Compare commits
275 commits
main
...
helm-chart
Author | SHA1 | Date | |
---|---|---|---|
![]() |
da462b23b9 | ||
![]() |
a88d080c45 | ||
![]() |
8e8cebfe70 | ||
![]() |
bb31f9be1f | ||
![]() |
b51477b853 | ||
![]() |
c0d9c46ff3 | ||
![]() |
6c2fb5e107 | ||
![]() |
520d47f5e8 | ||
![]() |
45f8b682bb | ||
![]() |
d2b0254902 | ||
![]() |
1983e0ef38 | ||
![]() |
c09dd15259 | ||
![]() |
a95d09751d | ||
![]() |
44cdacd24a | ||
![]() |
4090075a18 | ||
![]() |
cb9445a3f1 | ||
![]() |
553c4961ea | ||
![]() |
70918bf836 | ||
![]() |
324419cdfe | ||
![]() |
c996fa04e3 | ||
![]() |
9a88ccdc49 | ||
![]() |
ecd9bf80ea | ||
![]() |
c26db188ee | ||
![]() |
27f93dec50 | ||
![]() |
fe6e276ba1 | ||
![]() |
7c58cc9696 | ||
![]() |
ed2c28ae54 | ||
![]() |
e6e7790dde | ||
![]() |
97e185578c | ||
![]() |
12c88851eb | ||
![]() |
022e43c4e5 | ||
![]() |
bb594ab3f4 | ||
![]() |
c954339710 | ||
![]() |
d68a1abaca | ||
![]() |
8a893c58a3 | ||
![]() |
dbfe7c4738 | ||
![]() |
ca0b309379 | ||
![]() |
e191dd729c | ||
![]() |
befe02e97c | ||
![]() |
b3fb2a6239 | ||
![]() |
ff9275bc15 | ||
![]() |
cb182e8595 | ||
![]() |
f88f90757f | ||
![]() |
d3bc077c7b | ||
![]() |
2b0fc22348 | ||
![]() |
73a091a2f0 | ||
![]() |
dc7f2a0fe7 | ||
![]() |
1614970907 | ||
![]() |
905f8edb0d | ||
![]() |
660df32cfd | ||
![]() |
951248422e | ||
![]() |
d06029e3c5 | ||
![]() |
47b86617c1 | ||
![]() |
37d25c7040 | ||
![]() |
a6c74dd2cd | ||
![]() |
20440ac3d5 | ||
![]() |
cdc3abe6bc | ||
![]() |
b8ef31499e | ||
![]() |
3020ea8004 | ||
![]() |
b5981b94c9 | ||
![]() |
ff5c2be7ab | ||
![]() |
883cc88da6 | ||
![]() |
fc00ca8cfa | ||
![]() |
8543b71943 | ||
![]() |
7b1c88dc84 | ||
![]() |
5dca112a79 | ||
![]() |
886ba107dd | ||
![]() |
a480113f18 | ||
![]() |
fb81aff398 | ||
![]() |
f6e211acde | ||
![]() |
5f265d0b6e | ||
![]() |
aaea916903 | ||
![]() |
9e9134612a | ||
![]() |
59705e1788 | ||
![]() |
0486f013fe | ||
![]() |
f08a1c4fda | ||
![]() |
71ecd17faa | ||
![]() |
648cbcca7c | ||
![]() |
5862677a1b | ||
![]() |
eff40aca50 | ||
![]() |
591021acd5 | ||
![]() |
255ee7bacc | ||
![]() |
a76ecf8111 | ||
![]() |
dc2df247f2 | ||
![]() |
a354195cce | ||
![]() |
1b3ea586ab | ||
![]() |
0d5f75b2cf | ||
![]() |
819eee899d | ||
![]() |
164163ec7f | ||
![]() |
b77e9ed3e8 | ||
![]() |
a01effb8e5 | ||
![]() |
cdd03fe5b1 | ||
![]() |
f76e9be8d6 | ||
![]() |
ce3704217c | ||
![]() |
fd170c23b5 | ||
![]() |
d600fb4978 | ||
![]() |
b881aaf138 | ||
![]() |
50108c72ba | ||
![]() |
06653e0fbc | ||
![]() |
266731de45 | ||
![]() |
9803c78395 | ||
![]() |
9b962ecec7 | ||
![]() |
a0ca791929 | ||
![]() |
2d6c3302fa | ||
![]() |
050091395e | ||
![]() |
48e407fc6d | ||
![]() |
2bce6a13db | ||
![]() |
d248928ad1 | ||
![]() |
9ed5485745 | ||
![]() |
2c32bd026f | ||
![]() |
6fb9570ac7 | ||
![]() |
d1adb0de3f | ||
![]() |
eed43af7e3 | ||
![]() |
6569d0f073 | ||
![]() |
a52c90027b | ||
![]() |
f03baa3c88 | ||
![]() |
f68f050d09 | ||
![]() |
ff64e1b306 | ||
![]() |
82e59ecc38 | ||
![]() |
b14d04725e | ||
![]() |
4aad186ba2 | ||
![]() |
52aceaa71b | ||
![]() |
bf259d3dba | ||
![]() |
b60945a4ab | ||
![]() |
3931896894 | ||
![]() |
514b10231f | ||
![]() |
720ace11ef | ||
![]() |
5350b31a43 | ||
![]() |
167963ad76 | ||
![]() |
59d229063a | ||
![]() |
18735f0896 | ||
![]() |
0300cb2214 | ||
![]() |
d10c13e8e9 | ||
![]() |
3be3826f06 | ||
![]() |
661f78f6c2 | ||
![]() |
fa6bae0df2 | ||
![]() |
9b0d42b684 | ||
![]() |
4a1e939f49 | ||
![]() |
7641fa9ce2 | ||
![]() |
ccc77e2c6d | ||
![]() |
437024a84c | ||
![]() |
fa662742ea | ||
![]() |
88ad22449d | ||
![]() |
41f7a75151 | ||
![]() |
a0a93532f1 | ||
![]() |
3742eaafbd | ||
![]() |
477940af10 | ||
![]() |
96610e143b | ||
![]() |
c53a951975 | ||
![]() |
742c620520 | ||
![]() |
5d3bcda0c2 | ||
![]() |
88494aa11d | ||
![]() |
22fe1d4217 | ||
![]() |
d540c2b042 | ||
![]() |
1aa7c0c33c | ||
![]() |
292a17201b | ||
![]() |
46c637ef26 | ||
![]() |
bdbbbf1673 | ||
![]() |
e5989790fa | ||
![]() |
f00aeea08e | ||
![]() |
8acccfa5df | ||
![]() |
efde9812a5 | ||
![]() |
c268ceeaed | ||
![]() |
1827dcd86a | ||
![]() |
75900979dd | ||
![]() |
df81496a80 | ||
![]() |
6f87f257e5 | ||
![]() |
c36c8dee26 | ||
![]() |
d6dad98091 | ||
![]() |
5c6af27dc9 | ||
![]() |
dd86317f9d | ||
![]() |
304a7b4c64 | ||
![]() |
ff4a9ff36c | ||
![]() |
a7b4a20a65 | ||
![]() |
7ed3aac270 | ||
![]() |
1651900d8a | ||
![]() |
ed22643d86 | ||
![]() |
8f3968b396 | ||
![]() |
4d3a363caf | ||
![]() |
9f4d0104dd | ||
![]() |
54e18fb2a1 | ||
![]() |
c1d699afa4 | ||
![]() |
826e32cf0c | ||
![]() |
9409bb15da | ||
![]() |
f2959041e3 | ||
![]() |
503843119c | ||
![]() |
0751a725fd | ||
![]() |
e2b3ac95a2 | ||
![]() |
b7f6f93334 | ||
![]() |
18cfd1daac | ||
![]() |
db3990d557 | ||
![]() |
047fa58e26 | ||
![]() |
7520982b4e | ||
![]() |
075ce7c13c | ||
![]() |
fa9ab5c27f | ||
![]() |
49d79b13f0 | ||
![]() |
ac94566196 | ||
![]() |
4bf5b5f156 | ||
![]() |
5d6a0707ba | ||
![]() |
1e2e5e182e | ||
![]() |
66d4815bdd | ||
![]() |
d643824e6d | ||
![]() |
f3139368c7 | ||
![]() |
d768e7da3c | ||
![]() |
6b06dae74e | ||
![]() |
01443c06cb | ||
![]() |
ae0715edfd | ||
![]() |
ad56693997 | ||
![]() |
5ed84026fb | ||
![]() |
427d275dce | ||
![]() |
86ad4bf511 | ||
![]() |
ce4f962a45 | ||
![]() |
0a7fe6d4ed | ||
![]() |
bcb5249ea7 | ||
![]() |
a4e5daebec | ||
![]() |
1a7f674422 | ||
![]() |
6fbd58353f | ||
![]() |
5ad073b96c | ||
![]() |
c5ffbd3cf5 | ||
![]() |
213b723d81 | ||
![]() |
755301d84c | ||
![]() |
2c48919a9c | ||
![]() |
f8f6c5dcf6 | ||
![]() |
f14c3f3ada | ||
![]() |
d00ff4e50e | ||
![]() |
4fb5aac1dd | ||
![]() |
6879b6644e | ||
![]() |
4b3116dc6a | ||
![]() |
a5fe09e80e | ||
![]() |
d44e727fb3 | ||
![]() |
7fc7410368 | ||
![]() |
93d228bdb9 | ||
![]() |
c855617a4f | ||
![]() |
e9b921a6c7 | ||
![]() |
1468f203a0 | ||
![]() |
941a00c0aa | ||
![]() |
84020427b1 | ||
![]() |
eab36bb868 | ||
![]() |
42284d1e73 | ||
![]() |
ba809fab7e | ||
![]() |
6a1e1fa2c5 | ||
![]() |
c99c94c8df | ||
![]() |
33504cf2e6 | ||
![]() |
436df3e4a2 | ||
![]() |
fa9e4fb423 | ||
![]() |
218fae6c2c | ||
![]() |
9835f4a5b1 | ||
![]() |
4ab8ee0512 | ||
![]() |
b44f3d248b | ||
![]() |
e380c5f321 | ||
![]() |
4c24deeefc | ||
![]() |
30b7d16af2 | ||
![]() |
ef2b2668de | ||
![]() |
5926ebe73d | ||
![]() |
97921626f9 | ||
![]() |
e09f96ef56 | ||
![]() |
506a02f750 | ||
![]() |
48069d3d12 | ||
![]() |
aa947f5bd4 | ||
![]() |
8cd7ff8754 | ||
![]() |
3230e4abbc | ||
![]() |
13f8b28251 | ||
![]() |
574ae2e3a6 | ||
![]() |
dbb267036f | ||
![]() |
4f530225e5 | ||
![]() |
c7d42b95d7 | ||
![]() |
02ca3e1b41 | ||
![]() |
9ef5800e42 | ||
![]() |
0f9df16424 | ||
![]() |
f118d67042 | ||
![]() |
7f8bebeb88 | ||
![]() |
2e08614265 | ||
![]() |
cbf6d2a7f1 | ||
![]() |
8d3d4a33bf | ||
![]() |
71f78d49f0 |
349 changed files with 5677 additions and 5966 deletions
2
.github/ISSUE_TEMPLATE/bug_report.md
vendored
2
.github/ISSUE_TEMPLATE/bug_report.md
vendored
|
@ -37,7 +37,7 @@ This questions are the first thing we need to know to understand the context.
|
|||
<!-- What do you think went wrong? -->
|
||||
|
||||
|
||||
**NGINX Ingress controller version** (exec into the pod and run `/nginx-ingress-controller --version`):
|
||||
**NGINX Ingress controller version** (exec into the pod and run nginx-ingress-controller --version.):
|
||||
<!--
|
||||
POD_NAMESPACE=ingress-nginx
|
||||
POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
|
||||
|
|
1
.github/ISSUE_TEMPLATE/cve_report.md
vendored
1
.github/ISSUE_TEMPLATE/cve_report.md
vendored
|
@ -5,6 +5,7 @@ title: ''
|
|||
labels: kind/bug
|
||||
assignees:
|
||||
- Gacko
|
||||
- rikatz
|
||||
- strongjz
|
||||
---
|
||||
|
||||
|
|
12
.github/workflows/chart.yaml
vendored
12
.github/workflows/chart.yaml
vendored
|
@ -23,7 +23,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
|
||||
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
|
||||
with:
|
||||
python-version: 3.x
|
||||
|
||||
|
@ -31,12 +31,12 @@ jobs:
|
|||
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
|
||||
|
||||
- name: Set up Helm Chart Testing
|
||||
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
|
||||
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
|
||||
|
||||
- name: Set up Artifact Hub
|
||||
run: |
|
||||
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.20.0/ah_1.20.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
|
||||
echo "9027626f19ff9f3ac668f222917130ac885e289e922e1428bfd2e7f066324e31 /tmp/ah.tar.gz" | shasum --check
|
||||
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
|
||||
echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check
|
||||
sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
|
||||
|
||||
- name: Set up Git
|
||||
|
@ -45,7 +45,7 @@ jobs:
|
|||
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
@ -55,7 +55,7 @@ jobs:
|
|||
ah lint --path charts/ingress-nginx
|
||||
|
||||
- name: Release chart
|
||||
uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
|
||||
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
|
||||
env:
|
||||
CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Version }}
|
||||
|
|
73
.github/workflows/ci.yaml
vendored
73
.github/workflows/ci.yaml
vendored
|
@ -47,7 +47,7 @@ jobs:
|
|||
steps:
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
|
||||
id: filter
|
||||
|
@ -71,22 +71,6 @@ jobs:
|
|||
- 'images/nginx/**'
|
||||
docs:
|
||||
- '**/*.md'
|
||||
lua:
|
||||
- '**/*.lua'
|
||||
|
||||
lua-lint:
|
||||
runs-on: ubuntu-latest
|
||||
needs: changes
|
||||
if: |
|
||||
(needs.changes.outputs.lua == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
|
||||
- name: Lint Lua
|
||||
uses: lunarmodules/luacheck@v1
|
||||
with:
|
||||
args: --codes --globals lua_ingress --globals configuration --globals balancer --globals monitor --globals certificate --globals tcp_udp_configuration --globals tcp_udp_balancer --no-max-comment-line-length -q rootfs/etc/nginx/lua/
|
||||
|
||||
test-go:
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -95,14 +79,14 @@ jobs:
|
|||
(needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: Get go version
|
||||
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
|
||||
|
||||
- name: Set up Go
|
||||
id: go
|
||||
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
||||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
||||
with:
|
||||
go-version: ${{ env.GOLANG_VERSION }}
|
||||
check-latest: true
|
||||
|
@ -119,12 +103,12 @@ jobs:
|
|||
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
- name: Get go version
|
||||
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
|
||||
- name: Set up Go
|
||||
id: go
|
||||
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
||||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
||||
with:
|
||||
go-version: ${{ env.GOLANG_VERSION }}
|
||||
check-latest: true
|
||||
|
@ -144,7 +128,7 @@ jobs:
|
|||
PLATFORMS: linux/amd64
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: Get go version
|
||||
id: golangversion
|
||||
|
@ -153,17 +137,17 @@ jobs:
|
|||
|
||||
- name: Set up Go
|
||||
id: go
|
||||
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
||||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
||||
with:
|
||||
go-version: ${{ steps.golangversion.outputs.version }}
|
||||
check-latest: true
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
|
||||
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
|
||||
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
|
||||
with:
|
||||
version: latest
|
||||
|
||||
|
@ -172,7 +156,7 @@ jobs:
|
|||
|
||||
- name: Prepare Host
|
||||
run: |
|
||||
curl -LO https://dl.k8s.io/release/v1.32.2/bin/linux/amd64/kubectl
|
||||
curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl
|
||||
chmod +x ./kubectl
|
||||
sudo mv ./kubectl /usr/local/bin/kubectl
|
||||
|
||||
|
@ -202,7 +186,7 @@ jobs:
|
|||
| gzip > docker.tar.gz
|
||||
|
||||
- name: cache
|
||||
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
||||
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
|
||||
with:
|
||||
name: docker.tar.gz
|
||||
path: docker.tar.gz
|
||||
|
@ -218,7 +202,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
|
||||
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
|
||||
with:
|
||||
python-version: 3.x
|
||||
|
||||
|
@ -226,12 +210,12 @@ jobs:
|
|||
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
|
||||
|
||||
- name: Set up Helm Chart Testing
|
||||
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
|
||||
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
|
||||
|
||||
- name: Set up Artifact Hub
|
||||
run: |
|
||||
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.20.0/ah_1.20.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
|
||||
echo "9027626f19ff9f3ac668f222917130ac885e289e922e1428bfd2e7f066324e31 /tmp/ah.tar.gz" | shasum --check
|
||||
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
|
||||
echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check
|
||||
sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
|
||||
|
||||
- name: Set up Helm Docs
|
||||
|
@ -241,7 +225,7 @@ jobs:
|
|||
run: helm plugin install https://github.com/helm-unittest/helm-unittest
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
@ -256,7 +240,7 @@ jobs:
|
|||
git diff --exit-code charts/ingress-nginx/README.md
|
||||
|
||||
- name: Run tests
|
||||
run: helm unittest charts/ingress-nginx --file "tests/**/*_test.yaml"
|
||||
run: helm unittest charts/ingress-nginx
|
||||
|
||||
chart-test:
|
||||
name: Chart / Test
|
||||
|
@ -270,11 +254,11 @@ jobs:
|
|||
|
||||
strategy:
|
||||
matrix:
|
||||
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
|
||||
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: Download cache
|
||||
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
||||
|
@ -301,11 +285,26 @@ jobs:
|
|||
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
|
||||
strategy:
|
||||
matrix:
|
||||
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
|
||||
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
|
||||
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
|
||||
with:
|
||||
k8s-version: ${{ matrix.k8s }}
|
||||
|
||||
kubernetes-validations:
|
||||
name: Kubernetes with Validations
|
||||
needs:
|
||||
- changes
|
||||
- build
|
||||
if: |
|
||||
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
|
||||
strategy:
|
||||
matrix:
|
||||
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
|
||||
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
|
||||
with:
|
||||
k8s-version: ${{ matrix.k8s }}
|
||||
variation: "VALIDATIONS"
|
||||
|
||||
kubernetes-chroot:
|
||||
name: Kubernetes chroot
|
||||
needs:
|
||||
|
@ -315,7 +314,7 @@ jobs:
|
|||
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
|
||||
strategy:
|
||||
matrix:
|
||||
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
|
||||
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
|
||||
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
|
||||
with:
|
||||
k8s-version: ${{ matrix.k8s }}
|
||||
|
|
4
.github/workflows/depreview.yaml
vendored
4
.github/workflows/depreview.yaml
vendored
|
@ -9,6 +9,6 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
|
||||
uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
|
||||
|
|
4
.github/workflows/docs.yaml
vendored
4
.github/workflows/docs.yaml
vendored
|
@ -23,7 +23,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
|
||||
id: filter
|
||||
|
@ -47,7 +47,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout master
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: Deploy
|
||||
uses: ./.github/actions/mkdocs
|
||||
|
|
9
.github/workflows/golangci-lint.yml
vendored
9
.github/workflows/golangci-lint.yml
vendored
|
@ -15,20 +15,19 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: Get go version
|
||||
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
|
||||
|
||||
- name: Set up Go
|
||||
id: go
|
||||
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
||||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
||||
with:
|
||||
go-version: ${{ env.GOLANG_VERSION }}
|
||||
check-latest: true
|
||||
|
||||
- name: golangci-lint
|
||||
uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0
|
||||
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
|
||||
with:
|
||||
version: v1.62
|
||||
only-new-issues: true
|
||||
version: v1.56
|
||||
|
|
34
.github/workflows/images.yaml
vendored
34
.github/workflows/images.yaml
vendored
|
@ -36,10 +36,11 @@ jobs:
|
|||
kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }}
|
||||
ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }}
|
||||
nginx: ${{ steps.filter.outputs.nginx }}
|
||||
opentelemetry: ${{ steps.filter.outputs.opentelemetry }}
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
|
||||
id: filter
|
||||
with:
|
||||
|
@ -63,6 +64,8 @@ jobs:
|
|||
- 'images/ext-auth-example-authsvc/**'
|
||||
nginx:
|
||||
- 'images/nginx/**'
|
||||
opentelemetry:
|
||||
- 'images/opentelemetry/**'
|
||||
|
||||
#### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here)
|
||||
cfssl:
|
||||
|
@ -135,17 +138,17 @@ jobs:
|
|||
(needs.changes.outputs.kube-webhook-certgen == 'true')
|
||||
strategy:
|
||||
matrix:
|
||||
k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0]
|
||||
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: Get go version
|
||||
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
|
||||
|
||||
- name: Set up Go
|
||||
id: go
|
||||
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
||||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
||||
with:
|
||||
go-version: ${{ env.GOLANG_VERSION }}
|
||||
check-latest: true
|
||||
|
@ -160,6 +163,23 @@ jobs:
|
|||
run: |
|
||||
cd images/ && make NAME=kube-webhook-certgen test test-e2e
|
||||
|
||||
opentelemetry:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
PLATFORMS: linux/amd64,linux/arm,linux/arm64
|
||||
needs: changes
|
||||
if: |
|
||||
(needs.changes.outputs.opentelemetry == 'true')
|
||||
strategy:
|
||||
matrix:
|
||||
nginx: ['1.25.3', '1.21.6']
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- name: image build
|
||||
run: |
|
||||
cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build
|
||||
|
||||
nginx:
|
||||
permissions:
|
||||
contents: write
|
||||
|
@ -172,12 +192,12 @@ jobs:
|
|||
PLATFORMS: linux/amd64,linux/arm,linux/arm64
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
|
||||
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
|
||||
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
|
||||
with:
|
||||
version: latest
|
||||
platforms: ${{ env.PLATFORMS }}
|
||||
|
|
2
.github/workflows/perftest.yaml
vendored
2
.github/workflows/perftest.yaml
vendored
|
@ -19,7 +19,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: Install K6
|
||||
run: |
|
||||
|
|
14
.github/workflows/plugin.yaml
vendored
14
.github/workflows/plugin.yaml
vendored
|
@ -12,7 +12,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
@ -20,31 +20,31 @@ jobs:
|
|||
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
||||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
||||
with:
|
||||
go-version: ${{ env.GOLANG_VERSION }}
|
||||
check-latest: true
|
||||
|
||||
- name: Run GoReleaser Snapshot
|
||||
if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
|
||||
uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
|
||||
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
|
||||
with:
|
||||
version: "~> v2"
|
||||
version: latest
|
||||
args: release --snapshot --clean
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Run GoReleaser
|
||||
if: ${{ startsWith(github.ref, 'refs/tags/') }}
|
||||
uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
|
||||
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
|
||||
with:
|
||||
version: "~> v2"
|
||||
version: latest
|
||||
args: release --clean
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Update new version in krew-index
|
||||
if: ${{ startsWith(github.ref, 'refs/tags/') }}
|
||||
uses: rajatjindal/krew-release-bot@3d9faef30a82761d610544f62afddca00993eef9 # v0.0.47
|
||||
uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46
|
||||
with:
|
||||
krew_template_file: cmd/plugin/krew.yaml
|
||||
|
|
6
.github/workflows/scorecards.yml
vendored
6
.github/workflows/scorecards.yml
vendored
|
@ -27,7 +27,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
|
@ -51,7 +51,7 @@ jobs:
