diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml index d0f4b4e8e..7c37447af 100644 --- a/.github/workflows/chart.yaml +++ b/.github/workflows/chart.yaml @@ -23,12 +23,12 @@ jobs: steps: - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: 3.x - name: Set up Helm - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - name: Set up Helm Chart Testing uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7d15ec0c4..b06cef33c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -102,7 +102,7 @@ jobs: - name: Set up Go id: go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GOLANG_VERSION }} check-latest: true @@ -124,7 +124,7 @@ jobs: run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - name: Set up Go id: go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GOLANG_VERSION }} check-latest: true @@ -153,17 +153,17 @@ jobs: - name: Set up Go id: go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ steps.golangversion.outputs.version }} check-latest: true - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 with: version: latest @@ -172,7 +172,7 @@ jobs: - name: Prepare Host run: | - curl -LO https://dl.k8s.io/release/v1.33.2/bin/linux/amd64/kubectl + curl -LO https://dl.k8s.io/release/v1.32.2/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl @@ -202,7 +202,7 @@ jobs: | gzip > docker.tar.gz - name: cache - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: docker.tar.gz path: docker.tar.gz @@ -218,12 +218,12 @@ jobs: steps: - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: 3.x - name: Set up Helm - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - name: Set up Helm Chart Testing uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 @@ -269,16 +269,15 @@ jobs: if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e) strategy: - fail-fast: false matrix: - k8s: [v1.28.15, v1.29.14, v1.30.13, v1.31.9, v1.32.5] + k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0] steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Download cache - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: docker.tar.gz @@ -301,9 +300,8 @@ jobs: if: | (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} strategy: - fail-fast: false matrix: - k8s: [v1.28.15, v1.29.14, v1.30.13, v1.31.9, v1.32.5] + k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0] uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml with: k8s-version: ${{ matrix.k8s }} @@ -316,9 +314,8 @@ jobs: if: | (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} strategy: - fail-fast: false matrix: - k8s: [v1.28.15, v1.29.14, v1.30.13, v1.31.9, v1.32.5] + k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0] uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml with: k8s-version: ${{ matrix.k8s }} diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 5b8c5aa82..6d7e44608 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 8120876ac..f57878084 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -22,12 +22,13 @@ jobs: - name: Set up Go id: go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GOLANG_VERSION }} check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 + uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0 with: + version: v1.62 only-new-issues: true diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index d1f12de81..6d32f56f6 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -134,9 +134,8 @@ jobs: if: | (needs.changes.outputs.kube-webhook-certgen == 'true') strategy: - fail-fast: false matrix: - k8s: [v1.28.15, v1.29.14, v1.30.13, v1.31.9, v1.32.5] + k8s: [v1.28.15, v1.29.12, v1.30.8, v1.31.4, v1.32.0] steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -146,7 +145,7 @@ jobs: - name: Set up Go id: go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GOLANG_VERSION }} check-latest: true @@ -175,15 +174,15 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 with: version: latest platforms: ${{ env.PLATFORMS }} - name: Login to GitHub Container Registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml index 17abcc8c7..e2a82910e 100644 --- a/.github/workflows/junit-reports.yaml +++ b/.github/workflows/junit-reports.yaml @@ -13,7 +13,7 @@ jobs: report: runs-on: ubuntu-latest steps: - - uses: dorny/test-reporter@890a17cecf52a379fc869ab770a71657660be727 # v2.1.0 + - uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1 with: artifact: /e2e-test-reports-(.*)/ name: JEST Tests $1 # Name of the check run which will be created diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index bc200ef2b..20f2caeae 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -20,14 +20,14 @@ jobs: run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GOLANG_VERSION }} check-latest: true - name: Run GoReleaser Snapshot if: ${{ ! startsWith(github.ref, 'refs/tags/') }} - uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0 + uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 with: version: "~> v2" args: release --snapshot --clean @@ -36,7 +36,7 @@ jobs: - name: Run GoReleaser if: ${{ startsWith(github.ref, 'refs/tags/') }} - uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0 + uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 with: version: "~> v2" args: release --clean diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 99c9fc029..a4473710d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,7 +32,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1 + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 8172d5d96..4461d9757 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -60,7 +60,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 # v0.31.0 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 with: image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} format: 'sarif' @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1 + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml index f937d6f27..5e98ddf70 100644 --- a/.github/workflows/zz-tmpl-images.yaml +++ b/.github/workflows/zz-tmpl-images.yaml @@ -70,7 +70,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Login to GitHub Container Registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index e2382340d..c46e4a957 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: cache - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: docker.tar.gz @@ -49,7 +49,7 @@ jobs: make kind-e2e-test - name: Upload e2e junit-reports ${{ inputs.variation }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: success() || failure() with: name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} diff --git a/.golangci.yml b/.golangci.yml index a510e774c..729468711 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,8 +1,15 @@ -version: "2" run: + timeout: 10m allow-parallel-runners: true + +issues: + # Maximum issues count per one linter. Set to 0 to disable. Default is 50. + max-issues-per-linter: 0 + + # Maximum count of issues with the same text. Set to 0 to disable. Default is 3. + max-same-issues: 0 linters: - default: none + disable-all: true enable: - asasalint - asciicheck @@ -22,11 +29,15 @@ linters: - gocritic - gocyclo - godox + - gofmt + - gofumpt - goheader + - goimports - gomoddirectives - gomodguard - goprintffuncname - gosec + - gosimple - govet - grouper - importas @@ -46,153 +57,180 @@ linters: - rowserrcheck - sqlclosecheck - staticcheck + - stylecheck + - tenv - testableexamples + - typecheck - unconvert - unparam - unused - usestdlibvars - whitespace - settings: - errcheck: - check-type-assertions: true - check-blank: true - gocritic: - enabled-checks: - - appendAssign - - argOrder - - badCall - - badCond - - badLock - - badRegexp - - badSorting - - builtinShadowDecl - - caseOrder - - codegenComment - - commentedOutCode - - deferInLoop - - deprecatedComment - - dupArg - - dupBranchBody - - dupCase - - dupSubExpr - - dynamicFmtString - - emptyDecl - - evalOrder - - exitAfterDefer - - externalErrorReassign - - filepathJoin - - flagDeref - - flagName - - mapKey - - nilValReturn - - offBy1 - - regexpPattern - - returnAfterHttpError - - sloppyReassign - - sloppyTypeAssert - - sortSlice - - sprintfQuotedString - - sqlQuery - - syncMapLoadAndDelete - - truncateCmp - - unnecessaryDefer - - weakCond - - appendCombine - - equalFold - - hugeParam - - indexAlloc - - preferDecodeRune - - preferFprint - - preferStringWriter - - preferWriteByte - - rangeExprCopy - - rangeValCopy - - sliceClear - - stringXbytes - - assignOp - - boolExprSimplify - - captLocal - - commentFormatting - - commentedOutImport - - defaultCaseOrder - - deferUnlambda - - docStub - - dupImport - - elseif - - emptyFallthrough - - emptyStringTest - - exposedSyncMutex - - hexLiteral - - httpNoBody - - ifElseChain - - methodExprCall - - newDeref - - octalLiteral - - preferFilepathJoin - - redundantSprint - - regexpMust - - regexpSimplify - - ruleguard - - singleCaseSwitch - - sloppyLen - - stringConcatSimplify - - stringsCompare - - switchTrue - - timeExprSimplify - - tooManyResultsChecker - - typeAssertChain - - typeDefFirst - - typeSwitchVar - - underef - - unlabelStmt - - unlambda - - unslice - - valSwap - - whyNoLint - - wrapperFunc - - yodaStyleExpr - - builtinShadow - - importShadow - - initClause - - nestingReduce - - paramTypeCombine - - ptrToRefParam - - typeUnparen - - unnamedResult - - unnecessaryBlock - gocyclo: - min-complexity: 40 - godox: - keywords: - - BUG - - FIXME - - HACK - nolintlint: - require-explanation: false - require-specific: true - allow-unused: false - exclusions: - generated: lax - presets: - - comments - - common-false-positives - - legacy - - std-error-handling - paths: - - third_party$ - - builtin$ - - examples$ -issues: - max-issues-per-linter: 0 - max-same-issues: 0 -formatters: - enable: - - gofmt - - gofumpt - - goimports - exclusions: - generated: lax - paths: - - third_party$ - - builtin$ - - examples$ + # - containedctx + # - cyclop + # - dupword + # - errorlint + # - exhaustive + # - exhaustruct + # - exportloopref + # - forbidigo + # - forcetypeassert + # - funlen + # - gci + # - gochecknoglobals + # - gochecknoinits + # - gocognit + # - godot + # - goerr113 + # - gomnd + # - interfacebloat + # - ireturn + # - lll + # - maintidx + # - nestif + # - nilerr + # - nilnil + # - nlreturn + # - noctx + # - nonamedreturns + # - paralleltest + # - tagliatelle + # - testpackage + # - thelper + # - tparallel + # - varnamelen + # - wastedassign + # - wrapcheck + # - wsl +linters-settings: + gocyclo: + min-complexity: 40 + godox: + keywords: + - BUG + - FIXME + - HACK + errcheck: + check-type-assertions: true + check-blank: true + gocritic: + enabled-checks: + # Diagnostic + - appendAssign + - argOrder + - badCall + - badCond + - badLock + - badRegexp + - badSorting + - builtinShadowDecl + - caseOrder + - codegenComment + - commentedOutCode + - deferInLoop + - deprecatedComment + - dupArg + - dupBranchBody + - dupCase + - dupSubExpr + - dynamicFmtString + - emptyDecl + - evalOrder + - exitAfterDefer + - externalErrorReassign + - filepathJoin + - flagDeref + - flagName + - mapKey + - nilValReturn + - offBy1 + - regexpPattern + - returnAfterHttpError + - sloppyReassign + - sloppyTypeAssert + - sortSlice + - sprintfQuotedString + - sqlQuery + - syncMapLoadAndDelete + - truncateCmp + - unnecessaryDefer + - weakCond + + # Performance + - appendCombine + - equalFold + - hugeParam + - indexAlloc + - preferDecodeRune + - preferFprint + - preferStringWriter + - preferWriteByte + - rangeExprCopy + - rangeValCopy + - sliceClear + - stringXbytes + + # Style + - assignOp + - boolExprSimplify + - captLocal + - commentFormatting + - commentedOutImport + - defaultCaseOrder + - deferUnlambda + - docStub + - dupImport + - elseif + - emptyFallthrough + - emptyStringTest + - exposedSyncMutex + - hexLiteral + - httpNoBody + - ifElseChain + - methodExprCall + - newDeref + - octalLiteral + - preferFilepathJoin + - redundantSprint + - regexpMust + - regexpSimplify + - ruleguard + - singleCaseSwitch + - sloppyLen + - stringConcatSimplify + - stringsCompare + - switchTrue + - timeExprSimplify + - tooManyResultsChecker + - typeAssertChain + - typeDefFirst + - typeSwitchVar + - underef + - unlabelStmt + - unlambda + - unslice + - valSwap + - whyNoLint + - wrapperFunc + - yodaStyleExpr + + # Opinionated + - builtinShadow + - importShadow + - initClause + - nestingReduce + - paramTypeCombine + - ptrToRefParam + - typeUnparen + - unnamedResult + - unnecessaryBlock + nolintlint: + # Enable to ensure that nolint directives are all used. Default is true. + allow-unused: false + # Exclude following linters from requiring an explanation. Default is []. + allow-no-explanation: [] + # Enable to require an explanation of nonzero length after each nolint directive. Default is false. + # TODO(lint): Enforce explanations for `nolint` directives + require-explanation: false + # Enable to require nolint directives to mention the specific linter being suppressed. Default is false. + require-specific: true diff --git a/GOLANG_VERSION b/GOLANG_VERSION index 2f4320f67..d8c40e539 100644 --- a/GOLANG_VERSION +++ b/GOLANG_VERSION @@ -1 +1 @@ -1.24.4 +1.23.6 diff --git a/Makefile b/Makefile index 9cbbc9105..0b8f1f5c2 100644 --- a/Makefile +++ b/Makefile @@ -110,7 +110,7 @@ clean-chroot-image: ## Removes local image .PHONY: build build: ## Build ingress controller, debug tool and pre-stop hook. - E2E_IMAGE=golang:$(GO_VERSION)-alpine3.22 USE_SHELL=/bin/sh build/run-in-docker.sh \ + E2E_IMAGE=golang:$(GO_VERSION)-alpine3.21 USE_SHELL=/bin/sh build/run-in-docker.sh \ MAC_OS=$(MAC_OS) \ PKG=$(PKG) \ ARCH=$(ARCH) \ @@ -232,21 +232,19 @@ misspell: ## Check for spelling errors. run-ingress-controller: ## Run the ingress controller locally using a kubectl proxy connection. @build/run-ingress-controller.sh -.PHONY: builder -builder: - docker buildx create --name $(BUILDER) --bootstrap --use || : - docker buildx inspect $(BUILDER) +.PHONY: ensure-buildx +ensure-buildx: + ./hack/init-buildx.sh .PHONY: show-version show-version: echo -n $(TAG) -BUILDER ?= ingress-nginx PLATFORMS ?= amd64 arm arm64 BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64 .PHONY: release # Build a multi-arch docker image -release: builder clean +release: ensure-buildx clean echo "Building binaries..." $(foreach PLATFORM,$(PLATFORMS), echo -n "$(PLATFORM)..."; ARCH=$(PLATFORM) make build;) diff --git a/NGINX_BASE b/NGINX_BASE index bb205fe3e..dd8d6c586 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:v1.3.0@sha256:ab913836443d9c67f817b348ec334e98730ed55931a524fae9f09359f3fe7cd8 +registry.k8s.io/ingress-nginx/nginx:v2.0.0@sha256:3e7bda4cf5111d283ed1e4ff5cc9a2b5cdc5ebe62d50ba67473d3e25b1389133 diff --git a/README.md b/README.md index 51ca3c77d..c95e644de 100644 --- a/README.md +++ b/README.md @@ -39,15 +39,15 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but | Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version | | :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ | -| 🔄 | **v1.12.4** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.22.0 | 1.25.5 | 4.12.4 | -| 🔄 | **v1.12.3** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.21.3 | 1.25.5 | 4.12.3 | -| 🔄 | **v1.12.2** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.21.3 | 1.25.5 | 4.12.2 | -| 🔄 | **v1.12.1** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.21.3 | 1.25.5 | 4.12.1 | | 🔄 | **v1.12.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.21.0 | 1.25.5 | 4.12.0 | | 🔄 | **v1.12.0-beta.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.20.3 | 1.25.5 | 4.12.0-beta.0 | +| 🔄 | **v1.11.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.11.4 | +| 🔄 | **v1.11.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.11.3 | | 🔄 | **v1.11.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.2 | | 🔄 | **v1.11.1** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.1 | | 🔄 | **v1.11.0** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.0 | +| | **v1.10.6** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.10.6 | +| | **v1.10.5** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.10.5 | | | **v1.10.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.4 | | | **v1.10.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.3 | | | **v1.10.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.2 | diff --git a/TAG b/TAG deleted file mode 100644 index 21decde5d..000000000 --- a/TAG +++ /dev/null @@ -1 +0,0 @@ -v1.12.4 diff --git a/build/dev-env.sh b/build/dev-env.sh index f1b170916..dd1518ee0 100755 --- a/build/dev-env.sh +++ b/build/dev-env.sh @@ -64,7 +64,7 @@ echo "[dev-env] building image" make build image docker tag "${REGISTRY}/controller:${TAG}" "${DEV_IMAGE}" -export K8S_VERSION=${K8S_VERSION:-v1.33.1@sha256:050072256b9a903bd914c0b2866828150cb229cea0efe5892e2b644d5dd3b34f} +export K8S_VERSION=${K8S_VERSION:-v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027} KIND_CLUSTER_NAME="ingress-nginx-dev" diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index fc10f2b8c..c4f3b34e0 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -41,7 +41,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v1.4.0@sha256:ba366ecc1a67022d4f02193faf7af284fa7642e7a55f3eef1e52069c9fe306f0} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441} if [[ "$RUNTIME" == podman ]]; then # Podman does not support both tag and digest @@ -79,7 +79,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "FLAGS=$FLAGS" #go env - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.23.4 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.22.2 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/changelog/controller-1.10.5.md b/changelog/controller-1.10.5.md new file mode 100644 index 000000000..82be0a608 --- /dev/null +++ b/changelog/controller-1.10.5.md @@ -0,0 +1,90 @@ +# Changelog + +### controller-v1.10.5 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.10.5@sha256:c84d11b1f7bd14ebbf49918a7f0dc01b31c0c6e757e0129520ea93453096315c +* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.5@sha256:030a43bdd5f0212a7e135cc4da76b15a6706ef65a6824eb4cc401f87a81c2987 + +### All changes: + +* Images: Trigger controller build. (#12133) +* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12146) +* Images: Trigger `e2e-test-echo` build. (#12142) +* Images: Drop `s390x`. (#12139) +* Images: Build `s390x` controller. (#12128) +* Chart: Bump Kube Webhook CertGen. (#12122) +* Tests & Docs: Bump images. (#12120) +* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12116) +* Images: Trigger other builds. (#12111) +* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12104) +* Images: Trigger `test-runner` build. (#12101) +* Docs: Add a multi-tenant warning. (#12098) +* Go: Bump to v1.22.8. (#12093) +* Images: Bump `NGINX_BASE` to v0.1.0. (#12079) +* Images: Trigger NGINX build. (#12077) +* Images: Remove NGINX v1.21. (#12057) +* GitHub: Improve Dependabot. (#12037) +* Chart: Improve CI. (#12029) +* Chart: Extend image tests. (#12026) +* Docs: Add health check annotations for AWS. (#12021) +* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12007) +* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12001) +* Chart: Align default backend `PodDisruptionBudget`. (#11998) +* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11985) +* Chart: Improve default backend service account. (#11973) +* Go: Bump to v1.22.7. (#11969) +* Images: Bump OpenTelemetry C++ Contrib. (#11950) +* Docs: Add note about `--watch-namespace`. (#11948) +* Images: Use latest Alpine 3.20 everywhere. (#11945) +* Fix minor typos (#11940) +* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11933) +* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11920) +* Images: Trigger `test-runner` build. (#11918) +* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11888) +* Annotations: Allow commas in URLs. (#11886) +* CI: Grant checks write permissions to E2E Test Report. (#11884) +* Update maxmind post link about geolite2 license changes (#11880) +* Go: Sync `go.work.sum`. (#11876) +* Replace deprecated queue method (#11858) +* Auto-generate annotation docs (#11835) + +### Dependency updates: + +* Bump the actions group with 3 updates (#12150) +* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12108) +* Bump the actions group with 3 updates (#12096) +* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12088) +* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12086) +* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12084) +* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12082) +* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12054) +* Bump the go group across 1 directory with 3 updates (#12052) +* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12048) +* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12044) +* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12045) +* Bump the all group with 2 updates (#12035) +* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12015) +* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12013) +* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12011) +* Bump the all group with 2 updates (#11979) +* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11978) +* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11960) +* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11959) +* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11956) +* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11929) +* Bump the all group with 2 updates (#11924) +* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11912) +* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11907) +* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11906) +* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11905) +* Bump the all group with 2 updates (#11870) +* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11869) +* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11848) +* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11847) +* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11846) +* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11841) +* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11833) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.4...controller-v1.10.5 diff --git a/changelog/controller-1.10.6.md b/changelog/controller-1.10.6.md new file mode 100644 index 000000000..695e418d8 --- /dev/null +++ b/changelog/controller-1.10.6.md @@ -0,0 +1,92 @@ +# Changelog + +### controller-v1.10.6 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.10.6@sha256:b6fbd102255edb3ba8e5421feebe14fd3e94cf53d199af9e40687f536152189c +* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.6@sha256:44ceedafc0e04a75521b5d472c1b6b5cc08afb8038b5bbfd79c21d066ccf300e + +### All changes: + +* Images: Trigger controller build. (#12611) +* Chart: Bump Kube Webhook CertGen. (#12608) +* Tests & Docs: Bump images. (#12605) +* Images: Trigger other builds (2/2). (#12598) +* Images: Trigger other builds (1/2). (#12597) +* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12592) +* Images: Trigger `test-runner` build. (#12586) +* Images: Bump `NGINX_BASE` to v0.2.0. (#12584) +* Images: Trigger NGINX build. (#12578) +* Go: Clean `go.work.sum`. (#12575) +* Repository: Update owners. (#12570) +* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12563) +* CI: Update KIND images. (#12559) +* Images: Bump Alpine to v3.21. (#12530) +* Docs: Add guide on how to set a Maintenance Page. (#12527) +* rikatz is stepping down (#12518) +* rikatz is stepping down (#12497) +* Go: Bump to v1.23.4. (#12485) +* Plugin: Bump `goreleaser` to v2. (#12442) +* GitHub: Fix `exec` in issue template. (#12389) +* CI: Update KIND images. (#12368) +* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12341) +* Go: Bump to v1.23.3. (#12339) +* Auth TLS: Add `_` to redirect RegEx. (#12328) +* Auth TLS: Improve redirect RegEx. (#12321) +* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12314) +* Images: Trigger `test-runner` build. (#12307) +* Config: Fix panic on invalid `lua-shared-dict`. (#12282) +* Docs: fix limit-rate-after references (#12280) +* Chart: Rework ServiceMonitor. (#12268) +* Chart: Add ServiceAccount tests. (#12266) +* CI: Fix chart testing. (#12260) +* [fix] fix nginx temp configs cleanup (#12224) +* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12204) +* Docs: Add Pod Security Admission. (#12198) +* Docs: Clarify external & service port in TCP/UDP services explanation. (#12194) + +### Dependency updates: + +* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12565) +* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12557) +* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12552) +* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12549) +* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12546) +* Bump the actions group with 2 updates (#12543) +* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12540) +* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12514) +* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12511) +* Bump the actions group with 3 updates (#12508) +* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12504) +* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12501) +* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12478) +* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12473) +* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12466) +* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12463) +* Bump the go group across 1 directory with 2 updates (#12459) +* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12425) +* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12416) +* Bump the go group across 3 directories with 10 updates (#12414) +* Bump the actions group with 3 updates (#12410) +* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12382) +* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12375) +* Bump golangci-lint on actions and disable deprecated linters (#12363) +* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12356) +* Bump the actions group with 3 updates (#12353) +* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12351) +* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12297) +* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12294) +* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12290) +* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12275) +* Bump the go group across 3 directories with 11 updates (#12246) +* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12241) +* Bump the actions group with 5 updates (#12243) +* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12219) +* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12215) +* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12191) +* Bump the go group across 2 directories with 1 update (#12189) +* Bump the actions group with 2 updates (#12185) +* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12184) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.5...controller-v1.10.6 diff --git a/changelog/controller-1.11.3.md b/changelog/controller-1.11.3.md new file mode 100644 index 000000000..f5c373015 --- /dev/null +++ b/changelog/controller-1.11.3.md @@ -0,0 +1,91 @@ +# Changelog + +### controller-v1.11.3 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.3@sha256:22701f0fc0f2dd209ef782f4e281bfe2d8cccd50ededa00aec88e0cdbe7edd14 + +### All changes: + +* Images: Trigger controller build. (#12134) +* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12145) +* Images: Trigger `e2e-test-echo` build. (#12141) +* Images: Drop `s390x`. (#12138) +* Images: Build `s390x` controller. (#12127) +* Chart: Bump Kube Webhook CertGen. (#12123) +* Tests & Docs: Bump images. (#12121) +* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12117) +* Images: Trigger other builds. (#12112) +* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12105) +* Images: Trigger `test-runner` build. (#12102) +* Docs: Add a multi-tenant warning. (#12099) +* Go: Bump to v1.22.8. (#12094) +* Images: Bump `NGINX_BASE` to v0.1.0. (#12080) +* Images: Trigger NGINX build. (#12076) +* Images: Remove NGINX v1.21. (#12058) +* GitHub: Improve Dependabot. (#12038) +* Chart: Improve CI. (#12030) +* Chart: Extend image tests. (#12027) +* Docs: Add health check annotations for AWS. (#12020) +* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12006) +* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12002) +* Chart: Align default backend `PodDisruptionBudget`. (#11999) +* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11986) +* Chart: Improve default backend service account. (#11974) +* Go: Bump to v1.22.7. (#11970) +* Images: Bump OpenTelemetry C++ Contrib. (#11951) +* Docs: Add note about `--watch-namespace`. (#11949) +* Images: Use latest Alpine 3.20 everywhere. (#11946) +* Fix minor typos (#11941) +* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11934) +* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11921) +* Images: Trigger `test-runner` build. (#11917) +* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11889) +* Annotations: Allow commas in URLs. (#11887) +* CI: Grant checks write permissions to E2E Test Report. (#11885) +* Chart: Use generic values for `ConfigMap` test. (#11879) +* Update maxmind post link about geolite2 license changes (#11881) +* Go: Sync `go.work.sum`. (#11875) +* Replace deprecated queue method (#11859) +* Auto-generate annotation docs (#11831) + +### Dependency updates: + +* Bump the actions group with 3 updates (#12149) +* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12109) +* Bump the actions group with 3 updates (#12097) +* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12089) +* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12087) +* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12085) +* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12083) +* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12055) +* Bump the go group across 1 directory with 3 updates (#12053) +* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12049) +* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12047) +* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12046) +* Bump the all group with 2 updates (#12036) +* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12016) +* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12014) +* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12012) +* Bump the all group with 2 updates (#11981) +* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11980) +* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11961) +* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11958) +* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11957) +* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11930) +* Bump the all group with 2 updates (#11925) +* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11913) +* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11910) +* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11909) +* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11908) +* Bump the all group with 2 updates (#11871) +* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11868) +* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11840) +* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11839) +* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11837) +* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11836) +* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11834) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.2...controller-v1.11.3 diff --git a/changelog/controller-1.11.4.md b/changelog/controller-1.11.4.md new file mode 100644 index 000000000..a0870d060 --- /dev/null +++ b/changelog/controller-1.11.4.md @@ -0,0 +1,94 @@ +# Changelog + +### controller-v1.11.4 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.11.4@sha256:981a97d78bee3109c0b149946c07989f8f1478a9265031d2d23dea839ba05b52 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.4@sha256:f29d0f9e7a9ef4947eda59ed0c09ec13380b13639d1518cf1ab8ec09c3e22ef8 + +### All changes: + +* Images: Trigger controller build. (#12610) +* Chart: Bump Kube Webhook CertGen. (#12607) +* Tests & Docs: Bump images. (#12604) +* Images: Trigger other builds (2/2). (#12600) +* Images: Trigger other builds (1/2). (#12596) +* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12591) +* Images: Trigger `test-runner` build. (#12588) +* Images: Bump `NGINX_BASE` to v0.2.0. (#12583) +* Images: Trigger NGINX build. (#12577) +* Go: Clean `go.work.sum`. (#12574) +* Repository: Update owners. (#12569) +* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12562) +* CI: Update KIND images. (#12558) +* Images: Bump Alpine to v3.21. (#12529) +* Docs: Add guide on how to set a Maintenance Page. (#12526) +* rikatz is stepping down (#12517) +* rikatz is stepping down (#12495) +* Go: Bump to v1.23.4. (#12484) +* Plugin: Bump `goreleaser` to v2. (#12441) +* GitHub: Fix `exec` in issue template. (#12388) +* CI: Update KIND images. (#12365) +* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12343) +* Go: Bump to v1.23.3. (#12338) +* Auth TLS: Add `_` to redirect RegEx. (#12327) +* Auth TLS: Improve redirect RegEx. (#12322) +* Update custom headers annotation documentation (#12319) +* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12313) +* Images: Trigger `test-runner` build. (#12306) +* Config: Fix panic on invalid `lua-shared-dict`. (#12284) +* Docs: fix limit-rate-after references (#12279) +* Chart: Rework ServiceMonitor. (#12270) +* Chart: Add ServiceAccount tests. (#12264) +* CI: Fix chart testing. (#12259) +* [fix] fix nginx temp configs cleanup (#12223) +* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12203) +* Docs: Add Pod Security Admission. (#12197) +* Docs: Clarify external & service port in TCP/UDP services explanation. (#12193) +* Docs: Goodbye, v1.10. (#12159) + +### Dependency updates: + +* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12567) +* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12556) +* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12551) +* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12548) +* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12545) +* Bump the actions group with 2 updates (#12542) +* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12539) +* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12513) +* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12510) +* Bump the actions group with 3 updates (#12507) +* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12503) +* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12500) +* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12477) +* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12475) +* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12465) +* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12462) +* Bump the go group across 1 directory with 2 updates (#12458) +* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12427) +* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12417) +* Bump the go group across 3 directories with 10 updates (#12415) +* Bump the actions group with 3 updates (#12411) +* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12381) +* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12374) +* Bump golangci-lint on actions and disable deprecated linters (#12362) +* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12355) +* Bump the actions group with 3 updates (#12352) +* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12350) +* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12298) +* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12295) +* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12289) +* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12274) +* Bump the go group across 3 directories with 11 updates (#12245) +* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12239) +* Bump the actions group with 5 updates (#12240) +* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12220) +* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12216) +* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12190) +* Bump the go group across 2 directories with 1 update (#12187) +* Bump the actions group with 2 updates (#12181) +* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12179) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.3...controller-v1.11.4 diff --git a/changelog/controller-1.12.1.md b/changelog/controller-1.12.1.md deleted file mode 100644 index cb9eebc51..000000000 --- a/changelog/controller-1.12.1.md +++ /dev/null @@ -1,115 +0,0 @@ -# Changelog - -### controller-v1.12.1 - -Images: - -* registry.k8s.io/ingress-nginx/controller:v1.12.1@sha256:d2fbc4ec70d8aa2050dd91a91506e998765e86c96f32cffb56c503c9c34eed5b -* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.1@sha256:90155c86548e0bb95b3abf1971cd687d8f5d43f340cfca0ad3484e2b8351096e - -### All changes: - -* Images: Trigger controller build. (#13071) -* Controller: Several security fixes. (#13069) -* Chart: Bump Kube Webhook CertGen. (#13066) -* Tests & Docs: Bump images. (#13064) -* Images: Trigger other builds (2/2). (#13061) -* Images: Trigger other builds (1/2). (#13059) -* Tests: Bump Test Runner to v1.3.1. (#13048) -* Images: Trigger Test Runner build. (#13045) -* Images: Bump `NGINX_BASE` to v1.2.1. (#13044) -* Images: Trigger NGINX build. (#13039) -* Go: Update dependencies. (#13036) -* CI: Update KIND to v1.32.3. (#13029) -* CI: Update Kubernetes to v1.32.3. (#13025) -* Images: Rework. (3/3) (#13016) -* Images: Rework. (2/3) (#13011) -* Images: Rework. (1/3) (#13014) -* Custom Error Pages: Accept first of many MIME types. (#13006) -* Docs: Use `enable-global-auth` annotation instead of non-existing ConfigMap option. (#12978) -* Go: Update dependencies. (#12963) -* Docs: Update link to `values.yaml`. (#12960) -* fix DNS issues with unresolvable backends with ExternalName (#12951) -* Go: Bump to v1.24.1. (#12942) -* CI: Update KIND images. (#12931) -* Test: Remove gRPC Fortune Teller. (#12929) -* NGINX: Update ModSecurity. (#12915) -* Development: Update KIND images. (#12909) -* Config: Remove notes about future defaults. (#12898) -* Images: Update `kubectl` to v1.32.2. (#12856) -* Development: Update Kubernetes to v1.32.0. (#12853) -* CI: Update `kubectl` to v1.32.2. (#12851) -* Images: Migrate to AR. (2/2) (#12849) -* Images: Migrate to AR. (1/2) (#12846) -* Docs: Migrate to AR. (#12809) -* Docs: Enable code copy button. (#12805) -* Go: Bump to v1.23.6. (#12801) -* CI: Update Artifact Hub to v1.20.0. (#12793) -* Images: Update `kubectl` to v1.31.5. (#12791) -* CI: Update `kubectl` to v1.31.5. (#12789) -* Development: Bump Kubernetes to v1.31.4. (#12784) -* Go: Replace `golang.org/x/exp/slices` with `slices`. (#12781) -* Docs: Fix character format. (#12773) -* Docs: Improve bare-metal setup. (#12744) -* Build: Always use local `tmp` dir on macOS. (#12741) -* Development: Bump Kubernetes to v1.31.4. (#12739) -* Images: Bump `gcb-docker-gcloud` to v20250116-2a05ea7e3d. (#12738) -* Go: Bump to v1.23.5. (#12736) -* Docs: Clarify rate limits are per ingress controller replica. (#12715) -* Go: Stop using workspace. (#12712) -* Chart: Bump Kube Webhook CertGen. (#12696) -* Tests & Docs: Bump images. (#12694) -* Images: Trigger other builds (2/2). (#12690) -* Images: Trigger other builds (1/2). (#12688) -* Tests: Bump Test Runner to v20250112-01b7af21. (#12684) -* Images: Trigger Test Runner build. (#12681) -* Images: Bump `NGINX_BASE` to v1.2.0. (#12677) -* Images: Trigger NGINX build. (#12674) -* NGINX: Align quotes. (#12673) -* Annotations: Deny newlines. (#12667) -* Annotations: Reload on custom header changes. (#12652) -* NGINX: Bump ModSecurity. (#12651) -* NGINX: Bump OpenTelemetry. (#12631) - -### Dependency updates: - -* Bump github.com/opencontainers/runc from 1.2.5 to 1.2.6 in the go group across 1 directory (#13033) -* Bump github.com/onsi/ginkgo/v2 from 2.23.0 to 2.23.3 (#13027) -* Bump the actions group with 5 updates (#13023) -* Bump dorny/test-reporter from 1.9.1 to 2.0.0 (#12989) -* Bump github.com/prometheus/common from 0.62.0 to 0.63.0 (#12987) -* Bump the go group across 3 directories with 9 updates (#12985) -* Bump the actions group with 3 updates (#12984) -* Bump github/codeql-action from 3.28.10 to 3.28.11 in the actions group (#12968) -* Bump github.com/onsi/ginkgo/v2 from 2.22.2 to 2.23.0 (#12958) -* Bump golang.org/x/crypto from 0.35.0 to 0.36.0 (#12955) -* Bump the go group across 2 directories with 1 update (#12938) -* Bump google.golang.org/grpc from 1.70.0 to 1.71.0 (#12937) -* Bump golang.org/x/crypto from 0.34.0 to 0.35.0 (#12923) -* Bump the actions group with 3 updates (#12921) -* Bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 (#12900) -* Bump golang.org/x/crypto from 0.33.0 to 0.34.0 (#12893) -* Bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 in /images/custom-error-pages/rootfs (#12892) -* Bump the actions group with 4 updates (#12889) -* Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#12867) -* Bump the go group across 3 directories with 11 updates (#12865) -* Bump the actions group with 2 updates (#12863) -* Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 in /images/kube-webhook-certgen/rootfs (#12861) -* Bump the actions group with 4 updates (#12814) -* Bump golang.org/x/crypto from 0.32.0 to 0.33.0 (#12812) -* Bump the actions group with 2 updates (#12777) -* Bump the go group across 2 directories with 1 update (#12775) -* Bump google.golang.org/grpc from 1.69.4 to 1.70.0 (#12760) -* Bump sigs.k8s.io/controller-runtime from 0.20.0 to 0.20.1 in the go group across 1 directory (#12758) -* Bump the actions group with 5 updates (#12756) -* Bump sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.0 (#12732) -* Bump github.com/prometheus/common from 0.61.0 to 0.62.0 (#12728) -* Bump the go group across 3 directories with 9 updates (#12726) -* Bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 in the actions group (#12725) -* Bump google.golang.org/grpc from 1.69.2 to 1.69.4 in the go group across 1 directory (#12699) -* Bump the actions group with 3 updates (#12664) -* Bump the go group across 1 directory with 3 updates (#12662) -* Bump golang.org/x/crypto from 0.31.0 to 0.32.0 (#12661) -* Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#12628) - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.12.0...controller-v1.12.1 diff --git a/changelog/controller-1.12.2.md b/changelog/controller-1.12.2.md deleted file mode 100644 index 746ec89f8..000000000 --- a/changelog/controller-1.12.2.md +++ /dev/null @@ -1,63 +0,0 @@ -# Changelog - -### controller-v1.12.2 - -Images: - -* registry.k8s.io/ingress-nginx/controller:v1.12.2@sha256:03497ee984628e95eca9b2279e3f3a3c1685dd48635479e627d219f00c8eefa9 -* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.2@sha256:a697e2bfa419768315250d079ccbbca45f6099c60057769702b912d20897a574 - -### All changes: - -* Images: Trigger controller build. (#13313) -* Chart: Bump Kube Webhook CertGen. (#13311) -* Tests & Docs: Bump images. (#13308) -* Images: Trigger other builds (2/2). (#13293) -* Images: Trigger other builds (1/2). (#13290) -* Tests: Bump Test Runner to v1.3.3. (#13287) -* Go: Update dependencies. (#13283) -* Images: Trigger Test Runner build. (#13269) -* Images: Bump NGINX to v1.2.3. (#13266) -* Images: Trigger NGINX build. (#13262) -* Go: Update dependencies. (#13259) -* CI: Update Kubernetes to v1.32.4. (#13255) -* Docs: How to modify NLB TCP timeout. (#13249) -* Go: Update dependencies. (#13246) -* Docs: Improve formatting in `monitoring.md`. (#13241) -* Docs: Enable metrics in manifest-based deployments. (#13235) -* Tests: Bump Test Runner to v1.3.2. (#13233) -* Images: Trigger Test Runner build. (#13225) -* Images: Bump `NGINX_BASE` to v1.2.2. (#13222) -* Images: Trigger NGINX build. (#13219) -* Go: Update dependencies. (#13210) -* Docs: Fix link in installation instructions. (#13192) -* Go: Update dependencies. (#13149) -* Go: Bump to v1.24.2. (#13148) -* Annotations: Allow ciphers with underscores. (#13140) -* CI: Do not fail fast. (#13130) -* Images: Fix FromAsCasing. (#13125) -* Images: Extract modules. (#13123) -* Plugin: Improve error handling. (#13112) -* Docs: Fix OpenTelemetry listing. (#13107) -* Tests: Fallback to `yq`. (#13090) -* Go: Fix Mage. (#13078) - -### Dependency updates: - -* Bump actions/download-artifact from 4.2.1 to 4.3.0 in the actions group (#13304) -* Bump the actions group with 2 updates (#13280) -* Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#13213) -* Bump the go group across 2 directories with 1 update (#13207) -* Bump github.com/prometheus/client_golang from 1.21.1 to 1.22.0 (#13204) -* Bump github/codeql-action from 3.28.14 to 3.28.15 in the actions group (#13203) -* Bump github.com/prometheus/client_golang from 1.21.1 to 1.22.0 in /images/custom-error-pages/rootfs (#13200) -* Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#13181) -* Bump the go group across 2 directories with 1 update (#13179) -* Bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 (#13177) -* Bump golang.org/x/crypto from 0.36.0 to 0.37.0 (#13175) -* Bump the actions group with 2 updates (#13173) -* Bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 in the actions group (#13133) -* Bump golangci/golangci-lint-action from 6.5.2 to 7.0.0 (#13121) -* Bump the actions group with 2 updates (#13118) - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.12.1...controller-v1.12.2 diff --git a/changelog/controller-1.12.3.md b/changelog/controller-1.12.3.md deleted file mode 100644 index 2e962bfdf..000000000 --- a/changelog/controller-1.12.3.md +++ /dev/null @@ -1,53 +0,0 @@ -# Changelog - -### controller-v1.12.3 - -Images: - -* registry.k8s.io/ingress-nginx/controller:v1.12.3@sha256:ac444cd9515af325ba577b596fe4f27a34be1aa330538e8b317ad9d6c8fb94ee -* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.3@sha256:d830fba93e9e0f5ef1462f5fe8a7cd7b167178b79e6c10c041c7da19f1ac66ab - -### All changes: - -* Images: Trigger controller build. (#13464) -* Chart: Bump Kube Webhook CertGen. (#13460) -* Tests & Docs: Bump images. (#13459) -* Docs: Add OpenTelemetry defaults. (#13455) -* Images: Trigger other builds (2/2). (#13442) -* Images: Trigger other builds (1/2). (#13439) -* Tests: Bump Test Runner to v1.3.5. (#13436) -* Images: Trigger Test Runner build. (#13432) -* Lua: Fix `ExternalName` services without endpoints. (#13429) -* Images: Bump NGINX to v1.2.5. (#13427) -* Images: Trigger NGINX build. (#13424) -* Go: Update dependencies. (#13420) -* Images: Build Go gRPC Greeter Server from scratch. (#13409) -* Chart: Remove validation for removed API. (#13407) -* Go: Update dependencies. (#13399) -* Images: Bump GCB Docker GCloud to v20250513-9264efb079. (#13395) -* CI: Update Kubernetes. (#13394) -* Fix 🐛: Markdown requires nested content inside a list item to be indented (#13390) -* Tests: Bump Test Runner to v1.3.4. (#13355) -* Images: Trigger Test Runner build. (#13350) -* Go: Bump to v1.24.3. (#13342) -* Images: Bump NGINX to v1.2.4. (#13346) -* Images: Trigger NGINX build. (#13339) -* Go: Update dependencies. (#13327) -* Go: Update dependencies. (#13322) - -### Dependency updates: - -* Bump ossf/scorecard-action from 2.4.1 to 2.4.2 in the actions group (#13451) -* Bump the go group across 2 directories with 1 update (#13417) -* Bump sigs.k8s.io/controller-runtime from 0.20.4 to 0.21.0 (#13415) -* Bump the actions group with 3 updates (#13386) -* Bump github.com/prometheus/common from 0.63.0 to 0.64.0 (#13384) -* Bump the go group across 4 directories with 10 updates (#13382) -* Bump golang.org/x/crypto from 0.37.0 to 0.38.0 (#13370) -* Bump the actions group with 2 updates (#13367) -* Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#13363) -* Bump dario.cat/mergo from 1.0.1 to 1.0.2 in the go group across 1 directory (#13365) -* Bump github/codeql-action from 3.28.16 to 3.28.17 in the actions group (#13336) -* Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#13334) - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.12.2...controller-v1.12.3 diff --git a/changelog/controller-1.12.4.md b/changelog/controller-1.12.4.md deleted file mode 100644 index cb4e9160f..000000000 --- a/changelog/controller-1.12.4.md +++ /dev/null @@ -1,43 +0,0 @@ -# Changelog - -### controller-v1.12.4 - -Images: - -* registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 -* registry.k8s.io/ingress-nginx/controller-chroot:v1.12.4@sha256:0873534e85a765ef4958ba4fbc5c970a3644dca0f5eee7caff93d830b9a8bb8b - -### All changes: - -* Images: Trigger controller build. (#13586) -* Chart: Bump Kube Webhook CertGen. (#13582) -* Tests & Docs: Bump images. (#13581) -* Images: Trigger other builds (2/2). (#13571) -* Images: Trigger other builds (1/2). (#13574) -* Tests: Bump Test Runner to v1.4.0. (#13562) -* Images: Trigger Test Runner build. (#13560) -* Images: Bump NGINX to v1.3.0. (#13557) -* Images: Trigger NGINX build. (#13552) -* Go: Update dependencies. (#13549) -* Go: Update dependencies. (#13543) -* CI: Update Kubernetes to v1.33.2. (#13540) -* NGINX: Bump to OpenResty v1.25.3.2. (#13530) -* Go: Update dependencies. (#13521) -* Docs: Fix function names in comments. (#13518) -* Go: Update dependencies. (#13511) -* Go: Bump to v1.24.4. (#13494) -* Images: Bump Alpine to v3.22. (#13491) -* Images: Update LuaRocks to v3.12.0. (#13487) -* Images: Fix LuaRocks. (#13477) - -### Dependency updates: - -* Bump github/codeql-action from 3.29.0 to 3.29.1 in the actions group (#13577) -* Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 in the actions group (#13546) -* Bump github/codeql-action from 3.28.19 to 3.29.0 in the actions group (#13526) -* Bump google.golang.org/grpc from 1.72.2 to 1.73.0 (#13508) -* Bump google.golang.org/grpc from 1.72.2 to 1.73.0 in /images/go-grpc-greeter-server/rootfs (#13506) -* Bump golang.org/x/crypto from 0.38.0 to 0.39.0 (#13504) -* Bump the actions group with 2 updates (#13502) - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.12.3...controller-v1.12.4 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 4bfd53fa2..11000f43d 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,9 +1,10 @@ annotations: artifacthub.io/changes: | - - Update Ingress-Nginx version controller-v1.12.4 + - 'CI: Fix chart testing. (#12258)' + - Update Ingress-Nginx version controller-v1.12.0 artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 1.12.4 +appVersion: 1.12.0 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer home: https://github.com/kubernetes/ingress-nginx @@ -20,4 +21,4 @@ maintainers: name: ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx -version: 4.12.4 +version: 4.12.0 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index a0e1755e5..7d8c1e74f 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.12.4](https://img.shields.io/badge/Version-4.12.4-informational?style=flat-square) ![AppVersion: 1.12.4](https://img.shields.io/badge/AppVersion-1.12.4-informational?style=flat-square) +![Version: 4.12.0](https://img.shields.io/badge/Version-4.12.0-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -270,10 +270,10 @@ metadata: | controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:0de05718b59dc33b57ddfb4d8ad5f637cefd13eafdec0e1579d782b3483c27c3"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v1.6.0"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v1.5.1"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | @@ -340,8 +340,8 @@ metadata: | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `false` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0"` | | -| controller.image.digestChroot | string | `"sha256:0873534e85a765ef4958ba4fbc5c970a3644dca0f5eee7caff93d830b9a8bb8b"` | | +| controller.image.digest | string | `"sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa"` | | +| controller.image.digestChroot | string | `"sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.readOnlyRootFilesystem | bool | `false` | | @@ -349,7 +349,7 @@ metadata: | controller.image.runAsNonRoot | bool | `true` | | | controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) | | controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | -| controller.image.tag | string | `"v1.12.4"` | | +| controller.image.tag | string | `"v1.12.0"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. | @@ -399,12 +399,17 @@ metadata: | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | | controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. | | controller.metrics.serviceMonitor.enabled | bool | `false` | | +| controller.metrics.serviceMonitor.labelLimit | int | `0` | Per-scrape limit on number of labels that will be accepted for a sample. | +| controller.metrics.serviceMonitor.labelNameLengthLimit | int | `0` | Per-scrape limit on length of labels name that will be accepted for a sample. | +| controller.metrics.serviceMonitor.labelValueLengthLimit | int | `0` | Per-scrape limit on length of labels value that will be accepted for a sample. | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | | | controller.metrics.serviceMonitor.namespace | string | `""` | | | controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | | | controller.metrics.serviceMonitor.relabelings | list | `[]` | | +| controller.metrics.serviceMonitor.sampleLimit | int | `0` | Defines a per-scrape limit on the number of scraped samples that will be accepted. | | controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | | controller.metrics.serviceMonitor.targetLabels | list | `[]` | | +| controller.metrics.serviceMonitor.targetLimit | int | `0` | Defines a limit on the number of scraped targets that will be accepted. | | controller.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. | | controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | controller.name | string | `"controller"` | | @@ -437,20 +442,24 @@ metadata: | controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. | | controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | | controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | +| controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. | | controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. | | controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. | | controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. | +| controller.service.external.labels | object | `{}` | Labels to be added to the external controller service. | | controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | | controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | | controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | | controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | | controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | +| controller.service.internal.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. | | controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | | controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | | controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | | controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. | | controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | | controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. | @@ -461,6 +470,7 @@ metadata: | controller.service.internal.ports | object | `{}` | | | controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | | controller.service.internal.targetPorts | object | `{}` | | +| controller.service.internal.trafficDistribution | string | `""` | Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution | | controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | @@ -477,6 +487,7 @@ metadata: | controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | | controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. | | controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. | +| controller.service.trafficDistribution | string | `""` | Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution | | controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | | controller.shareProcessNamespace | bool | `false` | | | controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ | @@ -537,6 +548,7 @@ metadata: | defaultBackend.replicaCount | int | `1` | | | defaultBackend.resources | object | `{}` | | | defaultBackend.service.annotations | object | `{}` | | +| defaultBackend.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # | | defaultBackend.service.loadBalancerSourceRanges | list | `[]` | | | defaultBackend.service.servicePort | int | `80` | | diff --git a/charts/ingress-nginx/changelog/helm-chart-4.12.1.md b/charts/ingress-nginx/changelog/helm-chart-4.10.5.md similarity index 71% rename from charts/ingress-nginx/changelog/helm-chart-4.12.1.md rename to charts/ingress-nginx/changelog/helm-chart-4.10.5.md index 4d4437347..72c72c720 100644 --- a/charts/ingress-nginx/changelog/helm-chart-4.12.1.md +++ b/charts/ingress-nginx/changelog/helm-chart-4.10.5.md @@ -2,8 +2,8 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). -### 4.12.1 +### 4.10.5 -* Update Ingress-Nginx version controller-v1.12.1 +* Update Ingress-Nginx version controller-v1.10.5 -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.12.0...helm-chart-4.12.1 +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.4...helm-chart-4.10.5 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.12.3.md b/charts/ingress-nginx/changelog/helm-chart-4.10.6.md similarity index 65% rename from charts/ingress-nginx/changelog/helm-chart-4.12.3.md rename to charts/ingress-nginx/changelog/helm-chart-4.10.6.md index 83501691c..c26c8817b 100644 --- a/charts/ingress-nginx/changelog/helm-chart-4.12.3.md +++ b/charts/ingress-nginx/changelog/helm-chart-4.10.6.md @@ -2,8 +2,9 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). -### 4.12.3 +### 4.10.6 -* Update Ingress-Nginx version controller-v1.12.3 +* CI: Fix chart testing. (#12260) +* Update Ingress-Nginx version controller-v1.10.6 -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.12.2...helm-chart-4.12.3 +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.5...helm-chart-4.10.6 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.12.2.md b/charts/ingress-nginx/changelog/helm-chart-4.11.3.md similarity index 71% rename from charts/ingress-nginx/changelog/helm-chart-4.12.2.md rename to charts/ingress-nginx/changelog/helm-chart-4.11.3.md index 2b16da021..18ec6ba82 100644 --- a/charts/ingress-nginx/changelog/helm-chart-4.12.2.md +++ b/charts/ingress-nginx/changelog/helm-chart-4.11.3.md @@ -2,8 +2,8 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). -### 4.12.2 +### 4.11.3 -* Update Ingress-Nginx version controller-v1.12.2 +* Update Ingress-Nginx version controller-v1.11.3 -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.12.1...helm-chart-4.12.2 +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.2...helm-chart-4.11.3 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.12.4.md b/charts/ingress-nginx/changelog/helm-chart-4.11.4.md similarity index 65% rename from charts/ingress-nginx/changelog/helm-chart-4.12.4.md rename to charts/ingress-nginx/changelog/helm-chart-4.11.4.md index 43472aef7..003c787d3 100644 --- a/charts/ingress-nginx/changelog/helm-chart-4.12.4.md +++ b/charts/ingress-nginx/changelog/helm-chart-4.11.4.md @@ -2,8 +2,9 @@ This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). -### 4.12.4 +### 4.11.4 -* Update Ingress-Nginx version controller-v1.12.4 +* CI: Fix chart testing. (#12259) +* Update Ingress-Nginx version controller-v1.11.4 -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.12.3...helm-chart-4.12.4 +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.3...helm-chart-4.11.4 diff --git a/charts/ingress-nginx/ci/controller-service-internal-values.yaml b/charts/ingress-nginx/ci/controller-service-internal-values.yaml index 11108fbce..01635e339 100644 --- a/charts/ingress-nginx/ci/controller-service-internal-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-internal-values.yaml @@ -9,5 +9,7 @@ controller: internal: enabled: true + labels: + external-dns.alpha.kubernetes.io/hostname: internal.example.com annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/charts/ingress-nginx/ci/controller-service-values.yaml b/charts/ingress-nginx/ci/controller-service-values.yaml index 9039368c2..4ba3debba 100644 --- a/charts/ingress-nginx/ci/controller-service-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-values.yaml @@ -7,6 +7,10 @@ controller: service: type: NodePort + external: + labels: + external-dns.alpha.kubernetes.io/hostname: external.example.com + nodePorts: tcp: 9000: 30090 diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index 6f204fbec..bb31e60ba 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -17,7 +17,10 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: +{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 ttlSecondsAfterFinished: 0 +{{- end }} template: metadata: name: {{ include "ingress-nginx.admissionWebhooks.createSecretJob.fullname" . }} @@ -64,6 +67,7 @@ spec: {{- end }} restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 9a55011ff..cf757c98b 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -17,7 +17,10 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: +{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 ttlSecondsAfterFinished: 0 +{{- end }} template: metadata: name: {{ include "ingress-nginx.admissionWebhooks.patchWebhookJob.fullname" . }} @@ -66,6 +69,7 @@ spec: {{- end }} restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index fd1b13284..804ff56d9 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -202,6 +202,7 @@ spec: topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} volumes: diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index cc41bfbc7..da8ce97d3 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -208,6 +208,7 @@ spec: topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} volumes: diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index 6d0b47caf..8d369526d 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -12,6 +12,9 @@ metadata: {{- if .Values.controller.service.labels }} {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} + {{- if .Values.controller.service.internal.labels }} + {{- toYaml .Values.controller.service.internal.labels | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-internal namespace: {{ include "ingress-nginx.namespace" . }} spec: @@ -19,6 +22,9 @@ spec: {{- if .Values.controller.service.internal.clusterIP }} clusterIP: {{ .Values.controller.service.internal.clusterIP }} {{- end }} +{{- if .Values.controller.service.internal.clusterIPs }} + clusterIPs: {{ toYaml .Values.controller.service.internal.clusterIPs | nindent 4 }} +{{- end }} {{- if .Values.controller.service.internal.externalIPs }} externalIPs: {{ toYaml .Values.controller.service.internal.externalIPs | nindent 4 }} {{- end }} @@ -43,6 +49,11 @@ spec: {{- if .Values.controller.service.internal.healthCheckNodePort }} healthCheckNodePort: {{ .Values.controller.service.internal.healthCheckNodePort }} {{- end }} +{{- if semverCompare ">=1.31.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.internal.trafficDistribution }} + trafficDistribution: {{ .Values.controller.service.internal.trafficDistribution }} +{{- end }} +{{- end }} {{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} {{- if .Values.controller.service.internal.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.controller.service.internal.ipFamilyPolicy }} diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index cb78a7035..36d2e4884 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -12,6 +12,9 @@ metadata: {{- if .Values.controller.service.labels }} {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} + {{- if .Values.controller.service.external.labels }} + {{- toYaml .Values.controller.service.external.labels | nindent 4 }} + {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} namespace: {{ include "ingress-nginx.namespace" . }} spec: @@ -19,6 +22,9 @@ spec: {{- if .Values.controller.service.clusterIP }} clusterIP: {{ .Values.controller.service.clusterIP }} {{- end }} +{{- if .Values.controller.service.clusterIPs }} + clusterIPs: {{ toYaml .Values.controller.service.clusterIPs | nindent 4 }} +{{- end }} {{- if .Values.controller.service.externalIPs }} externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }} {{- end }} @@ -43,6 +49,11 @@ spec: {{- if .Values.controller.service.healthCheckNodePort }} healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} {{- end }} +{{- if semverCompare ">=1.31.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.trafficDistribution }} + trafficDistribution: {{ .Values.controller.service.trafficDistribution }} +{{- end }} +{{- end }} {{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} {{- if .Values.controller.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 93ab4d242..85bb84186 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -47,4 +47,19 @@ spec: {{- if .Values.controller.metrics.serviceMonitor.targetLabels }} targetLabels: {{ toYaml .Values.controller.metrics.serviceMonitor.targetLabels | nindent 2 }} {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.labelLimit }} + labelLimit: {{ .Values.controller.metrics.serviceMonitor.labelLimit }} + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.labelNameLengthLimit }} + labelNameLengthLimit: {{ .Values.controller.metrics.serviceMonitor.labelNameLengthLimit }} + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.labelValueLengthLimit }} + labelValueLengthLimit: {{ .Values.controller.metrics.serviceMonitor.labelValueLengthLimit }} + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.sampleLimit }} + sampleLimit: {{ .Values.controller.metrics.serviceMonitor.sampleLimit }} + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.targetLimit }} + targetLimit: {{ .Values.controller.metrics.serviceMonitor.targetLimit }} + {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index f7d9de121..4a17f7444 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -103,6 +103,7 @@ spec: nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} {{- end }} serviceAccountName: {{ include "ingress-nginx.defaultBackend.