From 6f9b17d751aa28fd77f93d380945cb7ea362602d Mon Sep 17 00:00:00 2001 From: chriss-de Date: Wed, 14 Dec 2022 15:06:09 +0100 Subject: [PATCH 01/52] added proxy-intercept-errors config option --- .../nginx-configuration/annotations.md | 12 ++++ .../nginx-configuration/configmap.md | 9 ++- internal/ingress/annotations/annotations.go | 3 + .../annotations/proxyintercepterrors/main.go | 43 +++++++++++++ .../proxyintercepterrors/main_test.go | 61 +++++++++++++++++++ internal/ingress/controller/config/config.go | 6 ++ internal/ingress/defaults/main.go | 7 +++ pkg/apis/ingress/types.go | 5 ++ pkg/apis/ingress/types_equals.go | 4 ++ rootfs/etc/nginx/template/nginx.tmpl | 4 +- 10 files changed, 151 insertions(+), 3 deletions(-) create mode 100644 internal/ingress/annotations/proxyintercepterrors/main.go create mode 100644 internal/ingress/annotations/proxyintercepterrors/main_test.go diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 49e2525897..652c7311af 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -49,6 +49,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/client-body-buffer-size](#client-body-buffer-size)|string| |[nginx.ingress.kubernetes.io/configuration-snippet](#configuration-snippet)|string| |[nginx.ingress.kubernetes.io/custom-http-errors](#custom-http-errors)|[]int| +|[nginx.ingress.kubernetes.io/proxy-intercept-errors](#proxy-intercept-errors)|"true" or "false"| |[nginx.ingress.kubernetes.io/default-backend](#default-backend)|string| |[nginx.ingress.kubernetes.io/enable-cors](#enable-cors)|"true" or "false"| |[nginx.ingress.kubernetes.io/cors-allow-origin](#enable-cors)|string| @@ -330,6 +331,17 @@ Example usage: nginx.ingress.kubernetes.io/custom-http-errors: "404,415" ``` +## Proxy intercept Errors + +Like the [`proxy-intercept-errors`](./configmap.md#proxy-intercept-errors) value in the ConfigMap, this annotation allows to disable NGINX `proxy-intercept-errors` when `custom-http-errors` are set, but only for the NGINX location associated with this ingress. If a [default backend annotation](#default-backend) is specified on the ingress, the errors will be routed to that annotation's default backend service (instead of the global default backend). +Different ingresses can specify different sets of errors codes and there are UseCases where NGINX shall not intercept all errors returned from upstream. +If `proxy-intercept-errors` is also specified globally, the annotation will override the global value for the given ingress' hostname and path. + +Example usage: +``` +nginx.ingress.kubernetes.io/proxy-intercept-errors: "false" +``` + ### Default Backend This annotation is of the form `nginx.ingress.kubernetes.io/default-backend: ` to specify a custom default backend. This `` is a reference to a service inside of the same namespace in which you are applying this annotation. This annotation overrides the global default backend. In case the service has [multiple ports](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services), the first one is the one which will receive the backend traffic. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index f5d22d11c4..2fe4235e3d 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -161,6 +161,7 @@ The following table shows a configuration option's name, type, and the default v |[stream-snippet](#stream-snippet)|string|""| |[location-snippet](#location-snippet)|string|""| |[custom-http-errors](#custom-http-errors)|[]int|[]int{}| +|[proxy-intercept-errors](#proxy-intercept-errors)|bool|"true"| |[proxy-body-size](#proxy-body-size)|string|"1m"| |[proxy-connect-timeout](#proxy-connect-timeout)|int|5| |[proxy-read-timeout](#proxy-read-timeout)|int|60| @@ -1027,10 +1028,16 @@ You can not use this to add new locations that proxy to the Kubernetes pods, as Enables which HTTP codes should be passed for processing with the [error_page directive](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) -Setting at least one code also enables [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) which are required to process error_page. +Setting at least one code also enables [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) if not disabled with [proxy-intercept-errors](#proxy-intercept-errors). Example usage: `custom-http-errors: 404,415` +## proxy-intercept-errors + +Allows to disable proxy-intercept-errors if [custom-http-errors](#custom-http-errors) are set. Disabling [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) allows to pass upstream errors to client even if [custom-http-errors](#custom-http-errors) are set. + +Example usage: `proxy-intercept-errors: "false"` + ## proxy-body-size Sets the maximum allowed size of the client request body. diff --git a/internal/ingress/annotations/annotations.go b/internal/ingress/annotations/annotations.go index fe7400ac76..37d518086d 100644 --- a/internal/ingress/annotations/annotations.go +++ b/internal/ingress/annotations/annotations.go @@ -20,6 +20,7 @@ import ( "github.com/imdario/mergo" "k8s.io/ingress-nginx/internal/ingress/annotations/canary" "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" + "k8s.io/ingress-nginx/internal/ingress/annotations/proxyintercepterrors" "k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl" "k8s.io/ingress-nginx/internal/ingress/annotations/sslcipher" "k8s.io/ingress-nginx/internal/ingress/annotations/streamsnippet" @@ -85,6 +86,7 @@ type Ingress struct { Connection connection.Config CorsConfig cors.Config CustomHTTPErrors []int + ProxyInterceptErrors bool DefaultBackend *apiv1.Service //TODO: Change this back into an error when https://github.com/imdario/mergo/issues/100 is resolved FastCGI fastcgi.Config @@ -137,6 +139,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor { "Connection": connection.NewParser(cfg), "CorsConfig": cors.NewParser(cfg), "CustomHTTPErrors": customhttperrors.NewParser(cfg), + "ProxyInterceptErrors": proxyintercepterrors.NewParser(cfg), "DefaultBackend": defaultbackend.NewParser(cfg), "FastCGI": fastcgi.NewParser(cfg), "ExternalAuth": authreq.NewParser(cfg), diff --git a/internal/ingress/annotations/proxyintercepterrors/main.go b/internal/ingress/annotations/proxyintercepterrors/main.go new file mode 100644 index 0000000000..4f7584ed35 --- /dev/null +++ b/internal/ingress/annotations/proxyintercepterrors/main.go @@ -0,0 +1,43 @@ +/* +Copyright 2017 The Kubernetes Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package proxyintercepterrors + +import ( + networking "k8s.io/api/networking/v1" + + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + "k8s.io/ingress-nginx/internal/ingress/errors" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +type proxyInterceptErrors struct { + r resolver.Resolver +} + +// NewParser creates a new proxyintercepterrors annotation parser +func NewParser(r resolver.Resolver) parser.IngressAnnotation { + return proxyInterceptErrors{r} +} + +func (s proxyInterceptErrors) Parse(ing *networking.Ingress) (interface{}, error) { + defBackend := s.r.GetDefaultBackend() + + val, err := parser.GetBoolAnnotation("proxy-intercept-errors", ing) + // A missing annotation is not a problem, just use the default + if err == errors.ErrMissingAnnotations { + return defBackend.ProxyInterceptErrors, nil + } + + return val, nil +} diff --git a/internal/ingress/annotations/proxyintercepterrors/main_test.go b/internal/ingress/annotations/proxyintercepterrors/main_test.go new file mode 100644 index 0000000000..1bb548568e --- /dev/null +++ b/internal/ingress/annotations/proxyintercepterrors/main_test.go @@ -0,0 +1,61 @@ +/* +Copyright 2017 The Kubernetes Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package proxyintercepterrors + +import ( + "testing" + + api "k8s.io/api/core/v1" + networking "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +func buildIngress() *networking.Ingress { + return &networking.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "foo", + Namespace: api.NamespaceDefault, + }, + Spec: networking.IngressSpec{ + DefaultBackend: &networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: "default-backend", + Port: networking.ServiceBackendPort{ + Number: 80, + }, + }, + }, + }, + } +} + +func TestParseAnnotations(t *testing.T) { + ing := buildIngress() + + _, err := NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + data := map[string]string{} + data[parser.GetAnnotationWithPrefix("proxy-intercept-errors")] = "true" + ing.SetAnnotations(data) + // test ingress using the annotation without a TLS section + _, err = NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("unexpected error parsing ingress with proxy intercept errors") + } +} diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 8bf71b7749..d4748db89a 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -519,6 +519,10 @@ type Configuration struct { // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version ProxyHTTPVersion string `json:"proxy-http-version"` + // Disables NGINX proxy-intercept-errors when error_page/custom-http-errors are set + // https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors + ProxyInterceptErrors bool `json:"proxy-intercept-errors,omitempty"` + // Sets the ipv4 addresses on which the server will accept requests. BindAddressIpv4 []string `json:"bind-address-ipv4,omitempty"` @@ -873,6 +877,7 @@ func NewDefault() Configuration { VariablesHashBucketSize: 256, VariablesHashMaxSize: 2048, UseHTTP2: true, + ProxyInterceptErrors: true, ProxyStreamTimeout: "600s", ProxyStreamNextUpstream: true, ProxyStreamNextUpstreamTimeout: "600s", @@ -895,6 +900,7 @@ func NewDefault() Configuration { PreserveTrailingSlash: false, SSLRedirect: true, CustomHTTPErrors: []int{}, + ProxyInterceptErrors: true, WhitelistSourceRange: []string{}, SkipAccessLogURLs: []string{}, LimitRate: 0, diff --git a/internal/ingress/defaults/main.go b/internal/ingress/defaults/main.go index bc97342574..ec3c83bff8 100644 --- a/internal/ingress/defaults/main.go +++ b/internal/ingress/defaults/main.go @@ -34,6 +34,13 @@ type Backend struct { // toggles whether or not to remove trailing slashes during TLS redirects PreserveTrailingSlash bool `json:"preserve-trailing-slash"` + // for use when using CustomHTTPErrors without intecepting service errors + // e.g. custom 404 and 503 when service-a does not exist or is not available + // but service-a can return 404 and 503 error codes without intercept + // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors + // By default this is enabled when CustomHTTPErrors is enabled + ProxyInterceptErrors bool `json:"proxy-intercept-errors"` + // http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size // Sets the maximum allowed size of the client request body ProxyBodySize string `json:"proxy-body-size"` diff --git a/pkg/apis/ingress/types.go b/pkg/apis/ingress/types.go index 7c1c825b75..a0eda78329 100644 --- a/pkg/apis/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -343,6 +343,11 @@ type Location struct { // CustomHTTPErrors specifies the error codes that should be intercepted. // +optional CustomHTTPErrors []int `json:"custom-http-errors"` + // for use when using CustomHTTPErrors without intecepting service errors + // e.g. custom 404 and 503 when service-a does not exist or is not available + // but service-a can return 404 and 503 error codes without intercept + // +optional + ProxyInterceptErrors bool `json:"proxy-intercept-errors"` // ModSecurity allows to enable and configure modsecurity // +optional ModSecurity modsecurity.Config `json:"modsecurity"` diff --git a/pkg/apis/ingress/types_equals.go b/pkg/apis/ingress/types_equals.go index a954a253bf..52f46b9ec0 100644 --- a/pkg/apis/ingress/types_equals.go +++ b/pkg/apis/ingress/types_equals.go @@ -469,6 +469,10 @@ func (l1 *Location) Equal(l2 *Location) bool { return false } + if !l1.ProxyInterceptErrors != l2.ProxyInterceptErrors { + return false + } + return true } diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 3ace12bc32..ed831d7105 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -470,7 +470,7 @@ http { ssl_certificate {{ $cfg.DefaultSSLCertificate.PemFileName }}; ssl_certificate_key {{ $cfg.DefaultSSLCertificate.PemFileName }}; - {{ if gt (len $cfg.CustomHTTPErrors) 0 }} + {{ if and (gt (len $cfg.CustomHTTPErrors) 0) $cfg.ProxyInterceptErrors }} proxy_intercept_errors on; {{ end }} @@ -1442,7 +1442,7 @@ stream { {{ end }} {{/* if a location-specific error override is set, add the proxy_intercept here */}} - {{ if $location.CustomHTTPErrors }} + {{ if and $location.CustomHTTPErrors $location.ProxyInterceptErrors }} # Custom error pages per ingress proxy_intercept_errors on; {{ end }} From 651b8468210dee3a81e074be2cf938a7152839e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Dec 2022 02:29:42 -0800 Subject: [PATCH 02/52] Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9398) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.5.1 to 2.6.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.5.1...v2.6.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 9 +-------- go.sum | 21 ++------------------- 2 files changed, 3 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index eab2f9d015..90f11e285f 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.5.1 + github.com/onsi/ginkgo/v2 v2.6.0 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.14.0 @@ -54,7 +54,6 @@ require ( github.com/BurntSushi/toml v1.0.0 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect - github.com/alessio/shellescape v1.4.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -71,7 +70,6 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect - github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.2.0 // indirect @@ -82,8 +80,6 @@ require ( github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.1.0 // indirect - github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect - github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.2.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect @@ -92,7 +88,6 @@ require ( github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.16 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect github.com/moby/sys/mountinfo v0.5.0 // indirect @@ -102,7 +97,6 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect - github.com/pelletier/go-toml v1.9.4 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/procfs v0.8.0 // indirect @@ -131,7 +125,6 @@ require ( k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect - sigs.k8s.io/kind v0.17.0 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect diff --git a/go.sum b/go.sum index 21890aa7a2..9a608ff9d9 100644 --- a/go.sum +++ b/go.sum @@ -60,7 +60,6 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= @@ -75,8 +74,6 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= -github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= @@ -109,7 +106,6 @@ github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkX github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= @@ -172,8 +168,6 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -259,11 +253,8 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= -github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -281,7 +272,6 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= @@ -321,7 +311,6 @@ github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -361,16 +350,14 @@ github.com/ncabatoff/process-exporter v0.7.10/go.mod h1:DHZRZjqxw9LCOpLlX0DjBuyn github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.5.1 h1:auzK7OI497k6x4OvWq+TKAcpcSAlod0doAH72oIN0Jw= -github.com/onsi/ginkgo/v2 v2.5.1/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= +github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= +github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= -github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= -github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -426,7 +413,6 @@ github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -895,7 +881,6 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -964,8 +949,6 @@ sigs.k8s.io/controller-runtime v0.13.1 h1:tUsRCSJVM1QQOOeViGeX3GMT3dQF1eePPw6sEE sigs.k8s.io/controller-runtime v0.13.1/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kind v0.17.0 h1:CScmGz/wX66puA06Gj8OZb76Wmk7JIjgWf5JDvY7msM= -sigs.k8s.io/kind v0.17.0/go.mod h1:Qqp8AiwOlMZmJWs37Hgs31xcbiYXjtXlRBSftcnZXQk= sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s= sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk= From a0dbbd2fb15080bb7aca03a23de72855c77cd8a7 Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Sat, 17 Dec 2022 17:07:41 +0530 Subject: [PATCH 03/52] Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9408) Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 --- build/run-in-docker.sh | 2 +- images/test-runner/rootfs/Dockerfile | 2 +- test/e2e/run-chart-test.sh | 2 +- test/e2e/run.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index cb8ad18f0a..c566bc8a03 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -77,7 +77,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "FLAGS=$FLAGS" go env set -x - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index 30e7e1ab29..aa7c56c39f 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -55,7 +55,7 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" -RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 && go install golang.org/x/lint/golint@latest +RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 && go install golang.org/x/lint/golint@latest ARG RESTY_CLI_VERSION ARG RESTY_CLI_SHA diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index b2e54993f5..606215f17f 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 4cd95267f3..9ca490baa9 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -79,7 +79,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.5.1 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 fi echo "[dev-env] building image" From 17d8266a2ac923fb86183e534cef015e717d0128 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Dec 2022 06:01:42 -0800 Subject: [PATCH 04/52] Bump github.com/prometheus/common from 0.37.0 to 0.39.0 (#9416) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.37.0 to 0.39.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.37.0...v0.39.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++++++------- go.sum | 38 ++++++++++++++------------------------ 2 files changed, 21 insertions(+), 31 deletions(-) diff --git a/go.mod b/go.mod index 90f11e285f..db2e85f74b 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.14.0 github.com/prometheus/client_model v0.3.0 - github.com/prometheus/common v0.37.0 + github.com/prometheus/common v0.39.0 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.1 @@ -88,7 +88,7 @@ require ( github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mmarkdown/mmark v2.0.40+incompatible // indirect github.com/moby/sys/mountinfo v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -107,11 +107,11 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.6.0 // indirect - golang.org/x/net v0.2.0 // indirect - golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.2.0 // indirect - golang.org/x/term v0.2.0 // indirect - golang.org/x/text v0.4.0 // indirect + golang.org/x/net v0.4.0 // indirect + golang.org/x/oauth2 v0.3.0 // indirect + golang.org/x/sys v0.3.0 // indirect + golang.org/x/term v0.3.0 // indirect + golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/tools v0.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 9a608ff9d9..644cb2e86c 100644 --- a/go.sum +++ b/go.sum @@ -148,11 +148,9 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -314,8 +312,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= @@ -371,7 +369,6 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -384,9 +381,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= -github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= +github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI= +github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y= github.com/prometheus/exporter-toolkit v0.7.0/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -557,10 +553,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -576,8 +570,8 @@ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8= +golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -650,16 +644,13 @@ golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -668,9 +659,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From e3e0d9c1f487cf00c02a2a0ca579f4aff9698e59 Mon Sep 17 00:00:00 2001 From: James Strong Date: Sun, 18 Dec 2022 20:07:43 -0500 Subject: [PATCH 05/52] start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417) * start upgrade to 1.19.4 Signed-off-by: James Strong * add matrix to image test-image Signed-off-by: James Strong * update to alpine 3.17 Signed-off-by: James Strong * remove need for curl Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 17 ++-- .github/workflows/plugin.yaml | 2 +- docs/examples/customization/sysctl/patch.json | 2 +- images/cfssl/rootfs/Dockerfile | 2 +- images/custom-error-pages/rootfs/Dockerfile | 2 +- .../rootfs/Dockerfile | 2 +- images/fastcgi-helloserver/rootfs/Dockerfile | 2 +- .../go-grpc-greeter-server/rootfs/Dockerfile | 6 +- images/go-grpc-greeter-server/rootfs/main.go | 78 +++++++++++++++++++ images/httpbin/rootfs/Dockerfile | 2 +- images/kube-webhook-certgen/rootfs/Dockerfile | 2 +- images/nginx/rootfs/Dockerfile | 2 +- images/opentelemetry/rootfs/Dockerfile | 2 +- images/test-runner/Makefile | 2 +- images/test-runner/rootfs/Dockerfile | 2 +- rootfs/Dockerfile-chroot | 2 +- 16 files changed, 106 insertions(+), 21 deletions(-) create mode 100644 images/go-grpc-greeter-server/rootfs/main.go diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cb575ace61..ea46f8cefb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -82,11 +82,11 @@ jobs: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 - - name: Set up Go 1.19.2 + - name: Set up Go 1.19.4 id: go uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: - go-version: '1.19.2' + go-version: '1.19.4' - name: Set up QEMU uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 #v2.0.0 @@ -152,7 +152,7 @@ jobs: - name: Setup Go uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: - go-version: '1.19.2' + go-version: '1.19.4' - name: cache uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3 @@ -393,9 +393,16 @@ jobs: permissions: contents: read # for dorny/paths-filter to fetch a list of changed files pull-requests: read # for dorny/paths-filter to read pull requests + runs-on: ubuntu-latest + env: PLATFORMS: linux/amd64 + + strategy: + matrix: + k8s: [ v1.23.13, v1.24.7, v1.25.3 ] + steps: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 @@ -414,12 +421,12 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} - - name: Set up Go 1.19.2 + - name: Set up Go 1.19.4 id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: - go-version: '1.19.2' + go-version: '1.19.4' - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index 398d0075b6..a1ad05d258 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -24,7 +24,7 @@ jobs: - name: Set up Go uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 with: - go-version: 1.19.2 + go-version: 1.19.4 - name: Run GoReleaser uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # v3.0.0 diff --git a/docs/examples/customization/sysctl/patch.json b/docs/examples/customization/sysctl/patch.json index 75d613295c..3f736197b8 100644 --- a/docs/examples/customization/sysctl/patch.json +++ b/docs/examples/customization/sysctl/patch.json @@ -4,7 +4,7 @@ "spec": { "initContainers": [{ "name": "sysctl", - "image": "alpine:3.16.2", + "image": "alpine:3.17.0", "securityContext": { "privileged": true }, diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index b6dfa567f5..f9370c210f 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.2 +FROM alpine:3.17.0 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk add --no-cache \ diff --git a/images/custom-error-pages/rootfs/Dockerfile b/images/custom-error-pages/rootfs/Dockerfile index 768b1e9dfd..ef825dec13 100755 --- a/images/custom-error-pages/rootfs/Dockerfile +++ b/images/custom-error-pages/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.19.1-alpine as builder +FROM golang:1.19.4-alpine3.17 as builder RUN apk add git WORKDIR /go/src/k8s.io/ingress-nginx/images/custom-error-pages diff --git a/images/ext-auth-example-authsvc/rootfs/Dockerfile b/images/ext-auth-example-authsvc/rootfs/Dockerfile index 012b1880f5..d54df8ab90 100644 --- a/images/ext-auth-example-authsvc/rootfs/Dockerfile +++ b/images/ext-auth-example-authsvc/rootfs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19.2-alpine3.16 as builder +FROM golang:1.19.4-alpine3.17 as builder RUN mkdir /authsvc WORKDIR /authsvc COPY . ./ diff --git a/images/fastcgi-helloserver/rootfs/Dockerfile b/images/fastcgi-helloserver/rootfs/Dockerfile index f572410e7b..0213baf874 100755 --- a/images/fastcgi-helloserver/rootfs/Dockerfile +++ b/images/fastcgi-helloserver/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.14-alpine as builder +FROM golang:1.19.4-alpine3.17 as builder WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi diff --git a/images/go-grpc-greeter-server/rootfs/Dockerfile b/images/go-grpc-greeter-server/rootfs/Dockerfile index 8db118349f..5478425128 100644 --- a/images/go-grpc-greeter-server/rootfs/Dockerfile +++ b/images/go-grpc-greeter-server/rootfs/Dockerfile @@ -1,9 +1,9 @@ -FROM golang:buster as build +FROM golang:1.19.4-alpine3.17 as build WORKDIR /go/src/greeter-server -RUN curl -o main.go https://raw.githubusercontent.com/grpc/grpc-go/91e0aeb192456225adf27966d04ada4cf8599915/examples/features/reflection/server/main.go && \ - go mod init greeter-server && \ +COPY main.go . +RUN go mod init greeter-server && \ go mod tidy && \ go build -o /greeter-server main.go diff --git a/images/go-grpc-greeter-server/rootfs/main.go b/images/go-grpc-greeter-server/rootfs/main.go new file mode 100644 index 0000000000..569273dfdd --- /dev/null +++ b/images/go-grpc-greeter-server/rootfs/main.go @@ -0,0 +1,78 @@ +/* + * + * Copyright 2019 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Binary server is an example server. +package main + +import ( + "context" + "flag" + "fmt" + "log" + "net" + + "google.golang.org/grpc" + "google.golang.org/grpc/reflection" + + ecpb "google.golang.org/grpc/examples/features/proto/echo" + hwpb "google.golang.org/grpc/examples/helloworld/helloworld" +) + +var port = flag.Int("port", 50051, "the port to serve on") + +// hwServer is used to implement helloworld.GreeterServer. +type hwServer struct { + hwpb.UnimplementedGreeterServer +} + +// SayHello implements helloworld.GreeterServer +func (s *hwServer) SayHello(ctx context.Context, in *hwpb.HelloRequest) (*hwpb.HelloReply, error) { + return &hwpb.HelloReply{Message: "Hello " + in.Name}, nil +} + +type ecServer struct { + ecpb.UnimplementedEchoServer +} + +func (s *ecServer) UnaryEcho(ctx context.Context, req *ecpb.EchoRequest) (*ecpb.EchoResponse, error) { + return &ecpb.EchoResponse{Message: req.Message}, nil +} + +func main() { + flag.Parse() + lis, err := net.Listen("tcp", fmt.Sprintf(":%d", *port)) + if err != nil { + log.Fatalf("failed to listen: %v", err) + } + fmt.Printf("server listening at %v\n", lis.Addr()) + + s := grpc.NewServer() + + // Register Greeter on the server. + hwpb.RegisterGreeterServer(s, &hwServer{}) + + // Register RouteGuide on the same server. + ecpb.RegisterEchoServer(s, &ecServer{}) + + // Register reflection service on gRPC server. + reflection.Register(s) + + if err := s.Serve(lis); err != nil { + log.Fatalf("failed to serve: %v", err) + } +} diff --git a/images/httpbin/rootfs/Dockerfile b/images/httpbin/rootfs/Dockerfile index da9cd0145e..1a9b55ba5c 100644 --- a/images/httpbin/rootfs/Dockerfile +++ b/images/httpbin/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.2 +FROM alpine:3.17.0 ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 diff --git a/images/kube-webhook-certgen/rootfs/Dockerfile b/images/kube-webhook-certgen/rootfs/Dockerfile index c45a64dae6..32847fd399 100644 --- a/images/kube-webhook-certgen/rootfs/Dockerfile +++ b/images/kube-webhook-certgen/rootfs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.19.2 as builder +FROM --platform=$BUILDPLATFORM golang:1.19.4 as builder ARG BUILDPLATFORM ARG TARGETARCH diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 6168ee5d80..89bd652b05 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.16.2 as builder +FROM alpine:3.17.0 as builder COPY . / diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 3c137dbe24..8951a3806b 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM alpine:3.16.2 as base +FROM alpine:3.17.0 as base RUN mkdir -p /opt/third_party/install COPY . /opt/third_party/ diff --git a/images/test-runner/Makefile b/images/test-runner/Makefile index 38ca5f2b36..4d71b8ad55 100644 --- a/images/test-runner/Makefile +++ b/images/test-runner/Makefile @@ -39,7 +39,7 @@ build: ensure-buildx --progress=$(PROGRESS) \ --pull \ --build-arg BASE_IMAGE=$(NGINX_BASE_IMAGE) \ - --build-arg GOLANG_VERSION=1.19.2 \ + --build-arg GOLANG_VERSION=1.19.4 \ --build-arg ETCD_VERSION=3.4.3-0 \ --build-arg K8S_RELEASE=v1.24.2 \ --build-arg RESTY_CLI_VERSION=0.27 \ diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index aa7c56c39f..f471e81cce 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -16,7 +16,7 @@ ARG BASE_IMAGE ARG GOLANG_VERSION ARG ETCD_VERSION -FROM golang:${GOLANG_VERSION}-alpine as GO +FROM golang:${GOLANG_VERSION}-alpine3.17 as GO FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd FROM ${BASE_IMAGE} diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index 4805909d5d..bdb9be60b4 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.16.2 +FROM alpine:3.17.0 ARG TARGETARCH ARG VERSION From 690969ba5f8d48514326aebce701862eb0d01603 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 20 Dec 2022 09:22:51 -0500 Subject: [PATCH 06/52] patch otel docker file Signed-off-by: James Strong --- images/opentelemetry/rootfs/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 8951a3806b..7746edbf10 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -21,7 +21,7 @@ COPY . /opt/third_party/ # install build tools RUN apk update \ && apk upgrade \ - && apk add -U bash \ + && apk add -U bash cmake \ && bash /opt/third_party/build.sh -p # install gRPC @@ -39,7 +39,7 @@ COPY --from=grpc /opt/third_party/install/ /usr COPY --from=otel-cpp /opt/third_party/install/ /usr RUN bash /opt/third_party/build.sh -n -FROM alpine:3.16.2 as final +FROM alpine:3.17.0 as final COPY --from=base /opt/third_party/init_module.sh /usr/local/bin/init_module.sh COPY --from=nginx /etc/nginx/modules /etc/nginx/modules COPY --from=nginx /opt/third_party/install/lib /etc/nginx/modules From 58948acd3dc4729e7da5ac91c97799614e257a2a Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 20 Dec 2022 09:41:32 -0500 Subject: [PATCH 07/52] gcloud build is timing out Signed-off-by: James Strong --- images/fastcgi-helloserver/cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/fastcgi-helloserver/cloudbuild.yaml b/images/fastcgi-helloserver/cloudbuild.yaml index 37df1d168b..cb4ac2e945 100644 --- a/images/fastcgi-helloserver/cloudbuild.yaml +++ b/images/fastcgi-helloserver/cloudbuild.yaml @@ -1,4 +1,4 @@ -timeout: 600s +timeout: 1800s options: substitution_option: ALLOW_LOOSE steps: From 6070c8be0105bf72a44012d3774b0874a4bba4c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 07:35:45 -0800 Subject: [PATCH 08/52] Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#9422) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/99c53751e09b9529366343771cc321ec74e9bd3d...937ffa90d79c7d720498178154ad4c7ba1e4ad8c) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a9c36481b4..b5bce044e1 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v1.1.1 + uses: ossf/scorecard-action@937ffa90d79c7d720498178154ad4c7ba1e4ad8c # v1.1.1 with: results_file: results.sarif results_format: sarif From 07db4997b3029b4d08f6b5966ad8d214001e54ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 07:37:45 -0800 Subject: [PATCH 09/52] Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#9424) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/11310527b429536e263dc6cc47873e608189ba21...0ff3da6f81b812d4ec3cf37a04e2308c7a723730) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 5350d6e571..835eb5e9bb 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@11310527b429536e263dc6cc47873e608189ba21 #v2.0.2 + uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 #v2.0.2 From bd283b6609bafd59a979db0e888b02c7d3dc068c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 07:39:44 -0800 Subject: [PATCH 10/52] Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#9426) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3.2.0 to 4.1.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757...8f67e590f2d095516493f017008adc464e63adb1) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index a1ad05d258..ea53c7f793 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -27,7 +27,7 @@ jobs: go-version: 1.19.4 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # v3.0.0 + uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v3.0.0 with: version: latest args: release --rm-dist From 87146d6d93f3aff7d5b70c184b133bc783695f95 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 09:33:43 -0800 Subject: [PATCH 11/52] Bump actions/checkout from 3.1.0 to 3.2.0 (#9425) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8...755da8c3cf115ac066823e79a1e1788f8940201b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 16 ++++++++-------- .github/workflows/depreview.yaml | 2 +- .github/workflows/docs.yaml | 4 ++-- .github/workflows/helm.yaml | 4 ++-- .github/workflows/perftest.yaml | 2 +- .github/workflows/plugin.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 4 ++-- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ea46f8cefb..74bca7a727 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter @@ -59,7 +59,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: Run Gosec Security Scanner uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # master @@ -80,7 +80,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: Set up Go 1.19.4 id: go @@ -147,7 +147,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: Setup Go uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 @@ -228,7 +228,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: cache uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v2 @@ -282,7 +282,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - name: cache uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 @@ -331,7 +331,7 @@ jobs: PLATFORMS: linux/amd64,linux/arm64 steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter-images @@ -405,7 +405,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter-images diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 835eb5e9bb..5a22ea5ff3 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 - name: 'Dependency Review' uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 #v2.0.2 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index f02f0a17ed..879f90d856 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 - name: Deploy uses: ./.github/actions/mkdocs diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 33e06bbdc3..0e9f74b50f 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 id: filter @@ -51,7 +51,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index a9206d9ef1..7205b0c087 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - name: Install K6 run: | diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index ea53c7f793..c8fca8ccae 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b5bce044e1..53f8f25ff2 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.0 with: persist-credentials: false diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index af46c2bccb..b23c5aa5f9 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b with: fetch-depth: 0 @@ -52,7 +52,7 @@ jobs: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - shell: bash id: test From 787ea74b6beffeb14f20cbf3a0d95c315ee3d8e3 Mon Sep 17 00:00:00 2001 From: my-git9 Date: Wed, 21 Dec 2022 01:39:46 +0800 Subject: [PATCH 12/52] cleanup: remove ioutil for new go version (#9427) Signed-off-by: xin.li Signed-off-by: xin.li --- images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go b/images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go index b4d95b9b22..fa8383cbb3 100644 --- a/images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go +++ b/images/kube-webhook-certgen/rootfs/pkg/certs/certs_test.go @@ -5,7 +5,7 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "testing" @@ -49,7 +49,7 @@ func TestCertificateCreation(t *testing.T) { t.Errorf("Response code was %v; want 200", res.StatusCode) } - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) if err != nil { t.Fatal(err) } From 7ef5e1ab8b230721626bf9f3dccb94bae951c81b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 11:15:19 -0800 Subject: [PATCH 13/52] Bump github/codeql-action from 2.1.36 to 2.1.37 (#9423) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.36 to 2.1.37. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/a669cc5936cc5e1b6a362ec1ff9e410dc570d190...959cbb7472c4d4ad70cdfe6f4976053fe48ab394) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- .github/workflows/vulnerability-scans.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 53f8f25ff2..cb2aabf957 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2.1.14 + uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.14 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index b23c5aa5f9..9eaebd8657 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -75,7 +75,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 + uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository From cd80cb6907b1b3f1871e3b3a634bda5159658684 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Dec 2022 11:21:19 -0800 Subject: [PATCH 14/52] Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.6.0...v2.6.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++-- go.sum | 190 ++++++--------------------------------------------------- 2 files changed, 26 insertions(+), 178 deletions(-) diff --git a/go.mod b/go.mod index db2e85f74b..3c88a910be 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 - github.com/onsi/ginkgo/v2 v2.6.0 + github.com/onsi/ginkgo/v2 v2.6.1 github.com/opencontainers/runc v1.1.4 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.14.0 @@ -27,6 +27,7 @@ require ( github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a golang.org/x/crypto v0.3.0 google.golang.org/grpc v1.51.0 + google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 k8s.io/api v0.25.4 @@ -44,7 +45,8 @@ require ( ) require ( - cloud.google.com/go v0.97.0 // indirect + cloud.google.com/go/compute v1.12.1 // indirect + cloud.google.com/go/compute/metadata v0.2.1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.27 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect @@ -81,7 +83,7 @@ require ( github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/google/uuid v1.2.0 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -106,16 +108,16 @@ require ( github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.6.0 // indirect + golang.org/x/mod v0.7.0 // indirect golang.org/x/net v0.4.0 // indirect golang.org/x/oauth2 v0.3.0 // indirect golang.org/x/sys v0.3.0 // indirect golang.org/x/term v0.3.0 // indirect golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect - golang.org/x/tools v0.2.0 // indirect + golang.org/x/tools v0.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect + google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 644cb2e86c..8362b75ba3 100644 --- a/go.sum +++ b/go.sum @@ -13,25 +13,16 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0= +cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= +cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48= +cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= @@ -64,7 +55,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= @@ -74,7 +64,6 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a h1:AP/vsCIvJZ129pdm9Ek7bH7yutN3hByqsMoNrWAxRQc= github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -84,7 +73,6 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -95,13 +83,6 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -124,11 +105,6 @@ github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -139,7 +115,6 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b h1:074/xhloHUBOpTZwlIzQ28rbPY8pNJvzY7Gcx5KnNOk= github.com/fullsailor/pkcs7 v0.0.0-20160414161337-2585af45975b/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -188,8 +163,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -205,10 +178,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7 h1:oKYOfNR7Hp6XpZ4JqolL5u642Js5Z0n7psPVl+S5heo= github.com/gomarkdown/markdown v0.0.0-20210514010506-3b9f47219fe7/go.mod h1:aii0r/K0ZnHv7G0KF7xy1v0A7s2Ljrb5byB7MO5p6TU= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -224,8 +195,6 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -236,8 +205,6 @@ github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -245,29 +212,18 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= -github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= @@ -348,9 +304,9 @@ github.com/ncabatoff/process-exporter v0.7.10/go.mod h1:DHZRZjqxw9LCOpLlX0DjBuyn github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= -github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= -github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= +github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q= +github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= +github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -391,7 +347,6 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= @@ -407,7 +362,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= @@ -447,7 +401,6 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a h1:CbXWHAnmrtTKgX+yMVVANuRJP8ld88ELbAYAYnBdLJ4= github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a/go.mod h1:/Hzu8ych2oXCs1iNI+MeASyFzWTncQ6nlu/wgqbqC2A= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -455,9 +408,6 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= @@ -497,8 +447,6 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= @@ -507,11 +455,8 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= -golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -542,15 +487,8 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= @@ -560,16 +498,7 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8= golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -582,7 +511,7 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -618,30 +547,13 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -656,8 +568,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -708,20 +618,9 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= -golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -743,18 +642,6 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -786,41 +673,15 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c= +google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -833,23 +694,10 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 h1:pPsdyuBif+uoyUoL19yuj/TCfUPsmpJHJZhWQ98JGLU= +google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7/go.mod h1:8pQa1yxxkh+EsxUK8/455D5MSbv3vgmEJqKCH3y17mI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -863,7 +711,6 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -885,7 +732,6 @@ gopkg.in/mcuadros/go-syslog.v2 v2.3.0/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From c648595cd73a2d605cd7d9575b72b367755c7ec8 Mon Sep 17 00:00:00 2001 From: James Strong Date: Tue, 20 Dec 2022 22:55:25 -0500 Subject: [PATCH 15/52] update the nginx run container for alpine:3.17.0 (#9430) Signed-off-by: James Strong Signed-off-by: James Strong --- images/nginx/rootfs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 89bd652b05..a9b01ff82d 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -21,7 +21,7 @@ RUN apk update \ && /build.sh # Use a multi-stage build -FROM alpine:3.16.2 +FROM alpine:3.17.0 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin From 6ffaef32ab4337943ab8fb0630652eb7f8102cbe Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Wed, 21 Dec 2022 14:13:25 +0530 Subject: [PATCH 16/52] Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432) --- build/run-in-docker.sh | 2 +- images/test-runner/rootfs/Dockerfile | 2 +- test/e2e/run-chart-test.sh | 2 +- test/e2e/run.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index c566bc8a03..c00453481f 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -77,7 +77,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "FLAGS=$FLAGS" go env set -x - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" diff --git a/images/test-runner/rootfs/Dockerfile b/images/test-runner/rootfs/Dockerfile index f471e81cce..1e8bc36434 100644 --- a/images/test-runner/rootfs/Dockerfile +++ b/images/test-runner/rootfs/Dockerfile @@ -55,7 +55,7 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" -RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 && go install golang.org/x/lint/golint@latest +RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 && go install golang.org/x/lint/golint@latest ARG RESTY_CLI_VERSION ARG RESTY_CLI_SHA diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 606215f17f..e501ca6fef 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -78,7 +78,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 fi echo "[dev-env] building image" make -C ${DIR}/../../ clean-image build image diff --git a/test/e2e/run.sh b/test/e2e/run.sh index 9ca490baa9..17dad6c396 100755 --- a/test/e2e/run.sh +++ b/test/e2e/run.sh @@ -79,7 +79,7 @@ fi if [ "${SKIP_IMAGE_CREATION:-false}" = "false" ]; then if ! command -v ginkgo &> /dev/null; then - go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.0 + go get github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 fi echo "[dev-env] building image" From a667c93adeb9c4a7b8c50ee4c43e229a86e7e415 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Dec 2022 00:49:26 -0800 Subject: [PATCH 17/52] Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3c88a910be..b074e7c10f 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.3.0 + golang.org/x/crypto v0.4.0 google.golang.org/grpc v1.51.0 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 diff --git a/go.sum b/go.sum index 8362b75ba3..684ae5beb3 100644 --- a/go.sum +++ b/go.sum @@ -423,8 +423,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= +golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= From 6ed6a76200595a7c6843322c60491fef2c86a864 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Wed, 21 Dec 2022 09:51:26 +0100 Subject: [PATCH 18/52] HPA: Add `controller.autoscaling.annotations` to `values.yaml`. (#9253) This value is already in use, but hasn't been added to `values.yaml`. --- charts/ingress-nginx/README.md | 1 + charts/ingress-nginx/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 0e2800d947..af71493fe2 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -295,6 +295,7 @@ Kubernetes: `>=1.20.0-0` | controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | | controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected | | controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # | +| controller.autoscaling.annotations | object | `{}` | | | controller.autoscaling.apiVersion | string | `"autoscaling/v2"` | | | controller.autoscaling.behavior | object | `{}` | | | controller.autoscaling.enabled | bool | `false` | | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 161f974fe8..b7089addbd 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -366,6 +366,7 @@ controller: autoscaling: apiVersion: autoscaling/v2 enabled: false + annotations: {} minReplicas: 1 maxReplicas: 11 targetCPUUtilizationPercentage: 50 From f685c9b379de340814d2e4014cca85431d717b41 Mon Sep 17 00:00:00 2001 From: James Strong Date: Wed, 21 Dec 2022 12:36:20 -0500 Subject: [PATCH 19/52] force rebuild for curl cve Signed-off-by: James Strong --- images/nginx/rootfs/build.