|
|||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
|
||||
# format to the repository Actions tab.
|
||||
- name: "Upload artifact"
|
||||
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
||||
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
|
@ -59,6 +59,6 @@ jobs:
|
|||
|
||||
# Upload the results to GitHub's code scanning dashboard.
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
|
||||
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
|
2
.github/workflows/stale.yaml
vendored
2
.github/workflows/stale.yaml
vendored
|
@ -13,7 +13,7 @@ jobs:
|
|||
pull-requests: write
|
||||
|
||||
steps:
|
||||
- uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
|
||||
- uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
|
||||
with:
|
||||
stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
|
||||
stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
|
||||
|
|
8
.github/workflows/vulnerability-scans.yaml
vendored
8
.github/workflows/vulnerability-scans.yaml
vendored
|
@ -22,7 +22,7 @@ jobs:
|
|||
versions: ${{ steps.version.outputs.TAGS }}
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
@ -52,7 +52,7 @@ jobs:
|
|||
versions: ${{ fromJSON(needs.version.outputs.versions) }}
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- shell: bash
|
||||
id: test
|
||||
|
@ -60,7 +60,7 @@ jobs:
|
|||
|
||||
- name: Scan image with AquaSec/Trivy
|
||||
id: scan
|
||||
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
|
||||
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
|
||||
with:
|
||||
image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
|
||||
format: 'sarif'
|
||||
|
@ -75,7 +75,7 @@ jobs:
|
|||
|
||||
# This step checks out a copy of your repository.
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
|
||||
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
|
||||
with:
|
||||
token: ${{ github.token }}
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
|
|
6
.github/workflows/zz-tmpl-images.yaml
vendored
6
.github/workflows/zz-tmpl-images.yaml
vendored
|
@ -31,7 +31,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
|
||||
id: filter
|
||||
with:
|
||||
|
@ -48,7 +48,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: Build
|
||||
run: |
|
||||
|
@ -67,7 +67,7 @@ jobs:
|
|||
PLATFORMS: ${{ inputs.platforms-publish }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
|
||||
|
|
5
.github/workflows/zz-tmpl-k8s-e2e.yaml
vendored
5
.github/workflows/zz-tmpl-k8s-e2e.yaml
vendored
|
@ -20,7 +20,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
||||
|
||||
- name: cache
|
||||
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
||||
|
@ -43,13 +43,14 @@ jobs:
|
|||
SKIP_CLUSTER_CREATION: true
|
||||
SKIP_INGRESS_IMAGE_CREATION: true
|
||||
SKIP_E2E_IMAGE_CREATION: true
|
||||
ENABLE_VALIDATIONS: ${{ inputs.variation == 'VALIDATIONS' }}
|
||||
IS_CHROOT: ${{ inputs.variation == 'CHROOT' }}
|
||||
run: |
|
||||
kind get kubeconfig > $HOME/.kube/kind-config-kind
|
||||
make kind-e2e-test
|
||||
|
||||
- name: Upload e2e junit-reports ${{ inputs.variation }}
|
||||
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
||||
uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
|
||||
if: success() || failure()
|
||||
with:
|
||||
name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }}
|
||||
|
|
|
@ -2,7 +2,6 @@ run:
|
|||
timeout: 10m
|
||||
allow-parallel-runners: true
|
||||
|
||||
issues:
|
||||
# Maximum issues count per one linter. Set to 0 to disable. Default is 50.
|
||||
max-issues-per-linter: 0
|
||||
|
||||
|
@ -23,6 +22,7 @@ linters:
|
|||
- errcheck
|
||||
- errchkjson
|
||||
- errname
|
||||
- execinquery
|
||||
- ginkgolinter
|
||||
- gocheckcompilerdirectives
|
||||
- goconst
|
||||
|
@ -227,6 +227,9 @@ linters-settings:
|
|||
nolintlint:
|
||||
# Enable to ensure that nolint directives are all used. Default is true.
|
||||
allow-unused: false
|
||||
# Disable to ensure that nolint directives don't have a leading space. Default is true.
|
||||
# TODO(lint): Enforce machine-readable `nolint` directives
|
||||
allow-leading-space: true
|
||||
# Exclude following linters from requiring an explanation. Default is [].
|
||||
allow-no-explanation: []
|
||||
# Enable to require an explanation of nonzero length after each nolint directive. Default is false.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
std = 'ngx_lua'
|
||||
max_line_length = 100
|
||||
exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua'}
|
||||
exclude_files = {'./rootfs/etc/nginx/lua/test/**/*.lua', './rootfs/etc/nginx/lua/plugins/**/test/**/*.lua'}
|
||||
files["rootfs/etc/nginx/lua/lua_ingress.lua"] = {
|
||||
ignore = { "122" },
|
||||
-- TODO(elvinefendi) figure out why this does not work
|
||||
|
|
|
@ -1 +1 @@
|
|||
1.23.6
|
||||
1.22.8
|
||||
|
|
|
@ -93,7 +93,7 @@ Promoting the images basically means that images, that were pushed to staging co
|
|||
|
||||
```
|
||||
...
|
||||
pushing manifest for us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx/controller:v1.0.2@sha256:e15fac6e8474d77e1f017edc33d804ce72a184e3c0a30963b2a0d7f0b89f6b16
|
||||
pushing manifest for gcr.io/k8s-staging-ingress-nginx/controller:v1.0.2@sha256:e15fac6e8474d77e1f017edc33d804ce72a184e3c0a30963b2a0d7f0b89f6b16
|
||||
...
|
||||
```
|
||||
|
||||
|
@ -113,7 +113,7 @@ Promoting the images basically means that images, that were pushed to staging co
|
|||
|
||||
- For making, it easier, you can edit your branch directly in the browser. But be careful about making any mistake.
|
||||
|
||||
- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before
|
||||
- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before
|
||||
|
||||
- Save and commit
|
||||
|
||||
|
|
4
Makefile
4
Makefile
|
@ -58,7 +58,7 @@ ifneq ($(PLATFORM),)
|
|||
PLATFORM_FLAG="--platform"
|
||||
endif
|
||||
|
||||
REGISTRY ?= us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx
|
||||
REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
|
||||
|
||||
BASE_IMAGE ?= $(shell cat NGINX_BASE)
|
||||
|
||||
|
@ -110,7 +110,7 @@ clean-chroot-image: ## Removes local image
|
|||
|
||||
.PHONY: build
|
||||
build: ## Build ingress controller, debug tool and pre-stop hook.
|
||||
E2E_IMAGE=golang:$(GO_VERSION)-alpine3.21 USE_SHELL=/bin/sh build/run-in-docker.sh \
|
||||
E2E_IMAGE=golang:$(GO_VERSION)-alpine3.20 USE_SHELL=/bin/sh build/run-in-docker.sh \
|
||||
MAC_OS=$(MAC_OS) \
|
||||
PKG=$(PKG) \
|
||||
ARCH=$(ARCH) \
|
||||
|
|
|
@ -325,9 +325,9 @@ minikube start
|
|||
🐳 Preparing Kubernetes v1.23.3 on Docker 20.10.12 ...
|
||||
▪ kubelet.housekeeping-interval=5m
|
||||
🔎 Verifying Kubernetes components...
|
||||
▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
|
||||
▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
|
||||
▪ Using image registry.k8s.io/ingress-nginx/controller:v1.2.1
|
||||
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
|
||||
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
|
||||
▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.2.1
|
||||
▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
|
||||
🔎 Verifying ingress addon...
|
||||
🌟 Enabled addons: ingress, storage-provisioner, default-storageclass
|
||||
|
|
|
@ -1 +1 @@
|
|||
registry.k8s.io/ingress-nginx/nginx:v2.0.0@sha256:3e7bda4cf5111d283ed1e4ff5cc9a2b5cdc5ebe62d50ba67473d3e25b1389133
|
||||
registry.k8s.io/ingress-nginx/nginx:v0.1.0@sha256:87dcd5ed0206161b86f3767ccdc592716617481e3eac89bfc46ec515419c0b94
|
||||
|
|
1
OWNERS
1
OWNERS
|
@ -10,4 +10,3 @@ emeritus_approvers:
|
|||
- aledbf # 2020-04-02
|
||||
- bowei # 2022-10-12
|
||||
- ElvinEfendi # 2023-04-23
|
||||
- rikatz # 2024-12-15
|
||||
|
|
|
@ -1,17 +1,40 @@
|
|||
# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
|
||||
|
||||
aliases:
|
||||
sig-network-leads:
|
||||
- caseydavenport
|
||||
- dcbw
|
||||
- thockin
|
||||
|
||||
ingress-nginx-admins:
|
||||
- Gacko
|
||||
- rikatz
|
||||
- strongjz
|
||||
|
||||
ingress-nginx-maintainers:
|
||||
- cpanato
|
||||
- Gacko
|
||||
- puerco
|
||||
- rikatz
|
||||
- strongjz
|
||||
- tao12345666333
|
||||
|
||||
ingress-nginx-reviewers:
|
||||
- cpanato
|
||||
- Gacko
|
||||
- puerco
|
||||
- rikatz
|
||||
- strongjz
|
||||
- tao12345666333
|
||||
|
||||
ingress-nginx-helm-maintainers:
|
||||
- ubergesundheit
|
||||
|
||||
ingress-nginx-helm-reviewers:
|
||||
- ubergesundheit
|
||||
|
||||
ingress-nginx-docs-maintainers:
|
||||
- longwuyuan
|
||||
|
||||
ingress-nginx-kube-webhook-certgen-reviewers:
|
||||
- invidian
|
||||
|
|
|
@ -39,14 +39,6 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but
|
|||
|
||||
| Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version |
|
||||
| :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ |
|
||||
| 🔄 | **v1.12.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.21.0 | 1.25.5 | 4.12.0 |
|
||||
| 🔄 | **v1.12.0-beta.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.20.3 | 1.25.5 | 4.12.0-beta.0 |
|
||||
| 🔄 | **v1.11.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.11.4 |
|
||||
| 🔄 | **v1.11.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.11.3 |
|
||||
| 🔄 | **v1.11.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.2 |
|
||||
| 🔄 | **v1.11.1** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.1 |
|
||||
| 🔄 | **v1.11.0** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.0 |
|
||||
| | **v1.10.6** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.10.6 |
|
||||
| | **v1.10.5** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.10.5 |
|
||||
| | **v1.10.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.4 |
|
||||
| | **v1.10.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.3 |
|
||||
|
|
|
@ -10,4 +10,5 @@
|
|||
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
|
||||
# INSTRUCTIONS AT https://kubernetes.io/security/
|
||||
Gacko
|
||||
rikatz
|
||||
strongjz
|
||||
|
|
1
TAG
Normal file
1
TAG
Normal file
|
@ -0,0 +1 @@
|
|||
v1.10.5
|
|
@ -64,7 +64,7 @@ echo "[dev-env] building image"
|
|||
make build image
|
||||
docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}"
|
||||
|
||||
export K8S_VERSION=${K8S_VERSION:-v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027}
|
||||
export K8S_VERSION=${K8S_VERSION:-v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245}
|
||||
|
||||
KIND_CLUSTER_NAME="ingress-nginx-dev"
|
||||
|
||||
|
|
|
@ -26,11 +26,14 @@ set -o nounset
|
|||
set -o pipefail
|
||||
|
||||
# temporal directory for the /etc/ingress-controller directory
|
||||
if [[ "$OSTYPE" == darwin* ]]; then
|
||||
if [[ "$OSTYPE" == darwin* ]] && [[ "$RUNTIME" == podman ]]; then
|
||||
mkdir -p "tmp"
|
||||
INGRESS_VOLUME=$(pwd)/$(mktemp -d tmp/XXXXXX)
|
||||
else
|
||||
INGRESS_VOLUME=$(mktemp -d)
|
||||
if [[ "$OSTYPE" == darwin* ]]; then
|
||||
INGRESS_VOLUME=/private$INGRESS_VOLUME
|
||||
fi
|
||||
fi
|
||||
|
||||
# make sure directory for SSL cert storage exists under ingress volume
|
||||
|
@ -41,7 +44,7 @@ function cleanup {
|
|||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441}
|
||||
E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20241004-114a6abb@sha256:1389ec0589abbf5c431c9290c4c307437c8396995c63dda5eac26abd70963dc8}
|
||||
|
||||
if [[ "$RUNTIME" == podman ]]; then
|
||||
# Podman does not support both tag and digest
|
||||
|
@ -79,7 +82,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
|
|||
echo "..reached DIND check TRUE block, inside run-in-docker.sh"
|
||||
echo "FLAGS=$FLAGS"
|
||||
#go env
|
||||
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.22.2
|
||||
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.20.2
|
||||
find / -type f -name ginkgo 2>/dev/null
|
||||
which ginkgo
|
||||
/bin/bash -c "${FLAGS}"
|
||||
|
|
|
@ -1,92 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
### controller-v1.10.6
|
||||
|
||||
Images:
|
||||
|
||||
* registry.k8s.io/ingress-nginx/controller:v1.10.6@sha256:b6fbd102255edb3ba8e5421feebe14fd3e94cf53d199af9e40687f536152189c
|
||||
* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.6@sha256:44ceedafc0e04a75521b5d472c1b6b5cc08afb8038b5bbfd79c21d066ccf300e
|
||||
|
||||
### All changes:
|
||||
|
||||
* Images: Trigger controller build. (#12611)
|
||||
* Chart: Bump Kube Webhook CertGen. (#12608)
|
||||
* Tests & Docs: Bump images. (#12605)
|
||||
* Images: Trigger other builds (2/2). (#12598)
|
||||
* Images: Trigger other builds (1/2). (#12597)
|
||||
* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12592)
|
||||
* Images: Trigger `test-runner` build. (#12586)
|
||||
* Images: Bump `NGINX_BASE` to v0.2.0. (#12584)
|
||||
* Images: Trigger NGINX build. (#12578)
|
||||
* Go: Clean `go.work.sum`. (#12575)
|
||||
* Repository: Update owners. (#12570)
|
||||
* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12563)
|
||||
* CI: Update KIND images. (#12559)
|
||||
* Images: Bump Alpine to v3.21. (#12530)
|
||||
* Docs: Add guide on how to set a Maintenance Page. (#12527)
|
||||
* rikatz is stepping down (#12518)
|
||||
* rikatz is stepping down (#12497)
|
||||
* Go: Bump to v1.23.4. (#12485)
|
||||
* Plugin: Bump `goreleaser` to v2. (#12442)
|
||||
* GitHub: Fix `exec` in issue template. (#12389)
|
||||
* CI: Update KIND images. (#12368)
|
||||
* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12341)
|
||||
* Go: Bump to v1.23.3. (#12339)
|
||||
* Auth TLS: Add `_` to redirect RegEx. (#12328)
|
||||
* Auth TLS: Improve redirect RegEx. (#12321)
|
||||
* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12314)
|
||||
* Images: Trigger `test-runner` build. (#12307)
|
||||
* Config: Fix panic on invalid `lua-shared-dict`. (#12282)
|
||||
* Docs: fix limit-rate-after references (#12280)
|
||||
* Chart: Rework ServiceMonitor. (#12268)
|
||||
* Chart: Add ServiceAccount tests. (#12266)
|
||||
* CI: Fix chart testing. (#12260)
|
||||
* [fix] fix nginx temp configs cleanup (#12224)
|
||||
* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12204)
|
||||
* Docs: Add Pod Security Admission. (#12198)
|
||||
* Docs: Clarify external & service port in TCP/UDP services explanation. (#12194)
|
||||
|
||||
### Dependency updates:
|
||||
|
||||
* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12565)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12557)
|
||||
* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12552)
|
||||
* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12549)
|
||||
* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12546)
|
||||
* Bump the actions group with 2 updates (#12543)
|
||||
* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12540)
|
||||
* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12514)
|
||||
* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12511)
|
||||
* Bump the actions group with 3 updates (#12508)
|
||||
* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12504)
|
||||
* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12501)
|
||||
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12478)
|
||||
* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12473)
|
||||
* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12466)
|
||||
* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12463)
|
||||
* Bump the go group across 1 directory with 2 updates (#12459)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12425)
|
||||
* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12416)
|
||||
* Bump the go group across 3 directories with 10 updates (#12414)
|
||||
* Bump the actions group with 3 updates (#12410)
|
||||
* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12382)
|
||||
* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12375)
|
||||
* Bump golangci-lint on actions and disable deprecated linters (#12363)
|
||||
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12356)
|
||||
* Bump the actions group with 3 updates (#12353)
|
||||
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12351)