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} {{- if .Values.defaultBackend.tolerations }} tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-service.yaml b/charts/ingress-nginx/templates/default-backend-service.yaml index 65b6b8362..5a836365b 100644 --- a/charts/ingress-nginx/templates/default-backend-service.yaml +++ b/charts/ingress-nginx/templates/default-backend-service.yaml @@ -18,6 +18,9 @@ spec: {{- if .Values.defaultBackend.service.clusterIP }} clusterIP: {{ .Values.defaultBackend.service.clusterIP }} {{- end }} +{{- if .Values.defaultBackend.service.clusterIPs }} + clusterIPs: {{ toYaml .Values.defaultBackend.service.clusterIPs | nindent 4 }} +{{- end }} {{- if .Values.defaultBackend.service.externalIPs }} externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml new file mode 100644 index 000000000..b5272553b --- /dev/null +++ b/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml @@ -0,0 +1,12 @@ +suite: Admission Webhooks > Patch Job > Create Secret Job +templates: + - admission-webhooks/job-patch/job-createSecret.yaml + +tests: + - it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false + set: + controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false + asserts: + - equal: + path: spec.template.spec.automountServiceAccountToken + value: false diff --git a/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-patchWebhook_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-patchWebhook_test.yaml new file mode 100644 index 000000000..ca4c6b4c2 --- /dev/null +++ b/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-patchWebhook_test.yaml @@ -0,0 +1,12 @@ +suite: Admission Webhooks > Patch Job > Patch Webhook Job +templates: + - admission-webhooks/job-patch/job-patchWebhook.yaml + +tests: + - it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false + set: + controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false + asserts: + - equal: + path: spec.template.spec.automountServiceAccountToken + value: false diff --git a/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/charts/ingress-nginx/tests/controller-daemonset_test.yaml index d2d77befb..0321fd376 100644 --- a/charts/ingress-nginx/tests/controller-daemonset_test.yaml +++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -190,3 +190,12 @@ tests: - equal: path: spec.template.spec.containers[0].image value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + + - it: should create a DaemonSet with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false + set: + controller.kind: DaemonSet + serviceAccount.automountServiceAccountToken: false + asserts: + - equal: + path: spec.template.spec.automountServiceAccountToken + value: false diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml index 1cc9c9325..18306079e 100644 --- a/charts/ingress-nginx/tests/controller-deployment_test.yaml +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -215,3 +215,11 @@ tests: - equal: path: spec.progressDeadlineSeconds value: 111 + + - it: should create a Deployment with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false + set: + serviceAccount.automountServiceAccountToken: false + asserts: + - equal: + path: spec.template.spec.automountServiceAccountToken + value: false diff --git a/charts/ingress-nginx/tests/controller-service-internal_test.yaml b/charts/ingress-nginx/tests/controller-service-internal_test.yaml index 5465e1a2b..c0ece07d5 100644 --- a/charts/ingress-nginx/tests/controller-service-internal_test.yaml +++ b/charts/ingress-nginx/tests/controller-service-internal_test.yaml @@ -23,3 +23,53 @@ tests: - equal: path: metadata.name value: RELEASE-NAME-ingress-nginx-controller-internal + + - it: should create a Service without `clusterIPs` if `controller.service.internal.clusterIPs` is not set + set: + controller.service.internal.enabled: true + controller.service.internal.annotations: + test.annotation: "true" + asserts: + - notExists: + path: spec.clusterIPs + + - it: should create a Service with `clusterIPs` if `controller.service.internal.clusterIPs` is set + set: + controller.service.internal.enabled: true + controller.service.internal.annotations: + test.annotation: "true" + controller.service.internal.clusterIPs: + - 10.0.0.1 + - fd00::1 + asserts: + - equal: + path: spec.clusterIPs + value: + - 10.0.0.1 + - fd00::1 + + - it: should create a Service with `trafficDistribution` if `controller.service.internal.trafficDistribution` is set + capabilities: + majorVersion: 1 + minorVersion: 31 + set: + controller.service.internal.enabled: true + controller.service.internal.annotations: + test.annotation: "true" + controller.service.internal.trafficDistribution: PreferClose + asserts: + - equal: + path: spec.trafficDistribution + value: PreferClose + + - it: should create a Service with labels if `controller.service.internal.labels` is set + set: + controller.service.internal.enabled: true + controller.service.internal.annotations: + test.annotation: "true" + controller.service.internal.labels: + external-dns.alpha.kubernetes.io/hostname: internal.example.com + asserts: + - equal: + path: metadata.labels["external-dns.alpha.kubernetes.io/hostname"] + value: internal.example.com diff --git a/charts/ingress-nginx/tests/controller-service_test.yaml b/charts/ingress-nginx/tests/controller-service_test.yaml index 10574f227..f3e8cf030 100644 --- a/charts/ingress-nginx/tests/controller-service_test.yaml +++ b/charts/ingress-nginx/tests/controller-service_test.yaml @@ -30,3 +30,45 @@ tests: - equal: path: spec.type value: NodePort + + - it: should create a Service without `clusterIPs` if `controller.service.clusterIPs` is not set + set: + controller.service.external.enabled: true + asserts: + - notExists: + path: spec.clusterIPs + + - it: should create a Service with `clusterIPs` if `controller.service.clusterIPs` is set + set: + controller.service.external.enabled: true + controller.service.clusterIPs: + - 10.0.0.1 + - fd00::1 + asserts: + - equal: + path: spec.clusterIPs + value: + - 10.0.0.1 + - fd00::1 + + - it: should create a Service with `trafficDistribution` if `controller.service.trafficDistribution` is set + capabilities: + majorVersion: 1 + minorVersion: 31 + set: + controller.service.external.enabled: true + controller.service.trafficDistribution: PreferClose + asserts: + - equal: + path: spec.trafficDistribution + value: PreferClose + + - it: should create a Service with labels if `controller.service.external.labels` is set + set: + controller.service.external.enabled: true + controller.service.external.labels: + external-dns.alpha.kubernetes.io/hostname: external.example.com + asserts: + - equal: + path: metadata.labels["external-dns.alpha.kubernetes.io/hostname"] + value: external.example.com diff --git a/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml b/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml index 310097c1a..7edee98c5 100644 --- a/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml +++ b/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml @@ -27,3 +27,53 @@ tests: path: metadata.annotations value: my-little-annotation: test-value + + - it: should create a ServiceMonitor with `labelLimit` if `controller.metrics.serviceMonitor.labelLimit` is set + set: + controller.metrics.enabled: true + controller.metrics.serviceMonitor.enabled: true + controller.metrics.serviceMonitor.labelLimit: 20 + asserts: + - equal: + path: spec.labelLimit + value: 20 + + - it: should create a ServiceMonitor with `labelNameLengthLimit` if `controller.metrics.serviceMonitor.labelNameLengthLimit` is set + set: + controller.metrics.enabled: true + controller.metrics.serviceMonitor.enabled: true + controller.metrics.serviceMonitor.labelNameLengthLimit: 50 + asserts: + - equal: + path: spec.labelNameLengthLimit + value: 50 + + - it: should create a ServiceMonitor with `labelValueLengthLimit` if `controller.metrics.serviceMonitor.labelValueLengthLimit` is set + set: + controller.metrics.enabled: true + controller.metrics.serviceMonitor.enabled: true + controller.metrics.serviceMonitor.labelValueLengthLimit: 50 + asserts: + - equal: + path: spec.labelValueLengthLimit + value: 50 + + - it: should create a ServiceMonitor with `sampleLimit` if `controller.metrics.serviceMonitor.sampleLimit` is set + set: + controller.metrics.enabled: true + controller.metrics.serviceMonitor.enabled: true + controller.metrics.serviceMonitor.sampleLimit: 5000 + asserts: + - equal: + path: spec.sampleLimit + value: 5000 + + - it: should create a ServiceMonitor with `targetLimit` if `controller.metrics.serviceMonitor.targetLimit` is set + set: + controller.metrics.enabled: true + controller.metrics.serviceMonitor.enabled: true + controller.metrics.serviceMonitor.targetLimit: 100 + asserts: + - equal: + path: spec.targetLimit + value: 100 diff --git a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml index c3fa33968..11d400c46 100644 --- a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml +++ b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml @@ -187,3 +187,12 @@ tests: - equal: path: spec.template.spec.containers[0].image value: registry.k8s.io/defaultbackend-amd64:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + + - it: should create a Deployment with token auto-mounting disabled if `defaultBackend.serviceAccount.automountServiceAccountToken` is false + set: + defaultBackend.enabled: true + defaultBackend.serviceAccount.automountServiceAccountToken: false + asserts: + - equal: + path: spec.template.spec.automountServiceAccountToken + value: false diff --git a/charts/ingress-nginx/tests/default-backend-service_test.yaml b/charts/ingress-nginx/tests/default-backend-service_test.yaml index f16904f9f..521d82091 100644 --- a/charts/ingress-nginx/tests/default-backend-service_test.yaml +++ b/charts/ingress-nginx/tests/default-backend-service_test.yaml @@ -30,3 +30,23 @@ tests: - equal: path: spec.ports[0].port value: 80 + + - it: should create a Service without `clusterIPs` if `defaultBackend.service.clusterIPs` is not set + set: + defaultBackend.enabled: true + asserts: + - notExists: + path: spec.clusterIPs + + - it: should create a Service with `clusterIPs` if `defaultBackend.service.clusterIPs` is set + set: + defaultBackend.enabled: true + defaultBackend.service.clusterIPs: + - 10.0.0.1 + - fd00::1 + asserts: + - equal: + path: spec.clusterIPs + value: + - 10.0.0.1 + - fd00::1 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index bd66daf75..ccebb9ceb 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -30,9 +30,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.12.4" - digest: sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 - digestChroot: sha256:0873534e85a765ef4958ba4fbc5c970a3644dca0f5eee7caff93d830b9a8bb8b + tag: "v1.12.0" + digest: sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa + digestChroot: sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3 pullPolicy: IfNotPresent runAsNonRoot: true # -- This value must not be changed using the official image. @@ -486,6 +486,8 @@ controller: external: # -- Enable the external controller service or not. Useful for internal-only deployments. enabled: true + # -- Labels to be added to the external controller service. + labels: {} # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. annotations: {} # -- Labels to be added to both controller services. @@ -497,6 +499,10 @@ controller: # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address clusterIP: "" + # -- Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIPs: [] # -- List of node IP addresses at which the external controller service is available. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips externalIPs: [] @@ -523,6 +529,10 @@ controller: # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 + # -- Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution + trafficDistribution: "" + # -- Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. # Fields `ipFamilies` and `clusterIP` depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services @@ -566,6 +576,8 @@ controller: internal: # -- Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. enabled: false + # -- Labels to be added to the internal controller service. + labels: {} # -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer annotations: {} @@ -577,6 +589,10 @@ controller: # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address clusterIP: "" + # -- Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIPs: [] # -- List of node IP addresses at which the internal controller service is available. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips externalIPs: [] @@ -603,6 +619,10 @@ controller: # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 + # -- Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution + trafficDistribution: "" + # -- Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. # Fields `ipFamilies` and `clusterIP` depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services @@ -796,8 +816,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.6.0 - digest: sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + tag: v1.5.1 + digest: sha256:0de05718b59dc33b57ddfb4d8ad5f637cefd13eafdec0e1579d782b3483c27c3 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## @@ -882,6 +902,16 @@ controller: targetLabels: [] relabelings: [] metricRelabelings: [] + # -- Per-scrape limit on number of labels that will be accepted for a sample. + labelLimit: 0 + # -- Per-scrape limit on length of labels name that will be accepted for a sample. + labelNameLengthLimit: 0 + # -- Per-scrape limit on length of labels value that will be accepted for a sample. + labelValueLengthLimit: 0 + # -- Defines a per-scrape limit on the number of scraped samples that will be accepted. + sampleLimit: 0 + # -- Defines a limit on the number of scraped targets that will be accepted. + targetLimit: 0 prometheusRule: enabled: false additionalLabels: {} @@ -1145,6 +1175,10 @@ defaultBackend: service: annotations: {} # clusterIP: "" + # -- Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIPs: [] # -- List of IP addresses at which the default backend service is available ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips diff --git a/cloudbuild.yaml b/cloudbuild.yaml index e19be6bc9..0bb2b60a4 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -2,11 +2,13 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: -- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250513-9264efb079 - env: - - REPO_INFO=https://github.com/kubernetes/ingress-nginx - - COMMIT_SHA=${_PULL_BASE_SHA} - - BUILD_ID=${BUILD_ID} - entrypoint: make - args: - - release + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d + env: + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx + - REPO_INFO=https://github.com/kubernetes/ingress-nginx + - COMMIT_SHA=${_PULL_BASE_SHA} + - BUILD_ID=${BUILD_ID} + entrypoint: bash + args: + - -c + - gcloud auth configure-docker && make release diff --git a/cmd/plugin/kubectl/kubectl.go b/cmd/plugin/kubectl/kubectl.go index 98970aaf7..cb33243fc 100644 --- a/cmd/plugin/kubectl/kubectl.go +++ b/cmd/plugin/kubectl/kubectl.go @@ -32,7 +32,7 @@ import ( // PodExecString takes a pod and a command, uses kubectl exec to run the command in the pod // and returns stdout as a string func PodExecString(flags *genericclioptions.ConfigFlags, pod *apiv1.Pod, container string, args []string) (string, error) { - args = append([]string{"exec", "-n", pod.Namespace, "-c", container, pod.Name, "--"}, args...) + args = append([]string{"exec", "-n", pod.Namespace, "-c", container, pod.Name}, args...) return ExecToString(flags, args) } @@ -73,8 +73,6 @@ func execToWriter(args []string, writer io.Writer) error { //nolint:gosec // Ignore G204 error cmd := exec.Command(args[0], args[1:]...) - var stderr bytes.Buffer - cmd.Stderr = &stderr op, err := cmd.StdoutPipe() if err != nil { return err @@ -85,9 +83,6 @@ func execToWriter(args []string, writer io.Writer) error { }() err = cmd.Run() if err != nil { - if _, ok := err.(*exec.ExitError); ok { - println(stderr.String()) - } return err } diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 716474109..1ed9b7471 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 spec: containers: - args: @@ -446,7 +446,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 + image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: create securityContext: @@ -566,7 +566,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: batch/v1 kind: Job @@ -576,7 +575,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -587,7 +586,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch spec: containers: @@ -603,7 +602,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -621,7 +620,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: networking.k8s.io/v1 kind: IngressClass @@ -631,7 +629,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -644,7 +642,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 69039d8e0..d048683d9 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -335,7 +335,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -409,7 +409,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -431,7 +431,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 spec: containers: - args: @@ -455,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 + image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -535,7 +535,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -546,7 +546,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create spec: containers: @@ -560,7 +560,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: create securityContext: @@ -578,7 +578,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: batch/v1 kind: Job @@ -588,7 +587,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -599,7 +598,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch spec: containers: @@ -615,7 +614,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -633,7 +632,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: networking.k8s.io/v1 kind: IngressClass @@ -643,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -656,7 +654,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index 20ffb8361..7248dfd9b 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 spec: containers: - args: @@ -440,7 +440,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 + image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -517,7 +517,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -528,7 +528,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create spec: containers: @@ -542,7 +542,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: create securityContext: @@ -560,7 +560,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: batch/v1 kind: Job @@ -570,7 +569,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +580,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch spec: containers: @@ -597,7 +596,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -615,7 +614,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: networking.k8s.io/v1 kind: IngressClass @@ -625,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -638,7 +636,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 5fd3a5b13..08bc7e4bf 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -396,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -418,7 +418,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 spec: containers: - args: @@ -442,7 +442,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 + image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -519,7 +519,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -530,7 +530,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create spec: containers: @@ -544,7 +544,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: create securityContext: @@ -562,7 +562,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: batch/v1 kind: Job @@ -572,7 +571,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -583,7 +582,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch spec: containers: @@ -599,7 +598,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -617,7 +616,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: networking.k8s.io/v1 kind: IngressClass @@ -627,7 +625,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -640,7 +638,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 0fc2f6696..4745c64fc 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -421,7 +421,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 spec: containers: - args: @@ -445,7 +445,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 + image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create spec: containers: @@ -547,7 +547,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: create securityContext: @@ -565,7 +565,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: batch/v1 kind: Job @@ -575,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -586,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch spec: containers: @@ -602,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -620,7 +619,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: networking.k8s.io/v1 kind: IngressClass @@ -630,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -643,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 4a36eb133..8ed5d002c 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -349,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -382,7 +382,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -405,7 +405,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 spec: containers: - args: @@ -447,7 +447,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 + image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -528,7 +528,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -539,7 +539,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create spec: containers: @@ -553,7 +553,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: create securityContext: @@ -571,7 +571,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: batch/v1 kind: Job @@ -581,7 +580,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -592,7 +591,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch spec: containers: @@ -608,7 +607,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -626,7 +625,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: networking.k8s.io/v1 kind: IngressClass @@ -636,7 +634,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -649,7 +647,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 911f67f6b..b7488f046 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -417,7 +417,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 spec: containers: - args: @@ -442,7 +442,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 + image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create spec: containers: @@ -554,7 +554,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: create securityContext: @@ -572,7 +572,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: batch/v1 kind: Job @@ -582,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -593,7 +592,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch spec: containers: @@ -609,7 +608,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -627,7 +626,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: networking.k8s.io/v1 kind: IngressClass @@ -637,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -650,7 +648,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/oracle/deploy.yaml b/deploy/static/provider/oracle/deploy.yaml index e93e38007..02d18b1bf 100644 --- a/deploy/static/provider/oracle/deploy.yaml +++ b/deploy/static/provider/oracle/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 spec: containers: - args: @@ -446,7 +446,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 + image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: create securityContext: @@ -566,7 +566,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: batch/v1 kind: Job @@ -576,7 +575,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -587,7 +586,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch spec: containers: @@ -603,7 +602,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -621,7 +620,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: networking.k8s.io/v1 kind: IngressClass @@ -631,7 +629,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -644,7 +642,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 0ee68ed10..8ed37d062 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -421,7 +421,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 spec: containers: - args: @@ -445,7 +445,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.12.4@sha256:05890cb25d37aa5cfe086614104f798f55e1eeec8dda26d9fd6f6acf0e1554a0 + image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-create spec: containers: @@ -547,7 +547,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: create securityContext: @@ -565,7 +565,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: batch/v1 kind: Job @@ -575,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -586,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission-patch spec: containers: @@ -602,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0@sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.5.0@sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4 imagePullPolicy: IfNotPresent name: patch securityContext: @@ -620,7 +619,6 @@ spec: kubernetes.io/os: linux restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission - ttlSecondsAfterFinished: 0 --- apiVersion: networking.k8s.io/v1 kind: IngressClass @@ -630,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: nginx spec: controller: k8s.io/ingress-nginx @@ -643,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.12.4 + app.kubernetes.io/version: 1.12.0 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index eebf1cf96..717c479ac 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -92,7 +92,7 @@ helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -274,7 +274,7 @@ In AWS, we use a Network load balancer (NLB) to expose the Ingress-Nginx Control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -282,39 +282,38 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template - ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml - ``` + ```console + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: - ``` - proxy-real-ip-cidr: XXX.XXX.XXX/XX - ``` + ``` + proxy-real-ip-cidr: XXX.XXX.XXX/XX + ``` 3. Change the AWS Certificate Manager (ACM) ID as well: - ``` - arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX - ``` + ``` + arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX + ``` 4. Deploy the manifest: - ```console - kubectl apply -f deploy.yaml - ``` - - + ```console + kubectl apply -f deploy.yaml + ``` ##### NLB Idle Timeouts -The default idle timeout value for TCP flows is 350 seconds and [can be modified to any value between 60-6000 seconds.](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout) +Idle timeout value for TCP flows is 350 seconds and +[cannot be modified](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout). For this reason, you need to ensure the [keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) -value is configured less than your configured idle timeout to work as expected. +value is configured less than 350 seconds to work as expected. By default, NGINX `keepalive_timeout` is set to `75s`. @@ -334,7 +333,7 @@ kubectl create clusterrolebinding cluster-admin-binding \ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -351,7 +350,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -359,7 +358,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -367,7 +366,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/scw/deploy.yaml ``` Refer to the [dedicated tutorial](https://www.scaleway.com/en/docs/tutorials/proxy-protocol-v2-load-balancer/#configuring-proxy-protocol-for-ingress-nginx) in the Scaleway documentation for configuring the proxy protocol for ingress-nginx with the Scaleway load balancer. @@ -384,7 +383,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/cloud/deploy.yaml ``` A @@ -411,7 +410,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.4/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), @@ -435,7 +434,9 @@ By default, the controller watches Ingress objects from all namespaces. If you w use the flag `--watch-namespace` or check the Helm chart value `controller.scope` to limit the controller to a single namespace. Although the use of this flag is not popular, one important fact to note is that the secret containing the default-ssl-certificate needs to also be present in the watched namespace(s). -See also [“How to install multiple Ingress controllers in the same cluster”](https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/) for more details. +See also +[“How to easily install multiple instances of the Ingress NGINX controller in the same cluster”](https://kubernetes.github.io/ingress-nginx/#how-to-easily-install-multiple-instances-of-the-ingress-nginx-controller-in-the-same-cluster) +for more details. ### Webhook network access diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index 0136555ce..43726f5a1 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -6,18 +6,18 @@ Do not try to edit it manually. # e2e test suite for [Ingress NGINX Controller](https://github.com/kubernetes/ingress-nginx/tree/main/) -### [[Admission] admission controller](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L38) -- [should not allow overlaps of host and paths without canary annotations](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L46) -- [should allow overlaps of host and paths with canary annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L63) -- [should block ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L84) -- [should return an error if there is an error validating the ingress definition](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L103) -- [should return an error if there is an invalid value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L118) -- [should return an error if there is a forbidden value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L132) -- [should return an error if there is an invalid path and wrong pathType is set](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L146) -- [should not return an error if the Ingress V1 definition is valid with Ingress Class](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L180) -- [should not return an error if the Ingress V1 definition is valid with IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L196) -- [should return an error if the Ingress V1 definition contains invalid annotations](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L214) -- [should not return an error for an invalid Ingress when it has unknown class](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L229) +### [[Admission] admission controller](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L39) +- [should not allow overlaps of host and paths without canary annotations](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L47) +- [should allow overlaps of host and paths with canary annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L64) +- [should block ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L85) +- [should return an error if there is an error validating the ingress definition](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L102) +- [should return an error if there is an invalid value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L116) +- [should return an error if there is a forbidden value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L130) +- [should return an error if there is an invalid path and wrong pathType is set](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L144) +- [should not return an error if the Ingress V1 definition is valid with Ingress Class](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L178) +- [should not return an error if the Ingress V1 definition is valid with IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L194) +- [should