Compare commits

..

275 commits

Author SHA1 Message Date
Marco Ebert
da462b23b9
Release controller v1.10.5 & chart v4.10.5. (#12155) 2024-10-08 21:58:23 +01:00
Marco Ebert
a88d080c45
Images: Trigger controller build. (#12133) 2024-10-08 06:24:23 +01:00
Marco Ebert
8e8cebfe70
Bump the actions group with 3 updates (#12150)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 22:06:22 +01:00
k8s-infra-cherrypick-robot
bb31f9be1f
Tests & Docs: Bump e2e-test-echo to v1.0.1. (#12146)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-10-07 21:28:23 +01:00
k8s-infra-cherrypick-robot
b51477b853
Images: Trigger e2e-test-echo build. (#12142)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-10-07 14:52:22 +01:00
k8s-infra-cherrypick-robot
c0d9c46ff3
Images: Drop s390x. (#12139)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-10-07 14:42:21 +01:00
k8s-infra-cherrypick-robot
6c2fb5e107
Images: Build s390x controller. (#12128)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-10-06 16:55:17 +02:00
Marco Ebert
520d47f5e8
Chart: Bump Kube Webhook CertGen. (#12122) 2024-10-06 16:20:57 +02:00
k8s-infra-cherrypick-robot
45f8b682bb
Tests & Docs: Bump images. (#12120)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-10-06 09:02:05 +01:00
Marco Ebert
d2b0254902
Cloud Build: Bump gcb-docker-gcloud to v20240718-5ef92b5c36. (#12116) 2024-10-06 00:55:22 +02:00
k8s-infra-cherrypick-robot
1983e0ef38
Images: Trigger other builds. (#12111)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-10-06 00:09:35 +02:00
k8s-infra-cherrypick-robot
c09dd15259
Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12108)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-05 08:38:03 +01:00
k8s-infra-cherrypick-robot
a95d09751d
Tests: Bump e2e-test-runner to v20241004-114a6abb. (#12104)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-10-04 19:38:27 +01:00
k8s-infra-cherrypick-robot
44cdacd24a
Images: Trigger test-runner build. (#12101)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-10-04 13:58:58 +02:00
k8s-infra-cherrypick-robot
4090075a18
Docs: Add a multi-tenant warning. (#12098)
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-10-04 13:51:30 +02:00
k8s-infra-cherrypick-robot
cb9445a3f1
Bump the actions group with 3 updates (#12096)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-04 13:43:35 +02:00
Marco Ebert
553c4961ea
Go: Bump to v1.22.8. (#12093) 2024-10-04 13:41:45 +02:00
Marco Ebert
70918bf836
Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12088)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-02 19:09:49 +01:00
k8s-infra-cherrypick-robot
324419cdfe
Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12086)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-02 18:09:49 +01:00
k8s-infra-cherrypick-robot
c996fa04e3
Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12084)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-02 18:05:49 +01:00
k8s-infra-cherrypick-robot
9a88ccdc49
Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12082)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-02 17:53:49 +01:00
Marco Ebert
ecd9bf80ea
Images: Bump NGINX_BASE to v0.1.0. (#12079) 2024-10-02 13:02:24 +02:00
k8s-infra-cherrypick-robot
c26db188ee
Images: Trigger NGINX build. (#12077)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-10-02 08:04:59 +02:00
Marco Ebert
27f93dec50
Images: Remove NGINX v1.21. (#12057) 2024-10-01 12:42:44 +02:00
k8s-infra-cherrypick-robot
fe6e276ba1
Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12054)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-30 16:12:03 +01:00
k8s-infra-cherrypick-robot
7c58cc9696
Bump the go group across 1 directory with 3 updates (#12052)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-30 15:30:03 +01:00
k8s-infra-cherrypick-robot
ed2c28ae54
Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12048)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-30 13:40:04 +01:00
k8s-infra-cherrypick-robot
e6e7790dde
Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12044)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-30 13:38:02 +01:00
k8s-infra-cherrypick-robot
97e185578c
Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12045)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-30 13:35:04 +01:00
k8s-infra-cherrypick-robot
12c88851eb
[release-1.10] GitHub: Improve Dependabot. (#12037)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-09-30 14:23:23 +02:00
Marco Ebert
022e43c4e5
Bump the all group with 2 updates (#12035)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-30 12:52:29 +02:00
k8s-infra-cherrypick-robot
bb594ab3f4
Chart: Improve CI. (#12029)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-09-28 15:38:02 +01:00
Marco Ebert
c954339710
Chart: Extend image tests. (#12026) 2024-09-28 13:14:33 +02:00
k8s-infra-cherrypick-robot
d68a1abaca
Docs: Add health check annotations for AWS. (#12021)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-09-26 12:04:01 +01:00
k8s-infra-cherrypick-robot
8a893c58a3
Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12015)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-23 14:16:31 +02:00
k8s-infra-cherrypick-robot
dbfe7c4738
Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12013)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-23 14:16:21 +02:00
k8s-infra-cherrypick-robot
ca0b309379
Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12011)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-23 14:16:03 +02:00
Marco Ebert
e191dd729c
Docs: Convert opentelemetry.md from CRLF to LF. (#12007) 2024-09-23 10:46:38 +02:00
k8s-infra-cherrypick-robot
befe02e97c
Chart: Test controller.minAvailable & controller.maxUnavailable. (#12001)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-09-20 14:21:02 +02:00
k8s-infra-cherrypick-robot
b3fb2a6239
Chart: Align default backend PodDisruptionBudget. (#11998)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-09-20 14:20:05 +02:00
k8s-infra-cherrypick-robot
ff9275bc15
Metrics: Fix namespace in nginx_ingress_controller_ssl_expire_time_seconds. (#11985)
Co-authored-by: Aleksey Gavrilov <alexey.gavrilov@flant.com>
2024-09-17 21:40:43 +01:00
k8s-infra-cherrypick-robot
cb182e8595
Bump the all group with 2 updates (#11979)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 13:40:17 +02:00
k8s-infra-cherrypick-robot
f88f90757f
Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11978)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 13:40:05 +02:00
k8s-infra-cherrypick-robot
d3bc077c7b
Chart: Improve default backend service account. (#11973)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-09-15 17:01:48 +02:00
k8s-infra-cherrypick-robot
2b0fc22348
Go: Bump to v1.22.7. (#11969)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-09-13 18:07:14 +01:00
k8s-infra-cherrypick-robot
73a091a2f0
Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11960)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 11:29:49 +01:00
k8s-infra-cherrypick-robot
dc7f2a0fe7
Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11959)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 15:26:27 +01:00
k8s-infra-cherrypick-robot
1614970907
[release-1.10] Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11956)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 15:26:13 +01:00
k8s-infra-cherrypick-robot
905f8edb0d
Images: Bump OpenTelemetry C++ Contrib. (#11950)
Co-authored-by: Damien Mehala <damien.mehala+github@gmail.com>
2024-09-08 11:23:20 +01:00
k8s-infra-cherrypick-robot
660df32cfd
Docs: Add note about --watch-namespace. (#11948)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-09-08 06:17:20 +01:00
k8s-infra-cherrypick-robot
951248422e
Images: Use latest Alpine 3.20 everywhere. (#11945)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-09-08 04:43:20 +01:00
Marco Ebert
d06029e3c5
Fix minor typos (#11940)
Co-authored-by: Nathan Baulch <nathan.baulch@gmail.com>
2024-09-06 23:19:46 +02:00
k8s-infra-cherrypick-robot
47b86617c1
Chart: Implement controller.admissionWebhooks.service.servicePort. (#11933)
Co-authored-by: Ramiro Algozino <ramiro@sighup.io>
2024-09-04 23:34:11 +01:00
k8s-infra-cherrypick-robot
37d25c7040
Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11929)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-04 12:21:26 +01:00
k8s-infra-cherrypick-robot
a6c74dd2cd
Bump the all group with 2 updates (#11924)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-02 18:09:15 +01:00
k8s-infra-cherrypick-robot
20440ac3d5
Tests: Bump e2e-test-runner to v20240829-2c421762. (#11920)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-29 22:49:31 +01:00
k8s-infra-cherrypick-robot
cdc3abe6bc
Images: Trigger test-runner build. (#11918)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-29 20:27:36 +02:00
k8s-infra-cherrypick-robot
b8ef31499e
Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11912)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-29 16:19:31 +01:00
k8s-infra-cherrypick-robot
3020ea8004
Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11907)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-29 16:02:48 +02:00
k8s-infra-cherrypick-robot
b5981b94c9
Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11906)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-29 16:02:30 +02:00
k8s-infra-cherrypick-robot
ff5c2be7ab
Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11905)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-29 14:00:30 +01:00
k8s-infra-cherrypick-robot
883cc88da6
Chart: Add tests for PrometheusRule & ServiceMonitor. (#11888)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-27 11:30:14 +02:00
k8s-infra-cherrypick-robot
fc00ca8cfa
Annotations: Allow commas in URLs. (#11886)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-08-27 00:01:36 +01:00
k8s-infra-cherrypick-robot
8543b71943
CI: Grant checks write permissions to E2E Test Report. (#11884)
Signed-off-by: Seonghyeon Cho <seonghyeoncho96@gmail.com>
Co-authored-by: Seonghyeon Cho <seonghyeoncho96@gmail.com>
2024-08-26 23:42:48 +02:00
k8s-infra-cherrypick-robot
7b1c88dc84
Bump the all group with 2 updates (#11870)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-26 22:32:48 +02:00
k8s-infra-cherrypick-robot
5dca112a79
Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11869)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-26 22:32:08 +02:00
k8s-infra-cherrypick-robot
886ba107dd
Update maxmind post link about geolite2 license changes (#11880)
Signed-off-by: Seonghyeon Cho <seonghyeoncho96@gmail.com>
Co-authored-by: Seonghyeon Cho <seonghyeoncho96@gmail.com>
2024-08-26 22:31:28 +02:00
Marco Ebert
a480113f18
Go: Sync go.work.sum. (#11876) 2024-08-26 18:48:35 +02:00
k8s-infra-cherrypick-robot
fb81aff398
Replace deprecated queue method (#11858)
Co-authored-by: Ricardo Katz <ricardo.katz@gmail.com>
2024-08-24 15:30:20 +02:00
k8s-infra-cherrypick-robot
f6e211acde
Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11848)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 11:37:55 +02:00
k8s-infra-cherrypick-robot
5f265d0b6e
Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11847)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 11:36:13 +02:00
Marco Ebert
aaea916903
Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11846)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 11:34:24 +02:00
Marco Ebert
9e9134612a
Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11841)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 11:28:59 +02:00
k8s-infra-cherrypick-robot
59705e1788
Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11833)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-21 09:39:27 +02:00
Marco Ebert
0486f013fe
Auto-generate annotation docs (#11835)
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
2024-08-21 09:38:34 +02:00
Marco Ebert
f08a1c4fda
Release controller v1.10.4 & chart v4.10.4. (#11815) 2024-08-16 08:54:28 +02:00
k8s-infra-cherrypick-robot
71ecd17faa
Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11811)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-15 05:53:18 -07:00
Marco Ebert
648cbcca7c
Images: Trigger controller build. (#11808) 2024-08-15 10:54:07 +02:00
Marco Ebert
5862677a1b
Tests & Docs: Bump images. (#11804)
* Tests: Bump CFSSL.

* Docs: Bump Custom Error Pages.

* Tests: Bump FastCGI HelloServer.

* Tests: Bump HTTPBun.

* Docs: Bump OpenTelemetry.
2024-08-15 08:26:51 +02:00
k8s-infra-cherrypick-robot
eff40aca50
Images: Trigger failed builds. (#11801)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-13 11:58:42 -07:00
k8s-infra-cherrypick-robot
591021acd5
Images: Trigger other builds. (#11797)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-13 03:37:28 -07:00
k8s-infra-cherrypick-robot
255ee7bacc
Controller: Fix panic in alternative backend merging. (#11793)
Co-authored-by: joey <zchengjoey@gmail.com>
2024-08-13 03:00:47 -07:00
k8s-infra-cherrypick-robot
a76ecf8111
Tests: Bump e2e-test-runner to v20240812-3f0129aa. (#11791)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-13 00:43:41 -07:00
k8s-infra-cherrypick-robot
dc2df247f2
Images: Trigger test-runner build. (#11786)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-12 23:32:48 -07:00
k8s-infra-cherrypick-robot
a354195cce
Images: Bump NGINX_BASE to v0.0.12. (#11783)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-12 17:02:26 -07:00
k8s-infra-cherrypick-robot
1b3ea586ab
Images: Trigger NGINX build. (#11780)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-13 00:27:22 +02:00
k8s-infra-cherrypick-robot
0d5f75b2cf
Cloud Build: Add missing config, remove unused ones. (#11776)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-12 14:01:05 -07:00
Marco Ebert
819eee899d
Generate correct output on NumCPU() when using cgroups2 (#11775)
Co-authored-by: Nicholas Orlowsky <nickorlow@nickorlow.com>
2024-08-12 22:57:08 +02:00
k8s-infra-cherrypick-robot
164163ec7f
Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11772)
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.19.1 to 2.20.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.19.1...v2.20.0)

* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 elsewhere

---------

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-12 21:47:56 +02:00
k8s-infra-cherrypick-robot
b77e9ed3e8
Bump the all group with 2 updates (#11770)
Bumps the all group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `actions/upload-artifact` from 4.3.5 to 4.3.6
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](89ef406dd8...834a144ee9)

Updates `github/codeql-action` from 3.25.15 to 3.26.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](afb54ba388...eb055d739a)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-12 06:51:38 -07:00
k8s-infra-cherrypick-robot
a01effb8e5
Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11768)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.25.0 to 0.26.0.
- [Commits](https://github.com/golang/crypto/compare/v0.25.0...v0.26.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-12 06:12:52 -07:00
k8s-infra-cherrypick-robot
cdd03fe5b1
Cloud Build: Tweak timeouts. (#11762)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-11 10:07:49 +02:00
k8s-infra-cherrypick-robot
f76e9be8d6
Cloud Build: Fix substitutions. (#11759)
Prow hands in some substitutions via arguments we need to ignore.

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-11 10:05:23 +02:00
k8s-infra-cherrypick-robot
ce3704217c
Cloud Build: Some chores. (#11756)
* Cloud Build: Remove comment.

* Cloud Build: Add newlines at EOF.

* Cloud Build: Align comment.

* Cloud Build: Remove trailing slash.

* Cloud Build: Remove quotes.

* Cloud Build: Align indentation.

* Cloud Build: Improve quotes.

* Cloud Build: Put arguments in one line.

* Cloud Build: Bump image.

* Cloud Build: Reorder entrypoint.

* Cloud Build: Adjust timeouts.

* Cloud Build: Remove useless files.

* Cloud Build: Remove `substitution_option`.

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-11 10:00:26 +02:00
k8s-infra-cherrypick-robot
fd170c23b5
Go: Bump to v1.22.6. (#11748)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-08 08:04:10 -07:00
k8s-infra-cherrypick-robot
d600fb4978
Images: Bump NGINX_BASE to v0.0.11. (#11744)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-06 09:44:50 -07:00
k8s-infra-cherrypick-robot
b881aaf138
Images: Trigger NGINX build. (#11736)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-05 14:36:56 -07:00
k8s-infra-cherrypick-robot
50108c72ba
docs: update OpenSSL Roadmap link (#11734)
Co-authored-by: Mmx <green.dusk8264@fastmail.com>
2024-08-05 17:33:47 +02:00
k8s-infra-cherrypick-robot
06653e0fbc
Go: Bump to v1.22.5. (#11731)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-08-05 17:33:35 +02:00
k8s-infra-cherrypick-robot
266731de45
Bump the all group with 3 updates (#11729)
Bumps the all group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action).

Updates `docker/setup-buildx-action` from 3.5.0 to 3.6.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](aa33708b10...988b5a0280)

Updates `actions/upload-artifact` from 4.3.4 to 4.3.5
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](0b2256b8c0...89ef406dd8)

Updates `golangci/golangci-lint-action` from 6.0.1 to 6.1.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](a4f60bb28d...aaa42aa062)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-05 07:14:59 -07:00
k8s-infra-cherrypick-robot
9803c78395
Docs: Fix typo in AWS LB Controller reference (#11724)
Co-authored-by: Gaston Festari <cilindrox@gmail.com>
2024-08-05 00:22:39 -07:00
k8s-infra-cherrypick-robot
9b962ecec7
Perform some cleaning operations on line breaks. (#11722)
Co-authored-by: André Storfjord Kristiansen <33384479+dev-bio@users.noreply.github.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
2024-08-02 08:04:00 -07:00
k8s-infra-cherrypick-robot
a0ca791929
Missing anchors in regular expression. (#11718)
Co-authored-by: André Storfjord Kristiansen <33384479+dev-bio@users.noreply.github.com>
2024-08-02 01:36:46 -07:00
k8s-infra-cherrypick-robot
2d6c3302fa
Docs: Fix from-to-www redirect description. (#11715)
Co-authored-by: dvg <vdruginin@gmail.com>
2024-08-01 04:49:08 -07:00
Marco Ebert
050091395e
Chart: Remove isControllerTagValid. (#11714) 2024-08-01 04:43:48 -07:00
k8s-infra-cherrypick-robot
48e407fc6d
Tests: Bump e2e-test-runner to v20240729-04899b27. (#11704)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-29 21:58:23 -07:00
k8s-infra-cherrypick-robot
2bce6a13db
Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11700)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group

Bumps the all group with 1 update: [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo).

Updates `github.com/onsi/ginkgo/v2` from 2.19.0 to 2.19.1
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.19.0...v2.19.1)

* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 elsewhere

---------

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-29 07:39:38 -07:00
k8s-infra-cherrypick-robot
d248928ad1
Bump the all group with 2 updates (#11697)
Bumps the all group with 2 updates: [ossf/scorecard-action](https://github.com/ossf/scorecard-action) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](dc50aa9510...62b2cac7ed)

Updates `github/codeql-action` from 3.25.13 to 3.25.15
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2d790406f5...afb54ba388)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 05:59:57 -07:00
k8s-infra-cherrypick-robot
9ed5485745
Docs: Clarify from-to-www redirect direction. (#11692)
* docs: Clarify from-to-www redirect direction.

This was not clear to me when reading the docs whether the ingress will
redirect from non-www to with-www or the reverse. It's also not very
clear from just grepping around the codebase. I found the answer by
reading from this reddit link:

https://www.reddit.com/r/kubernetes/comments/pbl033/k8s_ingress_redirecting_www_to_nonwww_domains/

So, to save time for other people doing the same, which I assumes is a
lot of people since it's a common scenario, this little revision in the
docs is warranted.

* Docs: Implement suggestion.

---------

Co-authored-by: Chakrit Wichian <service@chakrit.net>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-29 02:55:09 -07:00
k8s-infra-cherrypick-robot
2c32bd026f
Bump the all group with 4 updates (#11676)
Bumps the all group with 4 updates: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [docker/login-action](https://github.com/docker/login-action) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `docker/setup-qemu-action` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](5927c834f5...49b3bc8e6b)

Updates `docker/setup-buildx-action` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](4fd812986e...aa33708b10)

Updates `docker/login-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](0d4c9c5ea7...9780b0c442)

Updates `github/codeql-action` from 3.25.12 to 3.25.13
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4fa2a79536...2d790406f5)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 17:24:14 +02:00
k8s-infra-cherrypick-robot
6fb9570ac7
Bump the all group with 2 updates (#11674)
* Bump the all group with 2 updates

Bumps the all group with 2 updates: [github.com/ncabatoff/process-exporter](https://github.com/ncabatoff/process-exporter) and [k8s.io/component-base](https://github.com/kubernetes/component-base).

Updates `github.com/ncabatoff/process-exporter` from 0.8.2 to 0.8.3
- [Release notes](https://github.com/ncabatoff/process-exporter/releases)
- [Changelog](https://github.com/ncabatoff/process-exporter/blob/master/cloudbuild.release.yaml)
- [Commits](https://github.com/ncabatoff/process-exporter/compare/v0.8.2...v0.8.3)

Updates `k8s.io/component-base` from 0.30.2 to 0.30.3
- [Commits](https://github.com/kubernetes/component-base/compare/v0.30.2...v0.30.3)

* Metrics/Process: Adapt to API change in `ncabatoff/process-exporter`.