|
||||
* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12297)
|
||||
* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12294)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12290)
|
||||
* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12275)
|
||||
* Bump the go group across 3 directories with 11 updates (#12246)
|
||||
* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12241)
|
||||
* Bump the actions group with 5 updates (#12243)
|
||||
* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12219)
|
||||
* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12215)
|
||||
* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12191)
|
||||
* Bump the go group across 2 directories with 1 update (#12189)
|
||||
* Bump the actions group with 2 updates (#12185)
|
||||
* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12184)
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.5...controller-v1.10.6
|
|
@ -1,164 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
### controller-v1.11.0
|
||||
|
||||
Images:
|
||||
|
||||
* registry.k8s.io/ingress-nginx/controller:v1.11.0@sha256:a886e56d532d1388c77c8340261149d974370edca1093af4c97a96fb1467cb39
|
||||
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.0@sha256:f16dfed1c94d216b65e5dcb7508ab46148641a99649c5a700749db6f01a7039e
|
||||
|
||||
### All changes:
|
||||
|
||||
* update test runner to latest build (#11558)
|
||||
* add k8s 1.30 to ci build (#11554)
|
||||
* update test runner go base to 3.20 (#11552)
|
||||
* tag new test runner image with new nginx base 0.0.8 (#11551)
|
||||
* bump NGINX_BASE to v0.0.8 (#11544)
|
||||
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
|
||||
* trigger build for NGINX-1.25 v0.0.8 (#11539)
|
||||
* bump alpine version to 3.20 to custom-error-pages (#11538)
|
||||
* fix: Ensure changes in MatchCN annotation are detected (#11529)
|
||||
* Docs: Add information about HTTP/3 support. (#11513)
|
||||
* Docs: Specify `ingressClass` for multi-controller setup. (#11493)
|
||||
* Docs: Improve default certificate usage. (#11504)
|
||||
* Upgrade OWASP_MODSECURITY_CRS_VERSION 3.3.5 to 4.4.0 and update docs (#11511)
|
||||
* docs: Update Ingress-NGINX v1.10.1 compatibility with Kubernetes v1.30 (#11495)
|
||||
* Update getting-started.md with new prerequisites (#11486)
|
||||
* [feature] bump nginx to 1.25.5 and add http3 module (#11470)
|
||||
* Fix boolean configuration (#11483)
|
||||
* Chores: Align security contacts & chart maintainers to actual owners. (#11465)
|
||||
* CI: Bump forgotten Ginkgo versions. (#11467)
|
||||
* Tests: Replace deprecated `grpc.Dial` by `grpc.NewClient`. (#11462)
|
||||
* Owners: Promote Gacko to admin. (#11463)
|
||||
* Chart: Make pod affinity templatable. (#11453)
|
||||
* fixed fastcgi userguide (#11454)
|
||||
* Remove unnecessary space character (#11434)
|
||||
* upgrade to alpine 3.20 (#11428)
|
||||
* fix for docs issue 11432 (#11433)
|
||||
* Update index.md (#11437)
|
||||
* update golang to 1.22.4 (#11427)
|
||||
* Chart: Fix `IngressClass` annotations. (#11416)
|
||||
* Chart: Make admission webhook patch job RBAC configurable. (#11376)
|
||||
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
|
||||
* Chart: Remove `controller.enableWorkerSerialReloads`. (#11400)
|
||||
* Adapt dashboards for Grafana 11 compatibility (#11399)
|
||||
* Rename variable to fix typo (#11395)
|
||||
* Fix helm install on cloud provider admonition block (#11394)
|
||||
* edited helm-install tips (#11393)
|
||||
* added info for aws helm install (#11390)
|
||||
* added multiplecontrollers-howto to faq (#11389)
|
||||
* removed tlsv1 & tlsv1.1 (#11343)
|
||||
* feat: Add grpc timeouts annotations (#11258)
|
||||
* sfix position of options (#11379)
|
||||
* add workflow to helm release and update ct for branch (#11378)
|
||||
* Accept user defined annotations in IngressClass (#11362)
|
||||
* Docs: Remove opentracing and zipkin from docs (#11361)
|
||||
* Allow configuring nginx worker reload behaviour, to prevent multiple concurrent worker reloads which can lead to high resource usage and OOMKill (#10884)
|
||||
* chore(deps): group update k8s.io packages to v0.30.0 (#11344)
|
||||
* Fix function name in comment (#11296)
|
||||
* fix path in file changed detected message (#11271)
|
||||
* chore: fix function names in comment (#11280)
|
||||
* fix: update kube version requirement to 1.21 (#11275)
|
||||
* release helm chart from release branch (#11276)
|
||||
* update k8s version to latest kind release (#11240)
|
||||
* feat: add annotation to allow to add custom response headers (#9742)
|
||||
* remove _ssl_expire_time_seconds metric by identifier (#9706)
|
||||
* update post submit helm ci and clean up (#11220)
|
||||
* Chart: Add unit tests for default backend & topology spread constraints. (#11218)
|
||||
* sort default backend hpa metrics (#11215)
|
||||
* updated certgen image shatag (#11214)
|
||||
* feature(default_backend): topologySpreadConstraints on default backend (#11197)
|
||||
* bumped certgeimage tag (#11212)
|
||||
* changed testrunner image sha (#11207)
|
||||
* updated baseimage & deleted a useless file (#11208)
|
||||
* Chart: Make `controller.config` templatable. (#11181)
|
||||
* chunking related faq update (#11196)
|
||||
* bump ginkgo to 2-17-1 in testrunner (#11202)
|
||||
* Owners: Promote Gacko to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`. (#11165)
|
||||
* Fix-semver (#11193)
|
||||
* refactor helm ci tests part I (#11178)
|
||||
* fixes brotli build issue (#10484)
|
||||
* bump ginkgo to v2.17.1 (#11177)
|
||||
* Proposal: e2e tests for regex patterns (#11174)
|
||||
* Controller: Make Leader Election TTL configurable. (#11142)
|
||||
* Chores: Remove recently added whitespaces. (#11156)
|
||||
* Add GRPC Buffer Size to the Configmap (#11155)
|
||||
* fix geoip2 configuration docs (#11150)
|
||||
* feature(geoip2_autoreload): Enable GeoIP2 auto_reload config (#11079)
|
||||
* Chart: Add IngressClass aliases. (#11109)
|
||||
* Fix typos in OTel doc (#11081)
|
||||
* Chart: Render `controller.ingressClassResource.parameters` natively. (#11108)
|
||||
* Fix admission controller logging of `admissionTime` and `testedConfigurationSize` (#11089)
|
||||
* Chart: Align HPA & KEDA conditions. (#11110)
|
||||
* Chart: Add Gacko to maintainers. Again. (#11107)
|
||||
* Chart: Improve IngressClass documentation. (#11104)
|
||||
* Chart: Deploy `PodDisruptionBudget` with KEDA. (#11032)
|
||||
* Undo #11062 since it breaks the nginx config (#11082)
|
||||
* [mTLS] Fix acme verification when mTLS and Client CN verification is enabled (#11062)
|
||||
* golangci-lint update, ci cleanup, group dependabot updates (#11071)
|
||||
* bump golang (#11070)
|
||||
* feature(leader_election): flag to disable leader election feature on controller (#11064)
|
||||
* docs: update the 404 link to FAQ (#11069)
|
||||
* Update README.md (#11065)
|
||||
* quotes around numbers fort ports definitions (#11052)
|
||||
|
||||
### Dependency updates:
|
||||
|
||||
* Bump the all group with 2 updates (#11523)
|
||||
* Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all group (#11499)
|
||||
* Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 in the all group (#11497)
|
||||
* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#11475)
|
||||
* Bump the all group with 3 updates (#11474)
|
||||
* Bump the all group with 2 updates (#11476)
|
||||
* Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#11442)
|
||||
* Bump the all group with 3 updates (#11443)
|
||||
* Bump sigs.k8s.io/controller-runtime in the all group (#11440)
|
||||
* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#11444)
|
||||
* Bump github.com/prometheus/common from 0.53.0 to 0.54.0 (#11441)
|
||||
* Bump the all group with 2 updates (#11419)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#11418)
|
||||
* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#11417)
|
||||
* Bump the all group across 1 directory with 3 updates (#11384)
|
||||
* Bump the all group across 1 directory with 6 updates (#11383)
|
||||
* Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#11357)
|
||||
* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#11355)
|
||||
* Bump the all group with 3 updates (#11348)
|
||||
* Bump Kubernetes version on images (#11346)
|
||||
* Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.18.1 (#11345)
|
||||
* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#11328)
|
||||
* Bump the all group with 4 updates (#11327)
|
||||
* Bump k8s.io/component-base from 0.29.3 to 0.30.0 (#11291)
|
||||
* Bump github.com/prometheus/common from 0.52.3 to 0.53.0 (#11290)
|
||||
* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#11282)
|
||||
* Bump golang.org/x/net in /images/kube-webhook-certgen/rootfs (#11283)
|
||||
* Bump the all group with 2 updates (#11261)
|
||||
* Bump azure/setup-helm from 3.5 to 4 (#11263)
|
||||
* Bump actions/add-to-project from 1.0.0 to 1.0.1 in the all group (#11262)
|
||||
* Bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#11237)
|
||||
* Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#11228)
|
||||
* Bump github.com/prometheus/common from 0.51.1 to 0.52.2 (#11227)
|
||||
* Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#11229)
|
||||
* Bump github.com/prometheus/client_model in the all group (#11226)
|
||||
* Bump the all group with 3 updates (#11225)
|
||||
* Bump the all group with 2 updates (#11183)
|
||||
* Bump actions/add-to-project from 0.6.1 to 1.0.0 (#11184)
|
||||
* Bump the all group with 3 updates (#11157)
|
||||
* Bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#11159)
|
||||
* Bump the all group with 4 updates (#11133)
|
||||
* Bump the all group with 1 update (#11134)
|
||||
* Bump google.golang.org/protobuf in /images/custom-error-pages/rootfs (#11119)
|
||||
* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /magefiles (#11121)
|
||||
* Bump google.golang.org/protobuf in /images/kube-webhook-certgen/rootfs (#11120)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 (#11076)
|
||||
* Bump the all group with 1 update (#11073)
|
||||
* Bump the all group with 1 update (#11072)
|
||||
* Bump github.com/prometheus/common from 0.49.0 to 0.50.0 (#11075)
|
||||
* Bump actions/download-artifact from 4.1.2 to 4.1.4 (#11059)
|
||||
* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#11055)
|
||||
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#11057)
|
||||
* Bump github.com/prometheus/common from 0.48.0 to 0.49.0 (#11056)
|
||||
* Bump github/codeql-action from 3.24.5 to 3.24.6 (#11060)
|
||||
* Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#11058)
|
||||
* Bump dorny/paths-filter from 3.0.1 to 3.0.2 (#11061)
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.2...controller-v1.11.0
|
|
@ -1,45 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
### controller-v1.11.1
|
||||
|
||||
Images:
|
||||
|
||||
* registry.k8s.io/ingress-nginx/controller:v1.11.1@sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a
|
||||
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.1@sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
|
||||
|
||||
### All changes:
|
||||
|
||||
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11647)
|
||||
* Images: Re-run `test-runner` build. (#11644)
|
||||
* Images: Trigger `test-runner` build. (#11640)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.10. (#11638)
|
||||
* Images: Trigger NGINX build. (#11632)
|
||||
* bump testing runner (#11627)
|
||||
* remove modsecurity coreruleset test files from nginx image (#11620)
|
||||
* unskip the ocsp tests and update images to fix cfssl bug (#11616)
|
||||
* Fix indent in YAML for example pod (#11610)
|
||||
* Images: Bump `test-runner`. (#11605)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.9. (#11602)
|
||||
* revert module upgrade (#11597)
|
||||
* Release: Apply changes from `main`. (#11589)
|
||||
* Mage: Stop mutating release notes. (#11581)
|
||||
* Images: Bump `kube-webhook-certgen`. (#11584)
|
||||
* update test runner to latest build (#11558)
|
||||
* add k8s 1.30 to ci build (#11554)
|
||||
* update test runner go base to 3.20 (#11552)
|
||||
* tag new test runner image with new nginx base 0.0.8 (#11551)
|
||||
* bump NGINX_BASE to v0.0.8 (#11544)
|
||||
* add ssl patches to nginx-1.25 image for coroutines to work in lua client hello and cert ssl blocks (#11535)
|
||||
* trigger build for NGINX-1.25 v0.0.8 (#11539)
|
||||
* bump alpine version to 3.20 to custom-error-pages (#11538)
|
||||
* fix: Ensure changes in MatchCN annotation are detected (#11529)
|
||||
|
||||
### Dependency updates:
|
||||
|
||||
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11621)
|
||||
* Bump the all group with 5 updates (#11614)
|
||||
* Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#11580)
|
||||
* Bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#11576)
|
||||
* Bump the all group with 4 updates (#11575)
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.11.1
|
|
@ -1,54 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
### controller-v1.11.2
|
||||
|
||||
Images:
|
||||
|
||||
* registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
|
||||
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.2@sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8
|
||||
|
||||
### All changes:
|
||||
|
||||
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11812)
|
||||
* Images: Trigger controller build. (#11807)
|
||||
* Tests & Docs: Bump images. (#11805)
|
||||
* Images: Trigger failed builds. (#11802)
|
||||
* Images: Trigger other builds. (#11798)
|
||||
* Controller: Fix panic in alternative backend merging. (#11794)
|
||||
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11792)
|
||||
* Images: Trigger `test-runner` build. (#11787)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.12. (#11784)
|
||||
* Images: Trigger NGINX build. (#11781)
|
||||
* Cloud Build: Add missing config, remove unused ones. (#11777)
|
||||
* Generate correct output on NumCPU() when using cgroups2 (#11778)
|
||||
* Cloud Build: Tweak timeouts. (#11763)
|
||||
* Cloud Build: Fix substitutions. (#11760)
|
||||
* Cloud Build: Some chores. (#11757)
|
||||
* Go: Bump to v1.22.6. (#11749)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.11. (#11743)
|
||||
* Images: Trigger NGINX build. (#11737)
|
||||
* docs: update OpenSSL Roadmap link (#11733)
|
||||
* Go: Bump to v1.22.5. (#11732)
|
||||
* Docs: Fix typo in AWS LB Controller reference (#11725)
|
||||
* Perform some cleaning operations on line breaks. (#11721)
|
||||
* Missing anchors in regular expression. (#11719)
|
||||
* Docs: Fix `from-to-www` redirect description. (#11716)
|
||||
* Chart: Remove `isControllerTagValid`. (#11713)
|
||||
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11705)
|
||||
* Docs: Clarify `from-to-www` redirect direction. (#11693)
|
||||
* added real-client-ip faq (#11664)
|
||||
* Docs: Format NGINX configuration table. (#11662)
|
||||
* Docs: Update version in `deploy/index.md`. (#11652)
|
||||
|
||||
### Dependency updates:
|
||||
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11773)
|
||||
* Bump the all group with 2 updates (#11771)
|
||||
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11769)
|
||||
* Bump the all group with 3 updates (#11728)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11701)
|
||||
* Bump the all group with 2 updates (#11698)
|
||||
* Bump the all group with 4 updates (#11677)
|
||||
* Bump the all group with 2 updates (#11675)
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.1...controller-v1.11.2
|
|
@ -1,91 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
### controller-v1.11.3
|
||||
|
||||
Images:
|
||||
|
||||
* registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
|
||||