return an error if the Ingress V1 definition contains invalid annotations](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L210) +- [should not return an error for an invalid Ingress when it has unknown class](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/admission/admission.go#L224) ### [affinity session-cookie-name](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/affinity.go#L43) - [should set sticky cookie SERVERID](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/affinity.go#L50) - [should change cookie name on ingress definition change](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/affinity.go#L72) @@ -174,11 +174,12 @@ Do not try to edit it manually. - [should redirect from www HTTP to HTTP](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/fromtowwwredirect.go#L38) - [should redirect from www HTTPS to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/fromtowwwredirect.go#L64) ### [backend-protocol - GRPC](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L45) -- [should return OK for service with backend protocol GRPC](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L48) -- [authorization metadata should be overwritten by external auth response headers](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L109) -- [should return OK for service with backend protocol GRPCS](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L170) -- [should return OK when request not exceed timeout](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L237) -- [should return Error when request exceed timeout](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L280) +- [should use grpc_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L48) +- [should return OK for service with backend protocol GRPC](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L71) +- [authorization metadata should be overwritten by external auth response headers](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L132) +- [should return OK for service with backend protocol GRPCS](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L193) +- [should return OK when request not exceed timeout](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L260) +- [should return Error when request exceed timeout](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/grpc.go#L303) ### [http2-push-preload](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/http2pushpreload.go#L27) - [enable the http2-push-preload directive](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/http2pushpreload.go#L34) ### [allowlist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/ipallowlist.go#L27) @@ -221,10 +222,10 @@ Do not try to edit it manually. - [should set valid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L117) - [should not set invalid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L138) - [should turn on proxy-buffering](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L159) -- [should turn off proxy-request-buffering](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L181) -- [should build proxy next upstream](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L196) -- [should setup proxy cookies](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L217) -- [should change the default proxy HTTP version](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L235) +- [should turn off proxy-request-buffering](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L184) +- [should build proxy next upstream](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L199) +- [should setup proxy cookies](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L220) +- [should change the default proxy HTTP version](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L238) ### [proxy-ssl-*](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxyssl.go#L32) - [should set valid proxy-ssl-secret](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxyssl.go#L39) - [should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxyssl.go#L66) @@ -234,6 +235,10 @@ Do not try to edit it manually. ### [permanent-redirect permanent-redirect-code](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/redirect.go#L30) - [should respond with a standard redirect code](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/redirect.go#L33) - [should respond with a custom redirect code](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/redirect.go#L61) +### [relative-redirects](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/relativeredirects.go#L35) +- [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/relativeredirects.go#L43) +- [should respond with absolute URL in Location](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/relativeredirects.go#L61) +- [should respond with relative URL in Location](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/relativeredirects.go#L85) ### [rewrite-target use-regex enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/rewrite.go#L32) - [should write rewrite logs](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/rewrite.go#L39) - [should use correct longest path match](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/rewrite.go#L68) diff --git a/docs/examples/canary/README.md b/docs/examples/canary/README.md index b202c6d42..885991a3b 100644 --- a/docs/examples/canary/README.md +++ b/docs/examples/canary/README.md @@ -31,7 +31,7 @@ spec: spec: containers: - name: production - image: registry.k8s.io/ingress-nginx/e2e-test-echo:v1.2.0@sha256:b2dd9bc9ab0e13795334b2921931ed3c77cc638ca45a95249f1291bf449a0d2a + image: registry.k8s.io/ingress-nginx/e2e-test-echo:v1.1.1@sha256:a1e0152e2eeab26e3f6fd3986f3d82b17bc7711717cae5392dcd18dd447ba6ef ports: - containerPort: 80 env: @@ -97,7 +97,7 @@ spec: spec: containers: - name: canary - image: registry.k8s.io/ingress-nginx/e2e-test-echo:v1.2.0@sha256:b2dd9bc9ab0e13795334b2921931ed3c77cc638ca45a95249f1291bf449a0d2a + image: registry.k8s.io/ingress-nginx/e2e-test-echo:v1.1.1@sha256:a1e0152e2eeab26e3f6fd3986f3d82b17bc7711717cae5392dcd18dd447ba6ef ports: - containerPort: 80 env: diff --git a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml index e0c841e54..d72001d58 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml @@ -6,7 +6,7 @@ defaultBackend: image: registry: registry.k8s.io image: ingress-nginx/custom-error-pages - tag: v1.2.0@sha256:8e87a5e1f7e724bad689e0097b311f9ee23cbb2b28f8a41d4be75c0558819650 + tag: v1.1.1@sha256:8c10776191ae44b5c387b8c7696d8bc17ceec90d7184a3a38b89ac8434b6c56b extraVolumes: - name: custom-error-pages configMap: diff --git a/docs/examples/customization/custom-errors/custom-default-backend.yaml b/docs/examples/customization/custom-errors/custom-default-backend.yaml index fb99d7c94..088ca1374 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml @@ -36,7 +36,7 @@ spec: spec: containers: - name: nginx-error-server - image: registry.k8s.io/ingress-nginx/custom-error-pages:v1.2.0@sha256:8e87a5e1f7e724bad689e0097b311f9ee23cbb2b28f8a41d4be75c0558819650 + image: registry.k8s.io/ingress-nginx/custom-error-pages:v1.1.1@sha256:8c10776191ae44b5c387b8c7696d8bc17ceec90d7184a3a38b89ac8434b6c56b ports: - containerPort: 8080 # Setting the environment variable DEBUG we can see the headers sent diff --git a/docs/examples/customization/external-auth-headers/echo-service.yaml b/docs/examples/customization/external-auth-headers/echo-service.yaml index aa8f907b5..10244458d 100644 --- a/docs/examples/customization/external-auth-headers/echo-service.yaml +++ b/docs/examples/customization/external-auth-headers/echo-service.yaml @@ -18,7 +18,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: echo-service - image: registry.k8s.io/ingress-nginx/e2e-test-echo:v1.2.0@sha256:b2dd9bc9ab0e13795334b2921931ed3c77cc638ca45a95249f1291bf449a0d2a + image: registry.k8s.io/ingress-nginx/e2e-test-echo:v1.1.1@sha256:a1e0152e2eeab26e3f6fd3986f3d82b17bc7711717cae5392dcd18dd447ba6ef ports: - containerPort: 8080 resources: diff --git a/docs/examples/customization/jwt/README.md b/docs/examples/customization/jwt/README.md index 1fd1ee00f..a751ccb7b 100644 --- a/docs/examples/customization/jwt/README.md +++ b/docs/examples/customization/jwt/README.md @@ -22,7 +22,7 @@ In nginx, we want to modify the property `proxy-buffer-size`. The size is arbitr that a high value can lower the performance of your ingress proxy. In general a value of 16k should get you covered. ### Using helm -If you're using helm you can simply use the [`config` properties](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml#L56). +If you're using helm you can simply use the [`config` properties](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml#L37). ```yaml # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ config: @@ -45,4 +45,4 @@ data: ``` References: - * [Custom Configuration](../custom-configuration/) + * [Custom Configuration](../custom-configuration/) \ No newline at end of file diff --git a/docs/examples/customization/sysctl/patch.json b/docs/examples/customization/sysctl/patch.json index 6f03fbff8..69482c7be 100644 --- a/docs/examples/customization/sysctl/patch.json +++ b/docs/examples/customization/sysctl/patch.json @@ -4,7 +4,7 @@ "spec": { "initContainers": [{ "name": "sysctl", - "image": "alpine:3.22", + "image": "alpine:3.21", "securityContext": { "privileged": true }, diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index 1f4188be9..4ad2795cf 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -1,7 +1,6 @@ # Monitoring Two different methods to install and configure Prometheus and Grafana are described in this doc. - * Prometheus and Grafana installation using Pod Annotations. This installs Prometheus and Grafana in the same namespace as NGINX Ingress * Prometheus and Grafana installation using Service Monitors. This installs Prometheus and Grafana in two different namespaces. This is the preferred method, and helm charts supports this by default. @@ -16,7 +15,7 @@ This tutorial will show you how to install [Prometheus](https://prometheus.io/) - The Ingress-Nginx Controller should already be deployed according to the deployment instructions [here](../deploy/index.md). -- The controller should be configured for exporting metrics. This requires 3 configurations to the controller. These configurations are: +- The controller should be configured for exporting metrics. This requires 3 configurations to the controller. These configurations are : 1. controller.metrics.enabled=true 2. controller.podAnnotations."prometheus.io/scrape"="true" 3. controller.podAnnotations."prometheus.io/port"="10254" @@ -73,9 +72,6 @@ This tutorial will show you how to install [Prometheus](https://prometheus.io/) spec: containers: - name: controller - args: - .. - - '--enable-metrics=true' ports: - name: prometheus containerPort: 10254 diff --git a/docs/user-guide/nginx-configuration/annotations-risk.md b/docs/user-guide/nginx-configuration/annotations-risk.md index 3e3b93986..aff9357b8 100755 --- a/docs/user-guide/nginx-configuration/annotations-risk.md +++ b/docs/user-guide/nginx-configuration/annotations-risk.md @@ -73,6 +73,7 @@ | Proxy | proxy-buffer-size | Low | location | | Proxy | proxy-buffering | Low | location | | Proxy | proxy-buffers-number | Low | location | +| Proxy | proxy-busy-buffers-size | Low | location | | Proxy | proxy-connect-timeout | Low | location | | Proxy | proxy-cookie-domain | Medium | location | | Proxy | proxy-cookie-path | Medium | location | @@ -103,6 +104,7 @@ | Redirect | from-to-www-redirect | Low | location | | Redirect | permanent-redirect | Medium | location | | Redirect | permanent-redirect-code | Low | location | +| Redirect | relative-redirects | Low | location | | Redirect | temporal-redirect | Medium | location | | Redirect | temporal-redirect-code | Low | location | | Rewrite | app-root | Medium | location | diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 92ec6dfcb..b0ea3cce3 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -116,6 +116,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/proxy-buffering](#proxy-buffering)|string| |[nginx.ingress.kubernetes.io/proxy-buffers-number](#proxy-buffers-number)|number| |[nginx.ingress.kubernetes.io/proxy-buffer-size](#proxy-buffer-size)|string| +|[nginx.ingress.kubernetes.io/proxy-busy-buffers-size](#proxy-busy-buffers-size)|string| |[nginx.ingress.kubernetes.io/proxy-max-temp-file-size](#proxy-max-temp-file-size)|string| |[nginx.ingress.kubernetes.io/ssl-ciphers](#ssl-ciphers)|string| |[nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers](#ssl-ciphers)|"true" or "false"| @@ -538,9 +539,8 @@ nginx.ingress.kubernetes.io/auth-snippet: | #### Global External Authentication -By default the controller redirects all requests to an existing service that provides authentication if `global-auth-url` is set in the Ingress NGINX ConfigMap. If you want to disable this behavior for that Ingress, you can use the `nginx.ingress.kubernetes.io/enable-global-auth: "false"` annotation. - -- `nginx.ingress.kubernetes.io/enable-global-auth`: +By default the controller redirects all requests to an existing service that provides authentication if `global-auth-url` is set in the NGINX ConfigMap. If you want to disable this behavior for that ingress, you can use `enable-global-auth: "false"` in the NGINX ConfigMap. +`nginx.ingress.kubernetes.io/enable-global-auth`: indicates if GlobalExternalAuth configuration should be applied or not to this Ingress rule. Default values is set to `"true"`. !!! note @@ -748,6 +748,18 @@ To configure this setting globally, set `proxy-buffer-size` in [NGINX ConfigMap] nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" ``` +### Proxy busy buffers size + +[Limits the total size of buffers that can be busy](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_busy_buffers_size) sending a response to the client while the response is not yet fully read. + +By default proxy busy buffers size is set as "8k". + +To configure this setting globally, set `proxy-busy-buffers-size` in the [ConfigMap](./configmap.md#proxy-busy-buffers-size). To use custom values in an Ingress rule, define this annotation: + +```yaml +nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "16k" +``` + ### Proxy max temp file size When [`buffering`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) of responses from the proxied server is enabled, and the whole response does not fit into the buffers set by the [`proxy_buffer_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [`proxy_buffers`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directives, a part of the response can be saved to a temporary file. This directive sets the maximum `size` of the temporary file setting the [`proxy_max_temp_file_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size). The size of data written to the temporary file at a time is set by the [`proxy_temp_file_write_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_file_write_size) directive. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index aa877d5a8..d8b4f6693 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -179,6 +179,7 @@ The following table shows a configuration option's name, type, and the default v | [proxy-send-timeout](#proxy-send-timeout) | int | 60 | | | [proxy-buffers-number](#proxy-buffers-number) | int | 4 | | | [proxy-buffer-size](#proxy-buffer-size) | string | "4k" | | +| [proxy-busy-buffers-size](#proxy-busy-buffers-size) | string | "8k" | | | [proxy-cookie-path](#proxy-cookie-path) | string | "off" | | | [proxy-cookie-domain](#proxy-cookie-domain) | string | "off" | | | [proxy-next-upstream](#proxy-next-upstream) | string | "error timeout" | | @@ -223,6 +224,7 @@ The following table shows a configuration option's name, type, and the default v | [debug-connections](#debug-connections) | []string | "127.0.0.1,1.1.1.1/24" | | | [strict-validate-path-type](#strict-validate-path-type) | bool | "true" | | | [grpc-buffer-size-kb](#grpc-buffer-size-kb) | int | 0 | | +| [relative-redirects](#relative-redirects) | bool | false | | ## add-headers @@ -1108,6 +1110,10 @@ Sets the number of the buffer used for [reading the first part of the response]( Sets the size of the buffer used for [reading the first part of the response](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) received from the proxied server. This part usually contains a small response header. +## proxy-busy-buffers-size + +[Limits the total size of buffers that can be busy](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_busy_buffers_size) sending a response to the client while the response is not yet fully read. + ## proxy-cookie-path Sets a text that [should be changed in the path attribute](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path) of the “Set-Cookie” header fields of a proxied server response. @@ -1382,3 +1388,14 @@ Sets the configuration for the GRPC Buffer Size parameter. If not set it will us _References:_ [https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size) + +## relative-redirects + +Use relative redirects instead of absolute redirects. Absolute redirects are the default in nginx. RFC7231 allows relative redirects since 2014. +Similar to the Ingress rule annotation `nginx.ingress.kubernetes.io/relative-redirects`. + +_**default:**_ "false" + +_References:_ +- [https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect) +- [https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.2](https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.2) diff --git a/docs/user-guide/third-party-addons/opentelemetry.md b/docs/user-guide/third-party-addons/opentelemetry.md index 7ca8c8aac..255ba1ffa 100644 --- a/docs/user-guide/third-party-addons/opentelemetry.md +++ b/docs/user-guide/third-party-addons/opentelemetry.md @@ -42,7 +42,7 @@ otlp-collector-host: "otel-coll-collector.otel.svc" NOTE: While the option is called `otlp-collector-host`, you will need to point this to any backend that receives otlp-grpc. Next you will need to deploy a distributed telemetry system which uses OpenTelemetry. -[opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector), [Jaeger](https://www.jaegertracing.io/), +[opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector), [Jaeger](https://www.jaegertracing.io/) [Tempo](https://github.com/grafana/tempo), and [zipkin](https://zipkin.io/) have been tested. @@ -51,7 +51,7 @@ Other optional configuration options: # specifies the name to use for the server span opentelemetry-operation-name -# sets whether or not to trust incoming telemetry spans, Default: true +# sets whether or not to trust incoming telemetry spans opentelemetry-trust-incoming-span # specifies the port to use when uploading traces, Default: 4317 @@ -60,23 +60,26 @@ otlp-collector-port # specifies the service name to use for any traces created, Default: nginx otel-service-name -# The maximum queue size. After the size is reached data are dropped, Default: 2048 +# The maximum queue size. After the size is reached data are dropped. otel-max-queuesize -# The delay interval in milliseconds between two consecutive exports, Default: 5000 +# The delay interval in milliseconds between two consecutive exports. otel-schedule-delay-millis -# The maximum batch size of every export. It must be smaller or equal to maxQueueSize, Default: 512 +# How long the export can run before it is cancelled. +otel-schedule-delay-millis + +# The maximum batch size of every export. It must be smaller or equal to maxQueueSize. otel-max-export-batch-size # specifies sample rate for any traces created, Default: 0.01 otel-sampler-ratio # specifies the sampler to be used when sampling traces. -# The available samplers are: AlwaysOn, AlwaysOff, TraceIdRatioBased, Default: AlwaysOn +# The available samplers are: AlwaysOn, AlwaysOff, TraceIdRatioBased, Default: AlwaysOff otel-sampler -# Uses sampler implementation which by default will take a sample if parent Activity is sampled, Default: true +# Uses sampler implementation which by default will take a sample if parent Activity is sampled, Default: false otel-sampler-parent-based ``` diff --git a/go.mod b/go.mod index b4fbf85ef..34584bbf9 100644 --- a/go.mod +++ b/go.mod @@ -1,145 +1,137 @@ module k8s.io/ingress-nginx -go 1.24.4 +go 1.23.6 require ( - dario.cat/mergo v1.0.2 + dario.cat/mergo v1.0.1 github.com/armon/go-proxyproto v0.1.0 github.com/eapache/channels v1.1.0 - github.com/fsnotify/fsnotify v1.9.0 - github.com/google/go-github/v48 v48.2.0 - github.com/helm/helm v2.17.0+incompatible + github.com/fsnotify/fsnotify v1.8.0 github.com/json-iterator/go v1.1.12 github.com/kylelemons/godebug v1.1.0 - github.com/magefile/mage v1.15.0 github.com/mitchellh/go-ps v1.0.0 github.com/mitchellh/hashstructure/v2 v2.0.2 github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c - github.com/ncabatoff/process-exporter v0.8.7 - github.com/onsi/ginkgo/v2 v2.23.4 - github.com/opencontainers/cgroups v0.0.3 + github.com/ncabatoff/process-exporter v0.8.5 + github.com/onsi/ginkgo/v2 v2.22.2 + github.com/opencontainers/runc v1.2.5 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 - github.com/prometheus/client_golang v1.22.0 - github.com/prometheus/client_model v0.6.2 - github.com/prometheus/common v0.65.0 + github.com/prometheus/client_golang v1.20.5 + github.com/prometheus/client_model v0.6.1 + github.com/prometheus/common v0.62.0 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 github.com/stretchr/testify v1.10.0 - github.com/vmware-labs/yaml-jsonpath v0.3.2 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 - golang.org/x/crypto v0.39.0 - google.golang.org/grpc v1.73.0 + golang.org/x/crypto v0.33.0 + google.golang.org/grpc v1.70.0 + google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.33.2 - k8s.io/apiextensions-apiserver v0.33.2 - k8s.io/apimachinery v0.33.2 - k8s.io/apiserver v0.33.2 - k8s.io/cli-runtime v0.33.2 - k8s.io/client-go v0.33.2 - k8s.io/code-generator v0.33.2 - k8s.io/component-base v0.33.2 + k8s.io/api v0.32.2 + k8s.io/apiextensions-apiserver v0.32.2 + k8s.io/apimachinery v0.32.2 + k8s.io/apiserver v0.32.2 + k8s.io/cli-runtime v0.32.2 + k8s.io/client-go v0.32.2 + k8s.io/code-generator v0.32.2 + k8s.io/component-base v0.32.2 k8s.io/klog/v2 v2.130.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 - sigs.k8s.io/controller-runtime v0.21.0 + sigs.k8s.io/controller-runtime v0.20.2 sigs.k8s.io/mdtoc v1.4.0 ) require ( - github.com/Masterminds/semver v1.5.0 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect - github.com/dprotaso/go-yit v0.0.0-20250513224043-18a80f8f6df4 // indirect - github.com/fxamacker/cbor/v2 v2.8.0 // indirect - github.com/ghodss/yaml v1.0.0 // indirect - github.com/gobwas/glob v0.2.3 // indirect - github.com/google/go-querystring v1.1.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/moby/sys/userns v0.1.0 // indirect github.com/x448/float16 v0.8.4 // indirect - go.opentelemetry.io/otel v1.37.0 // indirect - go.opentelemetry.io/otel/trace v1.37.0 // indirect - go.uber.org/automaxprocs v1.6.0 // indirect + go.opentelemetry.io/otel v1.32.0 // indirect + go.opentelemetry.io/otel/trace v1.32.0 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/helm v2.17.0+incompatible // indirect - sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/release-utils v0.8.3 // indirect ) require ( - github.com/Anddd7/pb v0.0.0-20250506021228-7e355c18f206 - github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect - github.com/BurntSushi/toml v1.5.0 // indirect + github.com/Anddd7/pb v0.0.0-20240425032658-369b0f6a404c + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/blang/semver/v4 v4.0.0 + github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cyphar/filepath-securejoin v0.4.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/eapache/queue v1.1.0 // indirect - github.com/emicklei/go-restful/v3 v3.12.2 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa // indirect github.com/go-errors/errors v1.5.1 // indirect - github.com/go-logr/logr v1.4.3 // indirect - github.com/go-openapi/jsonpointer v0.21.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/swag v0.23.1 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/gomarkdown/markdown v0.0.0-20240328165702-4d01890c35c0 // indirect github.com/google/btree v1.1.3 // indirect - github.com/google/gnostic-models v0.6.9 // indirect - github.com/google/go-cmp v0.7.0 // indirect - github.com/google/pprof v0.0.0-20250607225305-033d6d78b36a // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect - github.com/mailru/easyjson v0.9.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.19 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect - github.com/moby/sys/mountinfo v0.7.2 // indirect - github.com/moby/term v0.5.2 // indirect + github.com/moby/sys/mountinfo v0.7.1 // indirect + github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect + github.com/onsi/ginkgo v1.16.5 // indirect + github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/procfs v0.16.1 // indirect - github.com/sergi/go-diff v1.4.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/sergi/go-diff v1.3.1 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/xlab/treeprint v1.2.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect github.com/yudai/pp v2.0.1+incompatible // indirect - golang.org/x/mod v0.25.0 // indirect - golang.org/x/net v0.41.0 // indirect - golang.org/x/oauth2 v0.30.0 - golang.org/x/sync v0.15.0 // indirect - golang.org/x/sys v0.33.0 // indirect - golang.org/x/term v0.32.0 // indirect - golang.org/x/text v0.26.0 // indirect - golang.org/x/time v0.12.0 // indirect - golang.org/x/tools v0.34.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect - google.golang.org/protobuf v1.36.6 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/net v0.33.0 // indirect + golang.org/x/oauth2 v0.24.0 // indirect + golang.org/x/sync v0.11.0 // indirect + golang.org/x/sys v0.30.0 // indirect + golang.org/x/term v0.29.0 // indirect + golang.org/x/text v0.22.0 // indirect + golang.org/x/time v0.7.0 // indirect + golang.org/x/tools v0.28.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v3 v3.0.1 - k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 // indirect - k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect - sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect - sigs.k8s.io/kustomize/api v0.19.0 // indirect - sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/kustomize/api v0.18.0 // indirect + sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 83c7063cc..6e933d349 100644 --- a/go.sum +++ b/go.sum @@ -1,13 +1,11 @@ -dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= -dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= -github.com/Anddd7/pb v0.0.0-20250506021228-7e355c18f206 h1:Q6bRlF05+gv0dEhIj9XAlgRsmuPF4sKS6yp5aD333aw= -github.com/Anddd7/pb v0.0.0-20250506021228-7e355c18f206/go.mod h1:vYWKbnXd2KAZHUECLPzSE0Er3FgiEmOdPtxwSIRihck= -github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= -github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= -github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= -github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= -github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +github.com/Anddd7/pb v0.0.0-20240425032658-369b0f6a404c h1:uhBf0CHXi7nCFZXxHV7l1cBcYFEEVRK4FYxvm1l9lKg= +github.com/Anddd7/pb v0.0.0-20240425032658-369b0f6a404c/go.mod h1:vYWKbnXd2KAZHUECLPzSE0Er3FgiEmOdPtxwSIRihck= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/armon/go-proxyproto v0.1.0 h1:TWWcSsjco7o2itn6r25/5AqKBiWmsiuzsUDLT/MTl7k= github.com/armon/go-proxyproto v0.1.0/go.mod h1:Xj90dce2VKbHzRAeiVQAMBtj4M5oidoXJ8lmgyW21mw= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -29,78 +27,77 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960/go.mod h1:9HQzr9D/0PGwMEbC3d5AB7oi67+h4TsQqItC1GVYG58= -github.com/dprotaso/go-yit v0.0.0-20250513224043-18a80f8f6df4 h1:JzpdVajvTuXQXL10D0vId1ZcW9alSJ3H0CnZczzz4ec= -github.com/dprotaso/go-yit v0.0.0-20250513224043-18a80f8f6df4/go.mod h1:lHwJo6jMevQL9tNpW6vLyhkK13bYHBcoh9tUakMhbnE= github.com/eapache/channels v1.1.0 h1:F1taHcn7/F0i8DYqKXJnyhJcVpp2kgFcNePxXtnyu4k= github.com/eapache/channels v1.1.0/go.mod h1:jMm2qB5Ubtg9zLd+inMZd2/NUvXgzmWXsDaLyQIGfH0= github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= -github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= -github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU= -github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= -github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= -github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= -github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic= -github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= -github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomarkdown/markdown v0.0.0-20240328165702-4d01890c35c0 h1:4gjrh/PN2MuWCCElk8/I4OCKRKWCCo2zEct3VKCbibU= github.com/gomarkdown/markdown v0.0.0-20240328165702-4d01890c35c0/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= -github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-github/v48 v48.2.0 h1:68puzySE6WqUY9KWmpOsDEQfDZsso98rT6pZcz9HqcE= -github.com/google/go-github/v48 v48.2.0/go.mod h1:dDlehKBDo850ZPvCTK0sEqTCVWcrGl2LcDiajkYi89Y= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20250607225305-033d6d78b36a h1://KbezygeMJZCSHH+HgUZiTeSoiuFspbMg1ge+eFj18= -github.com/google/pprof v0.0.0-20250607225305-033d6d78b36a/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/helm/helm v2.17.0+incompatible h1:0iy95yMXrfWpwaoOA9XRP+cTvitTrq+LcJV9DvR5n1Y= -github.com/helm/helm v2.17.0+incompatible/go.mod h1:ahXhuvluW4YnSL6W6hDVetZsVK8Pv4BP8OwKli7aMqo= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -110,8 +107,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= -github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -123,10 +120,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg= -github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= -github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= -github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= @@ -140,12 +135,12 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mmarkdown/mmark v2.0.40+incompatible h1:vMeUeDzBK3H+/mU0oMVfMuhSXJlIA+DE/DMPQNAj5C4= github.com/mmarkdown/mmark v2.0.40+incompatible/go.mod h1:Uvmoz7tvsWpr7bMVxIpqZPyN3FbOtzDmnsJDFp7ltJs= -github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= -github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= +github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= +github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= -github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= -github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= +github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= +github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -159,21 +154,25 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 h1:t4WWQ9I797y7QUgeEjeXnVb+oYuEDQc6gLvrZJTYo94= github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833/go.mod h1:0CznHmXSjMEqs5Tezj/w2emQoM41wzYM9KpDKUHPYag= -github.com/ncabatoff/process-exporter v0.8.7 h1:V+Xtlq7Q9ticzNtkIR9fUlyNxD+rQLs1P8qzumsCWQI= -github.com/ncabatoff/process-exporter v0.8.7/go.mod h1:tzUO/+OadS/ynh8xu2lO66zb72a8x0VrIWLPddKGilU= -github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= -github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= +github.com/ncabatoff/process-exporter v0.8.5 h1:Hk1sflgRWn0Xrh/OsupQLVVCTW01kv0YYrGxu7NvkmM= +github.com/ncabatoff/process-exporter v0.8.5/go.mod h1:IZndG/m2Y++D90y99NhDJfg0SOkpbx/Fl6MlnBr4SC0= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus= -github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y= -github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0= -github.com/opencontainers/cgroups v0.0.3 h1:Jc9dWh/0YLGjdy6J/9Ln8NM5BfTA4W2BY0GMozy3aDU= -github.com/opencontainers/cgroups v0.0.3/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= +github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU= +github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= +github.com/opencontainers/runc v1.2.5 h1:8KAkq3Wrem8bApgOHyhRI/8IeLXIfmZ6Qaw6DNSLnA4= +github.com/opencontainers/runc v1.2.5/go.mod h1:dOQeFo29xZKBNeRBI0B19mJtfHv68YgCTh1X+YphA+4= +github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= +github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -181,22 +180,19 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= -github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= -github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= -github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= -github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= -github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE= -github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= -github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= -github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= +github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= -github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= @@ -214,8 +210,6 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/vmware-labs/yaml-jsonpath v0.3.2 h1:/5QKeCBGdsInyDCyVNLbXyilb61MXGi9NP674f9Hobk= -github.com/vmware-labs/yaml-jsonpath v0.3.2/go.mod h1:U6whw1z03QyqgWdgXxvVnQ90zN1BWz5V+51Ewf8k+rQ= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= @@ -230,20 +224,16 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 h1:rzHvkiukOVYcf840FqAsHqBMhfLofvQIxWtczkGRklU= github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30/go.mod h1:/Hzu8ych2oXCs1iNI+MeASyFzWTncQ6nlu/wgqbqC2A= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= -go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= -go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= -go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= -go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= -go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= +go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= +go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= +go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= +go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= +go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= +go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= +go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= +go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= +go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= +go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -253,63 +243,79 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= -golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= -golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= -golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= -golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= -golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= -golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= -google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a h1:hgh8P4EuoxpsuKMXX/To36nOFD7vixReXgn8lPGnt+o= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= +google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= +google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= +google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab/go.mod h1:liVNnGuZDITxuksuZ+BBvdy7FcJfeNk+efF9qgqNUmc= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -327,59 +333,52 @@ gopkg.in/mcuadros/go-syslog.v2 v2.3.0 h1:kcsiS+WsTKyIEPABJBJtoG0KkOS6yzvJ+/eZlhD gopkg.in/mcuadros/go-syslog.v2 v2.3.0/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20191026110619-0b21df46bc1d/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.33.2 h1:YgwIS5jKfA+BZg//OQhkJNIfie/kmRsO0BmNaVSimvY= -k8s.io/api v0.33.2/go.mod h1:fhrbphQJSM2cXzCWgqU29xLDuks4mu7ti9vveEnpSXs= -k8s.io/apiextensions-apiserver v0.33.2 h1:6gnkIbngnaUflR3XwE1mCefN3YS8yTD631JXQhsU6M8= -k8s.io/apiextensions-apiserver v0.33.2/go.mod h1:IvVanieYsEHJImTKXGP6XCOjTwv2LUMos0YWc9O+QP8= -k8s.io/apimachinery v0.33.2 h1:IHFVhqg59mb8PJWTLi8m1mAoepkUNYmptHsV+Z1m5jY= -k8s.io/apimachinery v0.33.2/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= -k8s.io/apiserver v0.33.2 h1:KGTRbxn2wJagJowo29kKBp4TchpO1DRO3g+dB/KOJN4= -k8s.io/apiserver v0.33.2/go.mod h1:9qday04wEAMLPWWo9AwqCZSiIn3OYSZacDyu/AcoM/M= -k8s.io/cli-runtime v0.33.2 h1:koNYQKSDdq5AExa/RDudXMhhtFasEg48KLS2KSAU74Y= -k8s.io/cli-runtime v0.33.2/go.mod h1:gnhsAWpovqf1Zj5YRRBBU7PFsRc6NkEkwYNQE+mXL88= -k8s.io/client-go v0.33.2 h1:z8CIcc0P581x/J1ZYf4CNzRKxRvQAwoAolYPbtQes+E= -k8s.io/client-go v0.33.2/go.mod h1:9mCgT4wROvL948w6f6ArJNb7yQd7QsvqavDeZHvNmHo= -k8s.io/code-generator v0.33.2 h1:PCJ0Y6viTCxxJHMOyGqYwWEteM4q6y1Hqo2rNpl6jF4= -k8s.io/code-generator v0.33.2/go.mod h1:hBjCA9kPMpjLWwxcr75ReaQfFXY8u+9bEJJ7kRw3J8c= -k8s.io/component-base v0.33.2 h1:sCCsn9s/dG3ZrQTX/Us0/Sx2R0G5kwa0wbZFYoVp/+0= -k8s.io/component-base v0.33.2/go.mod h1:/41uw9wKzuelhN+u+/C59ixxf4tYQKW7p32ddkYNe2k= -k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 h1:2OX19X59HxDprNCVrWi6jb7LW1PoqTlYqEq5H2oetog= -k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= -k8s.io/helm v2.17.0+incompatible h1:Bpn6o1wKLYqKM3+Osh8e+1/K2g/GsQJ4F4yNF2+deao= -k8s.io/helm v2.17.0+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= +k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= +k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y= +k8s.io/apiextensions-apiserver v0.32.2 h1:2YMk285jWMk2188V2AERy5yDwBYrjgWYggscghPCvV4= +k8s.io/apiextensions-apiserver v0.32.2/go.mod h1:GPwf8sph7YlJT3H6aKUWtd0E+oyShk/YHWQHf/OOgCA= +k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= +k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apiserver v0.32.2 h1:WzyxAu4mvLkQxwD9hGa4ZfExo3yZZaYzoYvvVDlM6vw= +k8s.io/apiserver v0.32.2/go.mod h1:PEwREHiHNU2oFdte7BjzA1ZyjWjuckORLIK/wLV5goM= +k8s.io/cli-runtime v0.32.2 h1:aKQR4foh9qeyckKRkNXUccP9moxzffyndZAvr+IXMks= +k8s.io/cli-runtime v0.32.2/go.mod h1:a/JpeMztz3xDa7GCyyShcwe55p8pbcCVQxvqZnIwXN8= +k8s.io/client-go v0.32.2 h1:4dYCD4Nz+9RApM2b/3BtVvBHw54QjMFUl1OLcJG5yOA= +k8s.io/client-go v0.32.2/go.mod h1:fpZ4oJXclZ3r2nDOv+Ux3XcJutfrwjKTCHz2H3sww94= +k8s.io/code-generator v0.32.2 h1:CIvyPrLWP7cMgrqval2qYT839YAwCDeSvGfXgWSNpHQ= +k8s.io/code-generator v0.32.2/go.mod h1:plh7bWk7JztAUkHM4zpbdy0KOMdrhsePcZL2HLWFH7Y= +k8s.io/component-base v0.32.2 h1:1aUL5Vdmu7qNo4ZsE+569PV5zFatM9hl+lb3dEea2zU= +k8s.io/component-base v0.32.2/go.mod h1:PXJ61Vx9Lg+P5mS8TLd7bCIr+eMJRQTyXe8KvkrvJq0= +k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 h1:si3PfKm8dDYxgfbeA6orqrtLkvvIeH8UqffFJDl0bz4= +k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a h1:ZV3Zr+/7s7aVbjNGICQt+ppKWsF1tehxggNfbM7XnG8= -k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg= -sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= -sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ= -sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o= -sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XSlA= -sigs.k8s.io/kustomize/kyaml v0.19.0/go.mod h1:FeKD5jEOH+FbZPpqUghBP8mrLjJ3+zD3/rf9NNu1cwY= +sigs.k8s.io/controller-runtime v0.20.2 h1:/439OZVxoEc02psi1h4QO3bHzTgu49bb347Xp4gW1pc= +sigs.k8s.io/controller-runtime v0.20.2/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo= +sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U= +sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E= +sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo= sigs.k8s.io/mdtoc v1.4.0 h1:2pDEwJSjoVrGr5BPkG+LoLkYLKvgtGYurrBY8ul3SxQ= sigs.k8s.io/mdtoc v1.4.0/go.mod h1:KVnRRtK1rX9aQ95qF0rt3x2ytTxf3r7W7N41H+0KF0k= -sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= -sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/release-utils v0.8.3 h1:KtOtA4qDmzJyeQ2zkDsFVI25+NViwms/o5eL2NftFdA= sigs.k8s.io/release-utils v0.8.3/go.mod h1:fp82Fma06OXBhEJ+GUJKqvcplDBomruK1R/1fWJnsrQ= -sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI= -sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/hack/init-buildx.sh b/hack/init-buildx.sh new file mode 100755 index 000000000..bac68e1ae --- /dev/null +++ b/hack/init-buildx.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +# Copyright 2020 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ -n "$DEBUG" ]; then + set -x +fi + +set -o errexit +set -o nounset +set -o pipefail + +export DOCKER_CLI_EXPERIMENTAL=enabled + +if ! docker buildx 2>&1 >/dev/null; then + echo "buildx not available. Docker 19.03 or higher is required with experimental features enabled" + exit 1 +fi + +# Ensure qemu is in binfmt_misc +# Docker desktop already has these in versions recent enough to have buildx +# We only need to do this setup on linux hosts +if [ "$(uname)" == 'Linux' ]; then + # NOTE: this is pinned to a digest for a reason! + # Note2 (@rikatz) - Removing the pin, as apparently it's breaking new alpine builds + # docker run --rm --privileged multiarch/qemu-user-static@sha256:28ebe2e48220ae8fd5d04bb2c847293b24d7fbfad84f0b970246e0a4efd48ad6 --reset -p yes + docker run --rm --privileged multiarch/qemu-user-static --reset -p yes +fi + +# We can skip setup if the current builder already has multi-arch +# AND if it isn't the docker driver, which doesn't work +current_builder="$(docker buildx inspect)" +# linux/amd64, linux/arm, linux/arm64 +if ! grep -q "^Driver: docker$" <<<"${current_builder}" && \ + grep -q "linux/amd64" <<<"${current_builder}" && \ + grep -q "linux/arm" <<<"${current_builder}" && \ + grep -q "linux/arm64" <<<"${current_builder}"; then + exit 0 +fi + + +# Ensure we use a builder that can leverage it (the default on linux will not) +docker buildx rm ingress-nginx || true +docker buildx create --use --name=ingress-nginx diff --git a/hack/manifest-templates/provider/kind/values.yaml b/hack/manifest-templates/provider/kind/values.yaml index ed636f372..6140f6500 100644 --- a/hack/manifest-templates/provider/kind/values.yaml +++ b/hack/manifest-templates/provider/kind/values.yaml @@ -8,11 +8,9 @@ controller: enabled: true terminationGracePeriodSeconds: 0 service: - type: NodePort + type: LoadBalancer watchIngressWithoutClass: true - nodeSelector: - ingress-ready: "true" tolerations: - key: "node-role.kubernetes.io/master" operator: "Equal" diff --git a/images/Makefile b/images/Makefile index 89d98f7a2..31560168d 100644 --- a/images/Makefile +++ b/images/Makefile @@ -1,4 +1,4 @@ -# Copyright 2025 The Kubernetes Authors. All rights reserved. +# Copyright 2024 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,51 +12,75 @@ # See the License for the specific language governing permissions and # limitations under the License. +.DEFAULT_GOAL:=build + +# set default shell +SHELL=/bin/bash -o pipefail -o errexit + +DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) +INIT_BUILDX=$(DIR)/../hack/init-buildx.sh + + +BASE_IMAGE = $(shell cat $(DIR)/../NGINX_BASE) + +# The env below is called GO_VERSION and not GOLANG_VERSION because +# the gcb image we use to build already defines GOLANG_VERSION and is a +# really old version +GO_VERSION = $(shell cat $(DIR)/../GOLANG_VERSION) + +REGISTRY ?= local NAME ?= -BUILDER ?= ingress-nginx -PLATFORMS ?= linux/amd64,linux/arm,linux/arm64 -REGISTRY ?= us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx -IMAGE ?= $(REGISTRY)/$(NAME) +IMAGE = $(REGISTRY)/$(NAME) TAG ?= $(shell cat $(NAME)/TAG) -DIR = $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -BASE_IMAGE ?= $(shell cat $(DIR)/../NGINX_BASE) -GOLANG_VERSION ?= $(shell cat $(DIR)/../GOLANG_VERSION) EXTRAARGS ?= $(shell cat $(NAME)/EXTRAARGS) -.PHONY: builder -builder: - docker buildx create --name $(BUILDER) --bootstrap || : - docker buildx inspect $(BUILDER) -.PHONY: build -build: builder +# required to enable buildx +export DOCKER_CLI_EXPERIMENTAL=enabled + +# build with buildx +PLATFORMS?=linux/amd64,linux/arm,linux/arm64 +OUTPUT= +PROGRESS=plain + + +precheck: +ifndef NAME + $(error NAME variable is required) +endif + +build: precheck ensure-buildx docker buildx build \ - --builder $(BUILDER) \ - --platform $(PLATFORMS) \ - --label org.opencontainers.image.description="Ingress NGINX $(NAME)" \ - --label org.opencontainers.image.source="https://github.com/kubernetes/ingress-nginx" \ - --label org.opencontainers.image.licenses="Apache-2.0" \ + --label=org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx \ + --label=org.opencontainers.image.licenses=Apache-2.0 \ + --label=org.opencontainers.image.description="Ingress NGINX $(NAME) image" \ --build-arg BASE_IMAGE=$(BASE_IMAGE) \ - --build-arg GOLANG_VERSION=$(GOLANG_VERSION) \ - $(EXTRAARGS) \ - $(NAME)/rootfs \ - --tag $(IMAGE):$(TAG) \ - $(OUTPUT) + --build-arg GOLANG_VERSION=$(GO_VERSION) \ + --platform=${PLATFORMS} $(OUTPUT) \ + --progress=$(PROGRESS) \ + --pull $(EXTRAARGS) \ + -t $(IMAGE):$(TAG) $(NAME)/rootfs -.PHONY: push -push: OUTPUT = --push +# push the cross built image +push: OUTPUT=--push push: build -.PHONY: test -test: +test: precheck cd $(NAME)/rootfs && go test ./... -.PHONY: test-e2e -test-e2e: - cd $(NAME) && hack/e2e.sh +test-e2e: precheck + cd $(NAME) && ./hack/e2e.sh -.PHONY: clean -clean: - docker buildx rm $(BUILDER) || : +# enable buildx +ensure-buildx: +# this is required for cloudbuild +ifeq ("$(wildcard $(INIT_BUILDX))","") + @curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash +else + @exec $(INIT_BUILDX) +endif + @echo "done" + +.PHONY: build push ensure-buildx test test-e2e precheck diff --git a/images/README.md b/images/README.md index 5a845a0dd..e7e5f71a6 100644 --- a/images/README.md +++ b/images/README.md @@ -11,12 +11,13 @@ -Directory | Purpose ----------------------- | ------------------------------------------------------------------ -cfssl | Image to run cfssl commands -custom-error-pages | Example of Custom error pages for the Ingress-Nginx Controller -fastcgi-helloserver | FastCGI application for e2e tests -go-grpc-greeter-server | grpc server application for the nginx-ingress grpc example -httpbun | A simple HTTP Request & Response Service for e2e tests -nginx | NGINX base image using [alpine linux](https://www.alpinelinux.org) -test-runner | Image to run e2e tests +Directory | Purpose +------------ | ------------- +custom-error-pages | Example of Custom error pages for the Ingress-Nginx Controller +e2e | Image to run e2e tests +fastcgi-helloserver | FastCGI application for e2e tests +grpc-fortune-teller | grpc server application for the nginx-ingress grpc example +httpbun | A simple HTTP Request & Response Service for e2e tests +httpbin | [Removed] we are no longer maintaining the httpbin image due to project being unmaintained +nginx | NGINX base image using [alpine linux](https://www.alpinelinux.org) +cfssl | Image to run cfssl commands diff --git a/images/cfssl/TAG b/images/cfssl/TAG index 79127d85a..56130fb3a 100644 --- a/images/cfssl/TAG +++ b/images/cfssl/TAG @@ -1 +1 @@ -v1.2.0 +v1.1.1 diff --git a/images/cfssl/cloudbuild.yaml b/images/cfssl/cloudbuild.yaml index 10039e5b1..33fafdb08 100644 --- a/images/cfssl/cloudbuild.yaml +++ b/images/cfssl/cloudbuild.yaml @@ -2,10 +2,10 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: -- name: gcr.io/cloud-builders/docker - dir: images - env: - - NAME=cfssl - entrypoint: make - args: - - push + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d + env: + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx + entrypoint: bash + args: + - -c + - gcloud auth configure-docker && cd images && make NAME=cfssl push diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index 993770456..3978c8f4b 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.22 +FROM alpine:3.21 RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk update \ diff --git a/images/custom-error-pages/TAG b/images/custom-error-pages/TAG index 79127d85a..56130fb3a 100644 --- a/images/custom-error-pages/TAG +++ b/images/custom-error-pages/TAG @@ -1 +1 @@ -v1.2.0 +v1.1.1 diff --git a/images/custom-error-pages/cloudbuild.yaml b/images/custom-error-pages/cloudbuild.yaml index 38db680f4..324a8f19a 100644 --- a/images/custom-error-pages/cloudbuild.yaml +++ b/images/custom-error-pages/cloudbuild.yaml @@ -2,10 +2,10 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: -- name: gcr.io/cloud-builders/docker - dir: images - env: - - NAME=custom-error-pages - entrypoint: make - args: - - push + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d + env: + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx + entrypoint: bash + args: + - -c + - gcloud auth configure-docker && cd images && make NAME=custom-error-pages push diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 01166a409..478e4c22d 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -14,7 +14,7 @@ ARG GOLANG_VERSION -FROM golang:${GOLANG_VERSION}-alpine3.22 AS builder +FROM golang:${GOLANG_VERSION}-alpine3.21 as builder RUN apk update \ && apk upgrade && apk add git diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index 1c8aa41af..5c0377284 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -1,16 +1,17 @@ module k8s.io/ingress-nginx/custom-error-pages -go 1.24.4 +go 1.23.6 -require github.com/prometheus/client_golang v1.22.0 +require github.com/prometheus/client_golang v1.20.5 require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.65.0 // indirect - github.com/prometheus/procfs v0.16.1 // indirect - golang.org/x/sys v0.33.0 // indirect - google.golang.org/protobuf v1.36.6 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + golang.org/x/sys v0.22.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect ) diff --git a/images/custom-error-pages/rootfs/go.sum b/images/custom-error-pages/rootfs/go.sum index 884c28cd3..d5318cf86 100644 --- a/images/custom-error-pages/rootfs/go.sum +++ b/images/custom-error-pages/rootfs/go.sum @@ -2,31 +2,23 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= -github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= -github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= -github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= -github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE= -github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= -github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= -github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= diff --git a/images/custom-error-pages/rootfs/main.go b/images/custom-error-pages/rootfs/main.go index 4228a7214..7d3d73029 100644 --- a/images/custom-error-pages/rootfs/main.go +++ b/images/custom-error-pages/rootfs/main.go @@ -126,12 +126,6 @@ func errorHandler(path, defaultFormat string) func(http.ResponseWriter, *http.Re log.Printf("format not specified. Using %v", format) } - // if multiple formats are provided, use the first one - index := strings.Index(format, ",") - if index != -1 { - format = format[:index] - } - cext, err := mime.ExtensionsByType(format) if err != nil { log.Printf("unexpected error reading media type extension: %v. Using %v", err, ext) diff --git a/images/e2e-test-echo/EXTRAARGS b/images/e2e-test-echo/EXTRAARGS index dea69ae69..3db8aaa5c 100644 --- a/images/e2e-test-echo/EXTRAARGS +++ b/images/e2e-test-echo/EXTRAARGS @@ -1 +1 @@ ---build-arg LUAROCKS_VERSION=v3.12.0 --build-arg LUAROCKS_SHA=745e3c5df2f955ecaf60ba1361cfc224564ef7ec210e9a784a3858ae853e9f7c +--build-arg LUAROCKS_VERSION=3.8.0 --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ No newline at end of file diff --git a/images/e2e-test-echo/TAG b/images/e2e-test-echo/TAG index 79127d85a..56130fb3a 100644 --- a/images/e2e-test-echo/TAG +++ b/images/e2e-test-echo/TAG @@ -1 +1 @@ -v1.2.0 +v1.1.1 diff --git a/images/e2e-test-echo/cloudbuild.yaml b/images/e2e-test-echo/cloudbuild.yaml index c964f6d3d..02bfc034a 100644 --- a/images/e2e-test-echo/cloudbuild.yaml +++ b/images/e2e-test-echo/cloudbuild.yaml @@ -2,10 +2,10 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: -- name: gcr.io/cloud-builders/docker - dir: images - env: - - NAME=e2e-test-echo - entrypoint: make - args: - - push + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d + env: + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx + entrypoint: bash + args: + - -c + - gcloud auth configure-docker && cd images && make NAME=e2e-test-echo push diff --git a/images/e2e-test-echo/rootfs/Dockerfile b/images/e2e-test-echo/rootfs/Dockerfile index f35974a0a..eaa919835 100644 --- a/images/e2e-test-echo/rootfs/Dockerfile +++ b/images/e2e-test-echo/rootfs/Dockerfile @@ -2,13 +2,13 @@ ARG BASE_IMAGE FROM ${BASE_IMAGE} -RUN apk update && apk upgrade && apk add -U --no-cache perl curl make unzip wget +RUN apk update && apk upgrade && apk add -U --no-cache perl curl make unzip ARG LUAROCKS_VERSION ARG LUAROCKS_SHA RUN wget -O /tmp/luarocks.tgz \ - https://github.com/luarocks/luarocks/archive/${LUAROCKS_VERSION}.tar.gz \ + https://github.com/luarocks/luarocks/archive/v${LUAROCKS_VERSION}.tar.gz \ && echo "${LUAROCKS_SHA} */tmp/luarocks.tgz" | sha256sum -c - \ && tar -C /tmp -xzf /tmp/luarocks.tgz \ && cd /tmp/luarocks* \ @@ -17,4 +17,4 @@ RUN wget -O /tmp/luarocks.tgz \ RUN luarocks install lua-resty-template -COPY nginx.conf /etc/nginx/nginx.conf +COPY nginx.conf /etc/nginx/nginx.conf \ No newline at end of file diff --git a/images/ext-auth-example-authsvc/TAG b/images/ext-auth-example-authsvc/TAG index 79127d85a..56130fb3a 100644 --- a/images/ext-auth-example-authsvc/TAG +++ b/images/ext-auth-example-authsvc/TAG @@ -1 +1 @@ -v1.2.0 +v1.1.1 diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 40c357392..ca142e663 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,6 +1,6 @@ ARG GOLANG_VERSION -FROM golang:${GOLANG_VERSION}-alpine3.22 AS builder +FROM golang:${GOLANG_VERSION}-alpine3.21 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod index 346ef3396..5f33a86ff 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.mod +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -1,7 +1,7 @@ -module k8s.io/ingress-nginx/ext-auth-example-authsvc +module example.com/authsvc -go 1.24.4 +go 1.23.6 -require k8s.io/apimachinery v0.33.2 +require k8s.io/apimachinery v0.32.2 require github.com/google/uuid v1.6.0 // indirect diff --git a/images/ext-auth-example-authsvc/rootfs/go.sum b/images/ext-auth-example-authsvc/rootfs/go.sum index 2dfc291dc..770c22f6a 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.sum +++ b/images/ext-auth-example-authsvc/rootfs/go.sum @@ -1,4 +1,4 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -k8s.io/apimachinery v0.33.2 h1:IHFVhqg59mb8PJWTLi8m1mAoepkUNYmptHsV+Z1m5jY= -k8s.io/apimachinery v0.33.2/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= +k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= +k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= diff --git a/images/fastcgi-helloserver/TAG b/images/fastcgi-helloserver/TAG index 79127d85a..56130fb3a 100644 --- a/images/fastcgi-helloserver/TAG +++ b/images/fastcgi-helloserver/TAG @@ -1 +1 @@ -v1.2.0 +v1.1.1 diff --git a/images/fastcgi-helloserver/cloudbuild.yaml b/images/fastcgi-helloserver/cloudbuild.yaml index 6fa7a236f..c2c6135df 100644 --- a/images/fastcgi-helloserver/cloudbuild.yaml +++ b/images/fastcgi-helloserver/cloudbuild.yaml @@ -2,10 +2,10 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: -- name: gcr.io/cloud-builders/docker - dir: images - env: - - NAME=fastcgi-helloserver - entrypoint: make - args: - - push + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d + env: + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx + entrypoint: bash + args: + - -c + - gcloud auth configure-docker && cd images && make NAME=fastcgi-helloserver push diff --git a/images/fastcgi-helloserver/rootfs/Dockerfile b/images/fastcgi-helloserver/rootfs/Dockerfile index 1e6344266..7d8e95c47 100755 --- a/images/fastcgi-helloserver/rootfs/Dockerfile +++ b/images/fastcgi-helloserver/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. ARG GOLANG_VERSION -FROM golang:${GOLANG_VERSION}-alpine3.22 AS builder +FROM golang:${GOLANG_VERSION}-alpine3.21 as builder WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi diff --git a/images/fastcgi-helloserver/rootfs/go.mod b/images/fastcgi-helloserver/rootfs/go.mod deleted file mode 100644 index 70a755063..000000000 --- a/images/fastcgi-helloserver/rootfs/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module k8s.io/ingress-nginx/fastcgi-helloserver - -go 1.24.4 diff --git a/images/go-grpc-greeter-server/TAG b/images/go-grpc-greeter-server/TAG index 79127d85a..56130fb3a 100644 --- a/images/go-grpc-greeter-server/TAG +++ b/images/go-grpc-greeter-server/TAG @@ -1 +1 @@ -v1.2.0 +v1.1.1 diff --git a/images/go-grpc-greeter-server/rootfs/Dockerfile b/images/go-grpc-greeter-server/rootfs/Dockerfile index 89a050b6d..39be2990f 100644 --- a/images/go-grpc-greeter-server/rootfs/Dockerfile +++ b/images/go-grpc-greeter-server/rootfs/Dockerfile @@ -1,13 +1,15 @@ ARG GOLANG_VERSION -FROM golang:${GOLANG_VERSION}-alpine3.22 AS build +FROM golang:${GOLANG_VERSION}-alpine3.21 as build WORKDIR /go/src/greeter-server -COPY . . -RUN go build -o /greeter-server +COPY main.go . +RUN go mod init greeter-server && \ + go mod tidy && \ + go build -o /greeter-server main.go -FROM scratch +FROM gcr.io/distroless/base-debian10 COPY --from=build /greeter-server / diff --git a/images/go-grpc-greeter-server/rootfs/go.mod b/images/go-grpc-greeter-server/rootfs/go.mod deleted file mode 100644 index 84b4baa30..000000000 --- a/images/go-grpc-greeter-server/rootfs/go.mod +++ /dev/null @@ -1,16 +0,0 @@ -module k8s.io/ingress-nginx/go-grpc-greeter-server - -go 1.24.4 - -require ( - google.golang.org/grpc v1.73.0 - google.golang.org/grpc/examples v0.0.0-20250625071442-a2d6045916b3 -) - -require ( - golang.org/x/net v0.41.0 // indirect - golang.org/x/sys v0.33.0 // indirect - golang.org/x/text v0.26.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect - google.golang.org/protobuf v1.36.6 // indirect -) diff --git a/images/go-grpc-greeter-server/rootfs/go.sum b/images/go-grpc-greeter-server/rootfs/go.sum deleted file mode 100644 index 8e7a73f94..000000000 --- a/images/go-grpc-greeter-server/rootfs/go.sum +++ /dev/null @@ -1,36 +0,0 @@ -github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= -github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= -go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= -go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= -go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= -go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= -go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= -go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= -go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= -go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= -go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= -golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= -golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= -google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= -google.golang.org/grpc/examples v0.0.0-20250625071442-a2d6045916b3 h1:EvDp6R1QibPTxbpHOr9MVdt0fOsZ9P+ry5wkvd3ObME= -google.golang.org/grpc/examples v0.0.0-20250625071442-a2d6045916b3/go.mod h1:LEu4MhKupt/g4nRi+hCu5zfi4M84eGk0vBQLQKs9y9U= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= diff --git a/images/httpbun/TAG b/images/httpbun/TAG index 79127d85a..56130fb3a 100644 --- a/images/httpbun/TAG +++ b/images/httpbun/TAG @@ -1 +1 @@ -v1.2.0 +v1.1.1 diff --git a/images/httpbun/cloudbuild.yaml b/images/httpbun/cloudbuild.yaml index 641735dd8..c56820d15 100644 --- a/images/httpbun/cloudbuild.yaml +++ b/images/httpbun/cloudbuild.yaml @@ -2,10 +2,10 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: -- name: gcr.io/cloud-builders/docker - dir: images - env: - - NAME=httpbun - entrypoint: make - args: - - push + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d + env: + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx + entrypoint: bash + args: + - -c + - gcloud auth configure-docker && cd images && make NAME=httpbun push diff --git a/images/kube-webhook-certgen/TAG b/images/kube-webhook-certgen/TAG index b7c0a9b1d..53b5bbb12 100644 --- a/images/kube-webhook-certgen/TAG +++ b/images/kube-webhook-certgen/TAG @@ -1 +1 @@ -v1.6.0 +v1.5.1 diff --git a/images/kube-webhook-certgen/cloudbuild.yaml b/images/kube-webhook-certgen/cloudbuild.yaml index bf7c2a67e..e4118ff88 100644 --- a/images/kube-webhook-certgen/cloudbuild.yaml +++ b/images/kube-webhook-certgen/cloudbuild.yaml @@ -2,10 +2,10 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: -- name: gcr.io/cloud-builders/docker - dir: images - env: - - NAME=kube-webhook-certgen - entrypoint: make - args: - - push + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d + env: + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx + entrypoint: bash + args: + - -c + - gcloud auth configure-docker && cd images && make NAME=kube-webhook-certgen push diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index 4a29df29a..2348db825 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -14,7 +14,7 @@ ARG GOLANG_VERSION -FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} AS builder +FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} as builder ARG BUILDPLATFORM ARG TARGETARCH diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 749c198b1..2b8567748 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -1,56 +1,57 @@ module github.com/jet/kube-webhook-certgen -go 1.24.4 +go 1.23.6 require ( github.com/onrik/logrus v0.11.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 - k8s.io/api v0.33.2 - k8s.io/apimachinery v0.33.2 - k8s.io/client-go v0.33.2 - k8s.io/kube-aggregator v0.33.2 + k8s.io/api v0.32.2 + k8s.io/apimachinery v0.32.2 + k8s.io/client-go v0.32.2 + k8s.io/kube-aggregator v0.32.2 ) require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.12.2 // indirect - github.com/fxamacker/cbor/v2 v2.8.0 // indirect - github.com/go-logr/logr v1.4.3 // indirect - github.com/go-openapi/jsonpointer v0.21.1 // indirect - github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/swag v0.23.1 // indirect + github.com/emicklei/go-restful/v3 v3.11.3 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.20.4 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/google/gnostic-models v0.6.9 // indirect - github.com/google/go-cmp v0.7.0 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/mailru/easyjson v0.9.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/onsi/ginkgo/v2 v2.23.4 // indirect - github.com/onsi/gomega v1.36.3 // indirect + github.com/onsi/ginkgo/v2 v2.22.2 // indirect + github.com/onsi/gomega v1.36.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.6 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/net v0.41.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sys v0.33.0 // indirect - golang.org/x/term v0.32.0 // indirect - golang.org/x/text v0.26.0 // indirect - golang.org/x/time v0.12.0 // indirect - google.golang.org/protobuf v1.36.6 // indirect + golang.org/x/net v0.33.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect + golang.org/x/time v0.7.0 // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect - sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect - sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 276f7fa92..1c660f020 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -3,30 +3,34 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= -github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU= -github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= -github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= -github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic= -github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= -github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= -github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= -github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= +github.com/emicklei/go-restful/v3 v3.11.3 h1:yagOQz/38xJmcNeZJtrUcKjkHRltIaIFXKWeG1SkWGE= +github.com/emicklei/go-restful/v3 v3.11.3/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= +github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= -github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -41,8 +45,8 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= -github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -52,16 +56,17 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/onrik/logrus v0.11.0 h1:pu+BCaWL36t0yQaj/2UHK2erf88dwssAKOT51mxPUVs= github.com/onrik/logrus v0.11.0/go.mod h1:fO2vlZwIdti6PidD3gV5YKt9Lq5ptpnP293RAe1ITwk= -github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus= -github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8= -github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU= -github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0= +github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU= +github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -70,12 +75,10 @@ github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wx github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= @@ -86,8 +89,6 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= -go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -97,10 +98,10 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -108,28 +109,28 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= -golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= -golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= -golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -140,26 +141,23 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.33.2 h1:YgwIS5jKfA+BZg//OQhkJNIfie/kmRsO0BmNaVSimvY= -k8s.io/api v0.33.2/go.mod h1:fhrbphQJSM2cXzCWgqU29xLDuks4mu7ti9vveEnpSXs= -k8s.io/apimachinery v0.33.2 h1:IHFVhqg59mb8PJWTLi8m1mAoepkUNYmptHsV+Z1m5jY= -k8s.io/apimachinery v0.33.2/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= -k8s.io/client-go v0.33.2 h1:z8CIcc0P581x/J1ZYf4CNzRKxRvQAwoAolYPbtQes+E= -k8s.io/client-go v0.33.2/go.mod h1:9mCgT4wROvL948w6f6ArJNb7yQd7QsvqavDeZHvNmHo= +k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= +k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y= +k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= +k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.2 h1:4dYCD4Nz+9RApM2b/3BtVvBHw54QjMFUl1OLcJG5yOA= +k8s.io/client-go v0.32.2/go.mod h1:fpZ4oJXclZ3r2nDOv+Ux3XcJutfrwjKTCHz2H3sww94= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.33.2 h1:eMW63PNucP+3UxnwYcfn5Yt2w2Sj2jI+imA7UWkYHVc= -k8s.io/kube-aggregator v0.33.2/go.mod h1:qQbliLwcdmx7/8mtvkc/9QV/ON2M6ZBMcffEUmrqKFw= -k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a h1:ZV3Zr+/7s7aVbjNGICQt+ppKWsF1tehxggNfbM7XnG8= -k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= -sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI= -sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= +k8s.io/kube-aggregator v0.32.2 h1:kg9pke+i2qRbJwX1UKwZV4fsCRvmbaCEFk38R4FqHmw= +k8s.io/kube-aggregator v0.32.2/go.mod h1:rRm+xY1yIFIt3zBc727nG5SBLYywywD87klfIAw+7+c= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/images/nginx/Makefile b/images/nginx/Makefile index 803f8ae80..3cc14e5b3 100644 --- a/images/nginx/Makefile +++ b/images/nginx/Makefile @@ -1,4 +1,4 @@ -# Copyright 2025 The Kubernetes Authors. All rights reserved. +# Copyright 2024 The Kubernetes Authors. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,37 +12,48 @@ # See the License for the specific language governing permissions and # limitations under the License. -BUILDER ?= ingress-nginx -PLATFORMS ?= linux/amd64,linux/arm,linux/arm64 +.DEFAULT_GOAL:=build + +# set default shell +SHELL=/bin/bash -o pipefail -o errexit + +DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) +INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh + +# 0.0.0 shouldn't clobber any released builds +SHORT_SHA ?=$(shell git rev-parse --short HEAD) +TAG ?=$(shell cat TAG) + REGISTRY ?= us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx -IMAGE ?= $(REGISTRY)/nginx -TAG ?= $(shell cat TAG) -.PHONY: builder -builder: - docker buildx create --name $(BUILDER) --bootstrap || : - docker buildx inspect $(BUILDER) +IMAGE = $(REGISTRY)/nginx -.PHONY: build -build: builder +# required to enable buildx +export DOCKER_CLI_EXPERIMENTAL=enabled + +# build with buildx +PLATFORMS?=linux/amd64,linux/arm,linux/arm64 +OUTPUT= +PROGRESS=plain +build: ensure-buildx docker buildx build \ - --builder $(BUILDER) \ - --platform $(PLATFORMS) \ - rootfs \ - --tag $(IMAGE):$(TAG) + --platform=${PLATFORMS} $(OUTPUT) \ + --progress=$(PROGRESS) \ + --pull \ + --tag $(IMAGE):$(TAG) rootfs -# Pushing in the `build` target does not work as authentication times out after one hour. -# -# Therefore we need to build and push in separate commands. -.PHONY: push +# push the cross built image +push: OUTPUT=--push push: build - docker buildx build \ - --builder $(BUILDER) \ - --platform $(PLATFORMS) \ - rootfs \ - --tag $(IMAGE):$(TAG) \ - --push -.PHONY: clean -clean: - docker buildx rm $(BUILDER) || : +# enable buildx +ensure-buildx: +# this is required for cloudbuild +ifeq ("$(wildcard $(INIT_BUILDX))","") + @curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash +else + @exec $(INIT_BUILDX) +endif + @echo "done" + +.PHONY: build push ensure-buildx diff --git a/images/nginx/TAG b/images/nginx/TAG index 18fa8e74f..46b105a30 100644 --- a/images/nginx/TAG +++ b/images/nginx/TAG @@ -1 +1 @@ -v1.3.0 +v2.0.0 diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index d28af1aa5..2563692d7 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -4,9 +4,11 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: -- name: gcr.io/cloud-builders/docker - dir: images/nginx - entrypoint: make - args: - - push + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d + env: + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx + entrypoint: bash + args: + - -c + - gcloud auth configure-docker && cd images/nginx && make push timeout: 7200s diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index c2b9af412..834a9bcf3 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.22 AS builder +FROM alpine:3.21 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.22 +FROM alpine:3.21 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 21d4c2399..297abf777 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -18,7 +18,7 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.25.5 +export NGINX_VERSION=1.27.1 # Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.3...master export NDK_VERSION=v0.3.3 @@ -32,44 +32,41 @@ export MORE_HEADERS_VERSION=v0.37 # Check for recent changes: https://github.com/atomx/nginx-http-auth-digest/compare/v1.0.0...master export NGINX_DIGEST_AUTH=v1.0.0 -# Check for recent changes: https://github.com/yaoweibin/ngx_http_substitutions_filter_module/compare/e12e965ac1837ca709709f9a26f572a54d83430e...master -export NGINX_SUBSTITUTIONS=e12e965ac1837ca709709f9a26f572a54d83430e +# Check for recent changes: https://github.com/SpiderLabs/ModSecurity-nginx/compare/v1.0.3...master +export MODSECURITY_VERSION=v1.0.3 -# Check for recent changes: https://github.com/SpiderLabs/ModSecurity-nginx/compare/v1.0.4...master -export MODSECURITY_VERSION=v1.0.4 +# Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.13...v3/master +export MODSECURITY_LIB_VERSION=v3.0.13 -# Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.14...v3/master -export MODSECURITY_LIB_VERSION=v3.0.14 +# Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v4.10.0...main +export OWASP_MODSECURITY_CRS_VERSION=v4.10.0 -# Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v4.15.0...main -export OWASP_MODSECURITY_CRS_VERSION=v4.15.0 +# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.27...master +export LUA_NGX_VERSION=v0.10.27 -# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.26...master -export LUA_NGX_VERSION=v0.10.26 - -# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/bea8a0c0de94cede71554f53818ac0267d675d63...master -export LUA_STREAM_NGX_VERSION=bea8a0c0de94cede71554f53818ac0267d675d63 +# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/v0.0.15...master +export LUA_STREAM_NGX_VERSION=v0.0.15 # Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/v0.07...master export LUA_UPSTREAM_VERSION=v0.07 -# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.13...master -export LUA_CJSON_VERSION=2.1.0.13 +# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.14...master +export LUA_CJSON_VERSION=2.1.0.14 # Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/445df24ef3781e488cee3dfe8a1e111997fc1dfe...master export GEOIP2_VERSION=445df24ef3781e488cee3dfe8a1e111997fc1dfe -# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20231117.1...v2.1-agentzh -export LUAJIT_VERSION=v2.1-20231117.1 +# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20240815...v2.1-agentzh +export LUAJIT_VERSION=v2.1-20240815 # Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/v0.05...master export LUA_RESTY_BALANCER=v0.05 -# Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/v0.13...master -export LUA_RESTY_CACHE=v0.13 +# Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/v0.15...master +export LUA_RESTY_CACHE=v0.15 -# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.28...master -export LUA_RESTY_CORE=v0.1.28 +# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.30...master +export LUA_RESTY_CORE=v0.1.30 # Check for recent changes: https://github.com/cloudflare/lua-resty-cookie/compare/f418d77082eaef48331302e84330488fdc810ef4...master export LUA_RESTY_COOKIE_VERSION=f418d77082eaef48331302e84330488fdc810ef4 @@ -86,20 +83,20 @@ export LUA_RESTY_LOCK=v0.09 # Check for recent changes: https://github.com/openresty/lua-resty-upload/compare/v0.11...master export LUA_RESTY_UPLOAD_VERSION=v0.11 -# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.15...master -export LUA_RESTY_STRING_VERSION=v0.15 +# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.16...master +export LUA_RESTY_STRING_VERSION=v0.16 # Check for recent changes: https://github.com/openresty/lua-resty-memcached/compare/v0.17...master export LUA_RESTY_MEMCACHED_VERSION=v0.17 -# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.30...master -export LUA_RESTY_REDIS_VERSION=v0.30 +# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.31...master +export LUA_RESTY_REDIS_VERSION=v0.31 # Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/3e93c53eb8c9884efe939ef070486a0e507cc5be...master export LUA_RESTY_IPMATCHER_VERSION=3e93c53eb8c9884efe939ef070486a0e507cc5be -# Check for recent changes: https://github.com/microsoft/mimalloc/compare/v2.2.4...main -export MIMALOC_VERSION=v2.2.4 +# Check for recent changes: https://github.com/microsoft/mimalloc/compare/v2.1.9...master +export MIMALOC_VERSION=v2.1.9 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp/compare/v1.18.0...main export OPENTELEMETRY_CPP_VERSION=v1.18.0 @@ -183,6 +180,10 @@ apk add \ # apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing opentelemetry-cpp-dev +# There is some bug with some platforms and git, so force HTTP/1.1 +git config --global http.version HTTP/1.1 +git config --global http.postBuffer 157286400 + mkdir -p /etc/nginx mkdir --verbose -p "$BUILD_PATH" @@ -210,9 +211,6 @@ get_src 0c0d2ced2ce895b3f45eb2b230cd90508ab2a773299f153de14a43e44c1209b3 \ get_src f09851e6309560a8ff3e901548405066c83f1f6ff88aa7171e0763bd9514762b \ "https://github.com/atomx/nginx-http-auth-digest/archive/$NGINX_DIGEST_AUTH.tar.gz" "nginx-http-auth-digest" -get_src a98b48947359166326d58700ccdc27256d2648218072da138ab6b47de47fbd8f \ - "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/$NGINX_SUBSTITUTIONS.tar.gz" "ngx_http_substitutions_filter_module" - get_src 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b \ "https://github.com/SpiderLabs/ModSecurity-nginx/archive/$MODSECURITY_VERSION.tar.gz" "ModSecurity-nginx" @@ -413,7 +411,7 @@ Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTE # NGINX compiles a small test program to check if an added module works as expected. # # ModSecurity-nginx provides 'printf("hello");' as a test, but newer versions of GCC, -# as included in Alpine 3.22, do not allow implicit declaration of function 'printf': +# as included in Alpine 3.21, do not allow implicit declaration of function 'printf': # # objs/autotest.c:7:5: error: implicit declaration of function 'printf' [-Wimplicit-function-declaration] # @@ -485,7 +483,6 @@ WITH_MODULES=" \ --add-module=$BUILD_PATH/ngx_devel_kit \ --add-module=$BUILD_PATH/set-misc-nginx-module \ --add-module=$BUILD_PATH/headers-more-nginx-module \ - --add-module=$BUILD_PATH/ngx_http_substitutions_filter_module \ --add-module=$BUILD_PATH/lua-nginx-module \ --add-module=$BUILD_PATH/stream-lua-nginx-module \ --add-module=$BUILD_PATH/lua-upstream-nginx-module \ diff --git a/images/nginx/rootfs/patches/01_nginx-1.25.3-win32_max_err_str.patch b/images/nginx/rootfs/patches/01_nginx-1.27.1-win32_max_err_str.patch similarity index 100% rename from images/nginx/rootfs/patches/01_nginx-1.25.3-win32_max_err_str.patch rename to images/nginx/rootfs/patches/01_nginx-1.27.1-win32_max_err_str.patch diff --git a/images/nginx/rootfs/patches/02_nginx-1.25.3-stream_balancer_export.patch b/images/nginx/rootfs/patches/02_nginx-1.27.1-stream_balancer_export.patch similarity index 100% rename from images/nginx/rootfs/patches/02_nginx-1.25.3-stream_balancer_export.patch rename to images/nginx/rootfs/patches/02_nginx-1.27.1-stream_balancer_export.patch diff --git a/images/nginx/rootfs/patches/03_nginx-1.25.3-stream_proxy_get_next_upstream_tries.patch b/images/nginx/rootfs/patches/03_nginx-1.27.1-stream_proxy_get_next_upstream_tries.patch similarity index 100% rename from images/nginx/rootfs/patches/03_nginx-1.25.3-stream_proxy_get_next_upstream_tries.patch rename to images/nginx/rootfs/patches/03_nginx-1.27.1-stream_proxy_get_next_upstream_tries.patch diff --git a/images/nginx/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch b/images/nginx/rootfs/patches/04_nginx-1.27.1-stream_proxy_timeout_fields.patch similarity index 92% rename from images/nginx/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch rename to images/nginx/rootfs/patches/04_nginx-1.27.1-stream_proxy_timeout_fields.patch index 39c59e206..e205abb8b 100644 --- a/images/nginx/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch +++ b/images/nginx/rootfs/patches/04_nginx-1.27.1-stream_proxy_timeout_fields.patch @@ -1,6 +1,6 @@ -diff -u -r -p -Naur nginx-1.25.3/src/stream/ngx_stream.h nginx-1.25.3-patched/src/stream/ngx_stream.h ---- nginx-1.25.3/src/stream/ngx_stream.h 2021-11-04 21:27:55.288708527 +0800 -+++ nginx-1.25.3-patched/src/stream/ngx_stream.h 2021-11-04 21:28:50.768035209 +0800 +diff -u -r -p -Naur nginx-1.27.1/src/stream/ngx_stream.h nginx-1.27.1-patched/src/stream/ngx_stream.h +--- nginx-1.27.1/src/stream/ngx_stream.h 2021-11-04 21:27:55.288708527 +0800 ++++ nginx-1.27.1-patched/src/stream/ngx_stream.h 2021-11-04 21:28:50.768035209 +0800 @@ -254,6 +254,15 @@ typedef struct { } ngx_stream_module_t; @@ -25,9 +25,9 @@ diff -u -r -p -Naur nginx-1.25.3/src/stream/ngx_stream.h nginx-1.25.3-patched/sr typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s, -diff -u -r -p -Naur nginx-1.25.3/src/stream/ngx_stream_proxy_module.c nginx-1.25.3-patched/src/stream/ngx_stream_proxy_module.c ---- nginx-1.25.3/src/stream/ngx_stream_proxy_module.c 2021-11-04 21:27:55.289708533 +0800 -+++ nginx-1.25.3-patched/src/stream/ngx_stream_proxy_module.c 2021-11-04 21:37:03.578936990 +0800 +diff -u -r -p -Naur nginx-1.27.1/src/stream/ngx_stream_proxy_module.c nginx-1.27.1-patched/src/stream/ngx_stream_proxy_module.c +--- nginx-1.27.1/src/stream/ngx_stream_proxy_module.c 2021-11-04 21:27:55.289708533 +0800 ++++ nginx-1.27.1-patched/src/stream/ngx_stream_proxy_module.c 2021-11-04 21:37:03.578936990 +0800 @@ -400,6 +400,7 @@ ngx_stream_proxy_handler(ngx_stream_sess ngx_stream_proxy_srv_conf_t *pscf; ngx_stream_upstream_srv_conf_t *uscf, **uscfp; diff --git a/images/nginx/rootfs/patches/05_nginx-1.25.3-stream_ssl_preread_no_skip.patch b/images/nginx/rootfs/patches/05_nginx-1.27.1-stream_ssl_preread_no_skip.patch similarity index 100% rename from images/nginx/rootfs/patches/05_nginx-1.25.3-stream_ssl_preread_no_skip.patch rename to images/nginx/rootfs/patches/05_nginx-1.27.1-stream_ssl_preread_no_skip.patch diff --git a/images/nginx/rootfs/patches/06_nginx-1.25.3-resolver_conf_parsing.patch b/images/nginx/rootfs/patches/06_nginx-1.27.1-resolver_conf_parsing.patch similarity index 100% rename from images/nginx/rootfs/patches/06_nginx-1.25.3-resolver_conf_parsing.patch rename to images/nginx/rootfs/patches/06_nginx-1.27.1-resolver_conf_parsing.patch diff --git a/images/nginx/rootfs/patches/07_nginx-1.25.3-daemon_destroy_pool.patch b/images/nginx/rootfs/patches/07_nginx-1.27.1-daemon_destroy_pool.patch similarity index 100% rename from images/nginx/rootfs/patches/07_nginx-1.25.3-daemon_destroy_pool.patch rename to images/nginx/rootfs/patches/07_nginx-1.27.1-daemon_destroy_pool.patch diff --git a/images/nginx/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch b/images/nginx/rootfs/patches/08_nginx-1.27.1-init_cycle_pool_release.patch similarity index 65% rename from images/nginx/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch rename to images/nginx/rootfs/patches/08_nginx-1.27.1-init_cycle_pool_release.patch index bd2e9a7d9..4a26b92c5 100644 --- a/images/nginx/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch +++ b/images/nginx/rootfs/patches/08_nginx-1.27.1-init_cycle_pool_release.patch @@ -1,6 +1,6 @@ -diff -rup nginx-1.25.3/src/core/nginx.c nginx-1.25.3-patched/src/core/nginx.c ---- nginx-1.25.3/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 -+++ nginx-1.25.3-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 +diff -rup nginx-1.27.1/src/core/nginx.c nginx-1.27.1-patched/src/core/nginx.c +--- nginx-1.27.1/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 ++++ nginx-1.27.1-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 @@ -186,6 +186,7 @@ static u_char *ngx_prefix; static u_char *ngx_conf_file; static u_char *ngx_conf_params; @@ -18,9 +18,9 @@ diff -rup nginx-1.25.3/src/core/nginx.c nginx-1.25.3-patched/src/core/nginx.c if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) { return 1; } -diff -rup nginx-1.25.3/src/core/ngx_core.h nginx-1.25.3-patched/src/core/ngx_core.h ---- nginx-1.25.3/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.25.3-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 +diff -rup nginx-1.27.1/src/core/ngx_core.h nginx-1.27.1-patched/src/core/ngx_core.h +--- nginx-1.27.1/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.27.1-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 @@ -108,4 +108,6 @@ void ngx_cpuinfo(void); #define NGX_DISABLE_SYMLINKS_NOTOWNER 2 #endif @@ -28,9 +28,9 @@ diff -rup nginx-1.25.3/src/core/ngx_core.h nginx-1.25.3-patched/src/core/ngx_cor +extern ngx_pool_t *saved_init_cycle_pool; + #endif /* _NGX_CORE_H_INCLUDED_ */ -diff -rup nginx-1.25.3/src/core/ngx_cycle.c nginx-1.25.3-patched/src/core/ngx_cycle.c ---- nginx-1.25.3/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.25.3-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 +diff -rup nginx-1.27.1/src/core/ngx_cycle.c nginx-1.27.1-patched/src/core/ngx_cycle.c +--- nginx-1.27.1/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.27.1-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 @@ -748,6 +748,10 @@ old_shm_zone_done: if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) { @@ -42,9 +42,9 @@ diff -rup nginx-1.25.3/src/core/ngx_cycle.c nginx-1.25.3-patched/src/core/ngx_cy ngx_destroy_pool(old_cycle->pool); cycle->old_cycle = NULL; -diff -rup nginx-1.25.3/src/os/unix/ngx_process_cycle.c nginx-1.25.3-patched/src/os/unix/ngx_process_cycle.c ---- nginx-1.25.3/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 -+++ nginx-1.25.3-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 +diff -rup nginx-1.27.1/src/os/unix/ngx_process_cycle.c nginx-1.27.1-patched/src/os/unix/ngx_process_cycle.c +--- nginx-1.27.1/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 ++++ nginx-1.27.1-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 @@ -687,6 +692,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc ngx_exit_cycle.files_n = ngx_cycle->files_n; ngx_cycle = &ngx_exit_cycle; diff --git a/images/nginx/rootfs/patches/09_nginx-1.25.3-balancer_status_code.patch b/images/nginx/rootfs/patches/09_nginx-1.27.1-balancer_status_code.patch similarity index 100% rename from images/nginx/rootfs/patches/09_nginx-1.25.3-balancer_status_code.patch rename to images/nginx/rootfs/patches/09_nginx-1.27.1-balancer_status_code.patch diff --git a/images/nginx/rootfs/patches/10_nginx-1.25.3-delayed_posted_events.patch b/images/nginx/rootfs/patches/10_nginx-1.27.1-delayed_posted_events.patch similarity index 100% rename from images/nginx/rootfs/patches/10_nginx-1.25.3-delayed_posted_events.patch rename to images/nginx/rootfs/patches/10_nginx-1.27.1-delayed_posted_events.patch diff --git a/images/nginx/rootfs/patches/11_nginx-1.25.3-privileged_agent_process.patch b/images/nginx/rootfs/patches/11_nginx-1.27.1-privileged_agent_process.patch similarity index 100% rename from images/nginx/rootfs/patches/11_nginx-1.25.3-privileged_agent_process.patch rename to images/nginx/rootfs/patches/11_nginx-1.27.1-privileged_agent_process.patch diff --git a/images/nginx/rootfs/patches/12_nginx-1.25.3-privileged_agent_process_connections.patch b/images/nginx/rootfs/patches/12_nginx-1.27.1-privileged_agent_process_connections.patch similarity index 100% rename from images/nginx/rootfs/patches/12_nginx-1.25.3-privileged_agent_process_connections.patch rename to images/nginx/rootfs/patches/12_nginx-1.27.1-privileged_agent_process_connections.patch diff --git a/images/nginx/rootfs/patches/13_nginx-1.25.3-privileged_agent_process_thread_pool.patch b/images/nginx/rootfs/patches/13_nginx-1.27.1-privileged_agent_process_thread_pool.patch similarity index 100% rename from images/nginx/rootfs/patches/13_nginx-1.25.3-privileged_agent_process_thread_pool.patch rename to images/nginx/rootfs/patches/13_nginx-1.27.1-privileged_agent_process_thread_pool.patch diff --git a/images/nginx/rootfs/patches/14_nginx-1.25.3-single_process_graceful_exit.patch b/images/nginx/rootfs/patches/14_nginx-1.27.1-single_process_graceful_exit.patch similarity index 100% rename from images/nginx/rootfs/patches/14_nginx-1.25.3-single_process_graceful_exit.patch rename to images/nginx/rootfs/patches/14_nginx-1.27.1-single_process_graceful_exit.patch diff --git a/images/nginx/rootfs/patches/15_nginx-1.25.3-intercept_error_log.patch b/images/nginx/rootfs/patches/15_nginx-1.27.1-intercept_error_log.patch similarity index 100% rename from images/nginx/rootfs/patches/15_nginx-1.25.3-intercept_error_log.patch rename to images/nginx/rootfs/patches/15_nginx-1.27.1-intercept_error_log.patch diff --git a/images/nginx/rootfs/patches/16_nginx-1.25.3-upstream_pipelining.patch b/images/nginx/rootfs/patches/16_nginx-1.27.1-upstream_pipelining.patch similarity index 100% rename from images/nginx/rootfs/patches/16_nginx-1.25.3-upstream_pipelining.patch rename to images/nginx/rootfs/patches/16_nginx-1.27.1-upstream_pipelining.patch diff --git a/images/nginx/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch b/images/nginx/rootfs/patches/17_nginx-1.27.1-no_error_pages.patch similarity index 93% rename from images/nginx/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch rename to images/nginx/rootfs/patches/17_nginx-1.27.1-no_error_pages.patch index aceb2e988..593fcefd6 100644 --- a/images/nginx/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch +++ b/images/nginx/rootfs/patches/17_nginx-1.27.1-no_error_pages.patch @@ -1,6 +1,6 @@ -diff -upr nginx-1.25.3/src/http/ngx_http_core_module.c nginx-1.25.3-patched/src/http/ngx_http_core_module.c ---- nginx-1.25.3/src/http/ngx_http_core_module.c 2017-08-31 18:14:41.000000000 -0700 -+++ nginx-1.25.3-patched/src/http/ngx_http_core_module.c 2017-08-31 18:21:31.638098196 -0700 +diff -upr nginx-1.27.1/src/http/ngx_http_core_module.c nginx-1.27.1-patched/src/http/ngx_http_core_module.c +--- nginx-1.27.1/src/http/ngx_http_core_module.c 2017-08-31 18:14:41.000000000 -0700 ++++ nginx-1.27.1-patched/src/http/ngx_http_core_module.c 2017-08-31 18:21:31.638098196 -0700 @@ -64,6 +64,8 @@ static char *ngx_http_core_directio(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static char *ngx_http_core_error_page(ngx_conf_t *cf, ngx_command_t *cmd, diff --git a/images/nginx/rootfs/patches/18_nginx-1.25.3-no_Werror.patch b/images/nginx/rootfs/patches/18_nginx-1.25.3-no_Werror.patch deleted file mode 100644 index f7176faff..000000000 --- a/images/nginx/rootfs/patches/18_nginx-1.25.3-no_Werror.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -urp nginx-1.25.3/auto/cc/clang nginx-1.25.3-patched/auto/cc/clang ---- nginx-1.25.3/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.25.3-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 -@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali - CFLAGS="$CFLAGS -Wno-unused-parameter" - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.25.3/auto/cc/gcc nginx-1.25.3-patched/auto/cc/gcc ---- nginx-1.25.3/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.25.3-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 -@@ -168,7 +168,7 @@ esac - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.25.3/auto/cc/icc nginx-1.25.3-patched/auto/cc/icc ---- nginx-1.25.3/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.25.3-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 -@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in - esac - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/18_nginx-1.27.1-no_Werror.patch b/images/nginx/rootfs/patches/18_nginx-1.27.1-no_Werror.patch new file mode 100644 index 000000000..d0aa7a31e --- /dev/null +++ b/images/nginx/rootfs/patches/18_nginx-1.27.1-no_Werror.patch @@ -0,0 +1,36 @@ +diff -urp nginx-1.27.1/auto/cc/clang nginx-1.27.1-patched/auto/cc/clang +--- nginx-1.27.1/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.27.1-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 +@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali + CFLAGS="$CFLAGS -Wno-unused-parameter" + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.27.1/auto/cc/gcc nginx-1.27.1-patched/auto/cc/gcc +--- nginx-1.27.1/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.27.1-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 +@@ -168,7 +168,7 @@ esac + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.27.1/auto/cc/icc nginx-1.27.1-patched/auto/cc/icc +--- nginx-1.27.1/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.27.1-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 +@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in + esac + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/19_nginx-1.25.3-log_escape_non_ascii.patch b/images/nginx/rootfs/patches/19_nginx-1.27.1-log_escape_non_ascii.patch similarity index 100% rename from images/nginx/rootfs/patches/19_nginx-1.25.3-log_escape_non_ascii.patch rename to images/nginx/rootfs/patches/19_nginx-1.27.1-log_escape_non_ascii.patch diff --git a/images/nginx/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch b/images/nginx/rootfs/patches/20_nginx-1.27.1-proxy_host_port_vars.patch similarity index 87% rename from images/nginx/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch rename to images/nginx/rootfs/patches/20_nginx-1.27.1-proxy_host_port_vars.patch index 82a344324..b81a299c8 100644 --- a/images/nginx/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch +++ b/images/nginx/rootfs/patches/20_nginx-1.27.1-proxy_host_port_vars.patch @@ -1,5 +1,5 @@ ---- nginx-1.25.3/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 -+++ nginx-1.25.3-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 +--- nginx-1.27.1/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 ++++ nginx-1.27.1-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 @@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach static ngx_http_variable_t ngx_http_proxy_vars[] = { diff --git a/images/nginx/rootfs/patches/21_nginx-1.25.3-cache_manager_exit.patch b/images/nginx/rootfs/patches/21_nginx-1.27.1-cache_manager_exit.patch similarity index 100% rename from images/nginx/rootfs/patches/21_nginx-1.25.3-cache_manager_exit.patch rename to images/nginx/rootfs/patches/21_nginx-1.27.1-cache_manager_exit.patch diff --git a/images/nginx/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch b/images/nginx/rootfs/patches/22_nginx-1.27.1-larger_max_error_str.patch similarity index 62% rename from images/nginx/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch rename to images/nginx/rootfs/patches/22_nginx-1.27.1-larger_max_error_str.patch index e5cd07e67..b821297e6 100644 --- a/images/nginx/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch +++ b/images/nginx/rootfs/patches/22_nginx-1.27.1-larger_max_error_str.patch @@ -1,5 +1,5 @@ ---- nginx-1.25.3/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 -+++ nginx-1.25.3-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 +--- nginx-1.27.1/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 ++++ nginx-1.27.1-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 @@ -64,7 +64,9 @@ struct ngx_log_s { }; diff --git a/images/nginx/rootfs/patches/23_nginx-1.25.3-pcre_conf_opt.patch b/images/nginx/rootfs/patches/23_nginx-1.27.1-pcre_conf_opt.patch similarity index 100% rename from images/nginx/rootfs/patches/23_nginx-1.25.3-pcre_conf_opt.patch rename to images/nginx/rootfs/patches/23_nginx-1.27.1-pcre_conf_opt.patch diff --git a/images/nginx/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch b/images/nginx/rootfs/patches/24_nginx-1.27.1-always_enable_cc_feature_tests.patch similarity index 65% rename from images/nginx/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch rename to images/nginx/rootfs/patches/24_nginx-1.27.1-always_enable_cc_feature_tests.patch index b381d9b07..9517e92c4 100644 --- a/images/nginx/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch +++ b/images/nginx/rootfs/patches/24_nginx-1.27.1-always_enable_cc_feature_tests.patch @@ -1,5 +1,5 @@ ---- nginx-1.25.3/auto/cc/conf 2015-10-30 22:47:50.000000000 +0800 -+++ nginx-1.25.3-patched/auto/cc/conf 2015-11-02 12:23:05.385156987 +0800 +--- nginx-1.27.1/auto/cc/conf 2015-10-30 22:47:50.000000000 +0800 ++++ nginx-1.27.1-patched/auto/cc/conf 2015-11-02 12:23:05.385156987 +0800 @@ -144,7 +144,7 @@ fi CFLAGS="$CFLAGS $NGX_CC_OPT" NGX_TEST_LD_OPT="$NGX_LD_OPT" diff --git a/images/nginx/rootfs/patches/25_nginx-1.25.3-ssl_cert_cb_yield.patch b/images/nginx/rootfs/patches/25_nginx-1.27.1-ssl_cert_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/25_nginx-1.25.3-ssl_cert_cb_yield.patch rename to images/nginx/rootfs/patches/25_nginx-1.27.1-ssl_cert_cb_yield.patch diff --git a/images/nginx/rootfs/patches/26_nginx-1.25.3-ssl_sess_cb_yield.patch b/images/nginx/rootfs/patches/26_nginx-1.27.1-ssl_sess_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/26_nginx-1.25.3-ssl_sess_cb_yield.patch rename to images/nginx/rootfs/patches/26_nginx-1.27.1-ssl_sess_cb_yield.patch diff --git a/images/nginx/rootfs/patches/27_nginx-1.25.3-ssl_client_hello_cb_yield.patch b/images/nginx/rootfs/patches/27_nginx-1.27.1-ssl_client_hello_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/27_nginx-1.25.3-ssl_client_hello_cb_yield.patch rename to images/nginx/rootfs/patches/27_nginx-1.27.1-ssl_client_hello_cb_yield.patch diff --git a/images/nginx/rootfs/patches/28_nginx-1.25.3-CVE-2025-23419.patch b/images/nginx/rootfs/patches/28_nginx-1.25.3-CVE-2025-23419.patch deleted file mode 100644 index 372c0b997..000000000 --- a/images/nginx/rootfs/patches/28_nginx-1.25.3-CVE-2025-23419.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c -index 013b7158e..a7a3ee5b0 100644 ---- a/src/http/ngx_http_request.c -+++ b/src/http/ngx_http_request.c -@@ -909,6 +909,26 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) - goto done; - } - -+ sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module); -+ -+#if (defined TLS1_3_VERSION \ -+ && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL) -+ /* -+ * SSL_SESSION_get0_hostname() is only available in OpenSSL 1.1.1+, -+ * but servername being negotiated in every TLSv1.3 handshake -+ * is only returned in OpenSSL 1.1.1+ as well -+ */ -+ if (sscf->verify) { -+ const char *hostname; -+ hostname = SSL_SESSION_get0_hostname(SSL_get0_session(ssl_conn)); -+ if (hostname != NULL && ngx_strcmp(hostname, servername) != 0) { -+ c->ssl->handshake_rejected = 1; -+ *ad = SSL_AD_ACCESS_DENIED; -+ return SSL_TLSEXT_ERR_ALERT_FATAL; -+ } -+ } -+#endif -+ - hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); - if (hc->ssl_servername == NULL) { - goto error; -@@ -922,8 +942,6 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) - - ngx_set_connection_log(c, clcf->error_log); - -- sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); -- - c->ssl->buffer_size = sscf->buffer_size; - - if (sscf->ssl.ctx) { diff --git a/images/nginx/rootfs/patches/29_nginx-1.25.3-upstream_timeout_fields.patch b/images/nginx/rootfs/patches/28_nginx-1.27.1-upstream_timeout_fields.patch similarity index 100% rename from images/nginx/rootfs/patches/29_nginx-1.25.3-upstream_timeout_fields.patch rename to images/nginx/rootfs/patches/28_nginx-1.27.1-upstream_timeout_fields.patch diff --git a/images/nginx/rootfs/patches/30_nginx-1.25.3-safe_resolver_ipv6_option.patch b/images/nginx/rootfs/patches/29_nginx-1.27.1-safe_resolver_ipv6_option.patch similarity index 100% rename from images/nginx/rootfs/patches/30_nginx-1.25.3-safe_resolver_ipv6_option.patch rename to images/nginx/rootfs/patches/29_nginx-1.27.1-safe_resolver_ipv6_option.patch diff --git a/images/nginx/rootfs/patches/31_nginx-1.25.3-socket_cloexec.patch b/images/nginx/rootfs/patches/30_nginx-1.27.1-socket_cloexec.patch similarity index 100% rename from images/nginx/rootfs/patches/31_nginx-1.25.3-socket_cloexec.patch rename to images/nginx/rootfs/patches/30_nginx-1.27.1-socket_cloexec.patch diff --git a/images/nginx/rootfs/patches/32_nginx-1.25.3-reuseport_close_unused_fds.patch b/images/nginx/rootfs/patches/31_nginx-1.27.1-reuseport_close_unused_fds.patch similarity index 100% rename from images/nginx/rootfs/patches/32_nginx-1.25.3-reuseport_close_unused_fds.patch rename to images/nginx/rootfs/patches/31_nginx-1.27.1-reuseport_close_unused_fds.patch diff --git a/images/nginx/rootfs/patches/33_nginx-1.25.3-proc_exit_handler.patch b/images/nginx/rootfs/patches/32_nginx-1.27.1-proc_exit_handler.patch similarity index 78% rename from images/nginx/rootfs/patches/33_nginx-1.25.3-proc_exit_handler.patch rename to images/nginx/rootfs/patches/32_nginx-1.27.1-proc_exit_handler.patch index 4f04afd5f..f050c09d8 100644 --- a/images/nginx/rootfs/patches/33_nginx-1.25.3-proc_exit_handler.patch +++ b/images/nginx/rootfs/patches/32_nginx-1.27.1-proc_exit_handler.patch @@ -1,23 +1,19 @@ -commit 29cafd35fb2b7cff759fb4c9b84fa4600875321f -Author: lijunlong -Date: Sun Apr 11 14:34:47 2021 +0800 - - feature: added a process exit callback point. - diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c -index d7479fa4..c421e43c 100644 +index c4e3c50..fa1408b 100644 --- a/src/core/ngx_cycle.c +++ b/src/core/ngx_cycle.c -@@ -255,6 +255,7 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) +@@ -264,6 +264,9 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) } ++#if !(NGX_WIN32) + ngx_proc_exit_top_handler = ngx_proc_exit_def_handler; ++#endif conf.ctx = cycle->conf_ctx; conf.cycle = cycle; conf.pool = pool; diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c -index 15680237..9d2e81c5 100644 +index 12a8c68..874c9bf 100644 --- a/src/os/unix/ngx_process.c +++ b/src/os/unix/ngx_process.c @@ -34,6 +34,7 @@ ngx_int_t ngx_process_slot; @@ -42,7 +38,7 @@ index 15680237..9d2e81c5 100644 ngx_pid_t ngx_spawn_process(ngx_cycle_t *cycle, ngx_spawn_proc_pt proc, void *data, char *name, ngx_int_t respawn) -@@ -557,6 +565,7 @@ ngx_process_get_status(void) +@@ -564,6 +572,7 @@ ngx_process_get_status(void) } ngx_unlock_mutexes(pid); @@ -51,7 +47,7 @@ index 15680237..9d2e81c5 100644 } diff --git a/src/os/unix/ngx_process.h b/src/os/unix/ngx_process.h -index 3986639b..c5972541 100644 +index 3986639..0b55d98 100644 --- a/src/os/unix/ngx_process.h +++ b/src/os/unix/ngx_process.h @@ -18,6 +18,8 @@ typedef pid_t ngx_pid_t; @@ -63,7 +59,7 @@ index 3986639b..c5972541 100644 typedef struct { ngx_pid_t pid; -@@ -66,6 +67,7 @@ ngx_pid_t ngx_spawn_process(ngx_cycle_t *cycle, +@@ -66,6 +68,7 @@ ngx_pid_t ngx_spawn_process(ngx_cycle_t *cycle, ngx_pid_t ngx_execute(ngx_cycle_t *cycle, ngx_exec_ctx_t *ctx); ngx_int_t ngx_init_signals(ngx_log_t *log); void ngx_debug_point(void); @@ -71,7 +67,7 @@ index 3986639b..c5972541 100644 #if (NGX_HAVE_SCHED_YIELD) -@@ -85,6 +87,7 @@ extern ngx_socket_t ngx_channel; +@@ -85,6 +88,7 @@ extern ngx_socket_t ngx_channel; extern ngx_int_t ngx_process_slot; extern ngx_int_t ngx_last_process; extern ngx_process_t ngx_processes[NGX_MAX_PROCESSES]; diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index d861cd7cd..8adbf0b41 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -1,4 +1,4 @@ -# Copyright 2025 The Kubernetes Authors. All rights reserved. +# Copyright 2018 The Kubernetes Authors. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,48 +12,90 @@ # See the License for the specific language governing permissions and # limitations under the License. -BUILDER ?= ingress-nginx -PLATFORMS ?= linux/amd64,linux/arm64 -REGISTRY ?= us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx -IMAGE ?= $(REGISTRY)/e2e-test-runner -TAG ?= $(shell cat TAG) +# set default shell +SHELL=/bin/bash -o pipefail -o errexit -DIR = $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE) -GOLANG_VERSION ?= $(shell cat $(DIR)/../../GOLANG_VERSION) +DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) +INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh -.PHONY: builder -builder: - docker buildx create --name $(BUILDER) --bootstrap || : - docker buildx inspect $(BUILDER) +SHORT_SHA ?=$(shell git rev-parse --short HEAD) +TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA) -.PHONY: build -build: builder - docker buildx build \ - --builder $(BUILDER) \ - --platform $(PLATFORMS) \ - --build-arg BASE_IMAGE=$(BASE_IMAGE) \ - --build-arg GOLANG_VERSION=$(GOLANG_VERSION) \ +REGISTRY ?= local + +IMAGE = $(REGISTRY)/e2e-test-runner + +NGINX_BASE_IMAGE ?= $(shell cat $(DIR)/../../NGINX_BASE) + +# The env below is called GO_VERSION and not GOLANG_VERSION because +# the gcb image we use to build already defines GOLANG_VERSION and is a +# really old version +GO_VERSION ?= $(shell cat $(DIR)/../../GOLANG_VERSION) + +# required to enable buildx +export DOCKER_CLI_EXPERIMENTAL=enabled + +# build with buildx +PLATFORMS?=linux/amd64,linux/arm64 +OUTPUT?= +PROGRESS=plain + +image: + echo "Building docker image ($(ARCH))..." + docker build \ + ${PLATFORM_FLAG} ${PLATFORM} \ + --no-cache \ + --pull \ + --push \ + --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ + --build-arg GOLANG_VERSION=${GO_VERSION} \ --build-arg ETCD_VERSION=3.5.13-0 \ - --build-arg K8S_RELEASE=v1.33.2 \ + --build-arg K8S_RELEASE=v1.32.2 \ --build-arg RESTY_CLI_VERSION=0.27 \ --build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \ - --build-arg LUAROCKS_VERSION=v3.12.0 \ - --build-arg LUAROCKS_SHA=745e3c5df2f955ecaf60ba1361cfc224564ef7ec210e9a784a3858ae853e9f7c \ + --build-arg LUAROCKS_VERSION=3.8.0 \ + --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ --build-arg CHART_TESTING_VERSION=3.8.0 \ --build-arg YAML_LINT_VERSION=1.33.0 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.14.4 \ - --build-arg GINKGO_VERSION=2.23.4 \ + --build-arg GINKGO_VERSION=2.22.2 \ --build-arg GOLINT_VERSION=latest \ - rootfs \ - --tag $(IMAGE):$(TAG) \ - $(OUTPUT) + -t ${IMAGE}:${TAG} rootfs -.PHONY: push -push: OUTPUT = --push +build: ensure-buildx + docker buildx build \ + --platform=${PLATFORMS} ${OUTPUT} \ + --progress=${PROGRESS} \ + --pull \ + --build-arg BASE_IMAGE=${NGINX_BASE_IMAGE} \ + --build-arg GOLANG_VERSION=${GO_VERSION} \ + --build-arg ETCD_VERSION=3.5.13-0 \ + --build-arg K8S_RELEASE=v1.32.2 \ + --build-arg RESTY_CLI_VERSION=0.27 \ + --build-arg RESTY_CLI_SHA=e5f4f3128af49ba5c4d039d0554e5ae91bbe05866f60eccfa96d3653274bff90 \ + --build-arg LUAROCKS_VERSION=3.8.0 \ + --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \ + --build-arg CHART_TESTING_VERSION=3.8.0 \ + --build-arg YAML_LINT_VERSION=1.33.0 \ + --build-arg YAMALE_VERSION=4.0.4 \ + --build-arg HELM_VERSION=3.14.4 \ + --build-arg GINKGO_VERSION=2.22.2 \ + --build-arg GOLINT_VERSION=latest \ + -t ${IMAGE}:${TAG} rootfs + +# push the cross built image +push: OUTPUT=--push push: build -.PHONY: clean -clean: - docker buildx rm $(BUILDER) || : +# enable buildx +ensure-buildx: +# this is required for cloudbuild +ifeq ("$(wildcard $(INIT_BUILDX))","") + @curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash +else + @exec $(INIT_BUILDX) +endif + @echo "done" + +.PHONY: build push ensure-buildx diff --git a/images/test-runner/TAG b/images/test-runner/TAG index 0d0c52f84..46b105a30 100644 --- a/images/test-runner/TAG +++ b/images/test-runner/TAG @@ -1 +1 @@ -v1.4.0 +v2.0.0 diff --git a/images/test-runner/cloudbuild.yaml b/images/test-runner/cloudbuild.yaml index 2f49ddafc..93dce3ec9 100644 --- a/images/test-runner/cloudbuild.yaml +++ b/images/test-runner/cloudbuild.yaml @@ -2,8 +2,10 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: -- name: gcr.io/cloud-builders/docker - dir: images/test-runner - entrypoint: make - args: - - push + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d + env: + - REGISTRY=us-central1-docker.pkg.dev/k8s-staging-images/ingress-nginx + entrypoint: bash + args: + - -c + - gcloud auth configure-docker && cd images/test-runner && make push diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index dc8ff5593..d871461bf 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -15,8 +15,8 @@ ARG BASE_IMAGE ARG GOLANG_VERSION ARG ETCD_VERSION -FROM golang:${GOLANG_VERSION}-alpine3.22 AS go -FROM registry.k8s.io/etcd:${ETCD_VERSION} AS etcd +FROM golang:${GOLANG_VERSION}-alpine3.21 as GO +FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd FROM ${BASE_IMAGE} @@ -41,9 +41,9 @@ RUN set -eux; \ echo 'hosts: files dns' > /etc/nsswitch.conf; \ fi -COPY --from=go /usr/local/go /usr/local/go -ENV GOPATH=/go -ENV PATH=$GOPATH/bin:/usr/local/go/bin:$PATH +COPY --from=GO /usr/local/go /usr/local/go +ENV GOPATH /go +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" COPY --from=etcd /usr/local/bin/etcd /usr/local/bin/etcd @@ -81,7 +81,7 @@ RUN wget -qO /tmp/resty_cli.tgz \ && rm -rf /tmp/* RUN wget -qO /tmp/luarocks.tgz \ - https://github.com/luarocks/luarocks/archive/${LUAROCKS_VERSION}.tar.gz \ + https://github.com/luarocks/luarocks/archive/v${LUAROCKS_VERSION}.tar.gz \ && echo "${LUAROCKS_SHA} */tmp/luarocks.tgz" | sha256sum -c - \ && tar -C /tmp -xzf /tmp/luarocks.tgz \ && cd /tmp/luarocks* \ diff --git a/internal/ingress/annotations/auth/main.go b/internal/ingress/annotations/auth/main.go index 840b3c61c..7c7fde7b8 100644 --- a/internal/ingress/annotations/auth/main.go +++ b/internal/ingress/annotations/auth/main.go @@ -19,7 +19,6 @@ package auth import ( "fmt" "os" - "path/filepath" "regexp" "strings" @@ -204,24 +203,16 @@ func (a auth) Parse(ing *networking.Ingress) (interface{}, error) { return nil, err } - passFileName := fmt.Sprintf("%v-%v-%v.passwd", ing.GetNamespace(), ing.UID, secret.UID) - passFilePath := filepath.Join(a.authDirectory, passFileName) - - // Ensure password file name does not contain any path traversal characters. - if a.authDirectory != filepath.Dir(passFilePath) || passFileName != filepath.Base(passFilePath) { - return nil, ing_errors.LocationDeniedError{ - Reason: fmt.Errorf("invalid password file name: %s", passFileName), - } - } + passFilename := fmt.Sprintf("%v/%v-%v-%v.passwd", a.authDirectory, ing.GetNamespace(), ing.UID, secret.UID) switch secretType { case fileAuth: - err = dumpSecretAuthFile(passFilePath, secret) + err = dumpSecretAuthFile(passFilename, secret) if err != nil { return nil, err } case mapAuth: - err = dumpSecretAuthMap(passFilePath, secret) + err = dumpSecretAuthMap(passFilename, secret) if err != nil { return nil, err } @@ -234,15 +225,15 @@ func (a auth) Parse(ing *networking.Ingress) (interface{}, error) { return &Config{ Type: at, Realm: realm, - File: passFilePath, + File: passFilename, Secured: true, - FileSHA: file.SHA1(passFilePath), + FileSHA: file.SHA1(passFilename), Secret: name, SecretType: secretType, }, nil } -// dumpSecretAuthFile dumps the content of a secret into a file +// dumpSecret dumps the content of a secret into a file // in the expected format for the specified authorization func dumpSecretAuthFile(filename string, secret *api.Secret) error { val, ok := secret.Data["auth"] diff --git a/internal/ingress/annotations/cors/main.go b/internal/ingress/annotations/cors/main.go index b81514820..cef4fb1b2 100644 --- a/internal/ingress/annotations/cors/main.go +++ b/internal/ingress/annotations/cors/main.go @@ -40,12 +40,12 @@ var ( // that could cause the Response to contain some internal value/variable (like returning $pid, $upstream_addr, etc) // Origin must contain a http/s Origin (including or not the port) or the value '*' // This Regex is composed of the following: - // * Sets a group that can be (https?://)?*?.something.com:port? + // * Sets a group that can be (https?://)?*?.something.com:port? OR null // * Allows this to be repeated as much as possible, and separated by comma // Otherwise it should be '*' - corsOriginRegexValidator = regexp.MustCompile(`^(((([a-z]+://)?(\*\.)?[A-Za-z0-9\-.]*(:\d+)?,?)+)|\*)?$`) + corsOriginRegexValidator = regexp.MustCompile(`^((((([a-z]+://)?(\*\.)?[A-Za-z0-9\-.]*(:\d+)?,?)|null)+)|\*)?$`) // corsOriginRegex defines the regex for validation inside Parse - corsOriginRegex = regexp.MustCompile(`^([a-z]+://(\*\.)?[A-Za-z0-9\-.]*(:\d+)?|\*)?$`) + corsOriginRegex = regexp.MustCompile(`^([a-z]+://(\*\.)?[A-Za-z0-9\-.]*(:\d+)?|\*|null)?$`) // Method must contain valid methods list (PUT, GET, POST, BLA) // May contain or not spaces between each verb corsMethodsRegex = regexp.MustCompile(`^([A-Za-z]+,?\s?)+$`) @@ -78,7 +78,7 @@ var corsAnnotation = parser.Annotation{ Scope: parser.AnnotationScopeIngress, Risk: parser.AnnotationRiskMedium, Documentation: `This annotation controls what's the accepted Origin for CORS. - This is a multi-valued field, separated by ','. It must follow this format: protocol://origin-site.com or protocol://origin-site.com:port + This is a multi-valued field, separated by ','. It must follow this format: protocol://origin-site.com, protocol://origin-site.com:port, null, or *. It also supports single level wildcard subdomains and follows this format: https://*.foo.bar, http://*.bar.foo:8080 or myprotocol://*.abc.bar.foo:9000 Protocol can be any lowercase string, like http, https, or mycustomprotocol.`, }, diff --git a/internal/ingress/annotations/cors/main_test.go b/internal/ingress/annotations/cors/main_test.go index dee36fcae..0b6b3671b 100644 --- a/internal/ingress/annotations/cors/main_test.go +++ b/internal/ingress/annotations/cors/main_test.go @@ -82,7 +82,7 @@ func TestIngressCorsConfigValid(t *testing.T) { data[parser.GetAnnotationWithPrefix(corsAllowHeadersAnnotation)] = "DNT,X-CustomHeader, Keep-Alive,User-Agent" data[parser.GetAnnotationWithPrefix(corsAllowCredentialsAnnotation)] = "false" data[parser.GetAnnotationWithPrefix(corsAllowMethodsAnnotation)] = "GET, PATCH" - data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "https://origin123.test.com:4443" + data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "null, https://origin123.test.com:4443" data[parser.GetAnnotationWithPrefix(corsExposeHeadersAnnotation)] = "*, X-CustomResponseHeader" data[parser.GetAnnotationWithPrefix(corsMaxAgeAnnotation)] = "600" ing.SetAnnotations(data) @@ -113,7 +113,7 @@ func TestIngressCorsConfigValid(t *testing.T) { t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsAllowMethodsAnnotation)], nginxCors.CorsAllowMethods) } - if nginxCors.CorsAllowOrigin[0] != "https://origin123.test.com:4443" { + if !reflect.DeepEqual(nginxCors.CorsAllowOrigin, []string{"null", "https://origin123.test.com:4443"}) { t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)], nginxCors.CorsAllowOrigin) } @@ -176,7 +176,7 @@ func TestIngressCorsConfigInvalid(t *testing.T) { } } -func TestIngresCorsConfigAllowOriginWithTrailingComma(t *testing.T) { +func TestIngressCorsConfigAllowOriginWithTrailingComma(t *testing.T) { ing := buildIngress() data := map[string]string{} @@ -206,6 +206,36 @@ func TestIngresCorsConfigAllowOriginWithTrailingComma(t *testing.T) { } } +func TestIngressCorsConfigAllowOriginNull(t *testing.T) { + ing := buildIngress() + + data := map[string]string{} + data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)] = enableAnnotation + + // Include a trailing comma and an empty value between the commas. + data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "https://origin123.test.com:4443,null,https://origin321.test.com:4443" + ing.SetAnnotations(data) + + corst, err := NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("error parsing annotations: %v", err) + } + + nginxCors, ok := corst.(*Config) + if !ok { + t.Errorf("expected a Config type but returned %t", corst) + } + + if !nginxCors.CorsEnabled { + t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)], nginxCors.CorsEnabled) + } + + expectedCorsAllowOrigins := []string{"https://origin123.test.com:4443", "null", "https://origin321.test.com:4443"} + if !reflect.DeepEqual(nginxCors.CorsAllowOrigin, expectedCorsAllowOrigins) { + t.Errorf("expected %v but returned %v", expectedCorsAllowOrigins, nginxCors.CorsAllowOrigin) + } +} + func TestIngressCorsConfigAllowOriginWithNonHttpProtocol(t *testing.T) { ing := buildIngress() diff --git a/internal/ingress/annotations/mirror/main_test.go b/internal/ingress/annotations/mirror/main_test.go index 9dc1e6e7c..805f1ef6d 100644 --- a/internal/ingress/annotations/mirror/main_test.go +++ b/internal/ingress/annotations/mirror/main_test.go @@ -117,7 +117,7 @@ func TestParse(t *testing.T) { ing.SetAnnotations(testCase.annotations) result, err := ap.Parse(ing) if err != nil { - t.Error(err) + t.Errorf(err.Error()) } if !reflect.DeepEqual(result, testCase.expected) { t.Errorf("expected %+v but returned %+v, annotations: %s", testCase.expected, result, testCase.annotations) diff --git a/internal/ingress/annotations/proxy/main.go b/internal/ingress/annotations/proxy/main.go index 9d2646261..aaa093eaf 100644 --- a/internal/ingress/annotations/proxy/main.go +++ b/internal/ingress/annotations/proxy/main.go @@ -31,6 +31,7 @@ const ( proxyReadTimeoutAnnotation = "proxy-read-timeout" proxyBuffersNumberAnnotation = "proxy-buffers-number" proxyBufferSizeAnnotation = "proxy-buffer-size" + proxyBusyBuffersSizeAnnotation = "proxy-busy-buffers-size" proxyCookiePathAnnotation = "proxy-cookie-path" proxyCookieDomainAnnotation = "proxy-cookie-domain" proxyBodySizeAnnotation = "proxy-body-size" @@ -82,6 +83,12 @@ var proxyAnnotations = parser.Annotation{ Documentation: `This annotation sets the size of the buffer proxy_buffer_size used for reading the first part of the response received from the proxied server. By default proxy buffer size is set as "4k".`, }, + proxyBusyBuffersSizeAnnotation: { + Validator: parser.ValidateRegex(parser.SizeRegex, true), + Scope: parser.AnnotationScopeLocation, + Risk: parser.AnnotationRiskLow, + Documentation: `This annotation limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read. By default proxy busy buffers size is set as "8k".`, + }, proxyCookiePathAnnotation: { Validator: parser.ValidateRegex(parser.URLIsValidRegex, true), Scope: parser.AnnotationScopeLocation, @@ -167,6 +174,7 @@ type Config struct { ReadTimeout int `json:"readTimeout"` BuffersNumber int `json:"buffersNumber"` BufferSize string `json:"bufferSize"` + BusyBuffersSize string `json:"busyBuffersSize"` CookieDomain string `json:"cookieDomain"` CookiePath string `json:"cookiePath"` NextUpstream string `json:"nextUpstream"` @@ -206,6 +214,9 @@ func (l1 *Config) Equal(l2 *Config) bool { if l1.BufferSize != l2.BufferSize { return false } + if l1.BusyBuffersSize != l2.BusyBuffersSize { + return false + } if l1.CookieDomain != l2.CookieDomain { return false } @@ -290,6 +301,11 @@ func (a proxy) Parse(ing *networking.Ingress) (interface{}, error) { config.BufferSize = defBackend.ProxyBufferSize } + config.BusyBuffersSize, err = parser.GetStringAnnotation(proxyBusyBuffersSizeAnnotation, ing, a.annotationConfig.Annotations) + if err != nil { + config.BusyBuffersSize = defBackend.ProxyBusyBuffersSize + } + config.CookiePath, err = parser.GetStringAnnotation(proxyCookiePathAnnotation, ing, a.annotationConfig.Annotations) if err != nil { config.CookiePath = defBackend.ProxyCookiePath diff --git a/internal/ingress/annotations/proxy/main_test.go b/internal/ingress/annotations/proxy/main_test.go index 9446ae970..b6ce07fb2 100644 --- a/internal/ingress/annotations/proxy/main_test.go +++ b/internal/ingress/annotations/proxy/main_test.go @@ -88,6 +88,7 @@ func (m mockBackend) GetDefaultBackend() defaults.Backend { ProxyReadTimeout: 20, ProxyBuffersNumber: 4, ProxyBufferSize: "10k", + ProxyBusyBuffersSize: "15k", ProxyBodySize: "3k", ProxyNextUpstream: "error", ProxyNextUpstreamTimeout: 0, @@ -108,6 +109,7 @@ func TestProxy(t *testing.T) { data[parser.GetAnnotationWithPrefix("proxy-read-timeout")] = "3" data[parser.GetAnnotationWithPrefix("proxy-buffers-number")] = "8" data[parser.GetAnnotationWithPrefix("proxy-buffer-size")] = "1k" + data[parser.GetAnnotationWithPrefix("proxy-busy-buffers-size")] = "4k" data[parser.GetAnnotationWithPrefix("proxy-body-size")] = "2k" data[parser.GetAnnotationWithPrefix("proxy-next-upstream")] = off data[parser.GetAnnotationWithPrefix("proxy-next-upstream-timeout")] = "5" @@ -141,6 +143,9 @@ func TestProxy(t *testing.T) { if p.BufferSize != "1k" { t.Errorf("expected 1k as buffer-size but returned %v", p.BufferSize) } + if p.BusyBuffersSize != "4k" { + t.Errorf("expected 4k as busy-buffers-size but returned %v", p.BusyBuffersSize) + } if p.BodySize != "2k" { t.Errorf("expected 2k as body-size but returned %v", p.BodySize) } @@ -176,6 +181,7 @@ func TestProxyComplex(t *testing.T) { data[parser.GetAnnotationWithPrefix("proxy-read-timeout")] = "3" data[parser.GetAnnotationWithPrefix("proxy-buffers-number")] = "8" data[parser.GetAnnotationWithPrefix("proxy-buffer-size")] = "1k" + data[parser.GetAnnotationWithPrefix("proxy-busy-buffers-size")] = "4k" data[parser.GetAnnotationWithPrefix("proxy-body-size")] = "2k" data[parser.GetAnnotationWithPrefix("proxy-next-upstream")] = "error http_502" data[parser.GetAnnotationWithPrefix("proxy-next-upstream-timeout")] = "5" @@ -209,6 +215,9 @@ func TestProxyComplex(t *testing.T) { if p.BufferSize != "1k" { t.Errorf("expected 1k as buffer-size but returned %v", p.BufferSize) } + if p.BusyBuffersSize != "4k" { + t.Errorf("expected 4k as buffer-size but returned %v", p.BusyBuffersSize) + } if p.BodySize != "2k" { t.Errorf("expected 2k as body-size but returned %v", p.BodySize) } @@ -264,6 +273,9 @@ func TestProxyWithNoAnnotation(t *testing.T) { if p.BufferSize != "10k" { t.Errorf("expected 10k as buffer-size but returned %v", p.BufferSize) } + if p.BusyBuffersSize != "15k" { + t.Errorf("expected 15k as buffer-size but returned %v", p.BusyBuffersSize) + } if p.BodySize != "3k" { t.Errorf("expected 3k as body-size but returned %v", p.BodySize) } diff --git a/internal/ingress/annotations/redirect/redirect.go b/internal/ingress/annotations/redirect/redirect.go index 0716e1ce1..edc3d279c 100644 --- a/internal/ingress/annotations/redirect/redirect.go +++ b/internal/ingress/annotations/redirect/redirect.go @@ -38,6 +38,7 @@ type Config struct { URL string `json:"url"` Code int `json:"code"` FromToWWW bool `json:"fromToWWW"` + Relative bool `json:"relative"` } const ( @@ -46,6 +47,7 @@ const ( temporalRedirectAnnotationCode = "temporal-redirect-code" permanentRedirectAnnotation = "permanent-redirect" permanentRedirectAnnotationCode = "permanent-redirect-code" + relativeRedirectsAnnotation = "relative-redirects" ) var redirectAnnotations = parser.Annotation{ @@ -83,6 +85,12 @@ var redirectAnnotations = parser.Annotation{ Risk: parser.AnnotationRiskLow, // Low, as it allows just a set of options Documentation: `This annotation allows you to modify the status code used for permanent redirects.`, }, + relativeRedirectsAnnotation: { + Validator: parser.ValidateBool, + Scope: parser.AnnotationScopeLocation, + Risk: parser.AnnotationRiskLow, + Documentation: `If enabled, redirects issued by nginx will be relative. See https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect`, + }, }, } @@ -109,6 +117,11 @@ func (r redirect) Parse(ing *networking.Ingress) (interface{}, error) { return nil, err } + rr, err := parser.GetBoolAnnotation(relativeRedirectsAnnotation, ing, r.annotationConfig.Annotations) + if err != nil && !errors.IsMissingAnnotations(err) { + return nil, err + } + tr, err := parser.GetStringAnnotation(temporalRedirectAnnotation, ing, r.annotationConfig.Annotations) if err != nil && !errors.IsMissingAnnotations(err) { return nil, err @@ -132,6 +145,7 @@ func (r redirect) Parse(ing *networking.Ingress) (interface{}, error) { URL: tr, Code: trc, FromToWWW: r3w, + Relative: rr, }, nil } @@ -154,6 +168,13 @@ func (r redirect) Parse(ing *networking.Ingress) (interface{}, error) { URL: pr, Code: prc, FromToWWW: r3w, + Relative: rr, + }, nil + } + + if rr { + return &Config{ + Relative: rr, }, nil } @@ -177,6 +198,9 @@ func (r1 *Config) Equal(r2 *Config) bool { if r1.FromToWWW != r2.FromToWWW { return false } + if r1.Relative != r2.Relative { + return false + } return true } diff --git a/internal/ingress/annotations/redirect/redirect_test.go b/internal/ingress/annotations/redirect/redirect_test.go index b5c34879e..f4734ae5b 100644 --- a/internal/ingress/annotations/redirect/redirect_test.go +++ b/internal/ingress/annotations/redirect/redirect_test.go @@ -193,3 +193,22 @@ func TestIsValidURL(t *testing.T) { t.Errorf("expected nil but got %v", err) } } + +func TestParseAnnotations(t *testing.T) { + ing := new(networking.Ingress) + + data := map[string]string{} + data[parser.GetAnnotationWithPrefix(relativeRedirectsAnnotation)] = "true" + ing.SetAnnotations(data) + + _, err := NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + // test ingress using the annotation without a TLS section + _, err = NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("unexpected error parsing ingress with relative-redirects") + } +} diff --git a/internal/ingress/annotations/sslcipher/main.go b/internal/ingress/annotations/sslcipher/main.go index 180cb3914..3cfd903bd 100644 --- a/internal/ingress/annotations/sslcipher/main.go +++ b/internal/ingress/annotations/sslcipher/main.go @@ -33,7 +33,7 @@ const ( // Should cover something like "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" // (?:@STRENGTH) is included twice so it can appear before or after @SECLEVEL=n -var regexValidSSLCipher = regexp.MustCompile(`^(?:(?:[A-Za-z0-9!:+\-_])*(?:@STRENGTH)*(?:@SECLEVEL=[0-5])*(?:@STRENGTH)*)*$`) +var regexValidSSLCipher = regexp.MustCompile(`^(?:(?:[A-Za-z0-9!:+\-])*(?:@STRENGTH)*(?:@SECLEVEL=[0-5])*(?:@STRENGTH)*)*$`) var sslCipherAnnotations = parser.Annotation{ Group: "backend", diff --git a/internal/ingress/annotations/sslcipher/main_test.go b/internal/ingress/annotations/sslcipher/main_test.go index 2ef2ab536..f1675d4c7 100644 --- a/internal/ingress/annotations/sslcipher/main_test.go +++ b/internal/ingress/annotations/sslcipher/main_test.go @@ -57,7 +57,6 @@ func TestParse(t *testing.T) { {map[string]string{annotationSSLCiphers: "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP", annotationSSLPreferServerCiphers: "true"}, Config{"ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP", "on"}, false}, {map[string]string{annotationSSLCiphers: "ALL:SOMETHING:;locationXPTO"}, Config{"", ""}, true}, {map[string]string{}, Config{"", ""}, false}, - {map[string]string{annotationSSLCiphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"}, Config{"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256", ""}, false}, {nil, Config{"", ""}, false}, } diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 3864a176a..beac1405d 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -97,10 +97,12 @@ type Configuration struct { // AllowCrossNamespaceResources enables users to consume cross namespace resource on annotations // Case disabled, attempts to use secrets or configmaps from a namespace different from Ingress will // be denied + // This value will default to `false` on future releases AllowCrossNamespaceResources bool `json:"allow-cross-namespace-resources"` // AnnotationsRiskLevel represents the risk accepted on an annotation. If the risk is, for instance `Medium`, annotations // with risk High and Critical will not be accepted. + // Default Risk is Critical by default, but this may be changed in future releases AnnotationsRiskLevel string `json:"annotations-risk-level"` // AnnotationValueWordBlocklist defines words that should not be part of an user annotation value @@ -547,6 +549,10 @@ type Configuration struct { // https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors DisableProxyInterceptErrors bool `json:"disable-proxy-intercept-errors,omitempty"` + // Disable absolute redirects and enables relative redirects. + // https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect + RelativeRedirects bool `json:"relative-redirects"` + // Sets the ipv4 addresses on which the server will accept requests. BindAddressIpv4 []string `json:"bind-address-ipv4,omitempty"` @@ -832,6 +838,7 @@ func NewDefault() Configuration { VariablesHashMaxSize: 2048, UseHTTP2: true, DisableProxyInterceptErrors: false, + RelativeRedirects: false, ProxyStreamTimeout: "600s", ProxyStreamNextUpstream: true, ProxyStreamNextUpstreamTimeout: "600s", @@ -843,6 +850,7 @@ func NewDefault() Configuration { ProxySendTimeout: 60, ProxyBuffersNumber: 4, ProxyBufferSize: "4k", + ProxyBusyBuffersSize: "8k", ProxyCookieDomain: "off", ProxyCookiePath: "off", ProxyNextUpstream: "error timeout", @@ -855,6 +863,7 @@ func NewDefault() Configuration { SSLRedirect: true, CustomHTTPErrors: []int{}, DisableProxyInterceptErrors: false, + RelativeRedirects: false, DenylistSourceRange: []string{}, WhitelistSourceRange: []string{}, SkipAccessLogURLs: []string{}, diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 012f465bf..652a80e49 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -420,15 +420,11 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error { return err } - /* Deactivated to mitigate CVE-2025-1974 - // TODO: Implement sandboxing so this test can be done safely err = n.testTemplate(content) if err != nil { n.metricCollector.IncCheckErrorCount(ing.ObjectMeta.Namespace, ing.Name) return err } - */ - n.metricCollector.IncCheckCount(ing.ObjectMeta.Namespace, ing.Name) endCheck := time.Now().UnixNano() / 1000000 n.metricCollector.SetAdmissionMetrics( @@ -1259,6 +1255,7 @@ func (n *NGINXController) createServers(data []*ingress.Ingress, ReadTimeout: bdef.ProxyReadTimeout, BuffersNumber: bdef.ProxyBuffersNumber, BufferSize: bdef.ProxyBufferSize, + BusyBuffersSize: bdef.ProxyBusyBuffersSize, CookieDomain: bdef.ProxyCookieDomain, CookiePath: bdef.ProxyCookiePath, NextUpstream: bdef.ProxyNextUpstream, diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index 3b7a3c4eb..9d3fea470 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -250,8 +250,6 @@ func TestCheckIngress(t *testing.T) { } }) - /* Deactivated to mitigate CVE-2025-1974 - // TODO: Implement sandboxing so this test can be done safely t.Run("When nginx test returns an error", func(t *testing.T) { nginx.command = testNginxTestCommand{ t: t, @@ -263,7 +261,6 @@ func TestCheckIngress(t *testing.T) { t.Errorf("with a new ingress with an error, an error should be returned") } }) - */ t.Run("When the default annotation prefix is used despite an override", func(t *testing.T) { defer func() { diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 284f53209..d4bd6136f 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -240,6 +240,8 @@ type k8sStore struct { backendConfigMu *sync.RWMutex defaultSSLCertificate string + + recorder record.EventRecorder } // New creates a new object store to be used in the ingress controller. @@ -279,6 +281,7 @@ func New( recorder := eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{ Component: "nginx-ingress-controller", }) + store.recorder = recorder // k8sStore fulfills resolver.Resolver interface store.annotations = annotations.NewAnnotationExtractor(store) @@ -938,6 +941,9 @@ func (s *k8sStore) syncIngress(ing *networkingv1.Ingress) { klog.Error(err) return } + if parsed.Denied != nil { + s.recorder.Eventf(ing, corev1.EventTypeWarning, "AnnotationParsingFailed", fmt.Sprintf("Error parsing annotations: %v", *parsed.Denied)) + } err = s.listers.IngressWithAnnotation.Update(&ingress.Ingress{ Ingress: *copyIng, ParsedAnnotations: parsed, diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index f6816d70a..ed052e4ec 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -602,17 +602,12 @@ func buildAuthResponseHeaders(proxySetHeader string, headers []string, lua bool) return res } -func buildAuthUpstreamLuaHeaders(headers []string) []string { - res := []string{} - +func buildAuthUpstreamLuaHeaders(headers []string) string { if len(headers) == 0 { - return res + return "" } - for i, h := range headers { - res = append(res, fmt.Sprintf("ngx.var.authHeader%d = res.header['%s']", i, h)) - } - return res + return strings.Join(headers, ",") } func buildAuthProxySetHeaders(headers map[string]string) []string { @@ -1627,11 +1622,11 @@ func buildMirrorLocations(locs []*ingress.Location) string { mapped.Insert(loc.Mirror.Source) buffer.WriteString(fmt.Sprintf(`location = %v { internal; -proxy_set_header Host %v; -proxy_pass %v; +proxy_set_header Host "%v"; +proxy_pass "%v"; } -`, strconv.Quote(loc.Mirror.Source), strconv.Quote(loc.Mirror.Host), strconv.Quote(loc.Mirror.Target))) +`, loc.Mirror.Source, loc.Mirror.Host, loc.Mirror.Target)) } return buffer.String() diff --git a/internal/ingress/controller/template/template_test.go b/internal/ingress/controller/template/template_test.go index 59d2d6256..6553f5daf 100644 --- a/internal/ingress/controller/template/template_test.go +++ b/internal/ingress/controller/template/template_test.go @@ -537,10 +537,7 @@ func TestBuildAuthResponseHeaders(t *testing.T) { func TestBuildAuthResponseLua(t *testing.T) { externalAuthResponseHeaders := []string{"h1", "H-With-Caps-And-Dashes"} - expected := []string{ - "ngx.var.authHeader0 = res.header['h1']", - "ngx.var.authHeader1 = res.header['H-With-Caps-And-Dashes']", - } + expected := "h1,H-With-Caps-And-Dashes" headers := buildAuthUpstreamLuaHeaders(externalAuthResponseHeaders) diff --git a/internal/ingress/defaults/main.go b/internal/ingress/defaults/main.go index e892bf572..bec1b08e2 100644 --- a/internal/ingress/defaults/main.go +++ b/internal/ingress/defaults/main.go @@ -69,6 +69,11 @@ type Backend struct { // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) ProxyBufferSize string `json:"proxy-buffer-size"` + // Limits the total size of buffers that can be busy sending a response to the client while + // the response is not yet fully read. + // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_busy_buffers_size + ProxyBusyBuffersSize string `json:"proxy-busy-buffers-size"` + // Sets a text that should be changed in the path attribute of the “Set-Cookie” header fields of // a proxied server response. // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path @@ -125,6 +130,11 @@ type Backend struct { // Default: false UsePortInRedirects bool `json:"use-port-in-redirects"` + // Enables or disables relative redirects. By default nginx uses absolute redirects. + // http://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect + // Default: false + RelativeRedirects bool `json:"relative-redirects"` + // Enable stickiness by client-server mapping based on a NGINX variable, text or a combination of both. // A consistent hashing method will be used which ensures only a few keys would be remapped to different // servers on upstream group changes @@ -185,6 +195,7 @@ type SecurityConfiguration struct { // AllowCrossNamespaceResources enables users to consume cross namespace resource on annotations // Case disabled, attempts to use secrets or configmaps from a namespace different from Ingress will // be denied + // This valid will default to `false` on future releases AllowCrossNamespaceResources bool `json:"allow-cross-namespace-resources"` // AnnotationsRiskLevel represents the risk accepted on an annotation. If the risk is, for instance `Medium`, annotations diff --git a/internal/ingress/metric/collectors/nginx_status_test.go b/internal/ingress/metric/collectors/nginx_status_test.go index aef72dcca..ec535745d 100644 --- a/internal/ingress/metric/collectors/nginx_status_test.go +++ b/internal/ingress/metric/collectors/nginx_status_test.go @@ -110,7 +110,7 @@ func TestStatusCollector(t *testing.T) { w.WriteHeader(http.StatusOK) if r.URL.Path == "/nginx_status" { - _, err := fmt.Fprint(w, c.mock) + _, err := fmt.Fprintf(w, c.mock) if err != nil { t.Fatal(err) } diff --git a/magefiles/go.mod b/magefiles/go.mod new file mode 100644 index 000000000..f11ab740e --- /dev/null +++ b/magefiles/go.mod @@ -0,0 +1,38 @@ +module k8s.io/ingress-nginx/magefiles + +go 1.23.6 + +require ( + github.com/blang/semver/v4 v4.0.0 + github.com/google/go-github/v48 v48.2.0 + github.com/helm/helm v2.17.0+incompatible + github.com/magefile/mage v1.15.0 + github.com/vmware-labs/yaml-jsonpath v0.3.2 + golang.org/x/oauth2 v0.18.0 + gopkg.in/yaml.v3 v3.0.1 +) + +require ( + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/Masterminds/semver v1.5.0 // indirect + github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/ghodss/yaml v1.0.0 // indirect + github.com/gobwas/glob v0.2.