---------

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-22 07:26:25 -07:00
k8s-infra-cherrypick-robot
d1adb0de3f
added real-client-ip faq (#11665)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-07-21 09:54:37 -07:00
Marco Ebert
eed43af7e3
Docs: Format NGINX configuration table. (#11660) 2024-07-21 16:15:22 +02:00
Marco Ebert
6569d0f073
Release controller v1.10.3 & chart v4.10.3. (#11651) 2024-07-18 11:40:22 -07:00
Marco Ebert
a52c90027b
Images: Trigger controller v1.10.3 build. (#11648) 2024-07-18 16:06:08 +02:00
k8s-infra-cherrypick-robot
f03baa3c88
Tests: Bump test-runner to v20240717-1fe74b5f. (#11646)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-18 06:11:07 -07:00
k8s-infra-cherrypick-robot
f68f050d09
Images: Re-run test-runner build. (#11643)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-18 03:02:12 -07:00
k8s-infra-cherrypick-robot
ff64e1b306
Images: Trigger test-runner build. (#11639)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-18 02:58:04 -07:00
k8s-infra-cherrypick-robot
82e59ecc38
Images: Bump NGINX_BASE to v0.0.10. (#11637)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-18 00:35:34 -07:00
k8s-infra-cherrypick-robot
b14d04725e
Images: Trigger NGINX build. (#11631)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-17 14:52:13 -07:00
k8s-infra-cherrypick-robot
4aad186ba2
bump testing runner (#11626)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-07-16 22:19:07 -07:00
Marco Ebert
52aceaa71b
Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11622)
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.54.0 to 0.55.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](https://github.com/prometheus/common/compare/v0.54.0...v0.55.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Go: Fix build.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-16 08:39:55 -07:00
k8s-infra-cherrypick-robot
bf259d3dba
remove modsecurity coreruleset test files from nginx image (#11619)
Co-authored-by: zeeZ <zeeZ@users.noreply.github.com>
2024-07-16 07:29:00 -07:00
k8s-infra-cherrypick-robot
b60945a4ab
unskip the ocsp tests and update images to fix cfssl bug (#11615)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-07-16 01:24:46 -07:00
k8s-infra-cherrypick-robot
3931896894
Bump the all group with 5 updates (#11613)
Bumps the all group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go) | `5.0.1` | `5.0.2` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5.1.0` | `5.1.1` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.3` | `4.3.4` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.11` | `3.25.12` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.23.0` | `0.24.0` |

Updates `actions/setup-go` from 5.0.1 to 5.0.2
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](cdcb360436...0a12ed9d6a)

Updates `actions/setup-python` from 5.1.0 to 5.1.1
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](82c7e631bb...39cd14951b)

Updates `actions/dependency-review-action` from 4.3.3 to 4.3.4
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](72eb03d02c...5a2ce3f5b9)

Updates `github/codeql-action` from 3.25.11 to 3.25.12
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b611370bb5...4fa2a79536)

Updates `aquasecurity/trivy-action` from 0.23.0 to 0.24.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](7c2007bcb5...6e7b7d1fd3)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-15 08:59:10 -07:00
k8s-infra-cherrypick-robot
514b10231f
Fix indent in YAML for example pod (#11609)
Co-authored-by: apiwat-chantawibul <billiska@gmail.com>
2024-07-12 00:53:21 -07:00
k8s-infra-cherrypick-robot
720ace11ef
Images: Bump test-runner. (#11604)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-11 08:04:02 -07:00
k8s-infra-cherrypick-robot
5350b31a43
Images: Bump NGINX_BASE to v0.0.9. (#11601)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-11 07:47:50 -07:00
k8s-infra-cherrypick-robot
167963ad76
revert module upgrade (#11595)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-07-10 19:57:39 -07:00
Marco Ebert
59d229063a
README: Fix support matrix. (#11593) 2024-07-10 11:50:29 +02:00
k8s-infra-cherrypick-robot
18735f0896
Mage: Stop mutating release notes. (#11582)
* Mage: Implement static check recommendations.

* Mage: Stop mutating release notes.

---------

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-08 12:52:55 -07:00
k8s-infra-cherrypick-robot
0300cb2214
Images: Bump kube-webhook-certgen. (#11583)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-08 12:37:55 -07:00
k8s-infra-cherrypick-robot
d10c13e8e9
Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11579)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/crypto/compare/v0.24.0...v0.25.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-08 12:35:22 -07:00
k8s-infra-cherrypick-robot
3be3826f06
Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11577)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.65.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.64.0...v1.65.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-08 12:32:49 -07:00
k8s-infra-cherrypick-robot
661f78f6c2
Bump the all group with 4 updates (#11574)
Bumps the all group with 4 updates: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact).

Updates `docker/setup-qemu-action` from 3.0.0 to 3.1.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](68827325e0...5927c834f5)

Updates `docker/setup-buildx-action` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](d70bba72b1...4fd812986e)

Updates `actions/upload-artifact` from 4.3.3 to 4.3.4
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](65462800fd...0b2256b8c0)

Updates `actions/download-artifact` from 4.1.7 to 4.1.8
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](65a9edc588...fa0a91b85d)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-08 12:30:20 -07:00
James Strong
fa6bae0df2
Merge pull request #11565 from strongjz/release-1.10.2
Release 1.10.2
2024-07-08 14:11:16 -04:00
James Strong
9b0d42b684
Update charts/ingress-nginx/changelog/helm-chart-4.10.2.md
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-08 14:03:45 -04:00
James Strong
4a1e939f49 Update readme
Signed-off-by: James Strong <strong.james.e@gmail.com>
2024-07-06 15:19:57 -04:00
James Strong
7641fa9ce2 Release notes for 1.10.2
Signed-off-by: James Strong <strong.james.e@gmail.com>
2024-07-06 15:19:02 -04:00
James Strong
ccc77e2c6d
Merge pull request #11560 from strongjz/release-1.10.2
bumping 1.10.2 version
2024-07-04 16:22:00 -04:00
James Strong
437024a84c bumping 1.10.2 version
Signed-off-by: James Strong <strong.james.e@gmail.com>
2024-07-04 13:47:41 -04:00
k8s-infra-cherrypick-robot
fa662742ea
update test runner to latest build (#11557)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-07-04 01:01:41 -07:00
k8s-infra-cherrypick-robot
88ad22449d
add k8s 1.30 to ci build (#11553)
* add k8s 1.30 to ci build

Signed-off-by: James Strong <strong.james.e@gmail.com>

* force all ci to run on workflow dispatch

Signed-off-by: James Strong <strong.james.e@gmail.com>

* correct the 1.30 version

Signed-off-by: James Strong <strong.james.e@gmail.com>

* Update .github/workflows/ci.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-03 23:25:32 -07:00
k8s-infra-cherrypick-robot
41f7a75151
update test runner go base to 3.20 (#11550)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-07-03 14:31:05 -07:00
k8s-infra-cherrypick-robot
a0a93532f1
tag new test runner image with new nginx base 0.0.8 (#11549)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-07-03 14:21:51 -07:00
k8s-infra-cherrypick-robot
3742eaafbd
bump NGINX_BASE to v0.0.8 (#11543)
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
2024-07-03 23:09:56 +02:00
k8s-infra-cherrypick-robot
477940af10
trigger build for NGINX-1.25 v0.0.8 (#11542)
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
2024-07-03 23:09:36 +02:00
k8s-infra-cherrypick-robot
96610e143b
Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11548)
Signed-off-by: jessebot <jessebot@linux.com>
Co-authored-by: jessebot <jessebot@linux.com>
2024-07-03 14:05:35 -07:00
k8s-infra-cherrypick-robot
c53a951975
[feature] bump nginx to 1.25.5 and add http3 module (#11541)
* bump nginx to 1.25.5, add http3 module, and update lua-stream, lua_ngx, mimaloc, opentelemetry_cpp, opentelemetry_proto and opentelemtry_contrib

Signed-off-by: Stepan Paksashvili <stepan.paksashvili@flant.com>

* revert opentelemetry and owasp updates

Signed-off-by: Stepan Paksashvili <stepan.paksashvili@flant.com>

---------

Signed-off-by: Stepan Paksashvili <stepan.paksashvili@flant.com>
Co-authored-by: Stepan Paksashvili <stepan.paksashvili@flant.com>
2024-07-03 00:11:25 -07:00
k8s-infra-cherrypick-robot
742c620520
add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11534)
* feat: add ssl patches for coroutines to work in lua ssl blocks

Signed-off-by: Jon Carl <grounded042@joncarl.com>

* switch to include more patches

Signed-off-by: Jon Carl <grounded042@joncarl.com>

---------

Signed-off-by: Jon Carl <grounded042@joncarl.com>
Co-authored-by: Jon Carl <grounded042@joncarl.com>
2024-07-02 09:58:54 -07:00
k8s-infra-cherrypick-robot
5d3bcda0c2
bump alpine version to 3.20 to custom-error-pages (#11537)
Co-authored-by: Olivier Wenger <olivier.wenger@liip.ch>
2024-07-02 08:51:59 -07:00
k8s-infra-cherrypick-robot
88494aa11d
fix: Ensure changes in MatchCN annotation are detected (#11528)
Co-authored-by: Wouter Dullaert <wouter.dullaert@exoscale.ch>
2024-07-02 01:03:58 -07:00
k8s-infra-cherrypick-robot
22fe1d4217
Docs: Add information about HTTP/3 support. (#11525)
* update README to add information about HTTP/3 support

Signed-off-by: Stepan Paksashvili <stepan.paksashvili@flant.com>

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* update README

Signed-off-by: Stepan Paksashvili <stepan.paksashvili@flant.com>

---------

Signed-off-by: Stepan Paksashvili <stepan.paksashvili@flant.com>
Co-authored-by: Stepan Paksashvili <stepan.paksashvili@flant.com>
Co-authored-by: Stepan Paksashvili <81509933+ipaqsa@users.noreply.github.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-01 14:01:02 +02:00
k8s-infra-cherrypick-robot
d540c2b042
Bump the all group with 2 updates (#11524)
Bumps the all group with 2 updates: [actions/add-to-project](https://github.com/actions/add-to-project) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `actions/add-to-project` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](9bfe908f2e...244f685bbc)

Updates `github/codeql-action` from 3.25.10 to 3.25.11
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](23acc5c183...b611370bb5)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 12:39:42 +02:00
k8s-infra-cherrypick-robot
1aa7c0c33c
Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11521)
Bumps the all group with 1 update: [k8s.io/klog/v2](https://github.com/kubernetes/klog).

Updates `k8s.io/klog/v2` from 2.130.0 to 2.130.1
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.130.0...v2.130.1)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 12:34:54 +02:00
k8s-infra-cherrypick-robot
292a17201b
Docs: Specify ingressClass for multi-controller setup. (#11520)
Co-authored-by: kiblik <5609770+kiblik@users.noreply.github.com>
2024-07-01 11:14:23 +02:00
k8s-infra-cherrypick-robot
46c637ef26
Docs: Improve default certificate usage. (#11519)
Co-authored-by: Marco <62987024+marco-svitol@users.noreply.github.com>
2024-07-01 11:13:35 +02:00
k8s-infra-cherrypick-robot
bdbbbf1673
Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11501)
Bumps the all group with 1 update: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).

Updates `aquasecurity/trivy-action` from 0.22.0 to 0.23.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](595be6a0f6...7c2007bcb5)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 15:38:28 +02:00
k8s-infra-cherrypick-robot
e5989790fa
docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11500)
Co-authored-by: adzinzhalifunnas <adzinzhalifunnas@gmail.com>
2024-06-24 15:37:50 +02:00
k8s-infra-cherrypick-robot
f00aeea08e
Update getting-started.md with new prerequisites (#11487)
Co-authored-by: g1franc <guillaume.francois55@gmail.com>
2024-06-19 06:02:41 -07:00
Marco Ebert
8acccfa5df
Fix boolean configuration (#11484)
Co-authored-by: Yoofi Quansah <ybquansah@gmail.com>
2024-06-18 10:31:38 -07:00
k8s-infra-cherrypick-robot
efde9812a5
Chores: Align security contacts & chart maintainers to actual owners. (#11480)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-06-17 08:05:50 -07:00
k8s-infra-cherrypick-robot
c268ceeaed
Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11479)
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.120.1 to 2.130.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.120.1...v2.130.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 06:44:55 -07:00
k8s-infra-cherrypick-robot
1827dcd86a
Bump the all group with 3 updates (#11478)
Bumps the all group with 3 updates: [github.com/opencontainers/runc](https://github.com/opencontainers/runc), [github.com/spf13/cobra](https://github.com/spf13/cobra) and [k8s.io/component-base](https://github.com/kubernetes/component-base).

Updates `github.com/opencontainers/runc` from 1.1.12 to 1.1.13
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.13)

Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1)

Updates `k8s.io/component-base` from 0.30.1 to 0.30.2
- [Commits](https://github.com/kubernetes/component-base/compare/v0.30.1...v0.30.2)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 05:21:13 -07:00
k8s-infra-cherrypick-robot
75900979dd
Bump the all group with 2 updates (#11477)
Bumps the all group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](a5ac7e51b4...692973e3d9)

Updates `github/codeql-action` from 3.25.8 to 3.25.10
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2e230e8fe0...23acc5c183)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 04:13:26 -07:00
k8s-infra-cherrypick-robot
df81496a80
Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11471)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.23.0 to 0.24.0.
- [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-15 10:43:28 -07:00
k8s-infra-cherrypick-robot
6f87f257e5
CI: Bump forgotten Ginkgo versions. (#11469)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-06-15 08:39:29 -07:00
Marco Ebert
c36c8dee26
Tests: Replace deprecated grpc.Dial by grpc.NewClient. (#11468) 2024-06-15 03:07:27 -07:00
k8s-infra-cherrypick-robot
d6dad98091
Owners: Promote Gacko to admin. (#11464)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-06-14 10:48:22 -07:00
k8s-infra-cherrypick-robot
5c6af27dc9
fixed fastcgi userguide (#11455)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-06-12 01:23:15 -07:00
k8s-infra-cherrypick-robot
dd86317f9d
Remove unnecessary space character (#11451)
Co-authored-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>
2024-06-10 08:29:50 -07:00
k8s-infra-cherrypick-robot
304a7b4c64
Bump sigs.k8s.io/controller-runtime in the all group (#11449)
Bumps the all group with 1 update: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime).

Updates `sigs.k8s.io/controller-runtime` from 0.18.3 to 0.18.4
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.3...v0.18.4)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-10 08:20:46 -07:00
k8s-infra-cherrypick-robot
ff4a9ff36c
Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11447)
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.53.0 to 0.54.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](https://github.com/prometheus/common/compare/v0.53.0...v0.54.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-10 07:41:55 -07:00
k8s-infra-cherrypick-robot
a7b4a20a65
Bump the all group with 3 updates (#11450)
Bumps the all group with 3 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).

Updates `actions/dependency-review-action` from 4.3.2 to 4.3.3
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](0c155c5e85...72eb03d02c)

Updates `github/codeql-action` from 3.25.7 to 3.25.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f079b84933...2e230e8fe0)

Updates `aquasecurity/trivy-action` from 0.21.0 to 0.22.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](fd25fed697...595be6a0f6)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-10 07:31:47 -07:00
k8s-infra-cherrypick-robot
7ed3aac270
Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11448)
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 5.1.0 to 6.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](5742e2a039...286f3b13b1)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-10 07:28:11 -07:00
k8s-infra-cherrypick-robot
1651900d8a
fix for docs issue 11432 (#11446)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-06-10 06:48:17 -07:00
k8s-infra-cherrypick-robot
ed22643d86
Update index.md (#11445)
add section about how to setup the proxy protocol for scaleway

Co-authored-by: Vadim Bauer <Bauer.vadim@gmail.com>
2024-06-10 06:45:40 -07:00
k8s-infra-cherrypick-robot
8f3968b396
upgrade to alpine 3.20 (#11438)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-06-10 02:39:04 -07:00
k8s-infra-cherrypick-robot
4d3a363caf
update golang to 1.22.4 (#11431)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-06-10 02:36:26 -07:00
k8s-infra-cherrypick-robot
9f4d0104dd
Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11422)
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.17.2 to 2.19.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.17.2...v2.19.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 06:40:52 -07:00
k8s-infra-cherrypick-robot
54e18fb2a1
Bump the all group with 2 updates (#11421)
Bumps the all group with 2 updates: [docker/login-action](https://github.com/docker/login-action) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `docker/login-action` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](e92390c5fb...0d4c9c5ea7)

Updates `github/codeql-action` from 3.25.6 to 3.25.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](9fdb3e4972...f079b84933)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 06:38:19 -07:00
k8s-infra-cherrypick-robot
c1d699afa4
Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11423)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.2 to 1.64.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.63.2...v1.64.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 06:32:50 -07:00
k8s-infra-cherrypick-robot
826e32cf0c
Adapt dashboards for Grafana 11 compatibility (#11414)
Co-authored-by: Roberto Devesa <15369573+Roberdvs@users.noreply.github.com>
2024-06-02 22:55:56 -07:00
k8s-infra-cherrypick-robot
9409bb15da
Rename variable to fix typo (#11413)
Co-authored-by: Andrea Scarpino <andrea@scarpino.dev>
2024-06-02 13:27:35 -07:00
k8s-infra-cherrypick-robot
f2959041e3
Fix helm install on cloud provider admonition block (#11412)
* Fix helm install on cloud provider admonition block

* Add missing admonition type.
* Format link to AWS LB controller.
* Add nested YAML code block for annotations example
* Add a couple of line breaks for breathing and structure

* Fix admonition block title

* Another try

* Should be nice now

---------

Co-authored-by: Jérémie Tarot <silopolis@gmail.com>
2024-06-02 12:25:34 -07:00
k8s-infra-cherrypick-robot
503843119c
edited helm-install tips (#11411)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-06-02 12:18:35 -07:00
k8s-infra-cherrypick-robot
0751a725fd
added info for aws helm install (#11410)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-06-02 12:09:22 -07:00
k8s-infra-cherrypick-robot
e2b3ac95a2
added multiplecontrollers-howto to faq (#11409)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-06-02 12:05:50 -07:00
k8s-infra-cherrypick-robot
b7f6f93334
removed tlsv1 & tlsv1.1 (#11408)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-06-02 11:52:07 -07:00
k8s-infra-cherrypick-robot
18cfd1daac
Bump the all group across 1 directory with 6 updates (#11407)
Bumps the all group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.1.4` | `4.1.6` |
| [dorny/test-reporter](https://github.com/dorny/test-reporter) | `1.9.0` | `1.9.1` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `5.0.0` | `5.1.0` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.3.3` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.3` | `3.25.6` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.19.0` | `0.21.0` |

Updates `actions/checkout` from 4.1.4 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](0ad4b8fada...a5ac7e51b4)

Updates `dorny/test-reporter` from 1.9.0 to 1.9.1
- [Release notes](https://github.com/dorny/test-reporter/releases)
- [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md)
- [Commits](c40d89d5e9...31a54ee7eb)

Updates `goreleaser/goreleaser-action` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](7ec5c2b0c6...5742e2a039)

Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](0864cf1902...dc50aa9510)

Updates `github/codeql-action` from 3.25.3 to 3.25.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](d39d31e687...9fdb3e4972)

Updates `aquasecurity/trivy-action` from 0.19.0 to 0.21.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](d710430a67...fd25fed697)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-02 10:47:32 -07:00
k8s-infra-cherrypick-robot
db3990d557
Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11406)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5.3.0 to 6.0.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](38e1018663...a4f60bb28d)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-02 10:40:43 -07:00
Marco Ebert
047fa58e26
Docs: Remove opentracing and zipkin from docs (#11405)
Co-authored-by: Lucas Andrade Flores <lcs.oliveira93@gmail.com>
2024-06-02 10:38:19 -07:00
k8s-infra-cherrypick-robot
7520982b4e
Bump the all group with 3 updates (#11404)
Bumps the all group with 3 updates: [actions/setup-go](https://github.com/actions/setup-go), [actions/dependency-review-action](https://github.com/actions/dependency-review-action) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action).

Updates `actions/setup-go` from 5.0.0 to 5.0.1
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](0c52d547c9...cdcb360436)

Updates `actions/dependency-review-action` from 4.2.5 to 4.3.2
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](5bbc3ba658...0c155c5e85)

Updates `golangci/golangci-lint-action` from 5.0.0 to 5.3.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](82d40c283a...38e1018663)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-31 09:20:28 -07:00
k8s-infra-cherrypick-robot
075ce7c13c
Bump Kubernetes version on images (#11403)
Co-authored-by: Ricardo Katz <ricardo.katz@gmail.com>
2024-05-31 09:11:06 -07:00
k8s-infra-cherrypick-robot
fa9ab5c27f
Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11402)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](3cfe3a4abb...82d40c283a)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-31 06:01:12 -07:00
Marco Ebert
49d79b13f0
Go: Sync modules from main. (#11398) 2024-05-31 05:37:25 -07:00
k8s-infra-cherrypick-robot
ac94566196
Bump the all group with 4 updates (#11380)
Bumps the all group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `actions/checkout` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](1d96c772d1...0ad4b8fada)

Updates `actions/upload-artifact` from 4.3.2 to 4.3.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](1746f4ab65...65462800fd)

Updates `actions/download-artifact` from 4.1.5 to 4.1.7
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](8caf195ad4...65a9edc588)

Updates `github/codeql-action` from 3.25.1 to 3.25.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c7f9125735...d39d31e687)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 10:25:36 -07:00
James Strong
4bf5b5f156
Merge pull request #11318 from strongjz/helm-workflow
Helm workflow fix position of options
2024-04-26 10:01:58 -04:00
James Strong
5d6a0707ba sfix position of options 2024-04-26 09:46:12 -04:00
James Strong
1e2e5e182e
add workflow to helm release and update ct for branch (#11317)
Signed-off-by: James Strong <strong.james.e@gmail.com>
2024-04-26 06:34:17 -07:00
James Strong
66d4815bdd
Merge pull request #11277 from strongjz/chart-1.10.1 (#11314)
release chart 4.10.1
2024-04-25 08:08:56 -07:00
James Strong
d643824e6d
Merge pull request #11310 from k8s-infra-cherrypick-robot/cherry-pick-11309-to-release-1.10
fix git ref error in helm release ci
2024-04-24 10:36:38 -04:00
James Strong
f3139368c7 fix ref error
Signed-off-by: James Strong <strong.james.e@gmail.com>
2024-04-24 14:30:42 +00:00
James Strong
d768e7da3c
Merge pull request #11308 from strongjz/fix-helm-4.10.1
revert chart 4.10.1
2024-04-24 10:11:45 -04:00
k8s-infra-cherrypick-robot
6b06dae74e
Release Helm Chart on branch update (#11306)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-04-24 07:05:26 -07:00
James Strong
01443c06cb Revert "Merge pull request #11277 from strongjz/chart-1.10.1"
This reverts commit 5ed84026fb, reversing
changes made to 427d275dce.
2024-04-24 10:04:40 -04:00
k8s-infra-cherrypick-robot
ae0715edfd
Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11301)
Bumps [k8s.io/component-base](https://github.com/kubernetes/component-base) from 0.29.3 to 0.30.0.
- [Commits](https://github.com/kubernetes/component-base/compare/v0.29.3...v0.30.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-23 14:23:12 -07:00
k8s-infra-cherrypick-robot
ad56693997
Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11300)
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.52.3 to 0.53.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.52.3...v0.53.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-23 14:20:35 -07:00
James Strong
5ed84026fb
Merge pull request #11277 from strongjz/chart-1.10.1
release chart 4.10.1
2024-04-23 11:34:34 -04:00
James Strong
427d275dce
Merge pull request #11297 from k8s-infra-cherrypick-robot/cherry-pick-11296-to-release-1.10
Fix function name in comment
2024-04-23 10:15:11 -04:00
James Strong
86ad4bf511
Merge pull request #11299 from k8s-infra-cherrypick-robot/cherry-pick-11292-to-release-1.10
Bump the all group with 5 updates
2024-04-23 10:14:58 -04:00
k8s-infra-cherrypick-robot
ce4f962a45
Release controller 1.10.1 (#11298)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-04-23 06:53:21 -07:00
dependabot[bot]
0a7fe6d4ed Bump the all group with 5 updates
Bumps the all group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.1.2` | `4.1.3` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.1` | `4.3.2` |
| [azure/setup-helm](https://github.com/azure/setup-helm) | `4.1.0` | `4.2.0` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.4` | `4.1.5` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.24.10` | `3.25.1` |

Updates `actions/checkout` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](9bb56186c3...1d96c772d1)

Updates `actions/upload-artifact` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](5d5d22a312...1746f4ab65)

Updates `azure/setup-helm` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](b7246b12e7...fe7b79cd5e)

Updates `actions/download-artifact` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](c850b930e6...8caf195ad4)

Updates `github/codeql-action` from 3.24.10 to 3.25.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4355270be1...c7f9125735)
2024-04-23 13:49:50 +00:00
James Strong
bcb5249ea7
Merge branch 'release-1.10' into chart-1.10.1 2024-04-23 09:38:48 -04:00
cuiyourong
a4e5daebec Fix function name in comment
Signed-off-by: cuiyourong <cuiyourong@gmail.com>
2024-04-23 11:28:01 +00:00
k8s-infra-cherrypick-robot
1a7f674422
fix path in file changed detected message (#11286)
* fix path in file changed detected message

Signed-off-by: Tom Hayward <thayward@infoblox.com>

* fix typo in log message

* explain code per review comments

---------

Signed-off-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
2024-04-19 09:56:22 -07:00
k8s-infra-cherrypick-robot
6fbd58353f
Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11285)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-19 08:23:40 -07:00
k8s-infra-cherrypick-robot
5ad073b96c
Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11284)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-19 06:51:47 -07:00
k8s-infra-cherrypick-robot
c5ffbd3cf5
chore: fix function names in comment (#11281)
Signed-off-by: racequite <quiterace@gmail.com>
Co-authored-by: racequite <quiterace@gmail.com>
2024-04-19 03:23:40 -07:00
k8s-infra-cherrypick-robot
213b723d81
fix: update kube version requirement to 1.21 (#11279)
The controller depends on the v1 version of EndpointSlice, but the discovery.k8s.io/v1 API was first introduced in Kubernetes version 1.21.

Co-authored-by: NierYYDS <141559828+NierYYDS@users.noreply.github.com>
2024-04-18 11:30:38 -07:00
k8s-infra-cherrypick-robot
755301d84c
release helm chart from release branch (#11278)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-04-18 10:09:09 -07:00
James Strong
2c48919a9c release chart 4.10.1
Signed-off-by: James Strong <strong.james.e@gmail.com>
2024-04-18 10:05:29 -04:00
k8s-infra-cherrypick-robot
f8f6c5dcf6
Bump the all group with 2 updates (#11266)
Bumps the all group with 2 updates: [github.com/prometheus/common](https://github.com/prometheus/common) and [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime).

Updates `github.com/prometheus/common` from 0.52.2 to 0.52.3
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.52.2...v0.52.3)

Updates `sigs.k8s.io/controller-runtime` from 0.17.2 to 0.17.3
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.2...v0.17.3)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 13:21:47 -07:00
k8s-infra-cherrypick-robot
f14c3f3ada
Bump azure/setup-helm from 3.5 to 4 (#11265)
Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.5 to 4.
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](5119fcb908...b7246b12e7)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 08:09:51 -07:00
k8s-infra-cherrypick-robot
d00ff4e50e
Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11264)
Bumps the all group with 1 update: [actions/add-to-project](https://github.com/actions/add-to-project).

Updates `actions/add-to-project` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](2e5cc851ca...9bfe908f2e)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 08:07:09 -07:00
James Strong
4fb5aac1dd
start 1.10.1 build (#11246)
Signed-off-by: James Strong <strong.james.e@gmail.com>
2024-04-10 10:58:23 -07:00
k8s-infra-cherrypick-robot
6879b6644e
force nginx rebuild (#11245)
* force nginx rebuild

Signed-off-by: James Strong <strong.james.e@gmail.com>

* update test image and go version

Signed-off-by: James Strong <strong.james.e@gmail.com>

---------

Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-04-10 08:17:48 -07:00
k8s-infra-cherrypick-robot
4b3116dc6a
update k8s version to latest kind release (#11241)
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-04-09 12:40:27 -07:00
k8s-infra-cherrypick-robot
a5fe09e80e
remove _ssl_expire_time_seconds metric by identifier (#11239)
Signed-off-by: xiayu.lyt <xiayu.lyt@alibaba-inc.com>
Co-authored-by: xiayu.lyt <xiayu.lyt@alibaba-inc.com>
2024-04-09 04:20:34 -07:00
k8s-infra-cherrypick-robot
d44e727fb3
Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11238)
Signed-off-by: 遐宇 <xiayu.lyt@alibaba-inc.com>
Co-authored-by: 遐宇 <xiayu.lyt@alibaba-inc.com>
2024-04-09 03:10:58 -07:00
k8s-infra-cherrypick-robot
7fc7410368
Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11234)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.1 to 1.63.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.1...v1.63.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 06:26:30 -07:00
k8s-infra-cherrypick-robot
93d228bdb9
Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11233)
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.51.1 to 0.52.2.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.51.1...v0.52.2)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 06:24:19 -07:00
k8s-infra-cherrypick-robot
c855617a4f
Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11232)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.22.0)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 05:26:43 -07:00
k8s-infra-cherrypick-robot
e9b921a6c7
Bump github.com/prometheus/client_model in the all group (#11231)
Bumps the all group with 1 update: [github.com/prometheus/client_model](https://github.com/prometheus/client_model).

Updates `github.com/prometheus/client_model` from 0.6.0 to 0.6.1
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](https://github.com/prometheus/client_model/compare/v0.6.0...v0.6.1)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 05:23:57 -07:00
k8s-infra-cherrypick-robot
1468f203a0
Bump the all group with 3 updates (#11230)
Bumps the all group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [dorny/test-reporter](https://github.com/dorny/test-reporter) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `docker/setup-buildx-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](2b51285047...d70bba72b1)

Updates `dorny/test-reporter` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/dorny/test-reporter/releases)
- [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md)
- [Commits](eaa763f6ff...c40d89d5e9)

Updates `github/codeql-action` from 3.24.9 to 3.24.10
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1b1aada464...4355270be1)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 03:56:43 -07:00
k8s-infra-cherrypick-robot
941a00c0aa
update post submit helm ci and clean up (#11221)
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
2024-04-05 18:55:04 -07:00
Marco Ebert
84020427b1
Chart: Add unit tests for default backend & topology spread constraints. (#11219) 2024-04-05 15:48:15 -07:00
k8s-infra-cherrypick-robot
eab36bb868
sort default backend hpa metrics (#11217)
Co-authored-by: Jozef Halgas <halgasj@gmail.com>
2024-04-05 13:33:33 -07:00
k8s-infra-cherrypick-robot
42284d1e73
updated certgen image shatag (#11216)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-04-05 12:03:24 -07:00
k8s-infra-cherrypick-robot
ba809fab7e
changed testrunner image sha (#11211)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-04-05 04:05:27 -07:00
k8s-infra-cherrypick-robot
6a1e1fa2c5
bumped certgeimage tag (#11213)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-04-05 03:39:57 -07:00
k8s-infra-cherrypick-robot
c99c94c8df
updated baseimage & deleted a useless file (#11209)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-04-05 02:47:27 -07:00
James Strong
33504cf2e6
Merge pull request #11203 from k8s-infra-cherrypick-robot/cherry-pick-11165-to-release-1.10
Owners: Promote Gacko to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`.
2024-04-04 11:47:17 -04:00
k8s-infra-cherrypick-robot
436df3e4a2
bump ginkgo to 2-17-1 in testrunner (#11204)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-04-04 08:47:05 -07:00
k8s-infra-cherrypick-robot
fa9e4fb423
chunking related faq update (#11205)
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-04-04 08:24:30 -07:00
Marco Ebert
218fae6c2c Owners: Promote myself to ingress-nginx-maintainers & ingress-nginx-reviewers. 2024-04-04 15:01:47 +00:00
Marco Ebert
9835f4a5b1 Owners: Remove members from aliases covered by other aliases.
ingress-nginx-helm-maintainers:
- cpanato: Covered by ingress-nginx-maintainers
- strongjz: Covered by ingress-nginx-maintainers

ingress-nginx-helm-reviewers:
- cpanato: Covered by ingress-nginx-reviewers
- strongjz: Covered by ingress-nginx-reviewers

ingress-nginx-docs-maintainers:
- tao12345666333: Covered by ingress-nginx-maintainers
2024-04-04 15:01:47 +00:00
Marco Ebert
4ab8ee0512 Images: Remove global owners from kube-webhook-certgen owners. 2024-04-04 15:01:47 +00:00
Marco Ebert
b44f3d248b Images: Remove owners as it's identical to global owners. 2024-04-04 15:01:47 +00:00
Marco Ebert
e380c5f321 Owners: Update URL in aliases. 2024-04-04 15:01:47 +00:00
Marco Ebert
4c24deeefc Owners: Sort ingress-nginx-maintainers & ingress-nginx-reviewers. 2024-04-04 15:01:47 +00:00
k8s-infra-cherrypick-robot
30b7d16af2
Fix-semver (#11199)
Co-authored-by: Karol Kieglerski <karol.kieglerski@dynatrace.com>
2024-04-04 07:27:48 -07:00
k8s-infra-cherrypick-robot
ef2b2668de
Bump the all group with 2 updates (#11190)
Bumps the all group with 2 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).

Updates `actions/dependency-review-action` from 4.2.4 to 4.2.5
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](733dd5d4a5...5bbc3ba658)

Updates `aquasecurity/trivy-action` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](062f259268...d710430a67)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-01 23:33:14 -07:00
k8s-infra-cherrypick-robot
5926ebe73d
Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11189)
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.1 to 1.0.0.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](1b844f0c5a...2e5cc851ca)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-01 12:04:58 -07:00
k8s-infra-cherrypick-robot
97921626f9
refactor helm ci tests part I (#11188)
* refactor helm ci tests part I

Signed-off-by: cpanato <ctadeu@gmail.com>

* update indentation

Signed-off-by: cpanato <ctadeu@gmail.com>

* fix path

Signed-off-by: cpanato <ctadeu@gmail.com>

* more updates

Signed-off-by: cpanato <ctadeu@gmail.com>

* add helm-lint job

Signed-off-by: cpanato <ctadeu@gmail.com>

---------

Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
2024-04-01 05:33:33 -07:00
k8s-infra-cherrypick-robot
e09f96ef56
Proposal: e2e tests for regex patterns (#11185)
* tests(path): proposal: e2e tests for regex patterns

* gofumpt

* gofumpt

---------

Co-authored-by: Matheus Fidelis <matheus@nanoshots.com.br>
2024-04-01 05:15:34 -07:00
k8s-infra-cherrypick-robot
506a02f750
bump ginkgo to v2.17.1 (#11186)
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: cpanato <ctadeu@gmail.com>
2024-04-01 05:11:33 -07:00
k8s-infra-cherrypick-robot
48069d3d12
fixes brotli build issue (#11187)
Co-authored-by: u5surf <u5.horie@gmail.com>
2024-04-01 04:19:33 -07:00
k8s-infra-cherrypick-robot
aa947f5bd4
Bump the all group with 3 updates (#11166)
Bumps the all group with 3 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [actions/add-to-project](https://github.com/actions/add-to-project) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `actions/dependency-review-action` from 4.1.3 to 4.2.4
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](9129d7d40b...733dd5d4a5)

Updates `actions/add-to-project` from 0.6.0 to 0.6.1
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](0609a2702e...1b844f0c5a)

Updates `github/codeql-action` from 3.24.7 to 3.24.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3ab4101902...1b1aada464)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-26 04:43:19 -07:00
k8s-infra-cherrypick-robot
8cd7ff8754
Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11160)
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.50.0 to 0.51.1.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.50.0...v0.51.1)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-25 06:29:45 -07:00
k8s-infra-cherrypick-robot
3230e4abbc
fix geoip2 configuration docs (#11151)
Co-authored-by: dVerhees <30548963+dVerhees@users.noreply.github.com>
2024-03-24 16:42:21 -07:00
k8s-infra-cherrypick-robot
13f8b28251
Bump the all group with 4 updates (#11140)
Bumps the all group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [docker/login-action](https://github.com/docker/login-action) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](b4ffde65f4...9bb56186c3)

Updates `docker/setup-buildx-action` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](0d103c3126...2b51285047)

Updates `docker/login-action` from 3.0.0 to 3.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](343f7c4344...e92390c5fb)

Updates `github/codeql-action` from 3.24.6 to 3.24.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8a470fddaf...3ab4101902)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-19 14:53:20 -07:00
k8s-infra-cherrypick-robot
574ae2e3a6
Bump the all group with 1 update (#11136)
Bumps the all group with 1 update: [k8s.io/component-base](https://github.com/kubernetes/component-base).

Updates `k8s.io/component-base` from 0.29.2 to 0.29.3
- [Commits](https://github.com/kubernetes/component-base/compare/v0.29.2...v0.29.3)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 06:42:46 -07:00
k8s-infra-cherrypick-robot
dbb267036f
Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11127)
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-14 14:45:06 -07:00
Marco Ebert
4f530225e5
Fix typos in OTel doc (#11081) (#11129)
Co-authored-by: Robert Ma <bob1211@gmail.com>
2024-03-14 09:21:29 -07:00
k8s-infra-cherrypick-robot
c7d42b95d7
Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11128)
Bumps google.golang.org/protobuf from 1.28.0 to 1.33.0.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-14 07:59:26 -07:00
k8s-infra-cherrypick-robot
02ca3e1b41
Chart: Render controller.ingressClassResource.parameters natively. (#11126)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-14 07:52:14 -07:00
k8s-infra-cherrypick-robot
9ef5800e42
Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11122)
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-14 00:45:49 -07:00
k8s-infra-cherrypick-robot
0f9df16424
Fix admission controller logging of admissionTime and testedConfigurationSize (#11114)
Co-authored-by: Luca Berneking <luca@berneking.net>
2024-03-12 11:08:59 -07:00
k8s-infra-cherrypick-robot
f118d67042
Chart: Align HPA & KEDA conditions. (#11113)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-12 08:06:30 -07:00
k8s-infra-cherrypick-robot
7f8bebeb88
Chart: Improve IngressClass documentation. (#11111)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-12 08:01:51 -07:00
k8s-infra-cherrypick-robot
2e08614265
Chart: Add Gacko to maintainers. Again. (#11112)
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-12 07:56:45 -07:00
k8s-infra-cherrypick-robot
cbf6d2a7f1
Chart: Deploy PodDisruptionBudget with KEDA. (#11105)
* feat: deploy PDB if Keda is enabled and the minimum amount of replicas is greater than 1

* feat: add the corresponding unit-test to check PDB deployment with Keda

* chore: rename the test of PDB to follow suggested pattern

* chore: update the test-case suite name to the new format

* Update charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

* Update charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Co-authored-by: ramonboorges@gmail.com <ramonboorges@gmail.com>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-03-11 15:37:04 -07:00
Marco Ebert
8d3d4a33bf
Chores: Pick patches from main. (#11103)
* Release version v1.10.0

* set deploy url to v1-10-0 in docs

* quotes around numbers fort ports definitions

* Bump dorny/paths-filter from 3.0.1 to 3.0.2

Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](ebc4d7e9eb...de90cc6fb3)

---
updated-dependencies:
- dependency-name: dorny/paths-filter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

* Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](84384bd6e7...062f259268)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump github/codeql-action from 3.24.5 to 3.24.6

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](47b3d888fe...8a470fddaf)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

* Bump github.com/prometheus/common from 0.48.0 to 0.49.0

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.49.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.49.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](f95db51fdd...0d103c3126)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump actions/download-artifact from 4.1.2 to 4.1.4

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.2 to 4.1.4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](eaceaf801f...c850b930e6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

* Update README.md

remove older version, left latest for release train.

* docs: update the 404 link to FAQ

* bump golang

* golangci-lint update, ci cleanup, group dependabot updates

* bump golangci-lint to v1.56.x

* cleanup empty lines

* group dependabot updates

* run on job changes as well

* remove deprecated checks

* fix lints and format

* Bump github.com/prometheus/common from 0.49.0 to 0.50.0

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.49.0 to 0.50.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.49.0...v0.50.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump the all group with 1 update

Bumps the all group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go).