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.3@sha256:22701f0fc0f2dd209ef782f4e281bfe2d8cccd50ededa00aec88e0cdbe7edd14
|
||||
|
||||
### All changes:
|
||||
|
||||
* Images: Trigger controller build. (#12134)
|
||||
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12145)
|
||||
* Images: Trigger `e2e-test-echo` build. (#12141)
|
||||
* Images: Drop `s390x`. (#12138)
|
||||
* Images: Build `s390x` controller. (#12127)
|
||||
* Chart: Bump Kube Webhook CertGen. (#12123)
|
||||
* Tests & Docs: Bump images. (#12121)
|
||||
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12117)
|
||||
* Images: Trigger other builds. (#12112)
|
||||
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12105)
|
||||
* Images: Trigger `test-runner` build. (#12102)
|
||||
* Docs: Add a multi-tenant warning. (#12099)
|
||||
* Go: Bump to v1.22.8. (#12094)
|
||||
* Images: Bump `NGINX_BASE` to v0.1.0. (#12080)
|
||||
* Images: Trigger NGINX build. (#12076)
|
||||
* Images: Remove NGINX v1.21. (#12058)
|
||||
* GitHub: Improve Dependabot. (#12038)
|
||||
* Chart: Improve CI. (#12030)
|
||||
* Chart: Extend image tests. (#12027)
|
||||
* Docs: Add health check annotations for AWS. (#12020)
|
||||
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12006)
|
||||
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12002)
|
||||
* Chart: Align default backend `PodDisruptionBudget`. (#11999)
|
||||
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11986)
|
||||
* Chart: Improve default backend service account. (#11974)
|
||||
* Go: Bump to v1.22.7. (#11970)
|
||||
* Images: Bump OpenTelemetry C++ Contrib. (#11951)
|
||||
* Docs: Add note about `--watch-namespace`. (#11949)
|
||||
* Images: Use latest Alpine 3.20 everywhere. (#11946)
|
||||
* Fix minor typos (#11941)
|
||||
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11934)
|
||||
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11921)
|
||||
* Images: Trigger `test-runner` build. (#11917)
|
||||
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11889)
|
||||
* Annotations: Allow commas in URLs. (#11887)
|
||||
* CI: Grant checks write permissions to E2E Test Report. (#11885)
|
||||
* Chart: Use generic values for `ConfigMap` test. (#11879)
|
||||
* Update maxmind post link about geolite2 license changes (#11881)
|
||||
* Go: Sync `go.work.sum`. (#11875)
|
||||
* Replace deprecated queue method (#11859)
|
||||
* Auto-generate annotation docs (#11831)
|
||||
|
||||
### Dependency updates:
|
||||
|
||||
* Bump the actions group with 3 updates (#12149)
|
||||
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12109)
|
||||
* Bump the actions group with 3 updates (#12097)
|
||||
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12089)
|
||||
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12087)
|
||||
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12085)
|
||||
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12083)
|
||||
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12055)
|
||||
* Bump the go group across 1 directory with 3 updates (#12053)
|
||||
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12049)
|
||||
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12047)
|
||||
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12046)
|
||||
* Bump the all group with 2 updates (#12036)
|
||||
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12016)
|
||||
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12014)
|
||||
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12012)
|
||||
* Bump the all group with 2 updates (#11981)
|
||||
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11980)
|
||||
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11961)
|
||||
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11958)
|
||||
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11957)
|
||||
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11930)
|
||||
* Bump the all group with 2 updates (#11925)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11913)
|
||||
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11910)
|
||||
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11909)
|
||||
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11908)
|
||||
* Bump the all group with 2 updates (#11871)
|
||||
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11868)
|
||||
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11840)
|
||||
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11839)
|
||||
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11837)
|
||||
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11836)
|
||||
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11834)
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.2...controller-v1.11.3
|
|
@ -1,94 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
### controller-v1.11.4
|
||||
|
||||
Images:
|
||||
|
||||
* registry.k8s.io/ingress-nginx/controller:v1.11.4@sha256:981a97d78bee3109c0b149946c07989f8f1478a9265031d2d23dea839ba05b52
|
||||
* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.4@sha256:f29d0f9e7a9ef4947eda59ed0c09ec13380b13639d1518cf1ab8ec09c3e22ef8
|
||||
|
||||
### All changes:
|
||||
|
||||
* Images: Trigger controller build. (#12610)
|
||||
* Chart: Bump Kube Webhook CertGen. (#12607)
|
||||
* Tests & Docs: Bump images. (#12604)
|
||||
* Images: Trigger other builds (2/2). (#12600)
|
||||
* Images: Trigger other builds (1/2). (#12596)
|
||||
* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12591)
|
||||
* Images: Trigger `test-runner` build. (#12588)
|
||||
* Images: Bump `NGINX_BASE` to v0.2.0. (#12583)
|
||||
* Images: Trigger NGINX build. (#12577)
|
||||
* Go: Clean `go.work.sum`. (#12574)
|
||||
* Repository: Update owners. (#12569)
|
||||
* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12562)
|
||||
* CI: Update KIND images. (#12558)
|
||||
* Images: Bump Alpine to v3.21. (#12529)
|
||||
* Docs: Add guide on how to set a Maintenance Page. (#12526)
|
||||
* rikatz is stepping down (#12517)
|
||||
* rikatz is stepping down (#12495)
|
||||
* Go: Bump to v1.23.4. (#12484)
|
||||
* Plugin: Bump `goreleaser` to v2. (#12441)
|
||||
* GitHub: Fix `exec` in issue template. (#12388)
|
||||
* CI: Update KIND images. (#12365)
|
||||
* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12343)
|
||||
* Go: Bump to v1.23.3. (#12338)
|
||||
* Auth TLS: Add `_` to redirect RegEx. (#12327)
|
||||
* Auth TLS: Improve redirect RegEx. (#12322)
|
||||
* Update custom headers annotation documentation (#12319)
|
||||
* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12313)
|
||||
* Images: Trigger `test-runner` build. (#12306)
|
||||
* Config: Fix panic on invalid `lua-shared-dict`. (#12284)
|
||||
* Docs: fix limit-rate-after references (#12279)
|
||||
* Chart: Rework ServiceMonitor. (#12270)
|
||||
* Chart: Add ServiceAccount tests. (#12264)
|
||||
* CI: Fix chart testing. (#12259)
|
||||
* [fix] fix nginx temp configs cleanup (#12223)
|
||||
* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12203)
|
||||
* Docs: Add Pod Security Admission. (#12197)
|
||||
* Docs: Clarify external & service port in TCP/UDP services explanation. (#12193)
|
||||
* Docs: Goodbye, v1.10. (#12159)
|
||||
|
||||
### Dependency updates:
|
||||
|
||||
* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12567)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12556)
|
||||
* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12551)
|
||||
* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12548)
|
||||
* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12545)
|
||||
* Bump the actions group with 2 updates (#12542)
|
||||
* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12539)
|
||||
* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12513)
|
||||
* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12510)
|
||||
* Bump the actions group with 3 updates (#12507)
|
||||
* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12503)
|
||||
* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12500)
|
||||
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12477)
|
||||
* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12475)
|
||||
* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12465)
|
||||
* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12462)
|
||||
* Bump the go group across 1 directory with 2 updates (#12458)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12427)
|
||||
* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12417)
|
||||
* Bump the go group across 3 directories with 10 updates (#12415)
|
||||
* Bump the actions group with 3 updates (#12411)
|
||||
* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12381)
|
||||
* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12374)
|
||||
* Bump golangci-lint on actions and disable deprecated linters (#12362)
|
||||
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12355)
|
||||
* Bump the actions group with 3 updates (#12352)
|
||||
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12350)
|
||||
* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12298)
|
||||
* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12295)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12289)
|
||||
* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12274)
|
||||
* Bump the go group across 3 directories with 11 updates (#12245)
|
||||
* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12239)
|
||||
* Bump the actions group with 5 updates (#12240)
|
||||
* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12220)
|
||||
* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12216)
|
||||
* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12190)
|
||||
* Bump the go group across 2 directories with 1 update (#12187)
|
||||
* Bump the actions group with 2 updates (#12181)
|
||||
* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12179)
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.3...controller-v1.11.4
|
|
@ -1,216 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
### controller-v1.12.0-beta.0
|
||||
|
||||
Images:
|
||||
|
||||
* registry.k8s.io/ingress-nginx/controller:v1.12.0-beta.0@sha256:9724476b928967173d501040631b23ba07f47073999e80e34b120e8db5f234d5
|
||||
* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.0-beta.0@sha256:6e2f8f52e1f2571ff65bc4fc4826d5282d5def5835ec4ab433dcb8e659b2fbac
|
||||
|
||||
### All changes:
|
||||
|
||||
* Images: Trigger controller build. (#12154)
|
||||
* ⚠️ Metrics: Disable by default. (#12153) ⚠️
|
||||
|
||||
This changes the default of the following CLI arguments:
|
||||
|
||||
* `--enable-metrics` gets disabled by default.
|
||||
|
||||
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12147)
|
||||
* Images: Trigger `e2e-test-echo` build. (#12140)
|
||||
* ⚠️ Images: Drop `s390x`. (#12137) ⚠️
|
||||
|
||||
Support for the `s390x` architecture has already been removed from the controller image. This also removes it from the NGINX base image and CI relevant images.
|
||||
|
||||
* Images: Build `s390x` controller. (#12126)
|
||||
* Chart: Bump Kube Webhook CertGen. (#12119)
|
||||
* Tests & Docs: Bump images. (#12118)
|
||||
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12113)
|
||||
* Images: Trigger other builds. (#12110)
|
||||
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12103)
|
||||
* Images: Trigger `test-runner` build. (#12100)
|
||||
* Docs: Add a multi-tenant warning. (#12091)
|
||||
* Go: Bump to v1.22.8. (#12069)
|
||||
* Images: Bump `NGINX_BASE` to v1.0.0. (#12066)
|
||||
* Images: Trigger NGINX build. (#12063)
|
||||
* Images: Remove NGINX v1.21. (#12031)
|
||||
* Chart: Add `controller.metrics.service.enabled`. (#12056)
|
||||
* GitHub: Improve Dependabot. (#12033)
|
||||
* Chart: Add `global.image.registry`. (#12028)
|
||||
* ⚠️ Images: Remove OpenTelemetry. (#12024) ⚠️
|
||||
|
||||
OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
|
||||
|
||||
* Chart: Improve CI. (#12003)
|
||||
* Chart: Extend image tests. (#12025)
|
||||
* Chart: Add `controller.progressDeadlineSeconds`. (#12017)
|
||||
* Docs: Add health check annotations for AWS. (#12018)
|
||||
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12005)
|
||||
* Chart: Implement `unhealthyPodEvictionPolicy`. (#11992)
|
||||
* Chart: Add `defaultBackend.maxUnavailable`. (#11995)
|
||||
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12000)
|
||||
* Chart: Align default backend `PodDisruptionBudget`. (#11993)
|
||||
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#10274)
|
||||
* ⚠️ Chart: Remove Pod Security Policy. (#11971) ⚠️
|
||||
|
||||
This removes Pod Security Policies and related resources from the chart.
|
||||
|
||||
* Chart: Improve default backend service account. (#11972)
|
||||
* Go: Bump to v1.22.7. (#11943)
|
||||
* NGINX: Remove inline Lua from template. (#11806)
|
||||
* Images: Bump OpenTelemetry C++ Contrib. (#11629)
|
||||
* Docs: Add note about `--watch-namespace`. (#11947)
|
||||
* Images: Use latest Alpine 3.20 everywhere. (#11944)
|
||||
* Fix minor typos (#11935)
|
||||
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11931)
|
||||
* Allow any protocol for cors origins (#11153)
|
||||
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11919)
|
||||
* Images: Trigger `test-runner` build. (#11916)
|
||||
* Chart: Add `controller.metrics.prometheusRule.annotations`. (#11849)
|
||||
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11883)
|
||||
* Annotations: Allow commas in URLs. (#11882)
|
||||
* CI: Grant checks write permissions to E2E Test Report. (#11862)
|
||||
* Chart: Use generic values for `ConfigMap` test. (#11877)
|
||||
* Security: Follow-up on recent changes. (#11874)
|
||||
* Lua: Remove plugins from `.luacheckrc` & E2E docs. (#11872)
|
||||
* Dashboard: Remove `ingress_upstream_latency_seconds`. (#11878)
|
||||
* Metrics: Add `--metrics-per-undefined-host` argument. (#11818)
|
||||
* Update maxmind post link about geolite2 license changes (#11861)
|
||||
* ⚠️ Remove global-rate-limit feature (#11851) ⚠️
|
||||
|
||||
This removes the following configuration options:
|
||||
|
||||
* `global-rate-limit-memcached-host`
|
||||
* `global-rate-limit-memcached-port`
|
||||
* `global-rate-limit-memcached-connect-timeout`
|
||||
* `global-rate-limit-memcached-max-idle-timeout`
|
||||
* `global-rate-limit-memcached-pool-size`
|
||||
* `global-rate-limit-status-code`
|
||||
|
||||
It also removes the following annotations:
|
||||
|
||||
* `global-rate-limit`
|
||||
* `global-rate-limit-window`
|
||||
* `global-rate-limit-key`
|
||||
* `global-rate-limit-ignored-cidrs`
|
||||
|
||||
* Revert "docs: Add deployment for AWS NLB Proxy." (#11857)
|
||||
* Add custom code handling for temporal redirect (#10651)
|
||||
* Add native histogram support for histogram metrics (#9971)
|
||||
* Replace deprecated queue method (#11853)
|
||||
* ⚠️ Enable security features by default (#11819) ⚠️
|
||||
|
||||
This changes the default of the following CLI arguments:
|
||||
|
||||
* `--enable-annotation-validation` gets enabled by default.
|
||||
|
||||
It also changes the default of the following configuration options:
|
||||
|
||||
* `allow-cross-namespace-resources` gets disabled by default.
|
||||
* `annotations-risk-level` gets lowered to "High" by default.
|
||||
* `strict-validate-path-type` gets enabled by default.
|
||||
|
||||
* docs: Add deployment for AWS NLB Proxy. (#9565)
|
||||
* ⚠️ Remove 3rd party lua plugin support (#11821) ⚠️
|
||||
|
||||
This removes the following configuration options:
|
||||
|
||||
* `plugins`
|
||||
|
||||
It also removes support for user provided Lua plugins in the `/etc/nginx/lua/plugins` directory.
|
||||
|
||||
* Auto-generate annotation docs (#11820)
|
||||
* ⚠️ Metrics: Remove `ingress_upstream_latency_seconds`. (#11795) ⚠️
|
||||
|
||||
This metric has already been deprecated and is now getting removed.