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/go-querystring v1.1.0 // indirect + github.com/kr/text v0.2.0 // indirect + github.com/onsi/ginkgo v1.16.5 // indirect + github.com/onsi/gomega v1.30.0 // indirect + github.com/rogpeppe/go-internal v1.11.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect + github.com/stretchr/testify v1.9.0 // indirect + golang.org/x/crypto v0.31.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/protobuf v1.33.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + k8s.io/apimachinery v0.29.3 // indirect + k8s.io/helm v2.17.0+incompatible // indirect +) diff --git a/magefiles/go.sum b/magefiles/go.sum new file mode 100644 index 000000000..8684d4701 --- /dev/null +++ b/magefiles/go.sum @@ -0,0 +1,174 @@ +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= +github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= +github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960 h1:aRd8M7HJVZOqn/vhOzrGcQH0lNAMkqMn+pXUYkatmcA= +github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960/go.mod h1:9HQzr9D/0PGwMEbC3d5AB7oi67+h4TsQqItC1GVYG58= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-github/v48 v48.2.0 h1:68puzySE6WqUY9KWmpOsDEQfDZsso98rT6pZcz9HqcE= +github.com/google/go-github/v48 v48.2.0/go.mod h1:dDlehKBDo850ZPvCTK0sEqTCVWcrGl2LcDiajkYi89Y= +github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= +github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/helm/helm v2.17.0+incompatible h1:0iy95yMXrfWpwaoOA9XRP+cTvitTrq+LcJV9DvR5n1Y= +github.com/helm/helm v2.17.0+incompatible/go.mod h1:ahXhuvluW4YnSL6W6hDVetZsVK8Pv4BP8OwKli7aMqo= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg= +github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/vmware-labs/yaml-jsonpath v0.3.2 h1:/5QKeCBGdsInyDCyVNLbXyilb61MXGi9NP674f9Hobk= +github.com/vmware-labs/yaml-jsonpath v0.3.2/go.mod h1:U6whw1z03QyqgWdgXxvVnQ90zN1BWz5V+51Ewf8k+rQ= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20191026110619-0b21df46bc1d/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/helm v2.17.0+incompatible h1:Bpn6o1wKLYqKM3+Osh8e+1/K2g/GsQJ4F4yNF2+deao= +k8s.io/helm v2.17.0+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= diff --git a/pkg/util/runtime/cpu_linux.go b/pkg/util/runtime/cpu_linux.go index b9992c6de..7db609053 100644 --- a/pkg/util/runtime/cpu_linux.go +++ b/pkg/util/runtime/cpu_linux.go @@ -27,7 +27,7 @@ import ( "strconv" "strings" - libcontainercgroups "github.com/opencontainers/cgroups" + libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups" ) // NumCPU returns the number of logical CPUs usable by the current process. diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index 116a97b26..481b311e2 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -14,7 +14,7 @@ ARG BASE_IMAGE -FROM ${BASE_IMAGE} AS chroot +FROM ${BASE_IMAGE} as chroot # This intermediary image will be used only to copy all the required files to the chroot # TODO: Simplify in a future to a single Dockerfile @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.22 +FROM alpine:3.21 ARG TARGETARCH ARG VERSION diff --git a/rootfs/etc/nginx/lua/balancer.lua b/rootfs/etc/nginx/lua/balancer.lua index f06aadf79..00104c89d 100644 --- a/rootfs/etc/nginx/lua/balancer.lua +++ b/rootfs/etc/nginx/lua/balancer.lua @@ -73,18 +73,12 @@ local function get_implementation(backend) end local function resolve_external_names(original_backend) - if not original_backend.endpoints or - #original_backend.endpoints == 0 then - return original_backend - end local backend = util.deepcopy(original_backend) local endpoints = {} for _, endpoint in ipairs(backend.endpoints) do local ips = dns_lookup(endpoint.address) - if #ips ~= 1 or ips[1] ~= endpoint.address then - for _, ip in ipairs(ips) do - table.insert(endpoints, { address = ip, port = endpoint.port }) - end + for _, ip in ipairs(ips) do + table.insert(endpoints, { address = ip, port = endpoint.port }) end end backend.endpoints = endpoints @@ -110,19 +104,15 @@ local function is_backend_with_external_name(backend) end local function sync_backend(backend) - -- We resolve external names before checking if the endpoints are empty - -- because the behavior for resolve_external_names when the name was not - -- resolved is to return an empty table so we set the balancer to nil below - -- see https://github.com/kubernetes/ingress-nginx/pull/10989 - if is_backend_with_external_name(backend) then - backend = resolve_external_names(backend) - end - if not backend.endpoints or #backend.endpoints == 0 then balancers[backend.name] = nil return end + if is_backend_with_external_name(backend) then + backend = resolve_external_names(backend) + end + backend.endpoints = format_ipv6_endpoints(backend.endpoints) local implementation = get_implementation(backend) diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_external_auth.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_external_auth.lua new file mode 100644 index 000000000..6c68cf07c --- /dev/null +++ b/rootfs/etc/nginx/lua/nginx/ngx_conf_external_auth.lua @@ -0,0 +1,30 @@ +local auth_path = ngx.var.auth_path +local auth_keepalive_share_vars = ngx.var.auth_keepalive_share_vars +local auth_response_headers = ngx.var.auth_response_headers +local ngx_re_split = require("ngx.re").split +local ipairs = ipairs +local ngx_log = ngx.log +local ngx_ERR = ngx.ERR + +local res = ngx.location.capture(auth_path, { + method = ngx.HTTP_GET, body = '', + share_all_vars = auth_keepalive_share_vars }) + +if res.status == ngx.HTTP_OK then + local header_parts, err = ngx_re_split(auth_response_headers, ",") + if err then + ngx_log(ngx_ERR, err) + return + end + ngx.var.auth_cookie = res.header['Set-Cookie'] + for i, header_name in ipairs(header_parts) do + local varname = "authHeader" .. tostring(i) + ngx.var[varname] = res.header[header_name] + end + return +end + +if res.status == ngx.HTTP_UNAUTHORIZED or res.status == ngx.HTTP_FORBIDDEN then + ngx.exit(res.status) +end +ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) \ No newline at end of file diff --git a/rootfs/etc/nginx/lua/test/balancer_test.lua b/rootfs/etc/nginx/lua/test/balancer_test.lua index 96d864359..2d42ad330 100644 --- a/rootfs/etc/nginx/lua/test/balancer_test.lua +++ b/rootfs/etc/nginx/lua/test/balancer_test.lua @@ -439,40 +439,6 @@ describe("Balancer", function() assert.stub(mock_instance.sync).was_called_with(mock_instance, expected_backend) end) - it("sets balancer to nil when service is of type External name and DNS could not resolve", function() - backend = { - name = "example2-com", service = { spec = { ["type"] = "ExternalName" } }, - endpoints = { - { address = "example2.com", port = "80", maxFails = 0, failTimeout = 0 } - } - } - - helpers.mock_resty_dns_query(nil, { errcode = 3, errstr = "NXDNS: no such host (mock)" }) - local mock_instance = { sync = function(backend) end } - setmetatable(mock_instance, implementation) - implementation.new = function(self, backend) return mock_instance end - local s = spy.on(implementation, "new") - assert.has_no.errors(function() balancer.sync_backend(backend) end) - assert.spy(s).was_not_called() - assert.is_nil(balancer.get_balancer_by_upstream_name(backend.name)) - end) - - it("sets balancer to nil when service is of type External name and endpoints in nil (omitted by go calling POST /configuration/backends)", function() - backend = { - name = "example-com", service = { spec = { ["type"] = "ExternalName" } }, - endpoints = nil - } - - helpers.mock_resty_dns_query(nil, { errcode = 3, errstr = "NXDNS: no such host (mock)" }) - local mock_instance = { sync = function(backend) end } - setmetatable(mock_instance, implementation) - implementation.new = function(self, backend) return mock_instance end - local s = spy.on(implementation, "new") - assert.has_no.errors(function() balancer.sync_backend(backend) end) - assert.spy(s).was_not_called() - assert.is_nil(balancer.get_balancer_by_upstream_name(backend.name)) - end) - it("wraps IPv6 addresses into square brackets", function() local backend = { name = "example-com", diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 1f17952a1..6b8e750b0 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -459,6 +459,10 @@ http { proxy_intercept_errors on; {{ end }} + {{ if $cfg.RelativeRedirects }} + absolute_redirect off; + {{ end }} + {{ range $errCode := $cfg.CustomHTTPErrors }} error_page {{ $errCode }} = @custom_upstream-default-backend_{{ $errCode }};{{ end }} @@ -875,7 +879,7 @@ stream { {{ if not ( empty $server.CertificateAuth.MatchCN ) }} {{ if gt (len $server.CertificateAuth.MatchCN) 0 }} - if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN | quote }} ) { + if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) { return 403 "client certificate unauthorized"; } {{ end }} @@ -1037,6 +1041,7 @@ stream { {{ end }} proxy_buffer_size {{ $location.Proxy.BufferSize }}; proxy_buffers {{ $location.Proxy.BuffersNumber }} {{ $location.Proxy.BufferSize }}; + proxy_busy_buffers_size {{ $location.Proxy.BusyBuffersSize }}; proxy_request_buffering {{ $location.Proxy.RequestBuffering }}; proxy_ssl_server_name on; @@ -1077,7 +1082,7 @@ stream { set $target {{ changeHostPort $externalAuth.URL $authUpstreamName }}; {{ else }} proxy_http_version {{ $location.Proxy.ProxyHTTPVersion }}; - set $target {{ $externalAuth.URL | quote }}; + set $target {{ $externalAuth.URL }}; {{ end }} proxy_pass $target; } @@ -1115,7 +1120,7 @@ stream { {{ buildOpentelemetryForLocation $all.Cfg.EnableOpentelemetry $all.Cfg.OpentelemetryTrustIncomingSpan $location }} {{ if $location.Mirror.Source }} - mirror {{ $location.Mirror.Source | quote }}; + mirror {{ $location.Mirror.Source }}; mirror_request_body {{ $location.Mirror.RequestBody }}; {{ end }} @@ -1185,20 +1190,10 @@ stream { {{- end }} # `auth_request` module does not support HTTP keepalives in upstream block: # https://trac.nginx.org/nginx/ticket/1579 - access_by_lua_block { - local res = ngx.location.capture('{{ $authPath }}', { method = ngx.HTTP_GET, body = '', share_all_vars = {{ $externalAuth.KeepaliveShareVars }} }) - if res.status == ngx.HTTP_OK then - ngx.var.auth_cookie = res.header['Set-Cookie'] - {{- range $line := buildAuthUpstreamLuaHeaders $externalAuth.ResponseHeaders }} - {{ $line }} - {{- end }} - return - end - if res.status == ngx.HTTP_UNAUTHORIZED or res.status == ngx.HTTP_FORBIDDEN then - ngx.exit(res.status) - end - ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) - } + set $auth_path '{{ $authPath }}'; + set $auth_keepalive_share_vars {{ $externalAuth.KeepaliveShareVars }}; + set $auth_response_headers '{{ buildAuthUpstreamLuaHeaders $externalAuth.ResponseHeaders }}'; + access_by_lua_file /etc/nginx/lua/nginx/ngx_conf_external_auth.lua; {{ else }} auth_request {{ $authPath }}; auth_request_set $auth_cookie $upstream_http_set_cookie; @@ -1302,6 +1297,7 @@ stream { proxy_buffering {{ $location.Proxy.ProxyBuffering }}; proxy_buffer_size {{ $location.Proxy.BufferSize }}; proxy_buffers {{ $location.Proxy.BuffersNumber }} {{ $location.Proxy.BufferSize }}; + proxy_busy_buffers_size {{ $location.Proxy.BusyBuffersSize }}; {{ if isValidByteSize $location.Proxy.ProxyMaxTempFileSize true }} proxy_max_temp_file_size {{ $location.Proxy.ProxyMaxTempFileSize }}; {{ end }} @@ -1353,6 +1349,10 @@ stream { satisfy {{ $location.Satisfy }}; {{ end }} + {{ if $location.Redirect.Relative }} + absolute_redirect off; + {{ end }} + {{/* if a location-specific error override is set, add the proxy_intercept here */}} {{ if and $location.CustomHTTPErrors (not $location.DisableProxyInterceptErrors) }} # Custom error pages per ingress diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index 85bac508a..c16545e43 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,7 +1,7 @@ ARG E2E_BASE_IMAGE FROM ${E2E_BASE_IMAGE} AS BASE -FROM alpine:3.22 +FROM alpine:3.21 RUN apk update \ && apk upgrade && apk add -U --no-cache \ diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 7a7b96cb9..f72651f48 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v1.4.0@sha256:ba366ecc1a67022d4f02193faf7af284fa7642e7a55f3eef1e52069c9fe306f0" +E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/HTTPBUN_IMAGE b/test/e2e/HTTPBUN_IMAGE index b96db02bf..491b333c7 100644 --- a/test/e2e/HTTPBUN_IMAGE +++ b/test/e2e/HTTPBUN_IMAGE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/httpbun:v1.2.0@sha256:b41435f66a362dd325f1a4a856257e534d014354a6b935e12fe7f591b52ddcaf +registry.k8s.io/ingress-nginx/httpbun:v1.1.1@sha256:4569515d9b74470c915566a010792e7202b6769443fb1f3bb1b1e87376028634 diff --git a/test/e2e/admission/admission.go b/test/e2e/admission/admission.go index 2c94a5893..873e6719d 100644 --- a/test/e2e/admission/admission.go +++ b/test/e2e/admission/admission.go @@ -26,6 +26,7 @@ import ( "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/ingress-nginx/test/e2e/framework" @@ -98,8 +99,6 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller", assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid path should return an error") }) - /* Deactivated to mitigate CVE-2025-1974 - // TODO: Implement sandboxing so this test can be done safely ginkgo.It("should return an error if there is an error validating the ingress definition", func() { disableSnippet := f.AllowSnippetConfiguration() defer disableSnippet() @@ -113,7 +112,6 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller", _, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{}) assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid configuration should return an error") }) - */ ginkgo.It("should return an error if there is an invalid value in some annotation", func() { host := admissionTestHost @@ -209,8 +207,6 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller", Status(http.StatusOK) }) - /* Deactivated to mitigate CVE-2025-1974 - // TODO: Implement sandboxing so this test can be done safely ginkgo.It("should return an error if the Ingress V1 definition contains invalid annotations", func() { disableSnippet := f.AllowSnippetConfiguration() defer disableSnippet() @@ -224,7 +220,6 @@ var _ = framework.IngressNginxDescribeSerial("[Admission] admission controller", assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid configuration should return an error") } }) - */ ginkgo.It("should not return an error for an invalid Ingress when it has unknown class", func() { disableSnippet := f.AllowSnippetConfiguration() diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index 01c14be39..ddda1dce5 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -653,7 +653,7 @@ http { func(server string) bool { return strings.Contains(server, `upstream auth-external-auth`) && strings.Contains(server, `keepalive 10;`) && - strings.Contains(server, `share_all_vars = false`) + strings.Contains(server, `set $auth_keepalive_share_vars false;`) }) }) @@ -673,7 +673,7 @@ http { func(server string) bool { return strings.Contains(server, `upstream auth-external-auth`) && strings.Contains(server, `keepalive 10;`) && - strings.Contains(server, `share_all_vars = true`) + strings.Contains(server, `set $auth_keepalive_share_vars true;`) }) }) }) diff --git a/test/e2e/annotations/grpc.go b/test/e2e/annotations/grpc.go index 273189e95..2a9c5a983 100644 --- a/test/e2e/annotations/grpc.go +++ b/test/e2e/annotations/grpc.go @@ -45,6 +45,29 @@ const ( var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() { f := framework.NewDefaultFramework("grpc", framework.WithHTTPBunEnabled()) + ginkgo.It("should use grpc_pass in the configuration file", func() { + f.NewGRPCFortuneTellerDeployment() + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/backend-protocol": "GRPC", + } + + ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "fortune-teller", 50051, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %v", host)) + }) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, "grpc_pass") && + strings.Contains(server, "grpc_set_header") && + !strings.Contains(server, "proxy_pass") + }) + }) + ginkgo.It("should return OK for service with backend protocol GRPC", func() { f.NewGRPCBinDeployment() diff --git a/test/e2e/annotations/mirror.go b/test/e2e/annotations/mirror.go index a398a21e3..787cbfa3b 100644 --- a/test/e2e/annotations/mirror.go +++ b/test/e2e/annotations/mirror.go @@ -43,7 +43,7 @@ var _ = framework.DescribeAnnotation("mirror-*", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("mirror \"/_mirror-%v\";", ing.UID)) && + return strings.Contains(server, fmt.Sprintf("mirror /_mirror-%v;", ing.UID)) && strings.Contains(server, "mirror_request_body on;") }) }) @@ -58,7 +58,7 @@ var _ = framework.DescribeAnnotation("mirror-*", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("mirror \"/_mirror-%v\";", ing.UID)) && + return strings.Contains(server, fmt.Sprintf("mirror /_mirror-%v;", ing.UID)) && strings.Contains(server, "mirror_request_body on;") && strings.Contains(server, `proxy_pass "https://test.env.com/$request_uri";`) }) @@ -75,7 +75,7 @@ var _ = framework.DescribeAnnotation("mirror-*", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("mirror \"/_mirror-%v\";", ing.UID)) && + return strings.Contains(server, fmt.Sprintf("mirror /_mirror-%v;", ing.UID)) && strings.Contains(server, "mirror_request_body off;") }) }) diff --git a/test/e2e/annotations/proxy.go b/test/e2e/annotations/proxy.go index 235b828e7..8e9866021 100644 --- a/test/e2e/annotations/proxy.go +++ b/test/e2e/annotations/proxy.go @@ -160,11 +160,13 @@ var _ = framework.DescribeAnnotation("proxy-*", func() { proxyBuffering := "on" proxyBuffersNumber := "8" proxyBufferSize := "8k" + proxyBusyBuffersSize := "16k" annotations := make(map[string]string) annotations["nginx.ingress.kubernetes.io/proxy-buffering"] = proxyBuffering annotations["nginx.ingress.kubernetes.io/proxy-buffers-number"] = proxyBuffersNumber annotations["nginx.ingress.kubernetes.io/proxy-buffer-size"] = proxyBufferSize + annotations["nginx.ingress.kubernetes.io/proxy-busy-buffers-size"] = proxyBusyBuffersSize ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) f.EnsureIngress(ing) @@ -174,6 +176,7 @@ var _ = framework.DescribeAnnotation("proxy-*", func() { return strings.Contains(server, fmt.Sprintf("proxy_buffering %s;", proxyBuffering)) && strings.Contains(server, fmt.Sprintf("proxy_buffer_size %s;", proxyBufferSize)) && strings.Contains(server, fmt.Sprintf("proxy_buffers %s %s;", proxyBuffersNumber, proxyBufferSize)) && + strings.Contains(server, fmt.Sprintf("proxy_busy_buffers_size %s;", proxyBusyBuffersSize)) && strings.Contains(server, fmt.Sprintf("proxy_request_buffering %s;", proxyBuffering)) }) }) diff --git a/test/e2e/annotations/relativeredirects.go b/test/e2e/annotations/relativeredirects.go new file mode 100644 index 000000000..430b357e4 --- /dev/null +++ b/test/e2e/annotations/relativeredirects.go @@ -0,0 +1,107 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package annotations + +import ( + "fmt" + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" + "k8s.io/ingress-nginx/test/e2e/framework" +) + +const ( + relativeRedirectsHostname = "rr.foo.com" + relativeRedirectsRedirectPath = "/something" + relativeRedirectsRelativeRedirectURL = "/new-location" +) + +var _ = framework.DescribeAnnotation("relative-redirects", func() { + f := framework.NewDefaultFramework("relative-redirects") + + ginkgo.BeforeEach(func() { + f.NewHttpbunDeployment() + f.NewEchoDeployment() + }) + + ginkgo.It("configures Nginx correctly", func() { + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/relative-redirects": "true", + } + + ing := framework.NewSingleIngress(relativeRedirectsHostname, "/", relativeRedirectsHostname, f.Namespace, framework.HTTPBunService, 80, annotations) + f.EnsureIngress(ing) + + var serverConfig string + f.WaitForNginxServer(relativeRedirectsHostname, func(srvCfg string) bool { + serverConfig = srvCfg + return strings.Contains(serverConfig, fmt.Sprintf("server_name %s", relativeRedirectsHostname)) + }) + + ginkgo.By("turning off absolute_redirect directive") + assert.Contains(ginkgo.GinkgoT(), serverConfig, "absolute_redirect off;") + }) + + ginkgo.It("should respond with absolute URL in Location", func() { + absoluteRedirectURL := fmt.Sprintf("http://%s%s", relativeRedirectsHostname, relativeRedirectsRelativeRedirectURL) + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/permanent-redirect": relativeRedirectsRelativeRedirectURL, + "nginx.ingress.kubernetes.io/relative-redirects": "false", + } + + ginkgo.By("setup ingress") + ing := framework.NewSingleIngress(relativeRedirectsHostname, relativeRedirectsRedirectPath, relativeRedirectsHostname, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(relativeRedirectsHostname, func(srvCfg string) bool { + return strings.Contains(srvCfg, fmt.Sprintf("server_name %s", relativeRedirectsHostname)) + }) + + ginkgo.By("sending request to redirected URL path") + f.HTTPTestClient(). + GET(relativeRedirectsRedirectPath). + WithHeader("Host", relativeRedirectsHostname). + Expect(). + Status(http.StatusMovedPermanently). + Header("Location").Equal(absoluteRedirectURL) + }) + + ginkgo.It("should respond with relative URL in Location", func() { + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/permanent-redirect": relativeRedirectsRelativeRedirectURL, + "nginx.ingress.kubernetes.io/relative-redirects": "true", + } + + ginkgo.By("setup ingress") + ing := framework.NewSingleIngress(relativeRedirectsHostname, relativeRedirectsRedirectPath, relativeRedirectsHostname, f.Namespace, framework.EchoService, 80, annotations) + f.EnsureIngress(ing) + + f.WaitForNginxServer(relativeRedirectsHostname, func(srvCfg string) bool { + return strings.Contains(srvCfg, fmt.Sprintf("server_name %s", relativeRedirectsHostname)) + }) + + ginkgo.By("sending request to redirected URL path") + f.HTTPTestClient(). + GET(relativeRedirectsRedirectPath). + WithHeader("Host", relativeRedirectsHostname). + Expect(). + Status(http.StatusMovedPermanently). + Header("Location").Equal(relativeRedirectsRelativeRedirectURL) + }) +}) diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index b98b755d1..f213e2e98 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -47,7 +47,7 @@ const NIPService = "external-nip" var HTTPBunImage = os.Getenv("HTTPBUN_IMAGE") // EchoImage is the default image to be used by the echo service -const EchoImage = "registry.k8s.io/ingress-nginx/e2e-test-echo:v1.2.0@sha256:b2dd9bc9ab0e13795334b2921931ed3c77cc638ca45a95249f1291bf449a0d2a" //#nosec G101 +const EchoImage = "registry.k8s.io/ingress-nginx/e2e-test-echo:v1.1.1@sha256:a1e0152e2eeab26e3f6fd3986f3d82b17bc7711717cae5392dcd18dd447ba6ef" //#nosec G101 // TODO: change all Deployment functions to use these options // in order to reduce complexity and have a unified API across the @@ -158,7 +158,7 @@ func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready") } -// BuildNIPHost used to generate a nip host for DNS resolving +// BuildNipHost used to generate a nip host for DNS resolving func BuildNIPHost(ip string) string { return fmt.Sprintf("%s.nip.io", ip) } diff --git a/test/e2e/framework/fastcgi_helloserver.go b/test/e2e/framework/fastcgi_helloserver.go index 395067344..c414c4da3 100644 --- a/test/e2e/framework/fastcgi_helloserver.go +++ b/test/e2e/framework/fastcgi_helloserver.go @@ -59,7 +59,7 @@ func (f *Framework) NewNewFastCGIHelloServerDeploymentWithReplicas(replicas int3 Containers: []corev1.Container{ { Name: "fastcgi-helloserver", - Image: "registry.k8s.io/ingress-nginx/fastcgi-helloserver:v1.2.0@sha256:237c3f816ed38fd6b51303e7118cac759b8f8fbd97e477ebedf966c1c6100b6a", + Image: "registry.k8s.io/ingress-nginx/fastcgi-helloserver:v1.1.1@sha256:6af4d8c7745c6727aab759db616a58fd68d784d07ce7a32d1ad149c331fd9a6f", Env: []corev1.EnvVar{}, Ports: []corev1.ContainerPort{ { diff --git a/test/e2e/framework/grpc_fortune_teller.go b/test/e2e/framework/grpc_fortune_teller.go new file mode 100644 index 000000000..a7be46327 --- /dev/null +++ b/test/e2e/framework/grpc_fortune_teller.go @@ -0,0 +1,105 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +//nolint:dupl // Ignore dupl errors for similar test case +package framework + +import ( + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/fields" + "k8s.io/apimachinery/pkg/util/intstr" +) + +// NewGRPCFortuneTellerDeployment creates a new single replica +// deployment of the fortune teller image in a particular namespace +func (f *Framework) NewGRPCFortuneTellerDeployment() { + f.NewNewGRPCFortuneTellerDeploymentWithReplicas(1) +} + +// NewNewGRPCFortuneTellerDeploymentWithReplicas creates a new deployment of the +// fortune teller image in a particular namespace. Number of replicas is configurable +func (f *Framework) NewNewGRPCFortuneTellerDeploymentWithReplicas(replicas int32) { + deployment := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fortune-teller", + Namespace: f.Namespace, + }, + Spec: appsv1.DeploymentSpec{ + Replicas: NewInt32(replicas), + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app": "fortune-teller", + }, + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + "app": "fortune-teller", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: NewInt64(0), + Containers: []corev1.Container{ + { + Name: "fortune-teller", + Image: "quay.io/kubernetes-ingress-controller/grpc-fortune-teller:0.1", + Env: []corev1.EnvVar{}, + Ports: []corev1.ContainerPort{ + { + Name: "grpc", + ContainerPort: 50051, + }, + }, + }, + }, + }, + }, + }, + } + + d := f.EnsureDeployment(deployment) + + err := waitForPodsReady(f.KubeClientSet, DefaultTimeout, int(replicas), f.Namespace, &metav1.ListOptions{ + LabelSelector: fields.SelectorFromSet(fields.Set(d.Spec.Template.ObjectMeta.Labels)).String(), + }) + assert.Nil(ginkgo.GinkgoT(), err, "failed to wait for to become ready") + + service := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fortune-teller", + Namespace: f.Namespace, + }, + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "grpc", + Port: 50051, + TargetPort: intstr.FromInt(50051), + Protocol: "TCP", + }, + }, + Selector: map[string]string{ + "app": "fortune-teller", + }, + }, + } + + f.EnsureService(service) +} diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 883d2f6bb..7e3f2fe9b 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -62,7 +62,7 @@ export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/kind-config-$KIND_CLUSTER_NAME}" if [ "${SKIP_CLUSTER_CREATION:-false}" = "false" ]; then echo "[dev-env] creating Kubernetes cluster with kind" - export K8S_VERSION=${K8S_VERSION:-v1.33.1@sha256:050072256b9a903bd914c0b2866828150cb229cea0efe5892e2b644d5dd3b34f} + export K8S_VERSION=${K8S_VERSION:-v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027} kind create cluster \ --verbosity=${KIND_LOG_LEVEL} \ @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.23.4 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.22.2 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image @@ -114,5 +114,5 @@ docker run \ --workdir /workdir \ --entrypoint ct \ --rm \ - registry.k8s.io/ingress-nginx/e2e-test-runner:v1.4.0@sha256:ba366ecc1a67022d4f02193faf7af284fa7642e7a55f3eef1e52069c9fe306f0 \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441 \ install --charts charts/ingress-nginx diff --git a/test/e2e/run-e2e-suite.sh b/test/e2e/run-e2e-suite.sh index a50f6ea0b..909368e96 100755 --- a/test/e2e/run-e2e-suite.sh +++ b/test/e2e/run-e2e-suite.sh @@ -61,7 +61,7 @@ kubectl create clusterrolebinding permissive-binding \ --user=kubelet \ --serviceaccount=default:ingress-nginx-e2e || true -VER=$(kubectl version --client=false --output json | (jq ".serverVersion.minor | tonumber" || yq ".serverVersion.minor | tonumber")) +VER=$(kubectl version --client=false -o json |jq '.serverVersion.minor |tonumber') if [ $VER -lt 24 ]; then echo -e "${BGREEN}Waiting service account...${NC}"; \ until kubectl get secret | grep -q -e ^ingress-nginx-e2e-token; do \ diff --git a/test/e2e/run-kind-e2e.sh b/test/e2e/run-kind-e2e.sh index a1440660e..e41d31afd 100755 --- a/test/e2e/run-kind-e2e.sh +++ b/test/e2e/run-kind-e2e.sh @@ -63,7 +63,7 @@ echo "Running e2e with nginx base image ${NGINX_BASE_IMAGE}" if [ "${SKIP_CLUSTER_CREATION}" = "false" ]; then echo "[dev-env] creating Kubernetes cluster with kind" - export K8S_VERSION=${K8S_VERSION:-v1.33.1@sha256:050072256b9a903bd914c0b2866828150cb229cea0efe5892e2b644d5dd3b34f} + export K8S_VERSION=${K8S_VERSION:-v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027} # delete the cluster if it exists if kind get clusters | grep "${KIND_CLUSTER_NAME}"; then @@ -95,7 +95,7 @@ fi if [ "${SKIP_E2E_IMAGE_CREATION}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.23.4 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.22.2 fi echo "[dev-env] .. done building controller images" diff --git a/test/e2e/settings/ocsp/ocsp.go b/test/e2e/settings/ocsp/ocsp.go index 52917087f..b2d50292a 100644 --- a/test/e2e/settings/ocsp/ocsp.go +++ b/test/e2e/settings/ocsp/ocsp.go @@ -297,7 +297,7 @@ func ocspserveDeployment(namespace string) (*appsv1.Deployment, *corev1.Service) Containers: []corev1.Container{ { Name: name, - Image: "registry.k8s.io/ingress-nginx/cfssl:v1.2.0@sha256:cd3715cf6f32817b5beff83e45814586f6046aca751139bc0b1e4addde849bbb", + Image: "registry.k8s.io/ingress-nginx/cfssl:v1.1.1@sha256:bcd576c6d0a01d4710969195e804c02da62b71b5c35c6816df9b7584d5445437", Command: []string{ "/bin/bash", "-c",