Updates `google.golang.org/grpc` from 1.62.0 to 1.62.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

* Bump the all group with 1 update

Bumps the all group with 1 update: [actions/add-to-project](https://github.com/actions/add-to-project).

Updates `actions/add-to-project` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](31b3f3ccdc...0609a2702e)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

* Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.15.0 to 2.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.15.0...v2.16.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

---------

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
Co-authored-by: Bartosz Fenski <fenio@debian.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Grinish <grinish@gmail.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
2024-03-11 14:30:46 -07:00
Ricardo Katz
71f78d49f0
Start the release of v1.10.0 (#11038) 2024-02-28 13:13:08 -08:00
349 changed files with 5677 additions and 5966 deletions

View file

@ -37,7 +37,7 @@ This questions are the first thing we need to know to understand the context.
<!-- What do you think went wrong? -->
**NGINX Ingress controller version** (exec into the pod and run `/nginx-ingress-controller --version`):
**NGINX Ingress controller version** (exec into the pod and run nginx-ingress-controller --version.):
<!--
POD_NAMESPACE=ingress-nginx
POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')

View file

@ -5,6 +5,7 @@ title: ''
labels: kind/bug
assignees:
- Gacko
- rikatz
- strongjz
---

View file

@ -23,7 +23,7 @@ jobs:
steps:
- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: 3.x
@ -31,12 +31,12 @@ jobs:
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
- name: Set up Helm Chart Testing
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Set up Artifact Hub
run: |
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.20.0/ah_1.20.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
echo "9027626f19ff9f3ac668f222917130ac885e289e922e1428bfd2e7f066324e31 /tmp/ah.tar.gz" | shasum --check
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check
sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
- name: Set up Git
@ -45,7 +45,7 @@ jobs:
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0
@ -55,7 +55,7 @@ jobs:
ah lint --path charts/ingress-nginx
- name: Release chart
uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
env:
CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Version }}

View file

@ -47,7 +47,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
@ -71,22 +71,6 @@ jobs:
- 'images/nginx/**'
docs:
- '**/*.md'
lua:
- '**/*.lua'
lua-lint:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.lua == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Lint Lua
uses: lunarmodules/luacheck@v1
with:
args: --codes --globals lua_ingress --globals configuration --globals balancer --globals monitor --globals certificate --globals tcp_udp_configuration --globals tcp_udp_balancer --no-max-comment-line-length -q rootfs/etc/nginx/lua/
test-go:
runs-on: ubuntu-latest
@ -95,14 +79,14 @@ jobs:
(needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
@ -119,12 +103,12 @@ jobs:
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
@ -144,7 +128,7 @@ jobs:
PLATFORMS: linux/amd64
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Get go version
id: golangversion
@ -153,17 +137,17 @@ jobs:
- name: Set up Go
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ steps.golangversion.outputs.version }}
check-latest: true
- name: Set up QEMU
uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
with:
version: latest
@ -172,7 +156,7 @@ jobs:
- name: Prepare Host
run: |
curl -LO https://dl.k8s.io/release/v1.32.2/bin/linux/amd64/kubectl
curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
@ -202,7 +186,7 @@ jobs:
| gzip > docker.tar.gz
- name: cache
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
with:
name: docker.tar.gz
path: docker.tar.gz
@ -218,7 +202,7 @@ jobs:
steps:
- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: 3.x
@ -226,12 +210,12 @@ jobs:
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
- name: Set up Helm Chart Testing
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Set up Artifact Hub
run: |
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.20.0/ah_1.20.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
echo "9027626f19ff9f3ac668f222917130ac885e289e922e1428bfd2e7f066324e31 /tmp/ah.tar.gz" | shasum --check
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check
sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
- name: Set up Helm Docs
@ -241,7 +225,7 @@ jobs:
run: helm plugin install https://github.com/helm-unittest/helm-unittest
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0
@ -256,7 +240,7 @@ jobs:
git diff --exit-code charts/ingress-nginx/README.md
- name: Run tests
run: helm unittest charts/ingress-nginx --file "tests/**/*_test.yaml"
run: helm unittest charts/ingress-nginx
chart-test:
name: Chart / Test
@ -270,11 +254,11 @@ jobs:
strategy:
matrix:
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Download cache
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@ -301,11 +285,26 @@ jobs:
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
kubernetes-validations:
name: Kubernetes with Validations
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
variation: "VALIDATIONS"
kubernetes-chroot:
name: Kubernetes chroot
needs:
@ -315,7 +314,7 @@ jobs:
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}

View file

@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: 'Dependency Review'
uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4

View file

@ -23,7 +23,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
@ -47,7 +47,7 @@ jobs:
steps:
- name: Checkout master
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Deploy
uses: ./.github/actions/mkdocs

View file

@ -15,20 +15,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: golangci-lint
uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: v1.62
only-new-issues: true
version: v1.56

View file

@ -36,10 +36,11 @@ jobs:
kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }}
ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }}
nginx: ${{ steps.filter.outputs.nginx }}
opentelemetry: ${{ steps.filter.outputs.opentelemetry }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
@ -63,6 +64,8 @@ jobs:
- 'images/ext-auth-example-authsvc/**'
nginx:
- 'images/nginx/**'
opentelemetry:
- 'images/opentelemetry/**'
#### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here)
cfssl:
@ -135,17 +138,17 @@ jobs:
(needs.changes.outputs.kube-webhook-certgen == 'true')
strategy:
matrix:
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
@ -160,6 +163,23 @@ jobs:
run: |
cd images/ && make NAME=kube-webhook-certgen test test-e2e
opentelemetry:
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm,linux/arm64
needs: changes
if: |
(needs.changes.outputs.opentelemetry == 'true')
strategy:
matrix:
nginx: ['1.25.3', '1.21.6']
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: image build
run: |
cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build
nginx:
permissions:
contents: write
@ -172,12 +192,12 @@ jobs:
PLATFORMS: linux/amd64,linux/arm,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Set up QEMU
uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
with:
version: latest
platforms: ${{ env.PLATFORMS }}

View file

@ -19,7 +19,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Install K6
run: |

View file

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0
@ -20,31 +20,31 @@ jobs:
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: Run GoReleaser Snapshot
if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
with:
version: "~> v2"
version: latest
args: release --snapshot --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
with:
version: "~> v2"
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update new version in krew-index
if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: rajatjindal/krew-release-bot@3d9faef30a82761d610544f62afddca00993eef9 # v0.0.47
uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46
with:
krew_template_file: cmd/plugin/krew.yaml

View file

@ -27,7 +27,7 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
persist-credentials: false
@ -51,7 +51,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
with:
name: SARIF file
path: results.sarif
@ -59,6 +59,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
with:
sarif_file: results.sarif

View file

@ -13,7 +13,7 @@ jobs:
pull-requests: write
steps:
- uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
- uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
with:
stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."

View file

@ -22,7 +22,7 @@ jobs:
versions: ${{ steps.version.outputs.TAGS }}
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0
@ -52,7 +52,7 @@ jobs:
versions: ${{ fromJSON(needs.version.outputs.versions) }}
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- shell: bash
id: test
@ -60,7 +60,7 @@ jobs:
- name: Scan image with AquaSec/Trivy
id: scan
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
with:
image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
format: 'sarif'
@ -75,7 +75,7 @@ jobs:
# This step checks out a copy of your repository.
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
with:
token: ${{ github.token }}
# Path to SARIF file relative to the root of the repository

View file

@ -31,7 +31,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
@ -48,7 +48,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Build
run: |
@ -67,7 +67,7 @@ jobs:
PLATFORMS: ${{ inputs.platforms-publish }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0

View file

@ -20,7 +20,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: cache
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@ -43,13 +43,14 @@ jobs:
SKIP_CLUSTER_CREATION: true
SKIP_INGRESS_IMAGE_CREATION: true
SKIP_E2E_IMAGE_CREATION: true
ENABLE_VALIDATIONS: ${{ inputs.variation == 'VALIDATIONS' }}
IS_CHROOT: ${{ inputs.variation == 'CHROOT' }}
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports ${{ inputs.variation }}
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
if: success() || failure()
with:
name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }}

View file

@ -2,7 +2,6 @@ run:
timeout: 10m
allow-parallel-runners: true
issues:
# Maximum issues count per one linter. Set to 0 to disable. Default is 50.
max-issues-per-linter: 0
@ -23,6 +22,7 @@ linters:
- errcheck
- errchkjson
- errname
- execinquery
- ginkgolinter
- gocheckcompilerdirectives
- goconst
@ -227,6 +227,9 @@ linters-settings:
nolintlint:
# Enable to ensure that nolint directives are all used. Default is true.
allow-unused: false
# Disable to ensure that nolint directives don't have a leading space. Default is true.
# TODO(lint): Enforce machine-readable `nolint` directives
allow-leading-space: true
# Exclude following linters from requiring an explanation. Default is [].
allow-no-explanation: []
# Enable to require an explanation of nonzero length after each nolint directive. Default is false.

View file

@ -1,6 +1,6 @@
std = 'ngx_lua'
max_line_length = 100
exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua'}
exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua', './rootfs/etc/nginx/lua/plugins/**/test/**/*.lua'}
files["rootfs/etc/nginx/lua/lua_ingress.lua"] = {
ignore = { "122" },
-- TODO(elvinefendi) figure out why this does not work

View file

@ -1 +1 @@
1.23.6
1.22.8

View file

@ -93,7 +93,7 @@ Promoting the images basically means that images, that were pushed to staging co
```
...
pushing manifest for us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx/controller:v1.0.2@sha256:e15fac6e8474d77e1f017edc33d804ce72a184e3c0a30963b2a0d7f0b89f6b16
pushing manifest for gcr.io/k8s-staging-ingress-nginx/controller:v1.0.2@sha256:e15fac6e8474d77e1f017edc33d804ce72a184e3c0a30963b2a0d7f0b89f6b16
...
```
@ -113,7 +113,7 @@ Promoting the images basically means that images, that were pushed to staging co
- For making, it easier, you can edit your branch directly in the browser. But be careful about making any mistake.
- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before
- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before
- Save and commit

View file

@ -58,7 +58,7 @@ ifneq ($(PLATFORM),)
PLATFORM_FLAG="--platform"
endif
REGISTRY ?= us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx
REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
BASE_IMAGE ?= $(shell cat NGINX_BASE)
@ -110,7 +110,7 @@ clean-chroot-image: ## Removes local image
.PHONY: build
build: ## Build ingress controller, debug tool and pre-stop hook.
E2E_IMAGE=golang:$(GO_VERSION)-alpine3.21 USE_SHELL=/bin/sh build/run-in-docker.sh \
E2E_IMAGE=golang:$(GO_VERSION)-alpine3.20 USE_SHELL=/bin/sh build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \
PKG=$(PKG) \
ARCH=$(ARCH) \

View file

@ -325,9 +325,9 @@ minikube start
🐳 Preparing Kubernetes v1.23.3 on Docker 20.10.12 ...
▪ kubelet.housekeeping-interval=5m
🔎 Verifying Kubernetes components...
▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
▪ Using image registry.k8s.io/ingress-nginx/controller:v1.2.1
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.2.1
▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🔎 Verifying ingress addon...
🌟 Enabled addons: ingress, storage-provisioner, default-storageclass

View file

@ -1 +1 @@
registry.k8s.io/ingress-nginx/nginx:v2.0.0@sha256:3e7bda4cf5111d283ed1e4ff5cc9a2b5cdc5ebe62d50ba67473d3e25b1389133
registry.k8s.io/ingress-nginx/nginx:v0.1.0@sha256:87dcd5ed0206161b86f3767ccdc592716617481e3eac89bfc46ec515419c0b94

1
OWNERS
View file

@ -10,4 +10,3 @@ emeritus_approvers:
- aledbf # 2020-04-02
- bowei # 2022-10-12
- ElvinEfendi # 2023-04-23
- rikatz # 2024-12-15

View file

@ -1,17 +1,40 @@
# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
aliases:
sig-network-leads:
- caseydavenport
- dcbw
- thockin
ingress-nginx-admins:
- Gacko
- rikatz
- strongjz
ingress-nginx-maintainers:
- cpanato
- Gacko
- puerco
- rikatz
- strongjz
- tao12345666333
ingress-nginx-reviewers:
- cpanato
- Gacko
- puerco
- rikatz
- strongjz
- tao12345666333
ingress-nginx-helm-maintainers:
- ubergesundheit
ingress-nginx-helm-reviewers:
- ubergesundheit
ingress-nginx-docs-maintainers:
- longwuyuan
ingress-nginx-kube-webhook-certgen-reviewers:
- invidian

View file

@ -39,14 +39,6 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but
| Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version |
| :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ |
| 🔄 | **v1.12.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.21.0 | 1.25.5 | 4.12.0 |
| 🔄 | **v1.12.0-beta.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.20.3 | 1.25.5 | 4.12.0-beta.0 |
| 🔄 | **v1.11.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.11.4 |
| 🔄 | **v1.11.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.11.3 |
| 🔄 | **v1.11.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.2 |
| 🔄 | **v1.11.1** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.1 |
| 🔄 | **v1.11.0** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.0 |
| | **v1.10.6** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.10.6 |
| | **v1.10.5** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.10.5 |
| | **v1.10.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.4 |
| | **v1.10.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.3 |

View file

@ -10,4 +10,5 @@
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
# INSTRUCTIONS AT https://kubernetes.io/security/
Gacko
rikatz
strongjz

1
TAG Normal file
View file

@ -0,0 +1 @@
v1.10.5

View file

@ -64,7 +64,7 @@ echo "[dev-env] building image"
make build image
docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}"
export K8S_VERSION=${K8S_VERSION:-v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027}
export K8S_VERSION=${K8S_VERSION:-v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245}
KIND_CLUSTER_NAME="ingress-nginx-dev"

View file

@ -26,11 +26,14 @@ set -o nounset
set -o pipefail
# temporal directory for the /etc/ingress-controller directory
if [[ "$OSTYPE" == darwin* ]]; then
if [[ "$OSTYPE" == darwin* ]] && [[ "$RUNTIME" == podman ]]; then
mkdir -p "tmp"
INGRESS_VOLUME=$(pwd)/$(mktemp -d tmp/XXXXXX)
else
INGRESS_VOLUME=$(mktemp -d)
if [[ "$OSTYPE" == darwin* ]]; then
INGRESS_VOLUME=/private$INGRESS_VOLUME
fi
fi
# make sure directory for SSL cert storage exists under ingress volume
@ -41,7 +44,7 @@ function cleanup {
}
trap cleanup EXIT
E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441}
E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20241004-114a6abb@sha256:1389ec0589abbf5c431c9290c4c307437c8396995c63dda5eac26abd70963dc8}
if [[ "$RUNTIME" == podman ]]; then
# Podman does not support both tag and digest
@ -79,7 +82,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
echo "..reached DIND check TRUE block, inside run-in-docker.sh"
echo "FLAGS=$FLAGS"
#go env
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.22.2
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.20.2
find / -type f -name ginkgo 2>/dev/null
which ginkgo
/bin/bash -c "${FLAGS}"

View file

@ -1,92 +0,0 @@
# Changelog
### controller-v1.10.6
Images:
* registry.k8s.io/ingress-nginx/controller:v1.10.6@sha256:b6fbd102255edb3ba8e5421feebe14fd3e94cf53d199af9e40687f536152189c
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.6@sha256:44ceedafc0e04a75521b5d472c1b6b5cc08afb8038b5bbfd79c21d066ccf300e
### All changes:
* Images: Trigger controller build. (#12611)
* Chart: Bump Kube Webhook CertGen. (#12608)
* Tests & Docs: Bump images. (#12605)
* Images: Trigger other builds (2/2). (#12598)
* Images: Trigger other builds (1/2). (#12597)
* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12592)
* Images: Trigger `test-runner` build. (#12586)
* Images: Bump `NGINX_BASE` to v0.2.0. (#12584)
* Images: Trigger NGINX build. (#12578)
* Go: Clean `go.work.sum`. (#12575)
* Repository: Update owners. (#12570)
* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12563)
* CI: Update KIND images. (#12559)
* Images: Bump Alpine to v3.21. (#12530)
* Docs: Add guide on how to set a Maintenance Page. (#12527)
* rikatz is stepping down (#12518)
* rikatz is stepping down (#12497)
* Go: Bump to v1.23.4. (#12485)
* Plugin: Bump `goreleaser` to v2. (#12442)
* GitHub: Fix `exec` in issue template. (#12389)
* CI: Update KIND images. (#12368)
* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12341)
* Go: Bump to v1.23.3. (#12339)
* Auth TLS: Add `_` to redirect RegEx. (#12328)
* Auth TLS: Improve redirect RegEx. (#12321)
* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12314)
* Images: Trigger `test-runner` build. (#12307)
* Config: Fix panic on invalid `lua-shared-dict`. (#12282)
* Docs: fix limit-rate-after references (#12280)
* Chart: Rework ServiceMonitor. (#12268)
* Chart: Add ServiceAccount tests. (#12266)
* CI: Fix chart testing. (#12260)
* [fix] fix nginx temp configs cleanup (#12224)
* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12204)
* Docs: Add Pod Security Admission. (#12198)
* Docs: Clarify external & service port in TCP/UDP services explanation. (#12194)
### Dependency updates:
* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12565)
* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12557)
* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12552)
* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12549)
* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12546)
* Bump the actions group with 2 updates (#12543)
* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12540)
* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12514)
* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12511)
* Bump the actions group with 3 updates (#12508)
* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12504)
* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12501)
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12478)
* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12473)
* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12466)
* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12463)
* Bump the go group across 1 directory with 2 updates (#12459)
* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12425)
* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12416)
* Bump the go group across 3 directories with 10 updates (#12414)
* Bump the actions group with 3 updates (#12410)
* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12382)
* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12375)
* Bump golangci-lint on actions and disable deprecated linters (#12363)
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12356)
* Bump the actions group with 3 updates (#12353)
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12351)
* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12297)
* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12294)
* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12290)
* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12275)
* Bump the go group across 3 directories with 11 updates (#12246)
* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12241)
* Bump the actions group with 5 updates (#12243)
* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12219)
* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12215)
* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12191)
* Bump the go group across 2 directories with 1 update (#12189)
* Bump the actions group with 2 updates (#12185)
* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12184)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.5...controller-v1.10.6