|
||||
|
||||
* Release controller v1.11.2/v1.10.4 & chart v4.11.2/v4.10.4. (#11816)
|
||||
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11809)
|
||||
* Tests & Docs: Bump images. (#11803)
|
||||
* Images: Trigger failed builds. (#11800)
|
||||
* Images: Trigger other builds. (#11796)
|
||||
* Controller: Fix panic in alternative backend merging. (#11789)
|
||||
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11788)
|
||||
* Images: Trigger `test-runner` build. (#11785)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.12. (#11782)
|
||||
* Images: Trigger NGINX build. (#11779)
|
||||
* Cloud Build: Add missing config, remove unused ones. (#11774)
|
||||
* Cloud Build: Tweak timeouts. (#11761)
|
||||
* Cloud Build: Fix substitutions. (#11758)
|
||||
* Cloud Build: Some chores. (#11633)
|
||||
* Go: Bump to v1.22.6. (#11747)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.11. (#11741)
|
||||
* Images: Trigger NGINX build. (#11735)
|
||||
* docs: update OpenSSL Roadmap link (#11730)
|
||||
* Go: Bump to v1.22.5. (#11634)
|
||||
* Docs: Fix typo in AWS LB Controller reference (#11723)
|
||||
* Perform some cleaning operations on line breaks. (#11720)
|
||||
* Missing anchors in regular expression. (#11717)
|
||||
* Docs: Fix `from-to-www` redirect description. (#11712)
|
||||
* Chart: Remove `isControllerTagValid`. (#11710)
|
||||
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11702)
|
||||
* Chart: Explicitly set `runAsGroup`. (#11679)
|
||||
* Docs: Clarify `from-to-www` redirect direction. (#11682)
|
||||
* added real-client-ip faq (#11663)
|
||||
* Docs: Format NGINX configuration table. (#11659)
|
||||
* Release controller v1.11.1/v1.10.3 & chart v4.11.1/v4.10.3. (#11654)
|
||||
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11645)
|
||||
* Images: Trigger `test-runner` build. (#11636)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.10. (#11635)
|
||||
* remove modsecurity coreruleset test files from nginx image (#11617)
|
||||
* unskip the ocsp tests and update images to fix cfssl bug (#11606)
|
||||
* Fix indent in YAML for example pod (#11598)
|
||||
* Images: Bump `test-runner`. (#11600)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.9. (#11599)
|
||||
* revert module upgrade (#11594)
|
||||
* README: Fix support matrix. (#11586)
|
||||
* Repository: Add changelogs from `release-v1.10`. (#11587)
|
||||
|
||||
### Dependency updates:
|
||||
|
||||
* Bump the actions group with 3 updates (#12152)
|
||||
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12107)
|
||||
* Bump the actions group with 3 updates (#12092)
|
||||
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12062)
|
||||
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12060)
|
||||
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12059)
|
||||
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12061)
|
||||
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12051)
|
||||
* Bump the go group across 1 directory with 3 updates (#12050)
|
||||
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12043)
|
||||
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12041)
|
||||
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12040)
|
||||
* Bump the all group with 2 updates (#12032)
|
||||
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12010)
|
||||
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12009)
|
||||
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12008)
|
||||
* Bump the all group with 2 updates (#11977)
|
||||
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11976)
|
||||
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11954)
|
||||
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11955)
|
||||
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11953)
|
||||
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11928)
|
||||
* Bump the all group with 2 updates (#11922)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11901)
|
||||
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11902)
|
||||
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11903)
|
||||
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11904)
|
||||
* Bump the all group with 2 updates (#11865)
|
||||
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11867)
|
||||
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11832)
|
||||
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11823)
|
||||
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11822)
|
||||
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11825)
|
||||
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11826)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11766)
|
||||
* Bump the all group with 2 updates (#11767)
|
||||
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11765)
|
||||
* Bump the all group with 3 updates (#11727)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11696)
|
||||
* Bump the all group with 2 updates (#11695)
|
||||
* Bump the all group with 4 updates (#11673)
|
||||
* Bump the all group with 2 updates (#11672)
|
||||
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11522)
|
||||
* Bump the all group with 5 updates (#11611)
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.12.0-beta.0
|
|
@ -1,294 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
### controller-v1.12.0
|
||||
|
||||
Images:
|
||||
|
||||
* registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa
|
||||
* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.0@sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3
|
||||
|
||||
### All changes:
|
||||
|
||||
* Images: Trigger controller build. (#12609)
|
||||
* Chart: Bump Kube Webhook CertGen. (#12606)
|
||||
* Tests & Docs: Bump images. (#12603)
|
||||
* Images: Trigger other builds (2/2). (#12599)
|
||||
* Images: Trigger other builds (1/2). (#12595)
|
||||
* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12590)
|
||||
* Images: Trigger `test-runner` build. (#12587)
|
||||
* Images: Bump `NGINX_BASE` to v1.1.0. (#12582)
|
||||
* Images: Trigger NGINX build. (#12579)
|
||||
* Go: Clean `go.work.sum`. (#12573)
|
||||
* Repository: Update owners. (#12568)
|
||||
* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12561)
|
||||
* CI: Update KIND images. (#12560)
|
||||
* Images: Bump Alpine to v3.21. (#12528)
|
||||
* Docs: Add guide on how to set a Maintenance Page. (#12525)
|
||||
* rikatz is stepping down (#12516)
|
||||
* rikatz is stepping down (#12494)
|
||||
* Go: Bump to v1.23.4. (#12483)
|
||||
* Plugin: Bump `goreleaser` to v2. (#12440)
|
||||
* GitHub: Fix `exec` in issue template. (#12387)
|
||||
* CI: Update KIND images. (#12367)
|
||||
* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12342)
|
||||
* Go: Bump to v1.23.3. (#12337)
|
||||
* Auth TLS: Add `_` to redirect RegEx. (#12326)
|
||||
* Auth TLS: Improve redirect RegEx. (#12323)
|
||||
* Update custom headers annotation documentation (#12318)
|
||||
* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12312)
|
||||
* Docs: Add CPU usage note for `--metrics-per-undefined-host`. (#12310)
|
||||
* Images: Trigger `test-runner` build. (#12308)
|
||||
* Config: Fix panic on invalid `lua-shared-dict`. (#12283)
|
||||
* Docs: fix limit-rate-after references (#12278)
|
||||
* Chart: Rework ServiceMonitor. (#12269)
|
||||
* Chart: Add ServiceAccount tests. (#12263)
|
||||
* CI: Fix chart testing. (#12258)
|
||||
* [fix] fix nginx temp configs cleanup (#12225)
|
||||
* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12202)
|
||||
* Docs: Add Pod Security Admission. (#12195)
|
||||
* Docs: Clarify external & service port in TCP/UDP services explanation. (#12192)
|
||||
* Images: Trigger controller build. (#12154)
|
||||
* ⚠️ Metrics: Disable by default. (#12153) ⚠️
|
||||
|
||||
This changes the default of the following CLI arguments:
|
||||
|
||||
* `--enable-metrics` gets disabled by default.
|
||||
|
||||
* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12147)
|
||||
* Images: Trigger `e2e-test-echo` build. (#12140)
|
||||
* ⚠️ Images: Drop `s390x`. (#12137) ⚠️
|
||||
|
||||
Support for the `s390x` architecture has already been removed from the controller image. This also removes it from the NGINX base image and CI relevant images.
|
||||
|
||||
* Images: Build `s390x` controller. (#12126)
|
||||
* Chart: Bump Kube Webhook CertGen. (#12119)
|
||||
* Tests & Docs: Bump images. (#12118)
|
||||
* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12113)
|
||||
* Images: Trigger other builds. (#12110)
|
||||
* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12103)
|
||||
* Images: Trigger `test-runner` build. (#12100)
|
||||
* Docs: Add a multi-tenant warning. (#12091)
|
||||
* Go: Bump to v1.22.8. (#12069)
|
||||
* Images: Bump `NGINX_BASE` to v1.0.0. (#12066)
|
||||
* Images: Trigger NGINX build. (#12063)
|
||||
* Images: Remove NGINX v1.21. (#12031)
|
||||
* Chart: Add `controller.metrics.service.enabled`. (#12056)
|
||||
* GitHub: Improve Dependabot. (#12033)
|
||||
* Chart: Add `global.image.registry`. (#12028)
|
||||
* ⚠️ Images: Remove OpenTelemetry. (#12024) ⚠️
|
||||
|
||||
OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
|
||||
|
||||
* Chart: Improve CI. (#12003)
|
||||
* Chart: Extend image tests. (#12025)
|
||||
* Chart: Add `controller.progressDeadlineSeconds`. (#12017)
|
||||
* Docs: Add health check annotations for AWS. (#12018)
|
||||
* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12005)
|
||||
* Chart: Implement `unhealthyPodEvictionPolicy`. (#11992)
|
||||
* Chart: Add `defaultBackend.maxUnavailable`. (#11995)
|
||||
* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12000)
|
||||
* Chart: Align default backend `PodDisruptionBudget`. (#11993)
|
||||
* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#10274)
|
||||
* ⚠️ Chart: Remove Pod Security Policy. (#11971) ⚠️
|
||||
|
||||
This removes Pod Security Policies and related resources from the chart.
|
||||
|
||||
* Chart: Improve default backend service account. (#11972)
|
||||
* Go: Bump to v1.22.7. (#11943)
|
||||
* NGINX: Remove inline Lua from template. (#11806)
|
||||
* Images: Bump OpenTelemetry C++ Contrib. (#11629)
|
||||
* Docs: Add note about `--watch-namespace`. (#11947)
|
||||
* Images: Use latest Alpine 3.20 everywhere. (#11944)
|
||||
* Fix minor typos (#11935)
|
||||
* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11931)
|
||||
* Allow any protocol for cors origins (#11153)
|
||||
* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11919)
|
||||
* Images: Trigger `test-runner` build. (#11916)
|
||||
* Chart: Add `controller.metrics.prometheusRule.annotations`. (#11849)
|
||||
* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11883)
|
||||
* Annotations: Allow commas in URLs. (#11882)
|
||||
* CI: Grant checks write permissions to E2E Test Report. (#11862)
|
||||
* Chart: Use generic values for `ConfigMap` test. (#11877)
|
||||
* Security: Follow-up on recent changes. (#11874)
|
||||
* Lua: Remove plugins from `.luacheckrc` & E2E docs. (#11872)
|
||||
* Dashboard: Remove `ingress_upstream_latency_seconds`. (#11878)
|
||||
* Metrics: Add `--metrics-per-undefined-host` argument. (#11818)
|
||||
* Update maxmind post link about geolite2 license changes (#11861)
|
||||
* ⚠️ Remove global-rate-limit feature (#11851) ⚠️
|
||||
|
||||
This removes the following configuration options:
|
||||
|
||||
* `global-rate-limit-memcached-host`
|
||||
* `global-rate-limit-memcached-port`
|
||||
* `global-rate-limit-memcached-connect-timeout`
|
||||
* `global-rate-limit-memcached-max-idle-timeout`
|
||||
* `global-rate-limit-memcached-pool-size`
|
||||
* `global-rate-limit-status-code`
|
||||
|
||||
It also removes the following annotations:
|
||||
|
||||
* `global-rate-limit`
|
||||
* `global-rate-limit-window`
|
||||
* `global-rate-limit-key`
|
||||
* `global-rate-limit-ignored-cidrs`
|
||||
|
||||
* Revert "docs: Add deployment for AWS NLB Proxy." (#11857)
|
||||
* Add custom code handling for temporal redirect (#10651)
|
||||
* Add native histogram support for histogram metrics (#9971)
|
||||
* Replace deprecated queue method (#11853)
|
||||
* ⚠️ Enable security features by default (#11819) ⚠️
|
||||
|
||||
This changes the default of the following CLI arguments:
|
||||
|
||||
* `--enable-annotation-validation` gets enabled by default.
|
||||
|
||||
It also changes the default of the following configuration options:
|
||||
|
||||
* `allow-cross-namespace-resources` gets disabled by default.
|
||||
* `annotations-risk-level` gets lowered to "High" by default.
|
||||
* `strict-validate-path-type` gets enabled by default.
|
||||
|
||||
* docs: Add deployment for AWS NLB Proxy. (#9565)
|
||||
* ⚠️ Remove 3rd party lua plugin support (#11821) ⚠️
|
||||
|
||||
This removes the following configuration options:
|
||||
|
||||
* `plugins`
|
||||
|
||||
It also removes support for user provided Lua plugins in the `/etc/nginx/lua/plugins` directory.
|
||||
|
||||
* Auto-generate annotation docs (#11820)
|
||||
* ⚠️ Metrics: Remove `ingress_upstream_latency_seconds`. (#11795) ⚠️
|
||||
|
||||
This metric has already been deprecated and is now getting removed.
|
||||
|
||||
* Release controller v1.11.2/v1.10.4 & chart v4.11.2/v4.10.4. (#11816)
|
||||
* Chart: Bump Kube Webhook CertGen & OpenTelemetry. (#11809)
|
||||
* Tests & Docs: Bump images. (#11803)
|
||||
* Images: Trigger failed builds. (#11800)
|
||||
* Images: Trigger other builds. (#11796)
|
||||
* Controller: Fix panic in alternative backend merging. (#11789)
|
||||
* Tests: Bump `e2e-test-runner` to v20240812-3f0129aa. (#11788)
|
||||
* Images: Trigger `test-runner` build. (#11785)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.12. (#11782)
|
||||
* Images: Trigger NGINX build. (#11779)
|
||||
* Cloud Build: Add missing config, remove unused ones. (#11774)
|
||||
* Cloud Build: Tweak timeouts. (#11761)
|
||||
* Cloud Build: Fix substitutions. (#11758)
|
||||
* Cloud Build: Some chores. (#11633)
|
||||
* Go: Bump to v1.22.6. (#11747)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.11. (#11741)
|
||||
* Images: Trigger NGINX build. (#11735)
|
||||
* docs: update OpenSSL Roadmap link (#11730)
|
||||
* Go: Bump to v1.22.5. (#11634)
|
||||
* Docs: Fix typo in AWS LB Controller reference (#11723)
|
||||
* Perform some cleaning operations on line breaks. (#11720)
|
||||
* Missing anchors in regular expression. (#11717)
|
||||
* Docs: Fix `from-to-www` redirect description. (#11712)
|
||||
* Chart: Remove `isControllerTagValid`. (#11710)
|
||||
* Tests: Bump `e2e-test-runner` to v20240729-04899b27. (#11702)
|
||||
* Chart: Explicitly set `runAsGroup`. (#11679)
|
||||
* Docs: Clarify `from-to-www` redirect direction. (#11682)
|
||||
* added real-client-ip faq (#11663)
|
||||
* Docs: Format NGINX configuration table. (#11659)
|
||||
* Release controller v1.11.1/v1.10.3 & chart v4.11.1/v4.10.3. (#11654)
|
||||
* Tests: Bump `test-runner` to v20240717-1fe74b5f. (#11645)
|
||||
* Images: Trigger `test-runner` build. (#11636)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.10. (#11635)
|
||||
* remove modsecurity coreruleset test files from nginx image (#11617)
|
||||
* unskip the ocsp tests and update images to fix cfssl bug (#11606)
|
||||
* Fix indent in YAML for example pod (#11598)
|
||||
* Images: Bump `test-runner`. (#11600)
|
||||
* Images: Bump `NGINX_BASE` to v0.0.9. (#11599)
|
||||
* revert module upgrade (#11594)
|
||||
* README: Fix support matrix. (#11586)
|
||||
* Repository: Add changelogs from `release-v1.10`. (#11587)
|
||||
|
||||
### Dependency updates:
|
||||
|
||||
* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12566)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12555)
|
||||
* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12550)
|
||||
* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12547)
|
||||
* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12544)
|
||||
* Bump the actions group with 2 updates (#12541)
|
||||
* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12538)
|
||||
* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12512)
|
||||
* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12509)
|
||||
* Bump the actions group with 3 updates (#12506)
|
||||
* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12505)
|
||||
* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12502)
|
||||
* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12476)
|
||||
* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12472)
|
||||
* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12464)
|
||||
* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12461)
|
||||
* Bump the go group across 1 directory with 2 updates (#12460)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12426)
|
||||
* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12418)
|
||||
* Bump the go group across 3 directories with 10 updates (#12413)
|
||||
* Bump the actions group with 3 updates (#12412)
|
||||
* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12380)
|
||||
* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12373)
|
||||
* Bump golangci-lint on actions and disable deprecated linters (#12361)
|
||||
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12357)
|
||||
* Bump the actions group with 3 updates (#12354)
|
||||
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12349)
|
||||
* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12299)
|
||||
* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12296)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12288)
|
||||
* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12273)
|
||||
* Bump the go group across 3 directories with 11 updates (#12244)
|
||||
* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12242)
|
||||
* Bump the actions group with 5 updates (#12236)
|
||||
* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12218)
|
||||
* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12217)
|
||||
* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12188)
|
||||
* Bump the go group across 2 directories with 1 update (#12186)
|
||||
* Bump the actions group with 2 updates (#12180)
|
||||
* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12178)
|
||||
* Bump the actions group with 3 updates (#12152)
|
||||
* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12107)
|
||||
* Bump the actions group with 3 updates (#12092)
|
||||
* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12062)
|
||||
* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12060)
|
||||
* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12059)
|
||||
* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12061)
|
||||
* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12051)
|
||||
* Bump the go group across 1 directory with 3 updates (#12050)
|
||||
* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12043)
|
||||
* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12041)
|
||||
* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12040)
|
||||
* Bump the all group with 2 updates (#12032)
|
||||
* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12010)
|
||||
* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12009)
|
||||
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12008)
|
||||
* Bump the all group with 2 updates (#11977)
|
||||
* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11976)
|
||||
* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11954)
|
||||
* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11955)
|
||||
* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11953)
|
||||
* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11928)
|
||||
* Bump the all group with 2 updates (#11922)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11901)
|
||||
* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11902)
|
||||
* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11903)
|
||||
* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11904)
|
||||
* Bump the all group with 2 updates (#11865)
|
||||
* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11867)
|
||||
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11832)
|
||||
* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11823)
|
||||
* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11822)
|
||||
* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11825)
|
||||
* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11826)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#11766)
|
||||
* Bump the all group with 2 updates (#11767)
|
||||
* Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#11765)
|
||||
* Bump the all group with 3 updates (#11727)
|
||||
* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in the all group (#11696)
|
||||
* Bump the all group with 2 updates (#11695)
|
||||
* Bump the all group with 4 updates (#11673)
|
||||
* Bump the all group with 2 updates (#11672)
|
||||
* Bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#11522)
|
||||
* Bump the all group with 5 updates (#11611)
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.0...controller-v1.12.0
|
|
@ -1,10 +1,9 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- 'CI: Fix chart testing. (#12258)'
|
||||
- Update Ingress-Nginx version controller-v1.12.0
|
||||
- Update Ingress-Nginx version controller-v1.10.5
|
||||
artifacthub.io/prerelease: "false"
|
||||
apiVersion: v2
|
||||
appVersion: 1.12.0
|
||||
appVersion: 1.10.5
|
||||
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
|
||||
load balancer
|
||||
home: https://github.com/kubernetes/ingress-nginx
|
||||
|
@ -16,9 +15,11 @@ kubeVersion: '>=1.21.0-0'
|
|||
maintainers:
|
||||
- name: cpanato
|
||||
- name: Gacko
|
||||
- name: puerco
|
||||
- name: rikatz
|
||||
- name: strongjz
|
||||
- name: tao12345666333
|
||||
name: ingress-nginx
|
||||
sources:
|
||||
- https://github.com/kubernetes/ingress-nginx
|
||||
version: 4.12.0
|
||||
version: 4.10.5
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
# See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
|
||||
|
||||
approvers:
|
||||
- ingress-nginx-helm-maintainers
|
||||
|
||||
reviewers:
|
||||
- ingress-nginx-helm-reviewers
|
||||
|
||||
labels:
|
||||
- area/helm
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
|
||||
|
||||
|
@ -229,24 +229,6 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
|
|||
|
||||
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
|
||||
|
||||
### Pod Security Admission
|
||||
|
||||
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
|
||||
|
||||
Example:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
labels:
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
name: ingress-nginx
|
||||
pod-security.kubernetes.io/enforce: restricted
|
||||
pod-security.kubernetes.io/enforce-version: v1.31
|
||||
```
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|
@ -260,8 +242,9 @@ metadata:
|
|||
| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | |
|
||||
| controller.admissionWebhooks.createSecretJob.name | string | `"create"` | |
|
||||
| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | |
|
||||
| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
|
||||
| controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers |
|
||||
| controller.admissionWebhooks.enabled | bool | `true` | |
|
||||
| controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one |
|
||||
| controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set |
|
||||
| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use |
|
||||
| controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | |
|
||||
|
@ -270,26 +253,21 @@ metadata:
|
|||
| controller.admissionWebhooks.namespaceSelector | object | `{}` | |
|
||||
| controller.admissionWebhooks.objectSelector | object | `{}` | |
|
||||
| controller.admissionWebhooks.patch.enabled | bool | `true` | |
|
||||
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:0de05718b59dc33b57ddfb4d8ad5f637cefd13eafdec0e1579d782b3483c27c3"` | |
|
||||
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f"` | |
|
||||
| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
|
||||
| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| controller.admissionWebhooks.patch.image.tag | string | `"v1.5.1"` | |
|
||||
| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | |
|
||||
| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.4"` | |
|
||||
| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
|
||||
| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
|
||||
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
|
||||
| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | |
|
||||
| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
|
||||
| controller.admissionWebhooks.patch.rbac | object | `{"create":true}` | Admission webhook patch job RBAC |
|
||||
| controller.admissionWebhooks.patch.rbac.create | bool | `true` | Create RBAC or not |
|