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 6d8937a226..8023575c03 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -177,7 +177,8 @@ apk add \ mercurial \ alpine-sdk \ findutils \ - curl ca-certificates \ + curl \ + ca-certificates \ patch \ libaio-dev \ openssl \ From bb60e02e960340c382f0bcd4b21292fb06f80602 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 22 Dec 2022 16:37:26 +0100 Subject: [PATCH 20/52] CI updates (#9440) * add labels to dependabot prs Signed-off-by: cpanato * sync hashes and versions dependabot can update the version comment now Signed-off-by: cpanato Signed-off-by: cpanato --- .github/dependabot.yml | 10 ++- .github/workflows/ci.yaml | 81 +++++++++++----------- .github/workflows/depreview.yaml | 4 +- .github/workflows/docs.yaml | 10 ++- .github/workflows/helm.yaml | 14 ++-- .github/workflows/junit-reports.yaml | 13 ++-- .github/workflows/perftest.yaml | 7 +- .github/workflows/plugin.yaml | 9 +-- .github/workflows/project.yml | 4 +- .github/workflows/scorecards.yml | 20 +++--- .github/workflows/vulnerability-scans.yaml | 72 +++++++++---------- 11 files changed, 125 insertions(+), 119 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 404ed62e14..28a5e55802 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,7 +5,15 @@ updates: directory: "/" schedule: interval: "weekly" + labels: + - "area/dependency" + - "release-note-none" + - "ok-to-test" - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "weekly" + labels: + - "area/dependency" + - "release-note-none" + - "ok-to-test" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 74bca7a727..d1a9936b56 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,9 +33,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -59,10 +59,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Run Gosec Security Scanner - uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # master + uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # v2.14.0 with: # G601 for zz_generated.deepcopy.go # G306 TODO: Expect WriteFile permissions to be 0600 or less @@ -74,26 +74,25 @@ jobs: runs-on: ubuntu-latest needs: changes if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} - + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - name: Set up Go 1.19.4 + - name: Set up Go id: go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: '1.19.4' + go-version: '1.19' + check-latest: true - name: Set up QEMU - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 #v2.0.0 + uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.0.0 + uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1 with: version: latest @@ -104,7 +103,7 @@ jobs: run: | sudo apt-get -qq update || true sudo apt-get install -y pigz - curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl + curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.25.5/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl @@ -138,24 +137,24 @@ jobs: - changes - build if: | - (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} + (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} strategy: matrix: k8s: [v1.23.13, v1.24.7, v1.25.3] steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: '1.19.4' + go-version: '1.19' + check-latest: true - name: cache - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 with: name: docker.tar.gz @@ -192,7 +191,7 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 with: name: docker.tar.gz failOnError: false @@ -211,7 +210,6 @@ jobs: kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-chart-tests - kubernetes: name: Kubernetes runs-on: ubuntu-latest @@ -219,19 +217,18 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} + (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} strategy: matrix: k8s: [v1.23.13, v1.24.7, v1.25.3] steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: cache - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v2 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 with: name: docker.tar.gz @@ -240,7 +237,7 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1 + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 with: name: docker.tar.gz failOnError: false @@ -260,7 +257,7 @@ jobs: make kind-e2e-test - name: Uplaod e2e junit-reports - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 if: success() || failure() with: name: e2e-test-reports-${{ matrix.k8s }} @@ -273,7 +270,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} + (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} strategy: matrix: @@ -282,10 +279,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: cache - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 with: name: docker.tar.gz @@ -294,7 +291,7 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af + - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 with: name: docker.tar.gz failOnError: false @@ -313,9 +310,9 @@ jobs: run: | kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-test - + - name: Uplaod e2e junit-reports - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 if: success() || failure() with: name: e2e-test-reports-chroot-${{ matrix.k8s }} @@ -331,9 +328,9 @@ jobs: PLATFORMS: linux/amd64,linux/arm64 steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} @@ -388,7 +385,6 @@ jobs: run: | cd images/ext-auth-example-authsvc && make build - test-image: permissions: contents: read # for dorny/paths-filter to fetch a list of changed files @@ -405,9 +401,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter-images with: token: ${{ secrets.GITHUB_TOKEN }} @@ -421,12 +417,13 @@ jobs: run: | kind create cluster --image=kindest/node:${{ matrix.k8s }} - - name: Set up Go 1.19.4 + - name: Set up Go id: go if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: '1.19.4' + go-version: '1.19' + check-latest: true - name: kube-webhook-certgen image build if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 5a22ea5ff3..758e4b95fb 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: 'Dependency Review' - uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 #v2.0.2 + uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 # v3.0.2 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 879f90d856..241921ecfb 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -22,11 +22,10 @@ jobs: charts: ${{ steps.filter.outputs.charts }} steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -47,11 +46,10 @@ jobs: contents: write # needed to write releases steps: - - name: Checkout master - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Deploy uses: ./.github/actions/mkdocs env: - PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 0e9f74b50f..5d96507a14 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -22,11 +22,10 @@ jobs: charts: ${{ steps.filter.outputs.charts }} steps: - - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter with: token: ${{ secrets.GITHUB_TOKEN }} @@ -49,9 +48,8 @@ jobs: (needs.changes.outputs.charts == 'true') steps: - - name: Checkout master - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 fetch-depth: 0 @@ -61,12 +59,12 @@ jobs: run: | git config --global user.name "$GITHUB_ACTOR" git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - + - name: Helm Chart Releaser - uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f #v1.4.1 + uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f # v1.4.1 env: CR_SKIP_EXISTING: "false" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" with: - charts_dir: charts \ No newline at end of file + charts_dir: charts diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml index f02e68466e..eb25bbeca4 100644 --- a/.github/workflows/junit-reports.yaml +++ b/.github/workflows/junit-reports.yaml @@ -1,4 +1,5 @@ name: 'E2E Test Report' + on: workflow_run: workflows: ['CI'] # runs after CI workflow @@ -8,9 +9,9 @@ jobs: report: runs-on: ubuntu-latest steps: - - uses: dorny/test-reporter@v1 - with: - artifact: /e2e-test-reports-(.*)/ - name: JEST Tests $1 # Name of the check run which will be created - path: 'report*.xml' # Path to test results (inside artifact .zip) - reporter: jest-junit # Format of test results + - uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 + with: + artifact: /e2e-test-reports-(.*)/ + name: JEST Tests $1 # Name of the check run which will be created + path: 'report*.xml' # Path to test results (inside artifact .zip) + reporter: jest-junit # Format of test results diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index 7205b0c087..89dfdfad68 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -1,4 +1,5 @@ name: Performance Test + on: workflow_dispatch: inputs: @@ -18,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Install K6 run: | @@ -33,7 +34,7 @@ jobs: mkdir $HOME/.kube make dev-env podName=`kubectl -n ingress-nginx get po | grep -i controller | awk '{print $1}'` - if [[ -z ${podName} ]] ; then + if [[ -z ${podName} ]] ; then sleep 5 fi kubectl wait pod -n ingress-nginx --for condition=Ready $podName @@ -46,7 +47,7 @@ jobs: kubectl create ing k6 --class nginx \ --rule test.ingress-nginx-controller.ga/*=k6:80 podName=`kubectl get po | grep -i k6 | awk '{print $1}'` - if [[ -z ${podName} ]] ; then + if [[ -z ${podName} ]] ; then sleep 5 fi kubectl wait pod --for condition=Ready $podName diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml index c8fca8ccae..779cd1da85 100644 --- a/.github/workflows/plugin.yaml +++ b/.github/workflows/plugin.yaml @@ -17,17 +17,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: 1.19.4 + go-version: 1.19 + check-latest: true - name: Run GoReleaser - uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v3.0.0 + uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0 with: version: latest args: release --rm-dist diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 9baa09bf20..d75435712b 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -11,9 +11,9 @@ jobs: runs-on: ubuntu-latest permissions: repository-projects: write - issues: write + issues: write steps: - - uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 #v0.4.0 + - uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 # v0.4.0 with: project-url: https://github.com/orgs/kubernetes/projects/104 github-token: ${{ secrets.PROJECT_WRITER }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index cb2aabf957..6af70e691d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -1,11 +1,13 @@ name: Scorecards supply-chain security + on: # Only the default branch is supported. branch_protection_rule: schedule: - cron: '20 11 * * 5' push: - branches: [ "main" ] + branches: + - "main" # Declare default permissions as read only. permissions: read-all @@ -22,15 +24,15 @@ jobs: # Needs for private repositories. contents: read actions: read - + steps: - name: "Checkout code" - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@937ffa90d79c7d720498178154ad4c7ba1e4ad8c # v1.1.1 + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 with: results_file: results.sarif results_format: sarif @@ -41,22 +43,22 @@ jobs: # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless + # https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories, `publish_results` will automatically be set to `false`, regardless # of the value entered here. publish_results: true # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.0.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 with: name: SARIF file path: results.sarif retention-days: 5 - + # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.14 + uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index 9eaebd8657..67fad31872 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: versions: ${{ steps.version.outputs.TAGS }} steps: - name: Checkout code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 @@ -46,47 +46,47 @@ jobs: scan: runs-on: ubuntu-latest - needs: version + needs: version strategy: matrix: versions: ${{ fromJSON(needs.version.outputs.versions) }} steps: - - name: Checkout code - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + - name: Checkout code + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - shell: bash - id: test - run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" + - shell: bash + id: test + run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" - - name: Scan image with AquaSec/Trivy - id: scan - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 #v0.5.1 - with: - image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} - format: 'sarif' - output: trivy-results-${{ matrix.versions }}.sarif - exit-code: 0 - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' + - name: Scan image with AquaSec/Trivy + id: scan + uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # v0.8.0 + with: + image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} + format: 'sarif' + output: trivy-results-${{ matrix.versions }}.sarif + exit-code: 0 + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' - - name: Output Sarif File - shell: bash - run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif + - name: Output Sarif File + shell: bash + run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif - # This step checks out a copy of your repository. - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 - with: - token: ${{ github.token }} - # Path to SARIF file relative to the root of the repository - sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif + # This step checks out a copy of your repository. + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37 + with: + token: ${{ github.token }} + # Path to SARIF file relative to the root of the repository + sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif - - name: Vulz Count - shell: bash - run: | - TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') - echo "TRIVY_COUNT: $TRIVY_COUNT" - echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY - echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY + - name: Vulz Count + shell: bash + run: | + TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') + echo "TRIVY_COUNT: $TRIVY_COUNT" + echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY + echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY From 7206f488abf4c54c33dc3e7bd03dfe17d2f2259d Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Thu, 22 Dec 2022 23:49:26 +0530 Subject: [PATCH 21/52] avoid builds and tests for non-code changes (#9392) * avoid builds and tests for non-code changes * dummy test for workflow --- .github/workflows/ci.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d1a9936b56..596a26b316 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -4,10 +4,16 @@ on: pull_request: branches: - "*" + paths-ignore: + - 'docs/**' + - 'deploy/**' push: branches: - main + paths-ignore: + - 'docs/**' + - 'deploy/**' workflow_dispatch: inputs: From 30d6f7e14043dafba40f078e9f2d8cb4e4f97c51 Mon Sep 17 00:00:00 2001 From: James Strong Date: Fri, 23 Dec 2022 22:27:25 -0500 Subject: [PATCH 22/52] test the new e2e test images (#9444) Signed-off-by: James Strong Signed-off-by: James Strong --- build/run-in-docker.sh | 2 +- test/e2e-image/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index c00453481f..511c5475f9 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -38,7 +38,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221125-controller-v1.5.1-21-g9d562c47a@sha256:50c5469f08b664e928a3035ac94a2348955b669d7ac33809abc674c8fd6c19c1} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221221-controller-v1.5.1-62-g6ffaef32a@sha256:8f025472964cd15ae2d379503aba150565a8d78eb36b41ddfc5f1e3b1ca81a8e} DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index 64094ec347..f89bf6bf29 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20221125-controller-v1.5.1-21-g9d562c47a@sha256:50c5469f08b664e928a3035ac94a2348955b669d7ac33809abc674c8fd6c19c1" +E2E_BASE_IMAGE="registry.k8s.io/ingress-nginx/e2e-test-runner:v20221221-controller-v1.5.1-62-g6ffaef32a@sha256:8f025472964cd15ae2d379503aba150565a8d78eb36b41ddfc5f1e3b1ca81a8e" image: echo "..entered Makefile in /test/e2e-image" From c50a9e99bc594d10f9c3a49abab223b8839deecb Mon Sep 17 00:00:00 2001 From: James Strong Date: Sat, 24 Dec 2022 09:17:27 -0500 Subject: [PATCH 23/52] upgrade nginx base image (#9436) * upgrade nginx base and e2e base Signed-off-by: James Strong * upgrade e2e base Signed-off-by: James Strong * update new build Signed-off-by: James Strong * update to latest e2e base Signed-off-by: James Strong * remove e2e update Signed-off-by: James Strong * remove e2e update Signed-off-by: James Strong Signed-off-by: James Strong --- NGINX_BASE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NGINX_BASE b/NGINX_BASE index 45654c6270..72093c5938 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:0b5e0685112e4537ee20a0bdbba451e9f6158aa3@sha256:3f5e28bb248d5170e77b77fc2a1a385724aeff41a0b34b5afad7dd9cf93de000 +registry.k8s.io/ingress-nginx/nginx:21aa7f55a3325c1c26de0dfb62ede4c0a809a994@sha256:da6b877ed96dada46ed6e379051c2dd461dd5d329af7a7531820ad3e16197e20 \ No newline at end of file From 336f25230beecdc4c9d06f448368a1cf51b1beac Mon Sep 17 00:00:00 2001 From: James Strong Date: Sat, 24 Dec 2022 14:23:26 -0500 Subject: [PATCH 24/52] start release 1.5.2 (#9445) * start release 1.5.2 Signed-off-by: James Strong * upgrade kind clusters and add 1.26 Signed-off-by: James Strong Signed-off-by: James Strong --- .github/workflows/ci.yaml | 8 ++++---- TAG | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 596a26b316..d064fa6a2f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -147,7 +147,7 @@ jobs: strategy: matrix: - k8s: [v1.23.13, v1.24.7, v1.25.3] + k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] steps: - name: Checkout @@ -227,7 +227,7 @@ jobs: strategy: matrix: - k8s: [v1.23.13, v1.24.7, v1.25.3] + k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] steps: - name: Checkout @@ -280,7 +280,7 @@ jobs: strategy: matrix: - k8s: [v1.23.13, v1.24.7, v1.25.3] + k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] steps: @@ -403,7 +403,7 @@ jobs: strategy: matrix: - k8s: [ v1.23.13, v1.24.7, v1.25.3 ] + k8s: [v1.23.13, v1.24.7, v1.25.3, v1.26.0] steps: - name: Checkout diff --git a/TAG b/TAG index 53b5bbb127..a503124bd9 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.1 +v1.5.2 From 26507e0fa4d545d1aaa8b9ba5754ba96f47161d6 Mon Sep 17 00:00:00 2001 From: James Strong Date: Sat, 24 Dec 2022 15:51:50 -0500 Subject: [PATCH 25/52] with chroot now it can take longer than 30 mins Signed-off-by: James Strong --- cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index a9d4a214ca..d3f1eed628 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -1,6 +1,6 @@ # See https://cloud.google.com/cloud-build/docs/build-config -timeout: 1800s +timeout: 18000s options: substitution_option: ALLOW_LOOSE steps: From d2ba8e6b6bc137bf9628b2d57cb3967716bde773 Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 26 Dec 2022 16:16:40 -0500 Subject: [PATCH 26/52] Reset tag to restart 1.5.2 release gcloud timed out on the 1.5.2 build, so we need to restart the release process, so reverting the tag. --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index a503124bd9..53b5bbb127 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.2 +v1.5.1 From 69b3e7e8c110a91b84fff3155b9c807fa9138adc Mon Sep 17 00:00:00 2001 From: Aleksandr Lebedev <49903054+alebsys@users.noreply.github.com> Date: Tue, 27 Dec 2022 04:23:26 +0700 Subject: [PATCH 27/52] Update command line arguments documentation (#9224) * update cli-arguents.md with latest version flags.go * correct punctuation in pkg/flag/flags.go --- docs/user-guide/cli-arguments.md | 51 ++++++++++++++------------------ pkg/flags/flags.go | 32 ++++++++++---------- 2 files changed, 39 insertions(+), 44 deletions(-) diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index 9d7bd9fc63..ab483b1cd6 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -6,22 +6,23 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | Argument | Description | |----------|-------------| -| `--add_dir_header` | If true, adds the file directory to the header | -| `--alsologtostderr` | log to standard error as well as files | | `--annotations-prefix` | Prefix of the Ingress annotations specific to the NGINX controller. (default "nginx.ingress.kubernetes.io") | | `--apiserver-host` | Address of the Kubernetes API server. Takes the form "protocol://address:port". If not specified, it is assumed the program runs inside a Kubernetes cluster and local discovery is attempted. | | `--certificate-authority` | Path to a cert file for the certificate authority. This certificate is used only when the flag --apiserver-host is specified. | | `--configmap` | Name of the ConfigMap containing custom global configurations for the controller. | +| `--controller-class` | Ingress Class Controller value this Ingress satisfies. The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.19.0 or higher. The .spec.controller value of the IngressClass referenced in an Ingress Object should be the same value specified here to make this object be watched. | | `--deep-inspect` | Enables ingress object security deep inspector. (default true) | | `--default-backend-service` | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form "namespace/name". The controller configures NGINX to forward requests to the first port of this Service. | | `--default-server-port` | Port to use for exposing the default server (catch-all). (default 8181) | | `--default-ssl-certificate` | Secret containing a SSL certificate to be used by the default HTTPS server (catch-all). Takes the form "namespace/name". | -| `--disable-catch-all` | Disable support for catch-all Ingresses | -| `--disable-full-test` | Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default) | +| `--disable-catch-all` | Disable support for catch-all Ingresses. (default false) | +| `--disable-full-test` | Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default). | +| `--disable-svc-external-name` | Disable support for Services of type ExternalName. (default false) | +| `--dynamic-configuration-retries` | Number of times to retry failed dynamic configuration before failing to sync an ingress. (default 15) | | `--election-id` | Election id to use for Ingress status updates. (default "ingress-controller-leader") | -| `--enable-metrics` | Enables the collection of NGINX metrics (default true) | -| `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. | -| `--enable-ssl-passthrough` | Enable SSL Passthrough. | +| `--enable-metrics` | Enables the collection of NGINX metrics. (default true) | +| `--enable-ssl-chain-completion` | Autocomplete SSL certificate chains with missing intermediate CA certificates. Certificates uploaded to Kubernetes must have the "Authority Information Access" X.509 v3 extension for this to succeed. (default false)| +| `--enable-ssl-passthrough` | Enable SSL Passthrough. (default false) | | `--health-check-path` | URL path of the health check endpoint. Configured inside the NGINX status server. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. (default "/healthz") | | `--health-check-timeout` | Time limit, in seconds, for a probe to health-check-path to succeed. (default 10) | | `--healthz-port` | Port to use for the healthz endpoint. (default 10254) | @@ -29,48 +30,42 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--http-port` | Port to use for servicing HTTP traffic. (default 80) | | `--https-port` | Port to use for servicing HTTPS traffic. (default 443) | | `--ingress-class` | Name of the ingress class this controller satisfies. The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.18.0 or higher or the annotation "kubernetes.io/ingress.class" (deprecated). If this parameter is not set, or set to the default value of "nginx", it will handle ingresses with either an empty or "nginx" class name. | -| `--ingress-class-by-name` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false) | -| `--internal-logger-address` | Define the internal logger address to use when chroot images is used. (default 127.0.0.1:11514) | +| `--ingress-class-by-name` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false). | +| `--internal-logger-address` | Address to be used when binding internal syslogger. (default 127.0.0.1:11514) | | `--kubeconfig` | Path to a kubeconfig file containing authorization and API server information. | -| `--length-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength. (default `[10, 20, 30, 40, 50, 60, 70, 80, 90, 100]`) | -| `--log_backtrace_at` | when logging hits line file:N, emit a stack trace (default :0) | -| `--log_dir` | If non-empty, write log files in this directory | -| `--log_file` | If non-empty, use this log file | -| `--log_file_max_size` | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) | -| `--logtostderr` | log to standard error instead of files (default true) | +| `--length-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength. (default `[10, 20, 30, 40, 50, 60, 70, 80, 90, 100]`) | | `--maxmind-edition-ids` | Maxmind edition ids to download GeoLite2 Databases. (default "GeoLite2-City,GeoLite2-ASN") | | `--maxmind-retries-timeout` | Maxmind downloading delay between 1st and 2nd attempt, 0s - do not retry to download if something went wrong. (default 0s) | | `--maxmind-retries-count` | Number of attempts to download the GeoIP DB. (default 1) | -| `--maxmind-license-key` | Maxmind license key to download GeoLite2 Databases. https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | -| `--metrics-per-host` | Export metrics per-host (default true) | +| `--maxmind-license-key` | Maxmind license key to download GeoLite2 Databases. https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases . | +| `--maxmind-mirror` | Maxmind mirror url (example: http://geoip.local/databases. | +| `--metrics-per-host` | Export metrics per-host. (default true) | +| `--monitor-max-batch-size` | Max batch size of NGINX metrics. (default 10000)| | `--post-shutdown-grace-period` | Additional delay in seconds before controller container exits. (default 10) | | `--profiler-port` | Port to use for expose the ingress controller Go profiler when it is enabled. (default 10245) | -| `--profiling` | Enable profiling via web interface host:port/debug/pprof/ (default true) | +| `--profiling` | Enable profiling via web interface host:port/debug/pprof/ . (default true) | | `--publish-service` | Service fronting the Ingress controller. Takes the form "namespace/name". When used together with update-status, the controller mirrors the address of this service's endpoints to the load-balancer status of all Ingress objects it satisfies. | | `--publish-status-address` | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. Requires the update-status parameter. | -| `--report-node-internal-ip-address`| Set the load-balancer status of Ingress objects to internal Node addresses instead of external. Requires the update-status parameter. | +| `--report-node-internal-ip-address`| Set the load-balancer status of Ingress objects to internal Node addresses instead of external. Requires the update-status parameter. (default false) | | `--report-status-classes` | If true, report status classes in metrics (2xx, 3xx, 4xx and 5xx) instead of full status codes. (default false) | -| `--skip_headers` | If true, avoid header prefixes in the log messages | -| `--skip_log_headers` | If true, avoid headers when opening log files | | `--ssl-passthrough-proxy-port` | Port to use internally for SSL Passthrough. (default 442) | -| `--size-buckets` | Set of buckets which will be used for prometheus histogram metrics such as BytesSent. (default `[10, 100, 1000, 10000, 100000, 1e+06, 1e+07]`) | | `--status-port` | Port to use for the lua HTTP endpoint configuration. (default 10246) | -| `--status-update-interval` | Time interval in seconds in which the status should check if an update is required. Default is 60 seconds (default 60) | -| `--stderrthreshold` | logs at or above this threshold go to stderr (default 2) | +| `--status-update-interval` | Time interval in seconds in which the status should check if an update is required. Default is 60 seconds. (default 60) | | `--stream-port` | Port to use for the lua TCP/UDP endpoint configuration. (default 10247) | | `--sync-period` | Period at which the controller forces the repopulation of its local object stores. Disabled by default. | -| `--sync-rate-limit` | Define the sync frequency upper limit (default 0.3) | +| `--sync-rate-limit` | Define the sync frequency upper limit. (default 0.3) | | `--tcp-services-configmap` | Name of the ConfigMap containing the definition of the TCP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port number or name. TCP ports 80 and 443 are reserved by the controller for servicing HTTP traffic. | -| `--time-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime. (default `[0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]`) | +| `--time-buckets` | Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime. (default `[0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]`) | | `--udp-services-configmap` | Name of the ConfigMap containing the definition of the UDP services to expose. The key in the map indicates the external port to be used. The value is a reference to a Service in the form "namespace/name:port", where "port" can either be a port name or number. | | `--update-status` | Update the load-balancer status of Ingress objects this controller satisfies. Requires setting the publish-service parameter to a valid Service reference. (default true) | | `--update-status-on-shutdown` | Update the load-balancer status of Ingress objects when the controller shuts down. Requires the update-status parameter. (default true) | -| `--shutdown-grace-period` | Seconds to wait after receiving the shutdown signal, before stopping the nginx process. | +| `--shutdown-grace-period` | Seconds to wait after receiving the shutdown signal, before stopping the nginx process. (default 0) | +| `--size-buckets` | Set of buckets which will be used for prometheus histogram metrics such as BytesSent. (default `[10, 100, 1000, 10000, 100000, 1e+06, 1e+07]`) | | `-v, --v Level` | number for the log level verbosity | | `--validating-webhook` | The address to start an admission controller on to validate incoming ingresses. Takes the form ":port". If not provided, no admission controller is started. | | `--validating-webhook-certificate` | The path of the validating webhook certificate PEM. | | `--validating-webhook-key` | The path of the validating webhook key PEM. | | `--version` | Show release information about the NGINX Ingress controller and exit. | -| `--vmodule` | comma-separated list of pattern=N settings for file-filtered logging | +| `--watch-ingress-without-class` | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. (default false) | | `--watch-namespace` | Namespace the controller watches for updates to Kubernetes objects. This includes Ingresses, Services and all configuration resources. All namespaces are watched if this parameter is left empty. | | `--watch-namespace-selector` | The controller will watch namespaces whose labels match the given selector. This flag only takes effective when `--watch-namespace` is empty. | diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go index 877000a7d1..65b5fbcdc1 100644 --- a/pkg/flags/flags.go +++ b/pkg/flags/flags.go @@ -74,10 +74,10 @@ The class of an Ingress object is set using the field IngressClassName in Kubern referenced in an Ingress Object should be the same value specified here to make this object be watched.`) watchWithoutClass = flags.Bool("watch-ingress-without-class", false, - `Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified`) + `Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified.`) ingressClassByName = flags.Bool("ingress-class-by-name", false, - `Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class`) + `Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class.`) configMap = flags.String("configmap", "", `Name of the ConfigMap containing custom global configurations for the controller.`) @@ -112,7 +112,7 @@ namespaces are watched if this parameter is left empty.`) `Selector selects namespaces the controller watches for updates to Kubernetes objects.`) profiling = flags.Bool("profiling", true, - `Enable profiling via web interface host:port/debug/pprof/`) + `Enable profiling via web interface host:port/debug/pprof/ .`) defSSLCertificate = flags.String("default-ssl-certificate", "", `Secret containing a SSL certificate to be used by the default HTTPS server (catch-all). @@ -147,7 +147,7 @@ Requires the update-status parameter.`) `Enable SSL Passthrough.`) disableServiceExternalName = flags.Bool("disable-svc-external-name", false, - `Disable support for Services of type ExternalName`) + `Disable support for Services of type ExternalName.`) annotationsPrefix = flags.String("annotations-prefix", parser.DefaultAnnotationsPrefix, `Prefix of the Ingress annotations specific to the NGINX controller.`) @@ -165,16 +165,16 @@ extension for this to succeed.`) Requires the update-status parameter.`) enableMetrics = flags.Bool("enable-metrics", true, - `Enables the collection of NGINX metrics`) + `Enables the collection of NGINX metrics.`) metricsPerHost = flags.Bool("metrics-per-host", true, - `Export metrics per-host`) + `Export metrics per-host.`) reportStatusClasses = flags.Bool("report-status-classes", false, - `Use status classes (2xx, 3xx, 4xx and 5xx) instead of status codes in metrics`) + `Use status classes (2xx, 3xx, 4xx and 5xx) instead of status codes in metrics.`) - timeBuckets = flags.Float64Slice("time-buckets", prometheus.DefBuckets, "Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime") - lengthBuckets = flags.Float64Slice("length-buckets", prometheus.LinearBuckets(10, 10, 10), "Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength") - sizeBuckets = flags.Float64Slice("size-buckets", prometheus.ExponentialBuckets(10, 10, 7), "Set of buckets which will be used for prometheus histogram metrics such as BytesSent") - monitorMaxBatchSize = flags.Int("monitor-max-batch-size", 10000, "Max batch size of NGINX metrics") + timeBuckets = flags.Float64Slice("time-buckets", prometheus.DefBuckets, "Set of buckets which will be used for prometheus histogram metrics such as RequestTime, ResponseTime.") + lengthBuckets = flags.Float64Slice("length-buckets", prometheus.LinearBuckets(10, 10, 10), "Set of buckets which will be used for prometheus histogram metrics such as RequestLength, ResponseLength.") + sizeBuckets = flags.Float64Slice("size-buckets", prometheus.ExponentialBuckets(10, 10, 7), "Set of buckets which will be used for prometheus histogram metrics such as BytesSent.") + monitorMaxBatchSize = flags.Int("monitor-max-batch-size", 10000, "Max batch size of NGINX metrics.") httpPort = flags.Int("http-port", 80, `Port to use for servicing HTTP traffic.`) httpsPort = flags.Int("https-port", 443, `Port to use for servicing HTTPS traffic.`) @@ -185,7 +185,7 @@ Requires the update-status parameter.`) healthzHost = flags.String("healthz-host", "", "Address to bind the healthz endpoint.") disableCatchAll = flags.Bool("disable-catch-all", false, - `Disable support for catch-all Ingresses`) + `Disable support for catch-all Ingresses.`) validationWebhook = flags.String("validating-webhook", "", `The address to start an admission controller on to validate incoming ingresses. @@ -195,12 +195,12 @@ Takes the form ":port". If not provided, no admission controller is starte validationWebhookKey = flags.String("validating-webhook-key", "", `The path of the validating webhook key PEM.`) disableFullValidationTest = flags.Bool("disable-full-test", false, - `Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default)`) + `Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default).`) statusPort = flags.Int("status-port", 10246, `Port to use for the lua HTTP endpoint configuration.`) streamPort = flags.Int("stream-port", 10247, "Port to use for the lua TCP/UDP endpoint configuration.") - internalLoggerAddress = flags.String("internal-logger-address", "127.0.0.1:11514", "Address to be used when binding internal syslogger") + internalLoggerAddress = flags.String("internal-logger-address", "127.0.0.1:11514", "Address to be used when binding internal syslogger.") profilerPort = flags.Int("profiler-port", 10245, "Port to use for expose the ingress controller Go profiler when it is enabled.") profilerAddress = flags.IP("profiler-address", net.ParseIP("127.0.0.1"), "IP address used by the ingress controller to expose the Go Profiler when it is enabled.") @@ -216,9 +216,9 @@ Takes the form ":port". If not provided, no admission controller is starte dynamicConfigurationRetries = flags.Int("dynamic-configuration-retries", 15, "Number of times to retry failed dynamic configuration before failing to sync an ingress.") ) - flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases`) + flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases.`) flags.StringVar(&nginx.MaxmindLicenseKey, "maxmind-license-key", "", `Maxmind license key to download GeoLite2 Databases. -https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases`) +https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases .`) flags.StringVar(&nginx.MaxmindEditionIDs, "maxmind-edition-ids", "GeoLite2-City,GeoLite2-ASN", `Maxmind edition ids to download GeoLite2 Databases.`) flags.IntVar(&nginx.MaxmindRetriesCount, "maxmind-retries-count", 1, "Number of attempts to download the GeoIP DB.") flags.DurationVar(&nginx.MaxmindRetriesTimeout, "maxmind-retries-timeout", time.Second*0, "Maxmind downloading delay between 1st and 2nd attempt, 0s - do not retry to download if something went wrong.") From e0733c7fd0520ec8d7f351ca49b09199d35d35df Mon Sep 17 00:00:00 2001 From: James Strong Date: Mon, 26 Dec 2022 17:17:27 -0500 Subject: [PATCH 28/52] restart 1.5.2 release process (#9450) --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index 53b5bbb127..a503124bd9 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.1 +v1.5.2 From a8f4f2987103092fb12feb865861368d92da2d35 Mon Sep 17 00:00:00 2001 From: Saumya <76432998+SaumyaBhushan@users.noreply.github.com> Date: Wed, 28 Dec 2022 23:43:29 +0530 Subject: [PATCH 29/52] updated the link in RELEASE.md file (#9456) --- RELEASE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 589b9ee7ff..ca0faa4e1a 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -89,7 +89,7 @@ Promoting the images basically means that images, that were pushed to staging co - The sha is also visible here https://console.cloud.google.com/gcr/images/k8s-staging-ingress-nginx/global/controller - - The sha is also visible [here]((https://prow.k8s.io/?repo=kubernetes%2Fingress-nginx&job=post-*)), after cloud build is finished. Click on the respective job, go to `Artifacts` section in the UI, then again `artifacts` in the directory browser. In the `build.log` at the very bottom you see something like this: + - The sha is also visible [here](https://prow.k8s.io/?repo=kubernetes%2Fingress-nginx&job=post-*), after cloud build is finished. Click on the respective job, go to `Artifacts` section in the UI, then again `artifacts` in the directory browser. In the `build.log` at the very bottom you see something like this: ``` ... @@ -113,7 +113,7 @@ Promoting the images basically means that images, that were pushed to staging co - For making it easier, you can edit your branch directly in the browser. But be careful about making any mistake. -- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/registry.k8s.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before +- Insert the sha(s) & the tag(s), in a new line, in this file [Project kubernetes/k8s.io Ingress-Nginx-Controller Images](https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml) Look at this [example PR and the diff](https://github.com/kubernetes/k8s.io/pull/2536) to see how it was done before - Save and commit From fe2bf5cbdf614fe40348c7b2484ead52a7216f5a Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Wed, 28 Dec 2022 17:59:27 -0300 Subject: [PATCH 30/52] Add sslpassthrough tests (#9457) --- build/build.sh | 8 +- build/run-in-docker.sh | 16 +-- pkg/tcpproxy/tcp.go | 8 +- test/e2e/framework/deployment.go | 33 +++-- test/e2e/framework/httpexpect/request.go | 29 ++++ test/e2e/settings/ssl_passthrough.go | 165 +++++++++++++++++++++++ 6 files changed, 231 insertions(+), 28 deletions(-) create mode 100644 test/e2e/settings/ssl_passthrough.go diff --git a/build/build.sh b/build/build.sh index f2f1ec2eb1..1ae505d910 100755 --- a/build/build.sh +++ b/build/build.sh @@ -16,10 +16,10 @@ GO_BUILD_CMD="go build" -if [ -n "$DEBUG" ]; then - set -x - GO_BUILD_CMD="go build -v" -fi +#if [ -n "$DEBUG" ]; then +# set -x +# GO_BUILD_CMD="go build -v" +#fi set -o errexit set -o nounset diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index 511c5475f9..d41464e2ec 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -65,23 +65,21 @@ fi USER=${USER:-nobody} -echo "..printing env & other vars to stdout" -echo "HOSTNAME=`hostname`" -uname -a -env -echo "DIND_ENABLED=$DOCKER_IN_DOCKER_ENABLED" -echo "done..printing env & other vars to stdout" +#echo "..printing env & other vars to stdout" +#echo "HOSTNAME=`hostname`" +#uname -a +#env +#echo "DIND_ENABLED=$DOCKER_IN_DOCKER_ENABLED" +#echo "done..printing env & other vars to stdout" if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then echo "..reached DIND check TRUE block, inside run-in-docker.sh" echo "FLAGS=$FLAGS" - go env - set -x + #go env go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.6.1 find / -type f -name ginkgo 2>/dev/null which ginkgo /bin/bash -c "${FLAGS}" - set +x else echo "Reached DIND check ELSE block, inside run-in-docker.sh" docker run \ diff --git a/pkg/tcpproxy/tcp.go b/pkg/tcpproxy/tcp.go index 7bbff80b44..4c34e1f7b2 100644 --- a/pkg/tcpproxy/tcp.go +++ b/pkg/tcpproxy/tcp.go @@ -80,6 +80,7 @@ func (p *TCPProxy) Handle(conn net.Conn) { } hostPort := net.JoinHostPort(proxy.IP, fmt.Sprintf("%v", proxy.Port)) + klog.V(4).InfoS("passing to", "hostport", hostPort) clientConn, err := net.Dial("tcp", hostPort) if err != nil { klog.V(4).ErrorS(err, "error dialing proxy", "ip", proxy.IP, "port", proxy.Port, "hostname", proxy.Hostname) @@ -99,7 +100,7 @@ func (p *TCPProxy) Handle(conn net.Conn) { } proxyProtocolHeader := fmt.Sprintf("PROXY %s %s %s %d %d\r\n", protocol, remoteAddr.IP.String(), localAddr.IP.String(), remoteAddr.Port, localAddr.Port) klog.V(4).InfoS("Writing Proxy Protocol", "header", proxyProtocolHeader) - _, err = fmt.Fprintf(clientConn, proxyProtocolHeader) + _, err = fmt.Fprint(clientConn, proxyProtocolHeader) } if err != nil { klog.ErrorS(err, "Error writing Proxy Protocol header") @@ -126,8 +127,5 @@ func pipe(client, server net.Conn) { go doCopy(server, client, cancel) go doCopy(client, server, cancel) - select { - case <-cancel: - return - } + <-cancel } diff --git a/test/e2e/framework/deployment.go b/test/e2e/framework/deployment.go index cb6ef9accb..3cfe8f3604 100644 --- a/test/e2e/framework/deployment.go +++ b/test/e2e/framework/deployment.go @@ -85,9 +85,10 @@ func (f *Framework) NewEchoDeployment(opts ...func(*deploymentOptions)) { } deployment := newDeployment(options.name, options.namespace, "registry.k8s.io/ingress-nginx/e2e-test-echo@sha256:778ac6d1188c8de8ecabeddd3c37b72c8adc8c712bad2bd7a81fb23a3514934c", 80, int32(options.replicas), - nil, + nil, nil, nil, []corev1.VolumeMount{}, []corev1.Volume{}, + true, ) f.EnsureDeployment(deployment) @@ -183,7 +184,7 @@ func (f *Framework) NGINXDeployment(name string, cfg string, waitendpoint bool) assert.Nil(ginkgo.GinkgoT(), err, "creating configmap") deployment := newDeployment(name, f.Namespace, f.GetNginxBaseImage(), 80, 1, - nil, + nil, nil, nil, []corev1.VolumeMount{ { Name: name, @@ -203,7 +204,7 @@ func (f *Framework) NGINXDeployment(name string, cfg string, waitendpoint bool) }, }, }, - }, + }, true, ) f.EnsureDeployment(deployment) @@ -334,8 +335,8 @@ func (f *Framework) NewGRPCBinDeployment() { assert.Nil(ginkgo.GinkgoT(), err, "waiting for endpoints to become ready") } -func newDeployment(name, namespace, image string, port int32, replicas int32, command []string, - volumeMounts []corev1.VolumeMount, volumes []corev1.Volume) *appsv1.Deployment { +func newDeployment(name, namespace, image string, port int32, replicas int32, command []string, args []string, env []corev1.EnvVar, + volumeMounts []corev1.VolumeMount, volumes []corev1.Volume, setProbe bool) *appsv1.Deployment { probe := &corev1.Probe{ InitialDelaySeconds: 2, PeriodSeconds: 1, @@ -381,9 +382,7 @@ func newDeployment(name, namespace, image string, port int32, replicas int32, co ContainerPort: port, }, }, - ReadinessProbe: probe, - LivenessProbe: probe, - VolumeMounts: volumeMounts, + VolumeMounts: volumeMounts, }, }, Volumes: volumes, @@ -392,10 +391,20 @@ func newDeployment(name, namespace, image string, port int32, replicas int32, co }, } + if setProbe { + d.Spec.Template.Spec.Containers[0].ReadinessProbe = probe + d.Spec.Template.Spec.Containers[0].LivenessProbe = probe + } if len(command) > 0 { d.Spec.Template.Spec.Containers[0].Command = command } + if len(args) > 0 { + d.Spec.Template.Spec.Containers[0].Args = args + } + if len(env) > 0 { + d.Spec.Template.Spec.Containers[0].Env = env + } return d } @@ -404,9 +413,13 @@ func (f *Framework) NewHttpbinDeployment() { f.NewDeployment(HTTPBinService, "registry.k8s.io/ingress-nginx/e2e-test-httpbin@sha256:c6372ef57a775b95f18e19d4c735a9819f2e7bb4641e5e3f27287d831dfeb7e8", 80, 1) } -// NewDeployment creates a new deployment in a particular namespace. func (f *Framework) NewDeployment(name, image string, port int32, replicas int32) { - deployment := newDeployment(name, f.Namespace, image, port, replicas, nil, nil, nil) + f.NewDeploymentWithOpts(name, image, port, replicas, nil, nil, nil, nil, nil, true) +} + +// NewDeployment creates a new deployment in a particular namespace. +func (f *Framework) NewDeploymentWithOpts(name, image string, port int32, replicas int32, command []string, args []string, env []corev1.EnvVar, volumeMounts []corev1.VolumeMount, volumes []corev1.Volume, setProbe bool) { + deployment := newDeployment(name, f.Namespace, image, port, replicas, command, args, env, volumeMounts, volumes, setProbe) f.EnsureDeployment(deployment) diff --git a/test/e2e/framework/httpexpect/request.go b/test/e2e/framework/httpexpect/request.go index 335e3931ed..d8edb42ceb 100644 --- a/test/e2e/framework/httpexpect/request.go +++ b/test/e2e/framework/httpexpect/request.go @@ -17,8 +17,10 @@ limitations under the License. package httpexpect import ( + "context" "fmt" "io" + "net" "net/http" "net/url" "path" @@ -71,6 +73,33 @@ func (h *HTTPRequest) DoRequest(method, rpath string) *HTTPRequest { return h } +// ForceResolve forces the test resolver to point to a specific endpoint +func (h *HTTPRequest) ForceResolve(ip string, port uint16) *HTTPRequest { + addr := net.ParseIP(ip) + if addr == nil { + h.chain.fail(fmt.Sprintf("invalid ip address: %s", ip)) + return h + } + dialer := &net.Dialer{ + Timeout: h.client.Timeout, + KeepAlive: h.client.Timeout, + DualStack: true, + } + resolveAddr := fmt.Sprintf("%s:%d", ip, int(port)) + + oldTransport, ok := h.client.Transport.(*http.Transport) + if !ok { + h.chain.fail("invalid old transport address") + return h + } + newTransport := oldTransport.Clone() + newTransport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) { + return dialer.DialContext(ctx, network, resolveAddr) + } + h.client.Transport = newTransport + return h +} + // Expect executes the request and returns an HTTP response. func (h *HTTPRequest) Expect() *HTTPResponse { if h.query != nil { diff --git a/test/e2e/settings/ssl_passthrough.go b/test/e2e/settings/ssl_passthrough.go new file mode 100644 index 0000000000..77a3c990eb --- /dev/null +++ b/test/e2e/settings/ssl_passthrough.go @@ -0,0 +1,165 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package settings + +import ( + "context" + "crypto/tls" + "fmt" + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.IngressNginxDescribe("[Flag] enable-ssl-passthrough", func() { + f := framework.NewDefaultFramework("ssl-passthrough") + + ginkgo.BeforeEach(func() { + err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { + args := deployment.Spec.Template.Spec.Containers[0].Args + args = append(args, "--enable-ssl-passthrough") + deployment.Spec.Template.Spec.Containers[0].Args = args + _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) + return err + }) + assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags") + + f.WaitForNginxServer("_", + func(server string) bool { + return strings.Contains(server, "listen 442") + }) + }) + + ginkgo.Describe("With enable-ssl-passthrough enabled", func() { + ginkgo.It("should enable ssl-passthrough-proxy-port on a different port", func() { + + err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { + args := deployment.Spec.Template.Spec.Containers[0].Args + args = append(args, "--ssl-passthrough-proxy-port=1442") + deployment.Spec.Template.Spec.Containers[0].Args = args + _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) + return err + }) + assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags") + + f.WaitForNginxServer("_", + func(server string) bool { + return strings.Contains(server, "listen 1442") + }) + + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", "something"). + Expect(). + Status(http.StatusNotFound) + }) + + ginkgo.It("should pass unknown traffic to default backend and handle known traffic", func() { + + host := "testpassthrough.com" + echoName := "echopass" + + /* Even with enable-ssl-passthrough enabled, only annotated ingresses may receive the trafic */ + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/ssl-passthrough": "true", + } + + ingressDef := framework.NewSingleIngressWithTLS(host, "/", host, []string{host}, f.Namespace, echoName, 80, annotations) + tlsConfig, err := framework.CreateIngressTLSSecret(f.KubeClientSet, + ingressDef.Spec.TLS[0].Hosts, + ingressDef.Spec.TLS[0].SecretName, + ingressDef.Namespace) + + volumeMount := []corev1.VolumeMount{ + { + Name: "certs", + ReadOnly: true, + MountPath: "/certs", + }, + } + volume := []corev1.Volume{ + { + Name: "certs", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: ingressDef.Spec.TLS[0].SecretName, + }, + }, + }, + } + envs := []corev1.EnvVar{ + { + Name: "HTTPBUN_SSL_CERT", + Value: "/certs/tls.crt", + }, + { + Name: "HTTPBUN_SSL_KEY", + Value: "/certs/tls.key", + }, + } + f.NewDeploymentWithOpts("echopass", "ghcr.io/sharat87/httpbun:latest", 80, 1, nil, nil, envs, volumeMount, volume, false) + + f.EnsureIngress(ingressDef) + + assert.Nil(ginkgo.GinkgoT(), err) + framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfig) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, "listen 442") + }) + + /* This one should not receive traffic as it does not contain passthrough annotation */ + hostBad := "noannotationnopassthrough.com" + ingBad := f.EnsureIngress(framework.NewSingleIngressWithTLS(hostBad, "/", hostBad, []string{hostBad}, f.Namespace, echoName, 80, nil)) + tlsConfigBad, err := framework.CreateIngressTLSSecret(f.KubeClientSet, + ingBad.Spec.TLS[0].Hosts, + ingBad.Spec.TLS[0].SecretName, + ingBad.Namespace) + assert.Nil(ginkgo.GinkgoT(), err) + framework.WaitForTLS(f.GetURL(framework.HTTPS), tlsConfigBad) + + f.WaitForNginxServer(hostBad, + func(server string) bool { + return strings.Contains(server, "listen 442") + }) + + f.HTTPTestClientWithTLSConfig(&tls.Config{ServerName: host, InsecureSkipVerify: true}). + GET("/"). + WithURL(fmt.Sprintf("https://%s:443", host)). + ForceResolve(f.GetNginxIP(), 443). + Expect(). + Status(http.StatusOK) + + f.HTTPTestClientWithTLSConfig(&tls.Config{ServerName: hostBad, InsecureSkipVerify: true}). + GET("/"). + WithURL(fmt.Sprintf("https://%s:443", hostBad)). + ForceResolve(f.GetNginxIP(), 443). + Expect(). + Status(http.StatusNotFound) + + }) + }) +}) From 2db8552a870c673f72b6d537006d4387195d398b Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 16:35:32 -0500 Subject: [PATCH 31/52] Automated Release Controller 1.5.2 (#9455) Signed-off-by: James Strong Signed-off-by: James Strong --- Changelog.md | 2 + README.md | 1 + changelog/Changelog-1.5.2.md | 79 + charts/ingress-nginx/Chart.yaml | 47 +- charts/ingress-nginx/README.md | 8 +- charts/ingress-nginx/changelog.md.gotmpl | 9 + .../changelog/Changelog-1.5.2.md | 12 + charts/ingress-nginx/values.yaml | 1623 ++++++++--------- deploy/static/provider/aws/deploy.yaml | 57 +- .../aws/nlb-with-tls-termination/deploy.yaml | 57 +- deploy/static/provider/baremetal/deploy.yaml | 57 +- deploy/static/provider/cloud/deploy.yaml | 57 +- deploy/static/provider/do/deploy.yaml | 57 +- deploy/static/provider/exoscale/deploy.yaml | 57 +- deploy/static/provider/kind/deploy.yaml | 57 +- deploy/static/provider/scw/deploy.yaml | 57 +- docs/deploy/index.md | 20 +- docs/e2e-tests.md | 924 ++++++++-- hack/generate-e2e-suite-doc.sh | 6 +- 19 files changed, 1812 insertions(+), 1375 deletions(-) create mode 100644 changelog/Changelog-1.5.2.md create mode 100644 charts/ingress-nginx/changelog.md.gotmpl create mode 100644 charts/ingress-nginx/changelog/Changelog-1.5.2.md diff --git a/Changelog.md b/Changelog.md index a7b62be504..400c187f77 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,7 @@ # Changelog +All New change are in [Changelog](./changelog) + ### 1.5.1 * Upgrade NGINX to 1.21.6 diff --git a/README.md b/README.md index f8c020b68f..73baa8fd2f 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ the versions listed. Ingress-Nginx versions may work on older versions but the p | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | |-----------------------|------------------------------|----------------|---------------| +| v1.5.2 | 1.26, 1.25, 1.24, 1.23 | 3.17.2 | 1.21.6 | | v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | | v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | | v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | diff --git a/changelog/Changelog-1.5.2.md b/changelog/Changelog-1.5.2.md new file mode 100644 index 0000000000..8b6779e472 --- /dev/null +++ b/changelog/Changelog-1.5.2.md @@ -0,0 +1,79 @@ +# Changelog + +### 1.5.2 +Images: + + * registry.k8s.io/controller:controller-v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + * registry.k8s.io/controller-chroot:controller-v1.5.2@sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b + +### All Changes: + +* restart 1.5.2 release process (#9450) +* Update command line arguments documentation (#9224) +* start release 1.5.2 (#9445) +* upgrade nginx base image (#9436) +* test the new e2e test images (#9444) +* avoid builds and tests for non-code changes (#9392) +* CI updates (#9440) +* HPA: Add `controller.autoscaling.annotations` to `values.yaml`. (#9253) +* update the nginx run container for alpine:3.17.0 (#9430) +* cleanup: remove ioutil for new go version (#9427) +* start upgrade to golang 1.19.4 and alpine 3.17.0 (#9417) +* ci: remove setup-helm step (#9404) +* ci: remove setup-kind step (#9401) +* Add reporter for all tests (#9395) +* added action for issues to project (#9386) +* doc: update NEW_CONTRIBUTOR.md (#9381) +* feat(helm): Optionally use cert-manager instead admission patch (#9279) +* integrated junit-reports with ghactions (#9361) +* [user-guide configmap] fix doc for global-auth-snippet (#9372) +* update OpenTelemetry image (#9308) +* fix: missing CORS headers when auth fails (#9251) +* Fix styling in canary annotation docs. (#9259) +* resolved ginkgo deprecation message (#9365) +* Enable profiler-address to be configured (#9311) +* ModSecurity dependencies update to avoid Memory Leaks (#9330) +* fix(hpa): deprecated api version, bump to v2 (#9348) +* fix(typo): pluralize provider (#9346) +* removed deprecation messsage for ingressClass annotation (#9357) +* added ginkgo junit reports (#9350) +* Fix typos found by codespell (#9353) +* bumped ginkgo to v2.5.1 in testrunner (#9340) +* create nsswitch-conf if missing (#9339) +* remove the configmap related permissions (#9310) +* remove hardcoded datasource from grafana dashboard (#9284) +* update gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b to 3.0.0 (#9277) +* Validate ingress path fields (#9309) +* added SAN to cert create command (#9295) +* Missing controller.ingressClass (#9304) +* OpenTelemetry static linking (#9286) +* Fixed indentation in commented-out autoscaling (#9225) +* run helm release on main only and when the chart/value changes only (#9290) +* fix broken annotation yaml (#9243) +* PDB: Add `maxUnavailable`. (#9278) +* add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242) + +### Dependencies updates: +* Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#9397) +* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9432) +* Bump github.com/onsi/ginkgo/v2 from 2.6.0 to 2.6.1 (#9421) +* Bump github/codeql-action from 2.1.36 to 2.1.37 (#9423) +* Bump actions/checkout from 3.1.0 to 3.2.0 (#9425) +* Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#9426) +* Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#9424) +* Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#9422) +* Bump github.com/prometheus/common from 0.37.0 to 0.39.0 (#9416) +* Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9408) +* Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#9398) +* Bump github/codeql-action from 2.1.35 to 2.1.36 (#9400) +* Bump actions/setup-go from 3.3.1 to 3.4.0 (#9370) +* Bump github/codeql-action from 2.1.31 to 2.1.35 (#9369) +* Bump google.golang.org/grpc from 1.50.1 to 1.51.0 (#9316) +* Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 (#9298) +* Bump actions/dependency-review-action from 3.0.0 to 3.0.1 (#9319) +* Bump golang.org/x/crypto from 0.1.0 to 0.3.0 (#9318) +* Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.1 (#9317) +* Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301) +* Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300) + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.5.2 diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 461601f594..11ab036340 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,31 +1,26 @@ +annotations: + artifacthub.io/changes: | + - "ci: remove setup-helm step (#9404)" + - "feat(helm): Optionally use cert-manager instead admission patch (#9279)" + - "run helm release on main only and when the chart/value changes only (#9290)" + - "Update Ingress-Nginx version controller-v1.5.2" + artifacthub.io/prerelease: "false" apiVersion: v2 -name: ingress-nginx -# When the version is modified, make sure the artifacthub.io/changes list is updated -# Also update CHANGELOG.md -version: 4.4.0 -appVersion: 1.5.1 +appVersion: 1.5.2 +description: Ingress controller for Kubernetes using NGINX as a reverse proxy and + load balancer +engine: gotpl home: https://github.com/kubernetes/ingress-nginx -description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png keywords: - - ingress - - nginx -sources: - - https://github.com/kubernetes/ingress-nginx +- ingress +- nginx +kubeVersion: '>=1.20.0-0' maintainers: - - name: rikatz - - name: strongjz - - name: tao12345666333 -engine: gotpl -kubeVersion: ">=1.20.0-0" -annotations: - # Use this annotation to indicate that this chart version is a pre-release. - # https://artifacthub.io/docs/topics/annotations/helm/ - artifacthub.io/prerelease: "false" - # List of changes for the release in artifacthub.io - # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog - artifacthub.io/changes: | - - Adding support for disabling liveness and readiness probes to the Helm chart - - add:(admission-webhooks) ability to set securityContext - - Updated Helm chart to use the fullname for the electionID if not specified - - Rename controller-wehbooks-networkpolicy.yaml +- name: rikatz +- name: strongjz +- name: tao12345666333 +name: ingress-nginx +sources: +- https://github.com/kubernetes/ingress-nginx +version: 4.4.1 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index af71493fe2..4daff76c63 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.4.0](https://img.shields.io/badge/Version-4.4.0-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) +![Version: 4.4.1](https://img.shields.io/badge/Version-4.4.1-informational?style=flat-square) ![AppVersion: 1.5.2](https://img.shields.io/badge/AppVersion-1.5.2-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -332,13 +332,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629"` | | -| controller.image.digestChroot | string | `"sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345"` | | +| controller.image.digest | string | `"sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655"` | | +| controller.image.digestChroot | string | `"sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.5.1"` | | +| controller.image.tag | string | `"v1.5.2"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/changelog.md.gotmpl b/charts/ingress-nginx/changelog.md.gotmpl new file mode 100644 index 0000000000..de98856708 --- /dev/null +++ b/charts/ingress-nginx/changelog.md.gotmpl @@ -0,0 +1,9 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### {{ .NewHelmChartVersion }} +{{ with .HelmUpdates }} +{{ range . }}* {{ . }} +{{ end }}{{ end }} +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-{{ .PreviousHelmChartVersion }}...helm-chart-{{ .NewHelmChartVersion }} diff --git a/charts/ingress-nginx/changelog/Changelog-1.5.2.md b/charts/ingress-nginx/changelog/Changelog-1.5.2.md new file mode 100644 index 0000000000..5e05638581 --- /dev/null +++ b/charts/ingress-nginx/changelog/Changelog-1.5.2.md @@ -0,0 +1,12 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.4.1 + +* ci: remove setup-helm step (#9404) +* feat(helm): Optionally use cert-manager instead admission patch (#9279) +* run helm release on main only and when the chart/value changes only (#9290) +* Update Ingress-Nginx version controller-v1.5.2 + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.4.1...helm-chart-4.4.1 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index b7089addbd..e5f8922a09 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -14,222 +14,190 @@ commonLabels: {} # myLabel: aakkmd controller: - name: controller - image: - ## Keep false as default for now! - chroot: false - registry: registry.k8s.io - image: ingress-nginx/controller - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: "v1.5.1" - digest: sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 - digestChroot: sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345 - pullPolicy: IfNotPresent - # www-data -> uid 101 - runAsUser: 101 - allowPrivilegeEscalation: true - - # -- Use an existing PSP instead of creating one - existingPsp: "" - - # -- Configures the controller container name - containerName: controller - - # -- Configures the ports that the nginx-controller listens on - containerPort: - http: 80 - https: 443 - - # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ - config: {} - - # -- Annotations to be added to the controller config configuration configmap. - configAnnotations: {} - - # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers - proxySetHeaders: {} - - # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers - addHeaders: {} - - # -- Optionally customize the pod dnsConfig. - dnsConfig: {} - - # -- Optionally customize the pod hostname. - hostname: {} - - # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. - # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller - # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst - - # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network - # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply - reportNodeInternalIp: false - - # -- Process Ingress objects without ingressClass annotation/ingressClassName field - # Overrides value for --watch-ingress-without-class flag of the controller binary - # Defaults to false - watchIngressWithoutClass: false - - # -- Process IngressClass per name (additionally as per spec.controller). - ingressClassByName: false - - # -- This configuration defines if Ingress Controller should allow users to set - # their own *-snippet annotations, otherwise this is forbidden / dropped - # when users add those annotations. - # Global snippets in ConfigMap are still respected - allowSnippetAnnotations: true - - # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), - # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 - # is merged - hostNetwork: false - - ## Use host ports 80 and 443 - ## Disabled by default - hostPort: - # -- Enable 'hostPort' or not - enabled: false - ports: - # -- 'hostPort' http port - http: 80 - # -- 'hostPort' https port - https: 443 - - # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' - electionID: "" - - ## This section refers to the creation of the IngressClass resource - ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 - ingressClassResource: - # -- Name of the ingressClass - name: nginx - # -- Is this ingressClass enabled or not - enabled: true - # -- Is this the default ingressClass for the cluster - default: false - # -- Controller-value of the controller that is processing this ingressClass - controllerValue: "k8s.io/ingress-nginx" - - # -- Parameters is a link to a custom resource containing additional - # configuration for the controller. This is optional if the controller - # does not require extra parameters. - parameters: {} - - # -- For backwards compatibility with ingress.class annotation, use ingressClass. - # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation - ingressClass: nginx - - # -- Labels to add to the pod container metadata - podLabels: {} - # key: value - - # -- Security Context policies for controller pods - podSecurityContext: {} - - # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls - sysctls: {} - # sysctls: - # "net.core.somaxconn": "8192" - - # -- Allows customization of the source of the IP address or FQDN to report - # in the ingress status field. By default, it reads the information provided - # by the service. If disable, the status field reports the IP address of the - # node or nodes where an ingress controller pod is running. - publishService: - # -- Enable 'publishService' or not - enabled: true - # -- Allows overriding of the publish service to bind to - # Must be / - pathOverride: "" - - # Limit the scope of the controller to a specific namespace - scope: - # -- Enable 'scope' or not - enabled: false - # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) - namespace: "" - # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels - # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. - namespaceSelector: "" + name: controller + image: + ## Keep false as default for now! + chroot: false + registry: registry.k8s.io + image: ingress-nginx/controller + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "v1.5.2" + digest: sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + digestChroot: sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b + pullPolicy: IfNotPresent + # www-data -> uid 101 + runAsUser: 101 + allowPrivilegeEscalation: true + # -- Use an existing PSP instead of creating one + existingPsp: "" + # -- Configures the controller container name + containerName: controller + # -- Configures the ports that the nginx-controller listens on + containerPort: + http: 80 + https: 443 + # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ + config: {} + # -- Annotations to be added to the controller config configuration configmap. + configAnnotations: {} + # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers + proxySetHeaders: {} + # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers + addHeaders: {} + # -- Optionally customize the pod dnsConfig. + dnsConfig: {} + # -- Optionally customize the pod hostname. + hostname: {} + # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. + # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller + # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. + dnsPolicy: ClusterFirst + # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network + # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply + reportNodeInternalIp: false + # -- Process Ingress objects without ingressClass annotation/ingressClassName field + # Overrides value for --watch-ingress-without-class flag of the controller binary + # Defaults to false + watchIngressWithoutClass: false + # -- Process IngressClass per name (additionally as per spec.controller). + ingressClassByName: false + # -- This configuration defines if Ingress Controller should allow users to set + # their own *-snippet annotations, otherwise this is forbidden / dropped + # when users add those annotations. + # Global snippets in ConfigMap are still respected + allowSnippetAnnotations: true + # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), + # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 + # is merged + hostNetwork: false + ## Use host ports 80 and 443 + ## Disabled by default + hostPort: + # -- Enable 'hostPort' or not + enabled: false + ports: + # -- 'hostPort' http port + http: 80 + # -- 'hostPort' https port + https: 443 + # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' + electionID: "" + ## This section refers to the creation of the IngressClass resource + ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 + ingressClassResource: + # -- Name of the ingressClass + name: nginx + # -- Is this ingressClass enabled or not + enabled: true + # -- Is this the default ingressClass for the cluster + default: false + # -- Controller-value of the controller that is processing this ingressClass + controllerValue: "k8s.io/ingress-nginx" + # -- Parameters is a link to a custom resource containing additional + # configuration for the controller. This is optional if the controller + # does not require extra parameters. + parameters: {} + # -- For backwards compatibility with ingress.class annotation, use ingressClass. + # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation + ingressClass: nginx + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + + # -- Security Context policies for controller pods + podSecurityContext: {} + # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls + sysctls: {} + # sysctls: + # "net.core.somaxconn": "8192" + + # -- Allows customization of the source of the IP address or FQDN to report + # in the ingress status field. By default, it reads the information provided + # by the service. If disable, the status field reports the IP address of the + # node or nodes where an ingress controller pod is running. + publishService: + # -- Enable 'publishService' or not + enabled: true + # -- Allows overriding of the publish service to bind to + # Must be / + pathOverride: "" + # Limit the scope of the controller to a specific namespace + scope: + # -- Enable 'scope' or not + enabled: false + # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) + namespace: "" + # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels + # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. + namespaceSelector: "" + # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + tcp: + # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the tcp config configmap + annotations: {} + udp: + # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the udp config configmap + annotations: {} + # -- Maxmind license key to download GeoLite2 Databases. + ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + maxmindLicenseKey: "" + # -- Additional command line arguments to pass to nginx-ingress-controller + # E.g. to specify the default SSL certificate you can use + extraArgs: {} + ## extraArgs: + ## default-ssl-certificate: "/" - # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) - configMapNamespace: "" + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource - tcp: - # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) - configMapNamespace: "" - # -- Annotations to be added to the tcp config configmap + # -- Use a `DaemonSet` or `Deployment` + kind: Deployment + # -- Annotations to be added to the controller Deployment or DaemonSet + ## annotations: {} + # keel.sh/pollSchedule: "@every 60m" - udp: - # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) - configMapNamespace: "" - # -- Annotations to be added to the udp config configmap - annotations: {} + # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels + ## + labels: {} + # keel.sh/policy: patch + # keel.sh/trigger: poll - # -- Maxmind license key to download GeoLite2 Databases. - ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases - maxmindLicenseKey: "" - - # -- Additional command line arguments to pass to nginx-ingress-controller - # E.g. to specify the default SSL certificate you can use - extraArgs: {} - ## extraArgs: - ## default-ssl-certificate: "/" - - # -- Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - - # -- Use a `DaemonSet` or `Deployment` - kind: Deployment - - # -- Annotations to be added to the controller Deployment or DaemonSet - ## - annotations: {} - # keel.sh/pollSchedule: "@every 60m" - - # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels - ## - labels: {} - # keel.sh/policy: patch - # keel.sh/trigger: poll - - - # -- The update strategy to apply to the Deployment or DaemonSet - ## - updateStrategy: {} - # rollingUpdate: - # maxUnavailable: 1 - # type: RollingUpdate - - # -- `minReadySeconds` to avoid killing pods before we are ready - ## - minReadySeconds: 0 - - - # -- Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - # -- Affinity and anti-affinity rules for server scheduling to nodes - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} + # -- The update strategy to apply to the Deployment or DaemonSet + ## + updateStrategy: {} + # rollingUpdate: + # maxUnavailable: 1 + # type: RollingUpdate + + # -- `minReadySeconds` to avoid killing pods before we are ready + ## + minReadySeconds: 0 + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + # -- Affinity and anti-affinity rules for server scheduling to nodes + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} # # An example of preferred pod anti-affinity, weight is in the range 1-100 # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: @@ -270,10 +238,10 @@ controller: # - controller # topologyKey: "kubernetes.io/hostname" - # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] + # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule @@ -281,669 +249,605 @@ controller: # matchLabels: # app.kubernetes.io/instance: ingress-nginx-internal - # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready - ## wait up to five minutes for the drain of connections - ## - terminationGracePeriodSeconds: 300 - - # -- Node labels for controller pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: - kubernetes.io/os: linux - - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - ## startupProbe: - ## httpGet: - ## # should match container.healthCheckPath - ## path: "/healthz" - ## port: 10254 - ## scheme: HTTP - ## initialDelaySeconds: 5 - ## periodSeconds: 5 - ## timeoutSeconds: 2 - ## successThreshold: 1 - ## failureThreshold: 5 - livenessProbe: - httpGet: - # should match container.healthCheckPath - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: - httpGet: - # should match container.healthCheckPath - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - - - # -- Path of the health check endpoint. All requests received on the port defined by - # the healthz-port parameter are forwarded internally to this path. - healthCheckPath: "/healthz" - - # -- Address to bind the health check endpoint. - # It is better to set this option to the internal node address - # if the ingress nginx controller is running in the `hostNetwork: true` mode. - healthCheckHost: "" - - # -- Annotations to be added to controller pods - ## - podAnnotations: {} - - replicaCount: 1 - - # -- Define either 'minAvailable' or 'maxUnavailable', never both. - minAvailable: 1 - # -- Define either 'minAvailable' or 'maxUnavailable', never both. - # maxUnavailable: 1 - - ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes - ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 - ## Ideally, there should be no limits. - ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ - resources: - ## limits: - ## cpu: 100m - ## memory: 90Mi - requests: - cpu: 100m - memory: 90Mi - - # Mutually exclusive with keda autoscaling - autoscaling: - apiVersion: autoscaling/v2 - enabled: false - annotations: {} - minReplicas: 1 - maxReplicas: 11 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - behavior: {} - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 2 - # periodSeconds: 60 - - autoscalingTemplate: [] - # Custom or additional autoscaling metrics - # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics - # - type: Pods - # pods: - # metric: - # name: nginx_ingress_controller_nginx_process_requests_total - # target: - # type: AverageValue - # averageValue: 10000m - - # Mutually exclusive with hpa autoscaling - keda: - apiVersion: "keda.sh/v1alpha1" - ## apiVersion changes with keda 1.x vs 2.x - ## 2.x = keda.sh/v1alpha1 - ## 1.x = keda.k8s.io/v1alpha1 - enabled: false - minReplicas: 1 - maxReplicas: 11 - pollingInterval: 30 - cooldownPeriod: 300 - restoreToOriginalReplicaCount: false - scaledObject: - annotations: {} - # Custom annotations for ScaledObject resource - # annotations: - # key: value - triggers: [] - # - type: prometheus - # metadata: - # serverAddress: http://:9090 - # metricName: http_requests_total - # threshold: '100' - # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) - - behavior: {} - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 2 - # periodSeconds: 60 - - # -- Enable mimalloc as a drop-in replacement for malloc. - ## ref: https://github.com/microsoft/mimalloc - ## - enableMimalloc: true - - ## Override NGINX template - customTemplate: - configMapName: "" - configMapKey: "" - - service: - enabled: true - - # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were - # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # It allows choosing the protocol for each backend specified in the Kubernetes service. - # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 - # Will be ignored for Kubernetes versions older than 1.20 + # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready + ## wait up to five minutes for the drain of connections ## - appProtocol: true - - annotations: {} - labels: {} - # clusterIP: "" - - # -- List of IP addresses at which the controller services are available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + terminationGracePeriodSeconds: 300 + # -- Node labels for controller pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## - externalIPs: [] - - # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - enableHttp: true - enableHttps: true - - ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" - - ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - # sessionAffinity: "" - - ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, - ## the service controller allocates a port from your cluster’s NodePort range. - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - # healthCheckNodePort: 0 - - # -- Represents the dual-stack-ness