResource.aliases | list | `[]` | Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. Useful for development environments with only one Ingress Controller but production-like Ingress resources. `default` gets enabled on the original IngressClass only. |
| controller.ingressClassResource.annotations | object | `{}` | Annotations to be added to the IngressClass resource. |
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
| controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class |
| controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not |
| controller.ingressClassResource.name | string | `"nginx"` | Name of the IngressClass |
| controller.ingressClassResource.parameters | object | `{}` | A link to a custom resource containing additional configuration for the controller. This is optional if the controller consuming this IngressClass does not require additional parameters. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
| controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` | |
| controller.keda.behavior | object | `{}` | |
| controller.keda.cooldownPeriod | int | `300` | |
| controller.keda.enabled | bool | `false` | |
| controller.keda.maxReplicas | int | `11` | |
| controller.keda.minReplicas | int | `1` | |
| controller.keda.pollingInterval | int | `30` | |
| controller.keda.restoreToOriginalReplicaCount | bool | `false` | |
| controller.keda.scaledObject.annotations | object | `{}` | |
| controller.keda.triggers | list | `[]` | |
| controller.kind | string | `"Deployment"` | Use a `DaemonSet` or `Deployment` |
| controller.labels | object | `{}` | Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels # |
| controller.lifecycle | object | `{"preStop":{"exec":{"command":["/wait-shutdown"]}}}` | Improve connection draining when ingress controller pod is deleted using a lifecycle hook: With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds to 300, allowing the draining of connections up to five minutes. If the active connections end before that, the pod will terminate gracefully at that time. To effectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is 240s instead of 10s. # |
| controller.livenessProbe.failureThreshold | int | `5` | |
| controller.livenessProbe.httpGet.path | string | `"/healthz"` | |
| controller.livenessProbe.httpGet.port | int | `10254` | |
| controller.livenessProbe.httpGet.scheme | string | `"HTTP"` | |
| controller.livenessProbe.initialDelaySeconds | int | `10` | |
| controller.livenessProbe.periodSeconds | int | `10` | |
| controller.livenessProbe.successThreshold | int | `1` | |
| controller.livenessProbe.timeoutSeconds | int | `1` | |
| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ |
| controller.metrics.enabled | bool | `false` | |
| controller.metrics.port | int | `10254` | |
| controller.metrics.portName | string | `"metrics"` | |
| controller.metrics.prometheusRule.additionalLabels | object | `{}` | |
| controller.metrics.prometheusRule.annotations | object | `{}` | Annotations to be added to the PrometheusRule. |
| controller.metrics.prometheusRule.enabled | bool | `false` | |
| controller.metrics.prometheusRule.rules | list | `[]` | |
| controller.metrics.service.annotations | object | `{}` | |
| controller.metrics.service.enabled | bool | `true` | Enable the metrics service or not. |
| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
| controller.metrics.service.labels | object | `{}` | Labels to be added to the metrics service resource |
| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | |
| controller.metrics.service.servicePort | int | `10254` | |
| controller.metrics.service.type | string | `"ClusterIP"` | |
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | |
| controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. |
| controller.metrics.serviceMonitor.enabled | bool | `false` | |
| controller.metrics.serviceMonitor.labelLimit | int | `0` | Per-scrape limit on number of labels that will be accepted for a sample. |
| controller.metrics.serviceMonitor.labelNameLengthLimit | int | `0` | Per-scrape limit on length of labels name that will be accepted for a sample. |
| controller.metrics.serviceMonitor.labelValueLengthLimit | int | `0` | Per-scrape limit on length of labels value that will be accepted for a sample. |
| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | |
| controller.metrics.serviceMonitor.namespace | string | `""` | |
| controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | |
| controller.metrics.serviceMonitor.relabelings | list | `[]` | |
| controller.metrics.serviceMonitor.sampleLimit | int | `0` | Defines a per-scrape limit on the number of scraped samples that will be accepted. |
| controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | |
| controller.metrics.serviceMonitor.targetLabels | list | `[]` | |
| controller.metrics.serviceMonitor.targetLimit | int | `0` | Defines a limit on the number of scraped targets that will be accepted. |
| controller.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
| controller.name | string | `"controller"` | |
| controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
| controller.podSecurityContext | object | `{}` | Security context for controller pods |
| controller.priorityClassName | string | `""` | |
| controller.progressDeadlineSeconds | int | `0` | Specifies the number of seconds you want to wait for the controller deployment to progress before the system reports back that it has failed. Ref.: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds |
| controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers |
| controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. |
| controller.publishService.enabled | bool | `true` | Enable 'publishService' or not |
| controller.publishService.pathOverride | string | `""` | Allows overriding of the publish service to bind to Must be <namespace>/<service_name> |
| controller.readinessProbe.failureThreshold | int | `3` | |
| controller.readinessProbe.httpGet.path | string | `"/healthz"` | |
| controller.readinessProbe.httpGet.port | int | `10254` | |
| controller.readinessProbe.httpGet.scheme | string | `"HTTP"` | |
| controller.readinessProbe.initialDelaySeconds | int | `10` | |
| controller.readinessProbe.periodSeconds | int | `10` | |
| controller.readinessProbe.successThreshold | int | `1` | |
| controller.readinessProbe.timeoutSeconds | int | `1` | |
| controller.replicaCount | int | `1` | |
| controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply |
| controller.resources.requests.cpu | string | `"100m"` | |
| controller.resources.requests.memory | string | `"90Mi"` | |
| controller.scope.enabled | bool | `false` | Enable 'scope' or not |
| controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) |
| controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. |
| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. |
| controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
| controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
| controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
| controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
| controller.service.external.labels | object | `{}` | Labels to be added to the external controller service. |
| controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
| controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.internal.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. |
| controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. |
| controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
| controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
| controller.service.internal.nodePorts.http | string | `""` | Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.internal.nodePorts.https | string | `""` | Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.internal.nodePorts.tcp | object | `{}` | Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
| controller.service.internal.nodePorts.udp | object | `{}` | Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
| controller.service.internal.ports | object | `{}` | |
| controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.internal.targetPorts | object | `{}` | |
| controller.service.internal.trafficDistribution | string | `""` | Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
| controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.labels | object | `{}` | Labels to be added to both controller services. |
| controller.service.loadBalancerClass | string | `""` | Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
| controller.service.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| controller.service.loadBalancerSourceRanges | list | `[]` | Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default. |
| controller.service.nodePorts.http | string | `""` | Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.https | string | `""` | Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range. |
| controller.service.nodePorts.tcp | object | `{}` | Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range. Example: tcp: 8080: 30080 |
| controller.service.nodePorts.udp | object | `{}` | Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range. Example: udp: 53: 30053 |
| controller.service.ports.http | int | `80` | Port the external HTTP listener is published with. |
| controller.service.ports.https | int | `443` | Port the external HTTPS listener is published with. |
| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. |
| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. |
| controller.service.trafficDistribution | string | `""` | Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.shareProcessNamespace | bool | `false` | |
| controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ |
| controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap |
| controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) |
| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # |
| controller.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # |
| controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap |
| controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) |
| controller.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false |
| defaultBackend.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
| defaultBackend.autoscaling.annotations | object | `{}` | |
| defaultBackend.autoscaling.enabled | bool | `false` | |
| defaultBackend.autoscaling.maxReplicas | int | `2` | |
| defaultBackend.autoscaling.minReplicas | int | `1` | |
| defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
| defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
| defaultBackend.containerSecurityContext | object | `{}` | Security context for default backend containers |
| defaultBackend.enabled | bool | `false` | |
| defaultBackend.extraArgs | object | `{}` | |
| defaultBackend.extraConfigMaps | list | `[]` | |
| defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods |
| defaultBackend.extraVolumeMounts | list | `[]` | |
| defaultBackend.extraVolumes | list | `[]` | |
| defaultBackend.image.allowPrivilegeEscalation | bool | `false` | |
| defaultBackend.image.image | string | `"defaultbackend-amd64"` | |
| defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | |
| defaultBackend.image.readOnlyRootFilesystem | bool | `true` | |
| defaultBackend.image.runAsGroup | int | `65534` | |
| defaultBackend.image.runAsNonRoot | bool | `true` | |
| defaultBackend.image.runAsUser | int | `65534` | |
| defaultBackend.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| defaultBackend.image.tag | string | `"1.5"` | |
| defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources |
| defaultBackend.livenessProbe.failureThreshold | int | `3` | |
| defaultBackend.livenessProbe.initialDelaySeconds | int | `30` | |
| defaultBackend.livenessProbe.periodSeconds | int | `10` | |
| defaultBackend.livenessProbe.successThreshold | int | `1` | |
| defaultBackend.livenessProbe.timeoutSeconds | int | `5` | |
| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
| defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
| defaultBackend.name | string | `"defaultbackend"` | |
| defaultBackend.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # |
| defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata |
| defaultBackend.podSecurityContext | object | `{}` | Security context for default backend pods |
| defaultBackend.port | int | `8080` | |
| defaultBackend.priorityClassName | string | `""` | |
| defaultBackend.readinessProbe.failureThreshold | int | `6` | |
| defaultBackend.readinessProbe.initialDelaySeconds | int | `0` | |
| defaultBackend.readinessProbe.periodSeconds | int | `5` | |
| defaultBackend.readinessProbe.successThreshold | int | `1` | |
| defaultBackend.readinessProbe.timeoutSeconds | int | `5` | |
| defaultBackend.replicaCount | int | `1` | |
| defaultBackend.resources | object | `{}` | |
| defaultBackend.service.annotations | object | `{}` | |
| defaultBackend.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
| defaultBackend.service.loadBalancerSourceRanges | list | `[]` | |
| defaultBackend.service.servicePort | int | `80` | |
| defaultBackend.service.type | string | `"ClusterIP"` | |
| defaultBackend.serviceAccount.automountServiceAccountToken | bool | `true` | |
| defaultBackend.serviceAccount.create | bool | `true` | |
| defaultBackend.serviceAccount.name | string | `""` | |
| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
| defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
| defaultBackend.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
| global.image.registry | string | `"registry.k8s.io"` | Registry host to pull images from. |
| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace |
| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration |
| rbac.create | bool | `true` | |
| rbac.scope | bool | `false` | |
| revisionHistoryLimit | int | `10` | Rollback limit # |
| serviceAccount.annotations | object | `{}` | Annotations for the controller service account |
| serviceAccount.automountServiceAccountToken | bool | `true` | |
| serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | |
| tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |
| udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # |

247
charts/ingress-nginx/README.md.gotmpl
View file

@ -1,247 +0,0 @@
{{ template "chart.header" . }}
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
{{ template "chart.requirementsSection" . }}
## Get Repo Info
```console
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
```
## Install Chart
**Important:** only helm3 is supported
```console
helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
```
The command deploys ingress-nginx on the Kubernetes cluster in the default configuration.
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
```console
helm upgrade [RELEASE_NAME] [CHART] --install
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Migrating from stable/nginx-ingress
There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one
1. For critical services in production that require zero-downtime, you will want to:
1. [Install](#install-chart) a second Ingress controller
1. Redirect your DNS traffic from the old controller to the new controller
1. Log traffic from both controllers during this changeover
1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
```console
helm show values ingress-nginx/ingress-nginx
```
### PodDisruptionBudget
Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one,
else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info.
### Prometheus Metrics
The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
### ingress-nginx nginx\_status page/stats server
Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller:
- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server
### ExternalDNS Service Configuration
Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
```yaml
controller:
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
```
### AWS L7 ELB with SSL Termination
Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml):
```yaml
controller:
service:
targetPorts:
http: http
https: http
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
```
### Additional Internal Load Balancer
This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL.
You'll need to set both the following values:
`controller.service.internal.enabled`
`controller.service.internal.annotations`
If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken.
`controller.service.internal.annotations` varies with the cloud service you're using.
Example for AWS:
```yaml
controller:
service:
internal:
enabled: true
annotations:
# Create internal NLB
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
# Create internal ELB(Deprecated)
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
Example for GCE:
```yaml
controller:
service:
internal:
enabled: true
annotations:
# Create internal LB. More information: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing
# For GKE versions 1.17 and later
networking.gke.io/load-balancer-type: "Internal"
# For earlier versions
# cloud.google.com/load-balancer-type: "Internal"
# Any other annotation can be declared here.
```
Example for Azure:
```yaml
controller:
service:
annotations:
# Create internal LB
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
Example for Oracle Cloud Infrastructure:
```yaml
controller:
service:
annotations:
# Create internal LB
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
# Any other annotation can be declared here.
```
The load balancer annotations of more cloud service providers can be found: [Internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer).
An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
### Ingress Admission Webhooks
With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
**This feature is enabled by default since 0.31.0.**
With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
#### How the Chart Configures the Hooks
A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate.
3. Validating and Mutating webhook configurations are created in the cluster.
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
#### Alternatives
It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enabled` value to true.
Please ensure that cert-manager is correctly installed and configured.
### Helm Error When Upgrading: spec.clusterIP: Invalid value: ""
If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
```console
Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable
```
Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
### Pod Security Admission
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
Example:
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31
```
{{ template "chart.valuesSection" . }}

9
charts/ingress-nginx/changelog/helm-chart-2.10.0.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.10.0
* [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.1...ingress-nginx-2.10.0

10
charts/ingress-nginx/changelog/helm-chart-2.11.0.md
View file

@ -1,10 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.0
* [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
* [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.10.0...ingress-nginx-2.11.0

9
charts/ingress-nginx/changelog/helm-chart-2.11.1.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.1
* [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.0...ingress-nginx-2.11.1

9
charts/ingress-nginx/changelog/helm-chart-2.11.2.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.2
* [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.1...ingress-nginx-2.11.2

9
charts/ingress-nginx/changelog/helm-chart-2.11.3.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.11.3
* [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.2...ingress-nginx-2.11.3

10
charts/ingress-nginx/changelog/helm-chart-2.12.0.md
View file

@ -1,10 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.12.0
* [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
* [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.11.3...ingress-nginx-2.12.0

9
charts/ingress-nginx/changelog/helm-chart-2.12.1.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.12.1
* [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.0...ingress-nginx-2.12.1

10
charts/ingress-nginx/changelog/helm-chart-2.13.0.md
View file

@ -1,10 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.13.0
* [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
* [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.12.1...ingress-nginx-2.13.0

9
charts/ingress-nginx/changelog/helm-chart-2.14.0.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.14.0
* [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.13.0...ingress-nginx-2.14.0

9
charts/ingress-nginx/changelog/helm-chart-2.15.0.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.15.0
* [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.14.0...ingress-nginx-2.15.0

9
charts/ingress-nginx/changelog/helm-chart-2.16.0.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.16.0
* [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.15.0...ingress-nginx-2.16.0

9
charts/ingress-nginx/changelog/helm-chart-2.9.0.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.9.0
* [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-TODO...ingress-nginx-2.9.0

9
charts/ingress-nginx/changelog/helm-chart-2.9.1.md
View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 2.9.1
* [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/ingress-nginx-2.9.0...ingress-nginx-2.9.1

Some files were not shown because too many files have changed in this diff Show more