||||
| controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods |
|
||||
| controller.admissionWebhooks.patch.serviceAccount | object | `{"automountServiceAccountToken":true,"create":true,"name":""}` | Admission webhook patch job service account |
|
||||
| controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token or not |
|
||||
| controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not |
|
||||
| controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name |
|
||||
| controller.admissionWebhooks.patch.tolerations | list | `[]` | |
|
||||
| controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` | |
|
||||
| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | |
|
||||
| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
|
||||
| controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers |
|
||||
| controller.admissionWebhooks.port | int | `8443` | |
|
||||
| controller.admissionWebhooks.service.annotations | object | `{}` | |
|
||||
| controller.admissionWebhooks.service.externalIPs | list | `[]` | |
|
||||
|
@ -307,7 +285,7 @@ metadata:
|
|||
| controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
|
||||
| controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
|
||||
| controller.autoscalingTemplate | list | `[]` | |
|
||||
| controller.config | object | `{}` | Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates. Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
|
||||
| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
|
||||
| controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
|
||||
| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
|
||||
| controller.containerName | string | `"controller"` | Configures the controller container name |
|
||||
|
@ -315,19 +293,18 @@ metadata:
|
|||
| controller.containerSecurityContext | object | `{}` | Security context for controller containers |
|
||||
| controller.customTemplate.configMapKey | string | `""` | |
|
||||
| controller.customTemplate.configMapName | string | `""` | |
|
||||
| controller.disableLeaderElection | bool | `false` | This configuration disable Nginx Controller Leader Election |
|
||||
| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
|
||||
| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
|
||||
| controller.electionID | string | `""` | Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' |
|
||||
| controller.electionTTL | string | `""` | Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s) |
|
||||
| controller.enableAnnotationValidations | bool | `true` | |
|
||||
| controller.enableAnnotationValidations | bool | `false` | |
|
||||
| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # |
|
||||
| controller.enableTopologyAwareRouting | bool | `false` | This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode="auto" Defaults to false |
|
||||
| controller.existingPsp | string | `""` | Use an existing PSP instead of creating one |
|
||||
| controller.extraArgs | object | `{}` | Additional command line arguments to pass to Ingress-Nginx Controller E.g. to specify the default SSL certificate you can use |
|
||||
| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. |
|
||||
| controller.extraEnvs | list | `[]` | Additional environment variables to set |
|
||||
| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. |
|
||||
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. |
|
||||
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module |
|
||||
| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. |
|
||||
| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. |
|
||||
| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. |
|
||||
|
@ -340,21 +317,19 @@ metadata:
|
|||
| controller.hostname | object | `{}` | Optionally customize the pod hostname. |
|
||||
| controller.image.allowPrivilegeEscalation | bool | `false` | |
|
||||
| controller.image.chroot | bool | `false` | |
|
||||
| controller.image.digest | string | `"sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa"` | |
|
||||
| controller.image.digestChroot | string | `"sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3"` | |
|
||||
| controller.image.digest | string | `"sha256:c84d11b1f7bd14ebbf49918a7f0dc01b31c0c6e757e0129520ea93453096315c"` | |
|
||||
| controller.image.digestChroot | string | `"sha256:030a43bdd5f0212a7e135cc4da76b15a6706ef65a6824eb4cc401f87a81c2987"` | |
|
||||
| controller.image.image | string | `"ingress-nginx/controller"` | |
|
||||
| controller.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| controller.image.readOnlyRootFilesystem | bool | `false` | |
|
||||
| controller.image.runAsGroup | int | `82` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
|
||||
| controller.image.registry | string | `"registry.k8s.io"` | |
|
||||
| controller.image.runAsNonRoot | bool | `true` | |
|
||||
| controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) |
|
||||
| controller.image.runAsUser | int | `101` | |
|
||||
| controller.image.seccompProfile.type | string | `"RuntimeDefault"` | |
|
||||
| controller.image.tag | string | `"v1.12.0"` | |
|
||||
| controller.image.tag | string | `"v1.10.5"` | |
|
||||
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
|
||||
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
|
||||
| controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
|
||||
| controller.ingressClassResource.aliases | list | `[]` | Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name. Useful for development environments with only one Ingress Controller but production-like Ingress resources. `default` gets enabled on the original IngressClass only. |
|
||||
| controller.ingressClassResource.annotations | object | `{}` | Annotations to be added to the IngressClass resource. |
|
||||
| controller.ingressClassResource | object | `{"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
|
||||
| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value. This value is also being set as the `--controller-class` argument of this Ingress Controller. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class |
|
||||
| controller.ingressClassResource.default | bool | `false` | If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation. Ingress creation gets rejected if there are multiple default IngressClasses. Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class |
|
||||
| controller.ingressClassResource.enabled | bool | `true` | Create the IngressClass or not |
|
||||
|
@ -386,11 +361,9 @@ metadata:
|
|||
| controller.metrics.port | int | `10254` | |
|
||||
| controller.metrics.portName | string | `"metrics"` | |
|
||||
| controller.metrics.prometheusRule.additionalLabels | object | `{}` | |
|
||||
| controller.metrics.prometheusRule.annotations | object | `{}` | Annotations to be added to the PrometheusRule. |
|
||||
| controller.metrics.prometheusRule.enabled | bool | `false` | |
|
||||
| controller.metrics.prometheusRule.rules | list | `[]` | |
|
||||
| controller.metrics.service.annotations | object | `{}` | |
|
||||
| controller.metrics.service.enabled | bool | `true` | Enable the metrics service or not. |
|
||||
| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
|
||||
| controller.metrics.service.labels | object | `{}` | Labels to be added to the metrics service resource |
|
||||
| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | |
|
||||
|
@ -399,27 +372,35 @@ metadata:
|
|||
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | |
|
||||
| controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. |
|
||||
| controller.metrics.serviceMonitor.enabled | bool | `false` | |
|
||||
| controller.metrics.serviceMonitor.labelLimit | int | `0` | Per-scrape limit on number of labels that will be accepted for a sample. |
|
||||
| controller.metrics.serviceMonitor.labelNameLengthLimit | int | `0` | Per-scrape limit on length of labels name that will be accepted for a sample. |
|
||||
| controller.metrics.serviceMonitor.labelValueLengthLimit | int | `0` | Per-scrape limit on length of labels value that will be accepted for a sample. |
|
||||
| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| controller.metrics.serviceMonitor.namespace | string | `""` | |
|
||||
| controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | |
|
||||
| controller.metrics.serviceMonitor.relabelings | list | `[]` | |
|
||||
| controller.metrics.serviceMonitor.sampleLimit | int | `0` | Defines a per-scrape limit on the number of scraped samples that will be accepted. |
|
||||
| controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | |
|
||||
| controller.metrics.serviceMonitor.targetLabels | list | `[]` | |
|
||||
| controller.metrics.serviceMonitor.targetLimit | int | `0` | Defines a limit on the number of scraped targets that will be accepted. |
|
||||
| controller.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
|
||||
| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
|
||||
| controller.name | string | `"controller"` | |
|
||||
| controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
|
||||
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
|
||||
| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||
| controller.opentelemetry.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
|
||||
| controller.opentelemetry.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | |
|
||||
| controller.opentelemetry.containerSecurityContext.runAsNonRoot | bool | `true` | |
|
||||
| controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
|
||||
| controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
|
||||
| controller.opentelemetry.enabled | bool | `false` | |
|
||||
| controller.opentelemetry.image.digest | string | `"sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922"` | |
|
||||
| controller.opentelemetry.image.distroless | bool | `true` | |
|
||||
| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry-1.25.3"` | |
|
||||
| controller.opentelemetry.image.registry | string | `"registry.k8s.io"` | |
|
||||
| controller.opentelemetry.image.tag | string | `"v20240813-b933310d"` | |
|
||||
| controller.opentelemetry.name | string | `"opentelemetry"` | |
|
||||
| controller.opentelemetry.resources | object | `{}` | |
|
||||
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
|
||||
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
|
||||
| controller.podSecurityContext | object | `{}` | Security context for controller pods |
|
||||
| controller.priorityClassName | string | `""` | |
|
||||
| controller.progressDeadlineSeconds | int | `0` | Specifies the number of seconds you want to wait for the controller deployment to progress before the system reports back that it has failed. Ref.: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds |
|
||||
| controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers |
|
||||
| controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. |
|
||||
| controller.publishService.enabled | bool | `true` | Enable 'publishService' or not |
|
||||
|
@ -442,24 +423,20 @@ metadata:
|
|||
| controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. |
|
||||
| controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
|
||||
| controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
|
||||
| controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
|
||||
| controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. |
|
||||
| controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. |
|
||||
| controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. |
|
||||
| controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. |
|
||||
| controller.service.external.labels | object | `{}` | Labels to be added to the external controller service. |
|
||||
| controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
|
||||
| controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
|
||||
| controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
|
||||
| controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol |
|
||||
| controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
|
||||
| controller.service.internal.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
|
||||
| controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. |
|
||||
| controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips |
|
||||
| controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
|
||||
| controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
|
||||
| controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
|
||||
| controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. |
|
||||
| controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class |
|
||||
| controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
|
||||
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. |
|
||||
|
@ -470,7 +447,6 @@ metadata:
|
|||
| controller.service.internal.ports | object | `{}` | |
|
||||
| controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
|
||||
| controller.service.internal.targetPorts | object | `{}` | |
|
||||
| controller.service.internal.trafficDistribution | string | `""` | Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
|
||||
| controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
|
||||
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
|
||||
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services |
|
||||
|
@ -487,7 +463,6 @@ metadata:
|
|||
| controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity |
|
||||
| controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. |
|
||||
| controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. |
|
||||
| controller.service.trafficDistribution | string | `""` | Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution |
|
||||
| controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
|
||||
| controller.shareProcessNamespace | bool | `false` | |
|
||||
| controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ |
|
||||
|
@ -498,10 +473,9 @@ metadata:
|
|||
| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # |
|
||||
| controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap |
|
||||
| controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) |
|
||||
| controller.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
|
||||
| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
|
||||
| controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false |
|
||||
| defaultBackend.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
|
||||
| defaultBackend.affinity | object | `{}` | |
|
||||
| defaultBackend.autoscaling.annotations | object | `{}` | |
|
||||
| defaultBackend.autoscaling.enabled | bool | `false` | |
|
||||
| defaultBackend.autoscaling.maxReplicas | int | `2` | |
|
||||
|
@ -510,6 +484,7 @@ metadata:
|
|||
| defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
|
||||
| defaultBackend.containerSecurityContext | object | `{}` | Security context for default backend containers |
|
||||
| defaultBackend.enabled | bool | `false` | |
|
||||
| defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one |
|
||||
| defaultBackend.extraArgs | object | `{}` | |
|
||||
| defaultBackend.extraConfigMaps | list | `[]` | |
|
||||
| defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods |
|
||||
|
@ -519,7 +494,7 @@ metadata:
|
|||
| defaultBackend.image.image | string | `"defaultbackend-amd64"` | |
|
||||
| defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| defaultBackend.image.readOnlyRootFilesystem | bool | `true` | |
|
||||
| defaultBackend.image.runAsGroup | int | `65534` | |
|
||||
| defaultBackend.image.registry | string | `"registry.k8s.io"` | |
|
||||
| defaultBackend.image.runAsNonRoot | bool | `true` | |
|
||||
| defaultBackend.image.runAsUser | int | `65534` | |
|
||||
| defaultBackend.image.seccompProfile.type | string | `"RuntimeDefault"` | |
|
||||
|
@ -530,7 +505,7 @@ metadata:
|
|||
| defaultBackend.livenessProbe.periodSeconds | int | `10` | |
|
||||
| defaultBackend.livenessProbe.successThreshold | int | `1` | |
|
||||
| defaultBackend.livenessProbe.timeoutSeconds | int | `5` | |
|
||||
| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. |
|
||||
| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. |
|
||||
| defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
|
||||
| defaultBackend.name | string | `"defaultbackend"` | |
|
||||
| defaultBackend.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
|
||||
|
@ -548,7 +523,6 @@ metadata:
|
|||
| defaultBackend.replicaCount | int | `1` | |
|
||||
| defaultBackend.resources | object | `{}` | |
|
||||
| defaultBackend.service.annotations | object | `{}` | |
|
||||
| defaultBackend.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address |
|
||||
| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
|
||||
| defaultBackend.service.loadBalancerSourceRanges | list | `[]` | |
|
||||
| defaultBackend.service.servicePort | int | `80` | |
|
||||
|
@ -557,13 +531,11 @@ metadata:
|
|||
| defaultBackend.serviceAccount.create | bool | `true` | |
|
||||
| defaultBackend.serviceAccount.name | string | `""` | |
|
||||
| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # |
|
||||
| defaultBackend.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
|
||||
| defaultBackend.unhealthyPodEvictionPolicy | string | `""` | Eviction policy for unhealthy pods guarded by PodDisruptionBudget. Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ |
|
||||
| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # |
|
||||
| dhParam | string | `""` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param |
|
||||
| global.image.registry | string | `"registry.k8s.io"` | Registry host to pull images from. |
|
||||
| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
|
||||
| namespaceOverride | string | `""` | Override the deployment namespace; defaults to .Release.Namespace |
|
||||
| podSecurityPolicy.enabled | bool | `false` | |
|
||||
| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration |
|
||||
| rbac.create | bool | `true` | |
|
||||
| rbac.scope | bool | `false` | |
|
||||
|
|
|
@ -226,22 +226,4 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
|
|||
|
||||
As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
|
||||
|
||||
### Pod Security Admission
|
||||
|
||||
You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
|
||||
|
||||
Example:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
labels:
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
name: ingress-nginx
|
||||
pod-security.kubernetes.io/enforce: restricted
|
||||
pod-security.kubernetes.io/enforce-version: v1.31
|
||||
```
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
|
||||
|
||||
### 4.10.6
|
||||
|
||||
* CI: Fix chart testing. (#12260)
|
||||
* Update Ingress-Nginx version controller-v1.10.6
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.5...helm-chart-4.10.6
|
|
@ -1,18 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
|
||||
|
||||
### 4.11.0
|
||||
|
||||
* Chores: Align security contacts & chart maintainers to actual owners. (#11465)
|
||||
* Merge pull request #11277 from strongjz/chart-1.10.1 (#11415)
|
||||
* Fix helm install on cloud provider admonition block (#11394)
|
||||
* edited helm-install tips (#11393)
|
||||
* added info for aws helm install (#11390)
|
||||
* add workflow to helm release and update ct for branch (#11378)
|
||||
* release helm chart from release branch (#11276)
|
||||
* update post submit helm ci and clean up (#11220)
|
||||
* refactor helm ci tests part I (#11178)
|
||||
* Update Ingress-Nginx version controller-v1.11.0
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.2...helm-chart-4.11.0
|
|
@ -1,9 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
|
||||
|
||||
### 4.11.1
|
||||
|
||||
* Update Ingress-Nginx version controller-v1.11.1
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.11.1
|
|
@ -1,9 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
|
||||
|
||||
### 4.11.2
|
||||
|
||||
* Update Ingress-Nginx version controller-v1.11.2
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.1...helm-chart-4.11.2
|
|
@ -1,9 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
|
||||
|
||||
### 4.11.3
|
||||
|
||||
* Update Ingress-Nginx version controller-v1.11.3
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.2...helm-chart-4.11.3
|
|
@ -1,10 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
|
||||
|
||||
### 4.11.4
|
||||
|
||||
* CI: Fix chart testing. (#12259)
|
||||
* Update Ingress-Nginx version controller-v1.11.4
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.3...helm-chart-4.11.4
|
|
@ -1,9 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
|
||||
|
||||
### 4.12.0-beta.0
|
||||
|
||||
* Update Ingress-Nginx version controller-v1.12.0-beta.0
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.12.0-beta.0
|
|
@ -1,10 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
|
||||
|
||||
### 4.12.0
|
||||
|
||||
* CI: Fix chart testing. (#12258)
|
||||
* Update Ingress-Nginx version controller-v1.12.0
|
||||
|
||||
**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.0...helm-chart-4.12.0
|
|
@ -0,0 +1,30 @@
|
|||
controller:
|
||||
image:
|
||||
repository: ingress-controller/controller
|
||||
tag: 1.0.0-dev
|
||||
digest: null
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
||||
kind: DaemonSet
|
||||
|
||||
extraModules:
|
||||
- name: opentelemetry
|
||||
image:
|
||||
registry: registry.k8s.io
|
||||
image: ingress-nginx/opentelemetry-1.25.3
|
||||
tag: v20240813-b933310d
|
||||
digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
|
||||
distroless: true
|
||||
containerSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
runAsGroup: 65532
|
||||
allowPrivilegeEscalation: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
|
@ -0,0 +1,13 @@
|
|||
controller:
|
||||
image:
|
||||
repository: ingress-controller/controller
|
||||
tag: 1.0.0-dev
|
||||
digest: null
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
||||
kind: DaemonSet
|
||||
|
||||
opentelemetry:
|
||||
enabled: true
|
|
@ -0,0 +1,30 @@
|
|||
controller:
|
||||
image:
|
||||
repository: ingress-controller/controller
|
||||
tag: 1.0.0-dev
|
||||
digest: null
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
||||
kind: Deployment
|
||||
|
||||
extraModules:
|
||||
- name: opentelemetry
|
||||
image:
|
||||
registry: registry.k8s.io
|
||||
image: ingress-nginx/opentelemetry-1.25.3
|
||||
tag: v20240813-b933310d
|
||||
digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
|
||||
distroless: true
|
||||
containerSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
runAsGroup: 65532
|
||||
allowPrivilegeEscalation: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
|
@ -0,0 +1,13 @@
|
|||
controller:
|
||||
image:
|
||||
repository: ingress-controller/controller
|
||||
tag: 1.0.0-dev
|
||||
digest: null
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
||||
kind: Deployment
|
||||
|
||||
opentelemetry:
|
||||
enabled: true
|
|
@ -9,7 +9,5 @@ controller:
|
|||
|
||||
internal:
|
||||
enabled: true
|
||||
labels:
|
||||
external-dns.alpha.kubernetes.io/hostname: internal.example.com
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
|
||||
|
|
|
@ -7,10 +7,6 @@ controller:
|
|||
service:
|
||||
type: NodePort
|
||||
|
||||
external:
|
||||
labels:
|
||||
external-dns.alpha.kubernetes.io/hostname: external.example.com
|
||||
|
||||
nodePorts:
|
||||
tcp:
|
||||
9000: 30090
|
||||
|
|
13
charts/ingress-nginx/ci/deamonset-psp-values.yaml
Normal file
13
charts/ingress-nginx/ci/deamonset-psp-values.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
controller:
|
||||
kind: DaemonSet
|
||||
image:
|
||||
repository: ingress-controller/controller
|
||||
tag: 1.0.0-dev
|
||||
digest: null
|
||||
admissionWebhooks:
|
||||
enabled: false
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
||||
podSecurityPolicy:
|
||||
enabled: true
|
|
@ -0,0 +1,13 @@
|
|||
controller:
|
||||
kind: DaemonSet
|
||||
image:
|
||||
repository: ingress-controller/controller
|
||||
tag: 1.0.0-dev
|
||||
digest: null
|
||||
admissionWebhooks:
|
||||
enabled: true
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
||||
podSecurityPolicy:
|
||||
enabled: true
|
10
charts/ingress-nginx/ci/deployment-psp-values.yaml
Normal file
10
charts/ingress-nginx/ci/deployment-psp-values.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
controller:
|
||||
image:
|
||||
repository: ingress-controller/controller
|
||||
tag: 1.0.0-dev
|
||||
digest: null
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
||||
podSecurityPolicy:
|
||||
enabled: true
|
|
@ -0,0 +1,12 @@
|
|||
controller:
|
||||
image:
|
||||
repository: ingress-controller/controller
|
||||
tag: 1.0.0-dev
|
||||
digest: null
|
||||
admissionWebhooks:
|
||||
enabled: true
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
||||
podSecurityPolicy:
|
||||
enabled: true
|
|
@ -47,7 +47,6 @@ Controller container security context.