requested or required by this Service. Possible values are - # SingleStack, PreferDualStack or RequireDualStack. - # The ipFamilies and clusterIPs fields depend on the value of this field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilyPolicy: "SingleStack" - - # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically - # based on cluster configuration and the ipFamilyPolicy field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilies: - - IPv4 - - ports: - http: 80 - https: 443 - - targetPorts: - http: http - https: https - - type: LoadBalancer - - ## type: NodePort - ## nodePorts: - ## http: 32080 - ## https: 32443 - ## tcp: - ## 8080: 32808 - nodePorts: - http: "" - https: "" - tcp: {} - udp: {} - - external: - enabled: true - - internal: - # -- Enables an additional internal load balancer (besides the external one). - enabled: false - # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. - annotations: {} - - # loadBalancerIP: "" - - # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. - loadBalancerSourceRanges: [] - - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" - - # shareProcessNamespace enables process namespace sharing within the pod. - # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. - shareProcessNamespace: false - - # -- Additional containers to be added to the controller pod. - # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. - extraContainers: [] - # - name: my-sidecar - # image: nginx:latest - # - name: lemonldap-ng-controller - # image: lemonldapng/lemonldap-ng-controller:0.2.0 - # args: - # - /lemonldap-ng-controller - # - --alsologtostderr - # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration - # env: - # - name: POD_NAME - # valueFrom: - # fieldRef: - # fieldPath: metadata.name - # - name: POD_NAMESPACE - # valueFrom: - # fieldRef: - # fieldPath: metadata.namespace - # volumeMounts: - # - name: copy-portal-skins - # mountPath: /srv/var/lib/lemonldap-ng/portal/skins - - # -- Additional volumeMounts to the controller main container. - extraVolumeMounts: [] - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins - - # -- Additional volumes to the controller pod. - extraVolumes: [] - # - name: copy-portal-skins - # emptyDir: {} - - # -- Containers, which are run before the app containers are started. - extraInitContainers: [] - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - - # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module - extraModules: [] - # containerSecurityContext: - # allowPrivilegeEscalation: false - # - # The image must contain a `/usr/local/bin/init_module.sh` executable, which - # will be executed as initContainers, to move its config files within the - # mounted volume. - - opentelemetry: - enabled: false - image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c - containerSecurityContext: - allowPrivilegeEscalation: false - - admissionWebhooks: - annotations: {} - # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". - - ## Additional annotations to the admission webhooks. - ## These annotations will be added to the ValidatingWebhookConfiguration and - ## the Jobs Spec of the admission webhooks. - enabled: true - # -- Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - # -- Admission Webhook failure policy to use - failurePolicy: Fail - # timeoutSeconds: 10 - port: 8443 - certificate: "/usr/local/certificates/cert" - key: "/usr/local/certificates/key" - namespaceSelector: {} - objectSelector: {} - # -- Labels to be added to admission webhooks - labels: {} - - # -- Use an existing PSP instead of creating one - existingPsp: "" - networkPolicyEnabled: false - - service: - annotations: {} - # clusterIP: "" - externalIPs: [] - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 443 - type: ClusterIP - - createSecretJob: - securityContext: - allowPrivilegeEscalation: false - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi - - patchWebhookJob: - securityContext: - allowPrivilegeEscalation: false - resources: {} - - patch: - enabled: true - image: - registry: registry.k8s.io - image: ingress-nginx/kube-webhook-certgen - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: v20220916-gd32f8c343 - digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - pullPolicy: IfNotPresent - # -- Provide a priority class name to the webhook patching job - ## - priorityClassName: "" - podAnnotations: {} - nodeSelector: + nodeSelector: kubernetes.io/os: linux - tolerations: [] - # -- Labels to be added to patch job resources - labels: {} - securityContext: - runAsNonRoot: true - runAsUser: 2000 - fsGroup: 2000 - - # Use certmanager to generate webhook certs - certManager: - enabled: false - # self-signed root certificate - rootCert: - duration: "" # default to be 5y - admissionCert: - duration: "" # default to be 1y - # issuerRef: - # name: "issuer" - # kind: "ClusterIssuer" - - metrics: - port: 10254 - portName: metrics - # if this port is changed, change healthz-port: in extraArgs: accordingly - enabled: false - + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + ## startupProbe: + ## httpGet: + ## # should match container.healthCheckPath + ## path: "/healthz" + ## port: 10254 + ## scheme: HTTP + ## initialDelaySeconds: 5 + ## periodSeconds: 5 + ## timeoutSeconds: 2 + ## successThreshold: 1 + ## failureThreshold: 5 + livenessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + # -- Path of the health check endpoint. All requests received on the port defined by + # the healthz-port parameter are forwarded internally to this path. + healthCheckPath: "/healthz" + # -- Address to bind the health check endpoint. + # It is better to set this option to the internal node address + # if the ingress nginx controller is running in the `hostNetwork: true` mode. + healthCheckHost: "" + # -- Annotations to be added to controller pods + ## + podAnnotations: {} + replicaCount: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + # maxUnavailable: 1 + + ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes + ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 + ## Ideally, there should be no limits. + ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ + resources: + ## limits: + ## cpu: 100m + ## memory: 90Mi + requests: + cpu: 100m + memory: 90Mi + # Mutually exclusive with keda autoscaling + autoscaling: + apiVersion: autoscaling/v2 + enabled: false + annotations: {} + minReplicas: 1 + maxReplicas: 11 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + autoscalingTemplate: [] + # Custom or additional autoscaling metrics + # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics + # - type: Pods + # pods: + # metric: + # name: nginx_ingress_controller_nginx_process_requests_total + # target: + # type: AverageValue + # averageValue: 10000m + + # Mutually exclusive with hpa autoscaling + keda: + apiVersion: "keda.sh/v1alpha1" + ## apiVersion changes with keda 1.x vs 2.x + ## 2.x = keda.sh/v1alpha1 + ## 1.x = keda.k8s.io/v1alpha1 + enabled: false + minReplicas: 1 + maxReplicas: 11 + pollingInterval: 30 + cooldownPeriod: 300 + restoreToOriginalReplicaCount: false + scaledObject: + annotations: {} + # Custom annotations for ScaledObject resource + # annotations: + # key: value + triggers: [] + # - type: prometheus + # metadata: + # serverAddress: http://:9090 + # metricName: http_requests_total + # threshold: '100' + # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) + + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + # -- Enable mimalloc as a drop-in replacement for malloc. + ## ref: https://github.com/microsoft/mimalloc + ## + enableMimalloc: true + ## Override NGINX template + customTemplate: + configMapName: "" + configMapKey: "" service: - annotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "10254" - - # clusterIP: "" - - # -- List of IP addresses at which the stats-exporter service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 10254 - type: ClusterIP - # externalTrafficPolicy: "" - # nodePort: "" - - serviceMonitor: - enabled: false - additionalLabels: {} - ## The label to use to retrieve the job name from. - ## jobLabel: "app.kubernetes.io/name" - namespace: "" - namespaceSelector: {} - ## Default: scrape .Release.Namespace only - ## To scrape all, use the following: - ## namespaceSelector: - ## any: true - scrapeInterval: 30s - # honorLabels: true - targetLabels: [] - relabelings: [] - metricRelabelings: [] - - prometheusRule: - enabled: false - additionalLabels: {} - # namespace: "" - rules: [] - # # These are just examples rules, please adapt them to your needs - # - alert: NGINXConfigFailed - # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 - # for: 1s - # labels: - # severity: critical - # annotations: - # description: bad ingress config - nginx config test failed - # summary: uninstall the latest ingress changes to allow config reloads to resume - # - alert: NGINXCertificateExpiry - # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 - # for: 1s - # labels: - # severity: critical - # annotations: - # description: ssl certificate(s) will expire in less then a week - # summary: renew expiring certificates to avoid downtime - # - alert: NGINXTooMany500s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: warning - # annotations: - # description: Too many 5XXs - # summary: More than 5% of all requests returned 5XX, this requires your attention - # - alert: NGINXTooMany400s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: warning - # annotations: - # description: Too many 4XXs - # summary: More than 5% of all requests returned 4XX, this requires your attention - - # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: - # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds - # to 300, allowing the draining of connections up to five minutes. - # If the active connections end before that, the pod will terminate gracefully at that time. - # To effectively take advantage of this feature, the Configmap feature - # worker-shutdown-timeout new value is 240s instead of 10s. - ## - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - - priorityClassName: "" - + enabled: true + # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were + # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http + # It allows choosing the protocol for each backend specified in the Kubernetes service. + # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 + # Will be ignored for Kubernetes versions older than 1.20 + ## + appProtocol: true + annotations: {} + labels: {} + # clusterIP: "" + + # -- List of IP addresses at which the controller services are available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + loadBalancerIP: "" + loadBalancerSourceRanges: [] + enableHttp: true + enableHttps: true + ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + + ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + # sessionAffinity: "" + + ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, + ## the service controller allocates a port from your cluster’s NodePort range. + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # healthCheckNodePort: 0 + + # -- Represents the dual-stack-ness requested or required by this Service. Possible values are + # SingleStack, PreferDualStack or RequireDualStack. + # The ipFamilies and clusterIPs fields depend on the value of this field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilyPolicy: "SingleStack" + # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically + # based on cluster configuration and the ipFamilyPolicy field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilies: + - IPv4 + ports: + http: 80 + https: 443 + targetPorts: + http: http + https: https + type: LoadBalancer + ## type: NodePort + ## nodePorts: + ## http: 32080 + ## https: 32443 + ## tcp: + ## 8080: 32808 + nodePorts: + http: "" + https: "" + tcp: {} + udp: {} + external: + enabled: true + internal: + # -- Enables an additional internal load balancer (besides the external one). + enabled: false + # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. + annotations: {} + # loadBalancerIP: "" + + # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. + loadBalancerSourceRanges: [] + ## Set external traffic policy to: "Local" to preserve source IP on + ## providers supporting it + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + # shareProcessNamespace enables process namespace sharing within the pod. + # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. + shareProcessNamespace: false + # -- Additional containers to be added to the controller pod. + # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + extraContainers: [] + # - name: my-sidecar + # image: nginx:latest + # - name: lemonldap-ng-controller + # image: lemonldapng/lemonldap-ng-controller:0.2.0 + # args: + # - /lemonldap-ng-controller + # - --alsologtostderr + # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration + # env: + # - name: POD_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.name + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: + # fieldPath: metadata.namespace + # volumeMounts: + # - name: copy-portal-skins + # mountPath: /srv/var/lib/lemonldap-ng/portal/skins + + # -- Additional volumeMounts to the controller main container. + extraVolumeMounts: [] + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + # -- Additional volumes to the controller pod. + extraVolumes: [] + # - name: copy-portal-skins + # emptyDir: {} + + # -- Containers, which are run before the app containers are started. + extraInitContainers: [] + # - name: init-myservice + # image: busybox + # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + + # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module + extraModules: [] + # containerSecurityContext: + # allowPrivilegeEscalation: false + # + # The image must contain a `/usr/local/bin/init_module.sh` executable, which + # will be executed as initContainers, to move its config files within the + # mounted volume. + + opentelemetry: + enabled: false + image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c + containerSecurityContext: + allowPrivilegeEscalation: false + admissionWebhooks: + annotations: {} + # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". + + ## Additional annotations to the admission webhooks. + ## These annotations will be added to the ValidatingWebhookConfiguration and + ## the Jobs Spec of the admission webhooks. + enabled: true + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + # -- Admission Webhook failure policy to use + failurePolicy: Fail + # timeoutSeconds: 10 + port: 8443 + certificate: "/usr/local/certificates/cert" + key: "/usr/local/certificates/key" + namespaceSelector: {} + objectSelector: {} + # -- Labels to be added to admission webhooks + labels: {} + # -- Use an existing PSP instead of creating one + existingPsp: "" + networkPolicyEnabled: false + service: + annotations: {} + # clusterIP: "" + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 443 + type: ClusterIP + createSecretJob: + securityContext: + allowPrivilegeEscalation: false + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + patchWebhookJob: + securityContext: + allowPrivilegeEscalation: false + resources: {} + patch: + enabled: true + image: + registry: registry.k8s.io + image: ingress-nginx/kube-webhook-certgen + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: v20220916-gd32f8c343 + digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + pullPolicy: IfNotPresent + # -- Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + podAnnotations: {} + nodeSelector: + kubernetes.io/os: linux + tolerations: [] + # -- Labels to be added to patch job resources + labels: {} + securityContext: + runAsNonRoot: true + runAsUser: 2000 + fsGroup: 2000 + # Use certmanager to generate webhook certs + certManager: + enabled: false + # self-signed root certificate + rootCert: + # default to be 5y + duration: "" + admissionCert: + # default to be 1y + duration: "" + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" + metrics: + port: 10254 + portName: metrics + # if this port is changed, change healthz-port: in extraArgs: accordingly + enabled: false + service: + annotations: {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "10254" + + # clusterIP: "" + + # -- List of IP addresses at which the stats-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 10254 + type: ClusterIP + # externalTrafficPolicy: "" + # nodePort: "" + serviceMonitor: + enabled: false + additionalLabels: {} + ## The label to use to retrieve the job name from. + ## jobLabel: "app.kubernetes.io/name" + namespace: "" + namespaceSelector: {} + ## Default: scrape .Release.Namespace only + ## To scrape all, use the following: + ## namespaceSelector: + ## any: true + scrapeInterval: 30s + # honorLabels: true + targetLabels: [] + relabelings: [] + metricRelabelings: [] + prometheusRule: + enabled: false + additionalLabels: {} + # namespace: "" + rules: [] + # # These are just examples rules, please adapt them to your needs + # - alert: NGINXConfigFailed + # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: bad ingress config - nginx config test failed + # summary: uninstall the latest ingress changes to allow config reloads to resume + # - alert: NGINXCertificateExpiry + # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: ssl certificate(s) will expire in less then a week + # summary: renew expiring certificates to avoid downtime + # - alert: NGINXTooMany500s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 5XXs + # summary: More than 5% of all requests returned 5XX, this requires your attention + # - alert: NGINXTooMany400s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 4XXs + # summary: More than 5% of all requests returned 4XX, this requires your attention + # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: + # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds + # to 300, allowing the draining of connections up to five minutes. + # If the active connections end before that, the pod will terminate gracefully at that time. + # To effectively take advantage of this feature, the Configmap feature + # worker-shutdown-timeout new value is 240s instead of 10s. + ## + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + priorityClassName: "" # -- Rollback limit ## revisionHistoryLimit: 10 - ## Default 404 backend ## defaultBackend: - ## - enabled: false - - name: defaultbackend - image: - registry: registry.k8s.io - image: defaultbackend-amd64 - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: "1.5" - pullPolicy: IfNotPresent - # nobody user -> uid 65534 - runAsUser: 65534 - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - - # -- Use an existing PSP instead of creating one - existingPsp: "" - - extraArgs: {} - - serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - # -- Additional environment variables to set for defaultBackend pods - extraEnvs: [] - - port: 8080 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 0 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - - # -- Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - affinity: {} - - # -- Security Context policies for controller pods - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## - podSecurityContext: {} - - # -- Security Context policies for controller main container. - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## - containerSecurityContext: {} - - # -- Labels to add to the pod container metadata - podLabels: {} - # key: value - - # -- Node labels for default backend pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: - kubernetes.io/os: linux - - # -- Annotations to be added to default backend pods - ## - podAnnotations: {} - - replicaCount: 1 - - minAvailable: 1 - - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi - - extraVolumeMounts: [] - ## Additional volumeMounts to the default backend container. - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins - - extraVolumes: [] - ## Additional volumes to the default backend pod. - # - name: copy-portal-skins - # emptyDir: {} - - autoscaling: - annotations: {} + ## enabled: false - minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - - service: - annotations: {} - - # clusterIP: "" - - # -- List of IP addresses at which the default backend service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + name: defaultbackend + image: + registry: registry.k8s.io + image: defaultbackend-amd64 + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "1.5" + pullPolicy: IfNotPresent + # nobody user -> uid 65534 + runAsUser: 65534 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + # -- Use an existing PSP instead of creating one + existingPsp: "" + extraArgs: {} + serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + # -- Additional environment variables to set for defaultBackend pods + extraEnvs: [] + port: 8080 + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ ## - externalIPs: [] - - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - type: ClusterIP - - priorityClassName: "" - # -- Labels to be added to the default backend resources - labels: {} + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 0 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + affinity: {} + # -- Security Context policies for controller pods + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + podSecurityContext: {} + # -- Security Context policies for controller main container. + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + containerSecurityContext: {} + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + # -- Node labels for default backend pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux + # -- Annotations to be added to default backend pods + ## + podAnnotations: {} + replicaCount: 1 + minAvailable: 1 + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + extraVolumeMounts: [] + ## Additional volumeMounts to the default backend container. + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + extraVolumes: [] + ## Additional volumes to the default backend pod. + # - name: copy-portal-skins + # emptyDir: {} + + autoscaling: + annotations: {} + enabled: false + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + service: + annotations: {} + # clusterIP: "" + + # -- List of IP addresses at which the default backend service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + type: ClusterIP + priorityClassName: "" + # -- Labels to be added to the default backend resources + labels: {} ## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 rbac: - create: true - scope: false - + create: true + scope: false ## If true, create & use Pod Security Policy resources ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ podSecurityPolicy: - enabled: false - + enabled: false serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - # -- Annotations for the controller service account - annotations: {} - + create: true + name: "" + automountServiceAccountToken: true + # -- Annotations for the controller service account + annotations: {} # -- Optional array of imagePullSecrets containing private registry credentials ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] @@ -964,7 +868,6 @@ udp: {} # -- Prefix for TCP and UDP ports names in ingress controller service ## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration portNamePrefix: "" - # -- (string) A base64-encoded Diffie-Hellman parameter. # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index fbdf9486a5..54d315b50f 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -359,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -392,7 +377,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -415,7 +400,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -455,7 +440,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -527,7 +512,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -538,7 +523,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -574,7 +559,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -585,7 +570,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -623,7 +608,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -636,7 +621,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 73ec24286b..819de90793 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -350,7 +335,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -368,7 +353,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -401,7 +386,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -424,7 +409,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -464,7 +449,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -539,7 +524,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -550,7 +535,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -586,7 +571,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -597,7 +582,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -635,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -648,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index 9e6e905bb3..73aec6dc92 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -449,7 +434,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -521,7 +506,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -532,7 +517,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -568,7 +553,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -579,7 +564,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -617,7 +602,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -630,7 +615,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index dd986a55de..19455ed279 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -388,7 +373,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -411,7 +396,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -451,7 +436,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -523,7 +508,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -534,7 +519,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -570,7 +555,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -581,7 +566,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -619,7 +604,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -632,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 64e0366b41..3c4a022c31 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -344,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -358,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -414,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -573,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -622,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index d6a40aed94..084fcd8973 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -364,7 +349,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -397,7 +382,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -420,7 +405,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -460,7 +445,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -532,7 +517,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -543,7 +528,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -579,7 +564,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -590,7 +575,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -628,7 +613,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -641,7 +626,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 62ead9e34c..355ca80546 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -343,7 +328,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -355,7 +340,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -387,7 +372,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -410,7 +395,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -455,7 +440,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -537,7 +522,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -548,7 +533,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -584,7 +569,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -595,7 +580,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -633,7 +618,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -646,7 +631,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index d52f014896..ff8b820b31 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,21 +90,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resourceNames: - - ingress-nginx-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - apiGroups: - coordination.k8s.io resourceNames: @@ -144,7 +129,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -163,7 +148,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx rules: - apiGroups: @@ -245,7 +230,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission rules: - apiGroups: @@ -264,7 +249,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -284,7 +269,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -303,7 +288,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -322,7 +307,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -344,7 +329,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -358,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -391,7 +376,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -414,7 +399,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -454,7 +439,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -526,7 +511,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -537,7 +522,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-create spec: containers: @@ -573,7 +558,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -584,7 +569,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission-patch spec: containers: @@ -622,7 +607,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: nginx spec: controller: k8s.io/ingress-nginx @@ -635,7 +620,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.1 + app.kubernetes.io/version: 1.5.2 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 29495b5c0a..71a27b15f3 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -62,7 +62,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -225,7 +225,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -233,10 +233,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -282,7 +282,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -299,7 +299,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -307,7 +307,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -315,7 +315,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -330,7 +330,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml ``` A @@ -357,7 +357,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index d5aa6cc16b..f943a96a68 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -7,139 +7,685 @@ Do not try to edit it manually. -### [Geoip2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L37) +### [[Serial] admission controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L35) + +- [reject ingress with global-rate-limit annotations when memcached is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L48) +- [should not allow overlaps of host and paths without canary annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L75) +- [should allow overlaps of host and paths with canary annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L92) +- [should block ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L113) +- [should return an error if there is an error validating the ingress definition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L130) +- [should return an error if there is an invalid value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L141) +- [should return an error if there is a forbidden value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L155) +- [should not return an error if the Ingress V1 definition is valid with Ingress Class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L169) +- [should not return an error if the Ingress V1 definition is valid with IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L185) +- [should return an error if the Ingress V1 definition contains invalid annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L201) +- [should not return an error for an invalid Ingress when it has unknown class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L212) + +### [affinity session-cookie-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L35) + +- [should set sticky cookie SERVERID](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L42) +- [should change cookie name on ingress definition change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L64) +- [should set the path to /something on the generated cookie](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L99) +- [does not set the path to / on the generated cookie if there's more than one rule referring to the same backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L121) +- [should set cookie with expires](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L194) +- [should set cookie with domain](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L225) +- [should not set cookie without domain annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L248) +- [should work with use-regex annotation and session-cookie-path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L270) +- [should warn user when use-regex is true and session-cookie-path is not set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L294) +- [should not set affinity across all server locations when using separate ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L320) +- [should set sticky cookie without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L352) +- [should work with server-alias annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L372) +- [should set secure in cookie with provided true annotation on http](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L412) +- [should not set secure in cookie with provided false annotation on http](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L435) +- [should set secure in cookie with provided false annotation on https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L458) + +### [affinitymode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L31) + +- [Balanced affinity mode should balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L34) +- [Check persistent affinity mode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L67) + +### [server-alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L29) + +- [should return status code 200 for host 'foo' and 404 for 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L36) +- [should return status code 200 for host 'foo' and 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L62) +- [should return status code 200 for hosts defined in two ingresses, different path with one alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L87) + +### [app-root](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L28) + +- [should redirect to /foo](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L35) + +### [auth-tls-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L29) + +- [should set sslClientCertificate, sslVerifyClient and sslVerifyDepth with auth-tls-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L36) +- [should set valid auth-tls-secret, sslVerify to off, and sslVerifyDepth to 2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L84) +- [should 302 redirect to error page instead of 400 when auth-tls-error-page is set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L114) +- [should pass URL-encoded certificate to upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L161) +- [should validate auth-tls-verify-client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L206) +- [should return 403 using auth-tls-match-cn with no matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L266) +- [should return 200 using auth-tls-match-cn with matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L295) +- [should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L324) + +### [backend-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L27) + +- [should set backend protocol to https:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L34) +- [should set backend protocol to $scheme:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L49) +- [should set backend protocol to grpc:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L64) +- [should set backend protocol to grpcs:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L79) +- [should set backend protocol to '' and use fastcgi_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L94) +- [should set backend protocol to '' and use ajp_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L109) + +### [canary-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L36) + +- [should response with a 200 status from the mainline upstream when requests are made to the mainline ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L48) +- [should return 404 status for requests to the canary if no matching ingress is found](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L80) +- [should return the correct status codes when endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L107) +- [should route requests to the correct upstream if mainline ingress is created before the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L161) +- [should route requests to the correct upstream if mainline ingress is created after the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L206) +- [should route requests to the correct upstream if the mainline ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L250) +- [should route requests to the correct upstream if the canary ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L307) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L372) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L426) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L490) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L532) +- [should routes to mainline upstream when the given Regex causes error](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L566) +- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L604) +- [respects always and never values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L643) +- [should route requests only to mainline if canary weight is 0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L705) +- [should route requests only to canary if canary weight is 100](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L743) +- [should route requests only to canary if canary weight is equal to canary weight total](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L775) +- [should route requests split between mainline and canary if canary weight is 50](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L808) +- [should not use canary as a catch-all server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L836) +- [should not use canary with domain as a server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L864) +- [does not crash when canary ingress has multiple paths to the same non-matching backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L888) +- [always routes traffic to canary if first request was affinitized to canary (default behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L916) +- [always routes traffic to canary if first request was affinitized to canary (explicit sticky behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L973) +- [routes traffic to either mainline or canary backend (legacy behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L1031) -- [should include geoip2 line in config when enabled and db file exists](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L46) -- [should only allow requests from specific countries](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L70) +### [client-body-buffer-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L28) -### [[Security] global-auth-url](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L34) +- [should set client_body_buffer_size to 1000](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L35) +- [should set client_body_buffer_size to 1K](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L57) +- [should set client_body_buffer_size to 1k](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L79) +- [should set client_body_buffer_size to 1m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L101) +- [should set client_body_buffer_size to 1M](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L123) +- [should not set client_body_buffer_size to invalid 1b](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L145) -- [should return status code 401 when request any protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L85) -- [should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L102) -- [should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L126) -- [should still return status code 200 after auth backend is deleted using cache](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L155) -- [should proxy_method method when global-auth-method is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L197) -- [should add custom error page when global-auth-signin url is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L210) -- [should add auth headers when global-auth-response-headers is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L223) -- [should set request-redirect when global-auth-request-redirect is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L237) -- [should set snippet when global external auth is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L250) -- [user retains cookie by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L326) -- [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L337) -- [user with global-auth-always-set-cookie key in configmap retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L348) +### [connection-proxy-header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L29) -### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L40) +- [set connection header to keep-alive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L36) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L43) +### [cors-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L28) -### [log-format-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L28) +- [should enable cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L35) +- [should set cors methods to only allow POST, GET](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L62) +- [should set cors max-age](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L78) +- [should disable cors allow credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L94) +- [should allow origin for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L110) +- [should allow headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L137) +- [should expose headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L153) +- [should allow - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L169) +- [should not allow - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L196) +- [should allow correct origins - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L216) +- [should not break functionality](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L267) +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L291) +- [should not break functionality with extra domain](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L314) +- [should not match](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L338) +- [should allow - single origin with required port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L358) +- [should not allow - single origin with port and origin without port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L386) +- [should not allow - single origin without port and origin with required port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L405) +- [should allow - matching origin with wildcard origin (2 subdomains)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L425) +- [should not allow - unmatching origin with wildcard origin (2 subdomains)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L468) +- [should allow - matching origin+port with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L488) +- [should not allow - portless origin with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L515) +- [should allow correct origins - missing subdomain + origin with wildcard origin and correct origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L535) +- [should allow - missing origins (should allow all origins)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L571) -- [should disable the log-format-escape-json by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L40) -- [should enable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L47) -- [should disable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L55) -- [log-format-escape-json enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L66) -- [log-format-escape-json disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L89) +### [custom-http-errors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L34) -### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L29) +- [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L41) -- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) -- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) +### [default-backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L29) -### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) +- [should use a custom default backend as upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L37) -- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) -- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) +### [disable-access-log disable-http-access-log disable-stream-access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L28) -### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L28) +- [disable-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L35) +- [disable-http-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L53) +- [disable-stream-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L71) -- [Add ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L31) +### [backend-protocol - FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L31) -### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) +- [should use fastcgi_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L38) +- [should add fastcgi_index in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L55) +- [should add fastcgi_param in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L72) +- [should return OK for service with backend protocol FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L105) -- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) -- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) -- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) -- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) +### [force-ssl-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L27) -### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L28) +- [should redirect to https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L34) -- [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L35) +### [from-to-www-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L31) -### [configmap server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L28) +- [should redirect from www HTTP to HTTP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L38) +- [should redirect from www HTTPS to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L64) -- [should add value of server-snippet setting to all ingress config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L35) -- [should add global server-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L92) +### [annotation-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L30) -### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L33) +- [generates correct configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L38) -- [should ignore catch all Ingress with backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L50) -- [should ignore catch all Ingress with backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L69) -- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L81) -- [should allow Ingress with rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L123) +### [backend-protocol - GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L40) -### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) +- [should use grpc_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L43) +- [should return OK for service with backend protocol GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L68) +- [authorization metadata should be overwritten by external auth response headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L126) +- [should return OK for service with backend protocol GRPCS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L199) -- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) -- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) +### [http2-push-preload](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L27) -### [keep-alive keep-alive-requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L28) +- [enable the http2-push-preload directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L34) -- [should set keepalive_timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L40) -- [should set keepalive_requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L48) -- [should set keepalive connection to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L59) -- [should set keep alive connection timeout to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L68) -- [should set the request count to upstream server through one keep alive connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L77) +### [influxdb-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L39) -### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27) +- [should send the request metric to the influxdb server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L48) -- [should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L31) -- [should be enabled when set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L39) -- [should be disabled when set to false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L49) +### [whitelist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L27) -### [[Flag] watch namespace selector](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L30) +- [should set valid ip whitelist range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L34) -- [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L70) +### [Annotation - limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L31) -### [[Flag] disable-service-external-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L34) +- [should limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L38) -- [should ignore services of external-name type](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L51) +### [limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L29) -### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L48) +- [Check