From c9e67ea9d4852fb3ced49fe8f14c0423ac440c28 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Tue, 20 Aug 2024 09:56:57 -0700 Subject: [PATCH 01/81] Auto-generate annotation docs (#11831) Co-authored-by: Ricardo Katz --- .github/workflows/ci.yaml | 23 +++ Makefile | 3 + cmd/annotations/annotations.tmpl | 7 + cmd/annotations/main.go | 91 +++++++++++ .../nginx-configuration/annotations-risk.md | 142 ++++++++++++++++++ hack/update-annotation-doc.sh | 23 +++ hack/verify-annotation-docs.sh | 46 ++++++ internal/ingress/annotations/annotations.go | 109 +++++++------- internal/ingress/annotations/parser/main.go | 15 ++ mkdocs.yml | 1 + 10 files changed, 407 insertions(+), 53 deletions(-) create mode 100644 cmd/annotations/annotations.tmpl create mode 100644 cmd/annotations/main.go create mode 100755 docs/user-guide/nginx-configuration/annotations-risk.md create mode 100755 hack/update-annotation-doc.sh create mode 100755 hack/verify-annotation-docs.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f3af49d37d..49b39a7a3b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -69,6 +69,8 @@ jobs: baseimage: - 'NGINX_BASE' - 'images/nginx-1.25/**' + docs: + - '**/*.md' test-go: runs-on: ubuntu-latest @@ -92,6 +94,27 @@ jobs: - name: Run test run: make test + + verify-docs: + name: Verify Doc generation + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Get go version + run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV + - name: Set up Go + id: go + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + with: + go-version: ${{ env.GOLANG_VERSION }} + check-latest: true + - name: Verify Docs + run: make verify-docs + build: name: Build runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index a99e1540c7..1c35c12b23 100644 --- a/Makefile +++ b/Makefile @@ -124,6 +124,9 @@ build: ## Build ingress controller, debug tool and pre-stop hook. clean: ## Remove .gocache directory. rm -rf bin/ .gocache/ .cache/ +.PHONY: verify-docs +verify-docs: ## Verify doc generation + hack/verify-annotation-docs.sh .PHONY: static-check static-check: ## Run verification script for boilerplate, codegen, gofmt, golint, lualint and chart-lint. diff --git a/cmd/annotations/annotations.tmpl b/cmd/annotations/annotations.tmpl new file mode 100644 index 0000000000..91dd21de8b --- /dev/null +++ b/cmd/annotations/annotations.tmpl @@ -0,0 +1,7 @@ +# Annotations Scope and Risk + +|Group |Annotation | Risk | Scope | +|--------|------------------|------|-------| +{{- range $doc := . }} +| {{ $doc.Group }} | {{ $doc.Annotation }} | {{ $doc.Risk }} | {{ $doc.Scope }} | +{{- end }} diff --git a/cmd/annotations/main.go b/cmd/annotations/main.go new file mode 100644 index 0000000000..78f26099ca --- /dev/null +++ b/cmd/annotations/main.go @@ -0,0 +1,91 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "bytes" + "embed" + "flag" + "fmt" + "os" + "slices" + "strings" + "text/template" + + anns "k8s.io/ingress-nginx/internal/ingress/annotations" +) + +type Documentation struct { + Group string + Annotation string + Risk string + Scope string +} + +var output string + +//go:embed annotations.tmpl +var content embed.FS + +func main() { + flag.StringVar(&output, "output", "", "where to write documentation") + flag.Parse() + if output == "" { + panic(fmt.Errorf("output field is required")) + } + docEntries := make([]Documentation, 0) + annotationFactory := anns.NewAnnotationFactory(nil) + for group, val := range annotationFactory { + annotations := val.GetDocumentation() + intermediateDocs := make([]Documentation, len(annotations)) + i := 0 + for annotation, values := range annotations { + doc := Documentation{ + Group: group, + Annotation: annotation, + Scope: string(values.Scope), + Risk: values.Risk.ToString(), + } + intermediateDocs[i] = doc + i++ + } + slices.SortStableFunc(intermediateDocs, func(a, b Documentation) int { + return strings.Compare(a.Annotation, b.Annotation) + }) + docEntries = append(docEntries, intermediateDocs...) + } + slices.SortStableFunc(docEntries, func(a, b Documentation) int { + return strings.Compare(a.Group, b.Group) + }) + + tmpl, err := template.New("annotations.tmpl").ParseFS(content, "annotations.tmpl") + if err != nil { + panic(fmt.Errorf("error parsing template: %s", err)) + } + + tplBuffer := new(bytes.Buffer) + err = tmpl.Execute(tplBuffer, docEntries) + if err != nil { + panic(err) + } + tplBuffer.WriteString("\n") + + //nolint:gosec // no need to check file permission here + if err := os.WriteFile(output, tplBuffer.Bytes(), 0o755); err != nil { + panic(err) + } +} diff --git a/docs/user-guide/nginx-configuration/annotations-risk.md b/docs/user-guide/nginx-configuration/annotations-risk.md new file mode 100755 index 0000000000..b538601742 --- /dev/null +++ b/docs/user-guide/nginx-configuration/annotations-risk.md @@ -0,0 +1,142 @@ +# Annotations Scope and Risk + +|Group |Annotation | Risk | Scope | +|--------|------------------|------|-------| +| Aliases | server-alias | High | ingress | +| Allowlist | allowlist-source-range | Medium | location | +| BackendProtocol | backend-protocol | Low | location | +| BasicDigestAuth | auth-realm | Medium | location | +| BasicDigestAuth | auth-secret | Medium | location | +| BasicDigestAuth | auth-secret-type | Low | location | +| BasicDigestAuth | auth-type | Low | location | +| Canary | canary | Low | ingress | +| Canary | canary-by-cookie | Medium | ingress | +| Canary | canary-by-header | Medium | ingress | +| Canary | canary-by-header-pattern | Medium | ingress | +| Canary | canary-by-header-value | Medium | ingress | +| Canary | canary-weight | Low | ingress | +| Canary | canary-weight-total | Low | ingress | +| CertificateAuth | auth-tls-error-page | High | location | +| CertificateAuth | auth-tls-match-cn | High | location | +| CertificateAuth | auth-tls-pass-certificate-to-upstream | Low | location | +| CertificateAuth | auth-tls-secret | Medium | location | +| CertificateAuth | auth-tls-verify-client | Medium | location | +| CertificateAuth | auth-tls-verify-depth | Low | location | +| ClientBodyBufferSize | client-body-buffer-size | Low | location | +| ConfigurationSnippet | configuration-snippet | Critical | location | +| Connection | connection-proxy-header | Low | location | +| CorsConfig | cors-allow-credentials | Low | ingress | +| CorsConfig | cors-allow-headers | Medium | ingress | +| CorsConfig | cors-allow-methods | Medium | ingress | +| CorsConfig | cors-allow-origin | Medium | ingress | +| CorsConfig | cors-expose-headers | Medium | ingress | +| CorsConfig | cors-max-age | Low | ingress | +| CorsConfig | enable-cors | Low | ingress | +| CustomHTTPErrors | custom-http-errors | Low | location | +| CustomHeaders | custom-headers | Medium | location | +| DefaultBackend | default-backend | Low | location | +| Denylist | denylist-source-range | Medium | location | +| DisableProxyInterceptErrors | disable-proxy-intercept-errors | Low | location | +| EnableGlobalAuth | enable-global-auth | Low | location | +| ExternalAuth | auth-always-set-cookie | Low | location | +| ExternalAuth | auth-cache-duration | Medium | location | +| ExternalAuth | auth-cache-key | Medium | location | +| ExternalAuth | auth-keepalive | Low | location | +| ExternalAuth | auth-keepalive-requests | Low | location | +| ExternalAuth | auth-keepalive-share-vars | Low | location | +| ExternalAuth | auth-keepalive-timeout | Low | location | +| ExternalAuth | auth-method | Low | location | +| ExternalAuth | auth-proxy-set-headers | Medium | location | +| ExternalAuth | auth-request-redirect | Medium | location | +| ExternalAuth | auth-response-headers | Medium | location | +| ExternalAuth | auth-signin | High | location | +| ExternalAuth | auth-signin-redirect-param | Medium | location | +| ExternalAuth | auth-snippet | Critical | location | +| ExternalAuth | auth-url | High | location | +| FastCGI | fastcgi-index | Medium | location | +| FastCGI | fastcgi-params-configmap | Medium | location | +| GlobalRateLimit | global-rate-limit | Low | ingress | +| GlobalRateLimit | global-rate-limit-ignored-cidrs | Medium | ingress | +| GlobalRateLimit | global-rate-limit-key | High | ingress | +| GlobalRateLimit | global-rate-limit-window | Low | ingress | +| HTTP2PushPreload | http2-push-preload | Low | location | +| LoadBalancing | load-balance | Low | location | +| Logs | enable-access-log | Low | location | +| Logs | enable-rewrite-log | Low | location | +| Mirror | mirror-host | High | ingress | +| Mirror | mirror-request-body | Low | ingress | +| Mirror | mirror-target | High | ingress | +| ModSecurity | enable-modsecurity | Low | ingress | +| ModSecurity | enable-owasp-core-rules | Low | ingress | +| ModSecurity | modsecurity-snippet | Critical | ingress | +| ModSecurity | modsecurity-transaction-id | High | ingress | +| Opentelemetry | enable-opentelemetry | Low | location | +| Opentelemetry | opentelemetry-operation-name | Medium | location | +| Opentelemetry | opentelemetry-trust-incoming-span | Low | location | +| Proxy | proxy-body-size | Medium | location | +| Proxy | proxy-buffer-size | Low | location | +| Proxy | proxy-buffering | Low | location | +| Proxy | proxy-buffers-number | Low | location | +| Proxy | proxy-connect-timeout | Low | location | +| Proxy | proxy-cookie-domain | Medium | location | +| Proxy | proxy-cookie-path | Medium | location | +| Proxy | proxy-http-version | Low | location | +| Proxy | proxy-max-temp-file-size | Low | location | +| Proxy | proxy-next-upstream | Medium | location | +| Proxy | proxy-next-upstream-timeout | Low | location | +| Proxy | proxy-next-upstream-tries | Low | location | +| Proxy | proxy-read-timeout | Low | location | +| Proxy | proxy-redirect-from | Medium | location | +| Proxy | proxy-redirect-to | Medium | location | +| Proxy | proxy-request-buffering | Low | location | +| Proxy | proxy-send-timeout | Low | location | +| ProxySSL | proxy-ssl-ciphers | Medium | ingress | +| ProxySSL | proxy-ssl-name | High | ingress | +| ProxySSL | proxy-ssl-protocols | Low | ingress | +| ProxySSL | proxy-ssl-secret | Medium | ingress | +| ProxySSL | proxy-ssl-server-name | Low | ingress | +| ProxySSL | proxy-ssl-verify | Low | ingress | +| ProxySSL | proxy-ssl-verify-depth | Low | ingress | +| RateLimit | limit-allowlist | Low | location | +| RateLimit | limit-burst-multiplier | Low | location | +| RateLimit | limit-connections | Low | location | +| RateLimit | limit-rate | Low | location | +| RateLimit | limit-rate-after | Low | location | +| RateLimit | limit-rpm | Low | location | +| RateLimit | limit-rps | Low | location | +| Redirect | from-to-www-redirect | Low | location | +| Redirect | permanent-redirect | Medium | location | +| Redirect | permanent-redirect-code | Low | location | +| Redirect | temporal-redirect | Medium | location | +| Rewrite | app-root | Medium | location | +| Rewrite | force-ssl-redirect | Medium | location | +| Rewrite | preserve-trailing-slash | Medium | location | +| Rewrite | rewrite-target | Medium | ingress | +| Rewrite | ssl-redirect | Low | location | +| Rewrite | use-regex | Low | location | +| SSLCipher | ssl-ciphers | Low | ingress | +| SSLCipher | ssl-prefer-server-ciphers | Low | ingress | +| SSLPassthrough | ssl-passthrough | Low | ingress | +| Satisfy | satisfy | Low | location | +| ServerSnippet | server-snippet | Critical | ingress | +| ServiceUpstream | service-upstream | Low | ingress | +| SessionAffinity | affinity | Low | ingress | +| SessionAffinity | affinity-canary-behavior | Low | ingress | +| SessionAffinity | affinity-mode | Medium | ingress | +| SessionAffinity | session-cookie-change-on-failure | Low | ingress | +| SessionAffinity | session-cookie-conditional-samesite-none | Low | ingress | +| SessionAffinity | session-cookie-domain | Medium | ingress | +| SessionAffinity | session-cookie-expires | Medium | ingress | +| SessionAffinity | session-cookie-max-age | Medium | ingress | +| SessionAffinity | session-cookie-name | Medium | ingress | +| SessionAffinity | session-cookie-path | Medium | ingress | +| SessionAffinity | session-cookie-samesite | Low | ingress | +| SessionAffinity | session-cookie-secure | Low | ingress | +| StreamSnippet | stream-snippet | Critical | ingress | +| UpstreamHashBy | upstream-hash-by | High | location | +| UpstreamHashBy | upstream-hash-by-subset | Low | location | +| UpstreamHashBy | upstream-hash-by-subset-size | Low | location | +| UpstreamVhost | upstream-vhost | Low | location | +| UsePortInRedirects | use-port-in-redirects | Low | location | +| XForwardedPrefix | x-forwarded-prefix | Medium | location | + diff --git a/hack/update-annotation-doc.sh b/hack/update-annotation-doc.sh new file mode 100755 index 0000000000..c4feb41ce4 --- /dev/null +++ b/hack/update-annotation-doc.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Copyright 2024 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset + +SCRIPT_ROOT=$(dirname "${BASH_SOURCE}")/.. +ANNOTATIONFILE="${SCRIPT_ROOT}/docs/user-guide/nginx-configuration/annotations-risk.md" + +go run "${SCRIPT_ROOT}"/cmd/annotations/main.go -output "${ANNOTATIONFILE}" \ No newline at end of file diff --git a/hack/verify-annotation-docs.sh b/hack/verify-annotation-docs.sh new file mode 100755 index 0000000000..54034539b2 --- /dev/null +++ b/hack/verify-annotation-docs.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Copyright 2024 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +SCRIPT_ROOT=$(dirname "${BASH_SOURCE}")/.. + +ANNOTATIONFILE="${SCRIPT_ROOT}/docs/user-guide/nginx-configuration/annotations-risk.md" +TMP_DIFFROOT="${SCRIPT_ROOT}/_tmp" +TMP_FILE="${TMP_DIFFROOT}/annotations-risk.md" + +cleanup() { + rm -rf "${TMP_DIFFROOT}" +} +trap "cleanup" EXIT SIGINT + +cleanup + +mkdir -p "${TMP_DIFFROOT}" + +go run cmd/annotations/main.go -output "${TMP_FILE}" +echo "diffing ${ANNOTATIONFILE} against freshly generated annotation doc" +ret=0 +diff -Naupr --no-dereference "${ANNOTATIONFILE}" "${TMP_FILE}" || ret=1 + +if [[ $ret -eq 0 ]]; then + echo "${ANNOTATIONFILE} up to date." +else + echo "${ANNOTATIONFILE} is out of date. Please run hack/update-annotation-doc.sh" + exit 1 +fi diff --git a/internal/ingress/annotations/annotations.go b/internal/ingress/annotations/annotations.go index 0bb2ac7b81..4c073246c8 100644 --- a/internal/ingress/annotations/annotations.go +++ b/internal/ingress/annotations/annotations.go @@ -19,19 +19,10 @@ package annotations import ( "dario.cat/mergo" - "k8s.io/ingress-nginx/internal/ingress/annotations/canary" - "k8s.io/ingress-nginx/internal/ingress/annotations/customheaders" - "k8s.io/ingress-nginx/internal/ingress/annotations/disableproxyintercepterrors" - "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" - "k8s.io/ingress-nginx/internal/ingress/annotations/opentelemetry" - "k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl" - "k8s.io/ingress-nginx/internal/ingress/annotations/sslcipher" - "k8s.io/ingress-nginx/internal/ingress/annotations/streamsnippet" - "k8s.io/klog/v2" - apiv1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/klog/v2" "k8s.io/ingress-nginx/internal/ingress/annotations/alias" "k8s.io/ingress-nginx/internal/ingress/annotations/auth" @@ -39,11 +30,14 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/authreqglobal" "k8s.io/ingress-nginx/internal/ingress/annotations/authtls" "k8s.io/ingress-nginx/internal/ingress/annotations/backendprotocol" + "k8s.io/ingress-nginx/internal/ingress/annotations/canary" "k8s.io/ingress-nginx/internal/ingress/annotations/clientbodybuffersize" "k8s.io/ingress-nginx/internal/ingress/annotations/connection" "k8s.io/ingress-nginx/internal/ingress/annotations/cors" + "k8s.io/ingress-nginx/internal/ingress/annotations/customheaders" "k8s.io/ingress-nginx/internal/ingress/annotations/customhttperrors" "k8s.io/ingress-nginx/internal/ingress/annotations/defaultbackend" + "k8s.io/ingress-nginx/internal/ingress/annotations/disableproxyintercepterrors" "k8s.io/ingress-nginx/internal/ingress/annotations/fastcgi" "k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/http2pushpreload" @@ -52,9 +46,12 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/loadbalancing" "k8s.io/ingress-nginx/internal/ingress/annotations/log" "k8s.io/ingress-nginx/internal/ingress/annotations/mirror" + "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" + "k8s.io/ingress-nginx/internal/ingress/annotations/opentelemetry" "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/annotations/portinredirect" "k8s.io/ingress-nginx/internal/ingress/annotations/proxy" + "k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl" "k8s.io/ingress-nginx/internal/ingress/annotations/ratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/redirect" "k8s.io/ingress-nginx/internal/ingress/annotations/rewrite" @@ -63,7 +60,9 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/serviceupstream" "k8s.io/ingress-nginx/internal/ingress/annotations/sessionaffinity" "k8s.io/ingress-nginx/internal/ingress/annotations/snippet" + "k8s.io/ingress-nginx/internal/ingress/annotations/sslcipher" "k8s.io/ingress-nginx/internal/ingress/annotations/sslpassthrough" + "k8s.io/ingress-nginx/internal/ingress/annotations/streamsnippet" "k8s.io/ingress-nginx/internal/ingress/annotations/upstreamhashby" "k8s.io/ingress-nginx/internal/ingress/annotations/upstreamvhost" "k8s.io/ingress-nginx/internal/ingress/annotations/xforwardedprefix" @@ -126,52 +125,56 @@ type Extractor struct { annotations map[string]parser.IngressAnnotation } +func NewAnnotationFactory(cfg resolver.Resolver) map[string]parser.IngressAnnotation { + return map[string]parser.IngressAnnotation{ + "Aliases": alias.NewParser(cfg), + "BasicDigestAuth": auth.NewParser(auth.AuthDirectory, cfg), + "Canary": canary.NewParser(cfg), + "CertificateAuth": authtls.NewParser(cfg), + "ClientBodyBufferSize": clientbodybuffersize.NewParser(cfg), + "CustomHeaders": customheaders.NewParser(cfg), + "ConfigurationSnippet": snippet.NewParser(cfg), + "Connection": connection.NewParser(cfg), + "CorsConfig": cors.NewParser(cfg), + "CustomHTTPErrors": customhttperrors.NewParser(cfg), + "DisableProxyInterceptErrors": disableproxyintercepterrors.NewParser(cfg), + "DefaultBackend": defaultbackend.NewParser(cfg), + "FastCGI": fastcgi.NewParser(cfg), + "ExternalAuth": authreq.NewParser(cfg), + "EnableGlobalAuth": authreqglobal.NewParser(cfg), + "HTTP2PushPreload": http2pushpreload.NewParser(cfg), + "Opentelemetry": opentelemetry.NewParser(cfg), + "Proxy": proxy.NewParser(cfg), + "ProxySSL": proxyssl.NewParser(cfg), + "RateLimit": ratelimit.NewParser(cfg), + "GlobalRateLimit": globalratelimit.NewParser(cfg), + "Redirect": redirect.NewParser(cfg), + "Rewrite": rewrite.NewParser(cfg), + "Satisfy": satisfy.NewParser(cfg), + "ServerSnippet": serversnippet.NewParser(cfg), + "ServiceUpstream": serviceupstream.NewParser(cfg), + "SessionAffinity": sessionaffinity.NewParser(cfg), + "SSLPassthrough": sslpassthrough.NewParser(cfg), + "UsePortInRedirects": portinredirect.NewParser(cfg), + "UpstreamHashBy": upstreamhashby.NewParser(cfg), + "LoadBalancing": loadbalancing.NewParser(cfg), + "UpstreamVhost": upstreamvhost.NewParser(cfg), + "Allowlist": ipallowlist.NewParser(cfg), + "Denylist": ipdenylist.NewParser(cfg), + "XForwardedPrefix": xforwardedprefix.NewParser(cfg), + "SSLCipher": sslcipher.NewParser(cfg), + "Logs": log.NewParser(cfg), + "BackendProtocol": backendprotocol.NewParser(cfg), + "ModSecurity": modsecurity.NewParser(cfg), + "Mirror": mirror.NewParser(cfg), + "StreamSnippet": streamsnippet.NewParser(cfg), + } +} + // NewAnnotationExtractor creates a new annotations extractor func NewAnnotationExtractor(cfg resolver.Resolver) Extractor { return Extractor{ - map[string]parser.IngressAnnotation{ - "Aliases": alias.NewParser(cfg), - "BasicDigestAuth": auth.NewParser(auth.AuthDirectory, cfg), - "Canary": canary.NewParser(cfg), - "CertificateAuth": authtls.NewParser(cfg), - "ClientBodyBufferSize": clientbodybuffersize.NewParser(cfg), - "CustomHeaders": customheaders.NewParser(cfg), - "ConfigurationSnippet": snippet.NewParser(cfg), - "Connection": connection.NewParser(cfg), - "CorsConfig": cors.NewParser(cfg), - "CustomHTTPErrors": customhttperrors.NewParser(cfg), - "DisableProxyInterceptErrors": disableproxyintercepterrors.NewParser(cfg), - "DefaultBackend": defaultbackend.NewParser(cfg), - "FastCGI": fastcgi.NewParser(cfg), - "ExternalAuth": authreq.NewParser(cfg), - "EnableGlobalAuth": authreqglobal.NewParser(cfg), - "HTTP2PushPreload": http2pushpreload.NewParser(cfg), - "Opentelemetry": opentelemetry.NewParser(cfg), - "Proxy": proxy.NewParser(cfg), - "ProxySSL": proxyssl.NewParser(cfg), - "RateLimit": ratelimit.NewParser(cfg), - "GlobalRateLimit": globalratelimit.NewParser(cfg), - "Redirect": redirect.NewParser(cfg), - "Rewrite": rewrite.NewParser(cfg), - "Satisfy": satisfy.NewParser(cfg), - "ServerSnippet": serversnippet.NewParser(cfg), - "ServiceUpstream": serviceupstream.NewParser(cfg), - "SessionAffinity": sessionaffinity.NewParser(cfg), - "SSLPassthrough": sslpassthrough.NewParser(cfg), - "UsePortInRedirects": portinredirect.NewParser(cfg), - "UpstreamHashBy": upstreamhashby.NewParser(cfg), - "LoadBalancing": loadbalancing.NewParser(cfg), - "UpstreamVhost": upstreamvhost.NewParser(cfg), - "Allowlist": ipallowlist.NewParser(cfg), - "Denylist": ipdenylist.NewParser(cfg), - "XForwardedPrefix": xforwardedprefix.NewParser(cfg), - "SSLCipher": sslcipher.NewParser(cfg), - "Logs": log.NewParser(cfg), - "BackendProtocol": backendprotocol.NewParser(cfg), - "ModSecurity": modsecurity.NewParser(cfg), - "Mirror": mirror.NewParser(cfg), - "StreamSnippet": streamsnippet.NewParser(cfg), - }, + NewAnnotationFactory(cfg), } } diff --git a/internal/ingress/annotations/parser/main.go b/internal/ingress/annotations/parser/main.go index 554ad9dde7..3137afbfd0 100644 --- a/internal/ingress/annotations/parser/main.go +++ b/internal/ingress/annotations/parser/main.go @@ -210,6 +210,21 @@ func StringRiskToRisk(risk string) AnnotationRisk { } } +func (a AnnotationRisk) ToString() string { + switch a { + case AnnotationRiskCritical: + return "Critical" + case AnnotationRiskHigh: + return "High" + case AnnotationRiskMedium: + return "Medium" + case AnnotationRiskLow: + return "Low" + default: + return "Unknown" + } +} + func normalizeString(input string) string { trimmedContent := []string{} for _, line := range strings.Split(input, "\n") { diff --git a/mkdocs.yml b/mkdocs.yml index cbc2988ce7..4b010c5ff4 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -83,6 +83,7 @@ nav: - Introduction: "user-guide/nginx-configuration/index.md" - Basic usage: "user-guide/basic-usage.md" - Annotations: "user-guide/nginx-configuration/annotations.md" + - Annotations Risks: "user-guide/nginx-configuration/annotations-risk.md" - ConfigMap: "user-guide/nginx-configuration/configmap.md" - Custom NGINX template: "user-guide/nginx-configuration/custom-template.md" - Log format: "user-guide/nginx-configuration/log-format.md" From 0892d2912df5213a77027ecc47d1e77e1de2c21f Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Tue, 20 Aug 2024 23:16:18 -0700 Subject: [PATCH 02/81] Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11834) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a6b64d4083..3301b12cfe 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index cc3240931d..dcf0123682 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From c142da7a64555920dc84f8c492fa94481ba21720 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Tue, 20 Aug 2024 23:18:33 -0700 Subject: [PATCH 03/81] Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11836) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 22 ++++++++++++++-------- go.sum | 40 ++++++++++++++++++++++++---------------- 2 files changed, 38 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index ae4974c4a7..a98e1a7886 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/ncabatoff/process-exporter v0.8.3 github.com/onsi/ginkgo/v2 v2.20.0 github.com/opencontainers/runc v1.1.13 - github.com/pmezard/go-difflib v1.0.0 + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.55.0 @@ -31,20 +31,26 @@ require ( google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.30.3 + k8s.io/api v0.31.0 k8s.io/apiextensions-apiserver v0.30.1 - k8s.io/apimachinery v0.30.3 + k8s.io/apimachinery v0.31.0 k8s.io/apiserver v0.30.1 k8s.io/cli-runtime v0.30.0 - k8s.io/client-go v0.30.3 + k8s.io/client-go v0.31.0 k8s.io/code-generator v0.30.1 - k8s.io/component-base v0.30.3 + k8s.io/component-base v0.31.0 k8s.io/klog/v2 v2.130.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/mdtoc v1.1.0 ) +require ( + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect +) + require ( github.com/Anddd7/pb v0.0.0-20240425032658-369b0f6a404c github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect @@ -54,7 +60,7 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect @@ -115,7 +121,7 @@ require ( golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.24.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect @@ -124,7 +130,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo/v2 v2.0.0-20240404160639-a0386bf69313 // indirect k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect - k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.16.0 // indirect sigs.k8s.io/kustomize/kyaml v0.16.0 // indirect diff --git a/go.sum b/go.sum index 48031be864..e29fb889a6 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,9 @@ github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/eapache/channels v1.1.0 h1:F1taHcn7/F0i8DYqKXJnyhJcVpp2kgFcNePxXtnyu4k= github.com/eapache/channels v1.1.0/go.mod h1:jMm2qB5Ubtg9zLd+inMZd2/NUvXgzmWXsDaLyQIGfH0= github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= @@ -42,6 +43,8 @@ github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyT github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= @@ -174,8 +177,9 @@ github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+v github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= @@ -184,8 +188,8 @@ github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= @@ -206,6 +210,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/urfave/cli v1.17.1-0.20160602030128-01a33823596e/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= @@ -291,8 +297,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= @@ -309,6 +315,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/evanphx/json-patch.v5 v5.9.0 h1:hx1VU2SGj4F8r9b8GUwJLdc8DNO8sy79ZGui0G05GLo= gopkg.in/evanphx/json-patch.v5 v5.9.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= @@ -331,30 +339,30 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= -k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= +k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= +k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= -k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= -k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= +k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= -k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= -k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= +k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= +k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/code-generator v0.30.1 h1:ZsG++q5Vt0ScmKCeLhynUuWgcwFGg1Hl1AGfatqPJBI= k8s.io/code-generator v0.30.1/go.mod h1:hFgxRsvOUg79mbpbVKfjJvRhVz1qLoe40yZDJ/hwRH4= -k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= -k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= +k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs= +k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo= k8s.io/gengo/v2 v2.0.0-20240404160639-a0386bf69313 h1:bKcdZJOPICVmIIuaM9+MXmapE94dn5AYv5ODs1jA43o= k8s.io/gengo/v2 v2.0.0-20240404160639-a0386bf69313/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg= sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= From 4f7abea1f9b4be9e911676cf8218e883df519a63 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Tue, 20 Aug 2024 23:23:12 -0700 Subject: [PATCH 04/81] Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11837) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a98e1a7886..4d32e43a58 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module k8s.io/ingress-nginx go 1.22.6 require ( - dario.cat/mergo v1.0.0 + dario.cat/mergo v1.0.1 github.com/armon/go-proxyproto v0.1.0 github.com/eapache/channels v1.1.0 github.com/fsnotify/fsnotify v1.7.0 diff --git a/go.sum b/go.sum index e29fb889a6..fc9f7b333d 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/Anddd7/pb v0.0.0-20240425032658-369b0f6a404c h1:uhBf0CHXi7nCFZXxHV7l1cBcYFEEVRK4FYxvm1l9lKg= github.com/Anddd7/pb v0.0.0-20240425032658-369b0f6a404c/go.mod h1:vYWKbnXd2KAZHUECLPzSE0Er3FgiEmOdPtxwSIRihck= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= From 5a287a829af5aaf722f00760549068f98142acfe Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Wed, 21 Aug 2024 00:51:11 -0700 Subject: [PATCH 05/81] Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11839) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 4d32e43a58..060fdbf213 100644 --- a/go.mod +++ b/go.mod @@ -32,16 +32,16 @@ require ( gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.31.0 - k8s.io/apiextensions-apiserver v0.30.1 + k8s.io/apiextensions-apiserver v0.31.0 k8s.io/apimachinery v0.31.0 - k8s.io/apiserver v0.30.1 + k8s.io/apiserver v0.31.0 k8s.io/cli-runtime v0.30.0 k8s.io/client-go v0.31.0 - k8s.io/code-generator v0.30.1 + k8s.io/code-generator v0.31.0 k8s.io/component-base v0.31.0 k8s.io/klog/v2 v2.130.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 - sigs.k8s.io/controller-runtime v0.18.4 + sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/mdtoc v1.1.0 ) diff --git a/go.sum b/go.sum index fc9f7b333d..de380c3861 100644 --- a/go.sum +++ b/go.sum @@ -341,18 +341,18 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= -k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= -k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= +k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= -k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= +k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY= +k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= -k8s.io/code-generator v0.30.1 h1:ZsG++q5Vt0ScmKCeLhynUuWgcwFGg1Hl1AGfatqPJBI= -k8s.io/code-generator v0.30.1/go.mod h1:hFgxRsvOUg79mbpbVKfjJvRhVz1qLoe40yZDJ/hwRH4= +k8s.io/code-generator v0.31.0 h1:w607nrMi1KeDKB3/F/J4lIoOgAwc+gV9ZKew4XRfMp8= +k8s.io/code-generator v0.31.0/go.mod h1:84y4w3es8rOJOUUP1rLsIiGlO1JuEaPFXQPA9e/K6U0= k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs= k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo= k8s.io/gengo/v2 v2.0.0-20240404160639-a0386bf69313 h1:bKcdZJOPICVmIIuaM9+MXmapE94dn5AYv5ODs1jA43o= @@ -365,8 +365,8 @@ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 h1:SAElp8THCfmBdM+4lmWX5gebiSSkEr7PAYDVF91qpfg= pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732/go.mod h1:lpvCfhqEHNJSSpG5R5A2EgsVzG8RTt4RfPoQuRAcDmg= -sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= -sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g= From ee0ccdcdf194d52107801589e7e9cabdbb0a281d Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Wed, 21 Aug 2024 00:55:30 -0700 Subject: [PATCH 06/81] Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11840) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 3 ++- go.sum | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 060fdbf213..95123b04b5 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/onsi/ginkgo/v2 v2.20.0 github.com/opencontainers/runc v1.1.13 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 - github.com/prometheus/client_golang v1.19.1 + github.com/prometheus/client_golang v1.20.1 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.55.0 github.com/spf13/cobra v1.8.1 @@ -47,6 +47,7 @@ require ( require ( github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/x448/float16 v0.8.4 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect ) diff --git a/go.sum b/go.sum index de380c3861..790fd52155 100644 --- a/go.sum +++ b/go.sum @@ -111,6 +111,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -180,8 +182,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_golang v1.20.1 h1:IMJXHOD6eARkQpxo8KkhgEVFlBNm+nkrFUyGlIu7Na8= +github.com/prometheus/client_golang v1.20.1/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= From 8be1c5224a5432f5a949ed4223a9bb9f65bb2346 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sat, 24 Aug 2024 06:30:27 -0700 Subject: [PATCH 07/81] Replace deprecated queue method (#11859) Co-authored-by: Ricardo Katz --- internal/task/queue.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/task/queue.go b/internal/task/queue.go index f92f2a501f..8753bed346 100644 --- a/internal/task/queue.go +++ b/internal/task/queue.go @@ -36,7 +36,7 @@ var keyFunc = cache.DeletionHandlingMetaNamespaceKeyFunc // which timestamp is older than the last successful get operation. type Queue struct { // queue is the work queue the worker polls - queue workqueue.RateLimitingInterface + queue workqueue.TypedRateLimitingInterface[any] // sync is called for each item in the queue sync func(interface{}) error // workerDone is closed when the worker exits @@ -172,7 +172,7 @@ func NewTaskQueue(syncFn func(interface{}) error) *Queue { // NewCustomTaskQueue creates a new custom task queue with the given sync function. func NewCustomTaskQueue(syncFn func(interface{}) error, fn func(interface{}) (interface{}, error)) *Queue { q := &Queue{ - queue: workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()), + queue: workqueue.NewTypedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[any]()), sync: syncFn, workerDone: make(chan bool), fn: fn, From 63369beb6f72c12f992ab030b4852b1ee2547405 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Mon, 26 Aug 2024 18:48:41 +0200 Subject: [PATCH 08/81] Go: Sync `go.work.sum`. (#11875) --- go.work.sum | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 2 deletions(-) diff --git a/go.work.sum b/go.work.sum index 3a38ab8ec5..5a6fe2480a 100644 --- a/go.work.sum +++ b/go.work.sum @@ -1,3 +1,4 @@ +cel.dev/expr v0.15.0 h1:O1jzfJCQBfL5BFoYktaxwIhuttaQPsVWerH9/EEKx0w= cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA= cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= @@ -123,6 +124,7 @@ cloud.google.com/go/cloudtasks v1.12.6/go.mod h1:b7c7fe4+TJsFZfDyzO51F7cjq7HLUlR cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78= +cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= cloud.google.com/go/compute v1.24.0 h1:phWcR2eWzRJaL/kOiJwfFsPs4BaKq1j6vnpZrc1YlVg= cloud.google.com/go/compute v1.24.0/go.mod h1:kw1/T+h/+tK2LJK0wiPPx1intgdAM3j/g3hFDlscY40= @@ -569,6 +571,8 @@ github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= +github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= +github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= github.com/apache/arrow/go/v10 v10.0.1 h1:n9dERvixoC/1JjDmBcs9FPaEryoANa2sCgVFo6ez9cI= github.com/apache/arrow/go/v11 v11.0.0 h1:hqauxvFQxww+0mEU/2XHG6LT7eZternCZq+A5Yly2uM= github.com/apache/thrift v0.16.0 h1:qEy6UW60iVOlUy+b9ZR0d5WzUWYGOo4HfopoyBaNmoY= @@ -583,6 +587,8 @@ github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -615,6 +621,7 @@ github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ= github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50/go.mod h1:5e1+Vvlzido69INQaVO6d87Qn543Xr6nooe9Kz7oBFM= +github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b h1:ga8SEFjZ60pxLcmhnThWgvH2wg8376yUJmPhEH4H3kw= github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= @@ -624,6 +631,7 @@ github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 h1:bWDMxwH3px2JBh6AyO7hdCn/PkvCZXii8TGj7sbtEbQ= @@ -642,6 +650,7 @@ github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZ github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.3.0 h1:/7zJX8F6AaYQc57WQCyN9cAIz+4bCJGO9B+dyW29am8= github.com/fxamacker/cbor/v2 v2.6.0 h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA= @@ -678,6 +687,7 @@ github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaL github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.5/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= github.com/go-openapi/swag v0.22.6/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= github.com/go-pdf/fpdf v0.6.0 h1:MlgtGIfsdMEEQJr2le6b/HNr1ZlQwxyWr77r2aj2U/8= @@ -703,6 +713,7 @@ github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF0 github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4= github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -711,6 +722,8 @@ github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9 github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto= github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84= +github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= github.com/google/flatbuffers v2.0.8+incompatible h1:ivUb1cGomAB101ZM1T0nOiWz9pSrTMoa9+EiY7igmkM= github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -718,6 +731,8 @@ github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPg github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA= github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -743,6 +758,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= @@ -795,6 +812,8 @@ github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8 h1:AMFGa4R4MiIpsp github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3 h1:+n/aFZefKZp7spd8DFdX7uMikMLXX4oubIzJF4kv/wI= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -871,8 +890,6 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= -github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xhit/go-str2duration v1.2.0 h1:BcV5u025cITWxEQKGWr1URRzrcXtu7uk8+luz3Yuhwc= github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc= github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= @@ -883,50 +900,84 @@ github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ= github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0= go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI= +go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= go.etcd.io/etcd/api/v3 v3.5.10 h1:szRajuUUbLyppkhs9K6BRtjY37l66XQQmw7oZRANE4k= go.etcd.io/etcd/api/v3 v3.5.10/go.mod h1:TidfmT4Uycad3NM/o25fG3J07odo4GBB9hoxaodFCtI= +go.etcd.io/etcd/api/v3 v3.5.14 h1:vHObSCxyB9zlF60w7qzAdTcGaglbJOpSj1Xj9+WGxq0= +go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU= go.etcd.io/etcd/client/pkg/v3 v3.5.10 h1:kfYIdQftBnbAq8pUWFXfpuuxFSKzlmM5cSn76JByiT0= go.etcd.io/etcd/client/pkg/v3 v3.5.10/go.mod h1:DYivfIviIuQ8+/lCq4vcxuseg2P2XbHygkKwFo9fc8U= +go.etcd.io/etcd/client/pkg/v3 v3.5.14 h1:SaNH6Y+rVEdxfpA2Jr5wkEvN6Zykme5+YnbCkxvuWxQ= +go.etcd.io/etcd/client/pkg/v3 v3.5.14/go.mod h1:8uMgAokyG1czCtIdsq+AGyYQMvpIKnSvPjFMunkgeZI= go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4= go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= +go.etcd.io/etcd/client/v2 v2.305.13 h1:RWfV1SX5jTU0lbCvpVQe3iPQeAHETWdOTb6pxhd77C8= +go.etcd.io/etcd/client/v2 v2.305.13/go.mod h1:iQnL7fepbiomdXMb3om1rHq96htNNGv2sJkEcZGDRRg= go.etcd.io/etcd/client/v3 v3.5.10 h1:W9TXNZ+oB3MCd/8UjxHTWK5J9Nquw9fQBLJd5ne5/Ao= go.etcd.io/etcd/client/v3 v3.5.10/go.mod h1:RVeBnDz2PUEZqTpgqwAtUd8nAPf5kjyFyND7P1VkOKc= +go.etcd.io/etcd/client/v3 v3.5.14 h1:CWfRs4FDaDoSz81giL7zPpZH2Z35tbOrAJkkjMqOupg= +go.etcd.io/etcd/client/v3 v3.5.14/go.mod h1:k3XfdV/VIHy/97rqWjoUzrj9tk7GgJGH9J8L4dNXmAk= go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM= go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= +go.etcd.io/etcd/pkg/v3 v3.5.13 h1:st9bDWNsKkBNpP4PR1MvM/9NqUPfvYZx/YXegsYEH8M= +go.etcd.io/etcd/pkg/v3 v3.5.13/go.mod h1:N+4PLrp7agI/Viy+dUYpX7iRtSPvKq+w8Y14d1vX+m0= go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA= go.etcd.io/etcd/raft/v3 v3.5.10/go.mod h1:odD6kr8XQXTy9oQnyMPBOr0TVe+gT0neQhElQ6jbGRc= +go.etcd.io/etcd/raft/v3 v3.5.13 h1:7r/NKAOups1YnKcfro2RvGGo2PTuizF/xh26Z2CTAzA= +go.etcd.io/etcd/raft/v3 v3.5.13/go.mod h1:uUFibGLn2Ksm2URMxN1fICGhk8Wu96EfDQyuLhAcAmw= go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg= go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo= +go.etcd.io/etcd/server/v3 v3.5.13 h1:V6KG+yMfMSqWt+lGnhFpP5z5dRUj1BDRJ5k1fQ9DFok= +go.etcd.io/etcd/server/v3 v3.5.13/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 h1:KfYpVmrjI7JuToy5k8XV3nkapjWx48k4E4JOtVstzQI= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0/go.mod h1:SeQhzAEccGVZVEy7aH87Nh0km+utSpo1pTv6eMMop48= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 h1:3d+S281UTjM+AbF31XSOYn1qXn3BgIdWl8HNEpx08Jk= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= @@ -944,6 +995,7 @@ golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028 h1:4+4C/Iv2U4fMZBiMCc98MG golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= @@ -951,6 +1003,8 @@ golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= @@ -958,18 +1012,24 @@ golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74Ow golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2 h1:IRJeR9r1pYWsHKTRe/IInb7lYvbBVIqOgsX/u0mbOWY= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= +golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457 h1:zf5N6UOrA487eEFacMePxjXAJctxKmyjKUsjA11Uzuk= +golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= @@ -977,6 +1037,8 @@ golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58 golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= @@ -1022,6 +1084,7 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9/go. google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de h1:jFNzHPIeuzhdRwVhbZdiym9q0ory/xY3sA+v2wPg8I0= google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8= google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc h1:g3hIDl0jRNd9PPTs2uBzYuaD5mQuwOkZY0vSc0LR32o= google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw= @@ -1064,6 +1127,8 @@ k8s.io/kms v0.29.3/go.mod h1:TBGbJKpRUMk59neTMDMddjIDL+D4HuFUbpuiuzmOPg0= k8s.io/kms v0.30.0 h1:ZlnD/ei5lpvUlPw6eLfVvH7d8i9qZ6HwUQgydNVks8g= k8s.io/kms v0.30.0/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= k8s.io/kms v0.30.1/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= +k8s.io/kms v0.31.0 h1:KchILPfB1ZE+ka7223mpU5zeFNkmb45jl7RHnlImUaI= +k8s.io/kms v0.31.0/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= @@ -1088,6 +1153,8 @@ rsc.io/sampler v1.3.0 h1:7uVkIFmeBqHfdjD+gZwtXXI+RODJ2Wc4O7MPEh/QiW4= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= From 11656655910b5dac3dad24bdfc97a4ec76091ad0 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 26 Aug 2024 13:31:22 -0700 Subject: [PATCH 09/81] Update maxmind post link about geolite2 license changes (#11881) Signed-off-by: Seonghyeon Cho Co-authored-by: Seonghyeon Cho --- Changelog.md | 2 +- charts/ingress-nginx/README.md | 2 +- charts/ingress-nginx/values.yaml | 2 +- docs/user-guide/cli-arguments.md | 2 +- docs/user-guide/nginx-configuration/configmap.md | 2 +- pkg/flags/flags.go | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Changelog.md b/Changelog.md index 400c187f77..f74ff81198 100644 --- a/Changelog.md +++ b/Changelog.md @@ -2057,7 +2057,7 @@ _Breaking Changes:_ ``` Due to upcoming data privacy regulations, we are making significant changes to how you access free GeoLite2 databases starting December 30, 2019. - Learn more on our blog https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/ + Learn more on our blog https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ ``` Because of this change, it is not clear we can provide the databases directly from the docker image. diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 26eab28555..1c319fabcb 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -366,7 +366,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.livenessProbe.periodSeconds | int | `10` | | | controller.livenessProbe.successThreshold | int | `1` | | | controller.livenessProbe.timeoutSeconds | int | `1` | | -| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | +| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ | | controller.metrics.enabled | bool | `false` | | | controller.metrics.port | int | `10254` | | | controller.metrics.portName | string | `"metrics"` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index fbd0b31cf7..06859039f5 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -194,7 +194,7 @@ controller: # -- Annotations to be added to the udp config configmap annotations: {} # -- Maxmind license key to download GeoLite2 Databases. - ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + ## https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ maxmindLicenseKey: "" # -- Additional command line arguments to pass to Ingress-Nginx Controller # E.g. to specify the default SSL certificate you can use diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index f8fdc2ddbb..ea4ef2572a 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -43,7 +43,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--maxmind-edition-ids` | Maxmind edition ids to download GeoLite2 Databases. (default "GeoLite2-City,GeoLite2-ASN") | | `--maxmind-retries-timeout` | Maxmind downloading delay between 1st and 2nd attempt, 0s - do not retry to download if something went wrong. (default 0s) | | `--maxmind-retries-count` | Number of attempts to download the GeoIP DB. (default 1) | -| `--maxmind-license-key` | Maxmind license key to download GeoLite2 Databases. https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases . | +| `--maxmind-license-key` | Maxmind license key to download GeoLite2 Databases. https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ . | | `--maxmind-mirror` | Maxmind mirror url (example: http://geoip.local/databases. | | `--metrics-per-host` | Export metrics per-host. (default true) | | `--monitor-max-batch-size` | Max batch size of NGINX metrics. (default 10000)| diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 0b8e03af1a..560e876293 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -725,7 +725,7 @@ _**default:**_ true ## use-geoip2 Enables the [geoip2 module](https://github.com/leev/ngx_http_geoip2_module) for NGINX. -Since `0.27.0` and due to a [change in the MaxMind databases](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases) a license is required to have access to the databases. +Since `0.27.0` and due to a [change in the MaxMind databases](https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/) a license is required to have access to the databases. For this reason, it is required to define a new flag `--maxmind-license-key` in the ingress controller deployment to download the databases needed during the initialization of the ingress controller. Alternatively, it is possible to use a volume to mount the files `/etc/ingress-controller/geoip/GeoLite2-City.mmdb` and `/etc/ingress-controller/geoip/GeoLite2-ASN.mmdb`, avoiding the overhead of the download. diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go index 5891f636b3..92b819c749 100644 --- a/pkg/flags/flags.go +++ b/pkg/flags/flags.go @@ -232,7 +232,7 @@ Takes the form ":port". If not provided, no admission controller is starte flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases.`) flags.StringVar(&nginx.MaxmindLicenseKey, "maxmind-license-key", "", `Maxmind license key to download GeoLite2 Databases. -https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases .`) +https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ .`) flags.StringVar(&nginx.MaxmindEditionIDs, "maxmind-edition-ids", "GeoLite2-City,GeoLite2-ASN", `Maxmind edition ids to download GeoLite2 Databases.`) flags.IntVar(&nginx.MaxmindRetriesCount, "maxmind-retries-count", 1, "Number of attempts to download the GeoIP DB.") flags.DurationVar(&nginx.MaxmindRetriesTimeout, "maxmind-retries-timeout", time.Second*0, "Maxmind downloading delay between 1st and 2nd attempt, 0s - do not retry to download if something went wrong.") From 162452b6e89931a793abc9ce150fe72fceb1df01 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 26 Aug 2024 13:32:14 -0700 Subject: [PATCH 10/81] Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11868) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3301b12cfe..2a1489f5db 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index dcf0123682..2d135695de 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 27697abbcbf911ae31ba96f70eff6a4ec1dbe9d7 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 26 Aug 2024 13:32:39 -0700 Subject: [PATCH 11/81] Bump the all group with 2 updates (#11871) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 95123b04b5..0f43520cc3 100644 --- a/go.mod +++ b/go.mod @@ -14,10 +14,10 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.8.3 - github.com/onsi/ginkgo/v2 v2.20.0 + github.com/onsi/ginkgo/v2 v2.20.1 github.com/opencontainers/runc v1.1.13 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 - github.com/prometheus/client_golang v1.20.1 + github.com/prometheus/client_golang v1.20.2 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.55.0 github.com/spf13/cobra v1.8.1 diff --git a/go.sum b/go.sum index 790fd52155..b4022d9121 100644 --- a/go.sum +++ b/go.sum @@ -165,8 +165,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= -github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= +github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= @@ -182,8 +182,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.1 h1:IMJXHOD6eARkQpxo8KkhgEVFlBNm+nkrFUyGlIu7Na8= -github.com/prometheus/client_golang v1.20.1/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= +github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= From 2e208230dff88398fbbd5721edffc3da11b23198 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Mon, 26 Aug 2024 22:33:39 +0200 Subject: [PATCH 12/81] Chart: Use generic values for `ConfigMap` test. (#11879) --- .../tests/controller-configmap_test.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/ingress-nginx/tests/controller-configmap_test.yaml b/charts/ingress-nginx/tests/controller-configmap_test.yaml index 9cfea9800b..168b657d6b 100644 --- a/charts/ingress-nginx/tests/controller-configmap_test.yaml +++ b/charts/ingress-nginx/tests/controller-configmap_test.yaml @@ -16,16 +16,16 @@ tests: - it: should create a ConfigMap with templated values if `controller.config` contains templates set: controller.config: - global-rate-limit-memcached-host: "memcached.{{ .Release.Namespace }}.svc.kubernetes.local" - global-rate-limit-memcached-port: 11211 - use-gzip: true + template: "test.{{ .Release.Namespace }}.svc.kubernetes.local" + integer: 12345 + boolean: true asserts: - equal: - path: data.global-rate-limit-memcached-host - value: memcached.NAMESPACE.svc.kubernetes.local + path: data.template + value: test.NAMESPACE.svc.kubernetes.local - equal: - path: data.global-rate-limit-memcached-port - value: "11211" + path: data.integer + value: "12345" - equal: - path: data.use-gzip + path: data.boolean value: "true" From 2421dd53cf8a91588b1bd7cc6987390448cfa382 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 26 Aug 2024 14:42:44 -0700 Subject: [PATCH 13/81] CI: Grant checks write permissions to E2E Test Report. (#11885) Signed-off-by: Seonghyeon Cho Co-authored-by: Seonghyeon Cho --- .github/workflows/junit-reports.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml index 947b90c257..e2a82910eb 100644 --- a/.github/workflows/junit-reports.yaml +++ b/.github/workflows/junit-reports.yaml @@ -5,6 +5,10 @@ on: workflows: ['CI'] # runs after CI workflow types: - completed + +permissions: + checks: write + jobs: report: runs-on: ubuntu-latest From 13719ac7c524838828888a032fa4da0cba32a7b0 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 26 Aug 2024 17:08:53 -0700 Subject: [PATCH 14/81] Annotations: Allow commas in URLs. (#11887) Signed-off-by: James Strong Co-authored-by: James Strong --- internal/ingress/annotations/parser/validators.go | 2 +- internal/ingress/annotations/parser/validators_test.go | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/internal/ingress/annotations/parser/validators.go b/internal/ingress/annotations/parser/validators.go index ffb4d9ba9f..31524508f5 100644 --- a/internal/ingress/annotations/parser/validators.go +++ b/internal/ingress/annotations/parser/validators.go @@ -44,7 +44,7 @@ var ( alphaNumericChars = `\-\.\_\~a-zA-Z0-9\/:` extendedAlphaNumeric = alphaNumericChars + ", " regexEnabledChars = regexp.QuoteMeta(`^$[](){}*+?|&=\`) - urlEnabledChars = regexp.QuoteMeta(`:?&=`) + urlEnabledChars = regexp.QuoteMeta(`,:?&=`) ) // IsValidRegex checks if the tested string can be used as a regex, but without any weird character. diff --git a/internal/ingress/annotations/parser/validators_test.go b/internal/ingress/annotations/parser/validators_test.go index ed84494528..6c88342e43 100644 --- a/internal/ingress/annotations/parser/validators_test.go +++ b/internal/ingress/annotations/parser/validators_test.go @@ -55,6 +55,11 @@ func TestValidateArrayOfServerName(t *testing.T) { value: "*.so*mething.com,bla.com", wantErr: false, }, + { + name: "should allow comma separated query params", + value: "https://oauth.example/oauth2/auth?allowed_groups=gid1,gid2", + wantErr: false, + }, { name: "should deny names with weird characters", value: "something.com,lolo;xpto.com,nothing.com", From b401ff3912f020fdba5330aa11581c8482dfb83e Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Tue, 27 Aug 2024 02:30:24 -0700 Subject: [PATCH 15/81] Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11889) Co-authored-by: Marco Ebert --- charts/ingress-nginx/README.md | 2 +- ...es.yaml => controller-prometheusrule.yaml} | 0 .../tests/controller-prometheusrule_test.yaml | 17 +++++++++++ .../tests/controller-servicemonitor_test.yaml | 29 +++++++++++++++++++ charts/ingress-nginx/values.yaml | 1 + 5 files changed, 48 insertions(+), 1 deletion(-) rename charts/ingress-nginx/templates/{controller-prometheusrules.yaml => controller-prometheusrule.yaml} (100%) create mode 100644 charts/ingress-nginx/tests/controller-prometheusrule_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-servicemonitor_test.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 1c319fabcb..57f5339707 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -380,7 +380,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.metrics.service.servicePort | int | `10254` | | | controller.metrics.service.type | string | `"ClusterIP"` | | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | -| controller.metrics.serviceMonitor.annotations | object | `{}` | | +| controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. | | controller.metrics.serviceMonitor.enabled | bool | `false` | | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | | | controller.metrics.serviceMonitor.namespace | string | `""` | | diff --git a/charts/ingress-nginx/templates/controller-prometheusrules.yaml b/charts/ingress-nginx/templates/controller-prometheusrule.yaml similarity index 100% rename from charts/ingress-nginx/templates/controller-prometheusrules.yaml rename to charts/ingress-nginx/templates/controller-prometheusrule.yaml diff --git a/charts/ingress-nginx/tests/controller-prometheusrule_test.yaml b/charts/ingress-nginx/tests/controller-prometheusrule_test.yaml new file mode 100644 index 0000000000..d60a98315f --- /dev/null +++ b/charts/ingress-nginx/tests/controller-prometheusrule_test.yaml @@ -0,0 +1,17 @@ +suite: Controller > PrometheusRule +templates: + - controller-prometheusrule.yaml + +tests: + - it: should create a PrometheusRule if `controller.metrics.prometheusRule.enabled` is true + set: + controller.metrics.enabled: true + controller.metrics.prometheusRule.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PrometheusRule + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller diff --git a/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml b/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml new file mode 100644 index 0000000000..310097c1a2 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml @@ -0,0 +1,29 @@ +suite: Controller > ServiceMonitor +templates: + - controller-servicemonitor.yaml + +tests: + - it: should create a ServiceMonitor if `controller.metrics.serviceMonitor.enabled` is true + set: + controller.metrics.enabled: true + controller.metrics.serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ServiceMonitor + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller + + - it: should create a ServiceMonitor with annotations if `controller.metrics.serviceMonitor.annotations` is set + set: + controller.metrics.enabled: true + controller.metrics.serviceMonitor.enabled: true + controller.metrics.serviceMonitor.annotations: + my-little-annotation: test-value + asserts: + - equal: + path: metadata.annotations + value: + my-little-annotation: test-value diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 06859039f5..7dd353f5b8 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -873,6 +873,7 @@ controller: serviceMonitor: enabled: false additionalLabels: {} + # -- Annotations to be added to the ServiceMonitor. annotations: {} ## The label to use to retrieve the job name from. ## jobLabel: "app.kubernetes.io/name" From 34b9099bf1d1e94693a993dc1de8777937bb5e55 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Thu, 29 Aug 2024 06:00:30 -0700 Subject: [PATCH 16/81] Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11908) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2a1489f5db..aa8981aa38 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 2d135695de..d4a53a3526 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 8de23fc54a4ce73acacd47046719229327a1a891 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Thu, 29 Aug 2024 07:02:26 -0700 Subject: [PATCH 17/81] Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11909) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0f43520cc3..62f2715cc3 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 github.com/prometheus/client_golang v1.20.2 github.com/prometheus/client_model v0.6.1 - github.com/prometheus/common v0.55.0 + github.com/prometheus/common v0.57.0 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index b4022d9121..0c7c819ad4 100644 --- a/go.sum +++ b/go.sum @@ -186,8 +186,8 @@ github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjs github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= -github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY= +github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= From e38b3cf2da8bc27dc218352925c6032a45d3c47a Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Thu, 29 Aug 2024 07:02:43 -0700 Subject: [PATCH 18/81] Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11910) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 62f2715cc3..00e3ec55d0 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.26.