|
|||
{{- else -}}
|
||||
runAsNonRoot: {{ .Values.controller.image.runAsNonRoot }}
|
||||
runAsUser: {{ .Values.controller.image.runAsUser }}
|
||||
runAsGroup: {{ .Values.controller.image.runAsGroup }}
|
||||
allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }}
|
||||
{{- if .Values.controller.image.seccompProfile }}
|
||||
seccompProfile: {{ toYaml .Values.controller.image.seccompProfile | nindent 2 }}
|
||||
|
@ -168,17 +167,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
|
|||
{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.admissionWebhooks.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the admission webhook patch job service account to use
|
||||
*/}}
|
||||
{{- define "ingress-nginx.admissionWebhooks.patch.serviceAccountName" -}}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.serviceAccount.create -}}
|
||||
{{ default (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified admission webhook secret creation job name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
|
@ -223,7 +211,6 @@ Default backend container security context.
|
|||
{{- else -}}
|
||||
runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
|
||||
runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
|
||||
runAsGroup: {{ .Values.defaultBackend.image.runAsGroup }}
|
||||
allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
|
||||
{{- if .Values.defaultBackend.image.seccompProfile }}
|
||||
seccompProfile: {{ toYaml .Values.defaultBackend.image.seccompProfile | nindent 2 }}
|
||||
|
@ -235,6 +222,17 @@ readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem }
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiGroup for PodSecurityPolicy.
|
||||
*/}}
|
||||
{{- define "podSecurityPolicy.apiGroup" -}}
|
||||
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
{{- print "policy" -}}
|
||||
{{- else -}}
|
||||
{{- print "extensions" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Extra modules.
|
||||
*/}}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{{- define "ingress-nginx.params" -}}
|
||||
- /nginx-ingress-controller
|
||||
{{- if not .Values.controller.enableAnnotationValidations }}
|
||||
- --enable-annotation-validation=false
|
||||
{{- if .Values.controller.enableAnnotationValidations }}
|
||||
- --enable-annotation-validation=true
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.enabled }}
|
||||
- --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }}
|
||||
|
@ -54,18 +54,12 @@
|
|||
{{- if .Values.controller.watchIngressWithoutClass }}
|
||||
- --watch-ingress-without-class=true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.enabled }}
|
||||
{{- if not .Values.controller.metrics.enabled }}
|
||||
- --enable-metrics={{ .Values.controller.metrics.enabled }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.enableTopologyAwareRouting }}
|
||||
- --enable-topology-aware-routing=true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.disableLeaderElection }}
|
||||
- --disable-leader-election=true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.electionTTL }}
|
||||
- --election-ttl={{ .Values.controller.electionTTL }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.controller.extraArgs }}
|
||||
{{- /* Accept keys without values or with false as value */}}
|
||||
{{- if eq ($value | quote | len) 2 }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
|
@ -20,4 +20,14 @@ rules:
|
|||
verbs:
|
||||
- get
|
||||
- update
|
||||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
{{- with .Values.controller.admissionWebhooks.existingPsp }}
|
||||
resourceNames: [{{ . }}]
|
||||
{{- else }}
|
||||
resourceNames: [{{ include "ingress-nginx.admissionWebhooks.fullname" . }}]
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
|
@ -18,6 +18,6 @@ roleRef:
|
|||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
{{- end }}
|
||||
|
|
|
@ -42,7 +42,7 @@ spec:
|
|||
{{- end }}
|
||||
containers:
|
||||
- name: create
|
||||
{{- with (merge .Values.controller.admissionWebhooks.patch.image .Values.global.image) }}
|
||||
{{- with .Values.controller.admissionWebhooks.patch.image }}
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
|
||||
|
@ -66,8 +66,7 @@ spec:
|
|||
resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
|
||||
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -42,7 +42,7 @@ spec:
|
|||
{{- end }}
|
||||
containers:
|
||||
- name: patch
|
||||
{{- with (merge .Values.controller.admissionWebhooks.patch.image .Values.global.image) }}
|
||||
{{- with .Values.controller.admissionWebhooks.patch.image }}
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
|
||||
|
@ -68,8 +68,7 @@ spec:
|
|||
resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
|
||||
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
|
||||
{{- if and .Values.podSecurityPolicy.enabled .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
{{- with .Values.controller.admissionWebhooks.patch.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
hostPID: false
|
||||
hostIPC: false
|
||||
hostNetwork: false
|
||||
volumes:
|
||||
- configMap
|
||||
- downwardAPI
|
||||
- emptyDir
|
||||
- secret
|
||||
- projected
|
||||
fsGroup:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser:
|
||||
rule: MustRunAsNonRoot
|
||||
runAsGroup:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
supplementalGroups:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.rbac.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
|
@ -19,6 +19,6 @@ roleRef:
|
|||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.serviceAccount.create (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }}
|
||||
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
|
@ -13,5 +13,4 @@ metadata:
|
|||
{{- with .Values.controller.admissionWebhooks.patch.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
|
||||
{{- end }}
|
||||
|
|
|
@ -13,9 +13,7 @@ metadata:
|
|||
name: {{ include "ingress-nginx.controller.fullname" . }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
data:
|
||||
{{- if .Values.controller.allowSnippetAnnotations }}
|
||||
allow-snippet-annotations: "true"
|
||||
{{- end }}
|
||||
allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}"
|
||||
{{- if .Values.controller.addHeaders }}
|
||||
add-headers: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
|
||||
{{- end }}
|
||||
|
@ -26,5 +24,5 @@ data:
|
|||
ssl-dh-param: {{ include "ingress-nginx.namespace" . }}/{{ include "ingress-nginx.controller.fullname" . }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.controller.config }}
|
||||
{{- $key | nindent 2 }}: {{ tpl (toString $value) $ | quote }}
|
||||
{{- $key | nindent 2 }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
|
|
|
@ -75,7 +75,7 @@ spec:
|
|||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Values.controller.containerName }}
|
||||
{{- with (merge .Values.controller.image .Values.global.image) }}
|
||||
{{- with .Values.controller.image }}
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||||
|
@ -144,9 +144,9 @@ spec:
|
|||
hostPort: {{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
||||
volumeMounts:
|
||||
{{- if .Values.controller.extraModules }}
|
||||
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
||||
- name: modules
|
||||
{{- if .Values.controller.image.chroot }}
|
||||
mountPath: /chroot/modules_mount
|
||||
|
@ -174,7 +174,7 @@ spec:
|
|||
{{- if .Values.controller.extraContainers }}
|
||||
{{- toYaml .Values.controller.extraContainers | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }}
|
||||
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
||||
initContainers:
|
||||
{{- if .Values.controller.extraInitContainers }}
|
||||
{{- toYaml .Values.controller.extraInitContainers | nindent 8 }}
|
||||
|
@ -182,7 +182,13 @@ spec:
|
|||
{{- if .Values.controller.extraModules }}
|
||||
{{- range .Values.controller.extraModules }}
|
||||
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
||||
{{- include "extraModules" (dict "name" .name "image" (merge .image $.Values.global.image) "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.opentelemetry.enabled }}
|
||||
{{- with .Values.controller.opentelemetry }}
|
||||
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -196,17 +202,16 @@ spec:
|
|||
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.affinity }}
|
||||
affinity: {{ tpl (toYaml .Values.controller.affinity) $ | nindent 8 }}
|
||||
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
||||
volumes:
|
||||
{{- if .Values.controller.extraModules }}
|
||||
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
|
||||
- name: modules
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
|
|
|
@ -22,9 +22,6 @@ spec:
|
|||
replicas: {{ .Values.controller.replicaCount }}
|
||||
{{- end }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
{{- if .Values.controller.progressDeadlineSeconds }}
|
||||
progressDeadlineSeconds: {{ .Values.controller.progressDeadlineSeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.updateStrategy }}
|
||||
strategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
|
@ -81,7 +78,7 @@ spec:
|
|||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Values.controller.containerName }}
|
||||
{{- with (merge .Values.controller.image .Values.global.image) }}
|
||||
{{- with .Values.controller.image }}
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{ end }}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||||
|
@ -150,9 +147,9 @@ spec:
|
|||
hostPort: {{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
||||
volumeMounts:
|
||||
{{- if .Values.controller.extraModules }}
|
||||
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
||||
- name: modules
|
||||
{{- if .Values.controller.image.chroot }}
|
||||
mountPath: /chroot/modules_mount
|
||||
|
@ -180,7 +177,7 @@ spec:
|
|||
{{- if .Values.controller.extraContainers }}
|
||||
{{- toYaml .Values.controller.extraContainers | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }}
|
||||
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
||||
initContainers:
|
||||
{{- if .Values.controller.extraInitContainers }}
|
||||
{{- toYaml .Values.controller.extraInitContainers | nindent 8 }}
|
||||
|
@ -188,7 +185,13 @@ spec:
|
|||
{{- if .Values.controller.extraModules }}
|
||||
{{- range .Values.controller.extraModules }}
|
||||
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
||||
{{- include "extraModules" (dict "name" .name "image" (merge .image $.Values.global.image) "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.opentelemetry.enabled }}
|
||||
{{- with .Values.controller.opentelemetry }}
|
||||
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
||||
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -202,17 +205,16 @@ spec:
|
|||
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.affinity }}
|
||||
affinity: {{ tpl (toYaml .Values.controller.affinity) $ | nindent 8 }}
|
||||
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
||||
volumes:
|
||||
{{- if .Values.controller.extraModules }}
|
||||
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
|
||||
- name: modules
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
{{- if .Values.controller.ingressClassResource.enabled -}}
|
||||
{{- range .Values.controller.ingressClassResource.aliases }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" $ | nindent 4 }}
|
||||
app.kubernetes.io/component: controller
|
||||
{{- with $.Values.controller.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ . }}
|
||||
{{- if $.Values.controller.ingressClassResource.annotations }}
|
||||
annotations: {{ toYaml $.Values.controller.ingressClassResource.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
controller: {{ $.Values.controller.ingressClassResource.controllerValue }}
|
||||
{{- with $.Values.controller.ingressClassResource.parameters }}
|
||||
parameters: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -9,14 +9,9 @@ metadata:
|
|||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ .Values.controller.ingressClassResource.name }}
|
||||
{{- if or .Values.controller.ingressClassResource.default .Values.controller.ingressClassResource.annotations }}
|
||||
{{- if .Values.controller.ingressClassResource.default }}
|
||||
annotations:
|
||||
{{- if .Values.controller.ingressClassResource.default }}
|
||||
ingressclass.kubernetes.io/is-default-class: "true"
|
||||
{{- end }}
|
||||
{{- if .Values.controller.ingressClassResource.annotations }}
|
||||
{{- toYaml .Values.controller.ingressClassResource.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
controller: {{ .Values.controller.ingressClassResource.controllerValue }}
|
||||
|
|
|
@ -32,8 +32,5 @@ spec:
|
|||
{{- else if .Values.controller.maxUnavailable }}
|
||||
maxUnavailable: {{ .Values.controller.maxUnavailable }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.unhealthyPodEvictionPolicy }}
|
||||
unhealthyPodEvictionPolicy: {{ .Values.controller.unhealthyPodEvictionPolicy }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -14,9 +14,6 @@ metadata:
|
|||
{{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
|
||||
{{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.prometheusRule.annotations }}
|
||||
annotations: {{ toYaml .Values.controller.metrics.prometheusRule.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.controller.metrics.prometheusRule.rules }}
|
||||
groups:
|
||||
|
|
100
charts/ingress-nginx/templates/controller-psp.yaml
Normal file
100
charts/ingress-nginx/templates/controller-psp.yaml
Normal file
|
@ -0,0 +1,100 @@
|
|||
{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
|
||||
{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}
|
||||
annotations:
|
||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: controller
|
||||
{{- with .Values.controller.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
hostPID: false
|
||||
hostIPC: false
|
||||
hostNetwork: {{ .Values.controller.hostNetwork }}
|
||||
{{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }}
|
||||
hostPorts:
|
||||
{{- if .Values.controller.hostNetwork }}
|
||||
{{- range $key, $value := .Values.controller.containerPort }}
|
||||
# controller.containerPort.{{ $key }}
|
||||
- min: {{ $value }}
|
||||
max: {{ $value }}
|
||||
{{- end }}
|
||||
{{- else if .Values.controller.hostPort.enabled }}
|
||||
{{- range $key, $value := .Values.controller.hostPort.ports }}
|
||||
# controller.hostPort.ports.{{ $key }}
|
||||
- min: {{ $value }}
|
||||
max: {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.enabled }}
|
||||
# controller.metrics.port
|
||||
- min: {{ .Values.controller.metrics.port }}
|
||||
max: {{ .Values.controller.metrics.port }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
# controller.admissionWebhooks.port
|
||||
- min: {{ .Values.controller.admissionWebhooks.port }}
|
||||
max: {{ .Values.controller.admissionWebhooks.port }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.tcp }}
|
||||
# tcp.{{ $key }}
|
||||
- min: {{ $key }}
|
||||
max: {{ $key }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.udp }}
|
||||
# udp.{{ $key }}
|
||||
- min: {{ $key }}
|
||||
max: {{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- configMap
|
||||
- downwardAPI
|
||||
- emptyDir
|
||||
- secret
|
||||
- projected
|
||||
fsGroup:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
runAsUser:
|
||||
rule: MustRunAsNonRoot
|
||||
runAsGroup:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
supplementalGroups:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }}
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
allowedCapabilities:
|
||||
- NET_BIND_SERVICE
|
||||
{{- if .Values.controller.image.chroot }}
|
||||
{{- if .Values.controller.image.seccompProfile }}
|
||||
- SYS_ADMIN
|
||||
{{- end }}
|
||||
- SYS_CHROOT
|
||||
{{- end }}
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
{{- if .Values.controller.sysctls }}
|
||||
allowedUnsafeSysctls:
|
||||
{{- range $sysctl, $value := .Values.controller.sysctls }}
|
||||
- {{ $sysctl }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -91,4 +91,14 @@ rules:
|
|||
- list
|
||||
- watch
|
||||
- get
|
||||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
{{- with .Values.controller.existingPsp }}
|
||||
resourceNames: [{{ . }}]
|
||||
{{- else }}
|
||||
resourceNames: [{{ include "ingress-nginx.fullname" . }}]
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -12,9 +12,6 @@ metadata:
|
|||
{{- if .Values.controller.service.labels }}
|
||||
{{- toYaml .Values.controller.service.labels | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.labels }}
|
||||
{{- toYaml .Values.controller.service.internal.labels | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "ingress-nginx.controller.fullname" . }}-internal
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
spec:
|
||||
|
@ -22,9 +19,6 @@ spec:
|
|||
{{- if .Values.controller.service.internal.clusterIP }}
|
||||
clusterIP: {{ .Values.controller.service.internal.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.clusterIPs }}
|
||||
clusterIPs: {{ toYaml .Values.controller.service.internal.clusterIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.internal.externalIPs }}
|
||||
externalIPs: {{ toYaml .Values.controller.service.internal.externalIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
|
@ -49,11 +43,6 @@ spec:
|
|||
{{- if .Values.controller.service.internal.healthCheckNodePort }}
|
||||
healthCheckNodePort: {{ .Values.controller.service.internal.healthCheckNodePort }}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.31.0-0" .Capabilities.KubeVersion.Version -}}
|
||||
{{- if .Values.controller.service.internal.trafficDistribution }}
|
||||
trafficDistribution: {{ .Values.controller.service.internal.trafficDistribution }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}}
|
||||
{{- if .Values.controller.service.internal.ipFamilyPolicy }}
|
||||
ipFamilyPolicy: {{ .Values.controller.service.internal.ipFamilyPolicy }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.service.enabled -}}
|
||||
{{- if .Values.controller.metrics.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
|
@ -12,9 +12,6 @@ metadata:
|
|||
{{- if .Values.controller.service.labels }}
|
||||
{{- toYaml .Values.controller.service.labels | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.external.labels }}
|
||||
{{- toYaml .Values.controller.service.external.labels | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "ingress-nginx.controller.fullname" . }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
spec:
|
||||
|
@ -22,9 +19,6 @@ spec:
|
|||
{{- if .Values.controller.service.clusterIP }}
|
||||
clusterIP: {{ .Values.controller.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.clusterIPs }}
|
||||
clusterIPs: {{ toYaml .Values.controller.service.clusterIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.externalIPs }}
|
||||
externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
|
@ -49,11 +43,6 @@ spec:
|
|||
{{- if .Values.controller.service.healthCheckNodePort }}
|
||||
healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.31.0-0" .Capabilities.KubeVersion.Version -}}
|
||||
{{- if .Values.controller.service.trafficDistribution }}
|
||||
trafficDistribution: {{ .Values.controller.service.trafficDistribution }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}}
|
||||
{{- if .Values.controller.service.ipFamilyPolicy }}
|
||||
ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }}
|
||||
|
|
|
@ -3,63 +3,51 @@ apiVersion: monitoring.coreos.com/v1
|
|||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.controller.fullname" . }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
|
||||
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
|
||||
{{- else }}
|
||||
{{- else }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: controller