View file

@ -1,164 +0,0 @@
# Changelog
### controller-v1.11.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.0@sha256:a886e56d532d1388c77c8340261149d974370edca1093af4c97a96fb1467cb39
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.0@sha256:f16dfed1c94d216b65e5dcb7508ab46148641a99649c5a700749db6f01a7039e
### All changes:
* update test runner to latest build (#11558)
* add k8s 1.30 to ci build (#11554)
* update test runner go base to 3.20 (#11552)
* tag new test runner image with new nginx base 0.0.8 (#11551)
* bump NGINX_BASE to v0.0.8 (#11544)
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
* trigger build for NGINX-1.25 v0.0.8 (#11539)
* bump alpine version to 3.20 to custom-error-pages (#11538)
* fix: Ensure changes in MatchCN annotation are detected (#11529)
* Docs: Add information about HTTP/3 support. (#11513)
* Docs: Specify `ingressClass` for multi-controller setup. (#11493)
* Docs: Improve default certificate usage. (#11504)
* Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11511)
* docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11495)
* Update getting-started.md with new prerequisites (#11486)
* [feature] bump nginx to 1.25.5 and add http3 module (#11470)
* Fix boolean configuration (#11483)
* Chores: Align security contacts & chart maintainers to actual owners. (#11465)
* CI: Bump forgotten Ginkgo versions. (#11467)
* Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11462)
* Owners: Promote Gacko to admin. (#11463)
* Chart: Make pod affinity templatable. (#11453)
* fixed fastcgi userguide (#11454)
* Remove unnecessary space character (#11434)
* upgrade to alpine 3.20 (#11428)
* fix for docs issue 11432 (#11433)
* Update index.md (#11437)
* update golang to 1.22.4 (#11427)
* Chart: Fix `IngressClass` annotations. (#11416)
* Chart: Make admission webhook patch job RBAC configurable. (#11376)
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
* Chart: Remove `controller.enableWorkerSerialReloads`. (#11400)
* Adapt dashboards for Grafana 11 compatibility (#11399)
* Rename variable to fix typo (#11395)
* Fix helm install on cloud provider admonition block (#11394)
* edited helm-install tips (#11393)
* added info for aws helm install (#11390)
* added multiplecontrollers-howto to faq (#11389)
* removed tlsv1 & tlsv1.1 (#11343)
* feat: Add grpc timeouts annotations (#11258)
* sfix position of options (#11379)
* add workflow to helm release and update ct for branch (#11378)
* Accept user defined annotations in IngressClass (#11362)
* Docs: Remove opentracing and zipkin from docs (#11361)
* Allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads which can lead to high resource usage and OOMKill (#10884)
* chore(deps): group update k8s.io packages to v0.30.0 (#11344)
* Fix function name in comment (#11296)
* fix path in file changed detected message (#11271)
* chore: fix function names in comment (#11280)
* fix: update kube version requirement to 1.21 (#11275)
* release helm chart from release branch (#11276)
* update k8s version to latest kind release (#11240)
* feat: add annotation to allow to add custom response headers (#9742)
* remove _ssl_expire_time_seconds metric by identifier (#9706)
* update post submit helm ci and clean up (#11220)
* Chart: Add unit tests for default backend & topology spread constraints. (#11218)
* sort default backend hpa metrics (#11215)
* updated certgen image shatag (#11214)
* feature(default_backend): topologySpreadConstraints on default backend (#11197)
* bumped certgeimage tag (#11212)
* changed testrunner image sha (#11207)
* updated baseimage & deleted a useless file (#11208)
* Chart: Make `controller.config` templatable. (#11181)
* chunking related faq update (#11196)
* bump ginkgo to 2-17-1 in testrunner (#11202)
* Owners: Promote Gacko to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`. (#11165)
* Fix-semver (#11193)
* refactor helm ci tests part I (#11178)
* fixes brotli build issue (#10484)
* bump ginkgo to v2.17.1 (#11177)
* Proposal: e2e tests for regex patterns (#11174)
* Controller: Make Leader Election TTL configurable. (#11142)
* Chores: Remove recently added whitespaces. (#11156)
* Add GRPC Buffer Size to the Configmap (#11155)
* fix geoip2 configuration docs (#11150)
* feature(geoip2_autoreload): Enable GeoIP2 auto_reload config (#11079)
* Chart: Add IngressClass aliases. (#11109)
* Fix typos in OTel doc (#11081)
* Chart: Render `controller.ingressClassResource.parameters` natively. (#11108)
* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11089)
* Chart: Align HPA & KEDA conditions. (#11110)
* Chart: Add Gacko to maintainers. Again. (#11107)
* Chart: Improve IngressClass documentation. (#11104)
* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11032)
* Undo #11062 since it breaks the nginx config (#11082)
* [mTLS] Fix acme verification when mTLS and Client CN verification is enabled (#11062)
* golangci-lint update, ci cleanup, group dependabot updates (#11071)
* bump golang (#11070)
* feature(leader_election): flag to disable leader election feature on controller (#11064)
* docs: update the 404 link to FAQ (#11069)
* Update README.md (#11065)
* quotes around numbers fort ports definitions (#11052)
### Dependency updates:
* Bump the all group with 2 updates (#11523)
* Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11499)
* Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11497)
* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11475)
* Bump the all group with 3 updates (#11474)
* Bump the all group with 2 updates (#11476)
* Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11442)
* Bump the all group with 3 updates (#11443)
* Bump sigs.k8s.io/controller-runtime in the all group (#11440)
* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11444)
* Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11441)
* Bump the all group with 2 updates (#11419)
* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11418)
* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11417)
* Bump the all group across 1 directory with 3 updates (#11384)
* Bump the all group across 1 directory with 6 updates (#11383)
* Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#11357)
* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11355)
* Bump the all group with 3 updates (#11348)
* Bump Kubernetes version on images (#11346)
* Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.18.1 (#11345)
* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11328)
* Bump the all group with 4 updates (#11327)
* Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11291)
* Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11290)
* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11282)
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11283)
* Bump the all group with 2 updates (#11261)
* Bump azure/setup-helm from 3.5 to 4 (#11263)
* Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11262)
* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11237)
* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11228)
* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11227)
* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11229)
* Bump github.com/prometheus/client_model in the all group (#11226)
* Bump the all group with 3 updates (#11225)
* Bump the all group with 2 updates (#11183)
* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11184)
* Bump the all group with 3 updates (#11157)
* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11159)
* Bump the all group with 4 updates (#11133)
* Bump the all group with 1 update (#11134)
* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11119)
* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11121)
* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11120)
* Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 (#11076)
* Bump the all group with 1 update (#11073)
* Bump the all group with 1 update (#11072)
* Bump github.com/prometheus/common from 0.49.0 to 0.50.0 (#11075)
* Bump actions/download-artifact from 4.1.2 to 4.1.4 (#11059)
* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#11055)
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#11057)
* Bump github.com/prometheus/common from 0.48.0 to 0.49.0 (#11056)
* Bump github/codeql-action from 3.24.5 to 3.24.6 (#11060)
* Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#11058)
* Bump dorny/paths-filter from 3.0.1 to 3.0.2 (#11061)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.11.0

View file

@ -1,45 +0,0 @@
# Changelog
### controller-v1.11.1
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.1@sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.1@sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
### All changes:
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11647)
* Images: Re-run `test-runner` build. (#11644)
* Images: Trigger `test-runner` build. (#11640)
* Images: Bump `NGINX_BASE` to v0.0.10. (#11638)
* Images: Trigger NGINX build. (#11632)
* bump testing runner (#11627)
* remove modsecurity coreruleset test files from nginx image (#11620)
* unskip the ocsp tests and update images to fix cfssl bug (#11616)
* Fix indent in YAML for example pod (#11610)
* Images: Bump `test-runner`. (#11605)
* Images: Bump `NGINX_BASE` to v0.0.9. (#11602)
* revert module upgrade (#11597)
* Release: Apply changes from `main`. (#11589)
* Mage: Stop mutating release notes. (#11581)
* Images: Bump `kube-webhook-certgen`. (#11584)
* update test runner to latest build (#11558)
* add k8s 1.30 to ci build (#11554)
* update test runner go base to 3.20 (#11552)
* tag new test runner image with new nginx base 0.0.8 (#11551)
* bump NGINX_BASE to v0.0.8 (#11544)
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
* trigger build for NGINX-1.25 v0.0.8 (#11539)
* bump alpine version to 3.20 to custom-error-pages (#11538)
* fix: Ensure changes in MatchCN annotation are detected (#11529)
### Dependency updates:
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11621)
* Bump the all group with 5 updates (#11614)
* Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11580)
* Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11576)
* Bump the all group with 4 updates (#11575)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.11.1

View file

@ -1,54 +0,0 @@
# Changelog
### controller-v1.11.2
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.2@sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8
### All changes:
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11812)
* Images: Trigger controller build. (#11807)
* Tests & Docs: Bump images. (#11805)
* Images: Trigger failed builds. (#11802)
* Images: Trigger other builds. (#11798)
* Controller: Fix panic in alternative backend merging. (#11794)
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11792)
* Images: Trigger `test-runner` build. (#11787)
* Images: Bump `NGINX_BASE` to v0.0.12. (#11784)
* Images: Trigger NGINX build. (#11781)
* Cloud Build: Add missing config, remove unused ones. (#11777)
* Generate correct output on NumCPU() when using cgroups2 (#11778)
* Cloud Build: Tweak timeouts. (#11763)
* Cloud Build: Fix substitutions. (#11760)
* Cloud Build: Some chores. (#11757)
* Go: Bump to v1.22.6. (#11749)
* Images: Bump `NGINX_BASE` to v0.0.11. (#11743)
* Images: Trigger NGINX build. (#11737)
* docs: update OpenSSL Roadmap link (#11733)
* Go: Bump to v1.22.5. (#11732)
* Docs: Fix typo in AWS LB Controller reference (#11725)
* Perform some cleaning operations on line breaks. (#11721)
* Missing anchors in regular expression. (#11719)
* Docs: Fix `from-to-www` redirect description. (#11716)
* Chart: Remove `isControllerTagValid`. (#11713)
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11705)
* Docs: Clarify `from-to-www` redirect direction. (#11693)
* added real-client-ip faq (#11664)
* Docs: Format NGINX configuration table. (#11662)
* Docs: Update version in `deploy/index.md`. (#11652)
### Dependency updates:
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11773)
* Bump the all group with 2 updates (#11771)
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11769)
* Bump the all group with 3 updates (#11728)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11701)
* Bump the all group with 2 updates (#11698)
* Bump the all group with 4 updates (#11677)
* Bump the all group with 2 updates (#11675)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.1...controller-v1.11.2

View file

@ -1,91 +0,0 @@
# Changelog
### controller-v1.11.3
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.3@sha256:22701f0fc0f2dd209ef782f4e281bfe2d8cccd50ededa00aec88e0cdbe7edd14
### All changes:
* Images: Trigger controller build. (#12134)
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12145)
* Images: Trigger `e2e-test-echo` build. (#12141)
* Images: Drop `s390x`. (#12138)
* Images: Build `s390x` controller. (#12127)
* Chart: Bump Kube Webhook CertGen. (#12123)
* Tests & Docs: Bump images. (#12121)
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12117)
* Images: Trigger other builds. (#12112)
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12105)
* Images: Trigger `test-runner` build. (#12102)
* Docs: Add a multi-tenant warning. (#12099)
* Go: Bump to v1.22.8. (#12094)
* Images: Bump `NGINX_BASE` to v0.1.0. (#12080)
* Images: Trigger NGINX build. (#12076)
* Images: Remove NGINX v1.21. (#12058)
* GitHub: Improve Dependabot. (#12038)
* Chart: Improve CI. (#12030)
* Chart: Extend image tests. (#12027)
* Docs: Add health check annotations for AWS. (#12020)
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12006)
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12002)
* Chart: Align default backend `PodDisruptionBudget`. (#11999)
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11986)
* Chart: Improve default backend service account. (#11974)
* Go: Bump to v1.22.7. (#11970)
* Images: Bump OpenTelemetry C++ Contrib. (#11951)
* Docs: Add note about `--watch-namespace`. (#11949)
* Images: Use latest Alpine 3.20 everywhere. (#11946)
* Fix minor typos (#11941)
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11934)
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11921)
* Images: Trigger `test-runner` build. (#11917)
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11889)
* Annotations: Allow commas in URLs. (#11887)
* CI: Grant checks write permissions to E2E Test Report. (#11885)
* Chart: Use generic values for `ConfigMap` test. (#11879)
* Update maxmind post link about geolite2 license changes (#11881)
* Go: Sync `go.work.sum`. (#11875)
* Replace deprecated queue method (#11859)
* Auto-generate annotation docs (#11831)
### Dependency updates:
* Bump the actions group with 3 updates (#12149)
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12109)
* Bump the actions group with 3 updates (#12097)
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12089)
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12087)
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12085)
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12083)
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12055)
* Bump the go group across 1 directory with 3 updates (#12053)
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12049)
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12047)
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12046)
* Bump the all group with 2 updates (#12036)
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12016)
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12014)
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12012)
* Bump the all group with 2 updates (#11981)
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11980)
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11961)
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11958)
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11957)
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11930)
* Bump the all group with 2 updates (#11925)
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11913)
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11910)
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11909)
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11908)
* Bump the all group with 2 updates (#11871)
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11868)
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11840)
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11839)
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11837)
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11836)
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11834)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.2...controller-v1.11.3

View file

@ -1,94 +0,0 @@
# Changelog
### controller-v1.11.4
Images:
* registry.k8s.io/ingress-nginx/controller:v1.11.4@sha256:981a97d78bee3109c0b149946c07989f8f1478a9265031d2d23dea839ba05b52
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.4@sha256:f29d0f9e7a9ef4947eda59ed0c09ec13380b13639d1518cf1ab8ec09c3e22ef8
### All changes:
* Images: Trigger controller build. (#12610)
* Chart: Bump Kube Webhook CertGen. (#12607)
* Tests & Docs: Bump images. (#12604)
* Images: Trigger other builds (2/2). (#12600)
* Images: Trigger other builds (1/2). (#12596)
* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12591)
* Images: Trigger `test-runner` build. (#12588)
* Images: Bump `NGINX_BASE` to v0.2.0. (#12583)
* Images: Trigger NGINX build. (#12577)
* Go: Clean `go.work.sum`. (#12574)
* Repository: Update owners. (#12569)
* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12562)
* CI: Update KIND images. (#12558)
* Images: Bump Alpine to v3.21. (#12529)
* Docs: Add guide on how to set a Maintenance Page. (#12526)
* rikatz is stepping down (#12517)
* rikatz is stepping down (#12495)
* Go: Bump to v1.23.4. (#12484)
* Plugin: Bump `goreleaser` to v2. (#12441)
* GitHub: Fix `exec` in issue template. (#12388)
* CI: Update KIND images. (#12365)
* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12343)
* Go: Bump to v1.23.3. (#12338)
* Auth TLS: Add `_` to redirect RegEx. (#12327)
* Auth TLS: Improve redirect RegEx. (#12322)
* Update custom headers annotation documentation (#12319)
* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12313)
* Images: Trigger `test-runner` build. (#12306)
* Config: Fix panic on invalid `lua-shared-dict`. (#12284)
* Docs: fix limit-rate-after references (#12279)
* Chart: Rework ServiceMonitor. (#12270)
* Chart: Add ServiceAccount tests. (#12264)
* CI: Fix chart testing. (#12259)
* [fix] fix nginx temp configs cleanup (#12223)
* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12203)
* Docs: Add Pod Security Admission. (#12197)
* Docs: Clarify external & service port in TCP/UDP services explanation. (#12193)
* Docs: Goodbye, v1.10. (#12159)
### Dependency updates:
* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12567)
* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12556)
* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12551)
* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12548)
* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12545)
* Bump the actions group with 2 updates (#12542)
* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12539)
* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12513)
* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12510)
* Bump the actions group with 3 updates (#12507)
* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12503)
* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12500)
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12477)
* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12475)
* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12465)
* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12462)
* Bump the go group across 1 directory with 2 updates (#12458)
* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12427)
* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12417)
* Bump the go group across 3 directories with 10 updates (#12415)
* Bump the actions group with 3 updates (#12411)
* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12381)
* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12374)
* Bump golangci-lint on actions and disable deprecated linters (#12362)
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12355)
* Bump the actions group with 3 updates (#12352)
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12350)
* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12298)
* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12295)
* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12289)
* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12274)
* Bump the go group across 3 directories with 11 updates (#12245)
* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12239)
* Bump the actions group with 5 updates (#12240)
* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12220)
* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12216)
* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12190)
* Bump the go group across 2 directories with 1 update (#12187)
* Bump the actions group with 2 updates (#12181)
* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12179)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.3...controller-v1.11.4

View file

@ -1,216 +0,0 @@
# Changelog
### controller-v1.12.0-beta.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.12.0-beta.0@sha256:9724476b928967173d501040631b23ba07f47073999e80e34b120e8db5f234d5
* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.0-beta.0@sha256:6e2f8f52e1f2571ff65bc4fc4826d5282d5def5835ec4ab433dcb8e659b2fbac
### All changes:
* Images: Trigger controller build. (#12154)
* ⚠️ Metrics: Disable by default. (#12153) ⚠️
This changes the default of the following CLI arguments:
* `--enable-metrics` gets disabled by default.
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12147)
* Images: Trigger `e2e-test-echo` build. (#12140)
* ⚠️ Images: Drop `s390x`. (#12137) ⚠️
Support for the `s390x` architecture has already been removed from the controller image. This also removes it from the NGINX base image and CI relevant images.
* Images: Build `s390x` controller. (#12126)
* Chart: Bump Kube Webhook CertGen. (#12119)
* Tests & Docs: Bump images. (#12118)
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12113)
* Images: Trigger other builds. (#12110)
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12103)
* Images: Trigger `test-runner` build. (#12100)
* Docs: Add a multi-tenant warning. (#12091)
* Go: Bump to v1.22.8. (#12069)
* Images: Bump `NGINX_BASE` to v1.0.0. (#12066)
* Images: Trigger NGINX build. (#12063)
* Images: Remove NGINX v1.21. (#12031)
* Chart: Add `controller.metrics.service.enabled`. (#12056)
* GitHub: Improve Dependabot. (#12033)
* Chart: Add `global.image.registry`. (#12028)
* ⚠️ Images: Remove OpenTelemetry. (#12024) ⚠️
OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
* Chart: Improve CI. (#12003)
* Chart: Extend image tests. (#12025)
* Chart: Add `controller.progressDeadlineSeconds`. (#12017)
* Docs: Add health check annotations for AWS. (#12018)
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12005)
* Chart: Implement `unhealthyPodEvictionPolicy`. (#11992)
* Chart: Add `defaultBackend.maxUnavailable`. (#11995)
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12000)
* Chart: Align default backend `PodDisruptionBudget`. (#11993)
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#10274)
* ⚠️ Chart: Remove Pod Security Policy. (#11971) ⚠️
This removes Pod Security Policies and related resources from the chart.
* Chart: Improve default backend service account. (#11972)
* Go: Bump to v1.22.7. (#11943)
* NGINX: Remove inline Lua from template. (#11806)
* Images: Bump OpenTelemetry C++ Contrib. (#11629)
* Docs: Add note about `--watch-namespace`. (#11947)
* Images: Use latest Alpine 3.20 everywhere. (#11944)
* Fix minor typos (#11935)
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11931)
* Allow any protocol for cors origins (#11153)
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11919)
* Images: Trigger `test-runner` build. (#11916)
* Chart: Add `controller.metrics.prometheusRule.annotations`. (#11849)
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11883)
* Annotations: Allow commas in URLs. (#11882)
* CI: Grant checks write permissions to E2E Test Report. (#11862)
* Chart: Use generic values for `ConfigMap` test. (#11877)
* Security: Follow-up on recent changes. (#11874)
* Lua: Remove plugins from `.luacheckrc` & E2E docs. (#11872)
* Dashboard: Remove `ingress_upstream_latency_seconds`. (#11878)
* Metrics: Add `--metrics-per-undefined-host` argument. (#11818)
* Update maxmind post link about geolite2 license changes (#11861)
* ⚠️ Remove global-rate-limit feature (#11851) ⚠️
This removes the following configuration options:
* `global-rate-limit-memcached-host`
* `global-rate-limit-memcached-port`
* `global-rate-limit-memcached-connect-timeout`
* `global-rate-limit-memcached-max-idle-timeout`
* `global-rate-limit-memcached-pool-size`
* `global-rate-limit-status-code`
It also removes the following annotations:
* `global-rate-limit`
* `global-rate-limit-window`
* `global-rate-limit-key`
* `global-rate-limit-ignored-cidrs`
* Revert "docs: Add deployment for AWS NLB Proxy." (#11857)
* Add custom code handling for temporal redirect (#10651)
* Add native histogram support for histogram metrics (#9971)
* Replace deprecated queue method (#11853)
* ⚠️ Enable security features by default (#11819) ⚠️
This changes the default of the following CLI arguments:
* `--enable-annotation-validation` gets enabled by default.
It also changes the default of the following configuration options:
* `allow-cross-namespace-resources` gets disabled by default.
* `annotations-risk-level` gets lowered to "High" by default.
* `strict-validate-path-type` gets enabled by default.
* docs: Add deployment for AWS NLB Proxy. (#9565)
* ⚠️ Remove 3rd party lua plugin support (#11821) ⚠️
This removes the following configuration options:
* `plugins`
It also removes support for user provided Lua plugins in the `/etc/nginx/lua/plugins` directory.
* Auto-generate annotation docs (#11820)
* ⚠️ Metrics: Remove `ingress_upstream_latency_seconds`. (#11795) ⚠️
This metric has already been deprecated and is now getting removed.
* Release controller v1.11.2/v1.10.4 & chart v4.11.2/v4.10.4. (#11816)
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11809)
* Tests & Docs: Bump images. (#11803)
* Images: Trigger failed builds. (#11800)
* Images: Trigger other builds. (#11796)
* Controller: Fix panic in alternative backend merging. (#11789)
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11788)
* Images: Trigger `test-runner` build. (#11785)
* Images: Bump `NGINX_BASE` to v0.0.12. (#11782)
* Images: Trigger NGINX build. (#11779)
* Cloud Build: Add missing config, remove unused ones. (#11774)
* Cloud Build: Tweak timeouts. (#11761)
* Cloud Build: Fix substitutions. (#11758)
* Cloud Build: Some chores. (#11633)
* Go: Bump to v1.22.6. (#11747)
* Images: Bump `NGINX_BASE` to v0.0.11. (#11741)
* Images: Trigger NGINX build. (#11735)
* docs: update OpenSSL Roadmap link (#11730)
* Go: Bump to v1.22.5. (#11634)
* Docs: Fix typo in AWS LB Controller reference (#11723)
* Perform some cleaning operations on line breaks. (#11720)
* Missing anchors in regular expression. (#11717)
* Docs: Fix `from-to-www` redirect description. (#11712)
* Chart: Remove `isControllerTagValid`. (#11710)
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11702)
* Chart: Explicitly set `runAsGroup`. (#11679)
* Docs: Clarify `from-to-www` redirect direction. (#11682)
* added real-client-ip faq (#11663)
* Docs: Format NGINX configuration table. (#11659)
* Release controller v1.11.1/v1.10.3 & chart v4.11.1/v4.10.3. (#11654)
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11645)
* Images: Trigger `test-runner` build. (#11636)
* Images: Bump `NGINX_BASE` to v0.0.10. (#11635)
* remove modsecurity coreruleset test files from nginx image (#11617)
* unskip the ocsp tests and update images to fix cfssl bug (#11606)
* Fix indent in YAML for example pod (#11598)
* Images: Bump `test-runner`. (#11600)
* Images: Bump `NGINX_BASE` to v0.0.9. (#11599)
* revert module upgrade (#11594)
* README: Fix support matrix. (#11586)
* Repository: Add changelogs from `release-v1.10`. (#11587)
### Dependency updates:
* Bump the actions group with 3 updates (#12152)
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12107)
* Bump the actions group with 3 updates (#12092)
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12062)
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12060)
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12059)
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12061)
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12051)
* Bump the go group across 1 directory with 3 updates (#12050)
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12043)
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12041)
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12040)
* Bump the all group with 2 updates (#12032)
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12010)
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12009)
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12008)
* Bump the all group with 2 updates (#11977)
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11976)
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11954)
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11955)
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11953)
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11928)
* Bump the all group with 2 updates (#11922)
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11901)
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11902)
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11903)
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11904)
* Bump the all group with 2 updates (#11865)
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11867)
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11832)
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11823)
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11822)
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11825)
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11826)
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11766)
* Bump the all group with 2 updates (#11767)
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11765)
* Bump the all group with 3 updates (#11727)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11696)
* Bump the all group with 2 updates (#11695)
* Bump the all group with 4 updates (#11673)
* Bump the all group with 2 updates (#11672)
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11522)
* Bump the all group with 5 updates (#11611)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.12.0-beta.0

View file

@ -1,294 +0,0 @@
# Changelog
### controller-v1.12.0
Images:
* registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa
* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.0@sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3
### All changes:
* Images: Trigger controller build. (#12609)
* Chart: Bump Kube Webhook CertGen. (#12606)
* Tests & Docs: Bump images. (#12603)
* Images: Trigger other builds (2/2). (#12599)
* Images: Trigger other builds (1/2). (#12595)
* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12590)
* Images: Trigger `test-runner` build. (#12587)
* Images: Bump `NGINX_BASE` to v1.1.0. (#12582)
* Images: Trigger NGINX build. (#12579)
* Go: Clean `go.work.sum`. (#12573)
* Repository: Update owners. (#12568)
* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12561)
* CI: Update KIND images. (#12560)
* Images: Bump Alpine to v3.21. (#12528)
* Docs: Add guide on how to set a Maintenance Page. (#12525)
* rikatz is stepping down (#12516)
* rikatz is stepping down (#12494)
* Go: Bump to v1.23.4. (#12483)
* Plugin: Bump `goreleaser` to v2. (#12440)
* GitHub: Fix `exec` in issue template. (#12387)
* CI: Update KIND images. (#12367)
* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12342)
* Go: Bump to v1.23.3. (#12337)
* Auth TLS: Add `_` to redirect RegEx. (#12326)
* Auth TLS: Improve redirect RegEx. (#12323)
* Update custom headers annotation documentation (#12318)
* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12312)
* Docs: Add CPU usage note for `--metrics-per-undefined-host`. (#12310)
* Images: Trigger `test-runner` build. (#12308)
* Config: Fix panic on invalid `lua-shared-dict`. (#12283)
* Docs: fix limit-rate-after references (#12278)
* Chart: Rework ServiceMonitor. (#12269)
* Chart: Add ServiceAccount tests. (#12263)
* CI: Fix chart testing. (#12258)
* [fix] fix nginx temp configs cleanup (#12225)
* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12202)
* Docs: Add Pod Security Admission. (#12195)
* Docs: Clarify external & service port in TCP/UDP services explanation. (#12192)
* Images: Trigger controller build. (#12154)
* ⚠️ Metrics: Disable by default. (#12153) ⚠️
This changes the default of the following CLI arguments:
* `--enable-metrics` gets disabled by default.
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12147)
* Images: Trigger `e2e-test-echo` build. (#12140)
* ⚠️ Images: Drop `s390x`. (#12137) ⚠️
Support for the `s390x` architecture has already been removed from the controller image. This also removes it from the NGINX base image and CI relevant images.
* Images: Build `s390x` controller. (#12126)
* Chart: Bump Kube Webhook CertGen. (#12119)
* Tests & Docs: Bump images. (#12118)
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12113)
* Images: Trigger other builds. (#12110)
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12103)
* Images: Trigger `test-runner` build. (#12100)
* Docs: Add a multi-tenant warning. (#12091)
* Go: Bump to v1.22.8. (#12069)
* Images: Bump `NGINX_BASE` to v1.0.0. (#12066)
* Images: Trigger NGINX build. (#12063)
* Images: Remove NGINX v1.21. (#12031)
* Chart: Add `controller.metrics.service.enabled`. (#12056)
* GitHub: Improve Dependabot. (#12033)
* Chart: Add `global.image.registry`. (#12028)
* ⚠️ Images: Remove OpenTelemetry. (#12024) ⚠️
OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
* Chart: Improve CI. (#12003)
* Chart: Extend image tests. (#12025)
* Chart: Add `controller.progressDeadlineSeconds`. (#12017)
* Docs: Add health check annotations for AWS. (#12018)
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12005)
* Chart: Implement `unhealthyPodEvictionPolicy`. (#11992)
* Chart: Add `defaultBackend.maxUnavailable`. (#11995)
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12000)
* Chart: Align default backend `PodDisruptionBudget`. (#11993)
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#10274)
* ⚠️ Chart: Remove Pod Security Policy. (#11971) ⚠️
This removes Pod Security Policies and related resources from the chart.
* Chart: Improve default backend service account. (#11972)
* Go: Bump to v1.22.7. (#11943)
* NGINX: Remove inline Lua from template. (#11806)
* Images: Bump OpenTelemetry C++ Contrib. (#11629)
* Docs: Add note about `--watch-namespace`. (#11947)
* Images: Use latest Alpine 3.20 everywhere. (#11944)
* Fix minor typos (#11935)
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11931)
* Allow any protocol for cors origins (#11153)
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11919)
* Images: Trigger `test-runner` build. (#11916)
* Chart: Add `controller.metrics.prometheusRule.annotations`. (#11849)
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11883)
* Annotations: Allow commas in URLs. (#11882)
* CI: Grant checks write permissions to E2E Test Report. (#11862)
* Chart: Use generic values for `ConfigMap` test. (#11877)
* Security: Follow-up on recent changes. (#11874)
* Lua: Remove plugins from `.luacheckrc` & E2E docs. (#11872)
* Dashboard: Remove `ingress_upstream_latency_seconds`. (#11878)
* Metrics: Add `--metrics-per-undefined-host` argument. (#11818)
* Update maxmind post link about geolite2 license changes (#11861)
* ⚠️ Remove global-rate-limit feature (#11851) ⚠️
This removes the following configuration options:
* `global-rate-limit-memcached-host`
* `global-rate-limit-memcached-port`
* `global-rate-limit-memcached-connect-timeout`
* `global-rate-limit-memcached-max-idle-timeout`
* `global-rate-limit-memcached-pool-size`
* `global-rate-limit-status-code`
It also removes the following annotations:
* `global-rate-limit`
* `global-rate-limit-window`
* `global-rate-limit-key`
* `global-rate-limit-ignored-cidrs`
* Revert "docs: Add deployment for AWS NLB Proxy." (#11857)
* Add custom code handling for temporal redirect (#10651)
* Add native histogram support for histogram metrics (#9971)
* Replace deprecated queue method (#11853)
* ⚠️ Enable security features by default (#11819) ⚠️
This changes the default of the following CLI arguments:
* `--enable-annotation-validation` gets enabled by default.
It also changes the default of the following configuration options:
* `allow-cross-namespace-resources` gets disabled by default.
* `annotations-risk-level` gets lowered to "High" by default.
* `strict-validate-path-type` gets enabled by default.
* docs: Add deployment for AWS NLB Proxy. (#9565)
* ⚠️ Remove 3rd party lua plugin support (#11821) ⚠️
This removes the following configuration options:
* `plugins`
It also removes support for user provided Lua plugins in the `/etc/nginx/lua/plugins` directory.
* Auto-generate annotation docs (#11820)
* ⚠️ Metrics: Remove `ingress_upstream_latency_seconds`. (#11795) ⚠️
This metric has already been deprecated and is now getting removed.
* Release controller v1.11.2/v1.10.4 & chart v4.11.2/v4.10.4. (#11816)
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11809)
* Tests & Docs: Bump images. (#11803)
* Images: Trigger failed builds. (#11800)
* Images: Trigger other builds. (#11796)
* Controller: Fix panic in alternative backend merging. (#11789)
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11788)
* Images: Trigger `test-runner` build. (#11785)
* Images: Bump `NGINX_BASE` to v0.0.12. (#11782)
* Images: Trigger NGINX build. (#11779)
* Cloud Build: Add missing config, remove unused ones. (#11774)
* Cloud Build: Tweak timeouts. (#11761)
* Cloud Build: Fix substitutions. (#11758)
* Cloud Build: Some chores. (#11633)
* Go: Bump to v1.22.6. (#11747)
* Images: Bump `NGINX_BASE` to v0.0.11. (#11741)
* Images: Trigger NGINX build. (#11735)
* docs: update OpenSSL Roadmap link (#11730)
* Go: Bump to v1.22.5. (#11634)
* Docs: Fix typo in AWS LB Controller reference (#11723)
* Perform some cleaning operations on line breaks. (#11720)
* Missing anchors in regular expression. (#11717)
* Docs: Fix `from-to-www` redirect description. (#11712)
* Chart: Remove `isControllerTagValid`. (#11710)
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11702)
* Chart: Explicitly set `runAsGroup`. (#11679)
* Docs: Clarify `from-to-www` redirect direction. (#11682)
* added real-client-ip faq (#11663)
* Docs: Format NGINX configuration table. (#11659)
* Release controller v1.11.1/v1.10.3 & chart v4.11.1/v4.10.3. (#11654)
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11645)
* Images: Trigger `test-runner` build. (#11636)
* Images: Bump `NGINX_BASE` to v0.0.10. (#11635)
* remove modsecurity coreruleset test files from nginx image (#11617)
* unskip the ocsp tests and update images to fix cfssl bug (#11606)
* Fix indent in YAML for example pod (#11598)
* Images: Bump `test-runner`. (#11600)
* Images: Bump `NGINX_BASE` to v0.0.9. (#11599)
* revert module upgrade (#11594)
* README: Fix support matrix. (#11586)
* Repository: Add changelogs from `release-v1.10`. (#11587)
### Dependency updates:
* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12566)
* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12555)
* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12550)
* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12547)
* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12544)
* Bump the actions group with 2 updates (#12541)
* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12538)
* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12512)
* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12509)
* Bump the actions group with 3 updates (#12506)
* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12505)
* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12502)
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12476)
* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12472)
* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12464)
* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12461)
* Bump the go group across 1 directory with 2 updates (#12460)
* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12426)
* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12418)
* Bump the go group across 3 directories with 10 updates (#12413)
* Bump the actions group with 3 updates (#12412)
* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12380)
* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12373)
* Bump golangci-lint on actions and disable deprecated linters (#12361)
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12357)
* Bump the actions group with 3 updates (#12354)
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12349)
* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12299)
* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12296)
* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12288)
* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12273)
* Bump the go group across 3 directories with 11 updates (#12244)
* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12242)
* Bump the actions group with 5 updates (#12236)
* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12218)
* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12217)
* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12188)
* Bump the go group across 2 directories with 1 update (#12186)
* Bump the actions group with 2 updates (#12180)
* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12178)
* Bump the actions group with 3 updates (#12152)
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12107)
* Bump the actions group with 3 updates (#12092)
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12062)
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12060)
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12059)
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12061)
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12051)
* Bump the go group across 1 directory with 3 updates (#12050)
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12043)
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12041)
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12040)
* Bump the all group with 2 updates (#12032)
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12010)
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12009)
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12008)
* Bump the all group with 2 updates (#11977)
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11976)
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11954)
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11955)
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11953)
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11928)
* Bump the all group with 2 updates (#11922)
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11901)
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11902)
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11903)
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11904)
* Bump the all group with 2 updates (#11865)
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11867)
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11832)
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11823)
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11822)
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11825)
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11826)
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11766)
* Bump the all group with 2 updates (#11767)
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11765)
* Bump the all group with 3 updates (#11727)
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11696)
* Bump the all group with 2 updates (#11695)
* Bump the all group with 4 updates (#11673)
* Bump the all group with 2 updates (#11672)
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11522)
* Bump the all group with 5 updates (#11611)
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.12.0

View file

@ -1,10 +1,9 @@
annotations:
artifacthub.io/changes: |
- 'CI: Fix chart testing. (#12258)'
- Update Ingress-Nginx version controller-v1.12.0
- Update Ingress-Nginx version controller-v1.10.5
artifacthub.io/prerelease: "false"
apiVersion: v2
appVersion: 1.12.0
appVersion: 1.10.5
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
load balancer
home: https://github.com/kubernetes/ingress-nginx
@ -16,9 +15,11 @@ kubeVersion: '>=1.21.0-0'
maintainers:
- name: cpanato
- name: Gacko
- name: puerco
- name: rikatz
- name: strongjz
- name: tao12345666333
name: ingress-nginx
sources:
- https://github.com/kubernetes/ingress-nginx
version: 4.12.0
version: 4.10.5

View file

@ -1,4 +1,10 @@
# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
approvers:
- ingress-nginx-helm-maintainers
reviewers:
- ingress-nginx-helm-reviewers
labels:
- area/helm

View file

@ -2,7 +2,7 @@
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
![Version: 4.12.0](https://img.shields.io/badge/Version-4.12.0-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square)
![Version: 4.10.5](https://img.shields.io/badge/Version-4.10.5-informational?style=flat-square) ![AppVersion: 1.10.5](https://img.shields.io/badge/AppVersion-1.10.5-informational?style=flat-square)
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
@ -229,24 +229,6 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
### Pod Security Admission
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
Example:
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31
```
## Values
| Key | Type | Default | Description |
@ -260,8 +242,9 @@ metadata:
| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | |
| controller.admissionWebhooks.createSecretJob.name | string | `"create"` | |
| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | |
| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
| controller.admissionWebhooks.enabled | bool | `true` | |
| controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one |
| controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use |
| controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | |
@ -270,26 +253,21 @@ metadata:
| controller.admissionWebhooks.namespaceSelector | object | `{}` | |
| controller.admissionWebhooks.objectSelector | object | `{}` | |
| controller.admissionWebhooks.patch.enabled | bool | `true` | |
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:0de05718b59dc33b57ddfb4d8ad5f637cefd13eafdec0e1579d782b3483c27c3"` | |
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f"` | |
| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.admissionWebhooks.patch.image.tag | string | `"v1.5.1"` | |
| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | |
| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.4"` | |
| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | |
| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
| controller.admissionWebhooks.patch.rbac | object | `{"create":true}` | Admission webhook patch job RBAC |
| controller.admissionWebhooks.patch.rbac.create | bool | `true` | Create RBAC or not |
| controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods |
| controller.admissionWebhooks.patch.serviceAccount | object | `{"automountServiceAccountToken":true,"create":true,"name":""}` | Admission webhook patch job service account |
| controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token or not |
| controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not |
| controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name |
| controller.admissionWebhooks.patch.tolerations | list | `[]` | |
| controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` | |
| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | |
| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
| controller.admissionWebhooks.port | int | `8443` | |
| controller.admissionWebhooks.service.annotations | object | `{}` | |
| controller.admissionWebhooks.service.externalIPs | list | `[]` | |
@ -307,7 +285,7 @@ metadata:
| controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
| controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
| controller.autoscalingTemplate | list | `[]` | |
| controller.config | object | `{}` | Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
| controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
| controller.containerName | string | `"controller"` | Configures the controller container name |
@ -315,19 +293,18 @@ metadata:
| controller.containerSecurityContext | object | `{}` | Security context for controller containers |
| controller.customTemplate.configMapKey | string | `""` | |
| controller.customTemplate.configMapName | string | `""` | |
| controller.disableLeaderElection | bool | `false` | This configuration disable Nginx Controller Leader Election |
| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |
| controller.electionTTL | string | `""` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) |
| controller.enableAnnotationValidations | bool | `true` | |
| controller.enableAnnotationValidations | bool | `false` | |
| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # |
| controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" Defaults to false |
| controller.existingPsp | string | `""` | Use an existing PSP instead of creating one |
| controller.extraArgs | object | `{}` | Additional command line arguments to pass to Ingress-Nginx Controller E.g. to specify the default SSL certificate you can use |
| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. |
| controller.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. |
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. |
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module |
| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. |
| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. |
| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. |
@ -340,21 +317,19 @@ metadata:
| controller.hostname | object | `{}` | Optionally customize the pod hostname. |
| controller.image.allowPrivilegeEscalation | bool | `false` | |
| controller.image.chroot | bool | `false` | |
| controller.image.digest | string | `"sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa"` | |
| controller.image.digestChroot | string | `"sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3"` | |
| controller.image.digest | string | `"sha256:c84d11b1f7bd14ebbf49918a7f0dc01b31c0c6e757e0129520ea93453096315c"` | |
| controller.image.digestChroot | string | `"sha256:030a43bdd5f0212a7e135cc4da76b15a6706ef65a6824eb4cc401f87a81c2987"` | |
| controller.image.image | string | `"ingress-nginx/controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.readOnlyRootFilesystem | bool | `false` | |
| controller.image.runAsGroup | int | `82` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
| controller.image.registry | string | `"registry.k8s.io"` | |
| controller.image.runAsNonRoot | bool | `true` | |
| controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
| controller.image.runAsUser | int | `101` | |
| controller.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.image.tag | string | `"v1.12.0"` | |
| controller.image.tag | string | `"v1.10.5"` | |
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
| controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
| controller.ingressClassResource.aliases | list | `[]` | Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. Useful for development environments with only one Ingress Controller but production-like Ingress resources. `default` gets enabled on the original IngressClass only. |
| controller.ingressClassResource.annotations | object | `{}` | Annotations to be added to the IngressClass resource. |
| controller.ingressClassResource | object | `{"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
| controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class |
| controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not |
@ -386,11 +361,9 @@ metadata:
| controller.metrics.port | int | `10254` | |
| controller.metrics.portName | string | `"metrics"` | |
| controller.metrics.prometheusRule.additionalLabels | object | `{}` | |
| controller.metrics.prometheusRule.annotations | object | `{}` | Annotations to be added to the PrometheusRule. |
| controller.metrics.prometheusRule.enabled | bool | `false` | |
| controller.metrics.prometheusRule.rules | list | `[]` | |
| controller.metrics.service.annotations | object | `{}` | |
| controller.metrics.service.enabled | bool | `true` | Enable the metrics service or not. |
| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
| controller.metrics.service.labels | object | `{}` | Labels to be added to the metrics service resource |
| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | |
@ -399,27 +372,35 @@ metadata:
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | |
| controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. |
| controller.metrics.serviceMonitor.enabled | bool | `false` | |
| controller.metrics.serviceMonitor.labelLimit | int | `0` | Per-scrape limit on number of labels that will be accepted for a sample. |
| controller.metrics.serviceMonitor.labelNameLengthLimit | int | `0` | Per-scrape limit on length of labels name that will be accepted for a sample. |
| controller.metrics.serviceMonitor.labelValueLengthLimit | int | `0` | Per-scrape limit on length of labels value that will be accepted for a sample. |
| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | |
| controller.metrics.serviceMonitor.namespace | string | `""` | |
| controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | |
| controller.metrics.serviceMonitor.relabelings | list | `[]` | |
| controller.metrics.serviceMonitor.sampleLimit | int | `0` | Defines a per-scrape limit on the number of scraped samples that will be accepted. |
| controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | |
| controller.metrics.serviceMonitor.targetLabels | list | `[]` | |
| controller.metrics.serviceMonitor.targetLimit | int | `0` | Defines a limit on the number of scraped targets that will be accepted. |
| controller.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
| controller.name | string | `"controller"` | |
| controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| controller.opentelemetry.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| controller.opentelemetry.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | |
| controller.opentelemetry.containerSecurityContext.runAsNonRoot | bool | `true` | |
| controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
| controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.opentelemetry.enabled | bool | `false` | |
| controller.opentelemetry.image.digest | string | `"sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922"` | |
| controller.opentelemetry.image.distroless | bool | `true` | |
| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry-1.25.3"` | |
| controller.opentelemetry.image.registry | string | `"registry.k8s.io"` | |
| controller.opentelemetry.image.tag | string | `"v20240813-b933310d"` | |
| controller.opentelemetry.name | string | `"opentelemetry"` | |
| controller.opentelemetry.resources | object | `{}` | |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
| controller.podSecurityContext | object | `{}` | Security context for controller pods |
| controller.priorityClassName | string | `""` | |
| controller.progressDeadlineSeconds | int | `0` | Specifies the number of seconds you want to wait for the controller deployment to progress before the system reports back that it has failed. Ref.: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds |
| controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers |
| controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. |
| controller.publishService.enabled | bool | `true` | Enable 'publishService' or not |
@ -442,24 +423,20 @@ metadata:
| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. |
| controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
| controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
| controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
| controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
| controller.service.external.labels | object | `{}` | Labels to be added to the external controller service. |
| controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
| controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
| controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.internal.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. |
| controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
| controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. |
| controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
| controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
@ -470,7 +447,6 @@ metadata:
| controller.service.internal.ports | object | `{}` | |
| controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.internal.targetPorts | object | `{}` | |
| controller.service.internal.trafficDistribution | string | `""` | Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
| controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
@ -487,7 +463,6 @@ metadata:
| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. |
| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. |
| controller.service.trafficDistribution | string | `""` | Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| controller.shareProcessNamespace | bool | `false` | |
| controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ |
@ -498,10 +473,9 @@ metadata:
| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # |
| controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap |
| controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) |
| controller.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false |
| defaultBackend.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
| defaultBackend.affinity | object | `{}` | |
| defaultBackend.autoscaling.annotations | object | `{}` | |
| defaultBackend.autoscaling.enabled | bool | `false` | |
| defaultBackend.autoscaling.maxReplicas | int | `2` | |
@ -510,6 +484,7 @@ metadata:
| defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
| defaultBackend.containerSecurityContext | object | `{}` | Security context for default backend containers |
| defaultBackend.enabled | bool | `false` | |
| defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one |
| defaultBackend.extraArgs | object | `{}` | |
| defaultBackend.extraConfigMaps | list | `[]` | |
| defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods |
@ -519,7 +494,7 @@ metadata:
| defaultBackend.image.image | string | `"defaultbackend-amd64"` | |
| defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | |
| defaultBackend.image.readOnlyRootFilesystem | bool | `true` | |
| defaultBackend.image.runAsGroup | int | `65534` | |
| defaultBackend.image.registry | string | `"registry.k8s.io"` | |
| defaultBackend.image.runAsNonRoot | bool | `true` | |
| defaultBackend.image.runAsUser | int | `65534` | |
| defaultBackend.image.seccompProfile.type | string | `"RuntimeDefault"` | |
@ -530,7 +505,7 @@ metadata:
| defaultBackend.livenessProbe.periodSeconds | int | `10` | |
| defaultBackend.livenessProbe.successThreshold | int | `1` | |
| defaultBackend.livenessProbe.timeoutSeconds | int | `5` | |
| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. |
| defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
| defaultBackend.name | string | `"defaultbackend"` | |
| defaultBackend.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
@ -548,7 +523,6 @@ metadata:
| defaultBackend.replicaCount | int | `1` | |
| defaultBackend.resources | object | `{}` | |
| defaultBackend.service.annotations | object | `{}` | |
| defaultBackend.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
| defaultBackend.service.loadBalancerSourceRanges | list | `[]` | |
| defaultBackend.service.servicePort | int | `80` | |
@ -557,13 +531,11 @@ metadata:
| defaultBackend.serviceAccount.create | bool | `true` | |
| defaultBackend.serviceAccount.name | string | `""` | |
| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
| defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
| defaultBackend.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
| dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
| global.image.registry | string | `"registry.k8s.io"` | Registry host to pull images from. |
| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace |
| podSecurityPolicy.enabled | bool | `false` | |
| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration |
| rbac.create | bool | `true` | |
| rbac.scope | bool | `false` | |

View file

@ -226,22 +226,4 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
### Pod Security Admission
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
Example:
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
kubernetes.io/metadata.name: ingress-nginx
name: ingress-nginx
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.31
```
{{ template "chart.valuesSection" . }}

View file

@ -1,10 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.10.6
* CI: Fix chart testing. (#12260)
* Update Ingress-Nginx version controller-v1.10.6
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.5...helm-chart-4.10.6

View file

@ -1,18 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.0
* Chores: Align security contacts & chart maintainers to actual owners. (#11465)
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
* Fix helm install on cloud provider admonition block (#11394)
* edited helm-install tips (#11393)
* added info for aws helm install (#11390)
* add workflow to helm release and update ct for branch (#11378)
* release helm chart from release branch (#11276)
* update post submit helm ci and clean up (#11220)
* refactor helm ci tests part I (#11178)
* Update Ingress-Nginx version controller-v1.11.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.2...helm-chart-4.11.0

View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.1
* Update Ingress-Nginx version controller-v1.11.1
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.11.1

View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.2
* Update Ingress-Nginx version controller-v1.11.2
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.1...helm-chart-4.11.2

View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.3
* Update Ingress-Nginx version controller-v1.11.3
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.2...helm-chart-4.11.3

View file

@ -1,10 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.11.4
* CI: Fix chart testing. (#12259)
* Update Ingress-Nginx version controller-v1.11.4
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.3...helm-chart-4.11.4

View file

@ -1,9 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.12.0-beta.0
* Update Ingress-Nginx version controller-v1.12.0-beta.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.12.0-beta.0

View file

@ -1,10 +0,0 @@
# Changelog
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
### 4.12.0
* CI: Fix chart testing. (#12258)
* Update Ingress-Nginx version controller-v1.12.0
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.12.0

View file

@ -0,0 +1,30 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
service:
type: ClusterIP
kind: DaemonSet
extraModules:
- name: opentelemetry
image:
registry: registry.k8s.io
image: ingress-nginx/opentelemetry-1.25.3
tag: v20240813-b933310d
digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
distroless: true
containerSecurityContext:
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true

View file

@ -0,0 +1,13 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
service:
type: ClusterIP
kind: DaemonSet
opentelemetry:
enabled: true

View file

@ -0,0 +1,30 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
service:
type: ClusterIP
kind: Deployment
extraModules:
- name: opentelemetry
image:
registry: registry.k8s.io
image: ingress-nginx/opentelemetry-1.25.3
tag: v20240813-b933310d
digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
distroless: true
containerSecurityContext:
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true

View file

@ -0,0 +1,13 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
service:
type: ClusterIP
kind: Deployment
opentelemetry:
enabled: true

View file

@ -9,7 +9,5 @@ controller:
internal:
enabled: true
labels:
external-dns.alpha.kubernetes.io/hostname: internal.example.com
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"

View file

@ -7,10 +7,6 @@ controller:
service:
type: NodePort
external:
labels:
external-dns.alpha.kubernetes.io/hostname: external.example.com
nodePorts:
tcp:
9000: 30090

View file

@ -0,0 +1,13 @@
controller:
kind: DaemonSet
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
admissionWebhooks:
enabled: false
service:
type: ClusterIP
podSecurityPolicy:
enabled: true

View file

@ -0,0 +1,13 @@
controller:
kind: DaemonSet
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
admissionWebhooks:
enabled: true
service:
type: ClusterIP
podSecurityPolicy:
enabled: true

View file

@ -0,0 +1,10 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
service:
type: ClusterIP
podSecurityPolicy:
enabled: true

View file

@ -0,0 +1,12 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
admissionWebhooks:
enabled: true
service:
type: ClusterIP
podSecurityPolicy:
enabled: true

View file

@ -47,7 +47,6 @@ Controller container security context.
{{- else -}}
runAsNonRoot: {{ .Values.controller.image.runAsNonRoot }}
runAsUser: {{ .Values.controller.image.runAsUser }}
runAsGroup: {{ .Values.controller.image.runAsGroup }}
allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }}
{{- if .Values.controller.image.seccompProfile }}
seccompProfile: {{ toYaml .Values.controller.image.seccompProfile | nindent 2 }}
@ -168,17 +167,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.admissionWebhooks.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the admission webhook patch job service account to use
*/}}
{{- define "ingress-nginx.admissionWebhooks.patch.serviceAccountName" -}}
{{- if .Values.controller.admissionWebhooks.patch.serviceAccount.create -}}
{{ default (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified admission webhook secret creation job name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@ -223,7 +211,6 @@ Default backend container security context.
{{- else -}}
runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
runAsGroup: {{ .Values.defaultBackend.image.runAsGroup }}
allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
{{- if .Values.defaultBackend.image.seccompProfile }}
seccompProfile: {{ toYaml .Values.defaultBackend.image.seccompProfile | nindent 2 }}
@ -235,6 +222,17 @@ readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem }
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiGroup for PodSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiGroup" -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy" -}}
{{- else -}}
{{- print "extensions" -}}
{{- end -}}
{{- end -}}
{{/*
Extra modules.
*/}}

View file

@ -1,7 +1,7 @@
{{- define "ingress-nginx.params" -}}
- /nginx-ingress-controller
{{- if not .Values.controller.enableAnnotationValidations }}
- --enable-annotation-validation=false
{{- if .Values.controller.enableAnnotationValidations }}
- --enable-annotation-validation=true
{{- end }}
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }}
@ -54,18 +54,12 @@
{{- if .Values.controller.watchIngressWithoutClass }}
- --watch-ingress-without-class=true
{{- end }}
{{- if .Values.controller.metrics.enabled }}
{{- if not .Values.controller.metrics.enabled }}
- --enable-metrics={{ .Values.controller.metrics.enabled }}
{{- end }}
{{- if .Values.controller.enableTopologyAwareRouting }}
- --enable-topology-aware-routing=true
{{- end }}
{{- if .Values.controller.disableLeaderElection }}
- --disable-leader-election=true
{{- end }}
{{- if .Values.controller.electionTTL }}
- --election-ttl={{ .Values.controller.electionTTL }}
{{- end }}
{{- range $key, $value := .Values.controller.extraArgs }}
{{- /* Accept keys without values or with false as value */}}
{{- if eq ($value | quote | len) 2 }}

View file

@ -1,4 +1,4 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -20,4 +20,14 @@ rules:
verbs:
- get
- update
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies']
verbs: ['use']
{{- with .Values.controller.admissionWebhooks.existingPsp }}
resourceNames: [{{ . }}]
{{- else }}
resourceNames: [{{ include "ingress-nginx.admissionWebhooks.fullname" . }}]
{{- end }}
{{- end }}
{{- end }}

View file

@ -1,4 +1,4 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@ -18,6 +18,6 @@ roleRef:
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }}

View file

@ -42,7 +42,7 @@ spec:
{{- end }}
containers:
- name: create
{{- with (merge .Values.controller.admissionWebhooks.patch.image .Values.global.image) }}
{{- with .Values.controller.admissionWebhooks.patch.image }}
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
{{- end }}
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
@ -66,8 +66,7 @@ spec:
resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }}
{{- end }}
restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }}

View file

@ -42,7 +42,7 @@ spec:
{{- end }}
containers:
- name: patch
{{- with (merge .Values.controller.admissionWebhooks.patch.image .Values.global.image) }}
{{- with .Values.controller.admissionWebhooks.patch.image }}
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
{{- end }}
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
@ -68,8 +68,7 @@ spec:
resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }}
{{- end }}
restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }}

View file

@ -0,0 +1,52 @@
{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
{{- if and .Values.podSecurityPolicy.enabled .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
{{- with .Values.controller.admissionWebhooks.patch.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
privileged: false
hostPID: false
hostIPC: false
hostNetwork: false
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
fsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: true
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
supplementalGroups:
rule: MustRunAs
ranges:
- min: 1
max: 65535
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
seLinux:
rule: RunAsAny
{{- end }}
{{- end }}

View file

@ -1,4 +1,4 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

View file

@ -1,4 +1,4 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
@ -19,6 +19,6 @@ roleRef:
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }}

View file

@ -1,8 +1,8 @@
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.serviceAccount.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
@ -13,5 +13,4 @@ metadata:
{{- with .Values.controller.admissionWebhooks.patch.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
{{- end }}

View file

@ -13,9 +13,7 @@ metadata:
name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
data:
{{- if .Values.controller.allowSnippetAnnotations }}
allow-snippet-annotations: "true"
{{- end }}
allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}"
{{- if .Values.controller.addHeaders }}
add-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
{{- end }}
@ -26,5 +24,5 @@ data:
ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }}
{{- end }}
{{- range $key, $value := .Values.controller.config }}
{{- $key | nindent 2 }}: {{ tpl (toString $value) $ | quote }}
{{- $key | nindent 2 }}: {{ $value | quote }}
{{- end }}

View file

@ -75,7 +75,7 @@ spec:
{{- end }}
containers:
- name: {{ .Values.controller.containerName }}
{{- with (merge .Values.controller.image .Values.global.image) }}
{{- with .Values.controller.image }}
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
@ -144,9 +144,9 @@ spec:
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
volumeMounts:
{{- if .Values.controller.extraModules }}
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
- name: modules
{{- if .Values.controller.image.chroot }}
mountPath: /chroot/modules_mount
@ -174,7 +174,7 @@ spec:
{{- if .Values.controller.extraContainers }}
{{- toYaml .Values.controller.extraContainers | nindent 8 }}
{{- end }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
initContainers:
{{- if .Values.controller.extraInitContainers }}
{{- toYaml .Values.controller.extraInitContainers | nindent 8 }}
@ -182,7 +182,13 @@ spec:
{{- if .Values.controller.extraModules }}
{{- range .Values.controller.extraModules }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" (merge .image $.Values.global.image) "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.opentelemetry.enabled }}
{{- with .Values.controller.opentelemetry }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
@ -196,17 +202,16 @@ spec:
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity: {{ tpl (toYaml .Values.controller.affinity) $ | nindent 8 }}
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
{{- end }}
{{- if .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
volumes:
{{- if .Values.controller.extraModules }}
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
- name: modules
emptyDir: {}
{{- end }}

View file

@ -22,9 +22,6 @@ spec:
replicas: {{ .Values.controller.replicaCount }}
{{- end }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- if .Values.controller.progressDeadlineSeconds }}
progressDeadlineSeconds: {{ .Values.controller.progressDeadlineSeconds }}
{{- end }}
{{- if .Values.controller.updateStrategy }}
strategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
{{- end }}
@ -81,7 +78,7 @@ spec:
{{- end }}
containers:
- name: {{ .Values.controller.containerName }}
{{- with (merge .Values.controller.image .Values.global.image) }}
{{- with .Values.controller.image }}
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
@ -150,9 +147,9 @@ spec:
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
volumeMounts:
{{- if .Values.controller.extraModules }}
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
- name: modules
{{- if .Values.controller.image.chroot }}
mountPath: /chroot/modules_mount
@ -180,7 +177,7 @@ spec:
{{- if .Values.controller.extraContainers }}
{{- toYaml .Values.controller.extraContainers | nindent 8 }}
{{- end }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
initContainers:
{{- if .Values.controller.extraInitContainers }}
{{- toYaml .Values.controller.extraInitContainers | nindent 8 }}
@ -188,7 +185,13 @@ spec:
{{- if .Values.controller.extraModules }}
{{- range .Values.controller.extraModules }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" (merge .image $.Values.global.image) "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.opentelemetry.enabled }}
{{- with .Values.controller.opentelemetry }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
@ -202,17 +205,16 @@ spec:
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity: {{ tpl (toYaml .Values.controller.affinity) $ | nindent 8 }}
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
{{- end }}
{{- if .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
volumes:
{{- if .Values.controller.extraModules }}
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
- name: modules
emptyDir: {}
{{- end }}

View file

@ -1,23 +0,0 @@
{{- if .Values.controller.ingressClassResource.enabled -}}
{{- range .Values.controller.ingressClassResource.aliases }}
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
{{- include "ingress-nginx.labels" $ | nindent 4 }}
app.kubernetes.io/component: controller
{{- with $.Values.controller.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ . }}
{{- if $.Values.controller.ingressClassResource.annotations }}
annotations: {{ toYaml $.Values.controller.ingressClassResource.annotations | nindent 4 }}
{{- end }}
spec:
controller: {{ $.Values.controller.ingressClassResource.controllerValue }}
{{- with $.Values.controller.ingressClassResource.parameters }}
parameters: {{ toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

View file

@ -9,14 +9,9 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ .Values.controller.ingressClassResource.name }}
{{- if or .Values.controller.ingressClassResource.default .Values.controller.ingressClassResource.annotations }}
{{- if .Values.controller.ingressClassResource.default }}
annotations:
{{- if .Values.controller.ingressClassResource.default }}
ingressclass.kubernetes.io/is-default-class: "true"
{{- end }}
{{- if .Values.controller.ingressClassResource.annotations }}
{{- toYaml .Values.controller.ingressClassResource.annotations | nindent 4 }}
{{- end }}
{{- end }}
spec:
controller: {{ .Values.controller.ingressClassResource.controllerValue }}

View file

@ -32,8 +32,5 @@ spec:
{{- else if .Values.controller.maxUnavailable }}
maxUnavailable: {{ .Values.controller.maxUnavailable }}
{{- end }}
{{- if .Values.controller.unhealthyPodEvictionPolicy }}
unhealthyPodEvictionPolicy: {{ .Values.controller.unhealthyPodEvictionPolicy }}
{{- end }}
{{- end }}
{{- end }}

View file

@ -14,9 +14,6 @@ metadata:
{{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
{{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.prometheusRule.annotations }}
annotations: {{ toYaml .Values.controller.metrics.prometheusRule.annotations | nindent 4 }}
{{- end }}
spec:
{{- if .Values.controller.metrics.prometheusRule.rules }}
groups:

View file

@ -0,0 +1,100 @@
{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "ingress-nginx.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- with .Values.controller.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
privileged: false
hostPID: false
hostIPC: false
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }}
hostPorts:
{{- if .Values.controller.hostNetwork }}
{{- range $key, $value := .Values.controller.containerPort }}
# controller.containerPort.{{ $key }}
- min: {{ $value }}
max: {{ $value }}
{{- end }}
{{- else if .Values.controller.hostPort.enabled }}
{{- range $key, $value := .Values.controller.hostPort.ports }}
# controller.hostPort.ports.{{ $key }}
- min: {{ $value }}
max: {{ $value }}
{{- end }}
{{- end }}
{{- if .Values.controller.metrics.enabled }}
# controller.metrics.port
- min: {{ .Values.controller.metrics.port }}
max: {{ .Values.controller.metrics.port }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.enabled }}
# controller.admissionWebhooks.port
- min: {{ .Values.controller.admissionWebhooks.port }}
max: {{ .Values.controller.admissionWebhooks.port }}
{{- end }}
{{- range $key, $value := .Values.tcp }}
# tcp.{{ $key }}
- min: {{ $key }}
max: {{ $key }}
{{- end }}
{{- range $key, $value := .Values.udp }}
# udp.{{ $key }}
- min: {{ $key }}
max: {{ $key }}
{{- end }}
{{- end }}
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
fsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
supplementalGroups:
rule: MustRunAs
ranges:
- min: 1
max: 65535
allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }}
requiredDropCapabilities:
- ALL
allowedCapabilities:
- NET_BIND_SERVICE
{{- if .Values.controller.image.chroot }}
{{- if .Values.controller.image.seccompProfile }}
- SYS_ADMIN
{{- end }}
- SYS_CHROOT
{{- end }}
seLinux:
rule: RunAsAny
{{- if .Values.controller.sysctls }}
allowedUnsafeSysctls:
{{- range $sysctl, $value := .Values.controller.sysctls }}
- {{ $sysctl }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View file

@ -91,4 +91,14 @@ rules:
- list
- watch
- get
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies']
verbs: ['use']
{{- with .Values.controller.existingPsp }}
resourceNames: [{{ . }}]
{{- else }}
resourceNames: [{{ include "ingress-nginx.fullname" . }}]
{{- end }}
{{- end }}
{{- end }}

View file

@ -12,9 +12,6 @@ metadata:
{{- if .Values.controller.service.labels }}
{{- toYaml .Values.controller.service.labels | nindent 4 }}
{{- end }}
{{- if .Values.controller.service.internal.labels }}
{{- toYaml .Values.controller.service.internal.labels | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}-internal
namespace: {{ include "ingress-nginx.namespace" . }}
spec:
@ -22,9 +19,6 @@ spec:
{{- if .Values.controller.service.internal.clusterIP }}
clusterIP: {{ .Values.controller.service.internal.clusterIP }}
{{- end }}
{{- if .Values.controller.service.internal.clusterIPs }}
clusterIPs: {{ toYaml .Values.controller.service.internal.clusterIPs | nindent 4 }}
{{- end }}
{{- if .Values.controller.service.internal.externalIPs }}
externalIPs: {{ toYaml .Values.controller.service.internal.externalIPs | nindent 4 }}
{{- end }}
@ -49,11 +43,6 @@ spec:
{{- if .Values.controller.service.internal.healthCheckNodePort }}
healthCheckNodePort: {{ .Values.controller.service.internal.healthCheckNodePort }}
{{- end }}
{{- if semverCompare ">=1.31.0-0" .Capabilities.KubeVersion.Version -}}
{{- if .Values.controller.service.internal.trafficDistribution }}
trafficDistribution: {{ .Values.controller.service.internal.trafficDistribution }}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}}
{{- if .Values.controller.service.internal.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.controller.service.internal.ipFamilyPolicy }}

View file

@ -1,4 +1,4 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.service.enabled -}}
{{- if .Values.controller.metrics.enabled -}}
apiVersion: v1
kind: Service
metadata:

View file

@ -12,9 +12,6 @@ metadata:
{{- if .Values.controller.service.labels }}
{{- toYaml .Values.controller.service.labels | nindent 4 }}
{{- end }}
{{- if .Values.controller.service.external.labels }}
{{- toYaml .Values.controller.service.external.labels | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.controller.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
spec:
@ -22,9 +19,6 @@ spec:
{{- if .Values.controller.service.clusterIP }}
clusterIP: {{ .Values.controller.service.clusterIP }}
{{- end }}
{{- if .Values.controller.service.clusterIPs }}
clusterIPs: {{ toYaml .Values.controller.service.clusterIPs | nindent 4 }}
{{- end }}
{{- if .Values.controller.service.externalIPs }}
externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }}
{{- end }}
@ -49,11 +43,6 @@ spec:
{{- if .Values.controller.service.healthCheckNodePort }}
healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
{{- end }}
{{- if semverCompare ">=1.31.0-0" .Capabilities.KubeVersion.Version -}}
{{- if .Values.controller.service.trafficDistribution }}
trafficDistribution: {{ .Values.controller.service.trafficDistribution }}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}}
{{- if .Values.controller.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }}

View file

@ -3,63 +3,51 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "ingress-nginx.controller.fullname" . }}
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
{{- else }}
{{- else }}
namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }}
{{- end }}
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.annotations }}
annotations: {{ toYaml .Values.controller.metrics.serviceMonitor.annotations | nindent 4 }}
{{- end }}
spec:
{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
endpoints:
- port: {{ .Values.controller.metrics.portName }}
interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
{{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
honorLabels: true
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.relabelings }}
relabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }}
{{- else }}
{{- else }}
namespaceSelector:
matchNames:
- {{ include "ingress-nginx.namespace" . }}
- {{ include "ingress-nginx.namespace" . }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
targetLabels:
{{- range .Values.controller.metrics.serviceMonitor.targetLabels }}
- {{ . }}
{{- end }}
{{- end }}
selector:
matchLabels:
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: controller
endpoints:
- port: {{ .Values.controller.metrics.portName }}
interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
{{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
honorLabels: true
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.relabelings }}
relabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
targetLabels: {{ toYaml .Values.controller.metrics.serviceMonitor.targetLabels | nindent 2 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.labelLimit }}
labelLimit: {{ .Values.controller.metrics.serviceMonitor.labelLimit }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.labelNameLengthLimit }}
labelNameLengthLimit: {{ .Values.controller.metrics.serviceMonitor.labelNameLengthLimit }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.labelValueLengthLimit }}
labelValueLengthLimit: {{ .Values.controller.metrics.serviceMonitor.labelValueLengthLimit }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.sampleLimit }}
sampleLimit: {{ .Values.controller.metrics.serviceMonitor.sampleLimit }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.targetLimit }}
targetLimit: {{ .Values.controller.metrics.serviceMonitor.targetLimit }}
{{- end }}
{{- end }}

View file

@ -50,7 +50,7 @@ spec:
{{- end }}
containers:
- name: {{ template "ingress-nginx.name" . }}-default-backend
{{- with (merge .Values.defaultBackend.image .Values.global.image) }}
{{- with .Values.defaultBackend.image }}
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
{{- end }}
imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
@ -103,15 +103,11 @@ spec:
nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "ingress-nginx.defaultBackend.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
{{- if .Values.defaultBackend.tolerations }}
tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.defaultBackend.affinity }}
affinity: {{ tpl (toYaml .Values.defaultBackend.affinity) $ | nindent 8 }}
{{- end }}
{{- if .Values.defaultBackend.topologySpreadConstraints }}
topologySpreadConstraints: {{ tpl (toYaml .Values.defaultBackend.topologySpreadConstraints) $ | nindent 8 }}
affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: 60
{{- if .Values.defaultBackend.extraVolumes }}

View file

@ -20,13 +20,6 @@ spec:
matchLabels:
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: default-backend
{{- if and .Values.defaultBackend.minAvailable (not (hasKey .Values.defaultBackend "maxUnavailable")) }}
minAvailable: {{ .Values.defaultBackend.minAvailable }}
{{- else if .Values.defaultBackend.maxUnavailable }}
maxUnavailable: {{ .Values.defaultBackend.maxUnavailable }}
{{- end }}
{{- if .Values.defaultBackend.unhealthyPodEvictionPolicy }}
unhealthyPodEvictionPolicy: {{ .Values.defaultBackend.unhealthyPodEvictionPolicy }}
{{- end }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,50 @@
{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "ingress-nginx.fullname" . }}-backend
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
{{- with .Values.defaultBackend.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
privileged: false
hostPID: false
hostIPC: false
hostNetwork: false
volumes:
- configMap
- downwardAPI
- emptyDir
- secret
- projected
fsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: true
runAsUser:
rule: MustRunAsNonRoot
runAsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
supplementalGroups:
rule: MustRunAs
ranges:
- min: 1
max: 65535
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
seLinux:
rule: RunAsAny
{{- end }}
{{- end }}

View file

@ -0,0 +1,22 @@
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
{{- with .Values.defaultBackend.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.fullname" . }}-backend
namespace: {{ include "ingress-nginx.namespace" . }}
rules:
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
resources: ['podsecuritypolicies']
verbs: ['use']
{{- with .Values.defaultBackend.existingPsp }}
resourceNames: [{{ . }}]
{{- else }}
resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
{{- end }}
{{- end }}

View file

@ -0,0 +1,21 @@
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "ingress-nginx.labels" . | nindent 4 }}
app.kubernetes.io/component: default-backend
{{- with .Values.defaultBackend.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.fullname" . }}-backend
namespace: {{ include "ingress-nginx.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ingress-nginx.fullname" . }}-backend
subjects:
- kind: ServiceAccount
name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
{{- end }}

View file

@ -18,9 +18,6 @@ spec:
{{- if .Values.defaultBackend.service.clusterIP }}
clusterIP: {{ .Values.defaultBackend.service.clusterIP }}
{{- end }}
{{- if .Values.defaultBackend.service.clusterIPs }}
clusterIPs: {{ toYaml .Values.defaultBackend.service.clusterIPs | nindent 4 }}
{{- end }}
{{- if .Values.defaultBackend.service.externalIPs }}
externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }}
{{- end }}

View file

@ -1,11 +0,0 @@
suite: Admission Webhooks > Patch Job > ClusterRole
templates:
- admission-webhooks/job-patch/clusterrole.yaml
tests:
- it: should not create a ClusterRole if `controller.admissionWebhooks.patch.rbac.create` is false
set:
controller.admissionWebhooks.patch.rbac.create: false
asserts:
- hasDocuments:
count: 0

View file

@ -1,11 +0,0 @@
suite: Admission Webhooks > Patch Job > ClusterRoleBinding
templates:
- admission-webhooks/job-patch/clusterrolebinding.yaml
tests:
- it: should not create a ClusterRoleBinding if `controller.admissionWebhooks.patch.rbac.create` is false
set:
controller.admissionWebhooks.patch.rbac.create: false
asserts:
- hasDocuments:
count: 0

View file

@ -1,12 +0,0 @@
suite: Admission Webhooks > Patch Job > Create Secret Job
templates:
- admission-webhooks/job-patch/job-createSecret.yaml
tests:
- it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
set:
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false

View file

@ -1,12 +0,0 @@
suite: Admission Webhooks > Patch Job > Patch Webhook Job
templates:
- admission-webhooks/job-patch/job-patchWebhook.yaml
tests:
- it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
set:
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false

View file

@ -1,11 +0,0 @@
suite: Admission Webhooks > Patch Job > Role
templates:
- admission-webhooks/job-patch/role.yaml
tests:
- it: should not create a Role if `controller.admissionWebhooks.patch.rbac.create` is false
set:
controller.admissionWebhooks.patch.rbac.create: false
asserts:
- hasDocuments:
count: 0

View file

@ -1,11 +0,0 @@
suite: Admission Webhooks > Patch Job > RoleBinding
templates:
- admission-webhooks/job-patch/rolebinding.yaml
tests:
- it: should not create a RoleBinding if `controller.admissionWebhooks.patch.rbac.create` is false
set:
controller.admissionWebhooks.patch.rbac.create: false
asserts:
- hasDocuments:
count: 0

View file

@ -1,47 +0,0 @@
suite: Admission Webhooks > Patch Job > ServiceAccount
templates:
- admission-webhooks/job-patch/serviceaccount.yaml
tests:
- it: should not create a ServiceAccount if `controller.admissionWebhooks.patch.serviceAccount.create` is false
set:
controller.admissionWebhooks.patch.serviceAccount.create: false
asserts:
- hasDocuments:
count: 0
- it: should create a ServiceAccount if `controller.admissionWebhooks.patch.serviceAccount.create` is true
set:
controller.admissionWebhooks.patch.serviceAccount.create: true
asserts:
- hasDocuments:
count: 1
- isKind:
of: ServiceAccount
- equal:
path: metadata.name
value: RELEASE-NAME-ingress-nginx-admission
- it: should create a ServiceAccount with specified name if `controller.admissionWebhooks.patch.serviceAccount.name` is set
set:
controller.admissionWebhooks.patch.serviceAccount.name: ingress-nginx-admission-test-sa
asserts:
- hasDocuments:
count: 1
- isKind:
of: ServiceAccount
- equal:
path: metadata.name
value: ingress-nginx-admission-test-sa
- it: should create a ServiceAccount with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
set:
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
asserts:
- hasDocuments:
count: 1
- isKind:
of: ServiceAccount
- equal:
path: automountServiceAccountToken
value: false

View file

@ -20,7 +20,7 @@ tests:
of: ValidatingWebhookConfiguration
- equal:
path: metadata.name
value: RELEASE-NAME-ingress-nginx-admission
value: RELEASE-NAME-admission
- it: should create a ValidatingWebhookConfiguration with a custom port if `controller.admissionWebhooks.service.servicePort` is set
set:

View file

@ -12,20 +12,3 @@ tests:
- equal:
path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller
- it: should create a ConfigMap with templated values if `controller.config` contains templates
set:
controller.config:
template: "test.{{ .Release.Namespace }}.svc.kubernetes.local"
integer: 12345
boolean: true
asserts:
- equal:
path: data.template
value: test.NAMESPACE.svc.kubernetes.local
- equal:
path: data.integer
value: "12345"
- equal:
path: data.boolean
value: "true"

View file

@ -15,23 +15,23 @@ tests:
path: metadata.name
value: RELEASE-NAME-ingress-nginx-controller
- it: should create a DaemonSet with argument `--enable-metrics=true` if `controller.metrics.enabled` is true
set:
controller.kind: DaemonSet
controller.metrics.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=true
- it: should create a DaemonSet without argument `--enable-metrics=true` if `controller.metrics.enabled` is false
- it: should create a DaemonSet with argument `--enable-metrics=false` if `controller.metrics.enabled` is false
set:
controller.kind: DaemonSet
controller.metrics.enabled: false
asserts:
- contains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=false
- it: should create a DaemonSet without argument `--enable-metrics=false` if `controller.metrics.enabled` is true
set:
controller.kind: DaemonSet
controller.metrics.enabled: true
asserts:
- notContains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=true
content: --enable-metrics=false
- it: should create a DaemonSet with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
set:
@ -96,69 +96,6 @@ tests:
maxSkew: 1
whenUnsatisfiable: ScheduleAnyway
- it: should create a DaemonSet with affinity if `controller.affinity` is set
set:
controller.kind: DaemonSet
controller.affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- '{{ include "ingress-nginx.name" . }}'
- key: app.kubernetes.io/instance
operator: In
values:
- '{{ .Release.Name }}'
- key: app.kubernetes.io/component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
asserts:
- equal:
path: spec.template.spec.affinity
value:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- ingress-nginx
- key: app.kubernetes.io/instance
operator: In
values:
- RELEASE-NAME
- key: app.kubernetes.io/component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
- it: should create a DaemonSet with `runAsGroup` if `controller.image.runAsGroup` is set
set:
controller.kind: DaemonSet
controller.image.runAsGroup: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.runAsGroup
value: 1000
- it: should create a DaemonSet with a custom registry if `global.image.registry` is set
set:
global.image.registry: custom.registry.io
controller.kind: DaemonSet
controller.image.tag: v1.0.0-dev
controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
- it: should create a DaemonSet with a custom registry if `controller.image.registry` is set
set:
controller.kind: DaemonSet
@ -190,12 +127,3 @@ tests:
- equal:
path: spec.template.spec.containers[0].image
value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
- it: should create a DaemonSet with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false
set:
controller.kind: DaemonSet
serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false

View file

@ -43,21 +43,21 @@ tests:
- exists:
path: spec.replicas
- it: should create a Deployment with argument `--enable-metrics=true` if `controller.metrics.enabled` is true
set:
controller.metrics.enabled: true
asserts:
- contains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=true
- it: should create a Deployment without argument `--enable-metrics=true` if `controller.metrics.enabled` is false
- it: should create a Deployment with argument `--enable-metrics=false` if `controller.metrics.enabled` is false
set:
controller.metrics.enabled: false
asserts:
- contains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=false
- it: should create a Deployment without argument `--enable-metrics=false` if `controller.metrics.enabled` is true
set:
controller.metrics.enabled: true
asserts:
- notContains:
path: spec.template.spec.containers[0].args
content: --enable-metrics=true
content: --enable-metrics=false
- it: should create a Deployment with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
set:
@ -119,66 +119,6 @@ tests:
maxSkew: 1
whenUnsatisfiable: ScheduleAnyway
- it: should create a Deployment with affinity if `controller.affinity` is set
set:
controller.affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- '{{ include "ingress-nginx.name" . }}'
- key: app.kubernetes.io/instance
operator: In
values:
- '{{ .Release.Name }}'
- key: app.kubernetes.io/component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
asserts:
- equal:
path: spec.template.spec.affinity
value:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- ingress-nginx
- key: app.kubernetes.io/instance
operator: In
values:
- RELEASE-NAME
- key: app.kubernetes.io/component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
- it: should create a Deployment with `runAsGroup` if `controller.image.runAsGroup` is set
set:
controller.image.runAsGroup: 1000
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.runAsGroup
value: 1000
- it: should create a Deployment with a custom registry if `global.image.registry` is set
set:
global.image.registry: custom.registry.io
controller.image.tag: v1.0.0-dev
controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
- it: should create a Deployment with a custom registry if `controller.image.registry` is set
set:
controller.image.registry: custom.registry.io
@ -207,19 +147,3 @@ tests:
- equal:
path: spec.template.spec.containers[0].image
value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
- it: should create a Deployment with `progressDeadlineSeconds` if `controller.progressDeadlineSeconds` is set
set:
controller.progressDeadlineSeconds: 111
asserts:
- equal:
path: spec.progressDeadlineSeconds
value: 111
- it: should create a Deployment with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false
set:
serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false

View file

@ -1,110 +0,0 @@
suite: Controller > IngressClass > Aliases
templates:
- controller-ingressclass-aliases.yaml
tests:
- it: should not create IngressClass aliases
asserts:
- hasDocuments:
count: 0
- it: should create an IngressClass alias with name "nginx-alias" if `controller.ingressClassResource.aliases` is set
set:
controller.ingressClassResource.aliases:
- nginx-alias
asserts:
- hasDocuments:
count: 1
- isKind:
of: IngressClass
- equal:
path: metadata.name
value: nginx-alias
- it: should create an IngressClass alias without annotation `ingressclass.kubernetes.io/is-default-class` if `controller.ingressClassResource.default` is true
set:
controller.ingressClassResource.aliases:
- nginx-alias
controller.ingressClassResource.default: true
asserts:
- hasDocuments:
count: 1
- isKind:
of: IngressClass
- equal:
path: metadata.name
value: nginx-alias
- notExists:
path: metadata.annotations["ingressclass.kubernetes.io/is-default-class"]
- it: should create an IngressClass alias with annotations if `controller.ingressClassResource.annotations` is set
set:
controller.ingressClassResource.aliases:
- nginx-alias
controller.ingressClassResource.annotations:
my-fancy-annotation: has-a-value
asserts:
- hasDocuments:
count: 1
- isKind:
of: IngressClass
- equal:
path: metadata.name
value: nginx-alias
- equal:
path: metadata.annotations.my-fancy-annotation
value: has-a-value
- it: should create an IngressClass alias with controller "k8s.io/ingress-nginx-internal" if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
set:
controller.ingressClassResource.aliases:
- nginx-alias
controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
asserts:
- hasDocuments:
count: 1
- isKind:
of: IngressClass
- equal:
path: metadata.name
value: nginx-alias
- equal:
path: spec.controller
value: k8s.io/ingress-nginx-internal
- it: should create an IngressClass alias with parameters if `controller.ingressClassResource.parameters` is set
set:
controller.ingressClassResource.aliases:
- nginx-alias
controller.ingressClassResource.parameters:
apiGroup: k8s.example.com
kind: IngressParameters
name: external-lb
asserts:
- hasDocuments:
count: 1
- isKind:
of: IngressClass
- equal:
path: metadata.name
value: nginx-alias
- equal:
path: spec.parameters
value:
apiGroup: k8s.example.com
kind: IngressParameters
name: external-lb
- it: should create two IngressClass aliases if `controller.ingressClassResource.aliases` has two elements
set:
controller.ingressClassResource.aliases:
- nginx-alias-1
- nginx-alias-2
asserts:
- hasDocuments:
count: 2
- isKind:
of: IngressClass
- matchRegex:
path: metadata.name
pattern: nginx-alias-(1|2)

Some files were not shown because too many files have changed in this diff Show more