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - google.golang.org/grpc v1.65.0 + google.golang.org/grpc v1.66.0 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 diff --git a/go.sum b/go.sum index 0c7c819ad4..4b6fec1468 100644 --- a/go.sum +++ b/go.sum @@ -301,8 +301,8 @@ gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= -google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= +google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab/go.mod h1:liVNnGuZDITxuksuZ+BBvdy7FcJfeNk+efF9qgqNUmc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From 569c612748cd3e5306ad501374c784e1d5bd93cf Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Thu, 29 Aug 2024 08:25:30 -0700 Subject: [PATCH 19/81] Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11913) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Ebert --- build/run-in-docker.sh | 2 +- go.mod | 6 +++--- go.sum | 12 ++++++------ go.work.sum | 4 ++++ images/kube-webhook-certgen/rootfs/go.mod | 4 ++-- images/kube-webhook-certgen/rootfs/go.sum | 12 ++++++------ images/test-runner/Makefile | 4 ++-- test/e2e/run-chart-test.sh | 2 +- test/e2e/run-kind-e2e.sh | 2 +- 9 files changed, 26 insertions(+), 22 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index fcbf8f6cdc..0c965666c6 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -82,7 +82,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "FLAGS=$FLAGS" #go env - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.20.0 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.20.2 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/go.mod b/go.mod index 00e3ec55d0..f8002d09cc 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.8.3 - github.com/onsi/ginkgo/v2 v2.20.1 + github.com/onsi/ginkgo/v2 v2.20.2 github.com/opencontainers/runc v1.1.13 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 github.com/prometheus/client_golang v1.20.2 @@ -82,7 +82,7 @@ require ( github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect + github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect @@ -117,7 +117,7 @@ require ( golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.23.0 // indirect + golang.org/x/sys v0.24.0 // indirect golang.org/x/term v0.23.0 // indirect golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.5.0 // indirect diff --git a/go.sum b/go.sum index 4b6fec1468..88cef07125 100644 --- a/go.sum +++ b/go.sum @@ -92,8 +92,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= -github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -165,8 +165,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= -github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= +github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= @@ -276,8 +276,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/go.work.sum b/go.work.sum index 5a6fe2480a..8b186c739d 100644 --- a/go.work.sum +++ b/go.work.sum @@ -644,6 +644,7 @@ github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRr github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= github.com/envoyproxy/go-control-plane v0.12.0 h1:4X+VP1GHd1Mhj6IB5mMeGbLCleqxjletLK6K0rbxyZI= github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0= +github.com/envoyproxy/go-control-plane v0.12.1-0.20240621013728-1eb8caab5155/go.mod h1:5Wkq+JduFtdAXihLmeTJf+tRYIT4KBc2vPXDhwVo1pA= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= @@ -844,6 +845,7 @@ github.com/pierrec/lz4/v4 v4.1.15 h1:MO0/ucJhngq7299dKLwIMtgTfbkoSPF6AoMYDd8Q4q0 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/sftp v1.13.1 h1:I2qBYMChEhIjOgazfJmV3/mZM256btk6wkCDRmW7JYs= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc= github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= github.com/prometheus/exporter-toolkit v0.11.0 h1:yNTsuZ0aNCNFQ3aFTD2uhPOvr4iD7fdBvKPAEGkNf+g= @@ -1020,6 +1022,7 @@ golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2 h1:IRJeR9r1pYWsHKTRe/IInb7lYvbBVIqOgsX/u0mbOWY= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= @@ -1086,6 +1089,7 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de/go. google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE= google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= +google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc h1:g3hIDl0jRNd9PPTs2uBzYuaD5mQuwOkZY0vSc0LR32o= google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw= google.golang.org/genproto/googleapis/bytestream v0.0.0-20231212172506-995d672761c0/go.mod h1:guYXGPwC6jwxgWKW5Y405fKWOFNwlvUlUnzyp9i0uqo= diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 52746ebd94..0270c0d875 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -33,14 +33,14 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/onsi/ginkgo/v2 v2.20.0 // indirect + github.com/onsi/ginkgo/v2 v2.20.2 // indirect github.com/onsi/gomega v1.34.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/testify v1.9.0 // indirect golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect - golang.org/x/sys v0.23.0 // indirect + golang.org/x/sys v0.24.0 // indirect golang.org/x/term v0.23.0 // indirect golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.5.0 // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index 8ce13c672a..f963471082 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -32,8 +32,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= -github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= @@ -61,8 +61,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/onrik/logrus v0.11.0 h1:pu+BCaWL36t0yQaj/2UHK2erf88dwssAKOT51mxPUVs= github.com/onrik/logrus v0.11.0/go.mod h1:fO2vlZwIdti6PidD3gV5YKt9Lq5ptpnP293RAe1ITwk= -github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= -github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= +github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -123,8 +123,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 3d60a53134..74da2082fa 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -59,7 +59,7 @@ image: --build-arg YAML_LINT_VERSION=1.33.0 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.14.4 \ - --build-arg GINKGO_VERSION=2.20.0 \ + --build-arg GINKGO_VERSION=2.20.2 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs @@ -80,7 +80,7 @@ build: ensure-buildx --build-arg YAML_LINT_VERSION=1.33.0 \ --build-arg YAMALE_VERSION=4.0.4 \ --build-arg HELM_VERSION=3.14.4 \ - --build-arg GINKGO_VERSION=2.20.0 \ + --build-arg GINKGO_VERSION=2.20.2 \ --build-arg GOLINT_VERSION=latest \ -t ${IMAGE}:${TAG} rootfs diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 7d388c215b..0069af02b8 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.20.0 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.20.2 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run-kind-e2e.sh b/test/e2e/run-kind-e2e.sh index ab2cb2dd78..c20fbfc5ba 100755 --- a/test/e2e/run-kind-e2e.sh +++ b/test/e2e/run-kind-e2e.sh @@ -96,7 +96,7 @@ fi if [ "${SKIP_E2E_IMAGE_CREATION}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go install github.com/onsi/ginkgo/v2/ginkgo@v2.20.0 + go install github.com/onsi/ginkgo/v2/ginkgo@v2.20.2 fi echo "[dev-env] .. done building controller images" From 17ba1356689fc7624487d83dfb47bc5f8521ee8a Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Thu, 29 Aug 2024 11:27:32 -0700 Subject: [PATCH 20/81] Images: Trigger `test-runner` build. (#11917) Co-authored-by: Marco Ebert --- images/test-runner/TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/test-runner/TAG b/images/test-runner/TAG index 384942600b..0ec25f7505 100644 --- a/images/test-runner/TAG +++ b/images/test-runner/TAG @@ -1 +1 @@ -v0.0.9 +v1.0.0 From 958f154ac913c8d4e76475d3f01d5672a41f2cfc Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Thu, 29 Aug 2024 14:55:30 -0700 Subject: [PATCH 21/81] Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11921) Co-authored-by: Marco Ebert --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- test/e2e/run-chart-test.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 0c965666c6..915c29d7af 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -44,7 +44,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240812-3f0129aa@sha256:95c2aaf2a66e8cbbf7a7453046f3b024383c273a0988efab841cd96116afd1a9} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785} if [[ "$RUNTIME" == podman ]]; then # Podman does not support both tag and digest diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 74f3cc437d..8e3040177f 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20240812-3f0129aa@sha256:95c2aaf2a66e8cbbf7a7453046f3b024383c273a0988efab841cd96116afd1a9" +E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 0069af02b8..95465ee32f 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -109,7 +109,7 @@ docker run --rm --interactive --network host \ --volume $KUBECONFIG:/root/.kube/config \ --volume "${DIR}/../../":/workdir \ --workdir /workdir \ - registry.k8s.io/ingress-nginx/e2e-test-runner:v20240812-3f0129aa@sha256:95c2aaf2a66e8cbbf7a7453046f3b024383c273a0988efab841cd96116afd1a9 \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785 \ ct install \ --charts charts/ingress-nginx \ --helm-extra-args "--timeout 60s" From 30cc82df1a2507a7f683d099dd23ebfe7bf88c63 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 2 Sep 2024 10:03:16 -0700 Subject: [PATCH 22/81] Bump the all group with 2 updates (#11925) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 4 ++-- .github/workflows/scorecards.yml | 2 +- .github/workflows/zz-tmpl-k8s-e2e.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 49b39a7a3b..5a8e7a2dad 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -186,7 +186,7 @@ jobs: | gzip > docker.tar.gz - name: cache - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: docker.tar.gz path: docker.tar.gz @@ -209,7 +209,7 @@ jobs: - name: Set up Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.x' diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index aa8981aa38..a1e9c4ecc9 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index adf1dc0e89..de982df466 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -50,7 +50,7 @@ jobs: make kind-e2e-test - name: Upload e2e junit-reports ${{ inputs.variation }} - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 if: success() || failure() with: name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} From e035493b9c506595e35dc088d08ba108dbeab70c Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Wed, 4 Sep 2024 04:21:22 -0700 Subject: [PATCH 23/81] Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11930) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f8002d09cc..36b5f79e10 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.8.3 github.com/onsi/ginkgo/v2 v2.20.2 - github.com/opencontainers/runc v1.1.13 + github.com/opencontainers/runc v1.1.14 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 github.com/prometheus/client_golang v1.20.2 github.com/prometheus/client_model v0.6.1 diff --git a/go.sum b/go.sum index 88cef07125..51d85b04cf 100644 --- a/go.sum +++ b/go.sum @@ -171,8 +171,8 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= -github.com/opencontainers/runc v1.1.13 h1:98S2srgG9vw0zWcDpFMn5TRrh8kLxa/5OFUstuUhmRs= -github.com/opencontainers/runc v1.1.13/go.mod h1:R016aXacfp/gwQBYw2FDGa9m+n6atbLWrYY8hNMT/sA= +github.com/opencontainers/runc v1.1.14 h1:rgSuzbmgz5DUJjeSnw337TxDbRuqjs6iqQck/2weR6w= +github.com/opencontainers/runc v1.1.14/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= From 889afa9abd19f608c5486c1d105714c9c54de262 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Wed, 4 Sep 2024 15:38:37 -0700 Subject: [PATCH 24/81] Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11934) Co-authored-by: Ramiro Algozino --- .../validating-webhook.yaml | 1 + .../templates/controller-service-webhook.yaml | 2 +- .../validating-webhook_test.yaml | 32 +++++++++++++++++++ .../controller-service-webhook_test.yaml | 32 +++++++++++++++++++ 4 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml create mode 100644 charts/ingress-nginx/tests/controller-service-webhook_test.yaml diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml index 4cd36a62e9..0949cea75a 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -40,6 +40,7 @@ webhooks: service: name: {{ include "ingress-nginx.controller.fullname" . }}-admission namespace: {{ include "ingress-nginx.namespace" . }} + port: {{ .Values.controller.admissionWebhooks.service.servicePort }} path: /networking/v1/ingresses {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} diff --git a/charts/ingress-nginx/templates/controller-service-webhook.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml index 6dcf1a10a6..67aac0d9a2 100644 --- a/charts/ingress-nginx/templates/controller-service-webhook.yaml +++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml @@ -29,7 +29,7 @@ spec: {{- end }} ports: - name: https-webhook - port: 443 + port: {{ .Values.controller.admissionWebhooks.service.servicePort }} targetPort: webhook {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} appProtocol: https diff --git a/charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml new file mode 100644 index 0000000000..b9d6d780bb --- /dev/null +++ b/charts/ingress-nginx/tests/admission-webhooks/validating-webhook_test.yaml @@ -0,0 +1,32 @@ +suite: Admission Webhooks > ValidatingWebhookConfiguration +templates: + - admission-webhooks/validating-webhook.yaml + +tests: + - it: should not create a ValidatingWebhookConfiguration if `controller.admissionWebhooks.enabled` is false + set: + controller.admissionWebhooks.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a ValidatingWebhookConfiguration if `controller.admissionWebhooks.enabled` is true + set: + controller.admissionWebhooks.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ValidatingWebhookConfiguration + - equal: + path: metadata.name + value: RELEASE-NAME-admission + + - it: should create a ValidatingWebhookConfiguration with a custom port if `controller.admissionWebhooks.service.servicePort` is set + set: + controller.admissionWebhooks.enabled: true + controller.admissionWebhooks.service.servicePort: 9443 + asserts: + - equal: + path: webhooks[0].clientConfig.service.port + value: 9443 diff --git a/charts/ingress-nginx/tests/controller-service-webhook_test.yaml b/charts/ingress-nginx/tests/controller-service-webhook_test.yaml new file mode 100644 index 0000000000..1c759edbe6 --- /dev/null +++ b/charts/ingress-nginx/tests/controller-service-webhook_test.yaml @@ -0,0 +1,32 @@ +suite: Controller > Service > Webhook +templates: + - controller-service-webhook.yaml + +tests: + - it: should not create a webhook Service if `controller.admissionWebhooks.enabled` is false + set: + controller.admissionWebhooks.enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should create a webhook Service if `controller.admissionWebhooks.enabled` is true + set: + controller.admissionWebhooks.enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Service + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-controller-admission + + - it: should create a webhook Service with a custom port if `controller.admissionWebhooks.service.servicePort` is set + set: + controller.admissionWebhooks.enabled: true + controller.admissionWebhooks.service.servicePort: 9443 + asserts: + - equal: + path: spec.ports[0].port + value: 9443 From dcfa4507aeecb332b3866d0d8d1855f70c5c1065 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Fri, 6 Sep 2024 23:19:50 +0200 Subject: [PATCH 25/81] Fix minor typos (#11941) Co-authored-by: Nathan Baulch --- .github/workflows/zz-tmpl-images.yaml | 2 +- .github/workflows/zz-tmpl-k8s-e2e.yaml | 2 +- Changelog.md | 52 +++++++++---------- MANUAL_RELEASE.md | 16 +++--- NEW_CONTRIBUTOR.md | 10 ++-- build/run-ingress-controller.sh | 2 +- changelog/controller-1.11.0.md | 2 +- changelog/controller-1.6.4.md | 2 +- changelog/controller-1.7.1.md | 2 +- changelog/controller-1.8.0.md | 2 +- changelog/controller-1.9.0-beta.0.md | 2 +- changelog/controller-1.9.0.md | 2 +- .../changelog/helm-chart-4.1.2.md | 2 +- .../changelog/helm-chart-4.7.0.md | 2 +- cmd/plugin/request/request.go | 2 +- docs/e2e-tests.md | 2 +- docs/examples/index.md | 2 +- docs/examples/openpolicyagent/README.md | 20 +++---- docs/examples/openpolicyagent/template.yaml | 10 ++-- .../third-party-addons/opentelemetry.md | 6 +-- .../rootfs/pkg/k8s/k8s_test.go | 2 +- internal/admission/controller/server.go | 2 +- .../ingress/annotations/loadbalancing/main.go | 14 ++--- .../ingress/annotations/mirror/main_test.go | 2 +- .../ingress/annotations/serversnippet/main.go | 2 +- .../annotations/serviceupstream/main.go | 2 +- internal/ingress/annotations/snippet/main.go | 2 +- .../ingress/annotations/streamsnippet/main.go | 2 +- internal/ingress/controller/config/config.go | 8 +-- internal/ingress/controller/endpointslices.go | 2 +- internal/ingress/controller/nginx_test.go | 2 +- .../controller/store/endpointslice_test.go | 4 +- .../ingress/controller/store/store_test.go | 6 +-- internal/ingress/controller/util.go | 2 +- .../ingress/metric/collectors/controller.go | 6 +-- internal/ingress/resolver/main.go | 6 +-- internal/ingress/resolver/mock.go | 6 +-- internal/net/ssl/ssl.go | 4 +- pkg/apis/ingress/types.go | 8 +-- .../nginx/lua/test/balancer/sticky_test.lua | 2 +- test/e2e/endpointslices/topology.go | 2 +- test/e2e/framework/deployment.go | 2 +- test/e2e/framework/framework.go | 2 +- test/e2e/gracefulshutdown/shutdown.go | 2 +- test/e2e/settings/global_external_auth.go | 6 +-- test/k6/loadtest.js | 4 +- test/k6/smoketest.js | 6 +-- 47 files changed, 125 insertions(+), 125 deletions(-) diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml index 4594a1de46..6d5a4ef172 100644 --- a/.github/workflows/zz-tmpl-images.yaml +++ b/.github/workflows/zz-tmpl-images.yaml @@ -1,5 +1,5 @@ #### THIS IS A TEMPLATE #### -# This workflow is created to be a template for every time an e2e teest is required, +# This workflow is created to be a template for every time an e2e test is required, on: workflow_call: diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index de982df466..6d3e943ae6 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -1,5 +1,5 @@ #### THIS IS A TEMPLATE #### -# This workflow is created to be a template for every time an e2e teest is required, +# This workflow is created to be a template for every time an e2e test is required, on: workflow_call: diff --git a/Changelog.md b/Changelog.md index f74ff81198..f049654ee0 100644 --- a/Changelog.md +++ b/Changelog.md @@ -2,7 +2,7 @@ All New change are in [Changelog](./changelog) -### 1.5.1 +### 1.5.1 * Upgrade NGINX to 1.21.6 * Upgrade Golang 1.19.2 @@ -102,18 +102,18 @@ Images: ### Community Updates We will discuss the results of our Community Survey, progress on the stabilization project, and ideas going -forward with the project at -[Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us +forward with the project at +[Kubecon NA 2022 in Detroit](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/). Come join us and let us hear what you'd like to see in the future for ingress-nginx. https://kccncna2022.sched.com/event/18lgl?iframe=no [**Kubernetes Registry change notice**](https://twitter.com/BenTheElder/status/1575898507235323904) -The [@kubernetesio](https://twitter.com/kubernetesio) container image host http://k8s.gcr.io is -*actually* getting redirected to the community controlled http://registry.k8s.io starting with a small portion of +The [@kubernetesio](https://twitter.com/kubernetesio) container image host http://k8s.gcr.io is +*actually* getting redirected to the community controlled http://registry.k8s.io starting with a small portion of traffic on October 3rd. -If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheElder), +If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheElder), [@thockin](https://twitter.com/thockin), [@ameukam](https://twitter.com/ameukam),or report issues in slack to [sig-k8s-infra slack channel](https://kubernetes.slack.com/archives/CCK68P2Q2). @@ -123,7 +123,7 @@ If you notice any issues, *please* ping [Ben Elder](https://twitter.com/BenTheEl [8890](https://github.com/kubernetes/ingress-nginx/pull/8890) * Update to Prometheus metric names, more information [available here]( https://github.com/kubernetes/ingress-nginx/pull/8728 ) -* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.22, v1.23, v1.24, v1.25 +* Deprecated Kubernetes versions 1.20-1.21, Added support for, 1.25, currently supported versions v1.22, v1.23, v1.24, v1.25 ADDED * `_request_duration_seconds` Histogram @@ -203,11 +203,11 @@ Images: ### 1.3.1 -In v1.3.1 leader elections will be done entirely using the Lease API and no longer using configmaps. +In v1.3.1 leader elections will be done entirely using the Lease API and no longer using configmaps. v1.3.0 is a safe transition version, using v1.3.0 can automatically complete the merging of election locks, and then you can safely upgrade to v1.3.1. -Also, *important note*, with the Release of Kubernetes v1.25 we are dropping support for the legacy branches, -Also, *important note*, with the release of Kubernetes v1.25, we are dropping support for the legacy edition, +Also, *important note*, with the Release of Kubernetes v1.25 we are dropping support for the legacy branches, +Also, *important note*, with the release of Kubernetes v1.25, we are dropping support for the legacy edition, that means all version <1.0.0 of the ingress-nginx-controller. ## Image: @@ -277,11 +277,11 @@ All other Changes ### 1.3.0 -Image: +Image: - registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5 - registry.k8s.io/ingress-nginx/controller-chroot:v1.3.0@sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191 -_IMPORTANT CHANGES:_ +_IMPORTANT CHANGES:_ * This release removes support for Kubernetes v1.19.0 * This release adds support for Kubernetes v1.24.0 * Starting with this release, we will need permissions on the `coordination.k8s.io/leases` resource for leaderelection lock @@ -352,11 +352,11 @@ _Changes:_ ### 1.2.0 -Image: +Image: - k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185 - k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.0@sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5 -This minor version release, introduces 2 breaking changes. For the first time, an option to jail/chroot the nginx process, inside the controller container, is being introduced.. This provides an additional layer of security, for sensitive information like K8S serviceaccounts. This release also brings a special new feature of deep inspection into objects. The inspection is a walk through of all the spec, checking for possible attempts to escape configs. Currently such an inspection only occurs for `networking.Ingress`. Additionally there are fixes for the recently announced CVEs on busybox & ssl_client. And there is a fix to a recently introduced redirection related bug, that was setting the protocol on URLs to "nil". +This minor version release, introduces 2 breaking changes. For the first time, an option to jail/chroot the nginx process, inside the controller container, is being introduced. This provides an additional layer of security, for sensitive information like K8S serviceaccounts. This release also brings a special new feature of deep inspection into objects. The inspection is a walk through of all the spec, checking for possible attempts to escape configs. Currently such an inspection only occurs for `networking.Ingress`. Additionally there are fixes for the recently announced CVEs on busybox & ssl_client. And there is a fix to a recently introduced redirection related bug, that was setting the protocol on URLs to "nil". _Changes:_ @@ -419,7 +419,7 @@ _Changes:_ **Image:** - k8s.gcr.io/ingress-nginx/controller:v1.1.3@sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2 -This release upgrades Alpine to 3.14.4 and nginx to 1.19.10 +This release upgrades Alpine to 3.14.4 and nginx to 1.19.10 Patches [OpenSSL CVE-2022-0778](https://github.com/kubernetes/ingress-nginx/issues/8339) @@ -460,7 +460,7 @@ _Changes:_ ### 1.1.2 -**Image:** +**Image:** - k8s.gcr.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c This release bumps grpc version to 1.44.0 & runc to version 1.1.0. The release also re-introduces the ingress.class annotation, which was previously declared as deprecated. Besides that, several bug fixes and improvements are listed below. @@ -502,7 +502,7 @@ _Changes:_ ### 1.1.1 -**Image:** +**Image:** - k8s.gcr.io/ingress-nginx/controller:v1.1.1@sha256:0bc88eb15f9e7f84e8e56c14fa5735aaa488b840983f87bd79b1054190e660de This release contains several fixes and improvements. This image is now built using Go v1.17.6 and gRPC v1.43.0. See detailed list below. @@ -571,9 +571,9 @@ _Changes:_ _Possible Breaking Change_ We now implement string sanitization in annotation values. This means that words like "location", "by_lua" and -others will drop the reconciliation of an Ingress object. +others will drop the reconciliation of an Ingress object. -Users from mod_security and other features should be aware that some blocked values may be used by those features +Users from mod_security and other features should be aware that some blocked values may be used by those features and must be manually unblocked by the Ingress Administrator. For more details please check [https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#annotation-value-word-blocklist] @@ -592,7 +592,7 @@ _Changes:_ - k8s.gcr.io/ingress-nginx/controller:v1.0.4@sha256:545cff00370f28363dad31e3b59a94ba377854d3a11f18988f5f9e56841ef9ef _Possible Breaking Change_ -We have disabled the builtin ssl_session_cache due to possible memory fragmentation. This should not impact the majority of users, but please let us know +We have disabled the builtin ssl_session_cache due to possible memory fragmentation. This should not impact the majority of users, but please let us know if you face any problem _Changes:_ @@ -608,7 +608,7 @@ _Changes:_ - k8s.gcr.io/ingress-nginx/controller:v1.0.3@sha256:4ade87838eb8256b094fbb5272d7dda9b6c7fa8b759e6af5383c1300996a7452 **Known Issues** -* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.4, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578). +* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.4, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578). _New Features:_ @@ -624,7 +624,7 @@ _Changes:_ - k8s.gcr.io/ingress-nginx/controller:v1.0.2@sha256:85b53b493d6d658d8c013449223b0ffd739c76d76dc9bf9000786669ec04e049 **Known Issues** -* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.3, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578). +* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.3, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578). _New Features:_ @@ -640,7 +640,7 @@ _Changes:_ - k8s.gcr.io/ingress-nginx/controller:v1.0.1@sha256:26bbd57f32bac3b30f90373005ef669aae324a4de4c19588a13ddba399c6664e **Known Issues** -* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.2, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578). +* Ingress controller now (starting from v1.0.0) mandates cluster scoped access to IngressClass. This leads to problems when updating old Ingress controller to newest version, as described [here](https://github.com/kubernetes/ingress-nginx/issues/7510). We plan to fix it in v1.0.2, see [this](https://github.com/kubernetes/ingress-nginx/pull/7578). _New Features:_ @@ -883,7 +883,7 @@ _Changes:_ test #7255 - [X] [#7216](https://github.com/kubernetes/ingress-nginx/pull/7216) Admission: Skip validation checks if an ingress is marked as deleted #7216 - + ### 1.0.0-beta.3 ** This is a breaking change** @@ -2193,7 +2193,7 @@ _New Features:_ If the active connections end before that, the pod will terminate gracefully at that time. - To efectively take advantage of this feature, the Configmap feature [worker-shutdown-timeout](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#worker-shutdown-timeout) new value is `240s` instead of `10s`. + To effectively take advantage of this feature, the Configmap feature [worker-shutdown-timeout](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#worker-shutdown-timeout) new value is `240s` instead of `10s`. **IMPORTANT:** this value has a side effect during reloads, consuming more memory until the old NGINX workers are replaced. @@ -2603,7 +2603,7 @@ _New Features:_ _Breaking changes:_ - The NGINX server listening in port 18080 was removed. It was replaced by a server using an unix socket as port [#3684](https://github.com/kubernetes/ingress-nginx/pull/3684) - This server was internal to the ingress controller. In case this was being acceded from the outside, you can restore the old server using the `http-snipet` feature in the configuration configmap like: + This server was internal to the ingress controller. In case this was being acceded from the outside, you can restore the old server using the `http-snippet` feature in the configuration configmap like: ```yaml http-snippet: | diff --git a/MANUAL_RELEASE.md b/MANUAL_RELEASE.md index d7144b85d4..b1c1fd0683 100644 --- a/MANUAL_RELEASE.md +++ b/MANUAL_RELEASE.md @@ -177,21 +177,21 @@ Promoting the images basically means that images, that were pushed to staging co ``` - The -L 38 was used for 2 reasons. - Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1. If you see the current/soon-to-be-old changelog, you can look at the most recent PR number that has been accounted for already, and start from after that last accounted for PR. - - The other reason to use -L 38 was to ommit the 39th, the 40th and the 41st line in the resulting list. These were non-relevant PRs. + - The other reason to use -L 38 was to omit the 39th, the 40th and the 41st line in the resulting list. These were non-relevant PRs. - If you save the output of above command to a file called prlist.txt. It looks somewhat like this ; ``` - % cat ~/Downloads/prlist.txt + % cat ~/Downloads/prlist.txt 8129 fix syntax in docs for multi-tls example 8120 Update go in runner and release v1.1.1 8119 Update to go v1.17.6 8118 Remove deprecated libraries, update other libs 8117 Fix codegen errors - 8115 chart/ghaction: set the correct permission to have access to push a release + 8115 chart/ghaction: set the correct permission to have access to push a release .... ``` You can delete the lines, that refer to PRs of the release process itself. We only need to list the feature/bugfix PRs. You can also delete the lines that are housekeeping or not really worth mentioning in the changelog. - - you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, its possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links. + - you use some easy automation in bash/python/other, to get the PR-List that can be used in the changelog. For example, it's possible to use a bash scripty way, seen below, to convert those plaintext PR numbers into clickable links. ``` #!/usr/bin/bash @@ -205,7 +205,7 @@ Promoting the images basically means that images, that were pushed to staging co done <$file ``` - - There was a parsing issue and path issue on MacOS, so above scrpt had to be modified and MacOS monterey compatible script is below ; + - There was a parsing issue and path issue on MacOS, so above script had to be modified and MacOS monterey compatible script is below ; ``` #!/bin/bash @@ -231,7 +231,7 @@ Promoting the images basically means that images, that were pushed to staging co - tag - digest - - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md + - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md ``` GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts @@ -274,7 +274,7 @@ Promoting the images basically means that images, that were pushed to staging co ### h. Update README.md -- Update the table in README.md in the root of the projet to reflect the support matrix. Add the new release version and details in there. +- Update the table in README.md in the root of the project to reflect the support matrix. Add the new release version and details in there. ## 5. RELEASE new version @@ -291,7 +291,7 @@ Promoting the images basically means that images, that were pushed to staging co - `helm repo update` - `helm search repo ingress-nginx` -## 6. Github release +## 6. GitHub release - Release to github diff --git a/NEW_CONTRIBUTOR.md b/NEW_CONTRIBUTOR.md index e89c1ba889..20c4e3daad 100644 --- a/NEW_CONTRIBUTOR.md +++ b/NEW_CONTRIBUTOR.md @@ -20,14 +20,14 @@ It all starts with the OSI model... ### Approaching the problem -Not everybody knows everything. But the factors that help are a love/passion for this to begin. But to move forward, its the approach and not the knowledge that sustains prolonged joy, while working on issues. If the approach is simple and powered by good-wishes-for-community, then info & tools are forthcoming and easy. +Not everybody knows everything. But the factors that help are a love/passion for this to begin. But to move forward, it's the approach and not the knowledge that sustains prolonged joy, while working on issues. If the approach is simple and powered by good-wishes-for-community, then info & tools are forthcoming and easy. Here we take a bird's eye-view of the hops in the network plumbing, that a packet takes, from source to destination, when we run `curl`, from a laptop to a nginx webserver process, running in a container, inside a pod, inside a Kubernetes cluster, created using `kind` or `minikube` or any other cluster-management tool. ### [Kind](https://kind.sigs.k8s.io/) cluster example on a Linux Host #### TL;DR -The destination of the packet from the curl command, is looked up, in the `routing table`. Based on the route, the the packet first travels to the virtual bridge `172.18.0.1` interface, created by docker, when we created the kind cluster on a laptop. Next the packet is forwarded to `172.18.0.2`(See below on how we got this IP address), within the kind cluster. The `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip in this case `10.244.0.5` +The destination of the packet from the curl command, is looked up, in the `routing table`. Based on the route, the packet first travels to the virtual bridge `172.18.0.1` interface, created by docker, when we created the kind cluster on a laptop. Next the packet is forwarded to `172.18.0.2`(See below on how we got this IP address), within the kind cluster. The `kube-proxy` container creates iptables rules that make sure the packet goes to the correct pod ip in this case `10.244.0.5` Command: ``` @@ -435,7 +435,7 @@ virbr0: flags=4163 mtu 1500 ``` Output Relevance: From the above output you can see there are two Virtual Bridges created by minikube when we created the cluster on the network. Here, `virbr0` is the default NAT network bridge while `virbr2` is a isolated network bridge on which the pods run. -Minikube creates a Virtual Machine, to enter the virtual machine we can simple do: +Minikube creates a Virtual Machine, to enter the virtual machine we can simply do: ``` # minikube ssh ``` @@ -707,7 +707,7 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd ClusterIP 10.104.111.0 80/TCP 13s ``` -Once we have this we can now create a n ingress using the following +Once we have this we can now create an ingress using the following ``` kubectl -n httpd create ingress httpd --class nginx --rule httpd.dev.leonnunes.com/"*"=httpd:80 ``` @@ -771,7 +771,7 @@ Hypertext Transfer Protocol [Response in frame: 6] ``` -The above output shows the information that the `httpd` pod recieves. The `curl` command sends the host header, `Host: httpd.dev.leonnunes.com`, to the nginx controller, that then matches the rule and sends the information to the right controller +The above output shows the information that the `httpd` pod receives. The `curl` command sends the host header, `Host: httpd.dev.leonnunes.com`, to the nginx controller, that then matches the rule and sends the information to the right controller The following output shows what is sent via the laptop. ``` diff --git a/build/run-ingress-controller.sh b/build/run-ingress-controller.sh index 29338241f3..99f598b1f5 100755 --- a/build/run-ingress-controller.sh +++ b/build/run-ingress-controller.sh @@ -49,7 +49,7 @@ fi SSL_VOLUME=$(mktemp -d) function cleanup { - echo -e "${BGREEN}Stoping kubectl proxy${NC}" + echo -e "${BGREEN}Stopping kubectl proxy${NC}" rm -rf "${SSL_VOLUME}" kill "$proxy_pid" } diff --git a/changelog/controller-1.11.0.md b/changelog/controller-1.11.0.md index 34330c4413..d462f9574f 100644 --- a/changelog/controller-1.11.0.md +++ b/changelog/controller-1.11.0.md @@ -94,7 +94,7 @@ Images: * Chart: Improve IngressClass documentation. (#11104) * Chart: Deploy `PodDisruptionBudget` with KEDA. (#11032) * Undo #11062 since it breaks the nginx config (#11082) -* [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled (#11062) +* [mTLS] Fix acme verification when mTLS and Client CN verification is enabled (#11062) * golangci-lint update, ci cleanup, group dependabot updates (#11071) * bump golang (#11070) * feature(leader_election): flag to disable leader election feature on controller (#11064) diff --git a/changelog/controller-1.6.4.md b/changelog/controller-1.6.4.md index 256e5ec090..15b3f671aa 100644 --- a/changelog/controller-1.6.4.md +++ b/changelog/controller-1.6.4.md @@ -83,7 +83,7 @@ Images: * ModSecurity dependencies update to avoid Memory Leaks (#9330) * fix(hpa): deprecated api version, bump to v2 (#9348) * fix(typo): pluralize provider (#9346) -* removed deprecation messsage for ingressClass annotation (#9357) +* removed deprecation message for ingressClass annotation (#9357) * added ginkgo junit reports (#9350) * Fix typos found by codespell (#9353) * bumped ginkgo to v2.5.1 in testrunner (#9340) diff --git a/changelog/controller-1.7.1.md b/changelog/controller-1.7.1.md index 632ffe9633..a7a5c4bbf0 100644 --- a/changelog/controller-1.7.1.md +++ b/changelog/controller-1.7.1.md @@ -15,7 +15,7 @@ Images: * Add support for --container flag (#9703) * Fix typo in OpenTelemetry (#9903) * ensure make lua-test runs locally (#9902) -* update k8s.io dependecies to v0.26.4 (#9893) +* update k8s.io dependencies to v0.26.4 (#9893) * Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803) * I have not been able to fulfill my maintainer responsibilities for a while already, making it official now. (#9883) * Update k8s versions (#9879) diff --git a/changelog/controller-1.8.0.md b/changelog/controller-1.8.0.md index 48b4cdefa3..f335777d6c 100644 --- a/changelog/controller-1.8.0.md +++ b/changelog/controller-1.8.0.md @@ -39,7 +39,7 @@ on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernet * Correct annotations in monitoring docs (#9976) * fix: avoid builds and tests for changes to markdown (#9962) * Validate path types (#9967) -* HPA: Use capabilites & align manifests. (#9521) +* HPA: Use capabilities & align manifests. (#9521) * Use dl.k8s.io instead of hardcoded GCS URIs (#9946) * add option for annotations in PodDisruptionBudget (#9843) * chore: update httpbin to httpbun (#9919) diff --git a/changelog/controller-1.9.0-beta.0.md b/changelog/controller-1.9.0-beta.0.md index 79ecf596eb..5ca5cfeeb8 100644 --- a/changelog/controller-1.9.0-beta.0.md +++ b/changelog/controller-1.9.0-beta.0.md @@ -26,7 +26,7 @@ Images: * Add golangci github action and replace the deprecated golint (#10187) * BUGFIX incorrect indentation (#10254) * Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352) -* fix: path with sepecial characters warning #10281 #10308 (#10330) +* fix: path with special characters warning #10281 #10308 (#10330) * Fix golangci-lint errors (#10196) * chore(build): Fix Run make dev-env syntax error (#10294) * Add firewall configuration to quick start documentation (#10357) diff --git a/changelog/controller-1.9.0.md b/changelog/controller-1.9.0.md index 25442894f5..d6b000acc8 100644 --- a/changelog/controller-1.9.0.md +++ b/changelog/controller-1.9.0.md @@ -26,7 +26,7 @@ Images: * Add golangci github action and replace the deprecated golint (#10187) * BUGFIX incorrect indentation (#10254) * Upgrade OpenTelemetry to v1.11.0 and gRPC to v1.57.0 (#10352) -* fix: path with sepecial characters warning #10281 #10308 (#10330) +* fix: path with special characters warning #10281 #10308 (#10330) * Fix golangci-lint errors (#10196) * chore(build): Fix Run make dev-env syntax error (#10294) * Add firewall configuration to quick start documentation (#10357) diff --git a/charts/ingress-nginx/changelog/helm-chart-4.1.2.md b/charts/ingress-nginx/changelog/helm-chart-4.1.2.md index 0a1d80cf17..20618557fc 100644 --- a/charts/ingress-nginx/changelog/helm-chart-4.1.2.md +++ b/charts/ingress-nginx/changelog/helm-chart-4.1.2.md @@ -5,7 +5,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku ### 4.1.2 * [8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed -* [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter +* [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePrefix Helm chart parameter * [8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.1.0...helm-chart-4.1.2 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.7.0.md b/charts/ingress-nginx/changelog/helm-chart-4.7.0.md index 7399da777d..9d5407053e 100644 --- a/charts/ingress-nginx/changelog/helm-chart-4.7.0.md +++ b/charts/ingress-nginx/changelog/helm-chart-4.7.0.md @@ -6,7 +6,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku * helm: Fix opentelemetry module installation for daemonset (#9792) * Update charts/* to keep project name display aligned (#9931) -* HPA: Use capabilites & align manifests. (#9521) +* HPA: Use capabilities & align manifests. (#9521) * PodDisruptionBudget spec logic update (#9904) * add option for annotations in PodDisruptionBudget (#9843) * Update Ingress-Nginx version controller-v1.8.0 diff --git a/cmd/plugin/request/request.go b/cmd/plugin/request/request.go index 55df85d5e0..57b02827e9 100644 --- a/cmd/plugin/request/request.go +++ b/cmd/plugin/request/request.go @@ -131,7 +131,7 @@ func GetIngressDefinitions(flags *genericclioptions.ConfigFlags, namespace strin return pods.Items, nil } -// GetNumEndpoints counts the number of endpointslices adresses for the service with the given name +// GetNumEndpoints counts the number of endpointslices addresses for the service with the given name func GetNumEndpoints(flags *genericclioptions.ConfigFlags, namespace, serviceName string) (*int, error) { epss, err := GetEndpointSlicesByName(flags, namespace, serviceName) if err != nil { diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index f288ec82f3..8a2e80b225 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -294,7 +294,7 @@ Do not try to edit it manually. ### [[Shutdown] Grace period shutdown](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/grace_period.go#L32) - [/healthz should return status code 500 during shutdown grace period](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/grace_period.go#L35) ### [[Shutdown] ingress controller](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/shutdown.go#L30) -- [should shutdown in less than 60 secons without pending connections](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/shutdown.go#L40) +- [should shutdown in less than 60 seconds without pending connections](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/shutdown.go#L40) ### [[Shutdown] Graceful shutdown with pending request](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/slow_requests.go#L25) - [should let slow requests finish before shutting down](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/gracefulshutdown/slow_requests.go#L33) ### [[Ingress] DeepInspection](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/ingress/deep_inspection.go#L27) diff --git a/docs/examples/index.md b/docs/examples/index.md index 59745e014d..4efdae39f4 100644 --- a/docs/examples/index.md +++ b/docs/examples/index.md @@ -23,7 +23,7 @@ Customization | [External authentication with response header propagation](custo Customization | [Sysctl tuning](customization/sysctl/README.md) | TODO | TODO Features | [Rewrite](rewrite/README.md) | TODO | TODO Features | [Session stickiness](affinity/cookie/README.md) | route requests consistently to the same endpoint | Advanced -Features | [Canary Deployments](canary/README.md) | weighted canary routing to a seperate deployment | Intermediate +Features | [Canary Deployments](canary/README.md) | weighted canary routing to a separate deployment | Intermediate Scaling | [Static IP](static-ip/README.md) | a single ingress gets a single static IP | Intermediate TLS | [Multi TLS certificate termination](multi-tls/README.md) | TODO | TODO TLS | [TLS termination](tls-termination/README.md) | TODO | TODO diff --git a/docs/examples/openpolicyagent/README.md b/docs/examples/openpolicyagent/README.md index 2d653a90c2..8d6337a381 100644 --- a/docs/examples/openpolicyagent/README.md +++ b/docs/examples/openpolicyagent/README.md @@ -1,25 +1,25 @@ # OpenPolicyAgent and pathType enforcing -Ingress API allows users to specify different [pathType](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) -on Ingress object. +Ingress API allows users to specify different [pathType](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) +on Ingress object. While pathType `Exact` and `Prefix` should allow only a small set of characters, pathType `ImplementationSpecific` -allows any characters, as it may contain regexes, variables and other features that may be specific of the Ingress +allows any characters, as it may contain regexes, variables and other features that may be specific of the Ingress Controller being used. -This means that the Ingress Admins (the persona who deployed the Ingress Controller) should trust the users -allowed to use `pathType: ImplementationSpecific`, as this may allow arbitrary configuration, and this +This means that the Ingress Admins (the persona who deployed the Ingress Controller) should trust the users +allowed to use `pathType: ImplementationSpecific`, as this may allow arbitrary configuration, and this configuration may end on the proxy (aka Nginx) configuration. ## Example -The example in this repo uses [Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/) to block the usage of `pathType: ImplementationSpecific`, +The example in this repo uses [Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/) to block the usage of `pathType: ImplementationSpecific`, allowing just a specific list of namespaces to use it. It is recommended that the admin modifies this rules to enforce a specific set of characters when the usage of ImplementationSpecific is allowed, or in ways that best suits their needs. -First, the `ConstraintTemplate` from [template.yaml](template.yaml) will define a rule that validates if the Ingress object -is being created on an excempted namespace, and case not, will validate its pathType. +First, the `ConstraintTemplate` from [template.yaml](template.yaml) will define a rule that validates if the Ingress object +is being created on an exempted namespace, and case not, will validate its pathType. -Then, the rule `K8sBlockIngressPathType` contained in [rule.yaml](rule.yaml) will define the parameters: what kind of -object should be verified (Ingress), what are the excempted namespaces, and what kinds of pathType are blocked. +Then, the rule `K8sBlockIngressPathType` contained in [rule.yaml](rule.yaml) will define the parameters: what kind of +object should be verified (Ingress), what are the exempted namespaces, and what kinds of pathType are blocked. diff --git a/docs/examples/openpolicyagent/template.yaml b/docs/examples/openpolicyagent/template.yaml index ed2a6ba1cd..4302415a28 100644 --- a/docs/examples/openpolicyagent/template.yaml +++ b/docs/examples/openpolicyagent/template.yaml @@ -17,11 +17,11 @@ spec: properties: blockedTypes: type: array - items: - type: string + items: + type: string namespacesExceptions: type: array - items: + items: type: string targets: - target: admission.k8s.gatekeeper.sh @@ -31,8 +31,8 @@ spec: violation[{"msg": msg}] { input.review.kind.kind == "Ingress" ns := input.review.object.metadata.namespace - excemptNS := [good | excempts = input.parameters.namespacesExceptions[_] ; good = excempts == ns] - not any(excemptNS) + exemptNS := [good | exempts = input.parameters.namespacesExceptions[_] ; good = exempts == ns] + not any(exemptNS) pathType := object.get(input.review.object.spec.rules[_].http.paths[_], "pathType", "") blockedPath := [blocked | blockedTypes = input.parameters.blockedTypes[_] ; blocked = blockedTypes == pathType] any(blockedPath) diff --git a/docs/user-guide/third-party-addons/opentelemetry.md b/docs/user-guide/third-party-addons/opentelemetry.md index 4d71ff6757..d2cf56bf55 100644 --- a/docs/user-guide/third-party-addons/opentelemetry.md +++ b/docs/user-guide/third-party-addons/opentelemetry.md @@ -65,7 +65,7 @@ otel-max-queuesize # The delay interval in milliseconds between two consecutive exports. otel-schedule-delay-millis - + # How long the export can run before it is cancelled. otel-schedule-delay-millis @@ -112,7 +112,7 @@ graph TB end subgraph otel - otc["Otel Collector"] + otc["Otel Collector"] end subgraph observability @@ -190,7 +190,7 @@ To install the example and collectors run: helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts helm repo add grafana https://grafana.github.io/helm-charts helm repo update - # deply cert-manager needed for OpenTelemetry collector operator + # deploy cert-manager needed for OpenTelemetry collector operator kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml # create observability namespace kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/namespace.yaml diff --git a/images/kube-webhook-certgen/rootfs/pkg/k8s/k8s_test.go b/images/kube-webhook-certgen/rootfs/pkg/k8s/k8s_test.go index f11bef9812..b326697b62 100644 --- a/images/kube-webhook-certgen/rootfs/pkg/k8s/k8s_test.go +++ b/images/kube-webhook-certgen/rootfs/pkg/k8s/k8s_test.go @@ -186,7 +186,7 @@ func Test_Patching_objects(t *testing.T) { }) // This is to preserve old behavior and log format, it could be improved. - t.Run("diffent_non_empty_names_are_specified_for_validating_and_mutating_webhook", func(t *testing.T) { + t.Run("different_non_empty_names_are_specified_for_validating_and_mutating_webhook", func(t *testing.T) { t.Parallel() k := testK8sWithUnpatchedObjects() diff --git a/internal/admission/controller/server.go b/internal/admission/controller/server.go index 7fc61bcbbd..74f55fd016 100644 --- a/internal/admission/controller/server.go +++ b/internal/admission/controller/server.go @@ -47,7 +47,7 @@ type AdmissionControllerServer struct { AdmissionController AdmissionController } -// NewAdmissionControllerServer instanciates an admission controller server with +// NewAdmissionControllerServer instantiates an admission controller server with // a default codec func NewAdmissionControllerServer(ac AdmissionController) *AdmissionControllerServer { return &AdmissionControllerServer{ diff --git a/internal/ingress/annotations/loadbalancing/main.go b/internal/ingress/annotations/loadbalancing/main.go index ee89d2c1b7..0e5ca8bd88 100644 --- a/internal/ingress/annotations/loadbalancing/main.go +++ b/internal/ingress/annotations/loadbalancing/main.go @@ -23,22 +23,22 @@ import ( "k8s.io/ingress-nginx/internal/ingress/resolver" ) -// LB Alghorithms are defined in https://github.com/kubernetes/ingress-nginx/blob/d3e75b056f77be54e01bdb18675f1bb46caece31/rootfs/etc/nginx/lua/balancer.lua#L28 +// LB Algorithms are defined in https://github.com/kubernetes/ingress-nginx/blob/d3e75b056f77be54e01bdb18675f1bb46caece31/rootfs/etc/nginx/lua/balancer.lua#L28 const ( - loadBalanceAlghoritmAnnotation = "load-balance" + loadBalanceAlgorithmAnnotation = "load-balance" ) -var loadBalanceAlghoritms = []string{"round_robin", "chash", "chashsubset", "sticky_balanced", "sticky_persistent", "ewma"} +var loadBalanceAlgorithms = []string{"round_robin", "chash", "chashsubset", "sticky_balanced", "sticky_persistent", "ewma"} var loadBalanceAnnotations = parser.Annotation{ Group: "backend", Annotations: parser.AnnotationFields{ - loadBalanceAlghoritmAnnotation: { - Validator: parser.ValidateOptions(loadBalanceAlghoritms, true, true), + loadBalanceAlgorithmAnnotation: { + Validator: parser.ValidateOptions(loadBalanceAlgorithms, true, true), Scope: parser.AnnotationScopeLocation, Risk: parser.AnnotationRiskLow, - Documentation: `This annotation allows setting the load balancing alghorithm that should be used. If none is specified, defaults to + Documentation: `This annotation allows setting the load balancing algorithm that should be used. If none is specified, defaults to the default configured by Ingress admin, otherwise to round_robin`, }, }, @@ -61,7 +61,7 @@ func NewParser(r resolver.Resolver) parser.IngressAnnotation { // used to indicate if the location/s contains a fragment of // configuration to be included inside the paths of the rules func (a loadbalancing) Parse(ing *networking.Ingress) (interface{}, error) { - return parser.GetStringAnnotation(loadBalanceAlghoritmAnnotation, ing, a.annotationConfig.Annotations) + return parser.GetStringAnnotation(loadBalanceAlgorithmAnnotation, ing, a.annotationConfig.Annotations) } func (a loadbalancing) GetDocumentation() parser.AnnotationFields { diff --git a/internal/ingress/annotations/mirror/main_test.go b/internal/ingress/annotations/mirror/main_test.go index 1f6b44d61d..805f1ef6d0 100644 --- a/internal/ingress/annotations/mirror/main_test.go +++ b/internal/ingress/annotations/mirror/main_test.go @@ -90,7 +90,7 @@ func TestParse(t *testing.T) { Target: "http://some.test.env.com:2121/$someparam=1&$someotherparam=2", Host: "some.test.env.com", }}, - {map[string]string{backendURL: "http://some.test.env.com", host: "someInvalidParm.%^&*()_=!@#'\""}, &Config{ + {map[string]string{backendURL: "http://some.test.env.com", host: "someInvalidParam.%^&*()_=!@#'\""}, &Config{ Source: ngxURI, RequestBody: "on", Target: "http://some.test.env.com", diff --git a/internal/ingress/annotations/serversnippet/main.go b/internal/ingress/annotations/serversnippet/main.go index aa15608d01..bce764e695 100644 --- a/internal/ingress/annotations/serversnippet/main.go +++ b/internal/ingress/annotations/serversnippet/main.go @@ -33,7 +33,7 @@ var serverSnippetAnnotations = parser.Annotation{ serverSnippetAnnotation: { Validator: parser.ValidateNull, Scope: parser.AnnotationScopeIngress, - Risk: parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configutations + Risk: parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configurations Documentation: `This annotation allows setting a custom NGINX configuration on a server block. This annotation does not contain any validation and it's usage is not recommended!`, }, }, diff --git a/internal/ingress/annotations/serviceupstream/main.go b/internal/ingress/annotations/serviceupstream/main.go index d1851bc7b6..7819d87d8d 100644 --- a/internal/ingress/annotations/serviceupstream/main.go +++ b/internal/ingress/annotations/serviceupstream/main.go @@ -34,7 +34,7 @@ var serviceUpstreamAnnotations = parser.Annotation{ serviceUpstreamAnnotation: { Validator: parser.ValidateBool, Scope: parser.AnnotationScopeIngress, - Risk: parser.AnnotationRiskLow, // Critical, this annotation is not validated at all and allows arbitrary configutations + Risk: parser.AnnotationRiskLow, // Critical, this annotation is not validated at all and allows arbitrary configurations Documentation: `This annotation makes NGINX use Service's Cluster IP and Port instead of Endpoints as the backend endpoints`, }, }, diff --git a/internal/ingress/annotations/snippet/main.go b/internal/ingress/annotations/snippet/main.go index 2406093c5d..c2df84cdd3 100644 --- a/internal/ingress/annotations/snippet/main.go +++ b/internal/ingress/annotations/snippet/main.go @@ -33,7 +33,7 @@ var configurationSnippetAnnotations = parser.Annotation{ configurationSnippetAnnotation: { Validator: parser.ValidateNull, Scope: parser.AnnotationScopeLocation, - Risk: parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configutations + Risk: parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configurations Documentation: `This annotation allows setting a custom NGINX configuration on a location block. This annotation does not contain any validation and it's usage is not recommended!`, }, }, diff --git a/internal/ingress/annotations/streamsnippet/main.go b/internal/ingress/annotations/streamsnippet/main.go index 71ff3b1404..7743d3fee1 100644 --- a/internal/ingress/annotations/streamsnippet/main.go +++ b/internal/ingress/annotations/streamsnippet/main.go @@ -33,7 +33,7 @@ var streamSnippetAnnotations = parser.Annotation{ streamSnippetAnnotation: { Validator: parser.ValidateNull, Scope: parser.AnnotationScopeIngress, - Risk: parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configutations + Risk: parser.AnnotationRiskCritical, // Critical, this annotation is not validated at all and allows arbitrary configurations Documentation: `This annotation allows setting a custom NGINX configuration on a stream block. This annotation does not contain any validation and it's usage is not recommended!`, }, }, diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 5e0ca2296d..bc0ba9d007 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -119,7 +119,7 @@ type Configuration struct { // By default this is disabled AllowBackendServerHeader bool `json:"allow-backend-server-header"` - // AccessLogParams sets additionals params for access_log + // AccessLogParams sets additional params for access_log // http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log // By default it's empty AccessLogParams string `json:"access-log-params,omitempty"` @@ -423,7 +423,7 @@ type Configuration struct { // Example '60s' ProxyProtocolHeaderTimeout time.Duration `json:"proxy-protocol-header-timeout,omitempty"` - // Enables or disables the directive aio_write that writes files files asynchronously + // Enables or disables the directive aio_write that writes files asynchronously // https://nginx.org/en/docs/http/ngx_http_core_module.html#aio_write EnableAioWrite bool `json:"enable-aio-write,omitempty"` @@ -617,7 +617,7 @@ type Configuration struct { // Default: 0.01 OtelSamplerRatio float32 `json:"otel-sampler-ratio"` - // OtelSamplerParentBased specifies the parent based sampler to be use for any traces created + // OtelSamplerParentBased specifies the parent based sampler to be used for any traces created // Default: true OtelSamplerParentBased bool `json:"otel-sampler-parent-based"` @@ -714,7 +714,7 @@ type Configuration struct { DefaultSSLCertificate *ingress.SSLCert `json:"-"` // ProxySSLLocationOnly controls whether the proxy-ssl parameters defined in the - // proxy-ssl-* annotations are applied on on location level only in the nginx.conf file + // proxy-ssl-* annotations are applied on location level only in the nginx.conf file // Default is that those are applied on server level, too ProxySSLLocationOnly bool `json:"proxy-ssl-location-only"` diff --git a/internal/ingress/controller/endpointslices.go b/internal/ingress/controller/endpointslices.go index 4f98e3ce7a..ed46e2c853 100644 --- a/internal/ingress/controller/endpointslices.go +++ b/internal/ingress/controller/endpointslices.go @@ -115,7 +115,7 @@ func getEndpointsFromSlices(s *corev1.Service, port *corev1.ServicePort, proto c useTopologyHints = false if zoneForHints != emptyZone { useTopologyHints = true - // check if all endpointslices has zone hints + // check if all endpointslices have zone hints for _, ep := range eps.Endpoints { if ep.Hints == nil || len(ep.Hints.ForZones) == 0 { useTopologyHints = false diff --git a/internal/ingress/controller/nginx_test.go b/internal/ingress/controller/nginx_test.go index 27180e066d..7b00916c73 100644 --- a/internal/ingress/controller/nginx_test.go +++ b/internal/ingress/controller/nginx_test.go @@ -410,7 +410,7 @@ func TestCleanTempNginxCfg(t *testing.T) { } } -//nolint:unparam // Ingnore `network` always receives `"tcp"` error +//nolint:unparam // Ignore `network` always receives `"tcp"` error func tryListen(network, address string) (l net.Listener, err error) { condFunc := func() (bool, error) { l, err = net.Listen(network, address) diff --git a/internal/ingress/controller/store/endpointslice_test.go b/internal/ingress/controller/store/endpointslice_test.go index 5d423a3a6f..0bdb3aa339 100644 --- a/internal/ingress/controller/store/endpointslice_test.go +++ b/internal/ingress/controller/store/endpointslice_test.go @@ -88,7 +88,7 @@ func TestEndpointSliceLister(t *testing.T) { } eps, err := el.MatchByKey(key) if err != nil { - t.Errorf("unexpeted error %v", err) + t.Errorf("unexpected error %v", err) } if err == nil && len(eps) != 1 { t.Errorf("expected one slice %v, error, got %d slices", endpointSlice, len(eps)) @@ -130,7 +130,7 @@ func TestEndpointSliceLister(t *testing.T) { } eps, err := el.MatchByKey(key) if err != nil { - t.Errorf("unexpeted error %v", err) + t.Errorf("unexpected error %v", err) } if len(eps) != 1 { t.Errorf("expected one slice %v, error, got %d slices", endpointSlice, len(eps)) diff --git a/internal/ingress/controller/store/store_test.go b/internal/ingress/controller/store/store_test.go index 317c0f36c2..9c719af3bd 100644 --- a/internal/ingress/controller/store/store_test.go +++ b/internal/ingress/controller/store/store_test.go @@ -1208,13 +1208,13 @@ func TestStore(t *testing.T) { } }(updateCh) - namesapceSelector, err := labels.Parse("foo=bar") + namespaceSelector, err := labels.Parse("foo=bar") if err != nil { t.Errorf("unexpected error: %v", err) } storer := New( ns, - namesapceSelector, + namespaceSelector, fmt.Sprintf("%v/config", ns), fmt.Sprintf("%v/tcp", ns), fmt.Sprintf("%v/udp", ns), @@ -1274,7 +1274,7 @@ func TestStore(t *testing.T) { t.Errorf("expected 0 events of type Delete but %v occurred", del) } }) - // test add ingress with secret it doesn't exists and then add secret + // test add ingress with secret it doesn't exist and then add secret // check secret is generated on fs // check ocsp // check invalid secret (missing crt) diff --git a/internal/ingress/controller/util.go b/internal/ingress/controller/util.go index 8851f323f7..79bf931efa 100644 --- a/internal/ingress/controller/util.go +++ b/internal/ingress/controller/util.go @@ -129,7 +129,7 @@ func NewNginxCommand() NginxCommand { return command } -// ExecCommand instanciates an exec.Cmd object to call nginx program +// ExecCommand instantiates an exec.Cmd object to call nginx program func (nc NginxCommand) ExecCommand(args ...string) *exec.Cmd { cmdArgs := []string{} diff --git a/internal/ingress/metric/collectors/controller.go b/internal/ingress/metric/collectors/controller.go index 4ee84bc568..697b57ca81 100644 --- a/internal/ingress/metric/collectors/controller.go +++ b/internal/ingress/metric/collectors/controller.go @@ -225,7 +225,7 @@ func (cm *Controller) IncCheckErrorCount(namespace, name string) { cm.checkIngressOperationErrors.MustCurryWith(cm.constLabels).With(labels).Inc() } -// IncOrphanIngress sets the the orphaned ingress gauge to one +// IncOrphanIngress sets the orphaned ingress gauge to one func (cm *Controller) IncOrphanIngress(namespace, name, orphanityType string) { labels := prometheus.Labels{ "namespace": namespace, @@ -235,7 +235,7 @@ func (cm *Controller) IncOrphanIngress(namespace, name, orphanityType string) { cm.OrphanIngress.MustCurryWith(cm.constLabels).With(labels).Set(1.0) } -// DecOrphanIngress sets the the orphaned ingress gauge to zero (all services has their endpoints) +// DecOrphanIngress sets the orphaned ingress gauge to zero (all services has their endpoints) func (cm *Controller) DecOrphanIngress(namespace, name, orphanityType string) { labels := prometheus.Labels{ "namespace": namespace, @@ -311,7 +311,7 @@ func (cm *Controller) SetSSLExpireTime(servers []*ingress.Server) { } } -// SetSSLInfo creates a metric with all certificates informations +// SetSSLInfo creates a metric with all certificate information func (cm *Controller) SetSSLInfo(servers []*ingress.Server) { for _, s := range servers { if s.SSLCert == nil || s.SSLCert.Certificate == nil || s.SSLCert.Certificate.SerialNumber == nil { diff --git a/internal/ingress/resolver/main.go b/internal/ingress/resolver/main.go index 7d17f4e16f..259f44e49c 100644 --- a/internal/ingress/resolver/main.go +++ b/internal/ingress/resolver/main.go @@ -29,10 +29,10 @@ type Resolver interface { // GetSecurityConfiguration returns the configuration options from Ingress GetSecurityConfiguration() defaults.SecurityConfiguration - // GetConfigMap searches for configmap containing the namespace and name usting the character / + // GetConfigMap searches for configmap containing the namespace and name using the character / GetConfigMap(string) (*apiv1.ConfigMap, error) - // GetSecret searches for secrets containing the namespace and name using a the character / + // GetSecret searches for secrets containing the namespace and name using the character / GetSecret(string) (*apiv1.Secret, error) // GetAuthCertificate resolves a given secret name into an SSL certificate and CRL. @@ -42,7 +42,7 @@ type Resolver interface { // ca.crl: contains the revocation list used for authentication GetAuthCertificate(string) (*AuthSSLCert, error) - // GetService searches for services containing the namespace and name using a the character / + // GetService searches for services containing the namespace and name using the character / GetService(string) (*apiv1.Service, error) } diff --git a/internal/ingress/resolver/mock.go b/internal/ingress/resolver/mock.go index 679c3b13ce..64c4c79a7e 100644 --- a/internal/ingress/resolver/mock.go +++ b/internal/ingress/resolver/mock.go @@ -47,7 +47,7 @@ func (m Mock) GetSecurityConfiguration() defaults.SecurityConfiguration { } } -// GetSecret searches for secrets contenating the namespace and name using a the character / +// GetSecret searches for secrets containing the namespace and name using the character / func (m Mock) GetSecret(string) (*apiv1.Secret, error) { return nil, nil } @@ -60,12 +60,12 @@ func (m Mock) GetAuthCertificate(string) (*AuthSSLCert, error) { return nil, nil } -// GetService searches for services contenating the namespace and name using a the character / +// GetService searches for services containing the namespace and name using the character / func (m Mock) GetService(string) (*apiv1.Service, error) { return nil, nil } -// GetConfigMap searches for configMaps contenating the namespace and name using a the character / +// GetConfigMap searches for configMaps containing the namespace and name using the character / func (m Mock) GetConfigMap(name string) (*apiv1.ConfigMap, error) { if v, ok := m.ConfigMaps[name]; ok { return v, nil diff --git a/internal/net/ssl/ssl.go b/internal/net/ssl/ssl.go index f8bac23779..0592303bc4 100644 --- a/internal/net/ssl/ssl.go +++ b/internal/net/ssl/ssl.go @@ -442,7 +442,7 @@ func getFakeHostSSLCert(host string) (cert, key []byte) { // fullChainCert checks if a certificate file contains issues in the intermediate CA chain // Returns a new certificate with the intermediate certificates. -// If the certificate does not contains issues with the chain it return an empty byte array +// If the certificate does not contain issues with the chain it returns an empty byte array func fullChainCert(in []byte) ([]byte, error) { cert, err := certUtil.DecodeCertificate(in) if err != nil { @@ -523,7 +523,7 @@ func (tl *TLSListener) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, e return tl.certificate, tl.err } -// TLSConfig instanciates a TLS configuration, always providing an up to date certificate +// TLSConfig instantiates a TLS configuration, always providing an up to date certificate func (tl *TLSListener) TLSConfig() *tls.Config { return &tls.Config{ GetCertificate: tl.GetCertificate, diff --git a/pkg/apis/ingress/types.go b/pkg/apis/ingress/types.go index 36067732ea..c6be89c6a0 100644 --- a/pkg/apis/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -199,10 +199,10 @@ type Server struct { Aliases []string `json:"aliases,omitempty"` // RedirectFromToWWW returns if a redirect to/from prefix www is required RedirectFromToWWW bool `json:"redirectFromToWWW,omitempty"` - // CertificateAuth indicates the this server requires mutual authentication + // CertificateAuth indicates this server requires mutual authentication // +optional CertificateAuth authtls.Config `json:"certificateAuth"` - // ProxySSL indicates the this server uses client certificate to access backends + // ProxySSL indicates this server uses client certificate to access backends // +optional ProxySSL proxyssl.Config `json:"proxySSL"` // ServerSnippet returns the snippet of server @@ -220,7 +220,7 @@ type Server struct { // Location describes an URI inside a server. // Also contains additional information about annotations in the Ingress. // -// In some cases when more than one annotations is defined a particular order in the execution +// In some cases when more than one annotation is defined a particular order in the execution // is required. // The chain in the execution order of annotations should be: // - Denylist @@ -347,7 +347,7 @@ type Location struct { // CustomHTTPErrors specifies the error codes that should be intercepted. // +optional CustomHTTPErrors []int `json:"custom-http-errors"` - // ProxyInterceptErrors disables error intecepting when using CustomHTTPErrors + // ProxyInterceptErrors disables error interception when using CustomHTTPErrors // e.g. custom 404 and 503 when service-a does not exist or is not available // but service-a can return 404 and 503 error codes without intercept // +optional diff --git a/rootfs/etc/nginx/lua/test/balancer/sticky_test.lua b/rootfs/etc/nginx/lua/test/balancer/sticky_test.lua index 80d0c0d0ec..70723143b6 100644 --- a/rootfs/etc/nginx/lua/test/balancer/sticky_test.lua +++ b/rootfs/etc/nginx/lua/test/balancer/sticky_test.lua @@ -357,7 +357,7 @@ describe("Sticky", function() for _ = 1, 100 do local new_upstream = sticky_balancer_instance:balance() if change_on_failure == false then - -- upstream should be the same inspite of error, if change_on_failure option is false + -- upstream should be the same in spite of error, if change_on_failure option is false assert.equal(new_upstream, old_upstream) else -- upstream should change after error, if change_on_failure option is true diff --git a/test/e2e/endpointslices/topology.go b/test/e2e/endpointslices/topology.go index 38c5f8b761..70f7ff86b5 100644 --- a/test/e2e/endpointslices/topology.go +++ b/test/e2e/endpointslices/topology.go @@ -84,7 +84,7 @@ var _ = framework.IngressNginxDescribeSerial("[TopologyHints] topology aware rou } if gotHints { - // we have 2 replics, if there is just one backend it means that we are routing according slices hints to same zone as controller is + // we have 2 replicas, if there is just one backend it means that we are routing according slices hints to same zone as controller is assert.Equal(ginkgo.GinkgoT(), 1, gotBackends) } else { // two replicas should have two endpoints without topology hints diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 08a5353b24..9eaf425653 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -43,7 +43,7 @@ const HTTPBunService = "httpbun" // NipService name of external service using nip.io const NIPService = "external-nip" -// HTTPBunImage is the default image that is used to deploy HTTPBun with the framwork +// HTTPBunImage is the default image that is used to deploy HTTPBun with the framework var HTTPBunImage = os.Getenv("HTTPBUN_IMAGE") // EchoImage is the default image to be used by the echo service diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index b71d84baa1..65f10ba5d0 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -100,7 +100,7 @@ func NewDefaultFramework(baseName string, opts ...func(*Framework)) *Framework { } // NewSimpleFramework makes a new framework that allows the usage of a namespace -// for arbitraty tests. +// for arbitrary tests. func NewSimpleFramework(baseName string, opts ...func(*Framework)) *Framework { defer ginkgo.GinkgoRecover() diff --git a/test/e2e/gracefulshutdown/shutdown.go b/test/e2e/gracefulshutdown/shutdown.go index 604143da81..e9883338f1 100644 --- a/test/e2e/gracefulshutdown/shutdown.go +++ b/test/e2e/gracefulshutdown/shutdown.go @@ -37,7 +37,7 @@ var _ = framework.IngressNginxDescribe("[Shutdown] ingress controller", func() { f.NewSlowEchoDeployment() }) - ginkgo.It("should shutdown in less than 60 secons without pending connections", func() { + ginkgo.It("should shutdown in less than 60 seconds without pending connections", func() { f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.SlowEchoService, 80, nil)) f.WaitForNginxServer(host, diff --git a/test/e2e/settings/global_external_auth.go b/test/e2e/settings/global_external_auth.go index 741e6f9552..f589a63e94 100644 --- a/test/e2e/settings/global_external_auth.go +++ b/test/e2e/settings/global_external_auth.go @@ -32,8 +32,8 @@ import ( ) const ( - disable = "false" - noAuthLocaltionSetting = "no-auth-locations" + disable = "false" + noAuthLocationSetting = "no-auth-locations" ) var _ = framework.DescribeSetting("[Security] global-auth-url", func() { @@ -51,7 +51,7 @@ var _ = framework.DescribeSetting("[Security] global-auth-url", func() { fooPath := "/foo" barPath := "/bar" - noAuthSetting := noAuthLocaltionSetting + noAuthSetting := noAuthLocationSetting noAuthLocations := barPath enableGlobalExternalAuthAnnotation := "nginx.ingress.kubernetes.io/enable-global-auth" diff --git a/test/k6/loadtest.js b/test/k6/loadtest.js index 2396948fcd..51801765ed 100644 --- a/test/k6/loadtest.js +++ b/test/k6/loadtest.js @@ -1,6 +1,6 @@ // This is a loadtest under development // Test here is spec'd to have 100virtual-users -// Other specs currently similar to smoktest +// Other specs currently similar to smoketest // But loadtest needs testplan that likely uses auth & data-transfer import http from 'k6/http'; @@ -35,7 +35,7 @@ export default function () { const req3 = { params: { headers: { - 'Content-Type': 'application/x-www-form-urlencoded' + 'Content-Type': 'application/x-www-form-urlencoded' }, }, method: 'POST', diff --git a/test/k6/smoketest.js b/test/k6/smoketest.js index 8fe9e950a5..12691b63ae 100644 --- a/test/k6/smoketest.js +++ b/test/k6/smoketest.js @@ -1,4 +1,4 @@ -// smotest.js edited after copy/pasting from https://k6.io docs +// smoketest.js edited after copy/pasting from https://k6.io docs // Using this like loadtest because of limited cpu/memory/other import http from 'k6/http'; @@ -22,7 +22,7 @@ export const options = { }; export default function () { - // docs of k6 say this is how to adds host header + // docs of k6 say this is how to add host header // needed as ingress is created with this host value const params = { headers: {'host': 'test.ingress-nginx-controller.ga'}, @@ -39,7 +39,7 @@ export default function () { const req3 = { params: { headers: { - 'Content-Type': 'application/json' + 'Content-Type': 'application/json' }, }, method: 'POST', From 1507bd0609d2c0d6d8c1a90581bbf00e6d2f230b Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sat, 7 Sep 2024 21:33:20 -0700 Subject: [PATCH 26/81] Images: Use latest Alpine 3.20 everywhere. (#11946) Co-authored-by: Marco Ebert --- docs/examples/customization/sysctl/patch.json | 2 +- images/cfssl/rootfs/Dockerfile | 4 ++-- images/nginx-1.25/rootfs/Dockerfile | 4 ++-- images/nginx/rootfs/Dockerfile | 4 ++-- images/opentelemetry/rootfs/Dockerfile | 2 +- images/test-runner/rootfs/Dockerfile | 2 +- rootfs/Dockerfile-chroot | 2 +- test/e2e-image/Dockerfile | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/examples/customization/sysctl/patch.json b/docs/examples/customization/sysctl/patch.json index e87c9affaa..fb4fc057fb 100644 --- a/docs/examples/customization/sysctl/patch.json +++ b/docs/examples/customization/sysctl/patch.json @@ -4,7 +4,7 @@ "spec": { "initContainers": [{ "name": "sysctl", - "image": "alpine:3.18", + "image": "alpine:3.20", "securityContext": { "privileged": true }, diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index c23f66d49b..7f7003f101 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,9 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.20.0 +FROM alpine:3.20 -RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories +RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk update \ && apk upgrade && \ apk add --no-cache \ diff --git a/images/nginx-1.25/rootfs/Dockerfile b/images/nginx-1.25/rootfs/Dockerfile index 13dcec33d7..1d2b6b6230 100644 --- a/images/nginx-1.25/rootfs/Dockerfile +++ b/images/nginx-1.25/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.20.0 as builder +FROM alpine:3.20 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.20.0 +FROM alpine:3.20 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index f3d61017e6..245bb353b1 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.20.0 as builder +FROM alpine:3.20 as builder COPY . / @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.20.0 +FROM alpine:3.20 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index f67948b86c..9f3cb2eae8 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.20.0 AS base +FROM alpine:3.20 AS base RUN mkdir -p /opt/third_party/install COPY . /opt/third_party/ diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index fd664f2e55..7bcc2f25cc 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -48,7 +48,7 @@ RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" COPY --from=etcd /usr/local/bin/etcd /usr/local/bin/etcd -RUN echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories +RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk update && apk upgrade && apk add --no-cache \ bash \ diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index c06db22529..b719f2fc32 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.20.0 +FROM alpine:3.20 ARG TARGETARCH ARG VERSION diff --git a/test/e2e-image/Dockerfile b/test/e2e-image/Dockerfile index 7bd7c9c1ce..5e74174779 100644 --- a/test/e2e-image/Dockerfile +++ b/test/e2e-image/Dockerfile @@ -1,7 +1,7 @@ ARG E2E_BASE_IMAGE FROM ${E2E_BASE_IMAGE} AS BASE -FROM alpine:3.20.0 +FROM alpine:3.20 RUN apk update \ && apk upgrade && apk add -U --no-cache \ From 44efd44aed8a01ef62b570433f780aa8fb4a6835 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sat, 7 Sep 2024 22:19:20 -0700 Subject: [PATCH 27/81] Docs: Add note about `--watch-namespace`. (#11949) Co-authored-by: longwuyuan --- docs/deploy/index.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index e298cb27fd..ae5458eeae 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -266,7 +266,6 @@ In AWS, we use a Network load balancer (NLB) to expose the Ingress-Nginx Control [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html) with [AWS Load Balancer Controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller). - ##### Network Load Balancer (NLB) ```console @@ -364,8 +363,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont ```console kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/scw/deploy.yaml ``` -Refer to the [dedicated tutorial](https://www.scaleway.com/en/docs/tutorials/proxy-protocol-v2-load-balancer/#configuring-proxy-protocol-for-ingress-nginx) in the Scaleway documentation for configuring the proxy protocol for ingress-nginx with the Scaleway load balancer. +Refer to the [dedicated tutorial](https://www.scaleway.com/en/docs/tutorials/proxy-protocol-v2-load-balancer/#configuring-proxy-protocol-for-ingress-nginx) in the Scaleway documentation for configuring the proxy protocol for ingress-nginx with the Scaleway load balancer. #### Exoscale @@ -428,7 +427,7 @@ kubectl exec $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version By default, the controller watches Ingress objects from all namespaces. If you want to change this behavior, use the flag `--watch-namespace` or check the Helm chart value `controller.scope` to limit the controller to a single -namespace. +namespace. Although the use of this flag is not popular, one important fact to note is that the secret containing the default-ssl-certificate needs to also be present in the watched namespace(s). See also [“How to easily install multiple instances of the Ingress NGINX controller in the same cluster”](https://kubernetes.github.io/ingress-nginx/#how-to-easily-install-multiple-instances-of-the-ingress-nginx-controller-in-the-same-cluster) From 5d8e08f163ea197538529e80cc32064179fa7208 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sun, 8 Sep 2024 03:19:20 -0700 Subject: [PATCH 28/81] Images: Bump OpenTelemetry C++ Contrib. (#11951) Co-authored-by: Damien Mehala --- images/nginx-1.25/rootfs/build.sh | 2 +- images/opentelemetry/rootfs/build.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh index f60a260f96..f9ea3840b8 100755 --- a/images/nginx-1.25/rootfs/build.sh +++ b/images/nginx-1.25/rootfs/build.sh @@ -518,7 +518,7 @@ make make modules make install -export OPENTELEMETRY_CONTRIB_COMMIT=aaa51e2297bcb34297f3c7aa44fa790497d2f7f3 +export OPENTELEMETRY_CONTRIB_COMMIT=e11348bb400d5472bf1da5d6128bead66fa111ff cd "$BUILD_PATH" git clone https://github.com/open-telemetry/opentelemetry-cpp-contrib.git opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT} diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index 649595a750..6f803fc9f1 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -116,8 +116,8 @@ install_otel() install_nginx() { - # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main - export OPENTELEMETRY_CONTRIB_COMMIT=aaa51e2297bcb34297f3c7aa44fa790497d2f7f3 + # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/e11348bb400d5472bf1da5d6128bead66fa111ff...main + export OPENTELEMETRY_CONTRIB_COMMIT=e11348bb400d5472bf1da5d6128bead66fa111ff mkdir -p /etc/nginx cd "$BUILD_PATH" From 7b67e9716b22d22fdbe47e4d2f95b57b77cb28dc Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 9 Sep 2024 07:26:16 -0700 Subject: [PATCH 29/81] Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11957) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 36b5f79e10..789fae3f0e 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/onsi/ginkgo/v2 v2.20.2 github.com/opencontainers/runc v1.1.14 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 - github.com/prometheus/client_golang v1.20.2 + github.com/prometheus/client_golang v1.20.3 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.57.0 github.com/spf13/cobra v1.8.1 diff --git a/go.sum b/go.sum index 51d85b04cf..7d5f2c9a3c 100644 --- a/go.sum +++ b/go.sum @@ -182,8 +182,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= -github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4= +github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY= From 91946607fbb1ae8a506c51615db2dfe1686dd17c Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 9 Sep 2024 07:26:25 -0700 Subject: [PATCH 30/81] Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11958) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 789fae3f0e..e3e203a3a2 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.9.0 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 google.golang.org/grpc v1.66.0 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab @@ -117,9 +117,9 @@ require ( golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/term v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/term v0.24.0 // indirect + golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.24.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect diff --git a/go.sum b/go.sum index 7d5f2c9a3c..51ddb22647 100644 --- a/go.sum +++ b/go.sum @@ -238,8 +238,8 @@ golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90te golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -276,14 +276,14 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From 2eebadf8dd261b097991e977503fcc319680e62b Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Tue, 10 Sep 2024 03:27:44 -0700 Subject: [PATCH 31/81] Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11961) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index e3e203a3a2..2055ad7c62 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 github.com/prometheus/client_golang v1.20.3 github.com/prometheus/client_model v0.6.1 - github.com/prometheus/common v0.57.0 + github.com/prometheus/common v0.59.1 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 @@ -115,7 +115,7 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/mod v0.20.0 // indirect golang.org/x/net v0.28.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect + golang.org/x/oauth2 v0.22.0 // indirect golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.25.0 // indirect golang.org/x/term v0.24.0 // indirect diff --git a/go.sum b/go.sum index 51ddb22647..5e87f616c1 100644 --- a/go.sum +++ b/go.sum @@ -186,8 +186,8 @@ github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0q github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY= -github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI= +github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= +github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= @@ -254,8 +254,8 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= +golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From 21cd45661886d93cc0592312df8d0f039a4f5473 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Fri, 13 Sep 2024 10:03:14 -0700 Subject: [PATCH 32/81] Go: Bump to v1.22.7. (#11970) Co-authored-by: Marco Ebert --- GOLANG_VERSION | 2 +- go.mod | 2 +- go.work | 2 +- images/custom-error-pages/rootfs/go.mod | 2 +- images/ext-auth-example-authsvc/rootfs/go.mod | 2 +- images/kube-webhook-certgen/rootfs/go.mod | 2 +- images/opentelemetry/rootfs/Dockerfile | 2 +- images/opentelemetry/rootfs/go.mod | 2 +- magefiles/go.mod | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/GOLANG_VERSION b/GOLANG_VERSION index 013173af5e..87b26e8b1a 100644 --- a/GOLANG_VERSION +++ b/GOLANG_VERSION @@ -1 +1 @@ -1.22.6 +1.22.7 diff --git a/go.mod b/go.mod index 2055ad7c62..1dc95fd5c2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx -go 1.22.6 +go 1.22.7 require ( dario.cat/mergo v1.0.1 diff --git a/go.work b/go.work index ac741bb5a4..f0095c7586 100644 --- a/go.work +++ b/go.work @@ -1,4 +1,4 @@ -go 1.22.6 +go 1.22.7 use ( . diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index 264ebf4279..34363c50a1 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/custom-error-pages -go 1.22.6 +go 1.22.7 require github.com/prometheus/client_golang v1.11.1 diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod index a3396b358c..366e196396 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.mod +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -1,6 +1,6 @@ module example.com/authsvc -go 1.22.6 +go 1.22.7 require k8s.io/apimachinery v0.23.1 diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 0270c0d875..9bbb5b3918 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -1,6 +1,6 @@ module github.com/jet/kube-webhook-certgen -go 1.22.6 +go 1.22.7 require ( github.com/onrik/logrus v0.11.0 diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 9f3cb2eae8..4b64b96a67 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -31,7 +31,7 @@ FROM base AS nginx ARG NGINX_VERSION=1.25.3 RUN bash /opt/third_party/build.sh -n ${NGINX_VERSION} -FROM golang:1.22.6-bullseye AS build-init +FROM golang:1.22.7-bullseye AS build-init WORKDIR /go/src/app COPY . . diff --git a/images/opentelemetry/rootfs/go.mod b/images/opentelemetry/rootfs/go.mod index 115ef686aa..207d1d9147 100644 --- a/images/opentelemetry/rootfs/go.mod +++ b/images/opentelemetry/rootfs/go.mod @@ -1,3 +1,3 @@ module init-otel -go 1.22.6 +go 1.22.7 diff --git a/magefiles/go.mod b/magefiles/go.mod index 8e146d70e2..9135228234 100644 --- a/magefiles/go.mod +++ b/magefiles/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/magefiles -go 1.22.6 +go 1.22.7 require ( github.com/blang/semver/v4 v4.0.0 From 694943163d54d1af1a22b4d644f672a304685311 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sun, 15 Sep 2024 08:01:40 -0700 Subject: [PATCH 33/81] Chart: Improve default backend service account. (#11974) Co-authored-by: Marco Ebert --- charts/ingress-nginx/templates/_helpers.tpl | 2 +- .../ingress-nginx/templates/default-backend-deployment.yaml | 2 +- .../templates/default-backend-serviceaccount.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl index 99246888e8..24cfd14ad9 100644 --- a/charts/ingress-nginx/templates/_helpers.tpl +++ b/charts/ingress-nginx/templates/_helpers.tpl @@ -203,7 +203,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{/* -Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled +Create the name of the default backend service account to use */}} {{- define "ingress-nginx.defaultBackend.serviceAccountName" -}} {{- if .Values.defaultBackend.serviceAccount.create -}} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index c6ccdd5c92..6755e23783 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -102,7 +102,7 @@ spec: {{- if .Values.defaultBackend.nodeSelector }} nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} {{- end }} - serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + serviceAccountName: {{ include "ingress-nginx.defaultBackend.serviceAccountName" . }} {{- if .Values.defaultBackend.tolerations }} tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml index 2afaf0c042..6fd2d62343 100644 --- a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml +++ b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}} +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: @@ -8,7 +8,7 @@ metadata: {{- with .Values.defaultBackend.labels }} {{- toYaml . | nindent 4 }} {{- end }} - name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + name: {{ include "ingress-nginx.defaultBackend.serviceAccountName" . }} namespace: {{ include "ingress-nginx.namespace" . }} automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} {{- end }} From d1a40089cf383e0101a7cb20375f65a9f510d0be Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 16 Sep 2024 04:40:32 -0700 Subject: [PATCH 34/81] Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11980) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a1e9c4ecc9..4affccb2dd 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index d4a53a3526..bed49e46f3 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 1f82d3c93668663fd3940e1db428495df3659dac Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 16 Sep 2024 04:40:41 -0700 Subject: [PATCH 35/81] Bump the all group with 2 updates (#11981) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 1dc95fd5c2..0d57591b26 100644 --- a/go.mod +++ b/go.mod @@ -27,18 +27,18 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - google.golang.org/grpc v1.66.0 + google.golang.org/grpc v1.66.2 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 - k8s.io/api v0.31.0 + k8s.io/api v0.31.1 k8s.io/apiextensions-apiserver v0.31.0 - k8s.io/apimachinery v0.31.0 + k8s.io/apimachinery v0.31.1 k8s.io/apiserver v0.31.0 k8s.io/cli-runtime v0.30.0 - k8s.io/client-go v0.31.0 + k8s.io/client-go v0.31.1 k8s.io/code-generator v0.31.0 - k8s.io/component-base v0.31.0 + k8s.io/component-base v0.31.1 k8s.io/klog/v2 v2.130.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.19.0 diff --git a/go.sum b/go.sum index 5e87f616c1..50f3893422 100644 --- a/go.sum +++ b/go.sum @@ -301,8 +301,8 @@ gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= +google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab/go.mod h1:liVNnGuZDITxuksuZ+BBvdy7FcJfeNk+efF9qgqNUmc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -341,22 +341,22 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= -k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= +k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= +k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= -k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= -k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY= k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= -k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= -k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= +k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= +k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= k8s.io/code-generator v0.31.0 h1:w607nrMi1KeDKB3/F/J4lIoOgAwc+gV9ZKew4XRfMp8= k8s.io/code-generator v0.31.0/go.mod h1:84y4w3es8rOJOUUP1rLsIiGlO1JuEaPFXQPA9e/K6U0= -k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs= -k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo= +k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8= +k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w= k8s.io/gengo/v2 v2.0.0-20240404160639-a0386bf69313 h1:bKcdZJOPICVmIIuaM9+MXmapE94dn5AYv5ODs1jA43o= k8s.io/gengo/v2 v2.0.0-20240404160639-a0386bf69313/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= From 46e91fd359e0327f338d3f17948e4ce6bee6e8cd Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Tue, 17 Sep 2024 13:32:44 -0700 Subject: [PATCH 36/81] Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11986) Co-authored-by: Aleksey Gavrilov --- internal/ingress/metric/collectors/controller.go | 1 + internal/ingress/metric/collectors/controller_test.go | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/internal/ingress/metric/collectors/controller.go b/internal/ingress/metric/collectors/controller.go index 697b57ca81..0df04c1d0d 100644 --- a/internal/ingress/metric/collectors/controller.go +++ b/internal/ingress/metric/collectors/controller.go @@ -305,6 +305,7 @@ func (cm *Controller) SetSSLExpireTime(servers []*ingress.Server) { } labels["host"] = s.Hostname labels["secret_name"] = s.SSLCert.Name + labels["namespace"] = s.SSLCert.Namespace labels["identifier"] = s.SSLCert.Identifier() cm.sslExpireTime.With(labels).Set(float64(s.SSLCert.ExpireTime.Unix())) diff --git a/internal/ingress/metric/collectors/controller_test.go b/internal/ingress/metric/collectors/controller_test.go index 7c7ea8a679..a77293c20c 100644 --- a/internal/ingress/metric/collectors/controller_test.go +++ b/internal/ingress/metric/collectors/controller_test.go @@ -88,6 +88,8 @@ func TestControllerCounters(t *testing.T) { Hostname: "demo", SSLCert: &ingress.SSLCert{ ExpireTime: t1, + Name: "secret-name", + Namespace: "secret-namespace", Certificate: &x509.Certificate{ PublicKeyAlgorithm: x509.ECDSA, Issuer: pkix.Name{ @@ -111,7 +113,7 @@ func TestControllerCounters(t *testing.T) { want: ` # HELP nginx_ingress_controller_ssl_expire_time_seconds Number of seconds since 1970 to the SSL Certificate expire.\n An example to check if this certificate will expire in 10 days is: "nginx_ingress_controller_ssl_expire_time_seconds < (time() + (10 * 24 * 3600))" # TYPE nginx_ingress_controller_ssl_expire_time_seconds gauge - nginx_ingress_controller_ssl_expire_time_seconds{class="nginx",host="demo",identifier="abcd1234-100",namespace="default",secret_name=""} 1.351807721e+09 + nginx_ingress_controller_ssl_expire_time_seconds{class="nginx",host="demo",identifier="abcd1234-100",namespace="secret-namespace",secret_name="secret-name"} 1.351807721e+09 `, metrics: []string{"nginx_ingress_controller_ssl_expire_time_seconds"}, }, From bd97375742ea37d16f19d0f3e937623cc60deff8 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Fri, 20 Sep 2024 05:20:03 -0700 Subject: [PATCH 37/81] Chart: Align default backend `PodDisruptionBudget`. (#11999) Co-authored-by: Marco Ebert --- charts/ingress-nginx/README.md | 2 +- .../default-backend-poddisruptionbudget.yaml | 6 ++- ...ault-backend-poddisruptionbudget_test.yaml | 48 +++++++++++++++++++ charts/ingress-nginx/values.yaml | 1 + 4 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 57f5339707..32f345decf 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -515,7 +515,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | defaultBackend.livenessProbe.periodSeconds | int | `10` | | | defaultBackend.livenessProbe.successThreshold | int | `1` | | | defaultBackend.livenessProbe.timeoutSeconds | int | `5` | | -| defaultBackend.minAvailable | int | `1` | | +| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. | | defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | defaultBackend.name | string | `"defaultbackend"` | | | defaultBackend.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | diff --git a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml index f869e4530d..c8363fd4b4 100644 --- a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml +++ b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml @@ -1,5 +1,9 @@ {{- if .Values.defaultBackend.enabled -}} -{{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }} +{{- $replicas := .Values.defaultBackend.replicaCount }} +{{- if .Values.defaultBackend.autoscaling.enabled }} +{{- $replicas = .Values.defaultBackend.autoscaling.minReplicas }} +{{- end }} +{{- if gt ($replicas | int) 1 }} apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} kind: PodDisruptionBudget metadata: diff --git a/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml b/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml new file mode 100644 index 0000000000..0958018620 --- /dev/null +++ b/charts/ingress-nginx/tests/default-backend-poddisruptionbudget_test.yaml @@ -0,0 +1,48 @@ +suite: Default Backend > PodDisruptionBudget +templates: + - default-backend-poddisruptionbudget.yaml + +tests: + - it: should create a PodDisruptionBudget if `defaultBackend.replicaCount` is greater than 1 + set: + defaultBackend.enabled: true + defaultBackend.replicaCount: 2 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodDisruptionBudget + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-defaultbackend + + - it: should not create a PodDisruptionBudget if `defaultBackend.replicaCount` is less than or equal 1 + set: + defaultBackend.enabled: true + defaultBackend.replicaCount: 1 + asserts: + - hasDocuments: + count: 0 + + - it: should create a PodDisruptionBudget if `defaultBackend.autoscaling.enabled` is true and `defaultBackend.autoscaling.minReplicas` is greater than 1 + set: + defaultBackend.enabled: true + defaultBackend.autoscaling.enabled: true + defaultBackend.autoscaling.minReplicas: 2 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodDisruptionBudget + - equal: + path: metadata.name + value: RELEASE-NAME-ingress-nginx-defaultbackend + + - it: should not create a PodDisruptionBudget if `defaultBackend.autoscaling.enabled` is true and `defaultBackend.autoscaling.minReplicas` is less than or equal 1 + set: + defaultBackend.enabled: true + defaultBackend.autoscaling.enabled: true + defaultBackend.autoscaling.minReplicas: 1 + asserts: + - hasDocuments: + count: 0 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 7dd353f5b8..d514a6321b 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -1091,6 +1091,7 @@ defaultBackend: ## podAnnotations: {} replicaCount: 1 + # -- Minimum available pods set in PodDisruptionBudget. minAvailable: 1 resources: {} # limits: From 85ccb3428235ddd1e89e1788c512161f909ffa06 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Fri, 20 Sep 2024 05:21:23 -0700 Subject: [PATCH 38/81] Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12002) Co-authored-by: Marco Ebert --- .../controller-poddisruptionbudget_test.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml b/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml index 48b4fafcc5..f215f35207 100644 --- a/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml +++ b/charts/ingress-nginx/tests/controller-poddisruptionbudget_test.yaml @@ -71,3 +71,19 @@ tests: asserts: - hasDocuments: count: 0 + + - it: should create a PodDisruptionBudget without `minAvailable` and with `maxUnavailable` if `controller.minAvailable` and `controller.maxUnavailable` are set + set: + controller.replicaCount: 2 + controller.minAvailable: 1 + controller.maxUnavailable: 1 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodDisruptionBudget + - notExists: + path: spec.minAvailable + - equal: + path: spec.maxUnavailable + value: 1 From 6495d9f0d1e96df1f719a2d46cd41980f38534e9 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Mon, 23 Sep 2024 10:46:34 +0200 Subject: [PATCH 39/81] Docs: Convert `opentelemetry.md` from CRLF to LF. (#12006) --- .../third-party-addons/opentelemetry.md | 628 +++++++++--------- 1 file changed, 314 insertions(+), 314 deletions(-) diff --git a/docs/user-guide/third-party-addons/opentelemetry.md b/docs/user-guide/third-party-addons/opentelemetry.md index d2cf56bf55..af7fd2b145 100644 --- a/docs/user-guide/third-party-addons/opentelemetry.md +++ b/docs/user-guide/third-party-addons/opentelemetry.md @@ -1,314 +1,314 @@ -# OpenTelemetry - -Enables requests served by NGINX for distributed telemetry via The OpenTelemetry Project. - -Using the third party module [opentelemetry-cpp-contrib/nginx](https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/nginx) the Ingress-Nginx Controller can configure NGINX to enable [OpenTelemetry](http://opentelemetry.io) instrumentation. -By default this feature is disabled. - -Check out this demo showcasing OpenTelemetry in Ingress NGINX. The video provides an overview and -practical demonstration of how OpenTelemetry can be utilized in Ingress NGINX for observability -and monitoring purposes. - -

- - Video Thumbnail - -

- -

Demo: OpenTelemetry in Ingress NGINX.

- -## Usage - -To enable the instrumentation we must enable OpenTelemetry in the configuration ConfigMap: -```yaml -data: - enable-opentelemetry: "true" -``` - -To enable or disable instrumentation for a single Ingress, use -the `enable-opentelemetry` annotation: -```yaml -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/enable-opentelemetry: "true" -``` - -We must also set the host to use when uploading traces: - -```yaml -otlp-collector-host: "otel-coll-collector.otel.svc" -``` -NOTE: While the option is called `otlp-collector-host`, you will need to point this to any backend that receives otlp-grpc. - -Next you will need to deploy a distributed telemetry system which uses OpenTelemetry. -[opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector), [Jaeger](https://www.jaegertracing.io/) -[Tempo](https://github.com/grafana/tempo), and [zipkin](https://zipkin.io/) -have been tested. - -Other optional configuration options: -```yaml -# specifies the name to use for the server span -opentelemetry-operation-name - -# sets whether or not to trust incoming telemetry spans -opentelemetry-trust-incoming-span - -# specifies the port to use when uploading traces, Default: 4317 -otlp-collector-port - -# specifies the service name to use for any traces created, Default: nginx -otel-service-name - -# The maximum queue size. After the size is reached data are dropped. -otel-max-queuesize - -# The delay interval in milliseconds between two consecutive exports. -otel-schedule-delay-millis - -# How long the export can run before it is cancelled. -otel-schedule-delay-millis - -# The maximum batch size of every export. It must be smaller or equal to maxQueueSize. -otel-max-export-batch-size - -# specifies sample rate for any traces created, Default: 0.01 -otel-sampler-ratio - -# specifies the sampler to be used when sampling traces. -# The available samplers are: AlwaysOn, AlwaysOff, TraceIdRatioBased, Default: AlwaysOff -otel-sampler - -# Uses sampler implementation which by default will take a sample if parent Activity is sampled, Default: false -otel-sampler-parent-based -``` - -Note that you can also set whether to trust incoming spans (global default is true) per-location using annotations like the following: -```yaml -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span: "true" -``` - -## Examples - -The following examples show how to deploy and test different distributed telemetry systems. These example can be performed using Docker Desktop. - -In the [esigo/nginx-example](https://github.com/esigo/nginx-example) -GitHub repository is an example of a simple hello service: - -```mermaid -graph TB - subgraph Browser - start["http://esigo.dev/hello/nginx"] - end - - subgraph app - sa[service-a] - sb[service-b] - sa --> |name: nginx| sb - sb --> |hello nginx!| sa - end - - subgraph otel - otc["Otel Collector"] - end - - subgraph observability - tempo["Tempo"] - grafana["Grafana"] - backend["Jaeger"] - zipkin["Zipkin"] - end - - subgraph ingress-nginx - ngx[nginx] - end - - subgraph ngx[nginx] - ng[nginx] - om[OpenTelemetry module] - end - - subgraph Node - app - otel - observability - ingress-nginx - om --> |otlp-gRPC| otc --> |jaeger| backend - otc --> |zipkin| zipkin - otc --> |otlp-gRPC| tempo --> grafana - sa --> |otlp-gRPC| otc - sb --> |otlp-gRPC| otc - start --> ng --> sa - end -``` - -To install the example and collectors run: - -1. Enable Ingress addon with: - - ```yaml - opentelemetry: - enabled: true - image: registry.k8s.io/ingress-nginx/opentelemetry-1.25.3:v20240813-b933310d@sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 - containerSecurityContext: - allowPrivilegeEscalation: false - ``` - -2. Enable OpenTelemetry and set the otlp-collector-host: - - ```yaml - $ echo ' - apiVersion: v1 - kind: ConfigMap - data: - enable-opentelemetry: "true" - opentelemetry-config: "/etc/nginx/opentelemetry.toml" - opentelemetry-operation-name: "HTTP $request_method $service_name $uri" - opentelemetry-trust-incoming-span: "true" - otlp-collector-host: "otel-coll-collector.otel.svc" - otlp-collector-port: "4317" - otel-max-queuesize: "2048" - otel-schedule-delay-millis: "5000" - otel-max-export-batch-size: "512" - otel-service-name: "nginx-proxy" # Opentelemetry resource name - otel-sampler: "AlwaysOn" # Also: AlwaysOff, TraceIdRatioBased - otel-sampler-ratio: "1.0" - otel-sampler-parent-based: "false" - metadata: - name: ingress-nginx-controller - namespace: ingress-nginx - ' | kubectl replace -f - - ``` - -4. Deploy otel-collector, grafana and Jaeger backend: - - ```bash - # add helm charts needed for grafana and OpenTelemetry collector - helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts - helm repo add grafana https://grafana.github.io/helm-charts - helm repo update - # deploy cert-manager needed for OpenTelemetry collector operator - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml - # create observability namespace - kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/namespace.yaml - # install OpenTelemetry collector operator - helm upgrade --install otel-collector-operator -n otel --create-namespace open-telemetry/opentelemetry-operator - # deploy OpenTelemetry collector - kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/collector.yaml - # deploy Jaeger all-in-one - kubectl apply -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.37.0/jaeger-operator.yaml -n observability - kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/jaeger.yaml -n observability - # deploy zipkin - kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/zipkin.yaml -n observability - # deploy tempo and grafana - helm upgrade --install tempo grafana/tempo --create-namespace -n observability - helm upgrade -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/grafana/grafana-values.yaml --install grafana grafana/grafana --create-namespace -n observability - ``` - -3. Build and deploy demo app: - - ```bash - # build images - make images - - # deploy demo app: - make deploy-app - ``` - -5. Make a few requests to the Service: - - ```bash - kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8090:80 - curl http://esigo.dev:8090/hello/nginx - - - StatusCode : 200 - StatusDescription : OK - Content : {"v":"hello nginx!"} - - RawContent : HTTP/1.1 200 OK - Connection: keep-alive - Content-Length: 21 - Content-Type: text/plain; charset=utf-8 - Date: Mon, 10 Oct 2022 17:43:33 GMT - - {"v":"hello nginx!"} - - Forms : {} - Headers : {[Connection, keep-alive], [Content-Length, 21], [Content-Type, text/plain; charset=utf-8], [Date, - Mon, 10 Oct 2022 17:43:33 GMT]} - Images : {} - InputFields : {} - Links : {} - ParsedHtml : System.__ComObject - RawContentLength : 21 - ``` - -6. View the Grafana UI: - - ```bash - kubectl port-forward --namespace=observability service/grafana 3000:80 - ``` - In the Grafana interface we can see the details: - ![grafana screenshot](../../images/otel-grafana-demo.png "grafana screenshot") - -7. View the Jaeger UI: - - ```bash - kubectl port-forward --namespace=observability service/jaeger-all-in-one-query 16686:16686 - ``` - In the Jaeger interface we can see the details: - ![Jaeger screenshot](../../images/otel-jaeger-demo.png "Jaeger screenshot") - -8. View the Zipkin UI: - - ```bash - kubectl port-forward --namespace=observability service/zipkin 9411:9411 - ``` - In the Zipkin interface we can see the details: - ![zipkin screenshot](../../images/otel-zipkin-demo.png "zipkin screenshot") - -## Migration from OpenTracing, Jaeger, Zipkin and Datadog - -If you are migrating from OpenTracing, Jaeger, Zipkin, or Datadog to OpenTelemetry, -you may need to update various annotations and configurations. Here are the mappings -for common annotations and configurations: - -### Annotations - -| Legacy | OpenTelemetry | -|---------------------------------------------------------------|-----------------------------------------------------------------| -| `nginx.ingress.kubernetes.io/enable-opentracing` | `nginx.ingress.kubernetes.io/enable-opentelemetry` | -| `nginx.ingress.kubernetes.io/opentracing-trust-incoming-span` | `nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span` | - -### Configs - -| Legacy | OpenTelemetry | -|---------------------------------------|----------------------------------------------| -| `opentracing-operation-name` | `opentelemetry-operation-name` | -| `opentracing-location-operation-name` | `opentelemetry-operation-name` | -| `opentracing-trust-incoming-span` | `opentelemetry-trust-incoming-span` | -| `zipkin-collector-port` | `otlp-collector-port` | -| `zipkin-service-name` | `otel-service-name` | -| `zipkin-sample-rate` | `otel-sampler-ratio` | -| `jaeger-collector-port` | `otlp-collector-port` | -| `jaeger-endpoint` | `otlp-collector-port`, `otlp-collector-host` | -| `jaeger-service-name` | `otel-service-name` | -| `jaeger-propagation-format` | `N/A` | -| `jaeger-sampler-type` | `otel-sampler` | -| `jaeger-sampler-param` | `otel-sampler` | -| `jaeger-sampler-host` | `N/A` | -| `jaeger-sampler-port` | `N/A` | -| `jaeger-trace-context-header-name` | `N/A` | -| `jaeger-debug-header` | `N/A` | -| `jaeger-baggage-header` | `N/A` | -| `jaeger-tracer-baggage-header-prefix` | `N/A` | -| `datadog-collector-port` | `otlp-collector-port` | -| `datadog-service-name` | `otel-service-name` | -| `datadog-environment` | `N/A` | -| `datadog-operation-name-override` | `N/A` | -| `datadog-priority-sampling` | `otel-sampler` | -| `datadog-sample-rate` | `otel-sampler-ratio` | +# OpenTelemetry + +Enables requests served by NGINX for distributed telemetry via The OpenTelemetry Project. + +Using the third party module [opentelemetry-cpp-contrib/nginx](https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/nginx) the Ingress-Nginx Controller can configure NGINX to enable [OpenTelemetry](http://opentelemetry.io) instrumentation. +By default this feature is disabled. + +Check out this demo showcasing OpenTelemetry in Ingress NGINX. The video provides an overview and +practical demonstration of how OpenTelemetry can be utilized in Ingress NGINX for observability +and monitoring purposes. + +

+ + Video Thumbnail + +

+ +

Demo: OpenTelemetry in Ingress NGINX.

+ +## Usage + +To enable the instrumentation we must enable OpenTelemetry in the configuration ConfigMap: +```yaml +data: + enable-opentelemetry: "true" +``` + +To enable or disable instrumentation for a single Ingress, use +the `enable-opentelemetry` annotation: +```yaml +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/enable-opentelemetry: "true" +``` + +We must also set the host to use when uploading traces: + +```yaml +otlp-collector-host: "otel-coll-collector.otel.svc" +``` +NOTE: While the option is called `otlp-collector-host`, you will need to point this to any backend that receives otlp-grpc. + +Next you will need to deploy a distributed telemetry system which uses OpenTelemetry. +[opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector), [Jaeger](https://www.jaegertracing.io/) +[Tempo](https://github.com/grafana/tempo), and [zipkin](https://zipkin.io/) +have been tested. + +Other optional configuration options: +```yaml +# specifies the name to use for the server span +opentelemetry-operation-name + +# sets whether or not to trust incoming telemetry spans +opentelemetry-trust-incoming-span + +# specifies the port to use when uploading traces, Default: 4317 +otlp-collector-port + +# specifies the service name to use for any traces created, Default: nginx +otel-service-name + +# The maximum queue size. After the size is reached data are dropped. +otel-max-queuesize + +# The delay interval in milliseconds between two consecutive exports. +otel-schedule-delay-millis + +# How long the export can run before it is cancelled. +otel-schedule-delay-millis + +# The maximum batch size of every export. It must be smaller or equal to maxQueueSize. +otel-max-export-batch-size + +# specifies sample rate for any traces created, Default: 0.01 +otel-sampler-ratio + +# specifies the sampler to be used when sampling traces. +# The available samplers are: AlwaysOn, AlwaysOff, TraceIdRatioBased, Default: AlwaysOff +otel-sampler + +# Uses sampler implementation which by default will take a sample if parent Activity is sampled, Default: false +otel-sampler-parent-based +``` + +Note that you can also set whether to trust incoming spans (global default is true) per-location using annotations like the following: +```yaml +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span: "true" +``` + +## Examples + +The following examples show how to deploy and test different distributed telemetry systems. These example can be performed using Docker Desktop. + +In the [esigo/nginx-example](https://github.com/esigo/nginx-example) +GitHub repository is an example of a simple hello service: + +```mermaid +graph TB + subgraph Browser + start["http://esigo.dev/hello/nginx"] + end + + subgraph app + sa[service-a] + sb[service-b] + sa --> |name: nginx| sb + sb --> |hello nginx!| sa + end + + subgraph otel + otc["Otel Collector"] + end + + subgraph observability + tempo["Tempo"] + grafana["Grafana"] + backend["Jaeger"] + zipkin["Zipkin"] + end + + subgraph ingress-nginx + ngx[nginx] + end + + subgraph ngx[nginx] + ng[nginx] + om[OpenTelemetry module] + end + + subgraph Node + app + otel + observability + ingress-nginx + om --> |otlp-gRPC| otc --> |jaeger| backend + otc --> |zipkin| zipkin + otc --> |otlp-gRPC| tempo --> grafana + sa --> |otlp-gRPC| otc + sb --> |otlp-gRPC| otc + start --> ng --> sa + end +``` + +To install the example and collectors run: + +1. Enable Ingress addon with: + + ```yaml + opentelemetry: + enabled: true + image: registry.k8s.io/ingress-nginx/opentelemetry-1.25.3:v20240813-b933310d@sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 + containerSecurityContext: + allowPrivilegeEscalation: false + ``` + +2. Enable OpenTelemetry and set the otlp-collector-host: + + ```yaml + $ echo ' + apiVersion: v1 + kind: ConfigMap + data: + enable-opentelemetry: "true" + opentelemetry-config: "/etc/nginx/opentelemetry.toml" + opentelemetry-operation-name: "HTTP $request_method $service_name $uri" + opentelemetry-trust-incoming-span: "true" + otlp-collector-host: "otel-coll-collector.otel.svc" + otlp-collector-port: "4317" + otel-max-queuesize: "2048" + otel-schedule-delay-millis: "5000" + otel-max-export-batch-size: "512" + otel-service-name: "nginx-proxy" # Opentelemetry resource name + otel-sampler: "AlwaysOn" # Also: AlwaysOff, TraceIdRatioBased + otel-sampler-ratio: "1.0" + otel-sampler-parent-based: "false" + metadata: + name: ingress-nginx-controller + namespace: ingress-nginx + ' | kubectl replace -f - + ``` + +4. Deploy otel-collector, grafana and Jaeger backend: + + ```bash + # add helm charts needed for grafana and OpenTelemetry collector + helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts + helm repo add grafana https://grafana.github.io/helm-charts + helm repo update + # deploy cert-manager needed for OpenTelemetry collector operator + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml + # create observability namespace + kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/namespace.yaml + # install OpenTelemetry collector operator + helm upgrade --install otel-collector-operator -n otel --create-namespace open-telemetry/opentelemetry-operator + # deploy OpenTelemetry collector + kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/collector.yaml + # deploy Jaeger all-in-one + kubectl apply -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.37.0/jaeger-operator.yaml -n observability + kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/jaeger.yaml -n observability + # deploy zipkin + kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/zipkin.yaml -n observability + # deploy tempo and grafana + helm upgrade --install tempo grafana/tempo --create-namespace -n observability + helm upgrade -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/grafana/grafana-values.yaml --install grafana grafana/grafana --create-namespace -n observability + ``` + +3. Build and deploy demo app: + + ```bash + # build images + make images + + # deploy demo app: + make deploy-app + ``` + +5. Make a few requests to the Service: + + ```bash + kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8090:80 + curl http://esigo.dev:8090/hello/nginx + + + StatusCode : 200 + StatusDescription : OK + Content : {"v":"hello nginx!"} + + RawContent : HTTP/1.1 200 OK + Connection: keep-alive + Content-Length: 21 + Content-Type: text/plain; charset=utf-8 + Date: Mon, 10 Oct 2022 17:43:33 GMT + + {"v":"hello nginx!"} + + Forms : {} + Headers : {[Connection, keep-alive], [Content-Length, 21], [Content-Type, text/plain; charset=utf-8], [Date, + Mon, 10 Oct 2022 17:43:33 GMT]} + Images : {} + InputFields : {} + Links : {} + ParsedHtml : System.__ComObject + RawContentLength : 21 + ``` + +6. View the Grafana UI: + + ```bash + kubectl port-forward --namespace=observability service/grafana 3000:80 + ``` + In the Grafana interface we can see the details: + ![grafana screenshot](../../images/otel-grafana-demo.png "grafana screenshot") + +7. View the Jaeger UI: + + ```bash + kubectl port-forward --namespace=observability service/jaeger-all-in-one-query 16686:16686 + ``` + In the Jaeger interface we can see the details: + ![Jaeger screenshot](../../images/otel-jaeger-demo.png "Jaeger screenshot") + +8. View the Zipkin UI: + + ```bash + kubectl port-forward --namespace=observability service/zipkin 9411:9411 + ``` + In the Zipkin interface we can see the details: + ![zipkin screenshot](../../images/otel-zipkin-demo.png "zipkin screenshot") + +## Migration from OpenTracing, Jaeger, Zipkin and Datadog + +If you are migrating from OpenTracing, Jaeger, Zipkin, or Datadog to OpenTelemetry, +you may need to update various annotations and configurations. Here are the mappings +for common annotations and configurations: + +### Annotations + +| Legacy | OpenTelemetry | +|---------------------------------------------------------------|-----------------------------------------------------------------| +| `nginx.ingress.kubernetes.io/enable-opentracing` | `nginx.ingress.kubernetes.io/enable-opentelemetry` | +| `nginx.ingress.kubernetes.io/opentracing-trust-incoming-span` | `nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span` | + +### Configs + +| Legacy | OpenTelemetry | +|---------------------------------------|----------------------------------------------| +| `opentracing-operation-name` | `opentelemetry-operation-name` | +| `opentracing-location-operation-name` | `opentelemetry-operation-name` | +| `opentracing-trust-incoming-span` | `opentelemetry-trust-incoming-span` | +| `zipkin-collector-port` | `otlp-collector-port` | +| `zipkin-service-name` | `otel-service-name` | +| `zipkin-sample-rate` | `otel-sampler-ratio` | +| `jaeger-collector-port` | `otlp-collector-port` | +| `jaeger-endpoint` | `otlp-collector-port`, `otlp-collector-host` | +| `jaeger-service-name` | `otel-service-name` | +| `jaeger-propagation-format` | `N/A` | +| `jaeger-sampler-type` | `otel-sampler` | +| `jaeger-sampler-param` | `otel-sampler` | +| `jaeger-sampler-host` | `N/A` | +| `jaeger-sampler-port` | `N/A` | +| `jaeger-trace-context-header-name` | `N/A` | +| `jaeger-debug-header` | `N/A` | +| `jaeger-baggage-header` | `N/A` | +| `jaeger-tracer-baggage-header-prefix` | `N/A` | +| `datadog-collector-port` | `otlp-collector-port` | +| `datadog-service-name` | `otel-service-name` | +| `datadog-environment` | `N/A` | +| `datadog-operation-name-override` | `N/A` | +| `datadog-priority-sampling` | `otel-sampler` | +| `datadog-sample-rate` | `otel-sampler-ratio` | From ea0ca17a5e739103c4622dcc207b8c9ecfd45c09 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 23 Sep 2024 05:16:00 -0700 Subject: [PATCH 40/81] Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12012) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0d57591b26..63b501f329 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/onsi/ginkgo/v2 v2.20.2 github.com/opencontainers/runc v1.1.14 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 - github.com/prometheus/client_golang v1.20.3 + github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.59.1 github.com/spf13/cobra v1.8.1 diff --git a/go.sum b/go.sum index 50f3893422..bdad300d86 100644 --- a/go.sum +++ b/go.sum @@ -182,8 +182,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4= -github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= +github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= From b3c70183b97a2b3edbd4b8a1ecb86926751d3855 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 23 Sep 2024 05:16:26 -0700 Subject: [PATCH 41/81] Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12014) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 63b501f329..b9f9f10f61 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - google.golang.org/grpc v1.66.2 + google.golang.org/grpc v1.67.0 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 @@ -122,7 +122,7 @@ require ( golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.24.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect diff --git a/go.sum b/go.sum index bdad300d86..20134af1e5 100644 --- a/go.sum +++ b/go.sum @@ -299,10 +299,10 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= -google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= -google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= +google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab/go.mod h1:liVNnGuZDITxuksuZ+BBvdy7FcJfeNk+efF9qgqNUmc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From 70f284873dec63d38e45f234eab2277f20eca513 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 23 Sep 2024 05:16:36 -0700 Subject: [PATCH 42/81] Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12016) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 4affccb2dd..ad03178451 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index bed49e46f3..e35ee0a658 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 1a834b7fa9d47f5bed7bf207bb4990732b921be7 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Thu, 26 Sep 2024 04:04:01 -0700 Subject: [PATCH 43/81] Docs: Add health check annotations for AWS. (#12020) Co-authored-by: longwuyuan --- docs/deploy/index.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/deploy/index.md b/docs/deploy/index.md index ae5458eeae..2ce6325730 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -68,13 +68,18 @@ helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx !!! attention "Helm install on AWS/GCP/Azure/Other providers" The *ingress-nginx-controller helm-chart is a generic install out of the box*. The default set of helm values is **not** configured for installation on any infra provider. The annotations that are applicable to the cloud provider must be customized by the users.
See [AWS LB Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/service/annotations/).
- Examples of some annotations needed for the service resource of `--type LoadBalancer` on AWS are below: + Examples of some annotations recommended (healthecheck ones are required for target-type IP) for the service resource of `--type LoadBalancer` on AWS are below: ```yaml annotations: + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: deregistration_delay.timeout_seconds=270 + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-healthcheck-path: /healthz + service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "10254" + service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: http + service.beta.kubernetes.io/aws-load-balancer-healthcheck-success-codes: 200-299 service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-type: nlb service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: "true" service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true" From 25cf0fee3eaa21fa7f87ca799581163ffd9fa9ef Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Sat, 28 Sep 2024 13:15:42 +0200 Subject: [PATCH 44/81] Chart: Extend image tests. (#12027) --- .../tests/controller-daemonset_test.yaml | 26 +++++++++++++-- .../tests/controller-deployment_test.yaml | 24 ++++++++++++-- .../default-backend-deployment_test.yaml | 32 +++++++++++++++++++ 3 files changed, 78 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/charts/ingress-nginx/tests/controller-daemonset_test.yaml index bc810a1cde..81d067bb5f 100644 --- a/charts/ingress-nginx/tests/controller-daemonset_test.yaml +++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -139,12 +139,34 @@ tests: - controller topologyKey: kubernetes.io/hostname + - it: should create a DaemonSet with a custom registry if `controller.image.registry` is set + set: + controller.kind: DaemonSet + controller.image.registry: custom.registry.io + controller.image.tag: v1.0.0-dev + controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + + - it: should create a DaemonSet with a custom image if `controller.image.image` is set + set: + controller.kind: DaemonSet + controller.image.image: custom-repo/custom-image + controller.image.tag: v1.0.0-dev + controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: registry.k8s.io/custom-repo/custom-image:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + - it: should create a DaemonSet with a custom tag if `controller.image.tag` is set set: controller.kind: DaemonSet - controller.image.tag: my-little-custom-tag + controller.image.tag: custom-tag controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd asserts: - equal: path: spec.template.spec.containers[0].image - value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml index da400487ec..382aecd710 100644 --- a/charts/ingress-nginx/tests/controller-deployment_test.yaml +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -161,11 +161,31 @@ tests: - controller topologyKey: kubernetes.io/hostname + - it: should create a Deployment with a custom registry if `controller.image.registry` is set + set: + controller.image.registry: custom.registry.io + controller.image.tag: v1.0.0-dev + controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: custom.registry.io/ingress-nginx/controller:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + + - it: should create a Deployment with a custom image if `controller.image.image` is set + set: + controller.image.image: custom-repo/custom-image + controller.image.tag: v1.0.0-dev + controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: registry.k8s.io/custom-repo/custom-image:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + - it: should create a Deployment with a custom tag if `controller.image.tag` is set set: - controller.image.tag: my-little-custom-tag + controller.image.tag: custom-tag controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd asserts: - equal: path: spec.template.spec.containers[0].image - value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd diff --git a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml index e237fe7e35..4ba4b03d3e 100644 --- a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml +++ b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml @@ -135,3 +135,35 @@ tests: values: - default-backend topologyKey: kubernetes.io/hostname + + - it: should create a Deployment with a custom registry if `defaultBackend.image.registry` is set + set: + defaultBackend.enabled: true + defaultBackend.image.registry: custom.registry.io + defaultBackend.image.tag: v1.0.0-dev + defaultBackend.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: custom.registry.io/defaultbackend-amd64:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + + - it: should create a Deployment with a custom image if `defaultBackend.image.image` is set + set: + defaultBackend.enabled: true + defaultBackend.image.image: custom-repo/custom-image + defaultBackend.image.tag: v1.0.0-dev + defaultBackend.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: registry.k8s.io/custom-repo/custom-image:v1.0.0-dev@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + + - it: should create a Deployment with a custom tag if `defaultBackend.image.tag` is set + set: + defaultBackend.enabled: true + defaultBackend.image.tag: custom-tag + defaultBackend.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: registry.k8s.io/defaultbackend-amd64:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd From b6ae93e62d49c486b614477f4c50e4566df63a9f Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sat, 28 Sep 2024 07:42:02 -0700 Subject: [PATCH 45/81] Chart: Improve CI. (#12030) Co-authored-by: Marco Ebert --- .github/workflows/chart.yaml | 64 ++++++++++ .github/workflows/ci.yaml | 112 +++++++----------- .github/workflows/helm.yaml | 88 -------------- .gitignore | 1 - MANUAL_RELEASE.md | 11 +- ...mission-webhooks-cert-manager-values.yaml} | 8 +- ...ler-admission-tls-cert-manager-values.yaml | 6 - ...ontroller-configmap-addheaders-values.yaml | 11 ++ ...troller-configmap-proxyheaders-values.yaml | 11 ++ ....yaml => controller-configmap-values.yaml} | 9 +- .../controller-custom-ingressclass-flags.yaml | 7 -- ...roller-daemonset-extra-modules-values.yaml | 30 +++++ ... controller-daemonset-metrics-values.yaml} | 9 +- ...oller-daemonset-opentelemetry-values.yaml} | 4 + ...ller-daemonset-podannotations-values.yaml} | 13 +- ....yaml => controller-daemonset-values.yaml} | 4 +- ...oller-deployment-extra-modules-values.yaml | 30 +++++ ...controller-deployment-metrics-values.yaml} | 8 +- ...ller-deployment-opentelemetry-values.yaml} | 10 +- ...ler-deployment-podannotations-values.yaml} | 12 +- .../ci/controller-deployment-values.yaml | 10 ++ ...values.yaml => controller-hpa-values.yaml} | 12 +- .../ci/controller-ingressclass-values.yaml | 15 +++ ...> controller-service-internal-values.yaml} | 5 +- ...es.yaml => controller-service-values.yaml} | 10 +- .../ci/daemonset-customconfig-values.yaml | 14 --- .../ci/daemonset-customnodeport-values.yaml | 22 ---- .../ci/daemonset-extra-modules.yaml | 13 -- .../ci/daemonset-headers-values.yaml | 14 --- .../ci/daemonset-nodeport-values.yaml | 10 -- ...set-tcp-udp-configMapNamespace-values.yaml | 20 ---- ...emonset-tcp-udp-portNamePrefix-values.yaml | 18 --- .../ci/daemonset-tcp-udp-values.yaml | 16 --- .../ci/daemonset-tcp-values.yaml | 14 --- .../ci/deamonset-metrics-values.yaml | 12 -- .../ci/deployment-autoscaling-values.yaml | 11 -- ...modules-default-container-sec-context.yaml | 15 --- ...odules-specific-container-sec-context.yaml | 15 --- .../ci/deployment-extra-modules.yaml | 13 -- .../ci/deployment-headers-values.yaml | 13 -- .../ci/deployment-internal-lb-values.yaml | 19 --- .../ci/deployment-nodeport-values.yaml | 9 -- ...ent-tcp-udp-configMapNamespace-values.yaml | 19 --- ...loyment-tcp-udp-portNamePrefix-values.yaml | 17 --- .../ci/deployment-tcp-udp-values.yaml | 15 --- .../ci/deployment-tcp-values.yaml | 11 -- .../deployment-webhook-extraEnvs-values.yaml | 12 -- .../deployment-webhook-resources-values.yaml | 23 ---- .../third-party-addons/opentelemetry.md | 2 +- magefiles/steps/helm.go | 4 +- test/e2e/run-chart-test.sh | 41 ++++--- 51 files changed, 307 insertions(+), 585 deletions(-) create mode 100644 .github/workflows/chart.yaml delete mode 100644 .github/workflows/helm.yaml rename charts/ingress-nginx/ci/{deamonset-default-values.yaml => admission-webhooks-cert-manager-values.yaml} (79%) delete mode 100644 charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml create mode 100644 charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml create mode 100644 charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml rename charts/ingress-nginx/ci/{deployment-customconfig-values.yaml => controller-configmap-values.yaml} (70%) delete mode 100644 charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml create mode 100644 charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml rename charts/ingress-nginx/ci/{deamonset-webhook-values.yaml => controller-daemonset-metrics-values.yaml} (89%) rename charts/ingress-nginx/ci/{deployment-opentelemetry-customregistry-values.yaml => controller-daemonset-opentelemetry-values.yaml} (88%) rename charts/ingress-nginx/ci/{daemonset-podannotations-values.yaml => controller-daemonset-podannotations-values.yaml} (81%) rename charts/ingress-nginx/ci/{deployment-default-values.yaml => controller-daemonset-values.yaml} (78%) create mode 100644 charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml rename charts/ingress-nginx/ci/{deployment-webhook-values.yaml => controller-deployment-metrics-values.yaml} (82%) rename charts/ingress-nginx/ci/{deployment-metrics-values.yaml => controller-deployment-opentelemetry-values.yaml} (74%) rename charts/ingress-nginx/ci/{deployment-podannotations-values.yaml => controller-deployment-podannotations-values.yaml} (80%) create mode 100644 charts/ingress-nginx/ci/controller-deployment-values.yaml rename charts/ingress-nginx/ci/{deployment-autoscaling-behavior-values.yaml => controller-hpa-values.yaml} (71%) create mode 100644 charts/ingress-nginx/ci/controller-ingressclass-values.yaml rename charts/ingress-nginx/ci/{daemonset-internal-lb-values.yaml => controller-service-internal-values.yaml} (81%) rename charts/ingress-nginx/ci/{deployment-customnodeport-values.yaml => controller-service-values.yaml} (69%) delete mode 100644 charts/ingress-nginx/ci/daemonset-customconfig-values.yaml delete mode 100644 charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml delete mode 100644 charts/ingress-nginx/ci/daemonset-extra-modules.yaml delete mode 100644 charts/ingress-nginx/ci/daemonset-headers-values.yaml delete mode 100644 charts/ingress-nginx/ci/daemonset-nodeport-values.yaml delete mode 100644 charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml delete mode 100644 charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml delete mode 100644 charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml delete mode 100644 charts/ingress-nginx/ci/daemonset-tcp-values.yaml delete mode 100644 charts/ingress-nginx/ci/deamonset-metrics-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-autoscaling-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-extra-modules.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-headers-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-internal-lb-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-nodeport-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-tcp-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml delete mode 100644 charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml new file mode 100644 index 0000000000..b99374a90e --- /dev/null +++ b/.github/workflows/chart.yaml @@ -0,0 +1,64 @@ +name: Chart + +on: + push: + branches: + - main + - release-* + paths: + - charts/ingress-nginx/Chart.yaml + + workflow_dispatch: + +permissions: + contents: read + +jobs: + release: + name: Release + runs-on: ubuntu-latest + + permissions: + contents: write + + steps: + - name: Set up Python + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + with: + python-version: 3.x + + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + + - name: Set up Helm Chart Testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + + - name: Set up Artifact Hub + run: | + curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz + echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check + sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah + + - name: Set up Git + run: | + git config --global user.name "${GITHUB_ACTOR}" + git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com" + + - name: Checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + + - name: Lint chart + run: | + ct lint --config .ct.yaml + ah lint --path charts/ingress-nginx + + - name: Release chart + uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + env: + CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Version }} + CR_SKIP_EXISTING: true + with: + charts_dir: charts diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5a8e7a2dad..2dafb7c1da 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -192,112 +192,88 @@ jobs: path: docker.tar.gz retention-days: 5 - helm-lint: - name: Helm chart lint + chart-lint: + name: Chart / Lint runs-on: ubuntu-latest needs: - changes - if: | - (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} + + if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e) steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Set up Python + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: - fetch-depth: 0 + python-version: 3.x - name: Set up Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 - with: - python-version: '3.x' - - - name: Set up chart-testing + - name: Set up Helm Chart Testing uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - name: Install Helm Unit Test Plugin + - name: Set up Artifact Hub run: | - helm plugin install https://github.com/helm-unittest/helm-unittest + curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz + echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check + sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah - - name: Run Helm Unit Tests - run: | - helm unittest charts/ingress-nginx -d + - name: Set up Helm Docs + uses: gabe565/setup-helm-docs-action@d5c35bdc9133cfbea3b671acadf50a29029e87c2 # v1.0.4 - - name: Run chart-testing (lint) - run: ct lint --config ./.ct.yaml + - name: Set up Helm Unit Test + run: helm plugin install https://github.com/helm-unittest/helm-unittest - - name: Run helm-docs + - name: Checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + + - name: Lint chart run: | - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 - ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts - DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md) - if [ ! -z "$DIFF" ]; then - echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs" - fi - git diff --exit-code - rm -f ./helm-docs - - - name: Run Artifact Hub lint + ct lint --config .ct.yaml + ah lint --path charts/ingress-nginx + + - name: Check docs run: | - wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz - echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c - tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah - ./ah lint -p charts/ingress-nginx || exit 1 - rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz - - helm-test: - name: Helm chart testing + helm-docs --chart-search-root charts + git diff --exit-code charts/ingress-nginx/README.md + + - name: Run tests + run: helm unittest charts/ingress-nginx + + chart-test: + name: Chart / Test runs-on: ubuntu-latest needs: - changes - build - - helm-lint - if: | - (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} + - chart-lint + + if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e) strategy: matrix: k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] steps: - - name: Checkout + - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ needs.build.outputs.golangversion }} - check-latest: true - - - name: cache + - name: Download cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: docker.tar.gz - - name: fix permissions - run: | - sudo mkdir -p $HOME/.kube - sudo chmod -R 777 $HOME/.kube - - - name: Create Kubernetes ${{ matrix.k8s }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load + - name: Load cache + run: gzip --decompress --stdout docker.tar.gz | docker load - - name: Test + - name: Run tests env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true + K8S_VERSION: ${{ matrix.k8s }} SKIP_IMAGE_CREATION: true - SKIP_INGRESS_IMAGE_CREATION: true run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind + sudo mkdir -pm 777 "${HOME}/.kube" make kind-e2e-chart-tests kubernetes: diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml deleted file mode 100644 index f7a68af1aa..0000000000 --- a/.github/workflows/helm.yaml +++ /dev/null @@ -1,88 +0,0 @@ -name: Helm - -on: - push: - branches: - - main - - release-* - - workflow_dispatch: - -permissions: - contents: read - -jobs: - - changes: - runs-on: ubuntu-latest - - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - - if: github.repository == 'kubernetes/ingress-nginx' - - outputs: - docs: ${{ steps.filter.outputs.docs }} - charts: ${{ steps.filter.outputs.charts }} - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Run Artifact Hub lint - run: | - wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz - echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c - tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah - ./ah lint -p charts/ingress-nginx || exit 1 - rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz - - - name: Set up chart-testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - - name: Run chart-testing (lint) - run: ct lint --target-branch ${{ github.ref_name }} --config ./.ct.yaml - - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - charts: - - 'charts/ingress-nginx/Chart.yaml' - - 'charts/ingress-nginx/values.yaml' - - chart: - name: Release Chart - runs-on: ubuntu-latest - - permissions: - contents: write # needed to write releases - - needs: - - changes - - if: ${{ needs.changes.outputs.charts == 'true' }} - - steps: - - name: Checkout master - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 - fetch-depth: 0 - ref: ${{ github.ref_name }} - - - name: Setup - shell: bash - run: | - git config --global user.name "$GITHUB_ACTOR" - git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Helm Chart Releaser - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 - env: - CR_SKIP_EXISTING: true - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" - with: - charts_dir: charts diff --git a/.gitignore b/.gitignore index 73108f6274..5eac1a800c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -helm-docs # OSX ._* .DS_Store diff --git a/MANUAL_RELEASE.md b/MANUAL_RELEASE.md index b1c1fd0683..8a6b10bc11 100644 --- a/MANUAL_RELEASE.md +++ b/MANUAL_RELEASE.md @@ -226,19 +226,18 @@ Promoting the images basically means that images, that were pushed to staging co ``` ### d. Edit the values.yaml and run helm-docs + - [Fields to edit in values.yaml](https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml) - tag - digest - - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md + - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a Helm chart automatically. In the CI pipeline workflow of GitHub actions (.github/workflows/ci.yaml), you can see how helm-docs is used. The CI pipeline is not designed to make commits back into the project, so we need to run helm-docs manually and commit the resulting generated README.md. You can obtain a recent version of the helm-docs binary here: https://github.com/norwoodj/helm-docs/releases. ``` - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 - ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts - git diff --exit-code - rm -f ./helm-docs + helm-docs --chart-search-root charts + git diff charts/ingress-nginx/README.md ``` - Watchout for mistakes like leaving the helm-docs executable in your clone workspace or not checking the new README.md manually etc. + Take care of not leaving the helm-docs executable in your clone workspace or not committing the new README.md. ### e. Edit the static manifests diff --git a/charts/ingress-nginx/ci/deamonset-default-values.yaml b/charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml similarity index 79% rename from charts/ingress-nginx/ci/deamonset-default-values.yaml rename to charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml index 82fa23e854..7eafd0c5be 100644 --- a/charts/ingress-nginx/ci/deamonset-default-values.yaml +++ b/charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml @@ -1,10 +1,12 @@ controller: - kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false + service: type: ClusterIP + + admissionWebhooks: + certManager: + enabled: true diff --git a/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml b/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml deleted file mode 100644 index a13241cd4c..0000000000 --- a/charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - admissionWebhooks: - certManager: - enabled: true - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml b/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml new file mode 100644 index 0000000000..460a610bac --- /dev/null +++ b/charts/ingress-nginx/ci/controller-configmap-addheaders-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + addHeaders: + X-Frame-Options: deny diff --git a/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml b/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml new file mode 100644 index 0000000000..e23a13c0c6 --- /dev/null +++ b/charts/ingress-nginx/ci/controller-configmap-proxyheaders-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + proxySetHeaders: + X-Forwarded-Proto: https diff --git a/charts/ingress-nginx/ci/deployment-customconfig-values.yaml b/charts/ingress-nginx/ci/controller-configmap-values.yaml similarity index 70% rename from charts/ingress-nginx/ci/deployment-customconfig-values.yaml rename to charts/ingress-nginx/ci/controller-configmap-values.yaml index 174941848e..a7029895ca 100644 --- a/charts/ingress-nginx/ci/deployment-customconfig-values.yaml +++ b/charts/ingress-nginx/ci/controller-configmap-values.yaml @@ -3,10 +3,9 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - config: - use-proxy-protocol: "true" - allowSnippetAnnotations: false - admissionWebhooks: - enabled: false + service: type: ClusterIP + + config: + use-proxy-protocol: "true" diff --git a/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml b/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml deleted file mode 100644 index b28a2326ee..0000000000 --- a/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - watchIngressWithoutClass: true - ingressClassResource: - name: custom-nginx - enabled: true - default: true - controllerValue: "k8s.io/custom-nginx" diff --git a/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml new file mode 100644 index 0000000000..edf12e77ed --- /dev/null +++ b/charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml @@ -0,0 +1,30 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + kind: DaemonSet + + extraModules: + - name: opentelemetry + image: + registry: registry.k8s.io + image: ingress-nginx/opentelemetry-1.25.3 + tag: v20240813-b933310d + digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 + distroless: true + containerSecurityContext: + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true diff --git a/charts/ingress-nginx/ci/deamonset-webhook-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml similarity index 89% rename from charts/ingress-nginx/ci/deamonset-webhook-values.yaml rename to charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml index 54d364df11..7a98580cd7 100644 --- a/charts/ingress-nginx/ci/deamonset-webhook-values.yaml +++ b/charts/ingress-nginx/ci/controller-daemonset-metrics-values.yaml @@ -1,10 +1,13 @@ controller: - kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: true + service: type: ClusterIP + + kind: DaemonSet + + metrics: + enabled: true diff --git a/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml similarity index 88% rename from charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml rename to charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml index fb3ef44465..179ab2a85a 100644 --- a/charts/ingress-nginx/ci/deployment-opentelemetry-customregistry-values.yaml +++ b/charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml @@ -3,7 +3,11 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null + service: type: ClusterIP + + kind: DaemonSet + opentelemetry: enabled: true diff --git a/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml similarity index 81% rename from charts/ingress-nginx/ci/daemonset-podannotations-values.yaml rename to charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml index 0b55306a10..405992ef30 100644 --- a/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml +++ b/charts/ingress-nginx/ci/controller-daemonset-podannotations-values.yaml @@ -1,17 +1,16 @@ controller: - kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true + service: type: ClusterIP + + kind: DaemonSet + podAnnotations: - prometheus.io/path: /metrics + prometheus.io/scrape: "true" prometheus.io/port: "10254" prometheus.io/scheme: http - prometheus.io/scrape: "true" + prometheus.io/path: /metrics diff --git a/charts/ingress-nginx/ci/deployment-default-values.yaml b/charts/ingress-nginx/ci/controller-daemonset-values.yaml similarity index 78% rename from charts/ingress-nginx/ci/deployment-default-values.yaml rename to charts/ingress-nginx/ci/controller-daemonset-values.yaml index 9f46b4e7e9..d34025c80f 100644 --- a/charts/ingress-nginx/ci/deployment-default-values.yaml +++ b/charts/ingress-nginx/ci/controller-daemonset-values.yaml @@ -1,8 +1,10 @@ -# Left blank to test default values controller: image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null + service: type: ClusterIP + + kind: DaemonSet diff --git a/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml b/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml new file mode 100644 index 0000000000..d4083cc375 --- /dev/null +++ b/charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml @@ -0,0 +1,30 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + kind: Deployment + + extraModules: + - name: opentelemetry + image: + registry: registry.k8s.io + image: ingress-nginx/opentelemetry-1.25.3 + tag: v20240813-b933310d + digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 + distroless: true + containerSecurityContext: + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true diff --git a/charts/ingress-nginx/ci/deployment-webhook-values.yaml b/charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml similarity index 82% rename from charts/ingress-nginx/ci/deployment-webhook-values.yaml rename to charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml index 76669a5300..9c95d347c4 100644 --- a/charts/ingress-nginx/ci/deployment-webhook-values.yaml +++ b/charts/ingress-nginx/ci/controller-deployment-metrics-values.yaml @@ -3,7 +3,11 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: true + service: type: ClusterIP + + kind: Deployment + + metrics: + enabled: true diff --git a/charts/ingress-nginx/ci/deployment-metrics-values.yaml b/charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml similarity index 74% rename from charts/ingress-nginx/ci/deployment-metrics-values.yaml rename to charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml index 9209ad5a6f..9443ddefcc 100644 --- a/charts/ingress-nginx/ci/deployment-metrics-values.yaml +++ b/charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml @@ -3,9 +3,11 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true + service: type: ClusterIP + + kind: Deployment + + opentelemetry: + enabled: true diff --git a/charts/ingress-nginx/ci/deployment-podannotations-values.yaml b/charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml similarity index 80% rename from charts/ingress-nginx/ci/deployment-podannotations-values.yaml rename to charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml index b48d93c46a..cf1f2611e6 100644 --- a/charts/ingress-nginx/ci/deployment-podannotations-values.yaml +++ b/charts/ingress-nginx/ci/controller-deployment-podannotations-values.yaml @@ -3,14 +3,14 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true + service: type: ClusterIP + + kind: Deployment + podAnnotations: - prometheus.io/path: /metrics + prometheus.io/scrape: "true" prometheus.io/port: "10254" prometheus.io/scheme: http - prometheus.io/scrape: "true" + prometheus.io/path: /metrics diff --git a/charts/ingress-nginx/ci/controller-deployment-values.yaml b/charts/ingress-nginx/ci/controller-deployment-values.yaml new file mode 100644 index 0000000000..1b092dc0c1 --- /dev/null +++ b/charts/ingress-nginx/ci/controller-deployment-values.yaml @@ -0,0 +1,10 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + kind: Deployment diff --git a/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml b/charts/ingress-nginx/ci/controller-hpa-values.yaml similarity index 71% rename from charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml rename to charts/ingress-nginx/ci/controller-hpa-values.yaml index dca3f35f83..54a0d2f75a 100644 --- a/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml +++ b/charts/ingress-nginx/ci/controller-hpa-values.yaml @@ -1,4 +1,12 @@ controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + autoscaling: enabled: true behavior: @@ -8,7 +16,3 @@ controller: - type: Pods value: 1 periodSeconds: 180 - admissionWebhooks: - enabled: false - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/controller-ingressclass-values.yaml b/charts/ingress-nginx/ci/controller-ingressclass-values.yaml new file mode 100644 index 0000000000..c06429f975 --- /dev/null +++ b/charts/ingress-nginx/ci/controller-ingressclass-values.yaml @@ -0,0 +1,15 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + + service: + type: ClusterIP + + ingressClassResource: + name: custom-nginx + default: true + controllerValue: k8s.io/custom-nginx + + watchIngressWithoutClass: true diff --git a/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml b/charts/ingress-nginx/ci/controller-service-internal-values.yaml similarity index 81% rename from charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml rename to charts/ingress-nginx/ci/controller-service-internal-values.yaml index 0a200a7460..11108fbce9 100644 --- a/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-internal-values.yaml @@ -1,13 +1,12 @@ controller: - kind: DaemonSet image: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false + service: type: ClusterIP + internal: enabled: true annotations: diff --git a/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml b/charts/ingress-nginx/ci/controller-service-values.yaml similarity index 69% rename from charts/ingress-nginx/ci/deployment-customnodeport-values.yaml rename to charts/ingress-nginx/ci/controller-service-values.yaml index a564eaf931..9039368c28 100644 --- a/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-values.yaml @@ -3,18 +3,20 @@ controller: repository: ingress-controller/controller tag: 1.0.0-dev digest: null - admissionWebhooks: - enabled: false + service: type: NodePort + nodePorts: tcp: 9000: 30090 udp: 9001: 30091 +portNamePrefix: port + tcp: - 9000: "default/test:8080" + 9000: default/test:8080 udp: - 9001: "default/test:8080" + 9001: default/test:8080 diff --git a/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml b/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml deleted file mode 100644 index 4393a5bc06..0000000000 --- a/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - kind: DaemonSet - allowSnippetAnnotations: false - admissionWebhooks: - enabled: false - service: - type: ClusterIP - - config: - use-proxy-protocol: "true" diff --git a/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml b/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml deleted file mode 100644 index 1d94be219b..0000000000 --- a/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - - service: - type: NodePort - nodePorts: - tcp: - 9000: 30090 - udp: - 9001: 30091 - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml b/charts/ingress-nginx/ci/daemonset-extra-modules.yaml deleted file mode 100644 index 52a32fcbd4..0000000000 --- a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - service: - type: ClusterIP - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: busybox - tag: latest diff --git a/charts/ingress-nginx/ci/daemonset-headers-values.yaml b/charts/ingress-nginx/ci/daemonset-headers-values.yaml deleted file mode 100644 index ab7d47bd4d..0000000000 --- a/charts/ingress-nginx/ci/daemonset-headers-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - addHeaders: - X-Frame-Options: deny - proxySetHeaders: - X-Forwarded-Proto: https - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml b/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml deleted file mode 100644 index 3b7aa2fcd2..0000000000 --- a/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: NodePort diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml deleted file mode 100644 index acd86a77ab..0000000000 --- a/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - tcp: - configMapNamespace: default - udp: - configMapNamespace: default - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml deleted file mode 100644 index 90b0f57a58..0000000000 --- a/charts/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml +++ /dev/null @@ -1,18 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" - -portNamePrefix: "port" diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml deleted file mode 100644 index 25ee64d856..0000000000 --- a/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/daemonset-tcp-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-values.yaml deleted file mode 100644 index 380c8b4b13..0000000000 --- a/charts/ingress-nginx/ci/daemonset-tcp-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/deamonset-metrics-values.yaml b/charts/ingress-nginx/ci/deamonset-metrics-values.yaml deleted file mode 100644 index cb3cb54be2..0000000000 --- a/charts/ingress-nginx/ci/deamonset-metrics-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -controller: - kind: DaemonSet - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - metrics: - enabled: true - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml b/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml deleted file mode 100644 index b8b3ac6862..0000000000 --- a/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - autoscaling: - enabled: true - admissionWebhooks: - enabled: false - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml deleted file mode 100644 index 91b1b98a80..0000000000 --- a/charts/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml +++ /dev/null @@ -1,15 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - containerSecurityContext: - allowPrivilegeEscalation: false - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: busybox - tag: latest diff --git a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml b/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml deleted file mode 100644 index b6013c7d0a..0000000000 --- a/charts/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml +++ /dev/null @@ -1,15 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: busybox - tag: latest - containerSecurityContext: - allowPrivilegeEscalation: false diff --git a/charts/ingress-nginx/ci/deployment-extra-modules.yaml b/charts/ingress-nginx/ci/deployment-extra-modules.yaml deleted file mode 100644 index 2fbe1cc013..0000000000 --- a/charts/ingress-nginx/ci/deployment-extra-modules.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - extraModules: - - name: opentelemetry - image: - registry: registry.k8s.io - image: busybox - tag: latest diff --git a/charts/ingress-nginx/ci/deployment-headers-values.yaml b/charts/ingress-nginx/ci/deployment-headers-values.yaml deleted file mode 100644 index 17a11ac370..0000000000 --- a/charts/ingress-nginx/ci/deployment-headers-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - addHeaders: - X-Frame-Options: deny - proxySetHeaders: - X-Forwarded-Proto: https - service: - type: ClusterIP diff --git a/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml b/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml deleted file mode 100644 index 663ccb9d1c..0000000000 --- a/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - internal: - enabled: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: "true" - ports: - http: 443 - https: 80 - targetPorts: - http: 443 - https: 80 diff --git a/charts/ingress-nginx/ci/deployment-nodeport-values.yaml b/charts/ingress-nginx/ci/deployment-nodeport-values.yaml deleted file mode 100644 index cd9b323528..0000000000 --- a/charts/ingress-nginx/ci/deployment-nodeport-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: NodePort diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml deleted file mode 100644 index c51a4e91fa..0000000000 --- a/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - tcp: - configMapNamespace: default - udp: - configMapNamespace: default - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml deleted file mode 100644 index 56323c5eeb..0000000000 --- a/charts/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" - -portNamePrefix: "port" diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml deleted file mode 100644 index 5b45b69dcc..0000000000 --- a/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - admissionWebhooks: - enabled: false - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - -udp: - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/deployment-tcp-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-values.yaml deleted file mode 100644 index ac0b6e60eb..0000000000 --- a/charts/ingress-nginx/ci/deployment-tcp-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -controller: - image: - repository: ingress-controller/controller - tag: 1.0.0-dev - digest: null - service: - type: ClusterIP - -tcp: - 9000: "default/test:8080" - 9001: "default/test:8080" diff --git a/charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml deleted file mode 100644 index 95487b071f..0000000000 --- a/charts/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -controller: - service: - type: ClusterIP - admissionWebhooks: - enabled: true - extraEnvs: - - name: FOO - value: foo - - name: TEST - value: test - patch: - enabled: true diff --git a/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml deleted file mode 100644 index 49ebbb02c8..0000000000 --- a/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml +++ /dev/null @@ -1,23 +0,0 @@ -controller: - service: - type: ClusterIP - admissionWebhooks: - enabled: true - createSecretJob: - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi - patchWebhookJob: - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi - patch: - enabled: true diff --git a/docs/user-guide/third-party-addons/opentelemetry.md b/docs/user-guide/third-party-addons/opentelemetry.md index af7fd2b145..32b17d2ca2 100644 --- a/docs/user-guide/third-party-addons/opentelemetry.md +++ b/docs/user-guide/third-party-addons/opentelemetry.md @@ -191,7 +191,7 @@ To install the example and collectors run: helm repo add grafana https://grafana.github.io/helm-charts helm repo update # deploy cert-manager needed for OpenTelemetry collector operator - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml # create observability namespace kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/namespace.yaml # install OpenTelemetry collector operator diff --git a/magefiles/steps/helm.go b/magefiles/steps/helm.go index 245f5e1c0e..73c9b0b3b4 100644 --- a/magefiles/steps/helm.go +++ b/magefiles/steps/helm.go @@ -170,7 +170,7 @@ func runHelmDocs() error { if err != nil { return err } - err = sh.RunV("helm-docs", "--chart-search-root=${PWD}/charts") + err = sh.RunV("helm-docs", "--chart-search-root", "${PWD}/charts") if err != nil { return err } @@ -181,7 +181,7 @@ func installHelmDocs() error { utils.Info("HELM Install HelmDocs") g0 := sh.RunCmd("go") - err := g0("install", "github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0") + err := g0("install", "github.com/norwoodj/helm-docs/cmd/helm-docs@latest") if err != nil { return err } diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 95465ee32f..b6748f129d 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -91,25 +91,28 @@ echo "[dev-env] copying docker images to cluster..." kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes=${KIND_WORKERS} ${REGISTRY}/controller:${TAG} if [ "${SKIP_CERT_MANAGER_CREATION:-false}" = "false" ]; then - curl -fsSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.11.1/cmctl-linux-amd64.tar.gz - tar xzf cmctl.tar.gz - chmod +x cmctl - ./cmctl help - echo "[dev-env] apply cert-manager ..." - kubectl apply --wait -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml - kubectl wait --timeout=30s --for=condition=available deployment/cert-manager -n cert-manager - kubectl get validatingwebhookconfigurations cert-manager-webhook -ojson | jq '.webhooks[].clientConfig' - kubectl get endpoints -n cert-manager cert-manager-webhook - ./cmctl check api --wait=2m + echo "[dev-env] deploying cert-manager..." + + # Get OS & platform for downloading cmctl. + os="$(uname -o | tr "[:upper:]" "[:lower:]" | sed "s/gnu\///")" + platform="$(uname -m | sed "s/aarch64/arm64/;s/x86_64/amd64/")" + + # Download cmctl. Cannot validate checksum as OS & platform may vary. + curl --fail --location "https://github.com/cert-manager/cmctl/releases/download/v2.1.1/cmctl_${os}_${platform}.tar.gz" | tar --extract --gzip cmctl + + # Install cert-manager. + ./cmctl x install + ./cmctl check api --wait 1m fi echo "[dev-env] running helm chart e2e tests..." -docker run --rm --interactive --network host \ - --name ct \ - --volume $KUBECONFIG:/root/.kube/config \ - --volume "${DIR}/../../":/workdir \ - --workdir /workdir \ - registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785 \ - ct install \ - --charts charts/ingress-nginx \ - --helm-extra-args "--timeout 60s" +docker run \ + --name ct \ + --volume "${KUBECONFIG}:/root/.kube/config:ro" \ + --volume "${DIR}/../../:/workdir" \ + --network host \ + --workdir /workdir \ + --entrypoint ct \ + --rm \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785 \ + install --charts charts/ingress-nginx From acdbd39bbfdc46a7ec458ab72582c87383b50e8e Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Mon, 30 Sep 2024 12:52:24 +0200 Subject: [PATCH 46/81] Bump the all group with 2 updates (#12036) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/chart.yaml | 2 +- .github/workflows/ci.yaml | 12 ++++++------ .github/workflows/depreview.yaml | 2 +- .github/workflows/docs.yaml | 4 ++-- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/images.yaml | 6 +++--- .github/workflows/perftest.yaml | 2 +- .github/workflows/plugin.yaml | 2 +- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/vulnerability-scans.yaml | 6 +++--- .github/workflows/zz-tmpl-images.yaml | 6 +++--- .github/workflows/zz-tmpl-k8s-e2e.yaml | 2 +- 12 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml index b99374a90e..a546801a0d 100644 --- a/.github/workflows/chart.yaml +++ b/.github/workflows/chart.yaml @@ -45,7 +45,7 @@ jobs: git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com" - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2dafb7c1da..e6748f1aec 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -79,7 +79,7 @@ jobs: (needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV @@ -103,7 +103,7 @@ jobs: (needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - name: Set up Go @@ -128,7 +128,7 @@ jobs: PLATFORMS: linux/amd64 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Get go version id: golangversion @@ -225,7 +225,7 @@ jobs: run: helm plugin install https://github.com/helm-unittest/helm-unittest - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -258,7 +258,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 913b995bd1..857411f798 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: 'Dependency Review' uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index c1434c7b72..479c139aa4 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Deploy uses: ./.github/actions/mkdocs diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index dca8f07dbb..93db7fbb7f 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index fe83f1dd33..b6975f5e2c 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -41,7 +41,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -144,7 +144,7 @@ jobs: k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV @@ -195,7 +195,7 @@ jobs: PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index 2e1e01a3ee..eb086538e5 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Install K6 run: | diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 63b8c19bf6..0ae13a2df4 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index ad03178451..7641264505 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,7 +27,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index e35ee0a658..9b038de986 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -52,7 +52,7 @@ jobs: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - shell: bash id: test @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml index 6d5a4ef172..2efc039d61 100644 --- a/.github/workflows/zz-tmpl-images.yaml +++ b/.github/workflows/zz-tmpl-images.yaml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Build run: | @@ -67,7 +67,7 @@ jobs: PLATFORMS: ${{ inputs.platforms-publish }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index 6d3e943ae6..8d94e37fec 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 From d70c2517d49c638f94f64d04ff0955f238e6da59 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 30 Sep 2024 05:25:01 -0700 Subject: [PATCH 47/81] GitHub: Improve Dependabot. (#12038) Co-authored-by: Marco Ebert --- .github/dependabot.yml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 69d1ba1615..deb4346756 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,6 @@ ---- version: 2 updates: - - package-ecosystem: "gomod" + - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" @@ -10,11 +9,13 @@ updates: - "release-note-none" - "ok-to-test" groups: - all: + actions: update-types: + - "minor" - "patch" - - package-ecosystem: "github-actions" - directory: "/" + - package-ecosystem: "docker" + directories: + - "**/rootfs" schedule: interval: "weekly" labels: @@ -22,12 +23,14 @@ updates: - "release-note-none" - "ok-to-test" groups: - all: + docker: update-types: - "minor" - "patch" - - package-ecosystem: "docker" - directory: "/images" + - package-ecosystem: "gomod" + directories: + - "/" + - "**/rootfs" schedule: interval: "weekly" labels: @@ -35,7 +38,6 @@ updates: - "release-note-none" - "ok-to-test" groups: - actions: + go: update-types: - - "minor" - "patch" From 5d0e706fa83e3b1e9e0c549b3393027e75f8a5fa Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 30 Sep 2024 05:35:04 -0700 Subject: [PATCH 48/81] Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12046) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- images/custom-error-pages/rootfs/go.mod | 18 +-- images/custom-error-pages/rootfs/go.sum | 161 ++++-------------------- 2 files changed, 31 insertions(+), 148 deletions(-) diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index 34363c50a1..bd24d4e1c7 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -2,16 +2,16 @@ module k8s.io/ingress-nginx/custom-error-pages go 1.22.7 -require github.com/prometheus/client_golang v1.11.1 +require github.com/prometheus/client_golang v1.20.4 require ( github.com/beorn7/perks v1.0.1 // indirect - github.com/cespare/xxhash/v2 v2.1.1 // indirect - github.com/golang/protobuf v1.5.0 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect - github.com/prometheus/client_model v0.2.0 // indirect - github.com/prometheus/common v0.26.0 // indirect - github.com/prometheus/procfs v0.6.0 // indirect - golang.org/x/sys v0.1.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/klauspost/compress v1.17.9 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + golang.org/x/sys v0.22.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect ) diff --git a/images/custom-error-pages/rootfs/go.sum b/images/custom-error-pages/rootfs/go.sum index 99c959a36e..a228b18fb3 100644 --- a/images/custom-error-pages/rootfs/go.sum +++ b/images/custom-error-pages/rootfs/go.sum @@ -1,141 +1,24 @@ -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0 h1:LUVKkCeviFUMKqHa4tXIIij/lbhnMbP7Fn5wKdKkRh4= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.11.1 h1:+4eQaD7vAZ6DsfsxB15hbE0odUjGI5ARs9yskGu1v4s= -github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= +github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= From 737cfa0a831538b907699d38f022f155e93e0abf Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 30 Sep 2024 05:38:02 -0700 Subject: [PATCH 49/81] Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12047) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- images/ext-auth-example-authsvc/rootfs/go.mod | 4 +- images/ext-auth-example-authsvc/rootfs/go.sum | 219 +----------------- 2 files changed, 6 insertions(+), 217 deletions(-) diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod index 366e196396..908da4b2ed 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.mod +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -2,6 +2,6 @@ module example.com/authsvc go 1.22.7 -require k8s.io/apimachinery v0.23.1 +require k8s.io/apimachinery v0.31.1 -require github.com/google/uuid v1.1.2 // indirect +require github.com/google/uuid v1.6.0 // indirect diff --git a/images/ext-auth-example-authsvc/rootfs/go.sum b/images/ext-auth-example-authsvc/rootfs/go.sum index 6e3fab2955..a3b9e420d9 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.sum +++ b/images/ext-auth-example-authsvc/rootfs/go.sum @@ -1,215 +1,4 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.23.1 h1:sfBjlDFwj2onG0Ijx5C+SrAoeUscPrmghm7wHP+uXlo= -k8s.io/apimachinery v0.23.1/go.mod h1:SADt2Kl8/sttJ62RRsi9MIV4o8f5S3coArm0Iu3fBno= -k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= -k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= -k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= -sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= From 0fb4adbd1ef4afc9e1dcf280497427d336c54b2b Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 30 Sep 2024 05:40:04 -0700 Subject: [PATCH 50/81] Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12049) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- images/kube-webhook-certgen/rootfs/go.mod | 29 ++++---- images/kube-webhook-certgen/rootfs/go.sum | 83 +++++++++-------------- 2 files changed, 48 insertions(+), 64 deletions(-) diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index 9bbb5b3918..c9f1c827ca 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -5,17 +5,17 @@ go 1.22.7 require ( github.com/onrik/logrus v0.11.0 github.com/sirupsen/logrus v1.9.3 - github.com/spf13/cobra v1.8.0 - k8s.io/api v0.29.3 - k8s.io/apimachinery v0.29.3 - k8s.io/client-go v0.29.3 - k8s.io/kube-aggregator v0.29.3 + github.com/spf13/cobra v1.8.1 + k8s.io/api v0.31.1 + k8s.io/apimachinery v0.31.1 + k8s.io/client-go v0.31.1 + k8s.io/kube-aggregator v0.31.1 ) require ( - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.11.3 // indirect - github.com/evanphx/json-patch v5.9.0+incompatible // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect github.com/go-openapi/jsonreference v0.20.4 // indirect @@ -23,6 +23,7 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect github.com/imdario/mergo v0.3.16 // indirect @@ -37,21 +38,21 @@ require ( github.com/onsi/gomega v1.34.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/stretchr/testify v1.9.0 // indirect + github.com/x448/float16 v0.8.4 // indirect golang.org/x/net v0.28.0 // indirect - golang.org/x/oauth2 v0.18.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sys v0.24.0 // indirect golang.org/x/term v0.23.0 // indirect golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.5.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/images/kube-webhook-certgen/rootfs/go.sum b/images/kube-webhook-certgen/rootfs/go.sum index f963471082..da633e6db6 100644 --- a/images/kube-webhook-certgen/rootfs/go.sum +++ b/images/kube-webhook-certgen/rootfs/go.sum @@ -1,11 +1,12 @@ -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/go-restful/v3 v3.11.3 h1:yagOQz/38xJmcNeZJtrUcKjkHRltIaIFXKWeG1SkWGE= github.com/emicklei/go-restful/v3 v3.11.3/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= -github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= @@ -14,18 +15,14 @@ github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdX github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -67,15 +64,16 @@ github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -89,50 +87,38 @@ github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= -golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= -golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -141,22 +127,19 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -165,20 +148,20 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= -k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= -k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= -k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.29.3 h1:5KvTyFN8sQq2imq8tMAHWEKoE64Zg9WSMaGX78KV6ps= -k8s.io/kube-aggregator v0.29.3/go.mod h1:xGJqV/SJJ1fbwTGfQLAZfwgqX1EMoaqfotDTkDrqqSk= -k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b h1:1dzw/KqgSPod72SUp2tuTOmK33TlY2fHlrVU2M9VrOM= -k8s.io/kube-openapi v0.0.0-20240224005224-582cce78233b/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= +k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= +k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-aggregator v0.31.1 h1:vrYBTTs3xMrpiEsmBjsLETZE9uuX67oQ8B3i1BFfMPw= +k8s.io/kube-aggregator v0.31.1/go.mod h1:+aW4NX50uneozN+BtoCxI4g7ND922p8Wy3tWKFDiWVk= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= From edd8c7b158df324862448e87b11b946587d20ca4 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 30 Sep 2024 07:30:03 -0700 Subject: [PATCH 51/81] Bump the go group across 1 directory with 3 updates (#12053) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index b9f9f10f61..6bdaead759 100644 --- a/go.mod +++ b/go.mod @@ -32,12 +32,12 @@ require ( gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.31.1 - k8s.io/apiextensions-apiserver v0.31.0 + k8s.io/apiextensions-apiserver v0.31.1 k8s.io/apimachinery v0.31.1 - k8s.io/apiserver v0.31.0 + k8s.io/apiserver v0.31.1 k8s.io/cli-runtime v0.30.0 k8s.io/client-go v0.31.1 - k8s.io/code-generator v0.31.0 + k8s.io/code-generator v0.31.1 k8s.io/component-base v0.31.1 k8s.io/klog/v2 v2.130.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 diff --git a/go.sum b/go.sum index 20134af1e5..04a26d653a 100644 --- a/go.sum +++ b/go.sum @@ -343,18 +343,18 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= -k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= -k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= +k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= +k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY= -k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= +k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c= +k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM= k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= -k8s.io/code-generator v0.31.0 h1:w607nrMi1KeDKB3/F/J4lIoOgAwc+gV9ZKew4XRfMp8= -k8s.io/code-generator v0.31.0/go.mod h1:84y4w3es8rOJOUUP1rLsIiGlO1JuEaPFXQPA9e/K6U0= +k8s.io/code-generator v0.31.1 h1:GvkRZEP2g2UnB2QKT2Dgc/kYxIkDxCHENv2Q1itioVs= +k8s.io/code-generator v0.31.1/go.mod h1:oL2ky46L48osNqqZAeOcWWy0S5BXj50vVdwOtTefqIs= k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8= k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w= k8s.io/gengo/v2 v2.0.0-20240404160639-a0386bf69313 h1:bKcdZJOPICVmIIuaM9+MXmapE94dn5AYv5ODs1jA43o= From f6398126dae5d91d30b690c824c654e61d504b0d Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 30 Sep 2024 08:18:03 -0700 Subject: [PATCH 52/81] Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12055) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7641264505..4038f1158b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 9b038de986..adf8a593f7 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From eef1aa0e46cab63bb650b5dbabce0a40f5474c61 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Tue, 1 Oct 2024 12:42:53 +0200 Subject: [PATCH 53/81] Images: Remove NGINX v1.21. (#12058) --- .github/workflows/ci.yaml | 12 +- .github/workflows/images.yaml | 11 +- images/nginx-1.25/Makefile | 59 -- images/nginx-1.25/README.md | 47 -- images/nginx-1.25/TAG | 1 - images/nginx-1.25/cloudbuild.yaml | 14 - images/nginx-1.25/rootfs/Dockerfile | 74 --- images/nginx-1.25/rootfs/build.sh | 628 ------------------ images/nginx/Makefile | 4 +- images/nginx/README.md | 60 +- images/nginx/TAG | 2 +- images/nginx/rootfs/Dockerfile | 7 +- images/nginx/rootfs/build.sh | 493 ++++++-------- .../rootfs/patches/00_drop-alias-root.patch | 0 .../01_nginx-1.25.3-win32_max_err_str.patch | 0 ..._nginx-1.25.3-stream_balancer_export.patch | 0 ...stream_proxy_get_next_upstream_tries.patch | 0 ...x-1.25.3-stream_proxy_timeout_fields.patch | 0 ...nx-1.25.3-stream_ssl_preread_no_skip.patch | 0 ...6_nginx-1.25.3-resolver_conf_parsing.patch | 0 .../07_nginx-1.25.3-daemon_destroy_pool.patch | 0 ...nginx-1.25.3-init_cycle_pool_release.patch | 0 ...09_nginx-1.25.3-balancer_status_code.patch | 0 ...0_nginx-1.25.3-delayed_posted_events.patch | 0 ...ginx-1.25.3-privileged_agent_process.patch | 0 ...privileged_agent_process_connections.patch | 0 ...privileged_agent_process_thread_pool.patch | 0 ...-1.25.3-single_process_graceful_exit.patch | 0 .../15_nginx-1.25.3-intercept_error_log.patch | 0 .../16_nginx-1.25.3-upstream_pipelining.patch | 0 .../17_nginx-1.25.3-no_error_pages.patch | 0 .../patches/18_nginx-1.25.3-no_Werror.patch | 0 ...19_nginx-1.25.3-log_escape_non_ascii.patch | 0 ...20_nginx-1.25.3-proxy_host_port_vars.patch | 0 .../21_nginx-1.25.3-cache_manager_exit.patch | 0 ...22_nginx-1.25.3-larger_max_error_str.patch | 0 .../23_nginx-1.25.3-pcre_conf_opt.patch | 0 ....25.3-always_enable_cc_feature_tests.patch | 0 .../25_nginx-1.25.3-ssl_cert_cb_yield.patch | 0 .../26_nginx-1.25.3-ssl_sess_cb_yield.patch | 0 ...inx-1.25.3-ssl_client_hello_cb_yield.patch | 0 ...nginx-1.25.3-upstream_timeout_fields.patch | 0 ...inx-1.25.3-safe_resolver_ipv6_option.patch | 0 .../30_nginx-1.25.3-socket_cloexec.patch | 0 ...nx-1.25.3-reuseport_close_unused_fds.patch | 0 .../rootfs/patches/drop-alias-root.patch | 144 ---- .../nginx-1.21.4-balancer_status_code.patch | 72 -- .../nginx-1.21.4-cache_manager_exit.patch | 19 - .../nginx-1.21.4-delayed_posted_events.patch | 98 --- .../patches/nginx-1.21.4-hash_overflow.patch | 20 - .../rootfs/patches/nginx-1.21.4-http2.patch | 57 -- ...nginx-1.21.4-init_cycle_pool_release.patch | 59 -- .../nginx-1.21.4-larger_max_error_str.patch | 13 - .../patches/nginx-1.21.4-no_Werror.patch | 36 - .../nginx-1.21.4-proxy_host_port_vars.patch | 19 - .../nginx-1.21.4-resolver_conf_parsing.patch | 263 -------- ...nx-1.21.4-reuseport_close_unused_fds.patch | 38 -- ...-1.21.4-single_process_graceful_exit.patch | 75 --- .../patches/nginx-1.21.4-socket_cloexec.patch | 185 ------ .../nginx-1.21.4-ssl_cert_cb_yield.patch | 64 -- .../nginx-1.21.4-ssl_sess_cb_yield.patch | 41 -- ...stream_proxy_get_next_upstream_tries.patch | 31 - ...nx-1.21.4-stream_ssl_preread_no_skip.patch | 13 - .../nginx-1.21.4-upstream_pipelining.patch | 23 - ...nginx-1.21.4-upstream_timeout_fields.patch | 112 ---- 65 files changed, 247 insertions(+), 2547 deletions(-) delete mode 100644 images/nginx-1.25/Makefile delete mode 100644 images/nginx-1.25/README.md delete mode 100644 images/nginx-1.25/TAG delete mode 100644 images/nginx-1.25/cloudbuild.yaml delete mode 100644 images/nginx-1.25/rootfs/Dockerfile delete mode 100755 images/nginx-1.25/rootfs/build.sh rename images/{nginx-1.25 => nginx}/rootfs/patches/00_drop-alias-root.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/01_nginx-1.25.3-win32_max_err_str.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/02_nginx-1.25.3-stream_balancer_export.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/03_nginx-1.25.3-stream_proxy_get_next_upstream_tries.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/05_nginx-1.25.3-stream_ssl_preread_no_skip.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/06_nginx-1.25.3-resolver_conf_parsing.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/07_nginx-1.25.3-daemon_destroy_pool.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/09_nginx-1.25.3-balancer_status_code.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/10_nginx-1.25.3-delayed_posted_events.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/11_nginx-1.25.3-privileged_agent_process.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/12_nginx-1.25.3-privileged_agent_process_connections.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/13_nginx-1.25.3-privileged_agent_process_thread_pool.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/14_nginx-1.25.3-single_process_graceful_exit.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/15_nginx-1.25.3-intercept_error_log.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/16_nginx-1.25.3-upstream_pipelining.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/18_nginx-1.25.3-no_Werror.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/19_nginx-1.25.3-log_escape_non_ascii.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/21_nginx-1.25.3-cache_manager_exit.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/23_nginx-1.25.3-pcre_conf_opt.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/25_nginx-1.25.3-ssl_cert_cb_yield.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/26_nginx-1.25.3-ssl_sess_cb_yield.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/27_nginx-1.25.3-ssl_client_hello_cb_yield.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/28_nginx-1.25.3-upstream_timeout_fields.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/29_nginx-1.25.3-safe_resolver_ipv6_option.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/30_nginx-1.25.3-socket_cloexec.patch (100%) rename images/{nginx-1.25 => nginx}/rootfs/patches/31_nginx-1.25.3-reuseport_close_unused_fds.patch (100%) delete mode 100644 images/nginx/rootfs/patches/drop-alias-root.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-http2.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch delete mode 100644 images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e6748f1aec..3314c059fe 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,7 +9,7 @@ on: - 'deploy/**' - '**.md' - 'images/**' # Images changes should be tested on their own workflow - - '!images/nginx-1.25/**' + - '!images/nginx/**' push: branches: @@ -68,7 +68,7 @@ jobs: - 'NGINX_BASE' baseimage: - 'NGINX_BASE' - - 'images/nginx-1.25/**' + - 'images/nginx/**' docs: - '**/*.md' @@ -164,8 +164,8 @@ jobs: if: | needs.changes.outputs.baseimage == 'true' run: | - export TAG=$(cat images/nginx-1.25/TAG) - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx-1.25:${TAG} . + export TAG=$(cat images/nginx/TAG) + cd images/nginx/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx:${TAG} . - name: Build images env: @@ -174,8 +174,8 @@ jobs: REGISTRY: ingress-controller run: | echo "building images..." - export TAGNGINX=$(cat images/nginx-1.25/TAG) - make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx-1.25:${TAGNGINX} clean-image build image image-chroot + export TAGNGINX=$(cat images/nginx/TAG) + make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx:${TAGNGINX} clean-image build image image-chroot make -C test/e2e-image image echo "creating images cache..." diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index b6975f5e2c..2ec6d8471d 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -36,7 +36,6 @@ jobs: kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }} ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }} nginx: ${{ steps.filter.outputs.nginx }} - nginx125: ${{ steps.filter.outputs.nginx125 }} opentelemetry: ${{ steps.filter.outputs.opentelemetry }} steps: @@ -67,8 +66,6 @@ jobs: - 'images/nginx/**' opentelemetry: - 'images/opentelemetry/**' - nginx125: - - 'images/nginx-1.25/TAG' #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here) cfssl: @@ -183,14 +180,14 @@ jobs: run: | cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build - nginx125: + nginx: permissions: contents: write packages: write runs-on: ubuntu-latest needs: changes if: | - (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx125 == 'true') + (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx == 'true') env: PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x steps: @@ -211,5 +208,5 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: build-image run: | - export TAG=$(cat images/nginx-1.25/TAG) - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx-1.25:${TAG} . + export TAG=$(cat images/nginx/TAG) + cd images/nginx/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx:${TAG} . diff --git a/images/nginx-1.25/Makefile b/images/nginx-1.25/Makefile deleted file mode 100644 index cdd3e2a3ce..0000000000 --- a/images/nginx-1.25/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2024 The Kubernetes Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -.DEFAULT_GOAL:=build - -# set default shell -SHELL=/bin/bash -o pipefail -o errexit - -DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))) -INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh - -# 0.0.0 shouldn't clobber any released builds -SHORT_SHA ?=$(shell git rev-parse --short HEAD) -TAG ?=$(shell cat TAG) - -REGISTRY ?= gcr.io/k8s-staging-ingress-nginx - -IMAGE = $(REGISTRY)/nginx-1.25 - -# required to enable buildx -export DOCKER_CLI_EXPERIMENTAL=enabled - -# build with buildx -PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x -OUTPUT= -PROGRESS=plain -build: ensure-buildx - docker buildx build \ - --platform=${PLATFORMS} $(OUTPUT) \ - --progress=$(PROGRESS) \ - --pull \ - --tag $(IMAGE):$(TAG) rootfs - -# push the cross built image -push: OUTPUT=--push -push: build - -# enable buildx -ensure-buildx: -# this is required for cloudbuild -ifeq ("$(wildcard $(INIT_BUILDX))","") - @curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash -else - @exec $(INIT_BUILDX) -endif - @echo "done" - -.PHONY: build push ensure-buildx \ No newline at end of file diff --git a/images/nginx-1.25/README.md b/images/nginx-1.25/README.md deleted file mode 100644 index 35cccc1008..0000000000 --- a/images/nginx-1.25/README.md +++ /dev/null @@ -1,47 +0,0 @@ -NGINX 1.25 base image - -### HTTP/3 Support - -**HTTP/3 support is experimental and under development** - -[HTTP/3](https://datatracker.ietf.org/doc/html/rfc9114)\ -[QUIC](https://datatracker.ietf.org/doc/html/rfc9000) - -[According to the documentation, NGINX 1.25.0 or higher supports HTTP/3:](https://nginx.org/en/docs/quic.html) - -> Support for QUIC and HTTP/3 protocols is available since 1.25.0. - -But this requires adding a new flag during the build: - -> When configuring nginx, it is possible to enable QUIC and HTTP/3 using the --with-http_v3_module configuration parameter. - -[We have added this flag](https://github.com/kubernetes/ingress-nginx/pull/11470), but it is not enough to use HTTP/3 in ingress-nginx, this is the first step. - -The next steps will be: - -1. **Waiting for OpenSSL 3.4.**\ - The main problem is, that we still use OpenSSL (3.x) and it does not support the important mechanism of TLS 1.3 - [early_data](https://datatracker.ietf.org/doc/html/rfc8446#section-2.3): - - > Otherwise, the OpenSSL compatibility layer will be used that does not support early data. - - [And although another part of the documentation says that the directive is supported with OpenSSL:](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data) - - > The directive is supported when using OpenSSL 1.1.1 or higher. - - But this is incomplete support, because OpenSSL does not support this feature, and [it has only client side support:](https://github.com/openssl/openssl) - - > ... the QUIC (currently client side only) version 1 protocol - - [And also there are some issues even with client side](https://github.com/openssl/openssl/discussions/23339) - - Due to this, we currently have incomplete HTTP/3 support, without important security and performance features.\ - But the good news is that [OpenSSL plans to add server-side support in 3.4](https://github.com/openssl/web/blob/master/roadmap.md): - - > Server-side QUIC support - - [Overview of SSL libraries(HAProxy Documentation)](https://github.com/haproxy/wiki/wiki/SSL-Libraries-Support-Status#tldr) - -2. **Adding [parameters](https://nginx.org/en/docs/http/ngx_http_v3_module.html) to the configmap to configure HTTP/3 and quic(enableHTTP3, enableHTTP/0.9, maxCurrentStream, and so on).** -3. **Adding options to the nginx config template(`listen 443 quic` to server blocks and `add_header Alt-Svc 'h3=":8443"; ma=86400';` to location blocks).** -4. **Opening the https port for UDP in the container(because QUIC uses UDP).** -5. **Adding tests.** diff --git a/images/nginx-1.25/TAG b/images/nginx-1.25/TAG deleted file mode 100644 index f252462193..0000000000 --- a/images/nginx-1.25/TAG +++ /dev/null @@ -1 +0,0 @@ -v0.0.12 diff --git a/images/nginx-1.25/cloudbuild.yaml b/images/nginx-1.25/cloudbuild.yaml deleted file mode 100644 index d8bb1f2a9e..0000000000 --- a/images/nginx-1.25/cloudbuild.yaml +++ /dev/null @@ -1,14 +0,0 @@ -options: - # Increase machine type for multi-arch builds. - machineType: E2_HIGHCPU_32 - # Ignore Prow provided substitutions. - substitution_option: ALLOW_LOOSE -steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 - env: - - REGISTRY=gcr.io/k8s-staging-ingress-nginx - entrypoint: bash - args: - - -c - - gcloud auth configure-docker && cd images/nginx-1.25 && make push -timeout: 7200s diff --git a/images/nginx-1.25/rootfs/Dockerfile b/images/nginx-1.25/rootfs/Dockerfile deleted file mode 100644 index 1d2b6b6230..0000000000 --- a/images/nginx-1.25/rootfs/Dockerfile +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 2024 The Kubernetes Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -FROM alpine:3.20 as builder - -COPY . / - -RUN apk update \ - && apk upgrade \ - && apk add -U bash --no-cache \ - && /build.sh - -# Use a multi-stage build -FROM alpine:3.20 - -ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin - -ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;" -ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" - -COPY --from=builder /usr/local /usr/local -COPY --from=builder /usr/lib/libopentelemetry* /usr/local/lib -COPY --from=builder /opt /opt -COPY --from=builder /etc/nginx /etc/nginx - -RUN apk update \ - && apk upgrade \ - && apk add -U --no-cache \ - bash \ - openssl \ - pcre \ - zlib \ - ca-certificates \ - patch \ - yajl \ - lmdb \ - libxml2 \ - libmaxminddb \ - yaml-cpp \ - dumb-init \ - tzdata \ - grpc-cpp \ - libprotobuf \ - && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \ - && adduser -S -D -H -u 101 -h /usr/local/nginx \ - -s /sbin/nologin -G www-data -g www-data www-data \ - && bash -eu -c ' \ - writeDirs=( \ - /var/log/nginx \ - /var/lib/nginx/body \ - /var/lib/nginx/fastcgi \ - /var/lib/nginx/proxy \ - /var/lib/nginx/scgi \ - /var/lib/nginx/uwsgi \ - /var/log/audit \ - ); \ - for dir in "${writeDirs[@]}"; do \ - mkdir -p ${dir}; \ - chown -R www-data.www-data ${dir}; \ - done' - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh deleted file mode 100755 index f9ea3840b8..0000000000 --- a/images/nginx-1.25/rootfs/build.sh +++ /dev/null @@ -1,628 +0,0 @@ -#!/bin/bash - -# Copyright 2023 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -export NGINX_VERSION=1.25.5 - -# Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.3...master -export NDK_VERSION=v0.3.3 - -# Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.33...master -export SETMISC_VERSION=796f5a3e518748eb29a93bd450324e0ad45b704e - -# Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.37...master -export MORE_HEADERS_VERSION=v0.37 - -# Check for recent changes: https://github.com/atomx/nginx-http-auth-digest/compare/v1.0.0...atomx:master -export NGINX_DIGEST_AUTH=v1.0.0 - -# Check for recent changes: https://github.com/yaoweibin/ngx_http_substitutions_filter_module/compare/v0.6.4...master -export NGINX_SUBSTITUTIONS=e12e965ac1837ca709709f9a26f572a54d83430e - -# Check for recent changes: https://github.com/SpiderLabs/ModSecurity-nginx/compare/v1.0.3...master -export MODSECURITY_VERSION=v1.0.3 - -# Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.8...v3/master -export MODSECURITY_LIB_VERSION=v3.0.12 - -# Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.5...v4.0/main -export OWASP_MODSECURITY_CRS_VERSION=v4.4.0 - -# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.26``...master -export LUA_NGX_VERSION=v0.10.26 - -# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/bea8a0c0de94cede71554f53818ac0267d675d63...master -export LUA_STREAM_NGX_VERSION=bea8a0c0de94cede71554f53818ac0267d675d63 - -# Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/8aa93ead98ba2060d4efd594ae33a35d153589bf...master -export LUA_UPSTREAM_VERSION=542be0893543a4e42d89f6dd85372972f5ff2a36 - -# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.13...openresty:master -export LUA_CJSON_VERSION=2.1.0.13 - -# Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/a607a41a8115fecfc05b5c283c81532a3d605425...master -export GEOIP2_VERSION=a607a41a8115fecfc05b5c283c81532a3d605425 - -# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20240314...v2.1-agentzh -export LUAJIT_VERSION=v2.1-20240314 - -# Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/1cd4363c0a239afe4765ec607dcfbbb4e5900eea...master -export LUA_RESTY_BALANCER=1cd4363c0a239afe4765ec607dcfbbb4e5900eea - -# Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/99e7578465b40f36f596d099b82eab404f2b42ed...master -export LUA_RESTY_CACHE=99e7578465b40f36f596d099b82eab404f2b42ed - -# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.27...master -export LUA_RESTY_CORE=v0.1.28 - -# Check for recent changes: https://github.com/cloudflare/lua-resty-cookie/compare/f418d77082eaef48331302e84330488fdc810ef4...master -export LUA_RESTY_COOKIE_VERSION=f418d77082eaef48331302e84330488fdc810ef4 - -# Check for recent changes: https://github.com/openresty/lua-resty-dns/compare/8bb53516e2933e61c317db740a9b7c2048847c2f...master -export LUA_RESTY_DNS=8bb53516e2933e61c317db740a9b7c2048847c2f - -# Check for recent changes: https://github.com/ledgetech/lua-resty-http/compare/v0.17.1...master -export LUA_RESTY_HTTP=v0.17.1 - -# Check for recent changes: https://github.com/openresty/lua-resty-lock/compare/v0.09...master -export LUA_RESTY_LOCK=405d0bf4cbfa74d742c6ed3158d442221e6212a9 - -# Check for recent changes: https://github.com/openresty/lua-resty-upload/compare/v0.11...master -export LUA_RESTY_UPLOAD_VERSION=979372cce011f3176af3c9aff53fd0e992c4bfd3 - -# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.15...master -export LUA_RESTY_STRING_VERSION=6f1bc21d86daef804df3cc34d6427ef68da26844 - -# Check for recent changes: https://github.com/openresty/lua-resty-memcached/compare/v0.17...master -export LUA_RESTY_MEMCACHED_VERSION=2f02b68bf65fa2332cce070674a93a69a6c7239b - -# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.30...master -export LUA_RESTY_REDIS_VERSION=8641b9f1b6f75cca50c90cf8ca5c502ad8950aa8 - -# Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/v0.6.1...master -export LUA_RESTY_IPMATCHER_VERSION=3e93c53eb8c9884efe939ef070486a0e507cc5be - -# Check for recent changes: https://github.com/ElvinEfendi/lua-resty-global-throttle/compare/v0.2.0...main -export LUA_RESTY_GLOBAL_THROTTLE_VERSION=v0.2.0 - -# Check for recent changes: https://github.com/microsoft/mimalloc/compare/v2.1.7...master -export MIMALOC_VERSION=v2.1.7 - -# Check on https://github.com/open-telemetry/opentelemetry-cpp -export OPENTELEMETRY_CPP_VERSION="v1.11.0" -# Check on https://github.com/open-telemetry/opentelemetry-proto -export OPENTELEMETRY_PROTO_VERSION="v1.1.0" - -export BUILD_PATH=/tmp/build - -ARCH=$(uname -m) - -get_src() -{ - hash="$1" - url="$2" - dest="${3-}" - ARGS="" - f=$(basename "$url") - - echo "Downloading $url" - - curl -sSL "$url" -o "$f" - # TODO: Reenable checksum verification but make it smarter - # echo "$hash $f" | sha256sum -c - || exit 10 - if [ ! -z "$dest" ]; then - mkdir ${BUILD_PATH}/${dest} - ARGS="-C ${BUILD_PATH}/${dest} --strip-components=1" - fi - tar xvzf "$f" $ARGS - rm -rf "$f" -} - -# install required packages to build -# Dependencies from "ninja" and below are OTEL dependencies -apk add \ - bash \ - gcc \ - clang \ - libc-dev \ - make \ - automake \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - libxslt-dev \ - gd-dev \ - perl-dev \ - libedit-dev \ - mercurial \ - alpine-sdk \ - findutils \ - curl \ - ca-certificates \ - patch \ - libaio-dev \ - openssl \ - cmake \ - util-linux \ - lmdb-tools \ - wget \ - curl-dev \ - libprotobuf \ - git g++ pkgconf flex bison doxygen yajl-dev lmdb-dev libtool autoconf libxml2 libxml2-dev \ - python3 \ - libmaxminddb-dev \ - bc \ - unzip \ - dos2unix \ - yaml-cpp \ - coreutils \ - ninja \ - gtest-dev \ - git \ - build-base \ - pkgconfig \ - c-ares-dev \ - re2-dev \ - grpc-dev \ - protobuf-dev - -# apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing opentelemetry-cpp-dev - -# There is some bug with some platforms and git, so force HTTP/1.1 -git config --global http.version HTTP/1.1 -git config --global http.postBuffer 157286400 - -mkdir -p /etc/nginx - -mkdir --verbose -p "$BUILD_PATH" -cd "$BUILD_PATH" - -# download, verify and extract the source files -get_src 66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae \ - "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" - -get_src aa961eafb8317e0eb8da37eb6e2c9ff42267edd18b56947384e719b85188f58b \ - "https://github.com/vision5/ngx_devel_kit/archive/$NDK_VERSION.tar.gz" "ngx_devel_kit" - -get_src abc123 \ - "https://github.com/open-telemetry/opentelemetry-cpp/archive/$OPENTELEMETRY_CPP_VERSION.tar.gz" "opentelemetry-cpp" - -get_src abc123 \ - "https://github.com/open-telemetry/opentelemetry-proto/archive/$OPENTELEMETRY_PROTO_VERSION.tar.gz" "opentelemetry-proto" - -get_src cd5e2cc834bcfa30149e7511f2b5a2183baf0b70dc091af717a89a64e44a2985 \ - "https://github.com/openresty/set-misc-nginx-module/archive/$SETMISC_VERSION.tar.gz" "set-misc-nginx-module" - -get_src 0c0d2ced2ce895b3f45eb2b230cd90508ab2a773299f153de14a43e44c1209b3 \ - "https://github.com/openresty/headers-more-nginx-module/archive/$MORE_HEADERS_VERSION.tar.gz" "headers-more-nginx-module" - -get_src f09851e6309560a8ff3e901548405066c83f1f6ff88aa7171e0763bd9514762b \ - "https://github.com/atomx/nginx-http-auth-digest/archive/$NGINX_DIGEST_AUTH.tar.gz" "nginx-http-auth-digest" - -get_src a98b48947359166326d58700ccdc27256d2648218072da138ab6b47de47fbd8f \ - "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/$NGINX_SUBSTITUTIONS.tar.gz" "ngx_http_substitutions_filter_module" - -get_src 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b \ - "https://github.com/SpiderLabs/ModSecurity-nginx/archive/$MODSECURITY_VERSION.tar.gz" "ModSecurity-nginx" - -get_src bc764db42830aeaf74755754b900253c233ad57498debe7a441cee2c6f4b07c2 \ - "https://github.com/openresty/lua-nginx-module/archive/$LUA_NGX_VERSION.tar.gz" "lua-nginx-module" - -get_src 01b715754a8248cc7228e0c8f97f7488ae429d90208de0481394e35d24cef32f \ - "https://github.com/openresty/stream-lua-nginx-module/archive/$LUA_STREAM_NGX_VERSION.tar.gz" "stream-lua-nginx-module" - -get_src a92c9ee6682567605ece55d4eed5d1d54446ba6fba748cff0a2482aea5713d5f \ - "https://github.com/openresty/lua-upstream-nginx-module/archive/$LUA_UPSTREAM_VERSION.tar.gz" "lua-upstream-nginx-module" - -get_src 77bbcbb24c3c78f51560017288f3118d995fe71240aa379f5818ff6b166712ff \ - "https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz" "luajit2" - -get_src b6c9c09fd43eb34a71e706ad780b2ead26549a9a9f59280fe558f5b7b980b7c6 \ - "https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz" "ngx_http_geoip2_module" - -get_src deb4ab1ffb9f3d962c4b4a2c4bdff692b86a209e3835ae71ebdf3b97189e40a9 \ - "https://github.com/openresty/lua-resty-upload/archive/$LUA_RESTY_UPLOAD_VERSION.tar.gz" "lua-resty-upload" - -get_src bdbf271003d95aa91cab0a92f24dca129e99b33f79c13ebfcdbbcbb558129491 \ - "https://github.com/openresty/lua-resty-string/archive/$LUA_RESTY_STRING_VERSION.tar.gz" "lua-resty-string" - -get_src 16d72ed133f0c6df376a327386c3ef4e9406cf51003a700737c3805770ade7c5 \ - "https://github.com/openresty/lua-resty-balancer/archive/$LUA_RESTY_BALANCER.tar.gz" "lua-resty-balancer" - -get_src 39baab9e2b31cc48cecf896cea40ef6e80559054fd8a6e440cc804a858ea84d4 \ - "https://github.com/openresty/lua-resty-core/archive/$LUA_RESTY_CORE.tar.gz" "lua-resty-core" - -get_src a77b9de160d81712f2f442e1de8b78a5a7ef0d08f13430ff619f79235db974d4 \ - "https://github.com/openresty/lua-cjson/archive/$LUA_CJSON_VERSION.tar.gz" "lua-cjson" - -get_src 5ed48c36231e2622b001308622d46a0077525ac2f751e8cc0c9905914254baa4 \ - "https://github.com/cloudflare/lua-resty-cookie/archive/$LUA_RESTY_COOKIE_VERSION.tar.gz" "lua-resty-cookie" - -get_src 573184006b98ccee2594b0d134fa4d05e5d2afd5141cbad315051ccf7e9b6403 \ - "https://github.com/openresty/lua-resty-lrucache/archive/$LUA_RESTY_CACHE.tar.gz" "lua-resty-lrucache" - -get_src b4ddcd47db347e9adf5c1e1491a6279a6ae2a3aff3155ef77ea0a65c998a69c1 \ - "https://github.com/openresty/lua-resty-lock/archive/$LUA_RESTY_LOCK.tar.gz" "lua-resty-lock" - -get_src 70e9a01eb32ccade0d5116a25bcffde0445b94ad35035ce06b94ccd260ad1bf0 \ - "https://github.com/openresty/lua-resty-dns/archive/$LUA_RESTY_DNS.tar.gz" "lua-resty-dns" - -get_src 9fcb6db95bc37b6fce77d3b3dc740d593f9d90dce0369b405eb04844d56ac43f \ - "https://github.com/ledgetech/lua-resty-http/archive/$LUA_RESTY_HTTP.tar.gz" "lua-resty-http" - -get_src 02733575c4aed15f6cab662378e4b071c0a4a4d07940c4ef19a7319e9be943d4 \ - "https://github.com/openresty/lua-resty-memcached/archive/$LUA_RESTY_MEMCACHED_VERSION.tar.gz" "lua-resty-memcached" - -get_src c15aed1a01c88a3a6387d9af67a957dff670357f5fdb4ee182beb44635eef3f1 \ - "https://github.com/openresty/lua-resty-redis/archive/$LUA_RESTY_REDIS_VERSION.tar.gz" "lua-resty-redis" - -get_src efb767487ea3f6031577b9b224467ddbda2ad51a41c5867a47582d4ad85d609e \ - "https://github.com/api7/lua-resty-ipmatcher/archive/$LUA_RESTY_IPMATCHER_VERSION.tar.gz" "lua-resty-ipmatcher" - -get_src 0fb790e394510e73fdba1492e576aaec0b8ee9ef08e3e821ce253a07719cf7ea \ - "https://github.com/ElvinEfendi/lua-resty-global-throttle/archive/$LUA_RESTY_GLOBAL_THROTTLE_VERSION.tar.gz" "lua-resty-global-throttle" - -get_src d74f86ada2329016068bc5a243268f1f555edd620b6a7d6ce89295e7d6cf18da \ - "https://github.com/microsoft/mimalloc/archive/${MIMALOC_VERSION}.tar.gz" "mimalloc" - -# improve compilation times -CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1)) - -export MAKEFLAGS=-j${CORES} -export CTEST_BUILD_FLAGS=${MAKEFLAGS} - -# Install luajit from openresty fork -export LUAJIT_LIB=/usr/local/lib -export LUA_LIB_DIR="$LUAJIT_LIB/lua" -export LUAJIT_INC=/usr/local/include/luajit-2.1 - -cd "$BUILD_PATH/luajit2" -make CCDEBUG=-g -make install - -ln -s /usr/local/bin/luajit /usr/local/bin/lua -ln -s "$LUAJIT_INC" /usr/local/include/lua - -cd "$BUILD_PATH/opentelemetry-cpp" -export CXXFLAGS="-DBENCHMARK_HAS_NO_INLINE_ASSEMBLY" -cmake -B build -G Ninja -Wno-dev \ - -DOTELCPP_PROTO_PATH="${BUILD_PATH}/opentelemetry-proto/" \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DBUILD_SHARED_LIBS=ON \ - -DBUILD_TESTING="OFF" \ - -DBUILD_W3CTRACECONTEXT_TEST="OFF" \ - -DCMAKE_BUILD_TYPE=None \ - -DWITH_ABSEIL=ON \ - -DWITH_STL=ON \ - -DWITH_EXAMPLES=OFF \ - -DWITH_ZPAGES=OFF \ - -DWITH_OTLP_GRPC=ON \ - -DWITH_OTLP_HTTP=ON \ - -DWITH_ZIPKIN=ON \ - -DWITH_PROMETHEUS=OFF \ - -DWITH_ASYNC_EXPORT_PREVIEW=OFF \ - -DWITH_METRICS_EXEMPLAR_PREVIEW=OFF - cmake --build build - cmake --install build - -# Git tuning -git config --global --add core.compression -1 - -# Get Brotli source and deps -cd "$BUILD_PATH" -git clone --depth=100 https://github.com/google/ngx_brotli.git -cd ngx_brotli -# https://github.com/google/ngx_brotli/issues/156 -git reset --hard 63ca02abdcf79c9e788d2eedcc388d2335902e52 -git submodule init -git submodule update - -cd "$BUILD_PATH" -git clone --depth=1 https://github.com/ssdeep-project/ssdeep -cd ssdeep/ - -./bootstrap -./configure - -make -make install - -# build modsecurity library -cd "$BUILD_PATH" -git clone -n https://github.com/SpiderLabs/ModSecurity -cd ModSecurity/ -git checkout $MODSECURITY_LIB_VERSION -git submodule init -git submodule update - -sh build.sh - -# https://github.com/SpiderLabs/ModSecurity/issues/1909#issuecomment-465926762 -sed -i '115i LUA_CFLAGS="${LUA_CFLAGS} -DWITH_LUA_JIT_2_1"' build/lua.m4 -sed -i '117i AC_SUBST(LUA_CFLAGS)' build/lua.m4 - -./configure \ - --disable-doxygen-doc \ - --disable-doxygen-html \ - --disable-examples - -make -make install - -mkdir -p /etc/nginx/modsecurity -cp modsecurity.conf-recommended /etc/nginx/modsecurity/modsecurity.conf -cp unicode.mapping /etc/nginx/modsecurity/unicode.mapping - -# Replace serial logging with concurrent -sed -i 's|SecAuditLogType Serial|SecAuditLogType Concurrent|g' /etc/nginx/modsecurity/modsecurity.conf - -# Concurrent logging implies the log is stored in several files -echo "SecAuditLogStorageDir /var/log/audit/" >> /etc/nginx/modsecurity/modsecurity.conf - -# Download owasp modsecurity crs -cd /etc/nginx/ - -git clone -b $OWASP_MODSECURITY_CRS_VERSION https://github.com/coreruleset/coreruleset -mv coreruleset owasp-modsecurity-crs -cd owasp-modsecurity-crs - -mv crs-setup.conf.example crs-setup.conf -mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf -mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf -cd .. - -# OWASP CRS v4 rules -echo " -Include /etc/nginx/owasp-modsecurity-crs/crs-setup.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-922-MULTIPART-ATTACK.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-955-WEB-SHELLS.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf -" > /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf - -# build nginx -cd "$BUILD_PATH/nginx-$NGINX_VERSION" - -# apply nginx patches -for PATCH in `ls /patches`;do - echo "Patch: $PATCH" - if [[ "$PATCH" == *.txt ]]; then - patch -p0 < /patches/$PATCH - else - patch -p1 < /patches/$PATCH - fi -done - -WITH_FLAGS="--with-debug \ - --with-compat \ - --with-pcre-jit \ - --with-http_ssl_module \ - --with-http_stub_status_module \ - --with-http_realip_module \ - --with-http_auth_request_module \ - --with-http_addition_module \ - --with-http_gzip_static_module \ - --with-http_sub_module \ - --with-http_v2_module \ - --with-http_v3_module \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_realip_module \ - --with-stream_ssl_preread_module \ - --with-threads \ - --with-http_secure_link_module \ - --with-http_gunzip_module" - -# "Combining -flto with -g is currently experimental and expected to produce unexpected results." -# https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html -CC_OPT="-g -O2 -fPIE -fstack-protector-strong \ - -Wformat \ - -Werror=format-security \ - -Wno-deprecated-declarations \ - -fno-strict-aliasing \ - -D_FORTIFY_SOURCE=2 \ - --param=ssp-buffer-size=4 \ - -DTCP_FASTOPEN=23 \ - -fPIC \ - -Wno-cast-function-type" - -LD_OPT="-fPIE -fPIC -pie -Wl,-z,relro -Wl,-z,now" - -if [[ ${ARCH} != "aarch64" ]]; then - WITH_FLAGS+=" --with-file-aio" -fi - -if [[ ${ARCH} == "x86_64" ]]; then - CC_OPT+=' -m64 -mtune=generic' -fi - -WITH_MODULES=" \ - --add-module=$BUILD_PATH/ngx_devel_kit \ - --add-module=$BUILD_PATH/set-misc-nginx-module \ - --add-module=$BUILD_PATH/headers-more-nginx-module \ - --add-module=$BUILD_PATH/ngx_http_substitutions_filter_module \ - --add-module=$BUILD_PATH/lua-nginx-module \ - --add-module=$BUILD_PATH/stream-lua-nginx-module \ - --add-module=$BUILD_PATH/lua-upstream-nginx-module \ - --add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest \ - --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx \ - --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module \ - --add-dynamic-module=$BUILD_PATH/ngx_brotli" - -./configure \ - --prefix=/usr/local/nginx \ - --conf-path=/etc/nginx/nginx.conf \ - --modules-path=/etc/nginx/modules \ - --http-log-path=/var/log/nginx/access.log \ - --error-log-path=/var/log/nginx/error.log \ - --lock-path=/var/lock/nginx.lock \ - --pid-path=/run/nginx.pid \ - --http-client-body-temp-path=/var/lib/nginx/body \ - --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ - --http-proxy-temp-path=/var/lib/nginx/proxy \ - --http-scgi-temp-path=/var/lib/nginx/scgi \ - --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ - ${WITH_FLAGS} \ - --without-mail_pop3_module \ - --without-mail_smtp_module \ - --without-mail_imap_module \ - --without-http_uwsgi_module \ - --without-http_scgi_module \ - --with-cc-opt="${CC_OPT}" \ - --with-ld-opt="${LD_OPT}" \ - --user=www-data \ - --group=www-data \ - ${WITH_MODULES} - -make -make modules -make install - -export OPENTELEMETRY_CONTRIB_COMMIT=e11348bb400d5472bf1da5d6128bead66fa111ff -cd "$BUILD_PATH" - -git clone https://github.com/open-telemetry/opentelemetry-cpp-contrib.git opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT} - -cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT} -git reset --hard ${OPENTELEMETRY_CONTRIB_COMMIT} - -export OTEL_TEMP_INSTALL=/tmp/otel -mkdir -p ${OTEL_TEMP_INSTALL} - -cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT}/instrumentation/nginx -mkdir -p build -cd build -cmake -DCMAKE_BUILD_TYPE=Release \ - -G Ninja \ - -DCMAKE_CXX_STANDARD=17 \ - -DCMAKE_INSTALL_PREFIX=${OTEL_TEMP_INSTALL} \ - -DBUILD_SHARED_LIBS=ON \ - -DNGINX_VERSION=${NGINX_VERSION} \ - .. -cmake --build . -j ${CORES} --target install - -mkdir -p /etc/nginx/modules -cp ${OTEL_TEMP_INSTALL}/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so - - -cd "$BUILD_PATH/lua-resty-core" -make install - -cd "$BUILD_PATH/lua-resty-balancer" -make all -make install - -export LUA_INCLUDE_DIR=/usr/local/include/luajit-2.1 -ln -s $LUA_INCLUDE_DIR /usr/include/lua5.1 - -cd "$BUILD_PATH/lua-cjson" -make all -make install - -cd "$BUILD_PATH/lua-resty-cookie" -make all -make install - -cd "$BUILD_PATH/lua-resty-lrucache" -make install - -cd "$BUILD_PATH/lua-resty-dns" -make install - -cd "$BUILD_PATH/lua-resty-lock" -make install - -# required for OCSP verification -cd "$BUILD_PATH/lua-resty-http" -make install - -cd "$BUILD_PATH/lua-resty-upload" -make install - -cd "$BUILD_PATH/lua-resty-string" -make install - -cd "$BUILD_PATH/lua-resty-memcached" -make install - -cd "$BUILD_PATH/lua-resty-redis" -make install - -cd "$BUILD_PATH/lua-resty-ipmatcher" -INST_LUADIR=/usr/local/lib/lua make install - -cd "$BUILD_PATH/lua-resty-global-throttle" -make install - -cd "$BUILD_PATH/mimalloc" -mkdir -p out/release -cd out/release - -cmake ../.. - -make -make install - -# update image permissions -writeDirs=( \ - /etc/nginx \ - /usr/local/nginx \ - /opt/modsecurity/var/log \ - /opt/modsecurity/var/upload \ - /opt/modsecurity/var/audit \ - /var/log/audit \ - /var/log/nginx \ -); - -adduser -S -D -H -u 101 -h /usr/local/nginx -s /sbin/nologin -G www-data -g www-data www-data - -for dir in "${writeDirs[@]}"; do - mkdir -p ${dir}; - chown -R www-data.www-data ${dir}; -done - -rm -rf /etc/nginx/owasp-modsecurity-crs/.git -rm -rf /etc/nginx/owasp-modsecurity-crs/tests - -# remove .a files -find /usr/local -name "*.a" -print | xargs /bin/rm diff --git a/images/nginx/Makefile b/images/nginx/Makefile index b54a7739bb..103ba217f9 100644 --- a/images/nginx/Makefile +++ b/images/nginx/Makefile @@ -1,4 +1,4 @@ -# Copyright 2017 The Kubernetes Authors. All rights reserved. +# Copyright 2024 The Kubernetes Authors. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh # 0.0.0 shouldn't clobber any released builds SHORT_SHA ?=$(shell git rev-parse --short HEAD) -TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA) +TAG ?=$(shell cat TAG) REGISTRY ?= gcr.io/k8s-staging-ingress-nginx diff --git a/images/nginx/README.md b/images/nginx/README.md index da6994fb53..768077215f 100644 --- a/images/nginx/README.md +++ b/images/nginx/README.md @@ -1,27 +1,47 @@ -NGINX base image using [alpine](https://www.alpinelinux.org/) +NGINX base image -This custom image contains: +### HTTP/3 Support -- [nginx-http-auth-digest](https://github.com/atomx/nginx-http-auth-digest) -- [ngx_http_substitutions_filter_module](https://github.com/yaoweibin/ngx_http_substitutions_filter_module) -- [OpenTelemetry-CPP](https://github.com/open-telemetry/opentelemetry-cpp) -- [OpenTelemetry-CPP-Nginx](https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/nginx) -- [nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing) -- [opentracing-cpp](https://github.com/opentracing/opentracing-cpp) -- [zipkin-cpp-opentracing](https://github.com/rnburn/zipkin-cpp-opentracing) -- [dd-opentracing-cpp](https://github.com/DataDog/dd-opentracing-cpp) -- [ModSecurity-nginx](https://github.com/SpiderLabs/ModSecurity-nginx) (only supported in x86_64) -- [brotli](https://github.com/google/brotli) -- [geoip2](https://github.com/leev/ngx_http_geoip2_module) +**HTTP/3 support is experimental and under development** -**How to use this image:** -This image provides a default configuration file with no backend servers. +[HTTP/3](https://datatracker.ietf.org/doc/html/rfc9114)\ +[QUIC](https://datatracker.ietf.org/doc/html/rfc9000) -_Using docker_ +[According to the documentation, NGINX 1.25.0 or higher supports HTTP/3:](https://nginx.org/en/docs/quic.html) -NGINX base image we use is defined in NGINX_BASE file at the root of the project +> Support for QUIC and HTTP/3 protocols is available since 1.25.0. -```console -docker run -v /some/nginx.conf:/etc/nginx/nginx.conf:ro $(cat ../../NGINX_BASE) -``` +But this requires adding a new flag during the build: +> When configuring nginx, it is possible to enable QUIC and HTTP/3 using the --with-http_v3_module configuration parameter. + +[We have added this flag](https://github.com/kubernetes/ingress-nginx/pull/11470), but it is not enough to use HTTP/3 in ingress-nginx, this is the first step. + +The next steps will be: + +1. **Waiting for OpenSSL 3.4.**\ + The main problem is, that we still use OpenSSL (3.x) and it does not support the important mechanism of TLS 1.3 - [early_data](https://datatracker.ietf.org/doc/html/rfc8446#section-2.3): + + > Otherwise, the OpenSSL compatibility layer will be used that does not support early data. + + [And although another part of the documentation says that the directive is supported with OpenSSL:](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data) + + > The directive is supported when using OpenSSL 1.1.1 or higher. + + But this is incomplete support, because OpenSSL does not support this feature, and [it has only client side support:](https://github.com/openssl/openssl) + + > ... the QUIC (currently client side only) version 1 protocol + + [And also there are some issues even with client side](https://github.com/openssl/openssl/discussions/23339) + + Due to this, we currently have incomplete HTTP/3 support, without important security and performance features.\ + But the good news is that [OpenSSL plans to add server-side support in 3.4](https://github.com/openssl/web/blob/master/roadmap.md): + + > Server-side QUIC support + + [Overview of SSL libraries(HAProxy Documentation)](https://github.com/haproxy/wiki/wiki/SSL-Libraries-Support-Status#tldr) + +2. **Adding [parameters](https://nginx.org/en/docs/http/ngx_http_v3_module.html) to the configmap to configure HTTP/3 and quic(enableHTTP3, enableHTTP/0.9, maxCurrentStream, and so on).** +3. **Adding options to the nginx config template(`listen 443 quic` to server blocks and `add_header Alt-Svc 'h3=":8443"; ma=86400';` to location blocks).** +4. **Opening the https port for UDP in the container(because QUIC uses UDP).** +5. **Adding tests.** diff --git a/images/nginx/TAG b/images/nginx/TAG index 0ec25f7505..f252462193 100644 --- a/images/nginx/TAG +++ b/images/nginx/TAG @@ -1 +1 @@ -v1.0.0 +v0.0.12 diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 245bb353b1..1d2b6b6230 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2015 The Kubernetes Authors. All rights reserved. +# Copyright 2024 The Kubernetes Authors. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,11 +29,10 @@ ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1 ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" COPY --from=builder /usr/local /usr/local +COPY --from=builder /usr/lib/libopentelemetry* /usr/local/lib COPY --from=builder /opt /opt COPY --from=builder /etc/nginx /etc/nginx -LABEL org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx - RUN apk update \ && apk upgrade \ && apk add -U --no-cache \ @@ -50,6 +49,8 @@ RUN apk update \ yaml-cpp \ dumb-init \ tzdata \ + grpc-cpp \ + libprotobuf \ && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \ && adduser -S -D -H -u 101 -h /usr/local/nginx \ -s /sbin/nologin -G www-data -g www-data www-data \ diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 2f5f3c66fd..f9ea3840b8 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2015 The Kubernetes Authors. +# Copyright 2023 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,139 +18,124 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.21.6 +export NGINX_VERSION=1.25.5 -# Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.2...master -export NDK_VERSION=0.3.2 +# Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.3...master +export NDK_VERSION=v0.3.3 # Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.33...master -export SETMISC_VERSION=0.33 +export SETMISC_VERSION=796f5a3e518748eb29a93bd450324e0ad45b704e # Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.37...master -export MORE_HEADERS_VERSION=0.37 +export MORE_HEADERS_VERSION=v0.37 # Check for recent changes: https://github.com/atomx/nginx-http-auth-digest/compare/v1.0.0...atomx:master -export NGINX_DIGEST_AUTH=1.0.0 +export NGINX_DIGEST_AUTH=v1.0.0 # Check for recent changes: https://github.com/yaoweibin/ngx_http_substitutions_filter_module/compare/v0.6.4...master -export NGINX_SUBSTITUTIONS=b8a71eacc7f986ba091282ab8b1bbbc6ae1807e0 - -# Check for recent changes: https://github.com/opentracing-contrib/nginx-opentracing/compare/v0.19.0...master -export NGINX_OPENTRACING_VERSION=0.19.0 - -#Check for recent changes: https://github.com/opentracing/opentracing-cpp/compare/v1.6.0...master -export OPENTRACING_CPP_VERSION=f86b33f3d9e7322b1298ba62d5ffa7a9519c4c41 - -# Check for recent changes: https://github.com/rnburn/zipkin-cpp-opentracing/compare/v0.5.2...master -export ZIPKIN_CPP_VERSION=f69593138ff84ca2f6bc115992e18ca3d35f344a - -# Check for recent changes: https://github.com/jbeder/yaml-cpp/compare/yaml-cpp-0.7.0...master -export YAML_CPP_VERSION=yaml-cpp-0.7.0 - -# Check for recent changes: https://github.com/jaegertracing/jaeger-client-cpp/compare/v0.7.0...master -export JAEGER_VERSION=0.7.0 - -# Check for recent changes: https://github.com/msgpack/msgpack-c/compare/cpp-3.3.0...master -export MSGPACK_VERSION=3.3.0 - -# Check for recent changes: https://github.com/DataDog/dd-opentracing-cpp/compare/v1.3.7...master -export DATADOG_CPP_VERSION=1.3.7 +export NGINX_SUBSTITUTIONS=e12e965ac1837ca709709f9a26f572a54d83430e # Check for recent changes: https://github.com/SpiderLabs/ModSecurity-nginx/compare/v1.0.3...master -export MODSECURITY_VERSION=1.0.3 +export MODSECURITY_VERSION=v1.0.3 -# Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.11...v3/master -export MODSECURITY_LIB_VERSION=bbde9381cbccb49ea73f6194b08b478adc53f3bc +# Check for recent changes: https://github.com/SpiderLabs/ModSecurity/compare/v3.0.8...v3/master +export MODSECURITY_LIB_VERSION=v3.0.12 -# Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.2...v3.3/master -export OWASP_MODSECURITY_CRS_VERSION=v3.3.5 +# Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v3.3.5...v4.0/main +export OWASP_MODSECURITY_CRS_VERSION=v4.4.0 -# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.25...master -export LUA_NGX_VERSION=0.10.25 +# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.26``...master +export LUA_NGX_VERSION=v0.10.26 -# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/v0.0.13...master -export LUA_STREAM_NGX_VERSION=0.0.13 +# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/bea8a0c0de94cede71554f53818ac0267d675d63...master +export LUA_STREAM_NGX_VERSION=bea8a0c0de94cede71554f53818ac0267d675d63 # Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/8aa93ead98ba2060d4efd594ae33a35d153589bf...master -export LUA_UPSTREAM_VERSION=8aa93ead98ba2060d4efd594ae33a35d153589bf +export LUA_UPSTREAM_VERSION=542be0893543a4e42d89f6dd85372972f5ff2a36 -# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.11...openresty:master -export LUA_CJSON_VERSION=2.1.0.11 +# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.13...openresty:master +export LUA_CJSON_VERSION=2.1.0.13 -# Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/3.4...master +# Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/a607a41a8115fecfc05b5c283c81532a3d605425...master export GEOIP2_VERSION=a607a41a8115fecfc05b5c283c81532a3d605425 -# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20230410...v2.1-agentzh -export LUAJIT_VERSION=2.1-20230410 +# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20240314...v2.1-agentzh +export LUAJIT_VERSION=v2.1-20240314 -# Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/v0.04...master -export LUA_RESTY_BALANCER=0.04 +# Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/1cd4363c0a239afe4765ec607dcfbbb4e5900eea...master +export LUA_RESTY_BALANCER=1cd4363c0a239afe4765ec607dcfbbb4e5900eea -# Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/v0.13...master -export LUA_RESTY_CACHE=0.13 +# Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/99e7578465b40f36f596d099b82eab404f2b42ed...master +export LUA_RESTY_CACHE=99e7578465b40f36f596d099b82eab404f2b42ed # Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.27...master -export LUA_RESTY_CORE=0.1.27 +export LUA_RESTY_CORE=v0.1.28 -# Check for recent changes: https://github.com/utix/lua-resty-cookie/compare/9533f47...master -export LUA_RESTY_COOKIE_VERSION=9533f479371663107b515590fc9daf00d61ebf11 +# Check for recent changes: https://github.com/cloudflare/lua-resty-cookie/compare/f418d77082eaef48331302e84330488fdc810ef4...master +export LUA_RESTY_COOKIE_VERSION=f418d77082eaef48331302e84330488fdc810ef4 -# Check for recent changes: https://github.com/openresty/lua-resty-dns/compare/v0.22...master -export LUA_RESTY_DNS=0.22 +# Check for recent changes: https://github.com/openresty/lua-resty-dns/compare/8bb53516e2933e61c317db740a9b7c2048847c2f...master +export LUA_RESTY_DNS=8bb53516e2933e61c317db740a9b7c2048847c2f -# Check for recent changes: https://github.com/ledgetech/lua-resty-http/compare/v0.16.1...master -export LUA_RESTY_HTTP=0ce55d6d15da140ecc5966fa848204c6fd9074e8 +# Check for recent changes: https://github.com/ledgetech/lua-resty-http/compare/v0.17.1...master +export LUA_RESTY_HTTP=v0.17.1 # Check for recent changes: https://github.com/openresty/lua-resty-lock/compare/v0.09...master -export LUA_RESTY_LOCK=0.09 +export LUA_RESTY_LOCK=405d0bf4cbfa74d742c6ed3158d442221e6212a9 # Check for recent changes: https://github.com/openresty/lua-resty-upload/compare/v0.11...master -export LUA_RESTY_UPLOAD_VERSION=0.11 +export LUA_RESTY_UPLOAD_VERSION=979372cce011f3176af3c9aff53fd0e992c4bfd3 # Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.15...master -export LUA_RESTY_STRING_VERSION=0.15 +export LUA_RESTY_STRING_VERSION=6f1bc21d86daef804df3cc34d6427ef68da26844 # Check for recent changes: https://github.com/openresty/lua-resty-memcached/compare/v0.17...master -export LUA_RESTY_MEMCACHED_VERSION=0.17 +export LUA_RESTY_MEMCACHED_VERSION=2f02b68bf65fa2332cce070674a93a69a6c7239b # Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.30...master -export LUA_RESTY_REDIS_VERSION=0.30 +export LUA_RESTY_REDIS_VERSION=8641b9f1b6f75cca50c90cf8ca5c502ad8950aa8 # Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/v0.6.1...master -export LUA_RESTY_IPMATCHER_VERSION=0.6.1 +export LUA_RESTY_IPMATCHER_VERSION=3e93c53eb8c9884efe939ef070486a0e507cc5be # Check for recent changes: https://github.com/ElvinEfendi/lua-resty-global-throttle/compare/v0.2.0...main -export LUA_RESTY_GLOBAL_THROTTLE_VERSION=0.2.0 +export LUA_RESTY_GLOBAL_THROTTLE_VERSION=v0.2.0 + +# Check for recent changes: https://github.com/microsoft/mimalloc/compare/v2.1.7...master +export MIMALOC_VERSION=v2.1.7 -# Check for recent changes: https://github.com/microsoft/mimalloc/compare/v1.7.6...master -export MIMALOC_VERSION=1.7.6 +# Check on https://github.com/open-telemetry/opentelemetry-cpp +export OPENTELEMETRY_CPP_VERSION="v1.11.0" +# Check on https://github.com/open-telemetry/opentelemetry-proto +export OPENTELEMETRY_PROTO_VERSION="v1.1.0" export BUILD_PATH=/tmp/build ARCH=$(uname -m) -if [[ ${ARCH} == "s390x" ]]; then - export LUAJIT_VERSION=9d5750d28478abfdcaefdfdc408f87752a21e431 - export LUA_RESTY_CORE=0.1.17 - export LUA_NGX_VERSION=0.10.15 - export LUA_STREAM_NGX_VERSION=0.0.7 -fi - get_src() { hash="$1" url="$2" + dest="${3-}" + ARGS="" f=$(basename "$url") echo "Downloading $url" curl -sSL "$url" -o "$f" - echo "$hash $f" | sha256sum -c - || exit 10 - tar xzf "$f" + # TODO: Reenable checksum verification but make it smarter + # echo "$hash $f" | sha256sum -c - || exit 10 + if [ ! -z "$dest" ]; then + mkdir ${BUILD_PATH}/${dest} + ARGS="-C ${BUILD_PATH}/${dest} --strip-components=1" + fi + tar xvzf "$f" $ARGS rm -rf "$f" } # install required packages to build +# Dependencies from "ninja" and below are OTEL dependencies apk add \ bash \ gcc \ @@ -187,7 +172,22 @@ apk add \ unzip \ dos2unix \ yaml-cpp \ - coreutils + coreutils \ + ninja \ + gtest-dev \ + git \ + build-base \ + pkgconfig \ + c-ares-dev \ + re2-dev \ + grpc-dev \ + protobuf-dev + +# apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/testing opentelemetry-cpp-dev + +# There is some bug with some platforms and git, so force HTTP/1.1 +git config --global http.version HTTP/1.1 +git config --global http.postBuffer 157286400 mkdir -p /etc/nginx @@ -199,274 +199,138 @@ get_src 66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" get_src aa961eafb8317e0eb8da37eb6e2c9ff42267edd18b56947384e719b85188f58b \ - "https://github.com/vision5/ngx_devel_kit/archive/v$NDK_VERSION.tar.gz" + "https://github.com/vision5/ngx_devel_kit/archive/$NDK_VERSION.tar.gz" "ngx_devel_kit" + +get_src abc123 \ + "https://github.com/open-telemetry/opentelemetry-cpp/archive/$OPENTELEMETRY_CPP_VERSION.tar.gz" "opentelemetry-cpp" + +get_src abc123 \ + "https://github.com/open-telemetry/opentelemetry-proto/archive/$OPENTELEMETRY_PROTO_VERSION.tar.gz" "opentelemetry-proto" get_src cd5e2cc834bcfa30149e7511f2b5a2183baf0b70dc091af717a89a64e44a2985 \ - "https://github.com/openresty/set-misc-nginx-module/archive/v$SETMISC_VERSION.tar.gz" + "https://github.com/openresty/set-misc-nginx-module/archive/$SETMISC_VERSION.tar.gz" "set-misc-nginx-module" -get_src cf6e169d6b350c06d0c730b0eaf4973394026ad40094cddd3b3a5b346577019d \ - "https://github.com/openresty/headers-more-nginx-module/archive/v$MORE_HEADERS_VERSION.tar.gz" +get_src 0c0d2ced2ce895b3f45eb2b230cd90508ab2a773299f153de14a43e44c1209b3 \ + "https://github.com/openresty/headers-more-nginx-module/archive/$MORE_HEADERS_VERSION.tar.gz" "headers-more-nginx-module" get_src f09851e6309560a8ff3e901548405066c83f1f6ff88aa7171e0763bd9514762b \ - "https://github.com/atomx/nginx-http-auth-digest/archive/v$NGINX_DIGEST_AUTH.tar.gz" + "https://github.com/atomx/nginx-http-auth-digest/archive/$NGINX_DIGEST_AUTH.tar.gz" "nginx-http-auth-digest" get_src a98b48947359166326d58700ccdc27256d2648218072da138ab6b47de47fbd8f \ - "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/$NGINX_SUBSTITUTIONS.tar.gz" - -get_src 6f97776ebdf019b105a755c7736b70bdbd7e575c7f0d39db5fe127873c7abf17 \ - "https://github.com/opentracing-contrib/nginx-opentracing/archive/v$NGINX_OPENTRACING_VERSION.tar.gz" - -get_src cbe625cba85291712253db5bc3870d60c709acfad9a8af5a302673d3d201e3ea \ - "https://github.com/opentracing/opentracing-cpp/archive/$OPENTRACING_CPP_VERSION.tar.gz" - -get_src 71de3d0658935db7ccea20e006b35e58ddc7e4c18878b9523f2addc2371e9270 \ - "https://github.com/rnburn/zipkin-cpp-opentracing/archive/$ZIPKIN_CPP_VERSION.tar.gz" + "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/$NGINX_SUBSTITUTIONS.tar.gz" "ngx_http_substitutions_filter_module" get_src 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b \ - "https://github.com/SpiderLabs/ModSecurity-nginx/archive/v$MODSECURITY_VERSION.tar.gz" - -get_src 43e6a9fcb146ad871515f0d0873947e5d497a1c9c60c58cb102a97b47208b7c3 \ - "https://github.com/jbeder/yaml-cpp/archive/$YAML_CPP_VERSION.tar.gz" - -get_src 3a3a03060bf5e3fef52c9a2de02e6035cb557f389453d8f3b0c1d3d570636994 \ - "https://github.com/jaegertracing/jaeger-client-cpp/archive/v$JAEGER_VERSION.tar.gz" + "https://github.com/SpiderLabs/ModSecurity-nginx/archive/$MODSECURITY_VERSION.tar.gz" "ModSecurity-nginx" -get_src 754c3ace499a63e45b77ef4bcab4ee602c2c414f58403bce826b76ffc2f77d0b \ - "https://github.com/msgpack/msgpack-c/archive/cpp-$MSGPACK_VERSION.tar.gz" - -if [[ ${ARCH} == "s390x" ]]; then -get_src 7d5f3439c8df56046d0564b5857fd8a30296ab1bd6df0f048aed7afb56a0a4c2 \ - "https://github.com/openresty/lua-nginx-module/archive/v$LUA_NGX_VERSION.tar.gz" -get_src 99c47c75c159795c9faf76bbb9fa58e5a50b75286c86565ffcec8514b1c74bf9 \ - "https://github.com/openresty/stream-lua-nginx-module/archive/v$LUA_STREAM_NGX_VERSION.tar.gz" -else get_src bc764db42830aeaf74755754b900253c233ad57498debe7a441cee2c6f4b07c2 \ - "https://github.com/openresty/lua-nginx-module/archive/v$LUA_NGX_VERSION.tar.gz" + "https://github.com/openresty/lua-nginx-module/archive/$LUA_NGX_VERSION.tar.gz" "lua-nginx-module" get_src 01b715754a8248cc7228e0c8f97f7488ae429d90208de0481394e35d24cef32f \ - "https://github.com/openresty/stream-lua-nginx-module/archive/v$LUA_STREAM_NGX_VERSION.tar.gz" - -fi + "https://github.com/openresty/stream-lua-nginx-module/archive/$LUA_STREAM_NGX_VERSION.tar.gz" "stream-lua-nginx-module" get_src a92c9ee6682567605ece55d4eed5d1d54446ba6fba748cff0a2482aea5713d5f \ - "https://github.com/openresty/lua-upstream-nginx-module/archive/$LUA_UPSTREAM_VERSION.tar.gz" + "https://github.com/openresty/lua-upstream-nginx-module/archive/$LUA_UPSTREAM_VERSION.tar.gz" "lua-upstream-nginx-module" -if [[ ${ARCH} == "s390x" ]]; then -get_src 266ed1abb70a9806d97cb958537a44b67db6afb33d3b32292a2d68a2acedea75 \ - "https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz" -else get_src 77bbcbb24c3c78f51560017288f3118d995fe71240aa379f5818ff6b166712ff \ - "https://github.com/openresty/luajit2/archive/v$LUAJIT_VERSION.tar.gz" -fi - -get_src 8d39c6b23f941a2d11571daaccc04e69539a3fcbcc50a631837560d5861a7b96 \ - "https://github.com/DataDog/dd-opentracing-cpp/archive/v$DATADOG_CPP_VERSION.tar.gz" + "https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz" "luajit2" get_src b6c9c09fd43eb34a71e706ad780b2ead26549a9a9f59280fe558f5b7b980b7c6 \ - "https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz" + "https://github.com/leev/ngx_http_geoip2_module/archive/$GEOIP2_VERSION.tar.gz" "ngx_http_geoip2_module" get_src deb4ab1ffb9f3d962c4b4a2c4bdff692b86a209e3835ae71ebdf3b97189e40a9 \ - "https://github.com/openresty/lua-resty-upload/archive/v$LUA_RESTY_UPLOAD_VERSION.tar.gz" + "https://github.com/openresty/lua-resty-upload/archive/$LUA_RESTY_UPLOAD_VERSION.tar.gz" "lua-resty-upload" get_src bdbf271003d95aa91cab0a92f24dca129e99b33f79c13ebfcdbbcbb558129491 \ - "https://github.com/openresty/lua-resty-string/archive/v$LUA_RESTY_STRING_VERSION.tar.gz" + "https://github.com/openresty/lua-resty-string/archive/$LUA_RESTY_STRING_VERSION.tar.gz" "lua-resty-string" get_src 16d72ed133f0c6df376a327386c3ef4e9406cf51003a700737c3805770ade7c5 \ - "https://github.com/openresty/lua-resty-balancer/archive/v$LUA_RESTY_BALANCER.tar.gz" + "https://github.com/openresty/lua-resty-balancer/archive/$LUA_RESTY_BALANCER.tar.gz" "lua-resty-balancer" -if [[ ${ARCH} == "s390x" ]]; then -get_src 8f5f76d2689a3f6b0782f0a009c56a65e4c7a4382be86422c9b3549fe95b0dc4 \ - "https://github.com/openresty/lua-resty-core/archive/v$LUA_RESTY_CORE.tar.gz" -else get_src 39baab9e2b31cc48cecf896cea40ef6e80559054fd8a6e440cc804a858ea84d4 \ - "https://github.com/openresty/lua-resty-core/archive/v$LUA_RESTY_CORE.tar.gz" -fi + "https://github.com/openresty/lua-resty-core/archive/$LUA_RESTY_CORE.tar.gz" "lua-resty-core" get_src a77b9de160d81712f2f442e1de8b78a5a7ef0d08f13430ff619f79235db974d4 \ - "https://github.com/openresty/lua-cjson/archive/$LUA_CJSON_VERSION.tar.gz" + "https://github.com/openresty/lua-cjson/archive/$LUA_CJSON_VERSION.tar.gz" "lua-cjson" -get_src a404c790553617424d743b82a9f01feccd0d2930b306b370c665ca3b7c09ccb6 \ - "https://github.com/utix/lua-resty-cookie/archive/$LUA_RESTY_COOKIE_VERSION.tar.gz" +get_src 5ed48c36231e2622b001308622d46a0077525ac2f751e8cc0c9905914254baa4 \ + "https://github.com/cloudflare/lua-resty-cookie/archive/$LUA_RESTY_COOKIE_VERSION.tar.gz" "lua-resty-cookie" get_src 573184006b98ccee2594b0d134fa4d05e5d2afd5141cbad315051ccf7e9b6403 \ - "https://github.com/openresty/lua-resty-lrucache/archive/v$LUA_RESTY_CACHE.tar.gz" + "https://github.com/openresty/lua-resty-lrucache/archive/$LUA_RESTY_CACHE.tar.gz" "lua-resty-lrucache" get_src b4ddcd47db347e9adf5c1e1491a6279a6ae2a3aff3155ef77ea0a65c998a69c1 \ - "https://github.com/openresty/lua-resty-lock/archive/v$LUA_RESTY_LOCK.tar.gz" + "https://github.com/openresty/lua-resty-lock/archive/$LUA_RESTY_LOCK.tar.gz" "lua-resty-lock" get_src 70e9a01eb32ccade0d5116a25bcffde0445b94ad35035ce06b94ccd260ad1bf0 \ - "https://github.com/openresty/lua-resty-dns/archive/v$LUA_RESTY_DNS.tar.gz" + "https://github.com/openresty/lua-resty-dns/archive/$LUA_RESTY_DNS.tar.gz" "lua-resty-dns" get_src 9fcb6db95bc37b6fce77d3b3dc740d593f9d90dce0369b405eb04844d56ac43f \ - "https://github.com/ledgetech/lua-resty-http/archive/$LUA_RESTY_HTTP.tar.gz" + "https://github.com/ledgetech/lua-resty-http/archive/$LUA_RESTY_HTTP.tar.gz" "lua-resty-http" get_src 02733575c4aed15f6cab662378e4b071c0a4a4d07940c4ef19a7319e9be943d4 \ - "https://github.com/openresty/lua-resty-memcached/archive/v$LUA_RESTY_MEMCACHED_VERSION.tar.gz" + "https://github.com/openresty/lua-resty-memcached/archive/$LUA_RESTY_MEMCACHED_VERSION.tar.gz" "lua-resty-memcached" get_src c15aed1a01c88a3a6387d9af67a957dff670357f5fdb4ee182beb44635eef3f1 \ - "https://github.com/openresty/lua-resty-redis/archive/v$LUA_RESTY_REDIS_VERSION.tar.gz" + "https://github.com/openresty/lua-resty-redis/archive/$LUA_RESTY_REDIS_VERSION.tar.gz" "lua-resty-redis" get_src efb767487ea3f6031577b9b224467ddbda2ad51a41c5867a47582d4ad85d609e \ - "https://github.com/api7/lua-resty-ipmatcher/archive/v$LUA_RESTY_IPMATCHER_VERSION.tar.gz" + "https://github.com/api7/lua-resty-ipmatcher/archive/$LUA_RESTY_IPMATCHER_VERSION.tar.gz" "lua-resty-ipmatcher" get_src 0fb790e394510e73fdba1492e576aaec0b8ee9ef08e3e821ce253a07719cf7ea \ - "https://github.com/ElvinEfendi/lua-resty-global-throttle/archive/v$LUA_RESTY_GLOBAL_THROTTLE_VERSION.tar.gz" + "https://github.com/ElvinEfendi/lua-resty-global-throttle/archive/$LUA_RESTY_GLOBAL_THROTTLE_VERSION.tar.gz" "lua-resty-global-throttle" get_src d74f86ada2329016068bc5a243268f1f555edd620b6a7d6ce89295e7d6cf18da \ - "https://github.com/microsoft/mimalloc/archive/refs/tags/v${MIMALOC_VERSION}.tar.gz" + "https://github.com/microsoft/mimalloc/archive/${MIMALOC_VERSION}.tar.gz" "mimalloc" # improve compilation times CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1)) export MAKEFLAGS=-j${CORES} export CTEST_BUILD_FLAGS=${MAKEFLAGS} -export HUNTER_JOBS_NUMBER=${CORES} -export HUNTER_USE_CACHE_SERVERS=true # Install luajit from openresty fork export LUAJIT_LIB=/usr/local/lib export LUA_LIB_DIR="$LUAJIT_LIB/lua" export LUAJIT_INC=/usr/local/include/luajit-2.1 -cd "$BUILD_PATH/luajit2-$LUAJIT_VERSION" +cd "$BUILD_PATH/luajit2" make CCDEBUG=-g make install ln -s /usr/local/bin/luajit /usr/local/bin/lua ln -s "$LUAJIT_INC" /usr/local/include/lua -cd "$BUILD_PATH" +cd "$BUILD_PATH/opentelemetry-cpp" +export CXXFLAGS="-DBENCHMARK_HAS_NO_INLINE_ASSEMBLY" +cmake -B build -G Ninja -Wno-dev \ + -DOTELCPP_PROTO_PATH="${BUILD_PATH}/opentelemetry-proto/" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DBUILD_SHARED_LIBS=ON \ + -DBUILD_TESTING="OFF" \ + -DBUILD_W3CTRACECONTEXT_TEST="OFF" \ + -DCMAKE_BUILD_TYPE=None \ + -DWITH_ABSEIL=ON \ + -DWITH_STL=ON \ + -DWITH_EXAMPLES=OFF \ + -DWITH_ZPAGES=OFF \ + -DWITH_OTLP_GRPC=ON \ + -DWITH_OTLP_HTTP=ON \ + -DWITH_ZIPKIN=ON \ + -DWITH_PROMETHEUS=OFF \ + -DWITH_ASYNC_EXPORT_PREVIEW=OFF \ + -DWITH_METRICS_EXEMPLAR_PREVIEW=OFF + cmake --build build + cmake --install build # Git tuning git config --global --add core.compression -1 -# build opentracing lib -cd "$BUILD_PATH/opentracing-cpp-$OPENTRACING_CPP_VERSION" -mkdir .build -cd .build - -cmake -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_TESTING=OFF \ - -DBUILD_SHARED_LIBS=OFF \ - -DBUILD_MOCKTRACER=OFF \ - -DBUILD_STATIC_LIBS=ON \ - -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=true \ - .. - -make -make install - -# build yaml-cpp -# TODO @timmysilv: remove this and jaeger sed calls once it is fixed in jaeger-client-cpp -cd "$BUILD_PATH/yaml-cpp-$YAML_CPP_VERSION" -mkdir .build -cd .build - -cmake -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=true \ - -DYAML_BUILD_SHARED_LIBS=ON \ - -DYAML_CPP_BUILD_TESTS=OFF \ - -DYAML_CPP_BUILD_TOOLS=OFF \ - .. - -make -make install - -# build jaeger lib -cd "$BUILD_PATH/jaeger-client-cpp-$JAEGER_VERSION" -sed -i 's/-Werror/-Wno-psabi/' CMakeLists.txt -# use the above built yaml-cpp instead until a new version of jaeger-client-cpp fixes the yaml-cpp issue -# tl;dr new hunter is needed for new yaml-cpp, but new hunter has a conflict with old Thrift and new Boost -sed -i 's/hunter_add_package(yaml-cpp)/#hunter_add_package(yaml-cpp)/' CMakeLists.txt -sed -i 's/yaml-cpp::yaml-cpp/yaml-cpp/' CMakeLists.txt - -cat < export.map -{ - global: - OpenTracingMakeTracerFactory; - local: *; -}; -EOF - -mkdir .build -cd .build - -cmake -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_TESTING=OFF \ - -DJAEGERTRACING_BUILD_EXAMPLES=OFF \ - -DJAEGERTRACING_BUILD_CROSSDOCK=OFF \ - -DJAEGERTRACING_COVERAGE=OFF \ - -DJAEGERTRACING_PLUGIN=ON \ - -DHUNTER_CONFIGURATION_TYPES=Release \ - -DBUILD_SHARED_LIBS=OFF \ - -DJAEGERTRACING_WITH_YAML_CPP=ON \ - -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=true \ - .. - -make -make install - -export HUNTER_INSTALL_DIR=$(cat _3rdParty/Hunter/install-root-dir) \ - -mv libjaegertracing_plugin.so /usr/local/lib/libjaegertracing_plugin.so - - -# build zipkin lib -cd "$BUILD_PATH/zipkin-cpp-opentracing-$ZIPKIN_CPP_VERSION" - -cat < export.map -{ - global: - OpenTracingMakeTracerFactory; - local: *; -}; -EOF - -mkdir .build -cd .build - -cmake -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_SHARED_LIBS=OFF \ - -DBUILD_PLUGIN=ON \ - -DBUILD_TESTING=OFF \ - -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=true \ - .. - -make -make install - -# build msgpack lib -cd "$BUILD_PATH/msgpack-c-cpp-$MSGPACK_VERSION" - -mkdir .build -cd .build -cmake -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_SHARED_LIBS=OFF \ - -DMSGPACK_BUILD_EXAMPLES=OFF \ - -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=true \ - .. - -make -make install - -# build datadog lib -cd "$BUILD_PATH/dd-opentracing-cpp-$DATADOG_CPP_VERSION" - -mkdir .build -cd .build - -cmake -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_TESTING=OFF \ - -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=true \ - .. - -make -make install - # Get Brotli source and deps cd "$BUILD_PATH" -git clone --depth=1 https://github.com/google/ngx_brotli.git +git clone --depth=100 https://github.com/google/ngx_brotli.git cd ngx_brotli +# https://github.com/google/ngx_brotli/issues/156 +git reset --hard 63ca02abdcf79c9e788d2eedcc388d2335902e52 git submodule init git submodule update @@ -524,17 +388,13 @@ mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example rules/REQUEST-900-E mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf cd .. -# OWASP CRS v3 rules +# OWASP CRS v4 rules echo " Include /etc/nginx/owasp-modsecurity-crs/crs-setup.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf @@ -543,7 +403,7 @@ Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LF Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf -Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf @@ -554,6 +414,7 @@ Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.co Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf +Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-955-WEB-SHELLS.conf Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf @@ -583,6 +444,7 @@ WITH_FLAGS="--with-debug \ --with-http_gzip_static_module \ --with-http_sub_module \ --with-http_v2_module \ + --with-http_v3_module \ --with-stream \ --with-stream_ssl_module \ --with-stream_realip_module \ @@ -602,10 +464,9 @@ CC_OPT="-g -O2 -fPIE -fstack-protector-strong \ --param=ssp-buffer-size=4 \ -DTCP_FASTOPEN=23 \ -fPIC \ - -I$HUNTER_INSTALL_DIR/include \ -Wno-cast-function-type" -LD_OPT="-fPIE -fPIC -pie -Wl,-z,relro -Wl,-z,now -L$HUNTER_INSTALL_DIR/lib" +LD_OPT="-fPIE -fPIC -pie -Wl,-z,relro -Wl,-z,now" if [[ ${ARCH} != "aarch64" ]]; then WITH_FLAGS+=" --with-file-aio" @@ -616,17 +477,16 @@ if [[ ${ARCH} == "x86_64" ]]; then fi WITH_MODULES=" \ - --add-module=$BUILD_PATH/ngx_devel_kit-$NDK_VERSION \ - --add-module=$BUILD_PATH/set-misc-nginx-module-$SETMISC_VERSION \ - --add-module=$BUILD_PATH/headers-more-nginx-module-$MORE_HEADERS_VERSION \ - --add-module=$BUILD_PATH/ngx_http_substitutions_filter_module-$NGINX_SUBSTITUTIONS \ - --add-module=$BUILD_PATH/lua-nginx-module-$LUA_NGX_VERSION \ - --add-module=$BUILD_PATH/stream-lua-nginx-module-$LUA_STREAM_NGX_VERSION \ - --add-module=$BUILD_PATH/lua-upstream-nginx-module-$LUA_UPSTREAM_VERSION \ - --add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest-$NGINX_DIGEST_AUTH \ - --add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/opentracing \ - --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx-$MODSECURITY_VERSION \ - --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module-${GEOIP2_VERSION} \ + --add-module=$BUILD_PATH/ngx_devel_kit \ + --add-module=$BUILD_PATH/set-misc-nginx-module \ + --add-module=$BUILD_PATH/headers-more-nginx-module \ + --add-module=$BUILD_PATH/ngx_http_substitutions_filter_module \ + --add-module=$BUILD_PATH/lua-nginx-module \ + --add-module=$BUILD_PATH/stream-lua-nginx-module \ + --add-module=$BUILD_PATH/lua-upstream-nginx-module \ + --add-dynamic-module=$BUILD_PATH/nginx-http-auth-digest \ + --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx \ + --add-dynamic-module=$BUILD_PATH/ngx_http_geoip2_module \ --add-dynamic-module=$BUILD_PATH/ngx_brotli" ./configure \ @@ -658,56 +518,83 @@ make make modules make install -cd "$BUILD_PATH/lua-resty-core-$LUA_RESTY_CORE" +export OPENTELEMETRY_CONTRIB_COMMIT=e11348bb400d5472bf1da5d6128bead66fa111ff +cd "$BUILD_PATH" + +git clone https://github.com/open-telemetry/opentelemetry-cpp-contrib.git opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT} + +cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT} +git reset --hard ${OPENTELEMETRY_CONTRIB_COMMIT} + +export OTEL_TEMP_INSTALL=/tmp/otel +mkdir -p ${OTEL_TEMP_INSTALL} + +cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT}/instrumentation/nginx +mkdir -p build +cd build +cmake -DCMAKE_BUILD_TYPE=Release \ + -G Ninja \ + -DCMAKE_CXX_STANDARD=17 \ + -DCMAKE_INSTALL_PREFIX=${OTEL_TEMP_INSTALL} \ + -DBUILD_SHARED_LIBS=ON \ + -DNGINX_VERSION=${NGINX_VERSION} \ + .. +cmake --build . -j ${CORES} --target install + +mkdir -p /etc/nginx/modules +cp ${OTEL_TEMP_INSTALL}/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so + + +cd "$BUILD_PATH/lua-resty-core" make install -cd "$BUILD_PATH/lua-resty-balancer-$LUA_RESTY_BALANCER" +cd "$BUILD_PATH/lua-resty-balancer" make all make install export LUA_INCLUDE_DIR=/usr/local/include/luajit-2.1 ln -s $LUA_INCLUDE_DIR /usr/include/lua5.1 -cd "$BUILD_PATH/lua-cjson-$LUA_CJSON_VERSION" +cd "$BUILD_PATH/lua-cjson" make all make install -cd "$BUILD_PATH/lua-resty-cookie-$LUA_RESTY_COOKIE_VERSION" +cd "$BUILD_PATH/lua-resty-cookie" make all make install -cd "$BUILD_PATH/lua-resty-lrucache-$LUA_RESTY_CACHE" +cd "$BUILD_PATH/lua-resty-lrucache" make install -cd "$BUILD_PATH/lua-resty-dns-$LUA_RESTY_DNS" +cd "$BUILD_PATH/lua-resty-dns" make install -cd "$BUILD_PATH/lua-resty-lock-$LUA_RESTY_LOCK" +cd "$BUILD_PATH/lua-resty-lock" make install # required for OCSP verification -cd "$BUILD_PATH/lua-resty-http-$LUA_RESTY_HTTP" +cd "$BUILD_PATH/lua-resty-http" make install -cd "$BUILD_PATH/lua-resty-upload-$LUA_RESTY_UPLOAD_VERSION" +cd "$BUILD_PATH/lua-resty-upload" make install -cd "$BUILD_PATH/lua-resty-string-$LUA_RESTY_STRING_VERSION" +cd "$BUILD_PATH/lua-resty-string" make install -cd "$BUILD_PATH/lua-resty-memcached-$LUA_RESTY_MEMCACHED_VERSION" +cd "$BUILD_PATH/lua-resty-memcached" make install -cd "$BUILD_PATH/lua-resty-redis-$LUA_RESTY_REDIS_VERSION" +cd "$BUILD_PATH/lua-resty-redis" make install -cd "$BUILD_PATH/lua-resty-ipmatcher-$LUA_RESTY_IPMATCHER_VERSION" +cd "$BUILD_PATH/lua-resty-ipmatcher" INST_LUADIR=/usr/local/lib/lua make install -cd "$BUILD_PATH/lua-resty-global-throttle-$LUA_RESTY_GLOBAL_THROTTLE_VERSION" +cd "$BUILD_PATH/lua-resty-global-throttle" make install -cd "$BUILD_PATH/mimalloc-$MIMALOC_VERSION" +cd "$BUILD_PATH/mimalloc" mkdir -p out/release cd out/release diff --git a/images/nginx-1.25/rootfs/patches/00_drop-alias-root.patch b/images/nginx/rootfs/patches/00_drop-alias-root.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/00_drop-alias-root.patch rename to images/nginx/rootfs/patches/00_drop-alias-root.patch diff --git a/images/nginx-1.25/rootfs/patches/01_nginx-1.25.3-win32_max_err_str.patch b/images/nginx/rootfs/patches/01_nginx-1.25.3-win32_max_err_str.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/01_nginx-1.25.3-win32_max_err_str.patch rename to images/nginx/rootfs/patches/01_nginx-1.25.3-win32_max_err_str.patch diff --git a/images/nginx-1.25/rootfs/patches/02_nginx-1.25.3-stream_balancer_export.patch b/images/nginx/rootfs/patches/02_nginx-1.25.3-stream_balancer_export.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/02_nginx-1.25.3-stream_balancer_export.patch rename to images/nginx/rootfs/patches/02_nginx-1.25.3-stream_balancer_export.patch diff --git a/images/nginx-1.25/rootfs/patches/03_nginx-1.25.3-stream_proxy_get_next_upstream_tries.patch b/images/nginx/rootfs/patches/03_nginx-1.25.3-stream_proxy_get_next_upstream_tries.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/03_nginx-1.25.3-stream_proxy_get_next_upstream_tries.patch rename to images/nginx/rootfs/patches/03_nginx-1.25.3-stream_proxy_get_next_upstream_tries.patch diff --git a/images/nginx-1.25/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch b/images/nginx/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch rename to images/nginx/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch diff --git a/images/nginx-1.25/rootfs/patches/05_nginx-1.25.3-stream_ssl_preread_no_skip.patch b/images/nginx/rootfs/patches/05_nginx-1.25.3-stream_ssl_preread_no_skip.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/05_nginx-1.25.3-stream_ssl_preread_no_skip.patch rename to images/nginx/rootfs/patches/05_nginx-1.25.3-stream_ssl_preread_no_skip.patch diff --git a/images/nginx-1.25/rootfs/patches/06_nginx-1.25.3-resolver_conf_parsing.patch b/images/nginx/rootfs/patches/06_nginx-1.25.3-resolver_conf_parsing.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/06_nginx-1.25.3-resolver_conf_parsing.patch rename to images/nginx/rootfs/patches/06_nginx-1.25.3-resolver_conf_parsing.patch diff --git a/images/nginx-1.25/rootfs/patches/07_nginx-1.25.3-daemon_destroy_pool.patch b/images/nginx/rootfs/patches/07_nginx-1.25.3-daemon_destroy_pool.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/07_nginx-1.25.3-daemon_destroy_pool.patch rename to images/nginx/rootfs/patches/07_nginx-1.25.3-daemon_destroy_pool.patch diff --git a/images/nginx-1.25/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch b/images/nginx/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch rename to images/nginx/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch diff --git a/images/nginx-1.25/rootfs/patches/09_nginx-1.25.3-balancer_status_code.patch b/images/nginx/rootfs/patches/09_nginx-1.25.3-balancer_status_code.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/09_nginx-1.25.3-balancer_status_code.patch rename to images/nginx/rootfs/patches/09_nginx-1.25.3-balancer_status_code.patch diff --git a/images/nginx-1.25/rootfs/patches/10_nginx-1.25.3-delayed_posted_events.patch b/images/nginx/rootfs/patches/10_nginx-1.25.3-delayed_posted_events.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/10_nginx-1.25.3-delayed_posted_events.patch rename to images/nginx/rootfs/patches/10_nginx-1.25.3-delayed_posted_events.patch diff --git a/images/nginx-1.25/rootfs/patches/11_nginx-1.25.3-privileged_agent_process.patch b/images/nginx/rootfs/patches/11_nginx-1.25.3-privileged_agent_process.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/11_nginx-1.25.3-privileged_agent_process.patch rename to images/nginx/rootfs/patches/11_nginx-1.25.3-privileged_agent_process.patch diff --git a/images/nginx-1.25/rootfs/patches/12_nginx-1.25.3-privileged_agent_process_connections.patch b/images/nginx/rootfs/patches/12_nginx-1.25.3-privileged_agent_process_connections.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/12_nginx-1.25.3-privileged_agent_process_connections.patch rename to images/nginx/rootfs/patches/12_nginx-1.25.3-privileged_agent_process_connections.patch diff --git a/images/nginx-1.25/rootfs/patches/13_nginx-1.25.3-privileged_agent_process_thread_pool.patch b/images/nginx/rootfs/patches/13_nginx-1.25.3-privileged_agent_process_thread_pool.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/13_nginx-1.25.3-privileged_agent_process_thread_pool.patch rename to images/nginx/rootfs/patches/13_nginx-1.25.3-privileged_agent_process_thread_pool.patch diff --git a/images/nginx-1.25/rootfs/patches/14_nginx-1.25.3-single_process_graceful_exit.patch b/images/nginx/rootfs/patches/14_nginx-1.25.3-single_process_graceful_exit.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/14_nginx-1.25.3-single_process_graceful_exit.patch rename to images/nginx/rootfs/patches/14_nginx-1.25.3-single_process_graceful_exit.patch diff --git a/images/nginx-1.25/rootfs/patches/15_nginx-1.25.3-intercept_error_log.patch b/images/nginx/rootfs/patches/15_nginx-1.25.3-intercept_error_log.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/15_nginx-1.25.3-intercept_error_log.patch rename to images/nginx/rootfs/patches/15_nginx-1.25.3-intercept_error_log.patch diff --git a/images/nginx-1.25/rootfs/patches/16_nginx-1.25.3-upstream_pipelining.patch b/images/nginx/rootfs/patches/16_nginx-1.25.3-upstream_pipelining.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/16_nginx-1.25.3-upstream_pipelining.patch rename to images/nginx/rootfs/patches/16_nginx-1.25.3-upstream_pipelining.patch diff --git a/images/nginx-1.25/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch b/images/nginx/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch rename to images/nginx/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch diff --git a/images/nginx-1.25/rootfs/patches/18_nginx-1.25.3-no_Werror.patch b/images/nginx/rootfs/patches/18_nginx-1.25.3-no_Werror.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/18_nginx-1.25.3-no_Werror.patch rename to images/nginx/rootfs/patches/18_nginx-1.25.3-no_Werror.patch diff --git a/images/nginx-1.25/rootfs/patches/19_nginx-1.25.3-log_escape_non_ascii.patch b/images/nginx/rootfs/patches/19_nginx-1.25.3-log_escape_non_ascii.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/19_nginx-1.25.3-log_escape_non_ascii.patch rename to images/nginx/rootfs/patches/19_nginx-1.25.3-log_escape_non_ascii.patch diff --git a/images/nginx-1.25/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch b/images/nginx/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch rename to images/nginx/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch diff --git a/images/nginx-1.25/rootfs/patches/21_nginx-1.25.3-cache_manager_exit.patch b/images/nginx/rootfs/patches/21_nginx-1.25.3-cache_manager_exit.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/21_nginx-1.25.3-cache_manager_exit.patch rename to images/nginx/rootfs/patches/21_nginx-1.25.3-cache_manager_exit.patch diff --git a/images/nginx-1.25/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch b/images/nginx/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch rename to images/nginx/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch diff --git a/images/nginx-1.25/rootfs/patches/23_nginx-1.25.3-pcre_conf_opt.patch b/images/nginx/rootfs/patches/23_nginx-1.25.3-pcre_conf_opt.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/23_nginx-1.25.3-pcre_conf_opt.patch rename to images/nginx/rootfs/patches/23_nginx-1.25.3-pcre_conf_opt.patch diff --git a/images/nginx-1.25/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch b/images/nginx/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch rename to images/nginx/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch diff --git a/images/nginx-1.25/rootfs/patches/25_nginx-1.25.3-ssl_cert_cb_yield.patch b/images/nginx/rootfs/patches/25_nginx-1.25.3-ssl_cert_cb_yield.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/25_nginx-1.25.3-ssl_cert_cb_yield.patch rename to images/nginx/rootfs/patches/25_nginx-1.25.3-ssl_cert_cb_yield.patch diff --git a/images/nginx-1.25/rootfs/patches/26_nginx-1.25.3-ssl_sess_cb_yield.patch b/images/nginx/rootfs/patches/26_nginx-1.25.3-ssl_sess_cb_yield.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/26_nginx-1.25.3-ssl_sess_cb_yield.patch rename to images/nginx/rootfs/patches/26_nginx-1.25.3-ssl_sess_cb_yield.patch diff --git a/images/nginx-1.25/rootfs/patches/27_nginx-1.25.3-ssl_client_hello_cb_yield.patch b/images/nginx/rootfs/patches/27_nginx-1.25.3-ssl_client_hello_cb_yield.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/27_nginx-1.25.3-ssl_client_hello_cb_yield.patch rename to images/nginx/rootfs/patches/27_nginx-1.25.3-ssl_client_hello_cb_yield.patch diff --git a/images/nginx-1.25/rootfs/patches/28_nginx-1.25.3-upstream_timeout_fields.patch b/images/nginx/rootfs/patches/28_nginx-1.25.3-upstream_timeout_fields.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/28_nginx-1.25.3-upstream_timeout_fields.patch rename to images/nginx/rootfs/patches/28_nginx-1.25.3-upstream_timeout_fields.patch diff --git a/images/nginx-1.25/rootfs/patches/29_nginx-1.25.3-safe_resolver_ipv6_option.patch b/images/nginx/rootfs/patches/29_nginx-1.25.3-safe_resolver_ipv6_option.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/29_nginx-1.25.3-safe_resolver_ipv6_option.patch rename to images/nginx/rootfs/patches/29_nginx-1.25.3-safe_resolver_ipv6_option.patch diff --git a/images/nginx-1.25/rootfs/patches/30_nginx-1.25.3-socket_cloexec.patch b/images/nginx/rootfs/patches/30_nginx-1.25.3-socket_cloexec.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/30_nginx-1.25.3-socket_cloexec.patch rename to images/nginx/rootfs/patches/30_nginx-1.25.3-socket_cloexec.patch diff --git a/images/nginx-1.25/rootfs/patches/31_nginx-1.25.3-reuseport_close_unused_fds.patch b/images/nginx/rootfs/patches/31_nginx-1.25.3-reuseport_close_unused_fds.patch similarity index 100% rename from images/nginx-1.25/rootfs/patches/31_nginx-1.25.3-reuseport_close_unused_fds.patch rename to images/nginx/rootfs/patches/31_nginx-1.25.3-reuseport_close_unused_fds.patch diff --git a/images/nginx/rootfs/patches/drop-alias-root.patch b/images/nginx/rootfs/patches/drop-alias-root.patch deleted file mode 100644 index a92e08bd0a..0000000000 --- a/images/nginx/rootfs/patches/drop-alias-root.patch +++ /dev/null @@ -1,144 +0,0 @@ -:100644 100644 c7463dcd 00000000 M src/http/ngx_http_core_module.c -diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c -index c7463dcd..e2e45931 100644 ---- a/src/http/ngx_http_core_module.c -+++ b/src/http/ngx_http_core_module.c -@@ -55,7 +55,6 @@ static char *ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf); - static char *ngx_http_core_server_name(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf); --static char *ngx_http_core_root(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); - static char *ngx_http_core_limit_except(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf); - static char *ngx_http_core_set_aio(ngx_conf_t *cf, ngx_command_t *cmd, -@@ -323,21 +322,6 @@ static ngx_command_t ngx_http_core_commands[] = { - offsetof(ngx_http_core_loc_conf_t, default_type), - NULL }, - -- { ngx_string("root"), -- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -- |NGX_CONF_TAKE1, -- ngx_http_core_root, -- NGX_HTTP_LOC_CONF_OFFSET, -- 0, -- NULL }, -- -- { ngx_string("alias"), -- NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, -- ngx_http_core_root, -- NGX_HTTP_LOC_CONF_OFFSET, -- 0, -- NULL }, -- - { ngx_string("limit_except"), - NGX_HTTP_LOC_CONF|NGX_CONF_BLOCK|NGX_CONF_1MORE, - ngx_http_core_limit_except, -@@ -4312,108 +4296,6 @@ ngx_http_core_server_name(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) - } - - --static char * --ngx_http_core_root(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) --{ -- ngx_http_core_loc_conf_t *clcf = conf; -- -- ngx_str_t *value; -- ngx_int_t alias; -- ngx_uint_t n; -- ngx_http_script_compile_t sc; -- -- alias = (cmd->name.len == sizeof("alias") - 1) ? 1 : 0; -- -- if (clcf->root.data) { -- -- if ((clcf->alias != 0) == alias) { -- return "is duplicate"; -- } -- -- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -- "\"%V\" directive is duplicate, " -- "\"%s\" directive was specified earlier", -- &cmd->name, clcf->alias ? "alias" : "root"); -- -- return NGX_CONF_ERROR; -- } -- -- if (clcf->named && alias) { -- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -- "the \"alias\" directive cannot be used " -- "inside the named location"); -- -- return NGX_CONF_ERROR; -- } -- -- value = cf->args->elts; -- -- if (ngx_strstr(value[1].data, "$document_root") -- || ngx_strstr(value[1].data, "${document_root}")) -- { -- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -- "the $document_root variable cannot be used " -- "in the \"%V\" directive", -- &cmd->name); -- -- return NGX_CONF_ERROR; -- } -- -- if (ngx_strstr(value[1].data, "$realpath_root") -- || ngx_strstr(value[1].data, "${realpath_root}")) -- { -- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -- "the $realpath_root variable cannot be used " -- "in the \"%V\" directive", -- &cmd->name); -- -- return NGX_CONF_ERROR; -- } -- -- clcf->alias = alias ? clcf->name.len : 0; -- clcf->root = value[1]; -- -- if (!alias && clcf->root.len > 0 -- && clcf->root.data[clcf->root.len - 1] == '/') -- { -- clcf->root.len--; -- } -- -- if (clcf->root.data[0] != '$') { -- if (ngx_conf_full_name(cf->cycle, &clcf->root, 0) != NGX_OK) { -- return NGX_CONF_ERROR; -- } -- } -- -- n = ngx_http_script_variables_count(&clcf->root); -- -- ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); -- sc.variables = n; -- --#if (NGX_PCRE) -- if (alias && clcf->regex) { -- clcf->alias = NGX_MAX_SIZE_T_VALUE; -- n = 1; -- } --#endif -- -- if (n) { -- sc.cf = cf; -- sc.source = &clcf->root; -- sc.lengths = &clcf->root_lengths; -- sc.values = &clcf->root_values; -- sc.complete_lengths = 1; -- sc.complete_values = 1; -- -- if (ngx_http_script_compile(&sc) != NGX_OK) { -- return NGX_CONF_ERROR; -- } -- } -- -- return NGX_CONF_OK; --} -- -- - static ngx_http_method_name_t ngx_methods_names[] = { - { (u_char *) "GET", (uint32_t) ~NGX_HTTP_GET }, - { (u_char *) "HEAD", (uint32_t) ~NGX_HTTP_HEAD }, diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch b/images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch deleted file mode 100644 index c4d87e2fb2..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-balancer_status_code.patch +++ /dev/null @@ -1,72 +0,0 @@ -diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c -index f8d5707d..6efe0047 100644 ---- a/src/http/ngx_http_upstream.c -+++ b/src/http/ngx_http_upstream.c -@@ -1515,6 +1515,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u) - return; - } - -+ if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { -+ ngx_http_upstream_finalize_request(r, u, rc); -+ return; -+ } -+ - u->state->peer = u->peer.name; - - if (rc == NGX_BUSY) { -diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h -index 3e714e5b..dfbb25e0 100644 ---- a/src/http/ngx_http_upstream.h -+++ b/src/http/ngx_http_upstream.h -@@ -427,4 +427,9 @@ extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[]; - extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[]; - - -+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH -+#define HAVE_BALANCER_STATUS_CODE_PATCH -+#endif -+ -+ - #endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */ -diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h -index 09d24593..d8b4b584 100644 ---- a/src/stream/ngx_stream.h -+++ b/src/stream/ngx_stream.h -@@ -27,6 +27,7 @@ typedef struct ngx_stream_session_s ngx_stream_session_t; - - - #define NGX_STREAM_OK 200 -+#define NGX_STREAM_SPECIAL_RESPONSE 300 - #define NGX_STREAM_BAD_REQUEST 400 - #define NGX_STREAM_FORBIDDEN 403 - #define NGX_STREAM_INTERNAL_SERVER_ERROR 500 -diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c -index 818d7329..329dcdc6 100644 ---- a/src/stream/ngx_stream_proxy_module.c -+++ b/src/stream/ngx_stream_proxy_module.c -@@ -691,6 +691,11 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s) - return; - } - -+ if (rc >= NGX_STREAM_SPECIAL_RESPONSE) { -+ ngx_stream_proxy_finalize(s, rc); -+ return; -+ } -+ - u->state->peer = u->peer.name; - - if (rc == NGX_BUSY) { -diff --git a/src/stream/ngx_stream_upstream.h b/src/stream/ngx_stream_upstream.h -index 73947f46..21bc0ad7 100644 ---- a/src/stream/ngx_stream_upstream.h -+++ b/src/stream/ngx_stream_upstream.h -@@ -151,4 +151,9 @@ ngx_stream_upstream_srv_conf_t *ngx_stream_upstream_add(ngx_conf_t *cf, - extern ngx_module_t ngx_stream_upstream_module; - - -+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH -+#define HAVE_BALANCER_STATUS_CODE_PATCH -+#endif -+ -+ - #endif /* _NGX_STREAM_UPSTREAM_H_INCLUDED_ */ diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch b/images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch deleted file mode 100644 index 91ee63a262..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-cache_manager_exit.patch +++ /dev/null @@ -1,19 +0,0 @@ -# HG changeset patch -# User Yichun Zhang -# Date 1383598130 28800 -# Node ID f64218e1ac963337d84092536f588b8e0d99bbaa -# Parent dea321e5c0216efccbb23e84bbce7cf3e28f130c -Cache: gracefully exit the cache manager process. - -diff -r dea321e5c021 -r f64218e1ac96 src/os/unix/ngx_process_cycle.c ---- a/src/os/unix/ngx_process_cycle.c Thu Oct 31 18:23:49 2013 +0400 -+++ b/src/os/unix/ngx_process_cycle.c Mon Nov 04 12:48:50 2013 -0800 -@@ -1134,7 +1134,7 @@ - - if (ngx_terminate || ngx_quit) { - ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); -- exit(0); -+ ngx_worker_process_exit(cycle); - } - - if (ngx_reopen) { diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch b/images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch deleted file mode 100644 index 6875843245..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-delayed_posted_events.patch +++ /dev/null @@ -1,98 +0,0 @@ -diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c -index 57af8132..4853945f 100644 ---- a/src/event/ngx_event.c -+++ b/src/event/ngx_event.c -@@ -196,6 +196,9 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle) - ngx_uint_t flags; - ngx_msec_t timer, delta; - -+ ngx_queue_t *q; -+ ngx_event_t *ev; -+ - if (ngx_timer_resolution) { - timer = NGX_TIMER_INFINITE; - flags = 0; -@@ -215,6 +218,13 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle) - #endif - } - -+ if (!ngx_queue_empty(&ngx_posted_delayed_events)) { -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, -+ "posted delayed event queue not empty" -+ " making poll timeout 0"); -+ timer = 0; -+ } -+ - if (ngx_use_accept_mutex) { - if (ngx_accept_disabled > 0) { - ngx_accept_disabled--; -@@ -257,6 +267,35 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle) - } - - ngx_event_process_posted(cycle, &ngx_posted_events); -+ -+ while (!ngx_queue_empty(&ngx_posted_delayed_events)) { -+ q = ngx_queue_head(&ngx_posted_delayed_events); -+ -+ ev = ngx_queue_data(q, ngx_event_t, queue); -+ if (ev->delayed) { -+ /* start of newly inserted nodes */ -+ for (/* void */; -+ q != ngx_queue_sentinel(&ngx_posted_delayed_events); -+ q = ngx_queue_next(q)) -+ { -+ ev = ngx_queue_data(q, ngx_event_t, queue); -+ ev->delayed = 0; -+ -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, -+ "skipping delayed posted event %p," -+ " till next iteration", ev); -+ } -+ -+ break; -+ } -+ -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, -+ "delayed posted event %p", ev); -+ -+ ngx_delete_posted_event(ev); -+ -+ ev->handler(ev); -+ } - } - - -@@ -600,6 +639,7 @@ ngx_event_process_init(ngx_cycle_t *cycle) - - ngx_queue_init(&ngx_posted_accept_events); - ngx_queue_init(&ngx_posted_events); -+ ngx_queue_init(&ngx_posted_delayed_events); - - if (ngx_event_timer_init(cycle->log) == NGX_ERROR) { - return NGX_ERROR; -diff --git a/src/event/ngx_event_posted.c b/src/event/ngx_event_posted.c -index d851f3d1..b6cea009 100644 ---- a/src/event/ngx_event_posted.c -+++ b/src/event/ngx_event_posted.c -@@ -12,6 +12,7 @@ - - ngx_queue_t ngx_posted_accept_events; - ngx_queue_t ngx_posted_events; -+ngx_queue_t ngx_posted_delayed_events; - - - void -diff --git a/src/event/ngx_event_posted.h b/src/event/ngx_event_posted.h -index 145d30fe..6c388553 100644 ---- a/src/event/ngx_event_posted.h -+++ b/src/event/ngx_event_posted.h -@@ -43,6 +43,9 @@ void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted); - - extern ngx_queue_t ngx_posted_accept_events; - extern ngx_queue_t ngx_posted_events; -+extern ngx_queue_t ngx_posted_delayed_events; -+ -+#define HAVE_POSTED_DELAYED_EVENTS_PATCH - - - #endif /* _NGX_EVENT_POSTED_H_INCLUDED_ */ diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch b/images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch deleted file mode 100644 index 449d214bab..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-hash_overflow.patch +++ /dev/null @@ -1,20 +0,0 @@ -# HG changeset patch -# User Yichun Zhang -# Date 1412276417 25200 -# Thu Oct 02 12:00:17 2014 -0700 -# Node ID 4032b992f23b054c1a2cfb0be879330d2c6708e5 -# Parent 1ff0f68d9376e3d184d65814a6372856bf65cfcd -Hash: buffer overflow might happen when exceeding the pre-configured limits. - -diff -r 1ff0f68d9376 -r 4032b992f23b src/core/ngx_hash.c ---- a/src/core/ngx_hash.c Tue Sep 30 15:50:28 2014 -0700 -+++ b/src/core/ngx_hash.c Thu Oct 02 12:00:17 2014 -0700 -@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t *hinit, ng - continue; - } - -+ size--; -+ - ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0, - "could not build optimal %s, you should increase " - "either %s_max_size: %i or %s_bucket_size: %i; " diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-http2.patch b/images/nginx/rootfs/patches/nginx-1.21.4-http2.patch deleted file mode 100644 index 3b9d57736d..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-http2.patch +++ /dev/null @@ -1,57 +0,0 @@ -#commit 6ceef192e7af1c507826ac38a2d43f08bf265fb9 -#repository: https://github.com/nginx/nginx -#Author: Maxim Dounin -#Date: Tue Oct 10 15:13:39 2023 +0300 -diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c -index 7c05ff1e7..410a8be24 100644 ---- a/src/http/v2/ngx_http_v2.c -+++ b/src/http/v2/ngx_http_v2.c -@@ -347,6 +347,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev) - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler"); - - h2c->blocked = 1; -+ h2c->new_streams = 0; - - if (c->close) { - c->close = 0; -@@ -1284,6 +1285,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, - goto rst_stream; - } - -+ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { -+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, -+ "client sent too many streams at once"); -+ -+ status = NGX_HTTP_V2_REFUSED_STREAM; -+ goto rst_stream; -+ } -+ - if (!h2c->settings_ack - && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) - && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) -@@ -1349,6 +1358,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, - - rst_stream: - -+ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { -+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, -+ "client sent too many refused streams"); -+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); -+ } -+ - if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); - } -diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h -index cb9014ccf..6751b3026 100644 ---- a/src/http/v2/ngx_http_v2.h -+++ b/src/http/v2/ngx_http_v2.h -@@ -131,6 +131,8 @@ struct ngx_http_v2_connection_s { - ngx_uint_t processing; - ngx_uint_t frames; - ngx_uint_t idle; -+ ngx_uint_t new_streams; -+ ngx_uint_t refused_streams; - ngx_uint_t priority_limit; - - size_t send_window; \ No newline at end of file diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch b/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch deleted file mode 100644 index 9cfa4f7cb9..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-init_cycle_pool_release.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff -rup nginx-1.21.4/src/core/nginx.c nginx-1.21.4-patched/src/core/nginx.c ---- nginx-1.21.4/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 -+++ nginx-1.21.4-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 -@@ -186,6 +186,7 @@ static u_char *ngx_prefix; - static u_char *ngx_conf_file; - static u_char *ngx_conf_params; - static char *ngx_signal; -+ngx_pool_t *saved_init_cycle_pool = NULL; - - - static char **ngx_os_environ; -@@ -253,6 +254,8 @@ main(int argc, char *const *argv) - return 1; - } - -+ saved_init_cycle_pool = init_cycle.pool; -+ - if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) { - return 1; - } -diff -rup nginx-1.21.4/src/core/ngx_core.h nginx-1.21.4-patched/src/core/ngx_core.h ---- nginx-1.21.4/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.21.4-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 -@@ -108,4 +108,6 @@ void ngx_cpuinfo(void); - #define NGX_DISABLE_SYMLINKS_NOTOWNER 2 - #endif - -+extern ngx_pool_t *saved_init_cycle_pool; -+ - #endif /* _NGX_CORE_H_INCLUDED_ */ -diff -rup nginx-1.21.4/src/core/ngx_cycle.c nginx-1.21.4-patched/src/core/ngx_cycle.c ---- nginx-1.21.4/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.21.4-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 -@@ -748,6 +748,10 @@ old_shm_zone_done: - - if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) { - -+ if (ngx_is_init_cycle(old_cycle)) { -+ saved_init_cycle_pool = NULL; -+ } -+ - ngx_destroy_pool(old_cycle->pool); - cycle->old_cycle = NULL; - -diff -rup nginx-1.21.4/src/os/unix/ngx_process_cycle.c nginx-1.21.4-patched/src/os/unix/ngx_process_cycle.c ---- nginx-1.21.4/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 -+++ nginx-1.21.4-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 -@@ -687,6 +692,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc - ngx_exit_cycle.files_n = ngx_cycle->files_n; - ngx_cycle = &ngx_exit_cycle; - -+ if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) { -+ ngx_destroy_pool(saved_init_cycle_pool); -+ saved_init_cycle_pool = NULL; -+ } -+ - ngx_destroy_pool(cycle->pool); - - exit(0); diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch b/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch deleted file mode 100644 index c89032c9f4..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-larger_max_error_str.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- nginx-1.21.4/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 -+++ nginx-1.21.4-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 -@@ -64,7 +64,9 @@ struct ngx_log_s { - }; - - --#define NGX_MAX_ERROR_STR 2048 -+#ifndef NGX_MAX_ERROR_STR -+#define NGX_MAX_ERROR_STR 4096 -+#endif - - - /*********************************/ diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch b/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch deleted file mode 100644 index f4d6fd0e5c..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-no_Werror.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -urp nginx-1.21.4/auto/cc/clang nginx-1.21.4-patched/auto/cc/clang ---- nginx-1.21.4/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.21.4-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 -@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali - CFLAGS="$CFLAGS -Wno-unused-parameter" - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.21.4/auto/cc/gcc nginx-1.21.4-patched/auto/cc/gcc ---- nginx-1.21.4/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.21.4-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 -@@ -168,7 +168,7 @@ esac - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.21.4/auto/cc/icc nginx-1.21.4-patched/auto/cc/icc ---- nginx-1.21.4/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.21.4-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 -@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in - esac - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch b/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch deleted file mode 100644 index 01cebd65ad..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-proxy_host_port_vars.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- nginx-1.21.4/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 -+++ nginx-1.21.4-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 -@@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach - static ngx_http_variable_t ngx_http_proxy_vars[] = { - - { ngx_string("proxy_host"), NULL, ngx_http_proxy_host_variable, 0, -- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, -+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, - - { ngx_string("proxy_port"), NULL, ngx_http_proxy_port_variable, 0, -- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, -+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, - - { ngx_string("proxy_add_x_forwarded_for"), NULL, -- ngx_http_proxy_add_x_forwarded_for_variable, 0, NGX_HTTP_VAR_NOHASH, 0 }, -+ ngx_http_proxy_add_x_forwarded_for_variable, 0, 0, 0 }, - - #if 0 - { ngx_string("proxy_add_via"), NULL, NULL, 0, NGX_HTTP_VAR_NOHASH, 0 }, diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch b/images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch deleted file mode 100644 index 8638cdf2a8..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-resolver_conf_parsing.patch +++ /dev/null @@ -1,263 +0,0 @@ -diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c -index cd55520c..dade1846 100644 ---- a/src/core/ngx_resolver.c -+++ b/src/core/ngx_resolver.c -@@ -9,12 +9,26 @@ - #include - #include - -+#if !(NGX_WIN32) -+#include -+#endif -+ - - #define NGX_RESOLVER_UDP_SIZE 4096 - - #define NGX_RESOLVER_TCP_RSIZE (2 + 65535) - #define NGX_RESOLVER_TCP_WSIZE 8192 - -+#if !(NGX_WIN32) -+/* -+ * note that 2KB should be more than enough for majority of the -+ * resolv.conf files out there. it also acts as a safety guard to prevent -+ * abuse. -+ */ -+#define NGX_RESOLVER_FILE_BUF_SIZE 2048 -+#define NGX_RESOLVER_FILE_NAME "/etc/resolv.conf" -+#endif -+ - - typedef struct { - u_char ident_hi; -@@ -131,6 +145,191 @@ static ngx_resolver_node_t *ngx_resolver_lookup_addr6(ngx_resolver_t *r, - #endif - - -+#if !(NGX_WIN32) -+static ngx_int_t -+ngx_resolver_read_resolv_conf(ngx_conf_t *cf, ngx_resolver_t *r, u_char *path, -+ size_t path_len) -+{ -+ ngx_url_t u; -+ ngx_resolver_connection_t *rec; -+ ngx_fd_t fd; -+ ngx_file_t file; -+ u_char buf[NGX_RESOLVER_FILE_BUF_SIZE]; -+ u_char ipv6_buf[NGX_INET6_ADDRSTRLEN]; -+ ngx_uint_t address = 0, j, total = 0; -+ ssize_t n, i; -+ enum { -+ sw_nameserver, -+ sw_spaces, -+ sw_address, -+ sw_skip -+ } state; -+ -+ file.name.data = path; -+ file.name.len = path_len; -+ -+ if (ngx_conf_full_name(cf->cycle, &file.name, 1) != NGX_OK) { -+ return NGX_ERROR; -+ } -+ -+ fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY, -+ NGX_FILE_OPEN, 0); -+ -+ if (fd == NGX_INVALID_FILE) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, -+ ngx_open_file_n " \"%s\" failed", file.name.data); -+ -+ return NGX_ERROR; -+ } -+ -+ ngx_memzero(&file, sizeof(ngx_file_t)); -+ -+ file.fd = fd; -+ file.log = cf->log; -+ -+ state = sw_nameserver; -+ -+ n = ngx_read_file(&file, buf, NGX_RESOLVER_FILE_BUF_SIZE, 0); -+ -+ if (n == NGX_ERROR) { -+ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno, -+ ngx_read_file_n " \"%s\" failed", file.name.data); -+ } -+ -+ if (ngx_close_file(file.fd) == NGX_FILE_ERROR) { -+ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno, -+ ngx_close_file_n " \"%s\" failed", file.name.data); -+ } -+ -+ if (n == NGX_ERROR) { -+ return NGX_ERROR; -+ } -+ -+ if (n == 0) { -+ return NGX_OK; -+ } -+ -+ for (i = 0; i < n && total < MAXNS; /* void */) { -+ if (buf[i] == '#' || buf[i] == ';') { -+ state = sw_skip; -+ } -+ -+ switch (state) { -+ -+ case sw_nameserver: -+ -+ if ((size_t) n - i >= sizeof("nameserver") - 1 -+ && ngx_memcmp(buf + i, "nameserver", -+ sizeof("nameserver") - 1) == 0) -+ { -+ state = sw_spaces; -+ i += sizeof("nameserver") - 1; -+ -+ continue; -+ } -+ -+ break; -+ -+ case sw_spaces: -+ if (buf[i] != '\t' && buf[i] != ' ') { -+ address = i; -+ state = sw_address; -+ } -+ -+ break; -+ -+ case sw_address: -+ -+ if (buf[i] == CR || buf[i] == LF || i == n - 1) { -+ ngx_memzero(&u, sizeof(ngx_url_t)); -+ -+ u.url.data = buf + address; -+ -+ if (i == n - 1 && buf[i] != CR && buf[i] != LF) { -+ u.url.len = n - address; -+ -+ } else { -+ u.url.len = i - address; -+ } -+ -+ u.default_port = 53; -+ -+ /* IPv6? */ -+ if (ngx_strlchr(u.url.data, u.url.data + u.url.len, -+ ':') != NULL) -+ { -+ if (u.url.len + 2 > sizeof(ipv6_buf)) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "IPv6 resolver address is too long:" -+ " \"%V\"", &u.url); -+ -+ return NGX_ERROR; -+ } -+ -+ ipv6_buf[0] = '['; -+ ngx_memcpy(ipv6_buf + 1, u.url.data, u.url.len); -+ ipv6_buf[u.url.len + 1] = ']'; -+ -+ u.url.data = ipv6_buf; -+ u.url.len = u.url.len + 2; -+ } -+ -+ if (ngx_parse_url(cf->pool, &u) != NGX_OK) { -+ if (u.err) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "%s in resolver \"%V\"", -+ u.err, &u.url); -+ } -+ -+ return NGX_ERROR; -+ } -+ -+ rec = ngx_array_push_n(&r->connections, u.naddrs); -+ if (rec == NULL) { -+ return NGX_ERROR; -+ } -+ -+ ngx_memzero(rec, u.naddrs * sizeof(ngx_resolver_connection_t)); -+ -+ for (j = 0; j < u.naddrs; j++) { -+ rec[j].sockaddr = u.addrs[j].sockaddr; -+ rec[j].socklen = u.addrs[j].socklen; -+ rec[j].server = u.addrs[j].name; -+ rec[j].resolver = r; -+ } -+ -+ total++; -+ -+#if (NGX_DEBUG) -+ /* -+ * logs with level below NGX_LOG_NOTICE will not be printed -+ * in this early phase -+ */ -+ ngx_conf_log_error(NGX_LOG_NOTICE, cf, 0, -+ "parsed a resolver: \"%V\"", &u.url); -+#endif -+ -+ state = sw_nameserver; -+ } -+ -+ break; -+ -+ case sw_skip: -+ if (buf[i] == CR || buf[i] == LF) { -+ state = sw_nameserver; -+ } -+ -+ break; -+ } -+ -+ i++; -+ } -+ -+ return NGX_OK; -+} -+#endif -+ -+ - ngx_resolver_t * - ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) - { -@@ -246,6 +445,39 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) - } - #endif - -+#if !(NGX_WIN32) -+ if (ngx_strncmp(names[i].data, "local=", 6) == 0) { -+ -+ if (ngx_strcmp(&names[i].data[6], "on") == 0) { -+ if (ngx_resolver_read_resolv_conf(cf, r, -+ (u_char *) -+ NGX_RESOLVER_FILE_NAME, -+ sizeof(NGX_RESOLVER_FILE_NAME) -+ - 1) -+ != NGX_OK) -+ { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "unable to parse local resolver"); -+ return NULL; -+ } -+ -+ } else if (ngx_strcmp(&names[i].data[6], "off") != 0) { -+ if (ngx_resolver_read_resolv_conf(cf, r, -+ &names[i].data[6], -+ names[i].len - 6) -+ != NGX_OK) -+ { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "unable to parse local resolver"); -+ return NULL; -+ } -+ -+ } -+ -+ continue; -+ } -+#endif -+ - ngx_memzero(&u, sizeof(ngx_url_t)); - - u.url = names[i]; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch b/images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch deleted file mode 100644 index ff4a36fd22..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-reuseport_close_unused_fds.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c ---- a/src/core/ngx_connection.c -+++ b/src/core/ngx_connection.c -@@ -1118,6 +1118,12 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle) - ls = cycle->listening.elts; - for (i = 0; i < cycle->listening.nelts; i++) { - -+#if (NGX_HAVE_REUSEPORT) -+ if (ls[i].fd == (ngx_socket_t) -1) { -+ continue; -+ } -+#endif -+ - c = ls[i].connection; - - if (c) { -diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c ---- a/src/event/ngx_event.c -+++ b/src/event/ngx_event.c -@@ -775,6 +775,18 @@ ngx_event_process_init(ngx_cycle_t *cycle) - - #if (NGX_HAVE_REUSEPORT) - if (ls[i].reuseport && ls[i].worker != ngx_worker) { -+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, cycle->log, 0, -+ "closing unused fd:%d listening on %V", -+ ls[i].fd, &ls[i].addr_text); -+ -+ if (ngx_close_socket(ls[i].fd) == -1) { -+ ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_socket_errno, -+ ngx_close_socket_n " %V failed", -+ &ls[i].addr_text); -+ } -+ -+ ls[i].fd = (ngx_socket_t) -1; -+ - continue; - } - #endif diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch b/images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch deleted file mode 100644 index 2754fc2fe7..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-single_process_graceful_exit.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c -index 15680237..12a8c687 100644 ---- a/src/os/unix/ngx_process.c -+++ b/src/os/unix/ngx_process.c -@@ -362,8 +362,15 @@ ngx_signal_handler(int signo, siginfo_t *siginfo, void *ucontext) - break; - - case ngx_signal_value(NGX_RECONFIGURE_SIGNAL): -- ngx_reconfigure = 1; -- action = ", reconfiguring"; -+ if (ngx_process == NGX_PROCESS_SINGLE) { -+ ngx_terminate = 1; -+ action = ", exiting"; -+ -+ } else { -+ ngx_reconfigure = 1; -+ action = ", reconfiguring"; -+ } -+ - break; - - case ngx_signal_value(NGX_REOPEN_SIGNAL): -diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c -index 5817a2c2..f3d58e97 100644 ---- a/src/os/unix/ngx_process_cycle.c -+++ b/src/os/unix/ngx_process_cycle.c -@@ -305,11 +305,26 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) - } - - for ( ;; ) { -+ if (ngx_exiting) { -+ if (ngx_event_no_timers_left() == NGX_OK) { -+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); -+ -+ for (i = 0; cycle->modules[i]; i++) { -+ if (cycle->modules[i]->exit_process) { -+ cycle->modules[i]->exit_process(cycle); -+ } -+ } -+ -+ ngx_master_process_exit(cycle); -+ } -+ } -+ - ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle"); - - ngx_process_events_and_timers(cycle); - -- if (ngx_terminate || ngx_quit) { -+ if (ngx_terminate) { -+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); - - for (i = 0; cycle->modules[i]; i++) { - if (cycle->modules[i]->exit_process) { -@@ -320,6 +335,20 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) - ngx_master_process_exit(cycle); - } - -+ if (ngx_quit) { -+ ngx_quit = 0; -+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, -+ "gracefully shutting down"); -+ ngx_setproctitle("process is shutting down"); -+ -+ if (!ngx_exiting) { -+ ngx_exiting = 1; -+ ngx_set_shutdown_timer(cycle); -+ ngx_close_listening_sockets(cycle); -+ ngx_close_idle_connections(cycle); -+ } -+ } -+ - if (ngx_reconfigure) { - ngx_reconfigure = 0; - ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reconfiguring"); diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch b/images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch deleted file mode 100644 index 8ffe4c1676..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-socket_cloexec.patch +++ /dev/null @@ -1,185 +0,0 @@ -diff --git a/auto/unix b/auto/unix -index 10835f6c..b5b33bb3 100644 ---- a/auto/unix -+++ b/auto/unix -@@ -990,3 +990,27 @@ ngx_feature_test='struct addrinfo *res; - if (getaddrinfo("localhost", NULL, NULL, &res) != 0) return 1; - freeaddrinfo(res)' - . auto/feature -+ -+ngx_feature="SOCK_CLOEXEC support" -+ngx_feature_name="NGX_HAVE_SOCKET_CLOEXEC" -+ngx_feature_run=no -+ngx_feature_incs="#include -+ #include " -+ngx_feature_path= -+ngx_feature_libs= -+ngx_feature_test="int fd; -+ fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);" -+. auto/feature -+ -+ngx_feature="FD_CLOEXEC support" -+ngx_feature_name="NGX_HAVE_FD_CLOEXEC" -+ngx_feature_run=no -+ngx_feature_incs="#include -+ #include -+ #include " -+ngx_feature_path= -+ngx_feature_libs= -+ngx_feature_test="int fd; -+ fd = socket(AF_INET, SOCK_STREAM, 0); -+ fcntl(fd, F_SETFD, FD_CLOEXEC);" -+. auto/feature -diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c -index cd55520c..438e0806 100644 ---- a/src/core/ngx_resolver.c -+++ b/src/core/ngx_resolver.c -@@ -4466,8 +4466,14 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec) - ngx_event_t *rev, *wev; - ngx_connection_t *c; - -+#if (NGX_HAVE_SOCKET_CLOEXEC) -+ s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0); -+ -+#else - s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM, 0); - -+#endif -+ - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, &rec->log, 0, "TCP socket %d", s); - - if (s == (ngx_socket_t) -1) { -@@ -4494,6 +4500,15 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec) - goto failed; - } - -+#if (NGX_HAVE_FD_CLOEXEC) -+ if (ngx_cloexec(s) == -1) { -+ ngx_log_error(NGX_LOG_ALERT, &rec->log, ngx_socket_errno, -+ ngx_cloexec_n " failed"); -+ -+ goto failed; -+ } -+#endif -+ - rev = c->read; - wev = c->write; - -diff --git a/src/event/ngx_event.h b/src/event/ngx_event.h -index 19fec68..8c2f01a 100644 ---- a/src/event/ngx_event.h -+++ b/src/event/ngx_event.h -@@ -73,6 +73,9 @@ struct ngx_event_s { - /* to test on worker exit */ - unsigned channel:1; - unsigned resolver:1; -+#if (HAVE_SOCKET_CLOEXEC_PATCH) -+ unsigned skip_socket_leak_check:1; -+#endif - - unsigned cancelable:1; - -diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c -index 77563709..5827b9d0 100644 ---- a/src/event/ngx_event_accept.c -+++ b/src/event/ngx_event_accept.c -@@ -62,7 +62,9 @@ ngx_event_accept(ngx_event_t *ev) - - #if (NGX_HAVE_ACCEPT4) - if (use_accept4) { -- s = accept4(lc->fd, &sa.sockaddr, &socklen, SOCK_NONBLOCK); -+ s = accept4(lc->fd, &sa.sockaddr, &socklen, -+ SOCK_NONBLOCK | SOCK_CLOEXEC); -+ - } else { - s = accept(lc->fd, &sa.sockaddr, &socklen); - } -@@ -202,6 +204,16 @@ ngx_event_accept(ngx_event_t *ev) - ngx_close_accepted_connection(c); - return; - } -+ -+#if (NGX_HAVE_FD_CLOEXEC) -+ if (ngx_cloexec(s) == -1) { -+ ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno, -+ ngx_cloexec_n " failed"); -+ ngx_close_accepted_connection(c); -+ return; -+ } -+#endif -+ - } - } - -diff --git a/src/event/ngx_event_connect.c b/src/event/ngx_event_connect.c -index c5bb8068..cf33b1d2 100644 ---- a/src/event/ngx_event_connect.c -+++ b/src/event/ngx_event_connect.c -@@ -38,8 +38,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc) - - type = (pc->type ? pc->type : SOCK_STREAM); - -+#if (NGX_HAVE_SOCKET_CLOEXEC) -+ s = ngx_socket(pc->sockaddr->sa_family, type | SOCK_CLOEXEC, 0); -+ -+#else - s = ngx_socket(pc->sockaddr->sa_family, type, 0); - -+#endif -+ -+ - ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pc->log, 0, "%s socket %d", - (type == SOCK_STREAM) ? "stream" : "dgram", s); - -@@ -80,6 +87,15 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc) - goto failed; - } - -+#if (NGX_HAVE_FD_CLOEXEC) -+ if (ngx_cloexec(s) == -1) { -+ ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno, -+ ngx_cloexec_n " failed"); -+ -+ goto failed; -+ } -+#endif -+ - if (pc->local) { - - #if (NGX_HAVE_TRANSPARENT_PROXY) -diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c -index c4376a5..48e8fa8 100644 ---- a/src/os/unix/ngx_process_cycle.c -+++ b/src/os/unix/ngx_process_cycle.c -@@ -960,6 +1029,9 @@ ngx_worker_process_exit(ngx_cycle_t *cycle) - for (i = 0; i < cycle->connection_n; i++) { - if (c[i].fd != -1 - && c[i].read -+#if (HAVE_SOCKET_CLOEXEC_PATCH) -+ && !c[i].read->skip_socket_leak_check -+#endif - && !c[i].read->accept - && !c[i].read->channel - && !c[i].read->resolver) -diff --git a/src/os/unix/ngx_socket.h b/src/os/unix/ngx_socket.h -index fcc51533..d1eebf47 100644 ---- a/src/os/unix/ngx_socket.h -+++ b/src/os/unix/ngx_socket.h -@@ -38,6 +38,17 @@ int ngx_blocking(ngx_socket_t s); - - #endif - -+#if (NGX_HAVE_FD_CLOEXEC) -+ -+#define ngx_cloexec(s) fcntl(s, F_SETFD, FD_CLOEXEC) -+#define ngx_cloexec_n "fcntl(FD_CLOEXEC)" -+ -+/* at least FD_CLOEXEC is required to ensure connection fd is closed -+ * after execve */ -+#define HAVE_SOCKET_CLOEXEC_PATCH 1 -+ -+#endif -+ - int ngx_tcp_nopush(ngx_socket_t s); - int ngx_tcp_push(ngx_socket_t s); - diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch deleted file mode 100644 index 89773c05ef..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-ssl_cert_cb_yield.patch +++ /dev/null @@ -1,64 +0,0 @@ -# HG changeset patch -# User Yichun Zhang -# Date 1451762084 28800 -# Sat Jan 02 11:14:44 2016 -0800 -# Node ID 449f0461859c16e95bdb18e8be6b94401545d3dd -# Parent 78b4e10b4367b31367aad3c83c9c3acdd42397c4 -SSL: handled SSL_CTX_set_cert_cb() callback yielding. - -OpenSSL 1.0.2+ introduces SSL_CTX_set_cert_cb() to allow custom -callbacks to serve the SSL certificiates and private keys dynamically -and lazily. The callbacks may yield for nonblocking I/O or sleeping. -Here we added support for such usage in NGINX 3rd-party modules -(like ngx_lua) in NGINX's event handlers for downstream SSL -connections. - -diff -r 78b4e10b4367 -r 449f0461859c src/event/ngx_event_openssl.c ---- a/src/event/ngx_event_openssl.c Thu Dec 17 16:39:15 2015 +0300 -+++ b/src/event/ngx_event_openssl.c Sat Jan 02 11:14:44 2016 -0800 -@@ -1445,6 +1445,23 @@ ngx_ssl_handshake(ngx_connection_t *c) - return NGX_AGAIN; - } - -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L -+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) { -+ c->read->handler = ngx_ssl_handshake_handler; -+ c->write->handler = ngx_ssl_handshake_handler; -+ -+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { -+ return NGX_ERROR; -+ } -+ -+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { -+ return NGX_ERROR; -+ } -+ -+ return NGX_AGAIN; -+ } -+#endif -+ - err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; - - c->ssl->no_wait_shutdown = 1; -@@ -1558,6 +1575,21 @@ ngx_ssl_try_early_data(ngx_connection_t *c) - return NGX_AGAIN; - } - -+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) { -+ c->read->handler = ngx_ssl_handshake_handler; -+ c->write->handler = ngx_ssl_handshake_handler; -+ -+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { -+ return NGX_ERROR; -+ } -+ -+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { -+ return NGX_ERROR; -+ } -+ -+ return NGX_AGAIN; -+ } -+ - err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; - - c->ssl->no_wait_shutdown = 1; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch deleted file mode 100644 index ac5fe65eb2..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-ssl_sess_cb_yield.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c ---- a/src/event/ngx_event_openssl.c -+++ b/src/event/ngx_event_openssl.c -@@ -1446,7 +1446,12 @@ ngx_ssl_handshake(ngx_connection_t *c) - } - - #if OPENSSL_VERSION_NUMBER >= 0x10002000L -- if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) { -+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP -+# ifdef SSL_ERROR_PENDING_SESSION -+ || sslerr == SSL_ERROR_PENDING_SESSION -+# endif -+ ) -+ { - c->read->handler = ngx_ssl_handshake_handler; - c->write->handler = ngx_ssl_handshake_handler; - -@@ -1575,6 +1580,23 @@ ngx_ssl_try_early_data(ngx_connection_t *c) - return NGX_AGAIN; - } - -+#ifdef SSL_ERROR_PENDING_SESSION -+ if (sslerr == SSL_ERROR_PENDING_SESSION) { -+ c->read->handler = ngx_ssl_handshake_handler; -+ c->write->handler = ngx_ssl_handshake_handler; -+ -+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { -+ return NGX_ERROR; -+ } -+ -+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { -+ return NGX_ERROR; -+ } -+ -+ return NGX_AGAIN; -+ } -+#endif -+ - err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; - - c->ssl->no_wait_shutdown = 1; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch b/images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch deleted file mode 100644 index cb881f070c..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-stream_proxy_get_next_upstream_tries.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h -index 09d2459..de92724 100644 ---- a/src/stream/ngx_stream.h -+++ b/src/stream/ngx_stream.h -@@ -303,4 +303,7 @@ typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s, - extern ngx_stream_filter_pt ngx_stream_top_filter; - - -+#define HAS_NGX_STREAM_PROXY_GET_NEXT_UPSTREAM_TRIES_PATCH 1 -+ -+ - #endif /* _NGX_STREAM_H_INCLUDED_ */ -diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c -index 0afde1c..3254ce1 100644 ---- a/src/stream/ngx_stream_proxy_module.c -+++ b/src/stream/ngx_stream_proxy_module.c -@@ -2156,3 +2156,14 @@ ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) - - return NGX_CONF_OK; - } -+ -+ -+ngx_uint_t -+ngx_stream_proxy_get_next_upstream_tries(ngx_stream_session_t *s) -+{ -+ ngx_stream_proxy_srv_conf_t *pscf; -+ -+ pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); -+ -+ return pscf->next_upstream_tries; -+} diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch b/images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch deleted file mode 100644 index e45e9f69a7..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-stream_ssl_preread_no_skip.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c -index e3d11fd9..3717b5fe 100644 ---- a/src/stream/ngx_stream_ssl_preread_module.c -+++ b/src/stream/ngx_stream_ssl_preread_module.c -@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s) - - rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len); - if (rc != NGX_AGAIN) { -- return rc; -+ return rc == NGX_OK ? NGX_DECLINED : rc; - } - - p += len; diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch deleted file mode 100644 index aed80365ad..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-upstream_pipelining.patch +++ /dev/null @@ -1,23 +0,0 @@ -commit f9907b72a76a21ac5413187b83177a919475c75f -Author: Yichun Zhang (agentzh) -Date: Wed Feb 10 16:05:08 2016 -0800 - - bugfix: upstream: keep sending request data after the first write attempt. - - See - http://mailman.nginx.org/pipermail/nginx-devel/2012-March/002040.html - for more details on the issue. - -diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c -index 69019417..92b7c97f 100644 ---- a/src/http/ngx_http_upstream.c -+++ b/src/http/ngx_http_upstream.c -@@ -2239,7 +2239,7 @@ ngx_http_upstream_send_request_handler(ngx_http_request_t *r, - - #endif - -- if (u->header_sent && !u->conf->preserve_output) { -+ if (u->request_body_sent && !u->conf->preserve_output) { - u->write_event_handler = ngx_http_upstream_dummy_handler; - - (void) ngx_handle_write_event(c->write, 0); diff --git a/images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch b/images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch deleted file mode 100644 index 2314ddf801..0000000000 --- a/images/nginx/rootfs/patches/nginx-1.21.4-upstream_timeout_fields.patch +++ /dev/null @@ -1,112 +0,0 @@ -diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c -index 69019417..2265d8f7 100644 ---- a/src/http/ngx_http_upstream.c -+++ b/src/http/ngx_http_upstream.c -@@ -509,12 +509,19 @@ void - ngx_http_upstream_init(ngx_http_request_t *r) - { - ngx_connection_t *c; -+ ngx_http_upstream_t *u; - - c = r->connection; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, - "http init upstream, client timer: %d", c->read->timer_set); - -+ u = r->upstream; -+ -+ u->connect_timeout = u->conf->connect_timeout; -+ u->send_timeout = u->conf->send_timeout; -+ u->read_timeout = u->conf->read_timeout; -+ - #if (NGX_HTTP_V2) - if (r->stream) { - ngx_http_upstream_init_request(r); -@@ -1626,7 +1633,7 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u) - u->request_body_blocked = 0; - - if (rc == NGX_AGAIN) { -- ngx_add_timer(c->write, u->conf->connect_timeout); -+ ngx_add_timer(c->write, u->connect_timeout); - return; - } - -@@ -1704,7 +1711,7 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r, - if (rc == NGX_AGAIN) { - - if (!c->write->timer_set) { -- ngx_add_timer(c->write, u->conf->connect_timeout); -+ ngx_add_timer(c->write, u->connect_timeout); - } - - c->ssl->handler = ngx_http_upstream_ssl_handshake_handler; -@@ -2022,7 +2029,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u, - - if (rc == NGX_AGAIN) { - if (!c->write->ready || u->request_body_blocked) { -- ngx_add_timer(c->write, u->conf->send_timeout); -+ ngx_add_timer(c->write, u->send_timeout); - - } else if (c->write->timer_set) { - ngx_del_timer(c->write); -@@ -2084,7 +2091,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u, - return; - } - -- ngx_add_timer(c->read, u->conf->read_timeout); -+ ngx_add_timer(c->read, u->read_timeout); - - if (c->read->ready) { - ngx_http_upstream_process_header(r, u); -@@ -3213,7 +3220,7 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u) - p->cyclic_temp_file = 0; - } - -- p->read_timeout = u->conf->read_timeout; -+ p->read_timeout = u->read_timeout; - p->send_timeout = clcf->send_timeout; - p->send_lowat = clcf->send_lowat; - -@@ -3458,7 +3465,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r, - } - - if (upstream->write->active && !upstream->write->ready) { -- ngx_add_timer(upstream->write, u->conf->send_timeout); -+ ngx_add_timer(upstream->write, u->send_timeout); - - } else if (upstream->write->timer_set) { - ngx_del_timer(upstream->write); -@@ -3470,7 +3477,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r, - } - - if (upstream->read->active && !upstream->read->ready) { -- ngx_add_timer(upstream->read, u->conf->read_timeout); -+ ngx_add_timer(upstream->read, u->read_timeout); - - } else if (upstream->read->timer_set) { - ngx_del_timer(upstream->read); -@@ -3664,7 +3671,7 @@ ngx_http_upstream_process_non_buffered_request(ngx_http_request_t *r, - } - - if (upstream->read->active && !upstream->read->ready) { -- ngx_add_timer(upstream->read, u->conf->read_timeout); -+ ngx_add_timer(upstream->read, u->read_timeout); - - } else if (upstream->read->timer_set) { - ngx_del_timer(upstream->read); -diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h -index c2f4dc0b..b9eef118 100644 ---- a/src/http/ngx_http_upstream.h -+++ b/src/http/ngx_http_upstream.h -@@ -333,6 +333,11 @@ struct ngx_http_upstream_s { - ngx_array_t *caches; - #endif - -+#define HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS 1 -+ ngx_msec_t connect_timeout; -+ ngx_msec_t send_timeout; -+ ngx_msec_t read_timeout; -+ - ngx_http_upstream_headers_in_t headers_in; - - ngx_http_upstream_resolved_t *resolved; From 85b513b0b7396fe3c356fa2872dc52f8fbdf123f Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 2 Oct 2024 08:03:22 +0200 Subject: [PATCH 54/81] Images: Trigger NGINX build. (#12076) --- images/nginx/TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/TAG b/images/nginx/TAG index f252462193..b82608c0bb 100644 --- a/images/nginx/TAG +++ b/images/nginx/TAG @@ -1 +1 @@ -v0.0.12 +v0.1.0 From f21739401f385d849f699e9a29504ef0f50db5b8 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 2 Oct 2024 13:02:04 +0200 Subject: [PATCH 55/81] Images: Bump `NGINX_BASE` to v0.1.0. (#12080) --- NGINX_BASE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NGINX_BASE b/NGINX_BASE index 5e32265fa4..2a95b1089d 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx-1.25:v0.0.12@sha256:2d471b3a34dc43d10c3f3d7f2a6e8a2ecf7654a4197e56374261c1c708b16365 +registry.k8s.io/ingress-nginx/nginx:v0.1.0@sha256:87dcd5ed0206161b86f3767ccdc592716617481e3eac89bfc46ec515419c0b94 From fc17081f7b35f253c41f8802367893a37d92e00d Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Wed, 2 Oct 2024 09:53:49 -0700 Subject: [PATCH 56/81] Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12083) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 +++----- go.sum | 16 ++++++---------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 6bdaead759..ec9533437a 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( k8s.io/apiextensions-apiserver v0.31.1 k8s.io/apimachinery v0.31.1 k8s.io/apiserver v0.31.1 - k8s.io/cli-runtime v0.30.0 + k8s.io/cli-runtime v0.31.1 k8s.io/client-go v0.31.1 k8s.io/code-generator v0.31.1 k8s.io/component-base v0.31.1 @@ -64,7 +64,6 @@ require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/eapache/queue v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.12.0 // indirect - github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa // indirect github.com/go-errors/errors v1.5.1 // indirect @@ -124,7 +123,6 @@ require ( golang.org/x/tools v0.24.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect google.golang.org/protobuf v1.34.2 // indirect - gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect @@ -133,8 +131,8 @@ require ( k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.16.0 // indirect - sigs.k8s.io/kustomize/kyaml v0.16.0 // indirect + sigs.k8s.io/kustomize/api v0.17.2 // indirect + sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 04a26d653a..240b71f1fe 100644 --- a/go.sum +++ b/go.sum @@ -32,8 +32,6 @@ github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= -github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -319,8 +317,6 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= -gopkg.in/evanphx/json-patch.v5 v5.9.0 h1:hx1VU2SGj4F8r9b8GUwJLdc8DNO8sy79ZGui0G05GLo= -gopkg.in/evanphx/json-patch.v5 v5.9.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= @@ -349,8 +345,8 @@ k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c= k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM= -k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= -k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= +k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk= +k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U= k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= k8s.io/code-generator v0.31.1 h1:GvkRZEP2g2UnB2QKT2Dgc/kYxIkDxCHENv2Q1itioVs= @@ -371,10 +367,10 @@ sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g= -sigs.k8s.io/kustomize/api v0.16.0/go.mod h1:MnFZ7IP2YqVyVwMWoRxPtgl/5hpA+eCCrQR/866cm5c= -sigs.k8s.io/kustomize/kyaml v0.16.0 h1:6J33uKSoATlKZH16unr2XOhDI+otoe2sR3M8PDzW3K0= -sigs.k8s.io/kustomize/kyaml v0.16.0/go.mod h1:xOK/7i+vmE14N2FdFyugIshB8eF6ALpy7jI87Q2nRh4= +sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= +sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= +sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= +sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= sigs.k8s.io/mdtoc v1.1.0 h1:q3YtqYzmC2e0hgLXRIOm7/QLuPux1CX3ZHCwlbABxZo= sigs.k8s.io/mdtoc v1.1.0/go.mod h1:QZLVEdHH2iNIR4uHAZyvFRtjloHgVItk8lo/mzCtq3w= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= From f7865db3cbb68809f3d0a0225c5330de64e0e4a0 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Wed, 2 Oct 2024 10:05:49 -0700 Subject: [PATCH 57/81] Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12085) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ec9533437a..42e7b9f13d 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 golang.org/x/crypto v0.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - google.golang.org/grpc v1.67.0 + google.golang.org/grpc v1.67.1 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 diff --git a/go.sum b/go.sum index 240b71f1fe..4d67e590d9 100644 --- a/go.sum +++ b/go.sum @@ -299,8 +299,8 @@ gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= -google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= -google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab h1:tg8hvIl5RmFBuXlcJMuL0h4Psh1gx5Q5xEMwzBZIzWA= google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab/go.mod h1:liVNnGuZDITxuksuZ+BBvdy7FcJfeNk+efF9qgqNUmc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From 7d11997c8b8f941795a11ff855f965c88d4d699e Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Wed, 2 Oct 2024 10:09:49 -0700 Subject: [PATCH 58/81] Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12087) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 42e7b9f13d..cc62bc7389 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 - github.com/prometheus/common v0.59.1 + github.com/prometheus/common v0.60.0 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 @@ -113,8 +113,8 @@ require ( go.starlark.net v0.0.0-20240123142251-f86470692795 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/mod v0.20.0 // indirect - golang.org/x/net v0.28.0 // indirect - golang.org/x/oauth2 v0.22.0 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.25.0 // indirect golang.org/x/term v0.24.0 // indirect diff --git a/go.sum b/go.sum index 4d67e590d9..a8475a7edd 100644 --- a/go.sum +++ b/go.sum @@ -184,8 +184,8 @@ github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zI github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= -github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= +github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA= +github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= @@ -250,10 +250,10 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= -golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= -golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From a49c586dc35720ebabbd8f11c07149b3a6b04cd1 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 2 Oct 2024 20:07:50 +0200 Subject: [PATCH 59/81] Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12089) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 ++++-- go.sum | 15 ++++++++------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index cc62bc7389..a76b9f570e 100644 --- a/go.mod +++ b/go.mod @@ -42,14 +42,16 @@ require ( k8s.io/klog/v2 v2.130.1 pault.ag/go/sniff v0.0.0-20200207005214-cf7e4d167732 sigs.k8s.io/controller-runtime v0.19.0 - sigs.k8s.io/mdtoc v1.1.0 + sigs.k8s.io/mdtoc v1.4.0 ) require ( + github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/klauspost/compress v1.17.9 // indirect github.com/x448/float16 v0.8.4 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + sigs.k8s.io/release-utils v0.8.3 // indirect ) require ( @@ -76,7 +78,7 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47 // indirect + github.com/gomarkdown/markdown v0.0.0-20240328165702-4d01890c35c0 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect diff --git a/go.sum b/go.sum index a8475a7edd..3390e4c13d 100644 --- a/go.sum +++ b/go.sum @@ -4,7 +4,6 @@ github.com/Anddd7/pb v0.0.0-20240425032658-369b0f6a404c h1:uhBf0CHXi7nCFZXxHV7l1 github.com/Anddd7/pb v0.0.0-20240425032658-369b0f6a404c/go.mod h1:vYWKbnXd2KAZHUECLPzSE0Er3FgiEmOdPtxwSIRihck= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/armon/go-proxyproto v0.1.0 h1:TWWcSsjco7o2itn6r25/5AqKBiWmsiuzsUDLT/MTl7k= @@ -15,6 +14,8 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ= +github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -74,9 +75,8 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7/go.mod h1:aii0r/K0ZnHv7G0KF7xy1v0A7s2Ljrb5byB7MO5p6TU= -github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47 h1:k4Tw0nt6lwro3Uin8eqoET7MDA4JnT8YgbCjc/g5E3k= -github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= +github.com/gomarkdown/markdown v0.0.0-20240328165702-4d01890c35c0 h1:4gjrh/PN2MuWCCElk8/I4OCKRKWCCo2zEct3VKCbibU= +github.com/gomarkdown/markdown v0.0.0-20240328165702-4d01890c35c0/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= @@ -232,7 +232,6 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -371,8 +370,10 @@ sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= -sigs.k8s.io/mdtoc v1.1.0 h1:q3YtqYzmC2e0hgLXRIOm7/QLuPux1CX3ZHCwlbABxZo= -sigs.k8s.io/mdtoc v1.1.0/go.mod h1:QZLVEdHH2iNIR4uHAZyvFRtjloHgVItk8lo/mzCtq3w= +sigs.k8s.io/mdtoc v1.4.0 h1:2pDEwJSjoVrGr5BPkG+LoLkYLKvgtGYurrBY8ul3SxQ= +sigs.k8s.io/mdtoc v1.4.0/go.mod h1:KVnRRtK1rX9aQ95qF0rt3x2ytTxf3r7W7N41H+0KF0k= +sigs.k8s.io/release-utils v0.8.3 h1:KtOtA4qDmzJyeQ2zkDsFVI25+NViwms/o5eL2NftFdA= +sigs.k8s.io/release-utils v0.8.3/go.mod h1:fp82Fma06OXBhEJ+GUJKqvcplDBomruK1R/1fWJnsrQ= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= From 91a3ef1ad69b5477e52468990fb94e6135e3e9de Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Fri, 4 Oct 2024 13:41:48 +0200 Subject: [PATCH 60/81] Go: Bump to v1.22.8. (#12094) --- GOLANG_VERSION | 2 +- go.mod | 2 +- go.work | 2 +- images/custom-error-pages/rootfs/go.mod | 2 +- images/ext-auth-example-authsvc/rootfs/go.mod | 2 +- images/kube-webhook-certgen/rootfs/go.mod | 2 +- images/opentelemetry/rootfs/Dockerfile | 2 +- images/opentelemetry/rootfs/go.mod | 2 +- magefiles/go.mod | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/GOLANG_VERSION b/GOLANG_VERSION index 87b26e8b1a..229a27c6f2 100644 --- a/GOLANG_VERSION +++ b/GOLANG_VERSION @@ -1 +1 @@ -1.22.7 +1.22.8 diff --git a/go.mod b/go.mod index a76b9f570e..74fe03207e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx -go 1.22.7 +go 1.22.8 require ( dario.cat/mergo v1.0.1 diff --git a/go.work b/go.work index f0095c7586..b98909b34f 100644 --- a/go.work +++ b/go.work @@ -1,4 +1,4 @@ -go 1.22.7 +go 1.22.8 use ( . diff --git a/images/custom-error-pages/rootfs/go.mod b/images/custom-error-pages/rootfs/go.mod index bd24d4e1c7..4cee1baf57 100644 --- a/images/custom-error-pages/rootfs/go.mod +++ b/images/custom-error-pages/rootfs/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/custom-error-pages -go 1.22.7 +go 1.22.8 require github.com/prometheus/client_golang v1.20.4 diff --git a/images/ext-auth-example-authsvc/rootfs/go.mod b/images/ext-auth-example-authsvc/rootfs/go.mod index 908da4b2ed..7e488b4844 100644 --- a/images/ext-auth-example-authsvc/rootfs/go.mod +++ b/images/ext-auth-example-authsvc/rootfs/go.mod @@ -1,6 +1,6 @@ module example.com/authsvc -go 1.22.7 +go 1.22.8 require k8s.io/apimachinery v0.31.1 diff --git a/images/kube-webhook-certgen/rootfs/go.mod b/images/kube-webhook-certgen/rootfs/go.mod index c9f1c827ca..5caee19a26 100644 --- a/images/kube-webhook-certgen/rootfs/go.mod +++ b/images/kube-webhook-certgen/rootfs/go.mod @@ -1,6 +1,6 @@ module github.com/jet/kube-webhook-certgen -go 1.22.7 +go 1.22.8 require ( github.com/onrik/logrus v0.11.0 diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 4b64b96a67..9da180f841 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -31,7 +31,7 @@ FROM base AS nginx ARG NGINX_VERSION=1.25.3 RUN bash /opt/third_party/build.sh -n ${NGINX_VERSION} -FROM golang:1.22.7-bullseye AS build-init +FROM golang:1.22.8-bullseye AS build-init WORKDIR /go/src/app COPY . . diff --git a/images/opentelemetry/rootfs/go.mod b/images/opentelemetry/rootfs/go.mod index 207d1d9147..be474cc0ba 100644 --- a/images/opentelemetry/rootfs/go.mod +++ b/images/opentelemetry/rootfs/go.mod @@ -1,3 +1,3 @@ module init-otel -go 1.22.7 +go 1.22.8 diff --git a/magefiles/go.mod b/magefiles/go.mod index 9135228234..8c58b526c9 100644 --- a/magefiles/go.mod +++ b/magefiles/go.mod @@ -1,6 +1,6 @@ module k8s.io/ingress-nginx/magefiles -go 1.22.7 +go 1.22.8 require ( github.com/blang/semver/v4 v4.0.0 From d640ceaadf624ba654af0871e7fbb781f0f1ffec Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Fri, 4 Oct 2024 04:43:52 -0700 Subject: [PATCH 61/81] Bump the actions group with 3 updates (#12097) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/images.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3314c059fe..8081fe4a05 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -147,7 +147,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 with: version: latest diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 93db7fbb7f..4ef7e90854 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -28,6 +28,6 @@ jobs: check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: version: v1.56 diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 2ec6d8471d..813dfc9187 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -197,7 +197,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 with: version: latest platforms: ${{ env.PLATFORMS }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 4038f1158b..9eaf091eed 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index adf8a593f7..0cd02552de 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From 6cc603a63a96af63297341704919a0c6a7951b51 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Fri, 4 Oct 2024 04:51:35 -0700 Subject: [PATCH 62/81] Docs: Add a multi-tenant warning. (#12099) Co-authored-by: James Strong --- README.md | 2 ++ docs/deploy/hardening-guide.md | 2 ++ docs/faq.md | 10 ++++++++++ 3 files changed, 14 insertions(+) diff --git a/README.md b/README.md index 6f86a0de02..c7a4d0d915 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,8 @@ balancer. See the [Getting Started](https://kubernetes.github.io/ingress-nginx/deploy/) document. +Do not use in multi-tenant Kubernetes production installations. This project assumes that users that can create Ingress objects are administrators of the cluster. See the [FAQ](https://kubernetes.github.io/ingress-nginx/faq/#faq) for more. + ## Troubleshooting If you encounter issues, review the [troubleshooting docs](docs/troubleshooting.md), diff --git a/docs/deploy/hardening-guide.md b/docs/deploy/hardening-guide.md index cfbdb14662..2726b1a071 100644 --- a/docs/deploy/hardening-guide.md +++ b/docs/deploy/hardening-guide.md @@ -1,6 +1,8 @@ # Hardening Guide +Do not use in multi-tenant Kubernetes production installations. This project assumes that users that can create Ingress objects are administrators of the cluster. + ## Overview There are several ways to do hardening and securing of nginx. In this documentation two guides are used, the guides are overlapping in some points: diff --git a/docs/faq.md b/docs/faq.md index 020474d5c7..97d3325cae 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -1,6 +1,16 @@ # FAQ +## Multi-tenant Kubernetes + +Do not use in multi-tenant Kubernetes production installations. This project assumes that users that can create Ingress objects are administrators of the cluster. + +For example, the Ingress NGINX control plane has global and per Ingress configuration options that make it insecure, if enabled, in a multi-tenant environment. + +For example, enabling snippets, a global configuration, allows any Ingress object to run arbitrary Lua code that could affect the security of all Ingress objects that a controller is running. + +We changed the default to allow snippets to `false` in https://github.com/kubernetes/ingress-nginx/pull/10393. + ## Multiple controller in one cluster Question - How can I easily install multiple instances of the ingress-nginx controller in the same cluster? From a506cb48775fd9da52ed5cada60df5c5bbbd9529 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Fri, 4 Oct 2024 04:59:05 -0700 Subject: [PATCH 63/81] Images: Trigger `test-runner` build. (#12102) Co-authored-by: Marco Ebert --- images/test-runner/TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/test-runner/TAG b/images/test-runner/TAG index 0ec25f7505..795460fcec 100644 --- a/images/test-runner/TAG +++ b/images/test-runner/TAG @@ -1 +1 @@ -v1.0.0 +v1.1.0 From 52a71c17368dbc3d3f85f3840baea3a86c2b6ad8 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Fri, 4 Oct 2024 11:46:28 -0700 Subject: [PATCH 64/81] Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12105) Co-authored-by: Marco Ebert --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- test/e2e/run-chart-test.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 915c29d7af..095e09b91e 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -44,7 +44,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20241004-114a6abb@sha256:1389ec0589abbf5c431c9290c4c307437c8396995c63dda5eac26abd70963dc8} if [[ "$RUNTIME" == podman ]]; then # Podman does not support both tag and digest diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 8e3040177f..e3b0d609f3 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785" +E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20241004-114a6abb@sha256:1389ec0589abbf5c431c9290c4c307437c8396995c63dda5eac26abd70963dc8" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index b6748f129d..587dbe98b9 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -114,5 +114,5 @@ docker run \ --workdir /workdir \ --entrypoint ct \ --rm \ - registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785 \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20241004-114a6abb@sha256:1389ec0589abbf5c431c9290c4c307437c8396995c63dda5eac26abd70963dc8 \ install --charts charts/ingress-nginx From 1e724286363fc80f9ec05eb78841aa87154af4e0 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sat, 5 Oct 2024 00:36:03 -0700 Subject: [PATCH 65/81] Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12109) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 74fe03207e..3f0637f034 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.9.0 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30 - golang.org/x/crypto v0.27.0 + golang.org/x/crypto v0.28.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 google.golang.org/grpc v1.67.1 google.golang.org/grpc/examples v0.0.0-20240223204917-5ccf176a08ab @@ -118,9 +118,9 @@ require ( golang.org/x/net v0.29.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.25.0 // indirect - golang.org/x/term v0.24.0 // indirect - golang.org/x/text v0.18.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.24.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect diff --git a/go.sum b/go.sum index 3390e4c13d..470599f774 100644 --- a/go.sum +++ b/go.sum @@ -235,8 +235,8 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -273,14 +273,14 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= -golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From ba90c4ff75d1926413a7a606bdd751e12883dd7b Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sat, 5 Oct 2024 15:09:32 -0700 Subject: [PATCH 66/81] Images: Trigger other builds. (#12112) Co-authored-by: Marco Ebert --- cloudbuild.yaml | 1 - images/cfssl/TAG | 2 +- images/custom-error-pages/TAG | 2 +- images/custom-error-pages/cloudbuild.yaml | 1 - images/fastcgi-helloserver/TAG | 2 +- images/fastcgi-helloserver/cloudbuild.yaml | 1 - images/httpbun/TAG | 2 +- images/httpbun/cloudbuild.yaml | 1 - images/kube-webhook-certgen/TAG | 2 +- images/kube-webhook-certgen/cloudbuild.yaml | 1 - images/test-runner/cloudbuild.yaml | 1 - 11 files changed, 5 insertions(+), 11 deletions(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 4948387205..96e8990eb1 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -12,4 +12,3 @@ steps: args: - -c - gcloud auth configure-docker && make release -timeout: 1800s diff --git a/images/cfssl/TAG b/images/cfssl/TAG index 0ec25f7505..b18d46540b 100644 --- a/images/cfssl/TAG +++ b/images/cfssl/TAG @@ -1 +1 @@ -v1.0.0 +v1.0.1 diff --git a/images/custom-error-pages/TAG b/images/custom-error-pages/TAG index b18d46540b..570c796513 100644 --- a/images/custom-error-pages/TAG +++ b/images/custom-error-pages/TAG @@ -1 +1 @@ -v1.0.1 +v1.0.2 diff --git a/images/custom-error-pages/cloudbuild.yaml b/images/custom-error-pages/cloudbuild.yaml index 772a7697f7..a8bd4c815d 100644 --- a/images/custom-error-pages/cloudbuild.yaml +++ b/images/custom-error-pages/cloudbuild.yaml @@ -9,4 +9,3 @@ steps: args: - -c - gcloud auth configure-docker && cd images && make NAME=custom-error-pages push -timeout: 3600s diff --git a/images/fastcgi-helloserver/TAG b/images/fastcgi-helloserver/TAG index b18d46540b..570c796513 100644 --- a/images/fastcgi-helloserver/TAG +++ b/images/fastcgi-helloserver/TAG @@ -1 +1 @@ -v1.0.1 +v1.0.2 diff --git a/images/fastcgi-helloserver/cloudbuild.yaml b/images/fastcgi-helloserver/cloudbuild.yaml index 5fb3e33180..cfa07b4d72 100644 --- a/images/fastcgi-helloserver/cloudbuild.yaml +++ b/images/fastcgi-helloserver/cloudbuild.yaml @@ -9,4 +9,3 @@ steps: args: - -c - gcloud auth configure-docker && cd images && make NAME=fastcgi-helloserver push -timeout: 3600s diff --git a/images/httpbun/TAG b/images/httpbun/TAG index b18d46540b..570c796513 100644 --- a/images/httpbun/TAG +++ b/images/httpbun/TAG @@ -1 +1 @@ -v1.0.1 +v1.0.2 diff --git a/images/httpbun/cloudbuild.yaml b/images/httpbun/cloudbuild.yaml index 3d26625314..7a3f6c8d0a 100644 --- a/images/httpbun/cloudbuild.yaml +++ b/images/httpbun/cloudbuild.yaml @@ -9,4 +9,3 @@ steps: args: - -c - gcloud auth configure-docker && cd images && make NAME=httpbun push -timeout: 3600s diff --git a/images/kube-webhook-certgen/TAG b/images/kube-webhook-certgen/TAG index 92f76b4232..61919cdd8e 100644 --- a/images/kube-webhook-certgen/TAG +++ b/images/kube-webhook-certgen/TAG @@ -1 +1 @@ -v1.4.3 +v1.4.4 diff --git a/images/kube-webhook-certgen/cloudbuild.yaml b/images/kube-webhook-certgen/cloudbuild.yaml index 8bf139423c..e9a5dd5cc3 100644 --- a/images/kube-webhook-certgen/cloudbuild.yaml +++ b/images/kube-webhook-certgen/cloudbuild.yaml @@ -9,4 +9,3 @@ steps: args: - -c - gcloud auth configure-docker && cd images && make NAME=kube-webhook-certgen push -timeout: 1800s diff --git a/images/test-runner/cloudbuild.yaml b/images/test-runner/cloudbuild.yaml index 6efe5eeaf5..8788212894 100644 --- a/images/test-runner/cloudbuild.yaml +++ b/images/test-runner/cloudbuild.yaml @@ -9,4 +9,3 @@ steps: args: - -c - gcloud auth configure-docker && cd images/test-runner && make push -timeout: 1800s From 2ddb730ad087cac64ef2455407f8b2cc25968ed3 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Sun, 6 Oct 2024 00:55:19 +0200 Subject: [PATCH 67/81] Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12117) --- cloudbuild.yaml | 2 +- images/cfssl/cloudbuild.yaml | 2 +- images/custom-error-pages/cloudbuild.yaml | 2 +- images/e2e-test-echo/cloudbuild.yaml | 2 +- images/fastcgi-helloserver/cloudbuild.yaml | 2 +- images/httpbun/cloudbuild.yaml | 2 +- images/kube-webhook-certgen/cloudbuild.yaml | 2 +- images/nginx/cloudbuild.yaml | 2 +- images/opentelemetry/cloudbuild.yaml | 3 +-- images/test-runner/cloudbuild.yaml | 2 +- 10 files changed, 10 insertions(+), 11 deletions(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 96e8990eb1..0948b1f054 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -2,7 +2,7 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx - REPO_INFO=https://github.com/kubernetes/ingress-nginx diff --git a/images/cfssl/cloudbuild.yaml b/images/cfssl/cloudbuild.yaml index 6b5b0fc1b3..a17f861961 100644 --- a/images/cfssl/cloudbuild.yaml +++ b/images/cfssl/cloudbuild.yaml @@ -2,7 +2,7 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx entrypoint: bash diff --git a/images/custom-error-pages/cloudbuild.yaml b/images/custom-error-pages/cloudbuild.yaml index a8bd4c815d..99a8d78b64 100644 --- a/images/custom-error-pages/cloudbuild.yaml +++ b/images/custom-error-pages/cloudbuild.yaml @@ -2,7 +2,7 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx entrypoint: bash diff --git a/images/e2e-test-echo/cloudbuild.yaml b/images/e2e-test-echo/cloudbuild.yaml index dc6e1dcf02..1d525e413e 100644 --- a/images/e2e-test-echo/cloudbuild.yaml +++ b/images/e2e-test-echo/cloudbuild.yaml @@ -2,7 +2,7 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx entrypoint: bash diff --git a/images/fastcgi-helloserver/cloudbuild.yaml b/images/fastcgi-helloserver/cloudbuild.yaml index cfa07b4d72..7eb0476122 100644 --- a/images/fastcgi-helloserver/cloudbuild.yaml +++ b/images/fastcgi-helloserver/cloudbuild.yaml @@ -2,7 +2,7 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx entrypoint: bash diff --git a/images/httpbun/cloudbuild.yaml b/images/httpbun/cloudbuild.yaml index 7a3f6c8d0a..4df9d090cb 100644 --- a/images/httpbun/cloudbuild.yaml +++ b/images/httpbun/cloudbuild.yaml @@ -2,7 +2,7 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx entrypoint: bash diff --git a/images/kube-webhook-certgen/cloudbuild.yaml b/images/kube-webhook-certgen/cloudbuild.yaml index e9a5dd5cc3..74f4a04a17 100644 --- a/images/kube-webhook-certgen/cloudbuild.yaml +++ b/images/kube-webhook-certgen/cloudbuild.yaml @@ -2,7 +2,7 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx entrypoint: bash diff --git a/images/nginx/cloudbuild.yaml b/images/nginx/cloudbuild.yaml index a5ec1abd8c..c53259ad17 100644 --- a/images/nginx/cloudbuild.yaml +++ b/images/nginx/cloudbuild.yaml @@ -4,7 +4,7 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx entrypoint: bash diff --git a/images/opentelemetry/cloudbuild.yaml b/images/opentelemetry/cloudbuild.yaml index df86d37e7f..e530071ceb 100644 --- a/images/opentelemetry/cloudbuild.yaml +++ b/images/opentelemetry/cloudbuild.yaml @@ -4,11 +4,10 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx entrypoint: bash args: - -c - gcloud auth configure-docker && cd images/opentelemetry && make NGINX_VERSION=1.21.6 push && make NGINX_VERSION=1.25.3 push -timeout: 1800s diff --git a/images/test-runner/cloudbuild.yaml b/images/test-runner/cloudbuild.yaml index 8788212894..b9df15a5e4 100644 --- a/images/test-runner/cloudbuild.yaml +++ b/images/test-runner/cloudbuild.yaml @@ -2,7 +2,7 @@ options: # Ignore Prow provided substitutions. substitution_option: ALLOW_LOOSE steps: - - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9 + - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240718-5ef92b5c36 env: - REGISTRY=gcr.io/k8s-staging-ingress-nginx entrypoint: bash From c5c1be168adfc7081c8eccafeae1f9c1c15153d1 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sun, 6 Oct 2024 01:02:05 -0700 Subject: [PATCH 68/81] Tests & Docs: Bump images. (#12121) Co-authored-by: Marco Ebert --- .../custom-errors/custom-default-backend.helm.values.yaml | 2 +- .../customization/custom-errors/custom-default-backend.yaml | 2 +- test/e2e/HTTPBUN_IMAGE | 2 +- test/e2e/framework/fastcgi_helloserver.go | 2 +- test/e2e/settings/ocsp/ocsp.go | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml index e6c3e21696..fb07ac9fe9 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.helm.values.yaml @@ -6,7 +6,7 @@ defaultBackend: image: registry: registry.k8s.io image: ingress-nginx/custom-error-pages - tag: v1.0.1@sha256:d8ab7de384cf41bdaa696354e19f1d0efbb0c9ac69f8682ffc0cc008a252eb76 + tag: v1.0.2@sha256:b2259cf6bfda813548a64bded551b1854cb600c4f095738b49b4c5cdf8ab9d21 extraVolumes: - name: custom-error-pages configMap: diff --git a/docs/examples/customization/custom-errors/custom-default-backend.yaml b/docs/examples/customization/custom-errors/custom-default-backend.yaml index a47805ad7a..805cf90ab6 100644 --- a/docs/examples/customization/custom-errors/custom-default-backend.yaml +++ b/docs/examples/customization/custom-errors/custom-default-backend.yaml @@ -36,7 +36,7 @@ spec: spec: containers: - name: nginx-error-server - image: registry.k8s.io/ingress-nginx/custom-error-pages:v1.0.1@sha256:d8ab7de384cf41bdaa696354e19f1d0efbb0c9ac69f8682ffc0cc008a252eb76 + image: registry.k8s.io/ingress-nginx/custom-error-pages:v1.0.2@sha256:b2259cf6bfda813548a64bded551b1854cb600c4f095738b49b4c5cdf8ab9d21 ports: - containerPort: 8080 # Setting the environment variable DEBUG we can see the headers sent diff --git a/test/e2e/HTTPBUN_IMAGE b/test/e2e/HTTPBUN_IMAGE index 7deb1e1cbd..7ea3fdc700 100644 --- a/test/e2e/HTTPBUN_IMAGE +++ b/test/e2e/HTTPBUN_IMAGE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/httpbun:v1.0.1@sha256:264371edd5b19ddc2da9333bb4d87c0ce3c0cf37c73c4adeb8bc641b872bc9da +registry.k8s.io/ingress-nginx/httpbun:v1.0.2@sha256:d4079f3027dba27e2a1d7fcfb3144d6dd9e15307fb7fa80ca649232d08e90d16 diff --git a/test/e2e/framework/fastcgi_helloserver.go b/test/e2e/framework/fastcgi_helloserver.go index 60482c0672..804bb78985 100644 --- a/test/e2e/framework/fastcgi_helloserver.go +++ b/test/e2e/framework/fastcgi_helloserver.go @@ -59,7 +59,7 @@ func (f *Framework) NewNewFastCGIHelloServerDeploymentWithReplicas(replicas int3 Containers: []corev1.Container{ { Name: "fastcgi-helloserver", - Image: "registry.k8s.io/ingress-nginx/fastcgi-helloserver:v1.0.1@sha256:bfcce5866d106450f41af15af868886c953c3661373f34aa6d99bcc6f44c6ba6", + Image: "registry.k8s.io/ingress-nginx/fastcgi-helloserver:v1.0.2@sha256:dc400fc69d7e0b27dcfe86be29946e19c2a853391305e2790f387267c2e6473e", Env: []corev1.EnvVar{}, Ports: []corev1.ContainerPort{ { diff --git a/test/e2e/settings/ocsp/ocsp.go b/test/e2e/settings/ocsp/ocsp.go index ef3bfb58ae..51ab4d5b98 100644 --- a/test/e2e/settings/ocsp/ocsp.go +++ b/test/e2e/settings/ocsp/ocsp.go @@ -295,7 +295,7 @@ func ocspserveDeployment(namespace string) (*appsv1.Deployment, *corev1.Service) Containers: []corev1.Container{ { Name: name, - Image: "registry.k8s.io/ingress-nginx/cfssl:v1.0.0@sha256:fffd36e2f1c8fd485ec6fd24c6d55f0817b54352274293d2a247b8a0d924c5b0", + Image: "registry.k8s.io/ingress-nginx/cfssl:v1.0.1@sha256:12425bab3f5e41ed20b850fd1e3737a48474f9ad48363efb116243a853db754a", Command: []string{ "/bin/bash", "-c", From f2aeb08873e72bfecd3a69f6e0cec07feb235543 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Sun, 6 Oct 2024 16:20:55 +0200 Subject: [PATCH 69/81] Chart: Bump Kube Webhook CertGen. (#12123) --- charts/ingress-nginx/README.md | 4 ++-- charts/ingress-nginx/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 32f345decf..f082d923fc 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -253,11 +253,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.3"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.4"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index d514a6321b..b813206fea 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -804,8 +804,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.4.3 - digest: sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + tag: v1.4.4 + digest: sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## From 95c43a368422166a748ee0ad6df0f16eb944a5fe Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sun, 6 Oct 2024 07:55:22 -0700 Subject: [PATCH 70/81] Images: Build `s390x` controller. (#12127) Co-authored-by: Marco Ebert --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 1c35c12b23..033577e144 100644 --- a/Makefile +++ b/Makefile @@ -240,8 +240,8 @@ ensure-buildx: show-version: echo -n $(TAG) -PLATFORMS ?= amd64 arm arm64 -BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64 +PLATFORMS ?= amd64 arm arm64 s390x +BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64,linux/s390x .PHONY: release # Build a multi-arch docker image release: ensure-buildx clean From 9aaafd038146d610df1e750ee264b5d5d8037d23 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 7 Oct 2024 06:34:21 -0700 Subject: [PATCH 71/81] Images: Drop `s390x`. (#12138) Co-authored-by: Marco Ebert --- .github/workflows/images.yaml | 2 +- Makefile | 4 ++-- hack/init-buildx.sh | 5 ++--- images/Makefile | 2 +- images/nginx/Makefile | 2 +- 5 files changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 813dfc9187..ce643e4b7d 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -189,7 +189,7 @@ jobs: if: | (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx == 'true') env: - PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x + PLATFORMS: linux/amd64,linux/arm,linux/arm64 steps: - name: Checkout uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 diff --git a/Makefile b/Makefile index 033577e144..1c35c12b23 100644 --- a/Makefile +++ b/Makefile @@ -240,8 +240,8 @@ ensure-buildx: show-version: echo -n $(TAG) -PLATFORMS ?= amd64 arm arm64 s390x -BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64,linux/s390x +PLATFORMS ?= amd64 arm arm64 +BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64 .PHONY: release # Build a multi-arch docker image release: ensure-buildx clean diff --git a/hack/init-buildx.sh b/hack/init-buildx.sh index 1a47bf145e..bac68e1ae1 100755 --- a/hack/init-buildx.sh +++ b/hack/init-buildx.sh @@ -42,12 +42,11 @@ fi # We can skip setup if the current builder already has multi-arch # AND if it isn't the docker driver, which doesn't work current_builder="$(docker buildx inspect)" -# linux/amd64, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6 +# linux/amd64, linux/arm, linux/arm64 if ! grep -q "^Driver: docker$" <<<"${current_builder}" && \ grep -q "linux/amd64" <<<"${current_builder}" && \ grep -q "linux/arm" <<<"${current_builder}" && \ - grep -q "linux/arm64" <<<"${current_builder}" && \ - grep -q "linux/s390x" <<<"${current_builder}"; then + grep -q "linux/arm64" <<<"${current_builder}"; then exit 0 fi diff --git a/images/Makefile b/images/Makefile index 990d772310..31560168d3 100644 --- a/images/Makefile +++ b/images/Makefile @@ -41,7 +41,7 @@ EXTRAARGS ?= $(shell cat $(NAME)/EXTRAARGS) export DOCKER_CLI_EXPERIMENTAL=enabled # build with buildx -PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x +PLATFORMS?=linux/amd64,linux/arm,linux/arm64 OUTPUT= PROGRESS=plain diff --git a/images/nginx/Makefile b/images/nginx/Makefile index 103ba217f9..3ed502759a 100644 --- a/images/nginx/Makefile +++ b/images/nginx/Makefile @@ -32,7 +32,7 @@ IMAGE = $(REGISTRY)/nginx export DOCKER_CLI_EXPERIMENTAL=enabled # build with buildx -PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x +PLATFORMS?=linux/amd64,linux/arm,linux/arm64 OUTPUT= PROGRESS=plain build: ensure-buildx From 89c097d1d1d57edce395d18beeff3f04e408c4eb Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 7 Oct 2024 06:52:22 -0700 Subject: [PATCH 72/81] Images: Trigger `e2e-test-echo` build. (#12141) Co-authored-by: Marco Ebert --- images/e2e-test-echo/TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/e2e-test-echo/TAG b/images/e2e-test-echo/TAG index 0ec25f7505..b18d46540b 100644 --- a/images/e2e-test-echo/TAG +++ b/images/e2e-test-echo/TAG @@ -1 +1 @@ -v1.0.0 +v1.0.1 From 0a0a0e55025125f82f221e8700664afb8f89d3f3 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Mon, 7 Oct 2024 13:42:22 -0700 Subject: [PATCH 73/81] Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12145) Co-authored-by: Marco Ebert --- docs/examples/canary/README.md | 4 ++-- .../customization/external-auth-headers/echo-service.yaml | 2 +- test/e2e/framework/deployment.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/examples/canary/README.md b/docs/examples/canary/README.md index 4124faf6fc..865325b731 100644 --- a/docs/examples/canary/README.md +++ b/docs/examples/canary/README.md @@ -31,7 +31,7 @@ spec: spec: containers: - name: production - image: registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:6fc5aa2994c86575975bb20a5203651207029a0d28e3f491d8a127d08baadab4 + image: registry.k8s.io/ingress-nginx/e2e-test-echo:v1.0.1@sha256:1cec65aa768720290d05d65ab1c297ca46b39930e56bc9488259f9114fcd30e2 ports: - containerPort: 80 env: @@ -97,7 +97,7 @@ spec: spec: containers: - name: canary - image: registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:6fc5aa2994c86575975bb20a5203651207029a0d28e3f491d8a127d08baadab4 + image: registry.k8s.io/ingress-nginx/e2e-test-echo:v1.0.1@sha256:1cec65aa768720290d05d65ab1c297ca46b39930e56bc9488259f9114fcd30e2 ports: - containerPort: 80 env: diff --git a/docs/examples/customization/external-auth-headers/echo-service.yaml b/docs/examples/customization/external-auth-headers/echo-service.yaml index fc4461cd82..9f597a7f51 100644 --- a/docs/examples/customization/external-auth-headers/echo-service.yaml +++ b/docs/examples/customization/external-auth-headers/echo-service.yaml @@ -18,7 +18,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: echo-service - image: registry.k8s.io/ingress-nginx/e2e-test-echo:v20230527@sha256:6fc5aa2994c86575975bb20a5203651207029a0d28e3f491d8a127d08baadab4 + image: registry.k8s.io/ingress-nginx/e2e-test-echo:v1.0.1@sha256:1cec65aa768720290d05d65ab1c297ca46b39930e56bc9488259f9114fcd30e2 ports: - containerPort: 8080 resources: diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index 9eaf425653..d6e59f18a9 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -47,7 +47,7 @@ const NIPService = "external-nip" var HTTPBunImage = os.Getenv("HTTPBUN_IMAGE") // EchoImage is the default image to be used by the echo service -const EchoImage = "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:4938d1d91a2b7d19454460a8c1b010b89f6ff92d2987fd889ac3e8fc3b70d91a" //#nosec G101 +const EchoImage = "registry.k8s.io/ingress-nginx/e2e-test-echo:v1.0.1@sha256:1cec65aa768720290d05d65ab1c297ca46b39930e56bc9488259f9114fcd30e2" //#nosec G101 // TODO: change all Deployment functions to use these options // in order to reduce complexity and have a unified API across the From 9849c92b9101f883d2b83762c3bb0eb40d797d97 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Mon, 7 Oct 2024 23:06:22 +0200 Subject: [PATCH 74/81] Bump the actions group with 3 updates (#12149) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/chart.yaml | 2 +- .github/workflows/ci.yaml | 14 +++++++------- .github/workflows/depreview.yaml | 2 +- .github/workflows/docs.yaml | 4 ++-- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/images.yaml | 6 +++--- .github/workflows/perftest.yaml | 2 +- .github/workflows/plugin.yaml | 2 +- .github/workflows/scorecards.yml | 6 +++--- .github/workflows/vulnerability-scans.yaml | 6 +++--- .github/workflows/zz-tmpl-images.yaml | 6 +++--- .github/workflows/zz-tmpl-k8s-e2e.yaml | 4 ++-- 12 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml index a546801a0d..63fc18b0ce 100644 --- a/.github/workflows/chart.yaml +++ b/.github/workflows/chart.yaml @@ -45,7 +45,7 @@ jobs: git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com" - name: Checkout code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8081fe4a05..e3d46913af 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -79,7 +79,7 @@ jobs: (needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV @@ -103,7 +103,7 @@ jobs: (needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - name: Set up Go @@ -128,7 +128,7 @@ jobs: PLATFORMS: linux/amd64 steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Get go version id: golangversion @@ -186,7 +186,7 @@ jobs: | gzip > docker.tar.gz - name: cache - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 with: name: docker.tar.gz path: docker.tar.gz @@ -225,7 +225,7 @@ jobs: run: helm plugin install https://github.com/helm-unittest/helm-unittest - name: Checkout code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 @@ -258,7 +258,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Download cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 857411f798..32b98c2b21 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: 'Dependency Review' uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 479c139aa4..0d0b20a5a8 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Deploy uses: ./.github/actions/mkdocs diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 4ef7e90854..c71f090afd 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index ce643e4b7d..ca8df462a6 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -40,7 +40,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -141,7 +141,7 @@ jobs: k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV @@ -192,7 +192,7 @@ jobs: PLATFORMS: linux/amd64,linux/arm,linux/arm64 steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index eb086538e5..044c3a2602 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install K6 run: | diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 0ae13a2df4..627a0a0b98 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 9eaf091eed..f927443dfd 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,7 +27,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: persist-credentials: false @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 with: name: SARIF file path: results.sarif @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 0cd02552de..1532ad2de1 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 @@ -52,7 +52,7 @@ jobs: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - name: Checkout code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - shell: bash id: test @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml index 2efc039d61..efadb8f890 100644 --- a/.github/workflows/zz-tmpl-images.yaml +++ b/.github/workflows/zz-tmpl-images.yaml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Build run: | @@ -67,7 +67,7 @@ jobs: PLATFORMS: ${{ inputs.platforms-publish }} steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml index 8d94e37fec..85fd95da15 100644 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -50,7 +50,7 @@ jobs: make kind-e2e-test - name: Upload e2e junit-reports ${{ inputs.variation }} - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 if: success() || failure() with: name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} From 0106de65cfccb74405a6dfa7d9daffc6f0a6ef1a Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Tue, 8 Oct 2024 07:26:22 +0200 Subject: [PATCH 75/81] Images: Trigger controller build. (#12134) --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 07fb54b5d6..3d461ead64 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.11.2 +v1.11.3 From f6456ea86c6c330e7cf401ade70ce1faa757265b Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Tue, 8 Oct 2024 23:08:23 +0200 Subject: [PATCH 76/81] Release controller v1.11.3 & chart v4.11.3. (#12156) --- README.md | 1 + changelog/controller-1.11.3.md | 91 +++++++++++++++++++ charts/ingress-nginx/Chart.yaml | 6 +- charts/ingress-nginx/README.md | 8 +- .../changelog/helm-chart-4.11.3.md | 9 ++ charts/ingress-nginx/values.yaml | 6 +- deploy/static/provider/aws/deploy.yaml | 49 +++++----- .../aws/nlb-with-tls-termination/deploy.yaml | 49 +++++----- deploy/static/provider/baremetal/deploy.yaml | 49 +++++----- deploy/static/provider/cloud/deploy.yaml | 49 +++++----- deploy/static/provider/do/deploy.yaml | 49 +++++----- deploy/static/provider/exoscale/deploy.yaml | 49 +++++----- deploy/static/provider/kind/deploy.yaml | 49 +++++----- deploy/static/provider/oracle/deploy.yaml | 49 +++++----- deploy/static/provider/scw/deploy.yaml | 49 +++++----- docs/deploy/index.md | 20 ++-- 16 files changed, 346 insertions(+), 236 deletions(-) create mode 100644 changelog/controller-1.11.3.md create mode 100644 charts/ingress-nginx/changelog/helm-chart-4.11.3.md diff --git a/README.md b/README.md index c7a4d0d915..e49c3c8317 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but | Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version | | :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ | +| 🔄 | **v1.11.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.11.3 | | 🔄 | **v1.11.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.2 | | 🔄 | **v1.11.1** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.1 | | 🔄 | **v1.11.0** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.0 | diff --git a/changelog/controller-1.11.3.md b/changelog/controller-1.11.3.md new file mode 100644 index 0000000000..f5c3730151 --- /dev/null +++ b/changelog/controller-1.11.3.md @@ -0,0 +1,91 @@ +# Changelog + +### controller-v1.11.3 + +Images: + +* registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 +* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.3@sha256:22701f0fc0f2dd209ef782f4e281bfe2d8cccd50ededa00aec88e0cdbe7edd14 + +### All changes: + +* Images: Trigger controller build. (#12134) +* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12145) +* Images: Trigger `e2e-test-echo` build. (#12141) +* Images: Drop `s390x`. (#12138) +* Images: Build `s390x` controller. (#12127) +* Chart: Bump Kube Webhook CertGen. (#12123) +* Tests & Docs: Bump images. (#12121) +* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12117) +* Images: Trigger other builds. (#12112) +* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12105) +* Images: Trigger `test-runner` build. (#12102) +* Docs: Add a multi-tenant warning. (#12099) +* Go: Bump to v1.22.8. (#12094) +* Images: Bump `NGINX_BASE` to v0.1.0. (#12080) +* Images: Trigger NGINX build. (#12076) +* Images: Remove NGINX v1.21. (#12058) +* GitHub: Improve Dependabot. (#12038) +* Chart: Improve CI. (#12030) +* Chart: Extend image tests. (#12027) +* Docs: Add health check annotations for AWS. (#12020) +* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12006) +* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12002) +* Chart: Align default backend `PodDisruptionBudget`. (#11999) +* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11986) +* Chart: Improve default backend service account. (#11974) +* Go: Bump to v1.22.7. (#11970) +* Images: Bump OpenTelemetry C++ Contrib. (#11951) +* Docs: Add note about `--watch-namespace`. (#11949) +* Images: Use latest Alpine 3.20 everywhere. (#11946) +* Fix minor typos (#11941) +* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11934) +* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11921) +* Images: Trigger `test-runner` build. (#11917) +* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11889) +* Annotations: Allow commas in URLs. (#11887) +* CI: Grant checks write permissions to E2E Test Report. (#11885) +* Chart: Use generic values for `ConfigMap` test. (#11879) +* Update maxmind post link about geolite2 license changes (#11881) +* Go: Sync `go.work.sum`. (#11875) +* Replace deprecated queue method (#11859) +* Auto-generate annotation docs (#11831) + +### Dependency updates: + +* Bump the actions group with 3 updates (#12149) +* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12109) +* Bump the actions group with 3 updates (#12097) +* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12089) +* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12087) +* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12085) +* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12083) +* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12055) +* Bump the go group across 1 directory with 3 updates (#12053) +* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12049) +* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12047) +* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12046) +* Bump the all group with 2 updates (#12036) +* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12016) +* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12014) +* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12012) +* Bump the all group with 2 updates (#11981) +* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11980) +* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11961) +* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11958) +* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11957) +* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11930) +* Bump the all group with 2 updates (#11925) +* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11913) +* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11910) +* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11909) +* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11908) +* Bump the all group with 2 updates (#11871) +* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11868) +* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11840) +* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11839) +* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11837) +* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11836) +* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11834) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.2...controller-v1.11.3 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index fd7b81030d..1f0128493d 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,9 +1,9 @@ annotations: artifacthub.io/changes: | - - Update Ingress-Nginx version controller-v1.11.2 + - Update Ingress-Nginx version controller-v1.11.3 artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 1.11.2 +appVersion: 1.11.3 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer home: https://github.com/kubernetes/ingress-nginx @@ -22,4 +22,4 @@ maintainers: name: ingress-nginx sources: - https://github.com/kubernetes/ingress-nginx -version: 4.11.2 +version: 4.11.3 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index f082d923fc..f70bd0ae68 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.11.2](https://img.shields.io/badge/Version-4.11.2-informational?style=flat-square) ![AppVersion: 1.11.2](https://img.shields.io/badge/AppVersion-1.11.2-informational?style=flat-square) +![Version: 4.11.3](https://img.shields.io/badge/Version-4.11.3-informational?style=flat-square) ![AppVersion: 1.11.3](https://img.shields.io/badge/AppVersion-1.11.3-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -325,8 +325,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `false` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce"` | | -| controller.image.digestChroot | string | `"sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8"` | | +| controller.image.digest | string | `"sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7"` | | +| controller.image.digestChroot | string | `"sha256:22701f0fc0f2dd209ef782f4e281bfe2d8cccd50ededa00aec88e0cdbe7edd14"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.readOnlyRootFilesystem | bool | `false` | | @@ -334,7 +334,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.image.runAsNonRoot | bool | `true` | | | controller.image.runAsUser | int | `101` | | | controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | -| controller.image.tag | string | `"v1.11.2"` | | +| controller.image.tag | string | `"v1.11.3"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. | diff --git a/charts/ingress-nginx/changelog/helm-chart-4.11.3.md b/charts/ingress-nginx/changelog/helm-chart-4.11.3.md new file mode 100644 index 0000000000..18ec6ba82c --- /dev/null +++ b/charts/ingress-nginx/changelog/helm-chart-4.11.3.md @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.11.3 + +* Update Ingress-Nginx version controller-v1.11.3 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.2...helm-chart-4.11.3 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index b813206fea..f42a6821dc 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -26,9 +26,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.11.2" - digest: sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce - digestChroot: sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8 + tag: "v1.11.3" + digest: sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 + digestChroot: sha256:22701f0fc0f2dd209ef782f4e281bfe2d8cccd50ededa00aec88e0cdbe7edd14 pullPolicy: IfNotPresent runAsNonRoot: true # www-data -> uid 101 diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index fb4a91472d..5081e5131d 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -345,7 +345,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -378,7 +378,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -401,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 spec: containers: - args: @@ -448,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -524,7 +524,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -535,7 +535,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create spec: containers: @@ -549,7 +549,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: create securityContext: @@ -575,7 +575,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -586,7 +586,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch spec: containers: @@ -602,7 +602,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -628,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -641,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -651,6 +651,7 @@ webhooks: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses + port: 443 failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 4fff060c1f..e8b8e55f4c 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -336,7 +336,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -354,7 +354,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -432,7 +432,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 spec: containers: - args: @@ -457,7 +457,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -536,7 +536,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -547,7 +547,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create spec: containers: @@ -561,7 +561,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: create securityContext: @@ -587,7 +587,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -598,7 +598,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch spec: containers: @@ -614,7 +614,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -640,7 +640,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -653,7 +653,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -663,6 +663,7 @@ webhooks: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses + port: 443 failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index 8cad92d4cc..93090d0fc0 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -341,7 +341,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -396,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -418,7 +418,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 spec: containers: - args: @@ -442,7 +442,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -518,7 +518,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -529,7 +529,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create spec: containers: @@ -543,7 +543,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: create securityContext: @@ -569,7 +569,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -580,7 +580,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch spec: containers: @@ -596,7 +596,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -622,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -645,6 +645,7 @@ webhooks: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses + port: 443 failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index f9ad071c6d..61fe26135f 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -341,7 +341,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -374,7 +374,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -419,7 +419,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 spec: containers: - args: @@ -444,7 +444,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -520,7 +520,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -531,7 +531,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create spec: containers: @@ -545,7 +545,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: create securityContext: @@ -571,7 +571,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -582,7 +582,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch spec: containers: @@ -598,7 +598,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -624,7 +624,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -637,7 +637,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -647,6 +647,7 @@ webhooks: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses + port: 443 failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 43affe0f74..5a5f44eb2a 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 spec: containers: - args: @@ -447,7 +447,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: create securityContext: @@ -574,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -585,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch spec: containers: @@ -601,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -627,7 +627,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -640,7 +640,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -650,6 +650,7 @@ webhooks: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses + port: 443 failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 5639e287b4..5e138eb75a 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -350,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -383,7 +383,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -406,7 +406,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -424,7 +424,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 spec: containers: - args: @@ -449,7 +449,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -529,7 +529,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -540,7 +540,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create spec: containers: @@ -554,7 +554,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: create securityContext: @@ -580,7 +580,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -591,7 +591,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch spec: containers: @@ -607,7 +607,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -633,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -646,7 +646,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -656,6 +656,7 @@ webhooks: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses + port: 443 failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 8da72399b7..7def2ba213 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -341,7 +341,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -373,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -396,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -418,7 +418,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 spec: containers: - args: @@ -444,7 +444,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -530,7 +530,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -541,7 +541,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create spec: containers: @@ -555,7 +555,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: create securityContext: @@ -581,7 +581,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -592,7 +592,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch spec: containers: @@ -608,7 +608,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -634,7 +634,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -647,7 +647,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -657,6 +657,7 @@ webhooks: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses + port: 443 failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io diff --git a/deploy/static/provider/oracle/deploy.yaml b/deploy/static/provider/oracle/deploy.yaml index a85e0166ff..31f6cfade7 100644 --- a/deploy/static/provider/oracle/deploy.yaml +++ b/deploy/static/provider/oracle/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -345,7 +345,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -378,7 +378,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -401,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -423,7 +423,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 spec: containers: - args: @@ -448,7 +448,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -524,7 +524,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -535,7 +535,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create spec: containers: @@ -549,7 +549,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: create securityContext: @@ -575,7 +575,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -586,7 +586,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch spec: containers: @@ -602,7 +602,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -628,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -641,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -651,6 +651,7 @@ webhooks: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses + port: 443 failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index 92c8ce8807..a916173b5b 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx --- @@ -28,7 +28,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -40,7 +40,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx rules: @@ -130,7 +130,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -149,7 +149,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx rules: - apiGroups: @@ -231,7 +231,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission rules: - apiGroups: @@ -250,7 +250,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -270,7 +270,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -289,7 +289,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -308,7 +308,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -330,7 +330,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -422,7 +422,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 spec: containers: - args: @@ -447,7 +447,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce + image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-create spec: containers: @@ -548,7 +548,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: create securityContext: @@ -574,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -585,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission-patch spec: containers: @@ -601,7 +601,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3@sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f imagePullPolicy: IfNotPresent name: patch securityContext: @@ -627,7 +627,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: nginx spec: controller: k8s.io/ingress-nginx @@ -640,7 +640,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.11.2 + app.kubernetes.io/version: 1.11.3 name: ingress-nginx-admission webhooks: - admissionReviewVersions: @@ -650,6 +650,7 @@ webhooks: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses + port: 443 failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 2ce6325730..41a55f4bc2 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -92,7 +92,7 @@ helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -274,7 +274,7 @@ In AWS, we use a Network load balancer (NLB) to expose the Ingress-Nginx Control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -282,10 +282,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -333,7 +333,7 @@ kubectl create clusterrolebinding cluster-admin-binding \ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -350,7 +350,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -358,7 +358,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -366,7 +366,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/scw/deploy.yaml ``` Refer to the [dedicated tutorial](https://www.scaleway.com/en/docs/tutorials/proxy-protocol-v2-load-balancer/#configuring-proxy-protocol-for-ingress-nginx) in the Scaleway documentation for configuring the proxy protocol for ingress-nginx with the Scaleway load balancer. @@ -383,7 +383,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/cloud/deploy.yaml ``` A @@ -410,7 +410,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), From d56ecfce42713a759d751c4a258d7273273cf911 Mon Sep 17 00:00:00 2001 From: Ryan Sanna Date: Thu, 7 May 2020 16:08:55 -0700 Subject: [PATCH 77/81] (cherry-pick) commits: f3277463565ce64284d96aa659b5d0d11c17f058, b8966a64f5244c7a90cbd2282157db2838a508af * refactor rancher build process due to upstream changes * Remove drone --- .gitignore | 5 ++++- Dockerfile.dapper | 44 ++++++++++++++++++++++++++++++++++++++++++++ Makefile | 7 +------ Makefile_rancher | 23 +++++++++++++++++++++++ internal/k8s/main.go | 14 ++++++++++++++ scripts/build | 17 +++++++++++++++++ scripts/ci | 9 +++++++++ scripts/entry | 11 +++++++++++ scripts/package | 12 ++++++++++++ scripts/release | 3 +++ scripts/test | 15 +++++++++++++++ scripts/validate | 14 ++++++++++++++ scripts/version | 31 +++++++++++++++++++++++++++++++ 13 files changed, 198 insertions(+), 7 deletions(-) create mode 100644 Dockerfile.dapper create mode 100644 Makefile_rancher create mode 100755 scripts/build create mode 100755 scripts/ci create mode 100755 scripts/entry create mode 100755 scripts/package create mode 100755 scripts/release create mode 100755 scripts/test create mode 100755 scripts/validate create mode 100755 scripts/version diff --git a/.gitignore b/.gitignore index 5eac1a800c..3abf404919 100644 --- a/.gitignore +++ b/.gitignore @@ -60,4 +60,7 @@ cmd/plugin/release/*.tar.gz cmd/plugin/release/LICENSE tmp/ test/junitreports/ -tests/__snapshot__ + +# rancher ci +.dapper +/dist/ diff --git a/Dockerfile.dapper b/Dockerfile.dapper new file mode 100644 index 0000000000..3154fa0fcc --- /dev/null +++ b/Dockerfile.dapper @@ -0,0 +1,44 @@ +FROM docker:19.03.8 +ARG DAPPER_HOST_ARCH +ENV ARCH=${DAPPER_HOST_ARCH} +RUN mkdir -p /.docker/cli-plugins +RUN apk update && apk upgrade && apk add bash && ln -sf /bin/bash /bin/sh # use bash for subsequent variable expansion +ENV DOCKER_BUILDX_URL_arm=https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-arm-v7 \ + DOCKER_BUILDX_URL_arm64=https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-arm64 \ + DOCKER_BUILDX_URL_amd64=https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-amd64 \ + DOCKER_BUILDX_URL=DOCKER_BUILDX_URL_${ARCH} +RUN wget -O - ${!DOCKER_BUILDX_URL} > /.docker/cli-plugins/docker-buildx && chmod +x /.docker/cli-plugins/docker-buildx + +FROM ubuntu:18.04 +ARG DAPPER_HOST_ARCH +ARG DOCKER_USER +ARG DOCKER_PASS +ENV HOST_ARCH=${DAPPER_HOST_ARCH} \ + ARCH=${DAPPER_HOST_ARCH} \ + DOCKER_USER=${DOCKER_USER} \ + DOCKER_PASS=${DOCKER_PASS} +RUN apt-get update && \ + apt-get install -y gcc ca-certificates git wget curl vim less file zip make && \ + rm -f /bin/sh && ln -s /bin/bash /bin/sh +ENV GOLANG_ARCH_amd64=amd64 GOLANG_ARCH_arm=armv6l GOLANG_ARCH_arm64=arm64 GOLANG_ARCH=GOLANG_ARCH_${ARCH} \ + GOPATH=/go PATH=/go/bin:/usr/local/go/bin:${PATH} SHELL=/bin/bash +RUN wget -O - https://dl.google.com/go/go1.14.1.linux-${!GOLANG_ARCH}.tar.gz | tar -xzf - -C /usr/local && \ + go get github.com/rancher/trash && go get golang.org/x/lint/golint && go get -u github.com/jteeuwen/go-bindata/... +COPY --from=0 /usr/local/bin/docker /usr/bin/docker +RUN mkdir -p /.docker/cli-plugins +COPY --from=0 /.docker/cli-plugins/docker-buildx /.docker/cli-plugins/docker-buildx +ENV DOCKER_CLI_EXPERIMENTAL=enabled \ + DOCKER_CONFIG=/.docker +RUN docker buildx install +ENV DAPPER_SOURCE /go/src/k8s.io/ingress-nginx/ +ENV DAPPER_OUTPUT ./bin ./dist +ENV DAPPER_DOCKER_SOCKET true +ENV DAPPER_ENV CROSS TAG +ENV DAPPER_RUN_ARGS="--net host" +ENV TRASH_CACHE ${DAPPER_SOURCE}/.trash-cache +ENV HOME ${DAPPER_SOURCE} +ENV GIT_IN_DAPPER true +RUN mkdir -p /etc/nginx/geoip +WORKDIR ${DAPPER_SOURCE} +ENTRYPOINT ["./scripts/entry"] +CMD ["ci"] \ No newline at end of file diff --git a/Makefile b/Makefile index 1c35c12b23..d46b2dfb26 100644 --- a/Makefile +++ b/Makefile @@ -274,9 +274,4 @@ release: ensure-buildx clean --build-arg VERSION="$(TAG)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ - -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile-chroot - -.PHONY: build-docs -build-docs: - pip install -r docs/requirements.txt - mkdocs build --config-file mkdocs.yml + -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile.chroot diff --git a/Makefile_rancher b/Makefile_rancher new file mode 100644 index 0000000000..d7d72a16d5 --- /dev/null +++ b/Makefile_rancher @@ -0,0 +1,23 @@ +TARGETS := $(shell ls scripts) + +.dapper: + @echo Downloading dapper + @curl -sL https://releases.rancher.com/dapper/latest/dapper-`uname -s`-`uname -m` > .dapper.tmp + @@chmod +x .dapper.tmp + @./.dapper.tmp -v + @mv .dapper.tmp .dapper + +$(TARGETS): .dapper + ./.dapper $@ + +trash: .dapper + ./.dapper -m bind trash + +trash-keep: .dapper + ./.dapper -m bind trash -k + +deps: trash + +.DEFAULT_GOAL := ci + +.PHONY: $(TARGETS) diff --git a/internal/k8s/main.go b/internal/k8s/main.go index 5e93e560d6..e4d6c0b6b5 100644 --- a/internal/k8s/main.go +++ b/internal/k8s/main.go @@ -32,6 +32,11 @@ import ( "k8s.io/client-go/tools/cache" ) +const ( + internalAddressAnnotation = "rke.cattle.io/internal-ip" + externalAddressAnnotation = "rke.cattle.io/external-ip" +) + // ParseNameNS parses a string searching a namespace and name func ParseNameNS(input string) (ns, name string, err error) { nsName := strings.Split(input, "/") @@ -64,6 +69,15 @@ func GetNodeIPOrName(kubeClient clientset.Interface, name string, useInternalIP return defaultOrInternalIP } + if node.Annotations != nil { + if annotatedIP := node.Annotations[externalAddressAnnotation]; annotatedIP != "" { + return annotatedIP + } + if annotatedIP := node.Annotations[internalAddressAnnotation]; annotatedIP != "" { + return annotatedIP + } + } + for _, address := range node.Status.Addresses { if address.Type == apiv1.NodeExternalIP { if address.Address != "" { diff --git a/scripts/build b/scripts/build new file mode 100755 index 0000000000..546bfd3929 --- /dev/null +++ b/scripts/build @@ -0,0 +1,17 @@ +#!/bin/bash +set -e + +source $(dirname $0)/version + +cd $(dirname $0)/.. + +PKG="k8s.io/ingress-nginx" + +rm -rf bin/* +mkdir -p bin + +declare -a arches=("arm64" "amd64") +for arch in "${arches[@]}" +do + ARCH=$arch DOCKER_IN_DOCKER_ENABLED=true USER=0 make build +done diff --git a/scripts/ci b/scripts/ci new file mode 100755 index 0000000000..b35955a738 --- /dev/null +++ b/scripts/ci @@ -0,0 +1,9 @@ +#!/bin/bash +set -e + +cd $(dirname $0) + +./validate +./build +./test +./package diff --git a/scripts/entry b/scripts/entry new file mode 100755 index 0000000000..78fb567905 --- /dev/null +++ b/scripts/entry @@ -0,0 +1,11 @@ +#!/bin/bash +set -e + +mkdir -p bin dist +if [ -e ./scripts/$1 ]; then + ./scripts/"$@" +else + exec "$@" +fi + +chown -R $DAPPER_UID:$DAPPER_GID . diff --git a/scripts/package b/scripts/package new file mode 100755 index 0000000000..0dbc972b07 --- /dev/null +++ b/scripts/package @@ -0,0 +1,12 @@ +#!/bin/bash +set -e + +REPO=${REPO:-rancher} + +source $(dirname $0)/version +cd $(dirname $0)/.. + +# manifest push happens as part of make release, so login is required inside the dapper container +echo "$DOCKER_PASS" | docker login -u $DOCKER_USER --password-stdin + +REGISTRY=${REPO} PLATFORMS="arm64 amd64" TAG=${TAG} DOCKER_IN_DOCKER_ENABLED=true USER=0 make release \ No newline at end of file diff --git a/scripts/release b/scripts/release new file mode 100755 index 0000000000..7af0df35fc --- /dev/null +++ b/scripts/release @@ -0,0 +1,3 @@ +#!/bin/bash + +exec $(dirname $0)/ci diff --git a/scripts/test b/scripts/test new file mode 100755 index 0000000000..6363fc3282 --- /dev/null +++ b/scripts/test @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +cd $(dirname $0)/.. + +echo Running tests + +FIND_COMMAND="find" +if [ "$(go env GOHOSTOS)" = "darwin" ]; then + FIND_COMMAND="find ." +fi + +PACKAGES="$($FIND_COMMAND -name '*.go' | xargs -I{} dirname {} | sort -u | grep -Ev '(^\.$|.git|.trash-cache|vendor|bin|docs|test|controller/store|images|examples|hack)')" + +go test -v -p 1 -tags "cgo" -cover ${PACKAGES} diff --git a/scripts/validate b/scripts/validate new file mode 100755 index 0000000000..8b1f64ba62 --- /dev/null +++ b/scripts/validate @@ -0,0 +1,14 @@ +#!/bin/bash +set -e + +cd $(dirname $0)/.. + +echo Running validation + +PACKAGES="$(go list ./... | grep -v /vendor/)" + +echo Running: go vet +go vet -mod=readonly ${PACKAGES} + +echo Running: go fmt +test -z "$(go fmt -mod=readonly ${PACKAGES} | tee /dev/stderr)" diff --git a/scripts/version b/scripts/version new file mode 100755 index 0000000000..d04d7e66ec --- /dev/null +++ b/scripts/version @@ -0,0 +1,31 @@ +#!/bin/bash + +if [ "$GIT_IN_DAPPER" = true ]; then + git config --global user.email "rancher-ci@rancher.com" + git config --global user.name "rancher-ci" +fi + +if [ -n "$(git status --porcelain --untracked-files=no)" ]; then + DIRTY="-dirty" +fi + +# fetch tag information +git fetch + +GIT_COMMIT=${GIT_COMMIT:-$(git rev-parse --short HEAD)} +GIT_TAG=$(git tag -l --contains HEAD | head -n 1) +REPO_INFO=$(git config --get remote.origin.url) + +if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then + VERSION=$GIT_TAG +else + VERSION="${GIT_COMMIT}${DIRTY}" +fi + +if [ -z "$ARCH" ]; then + ARCH=amd64 +fi + +TAG=${TAG:-$VERSION} + +PKG="k8s.io/ingress-nginx" From a74ba3c13ea77986fcbcf2d47fa59a634785f16d Mon Sep 17 00:00:00 2001 From: Kinara Shah Date: Wed, 5 May 2021 15:44:18 -0700 Subject: [PATCH 78/81] (cherry-pick) Fix flaky arm64 emulator issue https://github.com/docker/buildx/issues/542 --- hack/init-buildx.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hack/init-buildx.sh b/hack/init-buildx.sh index bac68e1ae1..83b7780507 100755 --- a/hack/init-buildx.sh +++ b/hack/init-buildx.sh @@ -50,6 +50,15 @@ if ! grep -q "^Driver: docker$" <<<"${current_builder}" && \ exit 0 fi +# Ensure qemu is in binfmt_misc +# Docker desktop already has these in versions recent enough to have buildx +# We only need to do this setup on linux hosts +if [ "$(uname)" == 'Linux' ]; then + # NOTE: this is pinned to a digest for a reason! + # https://github.com/docker/buildx/issues/542#issuecomment-778835576 + docker run --rm --privileged tonistiigi/binfmt --uninstall qemu-aarch64 && docker run --rm --privileged tonistiigi/binfmt --install arm64 + docker run --rm --privileged tonistiigi/binfmt +fi # Ensure we use a builder that can leverage it (the default on linux will not) docker buildx rm ingress-nginx || true From 98d109812cd50bf7baa287ac01d16e0edb162ee2 Mon Sep 17 00:00:00 2001 From: Sameer Kulkarni Date: Fri, 10 Jun 2022 15:26:17 +0530 Subject: [PATCH 79/81] (cherry-pick) fix build failure `go install ginkgo` followed by `which ginkgo` is newly added in the upstream repo. This is making the drone build fail for arm64 arch. The ginkgo library gets installed under $GOPATH/bin/linux_arm64 dir. This is unlike amd64 images which typically install go libraries under $GOPATH/bin. Since the previously mentioned dir is not in PATH, the command `which ginkgo` fails. I've added this location to PATH to fix the build failure. See upstream PRs linked below for more info: https://github.com/kubernetes/ingress-nginx/pull/8566 https://github.com/kubernetes/ingress-nginx/pull/8569 --- build/run-in-docker.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 095e09b91e..076a8061cf 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -84,6 +84,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then #go env go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.20.2 find / -type f -name ginkgo 2>/dev/null + PATH=$PATH:$GOPATH/bin/linux_arm64 which ginkgo /bin/bash -c "${FLAGS}" else From 0540797f52160c745daaacd175b46d3512ecd607 Mon Sep 17 00:00:00 2001 From: Chirayu Kapoor Date: Mon, 14 Oct 2024 16:31:18 +0530 Subject: [PATCH 80/81] (cherry-pick) Replace upstream's workflow with Rancher's workflow files and add FOSSA --- .github/workflows/ci.yaml | 321 ------------------- .github/workflows/depreview.yaml | 14 - .github/workflows/docs.yaml | 55 ---- .github/workflows/fossa.yaml | 31 ++ .github/workflows/golangci-lint.yml | 33 -- .github/workflows/images.yaml | 212 ------------ .github/workflows/junit-reports.yaml | 22 -- .github/workflows/perftest.yaml | 72 ----- .github/workflows/plugin.yaml | 50 --- .github/workflows/project.yml | 19 -- .github/workflows/push-and-pull-request.yaml | 41 +++ .github/workflows/release.yaml | 32 ++ .github/workflows/scorecards.yml | 64 ---- .github/workflows/stale.yaml | 24 -- .github/workflows/vulnerability-scans.yaml | 92 ------ .github/workflows/zz-tmpl-images.yaml | 81 ----- .github/workflows/zz-tmpl-k8s-e2e.yaml | 58 ---- Dockerfile.dapper | 17 +- Makefile | 19 +- scripts/build | 2 +- scripts/ci | 1 - scripts/package | 4 +- scripts/test | 15 - scripts/version | 6 + 24 files changed, 126 insertions(+), 1159 deletions(-) delete mode 100644 .github/workflows/ci.yaml delete mode 100644 .github/workflows/depreview.yaml delete mode 100644 .github/workflows/docs.yaml create mode 100644 .github/workflows/fossa.yaml delete mode 100644 .github/workflows/golangci-lint.yml delete mode 100644 .github/workflows/images.yaml delete mode 100644 .github/workflows/junit-reports.yaml delete mode 100644 .github/workflows/perftest.yaml delete mode 100644 .github/workflows/plugin.yaml delete mode 100644 .github/workflows/project.yml create mode 100644 .github/workflows/push-and-pull-request.yaml create mode 100644 .github/workflows/release.yaml delete mode 100644 .github/workflows/scorecards.yml delete mode 100644 .github/workflows/stale.yaml delete mode 100644 .github/workflows/vulnerability-scans.yaml delete mode 100644 .github/workflows/zz-tmpl-images.yaml delete mode 100644 .github/workflows/zz-tmpl-k8s-e2e.yaml delete mode 100755 scripts/test diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index e3d46913af..0000000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,321 +0,0 @@ -name: CI - -on: - pull_request: - branches: - - "*" - paths-ignore: - - 'docs/**' - - 'deploy/**' - - '**.md' - - 'images/**' # Images changes should be tested on their own workflow - - '!images/nginx/**' - - push: - branches: - - main - - release-* - paths-ignore: - - 'docs/**' - - 'deploy/**' - - '**.md' - - 'images/**' # Images changes should be tested on their own workflow - - workflow_dispatch: - inputs: - run_e2e: - description: 'Force e2e to run' - required: false - type: boolean - - -permissions: - contents: read - -jobs: - - changes: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - outputs: - go: ${{ steps.filter.outputs.go }} - charts: ${{ steps.filter.outputs.charts }} - baseimage: ${{ steps.filter.outputs.baseimage }} - - steps: - - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - go: - - '**/*.go' - - 'go.mod' - - 'go.sum' - - 'rootfs/**/*' - - 'TAG' - - 'test/e2e/**/*' - - 'NGINX_BASE' - charts: - - 'charts/ingress-nginx/Chart.yaml' - - 'charts/ingress-nginx/**/*' - - 'NGINX_BASE' - baseimage: - - 'NGINX_BASE' - - 'images/nginx/**' - docs: - - '**/*.md' - - test-go: - runs-on: ubuntu-latest - needs: changes - if: | - (needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: Get go version - run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - - - name: Set up Go - id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ env.GOLANG_VERSION }} - check-latest: true - - - name: Run test - run: make test - - - verify-docs: - name: Verify Doc generation - runs-on: ubuntu-latest - needs: changes - if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.docs == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - name: Get go version - run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - - name: Set up Go - id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ env.GOLANG_VERSION }} - check-latest: true - - name: Verify Docs - run: make verify-docs - - build: - name: Build - runs-on: ubuntu-latest - needs: changes - outputs: - golangversion: ${{ steps.golangversion.outputs.version }} - if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - - env: - PLATFORMS: linux/amd64 - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: Get go version - id: golangversion - run: | - echo "version=$(cat GOLANG_VERSION)" >> "$GITHUB_OUTPUT" - - - name: Set up Go - id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ steps.golangversion.outputs.version }} - check-latest: true - - - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - with: - version: latest - - - name: Available platforms - run: echo ${{ steps.buildx.outputs.platforms }} - - - name: Prepare Host - run: | - curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl - chmod +x ./kubectl - sudo mv ./kubectl /usr/local/bin/kubectl - - - name: Build NGINX Base image - if: | - needs.changes.outputs.baseimage == 'true' - run: | - export TAG=$(cat images/nginx/TAG) - cd images/nginx/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx:${TAG} . - - - name: Build images - env: - TAG: 1.0.0-dev - ARCH: amd64 - REGISTRY: ingress-controller - run: | - echo "building images..." - export TAGNGINX=$(cat images/nginx/TAG) - make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx:${TAGNGINX} clean-image build image image-chroot - make -C test/e2e-image image - - echo "creating images cache..." - docker save \ - nginx-ingress-controller:e2e \ - ingress-controller/controller:1.0.0-dev \ - ingress-controller/controller-chroot:1.0.0-dev \ - | gzip > docker.tar.gz - - - name: cache - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 - with: - name: docker.tar.gz - path: docker.tar.gz - retention-days: 5 - - chart-lint: - name: Chart / Lint - runs-on: ubuntu-latest - needs: - - changes - - if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e) - - steps: - - name: Set up Python - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 - with: - python-version: 3.x - - - name: Set up Helm - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - - - name: Set up Helm Chart Testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - - name: Set up Artifact Hub - run: | - curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz - echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check - sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah - - - name: Set up Helm Docs - uses: gabe565/setup-helm-docs-action@d5c35bdc9133cfbea3b671acadf50a29029e87c2 # v1.0.4 - - - name: Set up Helm Unit Test - run: helm plugin install https://github.com/helm-unittest/helm-unittest - - - name: Checkout code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - with: - fetch-depth: 0 - - - name: Lint chart - run: | - ct lint --config .ct.yaml - ah lint --path charts/ingress-nginx - - - name: Check docs - run: | - helm-docs --chart-search-root charts - git diff --exit-code charts/ingress-nginx/README.md - - - name: Run tests - run: helm unittest charts/ingress-nginx - - chart-test: - name: Chart / Test - runs-on: ubuntu-latest - needs: - - changes - - build - - chart-lint - - if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e) - - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - - steps: - - name: Checkout code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: Download cache - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: docker.tar.gz - - - name: Load cache - run: gzip --decompress --stdout docker.tar.gz | docker load - - - name: Run tests - env: - K8S_VERSION: ${{ matrix.k8s }} - SKIP_IMAGE_CREATION: true - run: | - sudo mkdir -pm 777 "${HOME}/.kube" - make kind-e2e-chart-tests - - kubernetes: - name: Kubernetes - needs: - - changes - - build - if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml - with: - k8s-version: ${{ matrix.k8s }} - - kubernetes-validations: - name: Kubernetes with Validations - needs: - - changes - - build - if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml - with: - k8s-version: ${{ matrix.k8s }} - variation: "VALIDATIONS" - - kubernetes-chroot: - name: Kubernetes chroot - needs: - - changes - - build - if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml - with: - k8s-version: ${{ matrix.k8s }} - variation: "CHROOT" diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml deleted file mode 100644 index 32b98c2b21..0000000000 --- a/.github/workflows/depreview.yaml +++ /dev/null @@ -1,14 +0,0 @@ -name: 'Dependency Review' -on: [pull_request] - -permissions: - contents: read - -jobs: - dependency-review: - runs-on: ubuntu-latest - steps: - - name: 'Checkout Repository' - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - name: 'Dependency Review' - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml deleted file mode 100644 index 0d0b20a5a8..0000000000 --- a/.github/workflows/docs.yaml +++ /dev/null @@ -1,55 +0,0 @@ -name: Documentation - -on: - push: - branches: - - main - -permissions: - contents: read - -jobs: - - changes: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - if: | - (github.repository == 'kubernetes/ingress-nginx') - outputs: - docs: ${{ steps.filter.outputs.docs }} - charts: ${{ steps.filter.outputs.charts }} - - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - docs: - - 'docs/**/*' - - docs: - name: Update - runs-on: ubuntu-latest - needs: - - changes - if: | - (github.repository == 'kubernetes/ingress-nginx') && - (needs.changes.outputs.docs == 'true') - - permissions: - contents: write # needed to write releases - - steps: - - name: Checkout master - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: Deploy - uses: ./.github/actions/mkdocs - env: - PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml new file mode 100644 index 0000000000..2e4a3d315c --- /dev/null +++ b/.github/workflows/fossa.yaml @@ -0,0 +1,31 @@ +name: Run Fossa Scan + +on: + push: + branches: + # nginx-1.9.x-fix, nginx-1.10.x-fix (in future) and so on + - "nginx-*-fix" + # For manual scans. + workflow_dispatch: + +jobs: + fossa: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write # needed for the Vault authentication + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Read FOSSA token + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY + + - name: FOSSA scan + uses: fossas/fossa-action@main + with: + api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }} + run-tests: false diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml deleted file mode 100644 index c71f090afd..0000000000 --- a/.github/workflows/golangci-lint.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: golangci-lint - -on: - pull_request: - paths: - - '**/*.go' - - '.github/workflows/golangci-lint.yml' - -permissions: - contents: read - -jobs: - golangci: - name: lint - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: Get go version - run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - - - name: Set up Go - id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ env.GOLANG_VERSION }} - check-latest: true - - - name: golangci-lint - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 - with: - version: v1.56 diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml deleted file mode 100644 index ca8df462a6..0000000000 --- a/.github/workflows/images.yaml +++ /dev/null @@ -1,212 +0,0 @@ -name: Container Images - -on: - pull_request: - branches: - - "*" - paths: - - 'images/**' - - push: - branches: - - main - paths: - - 'images/**' - -permissions: - contents: write - packages: write - -env: - PLATFORMS: linux/amd64 - -jobs: - changes: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - outputs: - custom-error-pages: ${{ steps.filter.outputs.custom-error-pages }} - cfssl: ${{ steps.filter.outputs.cfssl }} - fastcgi-helloserver: ${{ steps.filter.outputs.fastcgi-helloserver }} - e2e-test-echo: ${{ steps.filter.outputs.e2e-test-echo }} - go-grpc-greeter-server: ${{ steps.filter.outputs.go-grpc-greeter-server }} - httpbun: ${{ steps.filter.outputs.httpbun }} - kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }} - ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }} - nginx: ${{ steps.filter.outputs.nginx }} - opentelemetry: ${{ steps.filter.outputs.opentelemetry }} - - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - custom-error-pages: - - 'images/custom-error-pages/**' - cfssl: - - 'images/cfssl/**' - fastcgi-helloserver: - - 'images/fastcgi-helloserver/**' - e2e-test-echo: - - 'images/e2e-test-echo/**' - go-grpc-greeter-server: - - 'images/go-grpc-greeter-server/**' - httpbun: - - 'images/httpbun/**' - kube-webhook-certgen: - - 'images/kube-webhook-certgen/**' - ext-auth-example-authsvc: - - 'images/ext-auth-example-authsvc/**' - nginx: - - 'images/nginx/**' - opentelemetry: - - 'images/opentelemetry/**' - - #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here) - cfssl: - needs: changes - if: | - (needs.changes.outputs.cfssl == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: cfssl - secrets: inherit - - custom-error-pages: - needs: changes - if: | - (needs.changes.outputs.custom-error-pages == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: custom-error-pages - secrets: inherit - - e2e-test-echo: - needs: changes - if: | - (needs.changes.outputs.e2e-test-echo == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: e2e-test-echo - secrets: inherit - - ext-auth-example-authsvc: - needs: changes - if: | - (needs.changes.outputs.ext-auth-example-authsvc == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: ext-auth-example-authsvc - secrets: inherit - - fastcgi-helloserver: - needs: changes - if: | - (needs.changes.outputs.fastcgi-helloserver == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: fastcgi-helloserver - secrets: inherit - - go-grpc-greeter-server: - needs: changes - if: | - (needs.changes.outputs.go-grpc-greeter-server == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: go-grpc-greeter-server - secrets: inherit - - httpbun: - needs: changes - if: | - (needs.changes.outputs.httpbun == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: httpbun - secrets: inherit - - kube-webhook-certgen: - runs-on: ubuntu-latest - needs: changes - if: | - (needs.changes.outputs.kube-webhook-certgen == 'true') - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: Get go version - run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - - - name: Set up Go - id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ env.GOLANG_VERSION }} - check-latest: true - - name: image build - run: | - cd images/ && make NAME=kube-webhook-certgen build - - name: Create Kubernetes cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} - - name: image test - run: | - cd images/ && make NAME=kube-webhook-certgen test test-e2e - - opentelemetry: - runs-on: ubuntu-latest - env: - PLATFORMS: linux/amd64,linux/arm,linux/arm64 - needs: changes - if: | - (needs.changes.outputs.opentelemetry == 'true') - strategy: - matrix: - nginx: ['1.25.3', '1.21.6'] - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: image build - run: | - cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build - - nginx: - permissions: - contents: write - packages: write - runs-on: ubuntu-latest - needs: changes - if: | - (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx == 'true') - env: - PLATFORMS: linux/amd64,linux/arm,linux/arm64 - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - with: - version: latest - platforms: ${{ env.PLATFORMS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: build-image - run: | - export TAG=$(cat images/nginx/TAG) - cd images/nginx/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx:${TAG} . diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml deleted file mode 100644 index e2a82910eb..0000000000 --- a/.github/workflows/junit-reports.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: 'E2E Test Report' - -on: - workflow_run: - workflows: ['CI'] # runs after CI workflow - types: - - completed - -permissions: - checks: write - -jobs: - report: - runs-on: ubuntu-latest - steps: - - uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1 - with: - artifact: /e2e-test-reports-(.*)/ - name: JEST Tests $1 # Name of the check run which will be created - path: 'report*.xml' # Path to test results (inside artifact .zip) - reporter: jest-junit # Format of test results - fail-on-empty: 'true' diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml deleted file mode 100644 index 044c3a2602..0000000000 --- a/.github/workflows/perftest.yaml +++ /dev/null @@ -1,72 +0,0 @@ -name: Performance Test - -on: - workflow_dispatch: - inputs: - logLevel: - description: 'Log level' - required: true - default: 'warning' - tags: - description: 'K6 Load Test' - -permissions: - contents: read - -jobs: - k6_test_run: - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: Install K6 - run: | - wget https://github.com/grafana/k6/releases/download/v0.38.2/k6-v0.38.2-linux-amd64.tar.gz - echo '7c9e5a26aaa2c638c042f6dfda7416161b8d2e0d4cb930721a38083b8be109ab *k6-v0.38.2-linux-amd64.tar.gz' | shasum -c - tar -xvf k6-v0.38.2-linux-amd64.tar.gz k6-v0.38.2-linux-amd64/k6 - mv k6-v0.38.2-linux-amd64/k6 . - ./k6 - - - name: Make dev-env - run: | - mkdir $HOME/.kube - make dev-env - podName=`kubectl -n ingress-nginx get po | grep -i controller | awk '{print $1}'` - if [[ -z ${podName} ]] ; then - sleep 5 - fi - kubectl wait pod -n ingress-nginx --for condition=Ready $podName - kubectl get all -A - - - name: Deploy workload - run: | - kubectl create deploy k6 --image kennethreitz/httpbin --port 80 && \ - kubectl expose deploy k6 --port 80 && \ - kubectl create ing k6 --class nginx \ - --rule test.ingress-nginx-controller.ga/*=k6:80 - podName=`kubectl get po | grep -i k6 | awk '{print $1}'` - if [[ -z ${podName} ]] ; then - sleep 5 - fi - kubectl wait pod --for condition=Ready $podName - kubectl get all,secrets,ing - - - name: Tune OS - run : | - sudo sysctl -A 2>/dev/null | egrep -i "local_port_range|tw_reuse|tcp_timestamps" - sudo sh -c "ulimit" - sudo sysctl -w net.ipv4.ip_local_port_range="1024 65535" - sudo sysctl -w net.ipv4.tcp_tw_reuse=1 - sudo sysctl -w net.ipv4.tcp_timestamps=1 - sudo sh -c "ulimit " - - - name: Run smoke test - run: | - vmstat -at 5 | tee vmstat_report & - #./k6 login cloud -t $K6_TOKEN - #./k6 run -o cloud ./smoketest.js - ./k6 run test/k6/smoketest.js - pkill vmstat - cat vmstat_report diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml deleted file mode 100644 index 627a0a0b98..0000000000 --- a/.github/workflows/plugin.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: kubectl plugin - -on: - release: - types: [published] - -permissions: - contents: write # for goreleaser/goreleaser-action - -jobs: - release-plugin: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - with: - fetch-depth: 0 - - - name: Get go version - run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - - - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ env.GOLANG_VERSION }} - check-latest: true - - - name: Run GoReleaser Snapshot - if: ${{ ! startsWith(github.ref, 'refs/tags/') }} - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 - with: - version: latest - args: release --snapshot --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Run GoReleaser - if: ${{ startsWith(github.ref, 'refs/tags/') }} - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 - with: - version: latest - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Update new version in krew-index - if: ${{ startsWith(github.ref, 'refs/tags/') }} - uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46 - with: - krew_template_file: cmd/plugin/krew.yaml diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml deleted file mode 100644 index 9babf234e1..0000000000 --- a/.github/workflows/project.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Adds all issues - -on: - issues: - types: - - opened - -jobs: - add-to-project: - name: Add issue to project - runs-on: ubuntu-latest - permissions: - repository-projects: write - issues: write - steps: - - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 - with: - project-url: https://github.com/orgs/kubernetes/projects/104 - github-token: ${{ secrets.PROJECT_WRITER }} diff --git a/.github/workflows/push-and-pull-request.yaml b/.github/workflows/push-and-pull-request.yaml new file mode 100644 index 0000000000..d743155e96 --- /dev/null +++ b/.github/workflows/push-and-pull-request.yaml @@ -0,0 +1,41 @@ +name: CI on Push and Pull Request +on: + pull_request: + branches: + - '*' + push: + branches: + - '*' + +jobs: + validate: + runs-on: ubuntu-latest + container: + image: rancher/dapper:v0.6.0 + permissions: + contents: read + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: validate + run: dapper validate + + + build: + runs-on: ubuntu-latest + container: + image: rancher/dapper:v0.6.0 + permissions: + contents: read + steps: + - name: Fix the not-a-git-repository issue + run: | + apk -U add git + git config --global --add safe.directory "$GITHUB_WORKSPACE" + + - name: Checkout code + uses: actions/checkout@v4 + + - name: build + run: dapper build diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000000..6dbb1e29d0 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,32 @@ +name: CI on Releasing Tag +on: + push: + tags: + - '*' + +jobs: + ci: + runs-on: ubuntu-latest + container: + image: rancher/dapper:v0.6.0 + permissions: + contents: read + id-token: write # needed for the Vault authentication + steps: + - name: Fix the not-a-git-repository issue + run: | + apk -U add git + git config --global --add safe.directory "$GITHUB_WORKSPACE" + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Load Secrets from Vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD + + - name: Run CI + run: dapper ci diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml deleted file mode 100644 index f927443dfd..0000000000 --- a/.github/workflows/scorecards.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Scorecards supply-chain security - -on: - # Only the default branch is supported. - branch_protection_rule: - schedule: - - cron: '20 11 * * 5' - push: - branches: - - "main" - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Used to receive a badge. (Upcoming feature) - id-token: write - # Needs for private repositories. - contents: read - actions: read - - steps: - - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 - with: - results_file: results.sarif - results_format: sarif - # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - - # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 - with: - sarif_file: results.sarif diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml deleted file mode 100644 index a7c2452951..0000000000 --- a/.github/workflows/stale.yaml +++ /dev/null @@ -1,24 +0,0 @@ -name: 'Stale Issues and PRs' - -on: - schedule: - - cron: '30 1 * * *' - -jobs: - stale: - runs-on: ubuntu-latest - - permissions: - issues: write - pull-requests: write - - steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 - with: - stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack." - stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack." - stale-issue-label: lifecycle/frozen - stale-pr-label: lifecycle/frozen - days-before-issue-stale: 30 - days-before-pr-stale: 45 - days-before-close: -1 # dont not close issues/prs diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml deleted file mode 100644 index 1532ad2de1..0000000000 --- a/.github/workflows/vulnerability-scans.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Vulnerability Scan - -on: - workflow_dispatch: - release: - schedule: - - cron: '00 9 * * 1' - -permissions: - contents: read - security-events: write - -jobs: - version: - runs-on: ubuntu-latest - outputs: - versions: ${{ steps.version.outputs.TAGS }} - steps: - - name: Checkout code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - with: - fetch-depth: 0 - - - name: Latest Tag - id: version - shell: bash - run: | - readarray -t TAGS_ARRAY <<<"$(git tag --list 'controller-v*.*.*' --sort=-version:refname | grep -v 'beta\|alpha')" - FULL_TAGS=(${TAGS_ARRAY[0]} ${TAGS_ARRAY[1]} ${TAGS_ARRAY[2]}) - SHORT_TAGS=() - for i in ${FULL_TAGS[@]} - do - echo "tag: $i" - short=$(echo "$i" | cut -d - -f 2) - SHORT_TAGS+=($short) - done - echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}" - TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]" - echo "${TAGS_JSON}" - echo "TAGS=${TAGS_JSON}" >> $GITHUB_OUTPUT - - scan: - runs-on: ubuntu-latest - needs: version - strategy: - matrix: - versions: ${{ fromJSON(needs.version.outputs.versions) }} - steps: - - name: Checkout code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - shell: bash - id: test - run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" - - - name: Scan image with AquaSec/Trivy - id: scan - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 - with: - image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} - format: 'sarif' - output: trivy-results-${{ matrix.versions }}.sarif - exit-code: 0 - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' - - - name: Output Sarif File - shell: bash - run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif - - # This step checks out a copy of your repository. - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 - with: - token: ${{ github.token }} - # Path to SARIF file relative to the root of the repository - sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif - - - name: Vulz Count - shell: bash - run: | - TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') - echo "TRIVY_COUNT: $TRIVY_COUNT" - echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY - echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml deleted file mode 100644 index efadb8f890..0000000000 --- a/.github/workflows/zz-tmpl-images.yaml +++ /dev/null @@ -1,81 +0,0 @@ -#### THIS IS A TEMPLATE #### -# This workflow is created to be a template for every time an e2e test is required, - -on: - workflow_call: - inputs: - name: - required: true - type: string - platforms-test: - type: string - default: linux/amd64 - platforms-publish: - type: string - default: linux/amd64 - -env: - PLATFORMS: ${{ inputs.platforms-test }} - -permissions: - contents: write - packages: write - -jobs: - changestag: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - runs-on: ubuntu-latest - outputs: - tag: ${{ steps.filter.outputs.tag }} - - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - tag: - - 'images/**/TAG' - - image-build: - name: Build - runs-on: ubuntu-latest - permissions: - contents: read - - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: Build - run: | - cd images/ && make NAME=${{ inputs.name }} build - - image-push: - name: Push - needs: changestag - if: | - (github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'kubernetes/ingress-nginx' && needs.changestag.outputs.tag == 'true') - runs-on: ubuntu-latest - permissions: - contents: write - packages: write - env: - PLATFORMS: ${{ inputs.platforms-publish }} - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Push - run: | - cd images/ && make REGISTRY=ingressnginx NAME=${{ inputs.name }} push - diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml deleted file mode 100644 index 85fd95da15..0000000000 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ /dev/null @@ -1,58 +0,0 @@ -#### THIS IS A TEMPLATE #### -# This workflow is created to be a template for every time an e2e test is required, - -on: - workflow_call: - inputs: - k8s-version: - required: true - type: string - variation: - type: string - -permissions: - contents: read - -jobs: - kubernetes: - name: Kubernetes ${{ inputs.variation }} - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - - name: cache - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: docker.tar.gz - - - name: Create Kubernetes ${{ inputs.k8s-version }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ inputs.k8s-version }} --config test/e2e/kind.yaml - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load - - - name: Run e2e tests ${{ inputs.variation }} - env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true - SKIP_INGRESS_IMAGE_CREATION: true - SKIP_E2E_IMAGE_CREATION: true - ENABLE_VALIDATIONS: ${{ inputs.variation == 'VALIDATIONS' }} - IS_CHROOT: ${{ inputs.variation == 'CHROOT' }} - run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind - make kind-e2e-test - - - name: Upload e2e junit-reports ${{ inputs.variation }} - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 - if: success() || failure() - with: - name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} - path: 'test/junitreports/report*.xml' - diff --git a/Dockerfile.dapper b/Dockerfile.dapper index 3154fa0fcc..056656beb5 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -1,11 +1,12 @@ -FROM docker:19.03.8 +FROM docker:19.03.9 ARG DAPPER_HOST_ARCH +ARG STEP=ci ENV ARCH=${DAPPER_HOST_ARCH} RUN mkdir -p /.docker/cli-plugins RUN apk update && apk upgrade && apk add bash && ln -sf /bin/bash /bin/sh # use bash for subsequent variable expansion -ENV DOCKER_BUILDX_URL_arm=https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-arm-v7 \ - DOCKER_BUILDX_URL_arm64=https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-arm64 \ - DOCKER_BUILDX_URL_amd64=https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-amd64 \ +ENV DOCKER_BUILDX_URL_arm=https://github.com/docker/buildx/releases/download/v0.5.1/buildx-v0.5.1.linux-arm-v7 \ + DOCKER_BUILDX_URL_arm64=https://github.com/docker/buildx/releases/download/v0.5.1/buildx-v0.5.1.linux-arm64 \ + DOCKER_BUILDX_URL_amd64=https://github.com/docker/buildx/releases/download/v0.5.1/buildx-v0.5.1.linux-amd64 \ DOCKER_BUILDX_URL=DOCKER_BUILDX_URL_${ARCH} RUN wget -O - ${!DOCKER_BUILDX_URL} > /.docker/cli-plugins/docker-buildx && chmod +x /.docker/cli-plugins/docker-buildx @@ -22,8 +23,8 @@ RUN apt-get update && \ rm -f /bin/sh && ln -s /bin/bash /bin/sh ENV GOLANG_ARCH_amd64=amd64 GOLANG_ARCH_arm=armv6l GOLANG_ARCH_arm64=arm64 GOLANG_ARCH=GOLANG_ARCH_${ARCH} \ GOPATH=/go PATH=/go/bin:/usr/local/go/bin:${PATH} SHELL=/bin/bash -RUN wget -O - https://dl.google.com/go/go1.14.1.linux-${!GOLANG_ARCH}.tar.gz | tar -xzf - -C /usr/local && \ - go get github.com/rancher/trash && go get golang.org/x/lint/golint && go get -u github.com/jteeuwen/go-bindata/... +RUN wget -O - https://golang.org/dl/go1.21.5.linux-${!GOLANG_ARCH}.tar.gz | tar -xzf - -C /usr/local && \ + curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.41.0 COPY --from=0 /usr/local/bin/docker /usr/bin/docker RUN mkdir -p /.docker/cli-plugins COPY --from=0 /.docker/cli-plugins/docker-buildx /.docker/cli-plugins/docker-buildx @@ -33,7 +34,7 @@ RUN docker buildx install ENV DAPPER_SOURCE /go/src/k8s.io/ingress-nginx/ ENV DAPPER_OUTPUT ./bin ./dist ENV DAPPER_DOCKER_SOCKET true -ENV DAPPER_ENV CROSS TAG +ENV DAPPER_ENV CROSS TAG DOCKER_PASSWORD DOCKER_USERNAME ENV DAPPER_RUN_ARGS="--net host" ENV TRASH_CACHE ${DAPPER_SOURCE}/.trash-cache ENV HOME ${DAPPER_SOURCE} @@ -41,4 +42,4 @@ ENV GIT_IN_DAPPER true RUN mkdir -p /etc/nginx/geoip WORKDIR ${DAPPER_SOURCE} ENTRYPOINT ["./scripts/entry"] -CMD ["ci"] \ No newline at end of file +CMD [${STEP}] diff --git a/Makefile b/Makefile index d46b2dfb26..fe38569fe2 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64 .PHONY: release # Build a multi-arch docker image release: ensure-buildx clean - echo "Building binaries..." - $(foreach PLATFORM,$(PLATFORMS), echo -n "$(PLATFORM)..."; ARCH=$(PLATFORM) make build;) +# Rancher CI: the build has been done in the build step in the scripts/ci +# echo "Building binaries..." +# $(foreach PLATFORM,$(PLATFORMS), echo -n "$(PLATFORM)..."; ARCH=$(PLATFORM) make build;) echo "Building and pushing ingress-nginx image...$(BUILDX_PLATFORMS)" @@ -261,17 +262,5 @@ release: ensure-buildx clean --build-arg VERSION="$(TAG)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ - -t $(REGISTRY)/controller:$(TAG) rootfs + -t $(REGISTRY)/nginx-ingress-controller:$(TAG) rootfs - docker buildx build \ - --no-cache \ - $(MAC_DOCKER_FLAGS) \ - --push \ - --pull \ - --progress plain \ - --platform $(BUILDX_PLATFORMS) \ - --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ - --build-arg VERSION="$(TAG)" \ - --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ - --build-arg BUILD_ID="$(BUILD_ID)" \ - -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile.chroot diff --git a/scripts/build b/scripts/build index 546bfd3929..6e0952b2d4 100755 --- a/scripts/build +++ b/scripts/build @@ -13,5 +13,5 @@ mkdir -p bin declare -a arches=("arm64" "amd64") for arch in "${arches[@]}" do - ARCH=$arch DOCKER_IN_DOCKER_ENABLED=true USER=0 make build + ARCH="$arch" TAG="$TAG" DOCKER_IN_DOCKER_ENABLED=true USER=0 make build done diff --git a/scripts/ci b/scripts/ci index b35955a738..74dcc397db 100755 --- a/scripts/ci +++ b/scripts/ci @@ -5,5 +5,4 @@ cd $(dirname $0) ./validate ./build -./test ./package diff --git a/scripts/package b/scripts/package index 0dbc972b07..a5cbd19d8a 100755 --- a/scripts/package +++ b/scripts/package @@ -7,6 +7,6 @@ source $(dirname $0)/version cd $(dirname $0)/.. # manifest push happens as part of make release, so login is required inside the dapper container -echo "$DOCKER_PASS" | docker login -u $DOCKER_USER --password-stdin +echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin -REGISTRY=${REPO} PLATFORMS="arm64 amd64" TAG=${TAG} DOCKER_IN_DOCKER_ENABLED=true USER=0 make release \ No newline at end of file +REGISTRY=${REPO} PLATFORMS="arm64 amd64" BUILDX_PLATFORMS="linux/amd64,linux/arm64" TAG=${TAG} DOCKER_IN_DOCKER_ENABLED=true USER=0 make release diff --git a/scripts/test b/scripts/test deleted file mode 100755 index 6363fc3282..0000000000 --- a/scripts/test +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -e - -cd $(dirname $0)/.. - -echo Running tests - -FIND_COMMAND="find" -if [ "$(go env GOHOSTOS)" = "darwin" ]; then - FIND_COMMAND="find ." -fi - -PACKAGES="$($FIND_COMMAND -name '*.go' | xargs -I{} dirname {} | sort -u | grep -Ev '(^\.$|.git|.trash-cache|vendor|bin|docs|test|controller/store|images|examples|hack)')" - -go test -v -p 1 -tags "cgo" -cover ${PACKAGES} diff --git a/scripts/version b/scripts/version index d04d7e66ec..9b27d9603c 100755 --- a/scripts/version +++ b/scripts/version @@ -29,3 +29,9 @@ fi TAG=${TAG:-$VERSION} PKG="k8s.io/ingress-nginx" + +echo "GIT_COMMIT: $GIT_COMMIT" +echo "GIT_TAG: $GIT_TAG" +echo "VERSION: $VERSION" +echo "TAG: $TAG" +echo "ARCH: $ARCH" From 1f334f95e9866fa08c72d777c54b3a5328e3444c Mon Sep 17 00:00:00 2001 From: Chirayu Kapoor Date: Mon, 14 Oct 2024 17:36:34 +0530 Subject: [PATCH 81/81] (cherry-pick) go generate --- go.work.sum | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/go.work.sum b/go.work.sum index 8b186c739d..233318d8e1 100644 --- a/go.work.sum +++ b/go.work.sum @@ -131,6 +131,7 @@ cloud.google.com/go/compute v1.24.0/go.mod h1:kw1/T+h/+tK2LJK0wiPPx1intgdAM3j/g3 cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/contactcenterinsights v1.6.0 h1:jXIpfcH/VYSE1SYcPzO0n1VVb+sAamiLOgCw45JbOQk= cloud.google.com/go/contactcenterinsights v1.9.1/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM= cloud.google.com/go/contactcenterinsights v1.10.0/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM= @@ -991,6 +992,7 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/image v0.0.0-20220302094943-723b81ca9867 h1:TcHcE0vrmgzNH1v3ppjcMGbhG5+9fMuvOmUYwNEF4q4= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028 h1:4+4C/Iv2U4fMZBiMCc98MG1In4gJY5YRhtpDNeDeHWs= @@ -1023,6 +1025,7 @@ golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2 h1:IRJeR9r1pYWsHKTRe/IInb7lYvbBVIqOgsX/u0mbOWY= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= @@ -1030,9 +1033,11 @@ golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457 h1:zf5N6UOrA487eEFacMe golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= @@ -1112,6 +1117,7 @@ google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFL google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0 h1:M1YKkFIboKNieVO5DLUEVzQfGwJD30Nv2jfUgzb5UcE= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/errgo.v2 v2.1.0 h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8= gopkg.in/evanphx/json-patch.v5 v5.6.0 h1:BMT6KIwBD9CaU91PJCZIe46bDmBWa9ynTQgJIOpfQBk= @@ -1127,13 +1133,13 @@ k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kms v0.29.3/go.mod h1:TBGbJKpRUMk59neTMDMddjIDL+D4HuFUbpuiuzmOPg0= k8s.io/kms v0.30.0 h1:ZlnD/ei5lpvUlPw6eLfVvH7d8i9qZ6HwUQgydNVks8g= k8s.io/kms v0.30.0/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= k8s.io/kms v0.30.1/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= k8s.io/kms v0.31.0 h1:KchILPfB1ZE+ka7223mpU5zeFNkmb45jl7RHnlImUaI= k8s.io/kms v0.31.0/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/uint128 v1.2.0 h1:mBi/5l91vocEN8otkC5bDLhi2KdCticRiwbdB0O+rjI=