|
||||
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.annotations }}
|
||||
annotations: {{ toYaml .Values.controller.metrics.serviceMonitor.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
|
||||
endpoints:
|
||||
- port: {{ .Values.controller.metrics.portName }}
|
||||
interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
|
||||
honorLabels: true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.relabelings }}
|
||||
relabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.relabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.jobLabel }}
|
||||
jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
|
||||
namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }}
|
||||
{{- else }}
|
||||
{{- else }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ include "ingress-nginx.namespace" . }}
|
||||
- {{ include "ingress-nginx.namespace" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- range .Values.controller.metrics.serviceMonitor.targetLabels }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
|
||||
app.kubernetes.io/component: controller
|
||||
endpoints:
|
||||
- port: {{ .Values.controller.metrics.portName }}
|
||||
interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
|
||||
honorLabels: true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.relabelings }}
|
||||
relabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.relabelings | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.jobLabel }}
|
||||
jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
|
||||
targetLabels: {{ toYaml .Values.controller.metrics.serviceMonitor.targetLabels | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.labelLimit }}
|
||||
labelLimit: {{ .Values.controller.metrics.serviceMonitor.labelLimit }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.labelNameLengthLimit }}
|
||||
labelNameLengthLimit: {{ .Values.controller.metrics.serviceMonitor.labelNameLengthLimit }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.labelValueLengthLimit }}
|
||||
labelValueLengthLimit: {{ .Values.controller.metrics.serviceMonitor.labelValueLengthLimit }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.sampleLimit }}
|
||||
sampleLimit: {{ .Values.controller.metrics.serviceMonitor.sampleLimit }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.targetLimit }}
|
||||
targetLimit: {{ .Values.controller.metrics.serviceMonitor.targetLimit }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -50,7 +50,7 @@ spec:
|
|||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "ingress-nginx.name" . }}-default-backend
|
||||
{{- with (merge .Values.defaultBackend.image .Values.global.image) }}
|
||||
{{- with .Values.defaultBackend.image }}
|
||||
image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
|
||||
|
@ -103,15 +103,11 @@ spec:
|
|||
nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "ingress-nginx.defaultBackend.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
|
||||
{{- if .Values.defaultBackend.tolerations }}
|
||||
tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.affinity }}
|
||||
affinity: {{ tpl (toYaml .Values.defaultBackend.affinity) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{ tpl (toYaml .Values.defaultBackend.topologySpreadConstraints) $ | nindent 8 }}
|
||||
affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
terminationGracePeriodSeconds: 60
|
||||
{{- if .Values.defaultBackend.extraVolumes }}
|
||||
|
|
|
@ -20,13 +20,6 @@ spec:
|
|||
matchLabels:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
|
||||
app.kubernetes.io/component: default-backend
|
||||
{{- if and .Values.defaultBackend.minAvailable (not (hasKey .Values.defaultBackend "maxUnavailable")) }}
|
||||
minAvailable: {{ .Values.defaultBackend.minAvailable }}
|
||||
{{- else if .Values.defaultBackend.maxUnavailable }}
|
||||
maxUnavailable: {{ .Values.defaultBackend.maxUnavailable }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.unhealthyPodEvictionPolicy }}
|
||||
unhealthyPodEvictionPolicy: {{ .Values.defaultBackend.unhealthyPodEvictionPolicy }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
50
charts/ingress-nginx/templates/default-backend-psp.yaml
Normal file
50
charts/ingress-nginx/templates/default-backend-psp.yaml
Normal file
|
@ -0,0 +1,50 @@
|
|||
{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
|
||||
{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-backend
|
||||
annotations:
|
||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: default-backend
|
||||
{{- with .Values.defaultBackend.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
hostPID: false
|
||||
hostIPC: false
|
||||
hostNetwork: false
|
||||
volumes:
|
||||
- configMap
|
||||
- downwardAPI
|
||||
- emptyDir
|
||||
- secret
|
||||
- projected
|
||||
fsGroup:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser:
|
||||
rule: MustRunAsNonRoot
|
||||
runAsGroup:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
supplementalGroups:
|
||||
rule: MustRunAs
|
||||
ranges:
|
||||
- min: 1
|
||||
max: 65535
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
{{- end }}
|
||||
{{- end }}
|
22
charts/ingress-nginx/templates/default-backend-role.yaml
Normal file
22
charts/ingress-nginx/templates/default-backend-role.yaml
Normal file
|
@ -0,0 +1,22 @@
|
|||
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: default-backend
|
||||
{{- with .Values.defaultBackend.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "ingress-nginx.fullname" . }}-backend
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
rules:
|
||||
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
{{- with .Values.defaultBackend.existingPsp }}
|
||||
resourceNames: [{{ . }}]
|
||||
{{- else }}
|
||||
resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,21 @@
|
|||
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: default-backend
|
||||
{{- with .Values.defaultBackend.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "ingress-nginx.fullname" . }}-backend
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "ingress-nginx.fullname" . }}-backend
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
|
||||
namespace: {{ include "ingress-nginx.namespace" . }}
|
||||
{{- end }}
|
|
@ -18,9 +18,6 @@ spec:
|
|||
{{- if .Values.defaultBackend.service.clusterIP }}
|
||||
clusterIP: {{ .Values.defaultBackend.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.service.clusterIPs }}
|
||||
clusterIPs: {{ toYaml .Values.defaultBackend.service.clusterIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.service.externalIPs }}
|
||||
externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
suite: Admission Webhooks > Patch Job > ClusterRole
|
||||
templates:
|
||||
- admission-webhooks/job-patch/clusterrole.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a ClusterRole if `controller.admissionWebhooks.patch.rbac.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.rbac.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
|
@ -1,11 +0,0 @@
|
|||
suite: Admission Webhooks > Patch Job > ClusterRoleBinding
|
||||
templates:
|
||||
- admission-webhooks/job-patch/clusterrolebinding.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a ClusterRoleBinding if `controller.admissionWebhooks.patch.rbac.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.rbac.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
|
@ -1,12 +0,0 @@
|
|||
suite: Admission Webhooks > Patch Job > Create Secret Job
|
||||
templates:
|
||||
- admission-webhooks/job-patch/job-createSecret.yaml
|
||||
|
||||
tests:
|
||||
- it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.automountServiceAccountToken
|
||||
value: false
|
|
@ -1,12 +0,0 @@
|
|||
suite: Admission Webhooks > Patch Job > Patch Webhook Job
|
||||
templates:
|
||||
- admission-webhooks/job-patch/job-patchWebhook.yaml
|
||||
|
||||
tests:
|
||||
- it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.automountServiceAccountToken
|
||||
value: false
|
|
@ -1,11 +0,0 @@
|
|||
suite: Admission Webhooks > Patch Job > Role
|
||||
templates:
|
||||
- admission-webhooks/job-patch/role.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a Role if `controller.admissionWebhooks.patch.rbac.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.rbac.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
|
@ -1,11 +0,0 @@
|
|||
suite: Admission Webhooks > Patch Job > RoleBinding
|
||||
templates:
|
||||
- admission-webhooks/job-patch/rolebinding.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a RoleBinding if `controller.admissionWebhooks.patch.rbac.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.rbac.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
|
@ -1,47 +0,0 @@
|
|||
suite: Admission Webhooks > Patch Job > ServiceAccount
|
||||
templates:
|
||||
- admission-webhooks/job-patch/serviceaccount.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create a ServiceAccount if `controller.admissionWebhooks.patch.serviceAccount.create` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.create: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create a ServiceAccount if `controller.admissionWebhooks.patch.serviceAccount.create` is true
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.create: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ServiceAccount
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-admission
|
||||
|
||||
- it: should create a ServiceAccount with specified name if `controller.admissionWebhooks.patch.serviceAccount.name` is set
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.name: ingress-nginx-admission-test-sa
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ServiceAccount
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: ingress-nginx-admission-test-sa
|
||||
|
||||
- it: should create a ServiceAccount with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
|
||||
set:
|
||||
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: ServiceAccount
|
||||
- equal:
|
||||
path: automountServiceAccountToken
|
||||
value: false
|
|
@ -20,7 +20,7 @@ tests:
|
|||
of: ValidatingWebhookConfiguration
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-admission
|
||||
value: RELEASE-NAME-admission
|
||||
|
||||
- it: should create a ValidatingWebhookConfiguration with a custom port if `controller.admissionWebhooks.service.servicePort` is set
|
||||
set:
|
||||
|
|
|
@ -12,20 +12,3 @@ tests:
|
|||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should create a ConfigMap with templated values if `controller.config` contains templates
|
||||
set:
|
||||
controller.config:
|
||||
template: "test.{{ .Release.Namespace }}.svc.kubernetes.local"
|
||||
integer: 12345
|
||||
boolean: true
|
||||
asserts:
|
||||
- equal:
|
||||
path: data.template
|
||||
value: test.NAMESPACE.svc.kubernetes.local
|
||||
- equal:
|
||||
path: data.integer
|
||||
value: "12345"
|
||||
- equal:
|
||||
path: data.boolean
|
||||
value: "true"
|
||||
|
|
|
@ -15,23 +15,23 @@ tests:
|
|||
path: metadata.name
|
||||
value: RELEASE-NAME-ingress-nginx-controller
|
||||
|
||||
- it: should create a DaemonSet with argument `--enable-metrics=true` if `controller.metrics.enabled` is true
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.metrics.enabled: true
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=true
|
||||
|
||||
- it: should create a DaemonSet without argument `--enable-metrics=true` if `controller.metrics.enabled` is false
|
||||
- it: should create a DaemonSet with argument `--enable-metrics=false` if `controller.metrics.enabled` is false
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.metrics.enabled: false
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=false
|
||||
|
||||
- it: should create a DaemonSet without argument `--enable-metrics=false` if `controller.metrics.enabled` is true
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.metrics.enabled: true
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=true
|
||||
content: --enable-metrics=false
|
||||
|
||||
- it: should create a DaemonSet with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
|
||||
set:
|
||||
|
@ -96,69 +96,6 @@ tests:
|
|||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
|
||||
- it: should create a DaemonSet with affinity if `controller.affinity` is set
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- '{{ include "ingress-nginx.name" . }}'
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- '{{ .Release.Name }}'
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.affinity
|
||||
value:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- ingress-nginx
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- RELEASE-NAME
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
- it: should create a DaemonSet with `runAsGroup` if `controller.image.runAsGroup` is set
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
controller.image.runAsGroup: 1000
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].securityContext.runAsGroup
|
||||
value: 1000
|
||||
|
||||
- it: should create a DaemonSet with a custom registry if `global.image.registry` is set
|
||||
set:
|
||||
global.image.registry: custom.registry.io
|
||||
controller.kind: DaemonSet
|
||||
controller.image.tag: v1.0.0-dev
|
||||
controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
|
||||
|
||||
- it: should create a DaemonSet with a custom registry if `controller.image.registry` is set
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
|
@ -190,12 +127,3 @@ tests:
|
|||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
|
||||
|
||||
- it: should create a DaemonSet with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false
|
||||
set:
|
||||
controller.kind: DaemonSet
|
||||
serviceAccount.automountServiceAccountToken: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.automountServiceAccountToken
|
||||
value: false
|
||||
|
|
|
@ -43,21 +43,21 @@ tests:
|
|||
- exists:
|
||||
path: spec.replicas
|
||||
|
||||
- it: should create a Deployment with argument `--enable-metrics=true` if `controller.metrics.enabled` is true
|
||||
set:
|
||||
controller.metrics.enabled: true
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=true
|
||||
|
||||
- it: should create a Deployment without argument `--enable-metrics=true` if `controller.metrics.enabled` is false
|
||||
- it: should create a Deployment with argument `--enable-metrics=false` if `controller.metrics.enabled` is false
|
||||
set:
|
||||
controller.metrics.enabled: false
|
||||
asserts:
|
||||
- contains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=false
|
||||
|
||||
- it: should create a Deployment without argument `--enable-metrics=false` if `controller.metrics.enabled` is true
|
||||
set:
|
||||
controller.metrics.enabled: true
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].args
|
||||
content: --enable-metrics=true
|
||||
content: --enable-metrics=false
|
||||
|
||||
- it: should create a Deployment with argument `--controller-class=k8s.io/ingress-nginx-internal` if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
|
||||
set:
|
||||
|
@ -119,66 +119,6 @@ tests:
|
|||
maxSkew: 1
|
||||
whenUnsatisfiable: ScheduleAnyway
|
||||
|
||||
- it: should create a Deployment with affinity if `controller.affinity` is set
|
||||
set:
|
||||
controller.affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- '{{ include "ingress-nginx.name" . }}'
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- '{{ .Release.Name }}'
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.affinity
|
||||
value:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- ingress-nginx
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- RELEASE-NAME
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
- it: should create a Deployment with `runAsGroup` if `controller.image.runAsGroup` is set
|
||||
set:
|
||||
controller.image.runAsGroup: 1000
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].securityContext.runAsGroup
|
||||
value: 1000
|
||||
|
||||
- it: should create a Deployment with a custom registry if `global.image.registry` is set
|
||||
set:
|
||||
global.image.registry: custom.registry.io
|
||||
controller.image.tag: v1.0.0-dev
|
||||
controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
|
||||
|
||||
- it: should create a Deployment with a custom registry if `controller.image.registry` is set
|
||||
set:
|
||||
controller.image.registry: custom.registry.io
|
||||
|
@ -207,19 +147,3 @@ tests:
|
|||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
|
||||
|
||||
- it: should create a Deployment with `progressDeadlineSeconds` if `controller.progressDeadlineSeconds` is set
|
||||
set:
|
||||
controller.progressDeadlineSeconds: 111
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.progressDeadlineSeconds
|
||||
value: 111
|
||||
|
||||
- it: should create a Deployment with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false
|
||||
set:
|
||||
serviceAccount.automountServiceAccountToken: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.automountServiceAccountToken
|
||||
value: false
|
||||
|
|
|
@ -1,110 +0,0 @@
|
|||
suite: Controller > IngressClass > Aliases
|
||||
templates:
|
||||
- controller-ingressclass-aliases.yaml
|
||||
|
||||
tests:
|
||||
- it: should not create IngressClass aliases
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
|
||||
- it: should create an IngressClass alias with name "nginx-alias" if `controller.ingressClassResource.aliases` is set
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
|
||||
- it: should create an IngressClass alias without annotation `ingressclass.kubernetes.io/is-default-class` if `controller.ingressClassResource.default` is true
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
controller.ingressClassResource.default: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
- notExists:
|
||||
path: metadata.annotations["ingressclass.kubernetes.io/is-default-class"]
|
||||
|
||||
- it: should create an IngressClass alias with annotations if `controller.ingressClassResource.annotations` is set
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
controller.ingressClassResource.annotations:
|
||||
my-fancy-annotation: has-a-value
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
- equal:
|
||||
path: metadata.annotations.my-fancy-annotation
|
||||
value: has-a-value
|
||||
|
||||
- it: should create an IngressClass alias with controller "k8s.io/ingress-nginx-internal" if `controller.ingressClassResource.controllerValue` is "k8s.io/ingress-nginx-internal"
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
controller.ingressClassResource.controllerValue: k8s.io/ingress-nginx-internal
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
- equal:
|
||||
path: spec.controller
|
||||
value: k8s.io/ingress-nginx-internal
|
||||
|
||||
- it: should create an IngressClass alias with parameters if `controller.ingressClassResource.parameters` is set
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias
|
||||
controller.ingressClassResource.parameters:
|
||||
apiGroup: k8s.example.com
|
||||
kind: IngressParameters
|
||||
name: external-lb
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: nginx-alias
|
||||
- equal:
|
||||
path: spec.parameters
|
||||
value:
|
||||
apiGroup: k8s.example.com
|
||||
kind: IngressParameters
|
||||
name: external-lb
|
||||
|
||||
- it: should create two IngressClass aliases if `controller.ingressClassResource.aliases` has two elements
|
||||
set:
|
||||
controller.ingressClassResource.aliases:
|
||||
- nginx-alias-1
|
||||
- nginx-alias-2
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 2
|
||||
- isKind:
|
||||
of: IngressClass
|
||||
- matchRegex:
|
||||
path: metadata.name
|
||||
pattern: nginx-alias-(1|2)
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue