Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update helm release ingress-nginx to v4.8.4 #638

Merged
merged 1 commit into from
Dec 2, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 2, 2023

Mend Renovate logo banner

This PR contains the following updates:

Package Update Change
ingress-nginx patch 4.8.3 -> 4.8.4

Release Notes

kubernetes/ingress-nginx (ingress-nginx)

v4.8.4

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Copy link

github-actions bot commented Dec 2, 2023

--- . HelmRelease: ingress/ingress-nginx NetworkPolicy: ingress/ingress-nginx-admission

+++ . HelmRelease: ingress/ingress-nginx NetworkPolicy: ingress/ingress-nginx-admission

@@ -1,27 +0,0 @@

----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-nginx-admission
-  namespace: ingress
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/instance: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: admission-webhook
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: ingress-nginx
-      app.kubernetes.io/instance: ingress-nginx
-      app.kubernetes.io/component: admission-webhook
-  policyTypes:
-  - Ingress
-  - Egress
-  egress:
-  - {}
-
--- . HelmRelease: ingress/ingress-nginx ValidatingWebhookConfiguration: ingress/ingress-nginx-admission

+++ . HelmRelease: ingress/ingress-nginx ValidatingWebhookConfiguration: ingress/ingress-nginx-admission

@@ -25,10 +25,10 @@

   failurePolicy: Fail
   sideEffects: None
   admissionReviewVersions:
   - v1
   clientConfig:
     service:
+      name: ingress-nginx-controller-admission
       namespace: ingress
-      name: ingress-nginx-controller-admission
       path: /networking/v1/ingresses
 
--- . HelmRelease: ingress/ingress-nginx Deployment: ingress/ingress-nginx-controller

+++ . HelmRelease: ingress/ingress-nginx Deployment: ingress/ingress-nginx-controller

@@ -46,19 +46,23 @@

         - --ingress-class=nginx
         - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
         securityContext:
+          runAsNonRoot: true
+          runAsUser: 101
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             drop:
             - ALL
             add:
             - NET_BIND_SERVICE
-          runAsUser: 101
-          allowPrivilegeEscalation: true
+          readOnlyRootFilesystem: false
         env:
         - name: POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
         - name: POD_NAMESPACE
--- . HelmRelease: ingress/ingress-nginx Job: ingress/ingress-nginx-admission-create

+++ . HelmRelease: ingress/ingress-nginx Job: ingress/ingress-nginx-admission-create

@@ -37,15 +37,19 @@

         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65532
+          seccompProfile:
+            type: RuntimeDefault
       restartPolicy: OnFailure
       serviceAccountName: ingress-nginx-admission
       nodeSelector:
         kubernetes.io/os: linux
-      securityContext:
-        fsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
 
--- . HelmRelease: ingress/ingress-nginx Job: ingress/ingress-nginx-admission-patch

+++ . HelmRelease: ingress/ingress-nginx Job: ingress/ingress-nginx-admission-patch

@@ -39,15 +39,19 @@

         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65532
+          seccompProfile:
+            type: RuntimeDefault
       restartPolicy: OnFailure
       serviceAccountName: ingress-nginx-admission
       nodeSelector:
         kubernetes.io/os: linux
-      securityContext:
-        fsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
 
--- . HelmRelease: ingress/ingress-nginx-internal Job: ingress/ingress-nginx-internal-admission-patch

+++ . HelmRelease: ingress/ingress-nginx-internal Job: ingress/ingress-nginx-internal-admission-patch

@@ -39,15 +39,19 @@

         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65532
+          seccompProfile:
+            type: RuntimeDefault
       restartPolicy: OnFailure
       serviceAccountName: ingress-nginx-internal-admission
       nodeSelector:
         kubernetes.io/os: linux
-      securityContext:
-        fsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
 
--- . HelmRelease: ingress/ingress-nginx-internal NetworkPolicy: ingress/ingress-nginx-internal-admission

+++ . HelmRelease: ingress/ingress-nginx-internal NetworkPolicy: ingress/ingress-nginx-internal-admission

@@ -1,27 +0,0 @@

----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-nginx-internal-admission
-  namespace: ingress
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/instance: ingress-nginx-internal
-    app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: admission-webhook
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: ingress-nginx
-      app.kubernetes.io/instance: ingress-nginx-internal
-      app.kubernetes.io/component: admission-webhook
-  policyTypes:
-  - Ingress
-  - Egress
-  egress:
-  - {}
-
--- . HelmRelease: ingress/ingress-nginx-internal ValidatingWebhookConfiguration: ingress/ingress-nginx-internal-admission

+++ . HelmRelease: ingress/ingress-nginx-internal ValidatingWebhookConfiguration: ingress/ingress-nginx-internal-admission

@@ -25,10 +25,10 @@

   failurePolicy: Fail
   sideEffects: None
   admissionReviewVersions:
   - v1
   clientConfig:
     service:
+      name: ingress-nginx-internal-controller-admission
       namespace: ingress
-      name: ingress-nginx-internal-controller-admission
       path: /networking/v1/ingresses
 
--- . HelmRelease: ingress/ingress-nginx-internal Job: ingress/ingress-nginx-internal-admission-create

+++ . HelmRelease: ingress/ingress-nginx-internal Job: ingress/ingress-nginx-internal-admission-create

@@ -37,15 +37,19 @@

         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65532
+          seccompProfile:
+            type: RuntimeDefault
       restartPolicy: OnFailure
       serviceAccountName: ingress-nginx-internal-admission
       nodeSelector:
         kubernetes.io/os: linux
-      securityContext:
-        fsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
 
--- . HelmRelease: ingress/ingress-nginx-internal Deployment: ingress/ingress-nginx-internal-controller

+++ . HelmRelease: ingress/ingress-nginx-internal Deployment: ingress/ingress-nginx-internal-controller

@@ -46,19 +46,23 @@

         - --ingress-class=nginx-internal
         - --configmap=$(POD_NAMESPACE)/ingress-nginx-internal-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
         securityContext:
+          runAsNonRoot: true
+          runAsUser: 101
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             drop:
             - ALL
             add:
             - NET_BIND_SERVICE
-          runAsUser: 101
-          allowPrivilegeEscalation: true
+          readOnlyRootFilesystem: false
         env:
         - name: POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
         - name: POD_NAMESPACE

Copy link

github-actions bot commented Dec 2, 2023

--- . Kustomization: flux-system/flux-system HelmRelease: ingress/ingress-nginx

+++ . Kustomization: flux-system/flux-system HelmRelease: ingress/ingress-nginx

@@ -6,13 +6,13 @@

   namespace: ingress
 spec:
   interval: 1h
   chart:
     spec:
       chart: ingress-nginx
-      version: 4.8.3
+      version: 4.8.4
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx
         namespace: ingress
       interval: 1h
   values:
--- . Kustomization: flux-system/flux-system HelmRelease: ingress/ingress-nginx-internal

+++ . Kustomization: flux-system/flux-system HelmRelease: ingress/ingress-nginx-internal

@@ -6,13 +6,13 @@

   namespace: ingress
 spec:
   interval: 1h
   chart:
     spec:
       chart: ingress-nginx
-      version: 4.8.3
+      version: 4.8.4
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx
         namespace: ingress
       interval: 1h
   values:

@bo0tzz bo0tzz merged commit 3ee4479 into main Dec 2, 2023
2 checks passed
@renovate renovate bot deleted the renovate/ingress-nginx-4.x branch December 2, 2023 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant