diff --git a/.github/scripts/release-version-update.sh b/.github/scripts/release-version-update.sh index efddb21d85..177b11f0e4 100755 --- a/.github/scripts/release-version-update.sh +++ b/.github/scripts/release-version-update.sh @@ -55,6 +55,9 @@ echo "Updating versions: " echo "ic_version: ${current_ic_version} -> ${ic_version}" echo "helm_chart_version: ${current_helm_chart_version} -> ${helm_chart_version}" +regex_ic="s#$current_ic_version#$ic_version#g" +regex_helm="s#$current_helm_chart_version#$helm_chart_version#g" + mv "${HELM_CHART_PATH}/values.schema.json" "${TMPDIR}/" jq --arg version "${ic_version}" \ '.properties.controller.properties.image.properties.tag.default = $version | .properties.controller.properties.image.properties.tag.examples[0] = $version | .properties.controller.examples[0].image.tag = $version | .properties.controller.properties.image.examples[0].tag = $version | .examples[0].controller.image.tag = $version' \ @@ -74,8 +77,7 @@ for i in "${FILES_TO_UPDATE_IC_VERSION[@]}"; do fi file_name=$(basename "${i}") mv "${i}" "${TMPDIR}/${file_name}" - regex="s#$current_ic_version#$ic_version#g" - cat "${TMPDIR}/${file_name}" | sed -e "$regex" > "${i}" + cat "${TMPDIR}/${file_name}" | sed -e "$regex_ic" > "${i}" if [ $? -ne 0 ]; then echo "ERROR: failed processing ${i}" mv "${TMPDIR}/${file_name}" "${i}" @@ -90,8 +92,7 @@ for i in "${FILE_TO_UPDATE_HELM_CHART_VERSION[@]}"; do fi file_name=$(basename "${i}") mv "${i}" "${TMPDIR}/${file_name}" - regex="s#$current_ic_version#$ic_version#g" - cat "${TMPDIR}/${file_name}" | sed -e "$regex" > "${i}" + cat "${TMPDIR}/${file_name}" | sed -e "$regex_helm" > "${i}" if [ $? -ne 0 ]; then echo "ERROR: failed processing ${i}" mv "${TMPDIR}/${file_name}" "${i}" @@ -107,8 +108,7 @@ for i in ${docs_files}; do fi file_name=$(basename "${i}") mv "${i}" "${TMPDIR}/${file_name}" - regex="s#$current_ic_version#$ic_version#g" - cat "${TMPDIR}/${file_name}" | sed -e "$regex" > "${i}" + cat "${TMPDIR}/${file_name}" | sed -e "$regex_ic" | sed -e "$regex_helm" > "${i}" if [ $? -ne 0 ]; then echo "ERROR: failed processing ${i}" mv "${TMPDIR}/${file_name}" "${i}" diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index bbab64fc44..56cf2a512d 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -71,6 +71,23 @@ jobs: password: ${{ steps.auth.outputs.access_token }} if: github.event_name != 'pull_request' + - name: Authenticate to Google Cloud Marketplace + id: auth-mktpl + uses: google-github-actions/auth@67e9c72af6e0492df856527b474995862b7b6591 # v2.0.0 + with: + token_format: access_token + workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY_MKTPL }} + service_account: ${{ secrets.GCR_SERVICE_ACCOUNT_MKTPL }} + if: github.ref_type == 'tag' && ! contains(inputs.target, 'aws') + + - name: Login to GCR for Marketplace + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: gcr.io + username: oauth2accesstoken + password: ${{ steps.auth-mktpl.outputs.access_token }} + if: github.ref_type == 'tag' && ! contains(inputs.target, 'aws') + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 with: @@ -107,7 +124,8 @@ jobs: with: images: | name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}/nginx-plus-ingress - name=docker-mgmt.nginx.com/nginx-ic${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}/nginx-plus-ingress,enable=${{ github.ref_type != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }} + name=gcr.io/f5-7626-networks-public/nginxinc/nginx-plus-ingress${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }},enable=${{ github.ref_type == 'tag' && ! contains(inputs.target, 'aws') && ! contains(inputs.image, 'alpine') && ! contains(inputs.image, 'ubi') }} + name=docker-mgmt.nginx.com/nginx-ic${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}/nginx-plus-ingress,enable=${{ github.ref_type != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') && ! contains(inputs.target, 'aws') }} name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }},enable=${{ github.ref_type == 'tag' && contains(inputs.target, 'aws') }} flavor: | suffix=${{ contains(inputs.image, 'ubi') && '-ubi' || '' }}${{ contains(inputs.image, 'alpine') && '-alpine' || '' }}${{ contains(inputs.target, 'aws') && '-mktpl' || '' }}${{ contains(inputs.image, 'fips') && '-fips' || ''}},onlatest=true @@ -161,7 +179,7 @@ jobs: - name: AWS variables id: aws run: | - aws_registry=$(echo "${{ steps.meta.outputs.tags }}" | grep -oP "709825985650.dkr.ecr.us-east-1.amazonaws.com/[^[:space:]]+") + aws_registry=$(echo "${{ steps.meta.outputs.tags }}" | grep -oP "709825985650.dkr.ecr.us-east-1.amazonaws.com/[^[:space:]]+:${{ steps.meta.outputs.version }}") version=$(echo ${{ steps.meta.outputs.version }} | sed 's/-mktpl//') declare -A nap_mapping=( ["waf"]=_NAP_WAF diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 966febbc22..af0245f651 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -282,18 +282,17 @@ jobs: {\"image\": \"alpine\", \"marker\":\"'policies and not policies_rl and not policies_ac and not policies_jwt and not policies_mtls'\"}, \ {\"image\": \"alpine\", \"marker\":\"'policies_rl or policies_ac or policies_jwt or policies_mtls'\"}, \ {\"image\": \"debian\", \"marker\": \"'vs and not vs_ipv6 and not vs_rewrite and not vs_responses and not vs_grpc and not vs_redirects and not vs_externalname and not vs_externaldns and not vs_certmanager'\"}, \ - {\"image\": \"debian\", \"marker\": \"'vs_ipv6 or vs_rewrite or vs_responses or vs_grpc or vs_redirects or vs_externalname or vs_externaldns or vs_certmanager'\"}, \ - {\"image\": \"debian\", \"marker\": \"'vs_certmanager'\"}, \ + {\"image\": \"debian\", \"marker\": \"'vs_grpc or vs_redirects or vs_externalname or vs_externaldns'\"}, \ + {\"image\": \"debian\", \"marker\": \"'vs_responses or vs_ipv6 or vs_rewrite or vs_certmanager'\"}, \ {\"image\": \"ubi\", \"marker\": \"ts\"}, \ {\"image\": \"debian-plus\", \"marker\": \"'vs and not vs_ipv6 and not vs_rewrite and not vs_responses and not vs_grpc and not vs_redirects and not vs_externalname and not vs_externaldns and not vs_certmanager'\"}, \ - {\"image\": \"debian-plus\", \"marker\": \"'vs_ipv6 or vs_rewrite or vs_responses or vs_grpc or vs_redirects or vs_externalname or vs_externaldns or vs_certmanager'\"}, \ - {\"image\": \"debian-plus\", \"marker\": \"vs_certmanager\"}, \ + {\"image\": \"debian-plus\", \"marker\": \"'vs_grpc or vs_redirects or vs_externalname or vs_externaldns'\"}, \ + {\"image\": \"debian-plus\", \"marker\": \"'vs_responses or vs_ipv6 or vs_rewrite or vs_certmanager'\"}, \ {\"image\": \"debian-plus\", \"marker\": \"ts\"}, \ {\"image\": \"alpine-plus\", \"marker\":\"ingresses\"}, \ {\"image\": \"alpine-plus\", \"marker\": \"vsr\"}, \ - {\"image\": \"ubi-plus\", \"marker\":\"'policies and not policies_rl and not policies_ac and not policies_jwt and not policies_mtls'\"}, \ - {\"image\": \"ubi-plus\", \"marker\":\"'policies_rl or policies_ac or policies_jwt or policies_mtls'\"}, \ - {\"image\": \"debian-plus-nap\", \"marker\": \"appprotect_integration\"}, \ + {\"image\": \"ubi-plus\", \"marker\":\"'policies and not policies_ac and not policies_jwt and not policies_mtls'\"}, \ + {\"image\": \"ubi-plus\", \"marker\":\"'policies_ac or policies_jwt or policies_mtls'\"}, \ {\"image\": \"debian-plus-nap\", \"marker\": \"appprotect_waf_policies_allow\"}, \ {\"image\": \"debian-plus-nap\", \"marker\": \"'appprotect_waf_policies and not appprotect_waf_policies_allow'\"}, \ {\"image\": \"debian-plus-nap\", \"marker\": \"appprotect_waf_policies_grpc\"}, \ @@ -502,3 +501,24 @@ jobs: }, }) if: github.ref_type == 'tag' + + gcp-marketplace: + name: Trigger PR for GCP Marketplace + runs-on: ubuntu-22.04 + needs: [checks, publish-helm] + steps: + - name: + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + github-token: ${{ secrets.NGINX_PAT }} + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: 'kubernetes-ingress-gcp', + workflow_id: 'sync-chart.yml', + ref: 'main', + inputs: { + chart_version: '${{ needs.checks.outputs.chart_version }}' + }, + }) + if: github.ref_type == 'tag' diff --git a/build/Dockerfile b/build/Dockerfile index 1a7b0110b6..a4db7ba74a 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,7 +1,8 @@ # syntax=docker/dockerfile:1.6 ARG BUILD_OS=debian -ARG NGINX_PLUS_VERSION=R30 +ARG NGINX_PLUS_VERSION=R31 ARG DOWNLOAD_TAG=edge +ARG DEBIAN_FRONTEND=noninteractive ############################################# Base images containing libs for Opentracing and FIPS ############################################# @@ -15,9 +16,11 @@ FROM nginx:1.25.3-alpine AS alpine RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \ apk add --no-cache libcap libstdc++ \ + && apk upgrade --no-cache -U \ && cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \ - && ldconfig /usr/local/lib/ + && ldconfig /usr/local/lib/ \ + && apk cache clean ############################################# Base image for Debian ############################################# @@ -25,6 +28,7 @@ FROM nginx:1.25.3 AS debian RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \ apt-get update \ + && apt-get upgrade -y \ && apt-get install --no-install-recommends --no-install-suggests -y libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ && cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ @@ -47,6 +51,8 @@ LABEL name="NGINX Ingress Controller" \ io.openshift.tags="nginx,ingress-controller,ingress,controller,kubernetes,openshift" COPY --link --chown=101:0 LICENSE /licenses/ +RUN microdnf update -y \ + && microdnf clean all ############################################# NGINX files for NGINX Plus ############################################# @@ -69,9 +75,11 @@ ADD --link --chown=101:0 https://raw.githubusercontent.com/nginxinc/k8s-common/m ADD --link --chown=101:0 https://raw.githubusercontent.com/nginxinc/k8s-common/main/files/nap-waf-debian-11.repo nap-waf-11.sources ADD --link --chown=101:0 https://raw.githubusercontent.com/nginxinc/k8s-common/main/files/nap-dos-debian-11.repo nap-dos-11.sources -RUN --mount=from=busybox:musl,src=/bin/,dst=/bin/ printf "%s\n" "Acquire::https::pkgs.nginx.com::User-Agent \"k8s-ic-$IC_VERSION${BUILD_OS##debian-plus}-apt\";" >> 90pkgs-nginx \ +RUN --mount=from=busybox:musl,src=/bin/,dst=/bin/ printf "%s\n" "Acquire::https::pkgs.nginx.com::User-Agent k8s-ic-$IC_VERSION${BUILD_OS##debian-plus}-apt;" >> 90pkgs-nginx \ + && printf "%s\n" "user_agent=k8s-ic-$IC_VERSION${BUILD_OS##ubi*plus}-dnf" | tee -a nginx-plus-*.repo \ && sed -i -e "s;%VERSION%;${NGINX_PLUS_VERSION};g" *.sources \ - && sed -i -e "y/0/1/" -e "1,8s;/centos;/${NGINX_PLUS_VERSION}/centos;" *.repo + && sed -i -e "y/0/1/" -e "1,8s;/centos;/${NGINX_PLUS_VERSION}/centos;" *.repo \ + && echo HTTP_USER_AGENT="k8s-ic-$IC_VERSION${BUILD_OS##alpine-plus}-apk" > user_agent ############################################# Base image for Alpine with NGINX Plus ############################################# @@ -82,10 +90,14 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \ --mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \ --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \ --mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \ - printf "%s\n" "https://pkgs.nginx.com/plus/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \ + --mount=type=bind,from=nginx-files,src=user_agent,target=/tmp/user_agent \ + export $(cat /tmp/user_agent) \ + && printf "%s\n" "https://pkgs.nginx.com/plus/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \ + && apk upgrade --no-cache -U \ && apk add --no-cache nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check libcap libcurl \ && cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ - && ldconfig /usr/local/lib/ + && ldconfig /usr/local/lib/ \ + && apk cache clean ############################################# Base image for Alpine with NGINX Plus and FIPS ############################################# @@ -109,6 +121,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode --mount=type=bind,from=nginx-files,src=90pkgs-nginx,target=/etc/apt/apt.conf.d/90pkgs-nginx \ --mount=type=bind,from=nginx-files,src=debian-plus-12.sources,target=/etc/apt/sources.list.d/nginx-plus.sources \ apt-get update \ + && apt-get upgrade -y \ && apt-get install --no-install-recommends --no-install-suggests -y sq ca-certificates libcap2-bin libcurl4 \ && groupadd --system --gid 101 nginx \ && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ @@ -136,6 +149,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode --mount=type=bind,from=nginx-files,src=nap-dos-11.sources,target=/etc/apt/sources.list.d/app-protect-dos.sources \ ## the code below is duplicated from the debian-plus image because NAP doesn't support debian 12 apt-get update \ + && apt-get upgrade -y \ && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates sq \ && groupadd --system --gid 101 nginx \ && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ @@ -171,6 +185,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode --mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \ --mount=type=bind,from=nginx-files,src=nginx-plus-9.repo,target=/etc/yum.repos.d/nginx-plus.repo \ microdnf --nodocs install -y shadow-utils \ + && microdnf update -y \ && cat /etc/yum.repos.d/nginx-plus.repo \ && groupadd --system --gid 101 nginx \ && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ @@ -195,6 +210,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode source /tmp/rhel_license \ ## the code below is duplicated from the ubi-plus image because NAP doesn't support UBI 9 and minimal versions dnf --nodocs install -y shadow-utils ca-certificates \ + && dnf update -y \ && groupadd --system --gid 101 nginx \ && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && rpm --import /tmp/nginx_signing.key \ diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 40339c46e7..8bc440e1c5 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -79,7 +79,7 @@ func main() { appProtectVersion = getAppProtectVersionInfo() } - updateSelfWithVersionInfo(kubeClient, version, nginxVersion, appProtectVersion) + updateSelfWithVersionInfo(kubeClient, version, nginxVersion.String(), appProtectVersion) templateExecutor, templateExecutorV2 := createTemplateExecutors() @@ -118,6 +118,7 @@ func main() { EnableCertManager: *enableCertManager, DynamicSSLReload: *enableDynamicSSLReload, StaticSSLPath: nginxManager.GetSecretsDir(), + NginxVersion: nginxVersion, } processNginxConfig(staticCfgParams, cfgParams, templateExecutor, nginxManager) @@ -146,6 +147,7 @@ func main() { IsPrometheusEnabled: *enablePrometheusMetrics, IsLatencyMetricsEnabled: *enableLatencyMetrics, IsDynamicSSLReloadEnabled: *enableDynamicSSLReload, + NginxVersion: nginxVersion, }) controllerNamespace := os.Getenv("POD_NAMESPACE") @@ -400,17 +402,16 @@ func createNginxManager(managerCollector collectors.ManagerCollector) (nginx.Man return nginxManager, useFakeNginxManager } -func getNginxVersionInfo(nginxManager nginx.Manager) string { - nginxVersion := nginxManager.Version() - isPlus := strings.Contains(nginxVersion, "plus") - glog.Infof("Using %s", nginxVersion) +func getNginxVersionInfo(nginxManager nginx.Manager) nginx.Version { + nginxInfo := nginxManager.Version() + glog.Infof("Using %s", nginxInfo.String()) - if *nginxPlus && !isPlus { + if *nginxPlus && !nginxInfo.IsPlus { glog.Fatal("NGINX Plus flag enabled (-nginx-plus) without NGINX Plus binary") - } else if !*nginxPlus && isPlus { + } else if !*nginxPlus && nginxInfo.IsPlus { glog.Fatal("NGINX Plus binary found without NGINX Plus flag (-nginx-plus)") } - return nginxVersion + return nginxInfo } func getAppProtectVersionInfo() string { diff --git a/docs/content/technical-specifications.md b/docs/content/technical-specifications.md index 1f0abd9010..3af2e8ce50 100644 --- a/docs/content/technical-specifications.md +++ b/docs/content/technical-specifications.md @@ -60,7 +60,7 @@ _All images include NGINX 1.25.2._ ### Images with NGINX Plus -_NGINX Plus images include NGINX Plus R30._ +_NGINX Plus images include NGINX Plus R31._ #### **F5 Container registry** diff --git a/go.mod b/go.mod index 9c27497375..716f5ddaff 100644 --- a/go.mod +++ b/go.mod @@ -3,19 +3,19 @@ module github.com/nginxinc/kubernetes-ingress go 1.21.3 require ( - github.com/aws/aws-sdk-go-v2/config v1.26.1 - github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.19.5 + github.com/aws/aws-sdk-go-v2/config v1.26.3 + github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.19.6 github.com/cert-manager/cert-manager v1.13.3 github.com/dlclark/regexp2 v1.10.0 - github.com/go-chi/chi/v5 v5.0.10 + github.com/go-chi/chi/v5 v5.0.11 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/golang/glog v1.1.2 github.com/google/go-cmp v0.6.0 github.com/kr/pretty v0.3.1 github.com/nginxinc/nginx-plus-go-client v1.2.0 - github.com/nginxinc/nginx-prometheus-exporter v1.0.0 + github.com/nginxinc/nginx-prometheus-exporter v1.1.0 github.com/nginxinc/nginx-service-mesh v1.7.0 - github.com/prometheus/client_golang v1.17.0 + github.com/prometheus/client_golang v1.18.0 github.com/prometheus/common v0.45.0 github.com/spiffe/go-spiffe/v2 v2.1.6 github.com/stretchr/testify v1.8.4 @@ -31,17 +31,17 @@ require ( require ( github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/Microsoft/go-winio v0.6.0 // indirect - github.com/aws/aws-sdk-go-v2 v1.24.0 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.16.12 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect + github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.16.14 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect github.com/aws/smithy-go v1.19.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -88,8 +88,8 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect - github.com/prometheus/procfs v0.11.1 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect diff --git a/go.sum b/go.sum index 7b3e405035..a57064b92b 100644 --- a/go.sum +++ b/go.sum @@ -9,32 +9,32 @@ github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2y github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= -github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk= -github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= -github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o= -github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg= -github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU= -github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU= +github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= +github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= +github.com/aws/aws-sdk-go-v2/config v1.26.3 h1:dKuc2jdp10y13dEEvPqWxqLoc0vF3Z9FC45MvuQSxOA= +github.com/aws/aws-sdk-go-v2/config v1.26.3/go.mod h1:Bxgi+DeeswYofcYO0XyGClwlrq3DZEXli0kLf4hkGA0= +github.com/aws/aws-sdk-go-v2/credentials v1.16.14 h1:mMDTwwYO9A0/JbOCOG7EOZHtYM+o7OfGWfu0toa23VE= +github.com/aws/aws-sdk-go-v2/credentials v1.16.14/go.mod h1:cniAUh3ErQPHtCQGPT5ouvSAQ0od8caTO9OOuufZOAE= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw= github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM= github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.19.5 h1:Fp3Gcbp3lAJAxeFRVSxc6tWOUPSG8iSkJEiFl3eZZ3o= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.19.5/go.mod h1:XABJbVXMa0xnVqaGbhkfUeVV0GrPsc3Jqscu87IovXU= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.19.6 h1:JWy+uLKZQR/9a3gQ+jQa28FEJ/41Z0spdbbQodaXFeA= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.19.6/go.mod h1:T2NcfuIuXWcuwVwg3rBIW6h1cfzCdrzSn4Hs0KltND8= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 h1:dGrs+Q/WzhsiUKh82SfTVN66QzyulXuMDTV/G8ZxOac= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.6/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 h1:Yf2MIo9x+0tyv76GljxzqA3WtC5mw7NmazD2chwjxE4= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U= github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -80,8 +80,8 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A= github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk= -github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA= +github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU= @@ -189,8 +189,8 @@ github.com/nginxinc/glog v1.1.2 h1:zyoZXhCoYvNMJq4qMsKislUCGyJ4eU2gNl3Nt7cjESg= github.com/nginxinc/glog v1.1.2/go.mod h1:Q2FpGp/qFhJEVnuC88BVfbLDPmio9aHYUj4al6w0138= github.com/nginxinc/nginx-plus-go-client v1.2.0 h1:NVfRsHbMJ7lOhkqMG52uvODiDBhQZNp20c0tV2lU3wg= github.com/nginxinc/nginx-plus-go-client v1.2.0/go.mod h1:n8OFLzrJulJ2fur28Cwa1Qp5DZNS2VicLV+Adt30LQ4= -github.com/nginxinc/nginx-prometheus-exporter v1.0.0 h1:rw5q6j6FQe9EWzJy5HzRgRBJ2tSVyC9By6k9ZFQ7lD8= -github.com/nginxinc/nginx-prometheus-exporter v1.0.0/go.mod h1:SPohlKx0SiOuZYi04js53GWWb0HhD281AT8q4ApVMIE= +github.com/nginxinc/nginx-prometheus-exporter v1.1.0 h1:Uj+eWKGvUionZc8gWFDnrb3jpdkuZAlPKo4ck96cOmE= +github.com/nginxinc/nginx-prometheus-exporter v1.1.0/go.mod h1:A1Fy5uLQonVGmwLC5xNxBX+vPFgYzBOvPjNRs8msT0k= github.com/nginxinc/nginx-service-mesh v1.7.0 h1:oxKr+Jdbxkos10VTy5xF2UHCcmfIhqWNlsOK/zPnZDM= github.com/nginxinc/nginx-service-mesh v1.7.0/go.mod h1:8tREM3kSEUGyk8JT8hdCf/9ol2kEo7hLR8b+m5Yd8Fs= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= @@ -208,14 +208,14 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= -github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= -github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM= -github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= -github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= -github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= @@ -334,8 +334,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= -golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/internal/configs/config_params.go b/internal/configs/config_params.go index f76a944663..908463024e 100644 --- a/internal/configs/config_params.go +++ b/internal/configs/config_params.go @@ -1,6 +1,9 @@ package configs -import conf_v1 "github.com/nginxinc/kubernetes-ingress/pkg/apis/configuration/v1" +import ( + "github.com/nginxinc/kubernetes-ingress/internal/nginx" + conf_v1 "github.com/nginxinc/kubernetes-ingress/pkg/apis/configuration/v1" +) // ConfigParams holds NGINX configuration parameters that affect the main NGINX config // as well as configs for Ingress resources. @@ -136,6 +139,7 @@ type StaticConfigParams struct { EnableCertManager bool DynamicSSLReload bool StaticSSLPath string + NginxVersion nginx.Version } // GlobalConfigParams holds global configuration parameters. For now, it only holds listeners. diff --git a/internal/configs/configmaps.go b/internal/configs/configmaps.go index 0b653408f9..fbcd63b68d 100644 --- a/internal/configs/configmaps.go +++ b/internal/configs/configmaps.go @@ -581,6 +581,7 @@ func GenerateNginxMainConfig(staticCfgParams *StaticConfigParams, config *Config OIDC: staticCfgParams.EnableOIDC, DynamicSSLReloadEnabled: staticCfgParams.DynamicSSLReload, StaticSSLPath: staticCfgParams.StaticSSLPath, + NginxVersion: staticCfgParams.NginxVersion, } return nginxCfg } diff --git a/internal/configs/configurator.go b/internal/configs/configurator.go index 4d03c03be9..8574589ae4 100644 --- a/internal/configs/configurator.go +++ b/internal/configs/configurator.go @@ -145,6 +145,7 @@ type ConfiguratorParams struct { IsWildcardEnabled bool IsLatencyMetricsEnabled bool IsDynamicSSLReloadEnabled bool + NginxVersion nginx.Version } // NewConfigurator creates a new Configurator. diff --git a/internal/configs/configurator_test.go b/internal/configs/configurator_test.go index a20240f438..6a9720494c 100644 --- a/internal/configs/configurator_test.go +++ b/internal/configs/configurator_test.go @@ -25,6 +25,7 @@ func createTestStaticConfigParams() *StaticConfigParams { NginxStatusAllowCIDRs: []string{"127.0.0.1"}, NginxStatusPort: 8080, StubStatusOverUnixSocketForOSS: false, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), } } @@ -53,6 +54,7 @@ func createTestConfigurator(t *testing.T) *Configurator { IsWildcardEnabled: false, IsPrometheusEnabled: false, IsLatencyMetricsEnabled: false, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), }) cnf.isReloadsEnabled = true return cnf diff --git a/internal/configs/version1/config.go b/internal/configs/version1/config.go index e1569a7bdb..888c19b336 100644 --- a/internal/configs/version1/config.go +++ b/internal/configs/version1/config.go @@ -1,5 +1,7 @@ package version1 +import "github.com/nginxinc/kubernetes-ingress/internal/nginx" + // UpstreamLabels describes the Prometheus labels for an NGINX upstream. type UpstreamLabels struct { Service string @@ -234,6 +236,7 @@ type MainConfig struct { OIDC bool DynamicSSLReloadEnabled bool StaticSSLPath string + NginxVersion nginx.Version } // NewUpstreamWithDefaultServer creates an upstream with the default server. diff --git a/internal/configs/version1/nginx-plus.tmpl b/internal/configs/version1/nginx-plus.tmpl index cb7cbd8706..0dbef3471f 100644 --- a/internal/configs/version1/nginx-plus.tmpl +++ b/internal/configs/version1/nginx-plus.tmpl @@ -346,3 +346,9 @@ stream { include /etc/nginx/stream-conf.d/*.conf; } + +{{- if (.NginxVersion.PlusGreaterThanOrEqualTo "nginx-plus-r31") }} +mgmt { + usage_report interval=0s; +} +{{- end}} diff --git a/internal/configs/version1/template_test.go b/internal/configs/version1/template_test.go index 395dcd77a8..9172863df2 100644 --- a/internal/configs/version1/template_test.go +++ b/internal/configs/version1/template_test.go @@ -5,6 +5,8 @@ import ( "strings" "testing" "text/template" + + "github.com/nginxinc/kubernetes-ingress/internal/nginx" ) func TestExecuteMainTemplateForNGINXPlus(t *testing.T) { @@ -20,6 +22,19 @@ func TestExecuteMainTemplateForNGINXPlus(t *testing.T) { t.Log(buf.String()) } +func TestExecuteMainTemplateForNGINXPlusR31(t *testing.T) { + t.Parallel() + + tmpl := newNGINXPlusMainTmpl(t) + buf := &bytes.Buffer{} + + err := tmpl.Execute(buf, mainCfgR31) + if err != nil { + t.Error(err) + } + t.Log(buf.String()) +} + func TestExecuteMainTemplateForNGINX(t *testing.T) { t.Parallel() @@ -1291,6 +1306,33 @@ var ( KeepaliveRequests: 100, VariablesHashBucketSize: 256, VariablesHashMaxSize: 1024, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), + } + + mainCfgR31 = MainConfig{ + DefaultHTTPListenerPort: 80, + DefaultHTTPSListenerPort: 443, + ServerNamesHashMaxSize: "512", + ServerTokens: "off", + WorkerProcesses: "auto", + WorkerCPUAffinity: "auto", + WorkerShutdownTimeout: "1m", + WorkerConnections: "1024", + WorkerRlimitNofile: "65536", + LogFormat: []string{"$remote_addr", "$remote_user"}, + LogFormatEscaping: "default", + StreamSnippets: []string{"# comment"}, + StreamLogFormat: []string{"$remote_addr", "$remote_user"}, + StreamLogFormatEscaping: "none", + ResolverAddresses: []string{"example.com", "127.0.0.1"}, + ResolverIPV6: false, + ResolverValid: "10s", + ResolverTimeout: "15s", + KeepaliveTimeout: "65s", + KeepaliveRequests: 100, + VariablesHashBucketSize: 256, + VariablesHashMaxSize: 1024, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), } mainCfgHTTP2On = MainConfig{ @@ -1317,6 +1359,7 @@ var ( KeepaliveRequests: 100, VariablesHashBucketSize: 256, VariablesHashMaxSize: 1024, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), } mainCfgCustomTLSPassthroughPort = MainConfig{ @@ -1342,6 +1385,7 @@ var ( VariablesHashMaxSize: 1024, TLSPassthrough: true, TLSPassthroughPort: 8443, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), } mainCfgWithoutTLSPassthrough = MainConfig{ @@ -1367,6 +1411,7 @@ var ( VariablesHashMaxSize: 1024, TLSPassthrough: false, TLSPassthroughPort: 8443, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), } mainCfgDefaultTLSPassthroughPort = MainConfig{ @@ -1392,6 +1437,7 @@ var ( VariablesHashMaxSize: 1024, TLSPassthrough: true, TLSPassthroughPort: 443, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), } mainCfgCustomDefaultHTTPAndHTTPSListenerPorts = MainConfig{ @@ -1417,6 +1463,7 @@ var ( KeepaliveRequests: 100, VariablesHashBucketSize: 256, VariablesHashMaxSize: 1024, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), } mainCfgCustomDefaultHTTPListenerPort = MainConfig{ @@ -1442,6 +1489,7 @@ var ( KeepaliveRequests: 100, VariablesHashBucketSize: 256, VariablesHashMaxSize: 1024, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), } mainCfgCustomDefaultHTTPSListenerPort = MainConfig{ @@ -1467,6 +1515,7 @@ var ( KeepaliveRequests: 100, VariablesHashBucketSize: 256, VariablesHashMaxSize: 1024, + NginxVersion: nginx.NewVersion("nginx version: nginx/1.25.3 (nginx-plus-r31)"), } // Vars for Mergable Ingress Master - Minion tests diff --git a/internal/nginx/fake_manager.go b/internal/nginx/fake_manager.go index 5533fb9180..1e42c51ed8 100644 --- a/internal/nginx/fake_manager.go +++ b/internal/nginx/fake_manager.go @@ -101,9 +101,9 @@ func (fm *FakeManager) CreateDHParam(_ string) (string, error) { } // Version provides a fake implementation of Version. -func (*FakeManager) Version() string { +func (*FakeManager) Version() Version { glog.V(3).Info("Printing nginx version") - return "fake version plus" + return Version{} } // Start provides a fake implementation of Start. diff --git a/internal/nginx/manager.go b/internal/nginx/manager.go index b4ac67d110..7c5af351fc 100644 --- a/internal/nginx/manager.go +++ b/internal/nginx/manager.go @@ -8,6 +8,7 @@ import ( "os/exec" "path" "path/filepath" + "regexp" "strconv" "strings" "time" @@ -46,6 +47,19 @@ const ( appProtectDosAgentStartDebugCmd = "/usr/bin/admd -d --standalone --log debug" ) +var ( + re = regexp.MustCompile(`(?P\S+)/(?P\S+)`) + plusre = regexp.MustCompile(`(?P\S+)/(?P\S+).\((?P\S+plus\S+)\)`) +) + +// Version holds the parsed output from `nginx -v` +type Version struct { + raw string + OSS string + IsPlus bool + Plus string +} + // ServerConfig holds the config data for an upstream server in NGINX Plus. type ServerConfig struct { MaxFails int @@ -72,7 +86,7 @@ type Manager interface { CreateDHParam(content string) (string, error) CreateOpenTracingTracerConfig(content string) error Start(done chan error) - Version() string + Version() Version Reload(isEndpointsUpdate bool) error Quit() UpdateConfigVersionFile(openTracing bool) @@ -334,13 +348,13 @@ func (lm *LocalManager) Quit() { } // Version returns NGINX version -func (lm *LocalManager) Version() string { +func (lm *LocalManager) Version() Version { binaryFilename := getBinaryFileName(lm.debug) out, err := exec.Command(binaryFilename, "-v").CombinedOutput() if err != nil { glog.Fatalf("Failed to get nginx version: %v", err) } - return string(out) + return NewVersion(string(out)) } // UpdateConfigVersionFile writes the config version file. @@ -432,6 +446,83 @@ func (lm *LocalManager) CreateOpenTracingTracerConfig(content string) error { return nil } +// Return the raw Nginx version string from `nginx -v` +func (v *Version) String() string { + return v.raw +} + +// PlusGreaterThanOrEqualTo compares the supplied nginx-plus version string with the Version{} struct +func (v Version) PlusGreaterThanOrEqualTo(target string) (bool, error) { + r, p, err := extractPlusVersionValues(v.String()) + if err != nil { + return false, err + } + tr, tp, err := extractPlusVersionValues(target) + if err != nil { + return false, err + } + + return (r > tr || (r == tr && p >= tp)), nil +} + +// NewVersion will take the output from `nginx -v` and explodes it into the `nginx.Version` struct +func NewVersion(line string) Version { + matches := re.FindStringSubmatch(line) + plusmatches := plusre.FindStringSubmatch(line) + nv := Version{ + raw: line, + } + + if len(plusmatches) > 0 { + subNames := plusre.SubexpNames() + nv.IsPlus = true + for i, v := range plusmatches { + switch subNames[i] { + case "plus": + nv.Plus = v + case "version": + nv.OSS = v + } + } + } + + if len(matches) > 0 { + for i, key := range re.SubexpNames() { + val := matches[i] + if key == "version" { + nv.OSS = val + } + } + } + + return nv +} + +// extractPlusVersionValues +func extractPlusVersionValues(input string) (int, int, error) { + var rValue, pValue int + re := regexp.MustCompile(`-r(\d+)(?:-p(\d+))?`) + matches := re.FindStringSubmatch(input) + + if len(matches) < 2 { + return 0, 0, fmt.Errorf("no matches found in the input string") + } + + rValue, err := strconv.Atoi(matches[1]) + if err != nil { + return 0, 0, fmt.Errorf("failed to convert rValue to integer: %w", err) + } + + if len(matches) > 2 && len(matches[2]) > 0 { + pValue, err = strconv.Atoi(matches[2]) + if err != nil { + return 0, 0, fmt.Errorf("failed to convert pValue to integer: %w", err) + } + } + + return rValue, pValue, nil +} + // verifyConfigVersion is used to check if the worker process that the API client is connected // to is using the latest version of nginx config. This way we avoid making changes on // a worker processes that is being shut down. diff --git a/internal/nginx/manager_test.go b/internal/nginx/manager_test.go new file mode 100644 index 0000000000..948326b8ae --- /dev/null +++ b/internal/nginx/manager_test.go @@ -0,0 +1,94 @@ +package nginx + +import ( + "testing" +) + +func TestNginxVersionParsing(t *testing.T) { + t.Parallel() + type testCase struct { + input string + expected Version + } + testCases := []testCase{ + { + input: "nginx version: nginx/1.25.1 (nginx-plus-r30-p1)", + expected: Version{ + raw: "nginx version: nginx/1.25.1 (nginx-plus-r30-p1)", + OSS: "1.25.1", + IsPlus: true, + Plus: "nginx-plus-r30-p1", + }, + }, + { + input: "nginx version: nginx/1.25.3 (nginx-plus-r31)", + expected: Version{ + raw: "nginx version: nginx/1.25.3 (nginx-plus-r31)", + OSS: "1.25.3", + IsPlus: true, + Plus: "nginx-plus-r31", + }, + }, + { + input: "nginx version: nginx/1.25.0", + expected: Version{ + raw: "nginx version: nginx/1.25.0", + OSS: "1.25.0", + IsPlus: false, + Plus: "", + }, + }, + } + for _, tc := range testCases { + t.Run(tc.input, func(t *testing.T) { + actual := NewVersion(tc.input) + if actual != tc.expected { + t.Errorf("expected %v but got %v", tc.expected, actual) + } + }) + } +} + +func TestNginxVersionPlusGreaterThanOrEqualTo(t *testing.T) { + t.Parallel() + type testCase struct { + version Version + input string + expected bool + } + testCases := []testCase{ + { + version: NewVersion("nginx version: nginx/1.25.1 (nginx-plus-r30-p1)"), + input: "nginx-plus-r30-p1", + expected: true, + }, + { + version: NewVersion("nginx version: nginx/1.25.1 (nginx-plus-r30)"), + input: "nginx-plus-r30", + expected: true, + }, + { + version: NewVersion("nginx version: nginx/1.25.1 (nginx-plus-r30-p1)"), + input: "nginx-plus-r30", + expected: true, + }, + { + version: NewVersion("nginx version: nginx/1.25.1 (nginx-plus-r30)"), + input: "nginx-plus-r30-p1", + expected: false, + }, + { + version: NewVersion("nginx version: nginx/1.25.1"), + input: "nginx-plus-r30-p1", + expected: false, + }, + } + for _, tc := range testCases { + t.Run(tc.input, func(t *testing.T) { + actual, _ := tc.version.PlusGreaterThanOrEqualTo(tc.input) + if actual != tc.expected { + t.Errorf("expected %v but got %v", tc.expected, actual) + } + }) + } +} diff --git a/tests/suite/test_virtual_server_backup_service.py b/tests/suite/test_virtual_server_backup_service.py index 776fd62d9c..7bfc5dfad4 100644 --- a/tests/suite/test_virtual_server_backup_service.py +++ b/tests/suite/test_virtual_server_backup_service.py @@ -107,6 +107,7 @@ def fin(): @pytest.mark.vs @pytest.mark.skip_for_nginx_oss @pytest.mark.backup_service +@pytest.mark.skip @pytest.mark.parametrize( "crd_ingress_controller, virtual_server_setup", [