limit-rate annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L37) -- [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L58) -- [should exists opentracing directive when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L71) -- [should include opentracing_trust_incoming_span off directive when disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L85) -- [should not exists opentracing_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L100) -- [should exists opentracing_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L115) -- [should not exists opentracing_location_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L130) -- [should exists opentracing_location_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L145) -- [should enable opentracing using zipkin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L160) -- [should enable opentracing using jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L172) -- [should enable opentracing using jaeger with sampler host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L184) -- [should propagate the w3c header when configured with jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L197) -- [should enable opentracing using jaeger with an HTTP endpoint](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L228) -- [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L241) +### [enable-access-log enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L27) + +- [set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L34) +- [set rewrite_log on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L49) + +### [mirror-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L28) + +- [should set mirror-target to http://localhost/mirror](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L36) +- [should set mirror-target to https://test.env.com/$request_uri](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L51) +- [should disable mirror-request-body](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L67) + +### [modsecurity owasp](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L28) + +- [should enable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L35) +- [should enable modsecurity with transaction ID and OWASP rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L53) +- [should disable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L74) +- [should enable modsecurity with snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L91) +- [should enable modsecurity without using 'modsecurity on;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L110) +- [should disable modsecurity using 'modsecurity off;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L132) +- [should enable modsecurity with snippet and block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L153) +- [should enable modsecurity globally and with modsecurity-snippet block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L189) +- [should enable modsecurity when enable-owasp-modsecurity-crs is set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L225) +- [should enable modsecurity through the config map](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L264) +- [should enable modsecurity through the config map but ignore snippet as disabled by admin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L305) +- [should disable default modsecurity conf setting when modsecurity-snippet is specified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L347) + +### [preserve-trailing-slash](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L27) + +- [should allow preservation of trailing slashes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L34) + +### [proxy-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L28) + +- [should set proxy_redirect to off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L36) +- [should set proxy_redirect to default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L52) +- [should set proxy_redirect to hello.com goodbye.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L68) +- [should set proxy client-max-body-size to 8m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L85) +- [should not set proxy client-max-body-size to incorrect value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L100) +- [should set valid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L115) +- [should not set invalid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L136) +- [should turn on proxy-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L157) +- [should turn off proxy-request-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L179) +- [should build proxy next upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L194) +- [should setup proxy cookies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L215) +- [should change the default proxy HTTP version](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L233) + +### [proxy-ssl-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L30) + +- [should set valid proxy-ssl-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L37) +- [should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L64) +- [should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L94) +- [should set valid proxy-ssl-secret, proxy-ssl-protocols](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L122) +- [proxy-ssl-location-only flag should change the nginx config server part](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L150) + +### [permanent-redirect permanent-redirect-code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L30) + +- [should respond with a standard redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L33) +- [should respond with a custom redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L61) + +### [rewrite-target use-regex enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L30) + +- [should write rewrite logs](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L37) +- [should use correct longest path match](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L66) +- [should use ~* location modifier if regex annotation is present](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L111) +- [should fail to use longest match for documented warning](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L158) +- [should allow for custom rewrite parameters](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L190) + +### [satisfy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L35) + +- [should configure satisfy directive correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L42) +- [should allow multiple auth with satisfy any](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L84) + +### [server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L28) + +- [add valid directives to server via server snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L35) +- [drops server snippet if disabled by the administrator](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L61) + +### [service-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L32) + +- [should use the Service Cluster IP and Port ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L41) +- [should use the Service Cluster IP and Port ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L70) +- [should not use the Service Cluster IP and Port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L99) + +### [configuration-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L28) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L35) +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L58) + +### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L28) + +- [should change ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L35) + +### [stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L34) + +- [should add value of stream-snippet to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L41) +- [should add stream-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L85) + +### [upstream-hash-by-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L76) + +- [should connect to the same pod](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L83) +- [should connect to the same subset of pods](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L92) + +### [upstream-vhost](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L27) + +- [set host to upstreamvhost.bar.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L34) + +### [x-forwarded-prefix](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L28) + +- [should set the X-Forwarded-Prefix to the annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L35) +- [should not add X-Forwarded-Prefix if the annotation value is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L57) + +### [auth-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L39) + +- [should return status code 200 when no authentication is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L46) +- [should return status code 503 when authentication is configured with an invalid secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L65) +- [should return status code 401 when authentication is configured but Authorization header is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L89) +- [should return status code 401 when authentication is configured and Authorization header is sent with invalid credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L116) +- [should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L144) +- [should return status code 200 when authentication is configured and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L172) +- [should return status code 200 when authentication is configured with a map and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L199) +- [should return status code 401 when authentication is configured with invalid content and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L227) +- [ when external auth is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L266) +- [ when external auth is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L284) +- [ when auth-headers are set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L301) +- [should set cache_key when external auth cache is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L322) +- [user retains cookie by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L411) +- [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L422) +- [user with annotated ingress retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L433) +- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L485) +- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L494) +- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L505) +- [should overwrite Foo header with auth response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L529) +- [should not create additional upstream block when auth-keepalive is not set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L552) +- [should not create additional upstream block when host part of auth-url contains a variable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L570) +- [should not create additional upstream block when auth-keepalive is negative](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L590) +- [should not create additional upstream block when auth-keepalive is set with HTTP/2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L609) +- [should create additional upstream block when auth-keepalive is set with HTTP/1.x](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L623) +- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L678) +- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L687) +- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L698) +- [should return status code 200 when signed in after auth backend is deleted ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L772) +- [should deny login for different location on same server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L792) +- [should deny login for different servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L820) +- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L849) +- [should return 503 (location was denied)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L879) +- [should add error to the config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L887) + +### [Debug CLI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L29) + +- [should list the backend servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L37) +- [should get information for a specific backend server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L56) +- [should produce valid JSON for /dbg general](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L85) + +### [[Default Backend] custom service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L33) + +- [uses custom default backend that returns 200 as status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L36) + +### [[Default Backend]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L30) + +- [should return 404 sending requests when only a default backend is running](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L33) +- [enables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L88) +- [disables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L105) + +### [[Default Backend] SSL](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L26) + +- [should return a self generated SSL certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L29) + +### [[Default Backend] change default settings](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L30) + +- [should apply the annotation to the default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L38) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) + +### [[Endpointslices] long service name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L29) + +- [should return 200 when service name has max allowed number of characters 63](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L38) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L) + +### [[Setting] ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L190) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L206) +- [ [MemoryLeak]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L207) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/array.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/array.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/chain.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/chain.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/cookie.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/cookie.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/match.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/match.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/object.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/object.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/reporter.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/reporter.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/response.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/response.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/string.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/string.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/value.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/value.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/ssl.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/ssl.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L) + +### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) + +- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) + +### [[Shutdown] Grace period shutdown](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L32) + +- [/healthz should return status code 500 during shutdown grace period](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L35) + +### [[Shutdown] ingress controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L30) + +- [should shutdown in less than 60 secons without pending connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L40) +- [should shutdown after waiting 60 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L61) +- [should shutdown after waiting 150 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L106) + +### [[Shutdown] Graceful shutdown with pending request](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L25) + +- [should let slow requests finish before shutting down](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L33) + +### [[Ingress] DeepInspection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/deep_inspection.go#L27) + +- [should drop whole ingress if one path matches invalid regex](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/deep_inspection.go#L34) + +### [single ingress - multiple hosts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L30) + +- [should set the correct $service_name NGINX variable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L38) + +### [[Ingress] [PathType] exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L30) + +- [should choose exact location for /exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L37) + +### [[Ingress] [PathType] mix Exact and Prefix paths](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L30) + +- [should choose the correct location](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L39) + +### [[Ingress] [PathType] prefix checks](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L28) + +- [should return 404 when prefix /aaa does not match request /aaaccc](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L35) + +### [[Ingress] definition without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L31) + +- [should set ingress details variables for ingresses without a host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L34) +- [should set ingress details variables for ingresses with host without IngressRuleValue, only Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L55) + +### [[Memory Leak] Dynamic Certificates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L35) + +- [should not leak memory from ingress SSL certificates or configuration updates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L42) + +### [[Load Balancer] load-balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L28) + +- [should apply the configmap load-balance setting](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L35) + +### [[Load Balancer] EWMA](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L31) + +- [does not fail requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L42) + +### [[Load Balancer] round-robin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L31) + +- [should evenly distribute requests with round-robin (default algorithm)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L39) + +### [[Lua] dynamic certificates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L37) + +- [picks up the certificate when we add TLS spec to existing ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L45) +- [picks up the previously missing secret for a given ingress without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L70) +- [supports requests with domain with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L145) +- [picks up the updated certificate without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L149) +- [falls back to using default certificate when secret gets deleted without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L185) +- [picks up a non-certificate only change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L218) +- [removes HTTPS configuration when we delete TLS spec](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L233) + +### [[Lua] dynamic configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L42) + +- [configures balancer Lua middleware correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L50) +- [handles endpoints only changes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L62) +- [handles endpoints only changes (down scaling of replicas)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L87) +- [handles endpoints only changes consistently (down scaling of replicas vs. empty service)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L125) +- [handles an annotation change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L171) + +### [nginx-configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L99) + +- [start nginx with default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L102) +- [fails when using alias directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L115) +- [fails when using root directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L124) + +### [[Security] request smuggling](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L32) + +- [should not return body content from error_page](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L39) + +### [[Security] validate path fields](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L42) + +- [should accept an ingress with valid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L49) +- [should drop an ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L67) +- [should drop an ingress with regex path and regex disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L84) +- [should accept an ingress with regex path and regex enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L101) +- [should reject an ingress with invalid path and regex enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L118) + +### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L33) + +- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L36) +- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L54) + +### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L59) + +- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L62) +- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L95) +- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L129) +- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L153) +- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L184) +- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L217) +- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L248) +- [should sync ingress on external name service addition/deletion](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L311) + +### [[Service] Nil Service Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L31) + +- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) + +### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L27) + +- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L32) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L42) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L54) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L67) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L80) + +### [Bad annotation values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L29) + +- [[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L36) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L67) +- [[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L102) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L133) + +### [brotli](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L30) + +- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) ### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29) - [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36) -### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) +### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) -- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) +- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) +- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) + +### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) + +- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) +- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) + +### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L33) + +- [should ignore catch all Ingress with backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L50) +- [should ignore catch all Ingress with backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L69) +- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L81) +- [should allow Ingress with rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L123) + +### [[Flag] disable-service-external-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L35) + +- [should ignore services of external-name type](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L52) + +### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) + +- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) +- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) + +### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) + +- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) +- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L92) + +### [Geoip2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L37) -### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L26) +- [should include geoip2 line in config when enabled and db file exists](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L46) +- [should only allow requests from specific countries](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L70) -- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L31) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L41) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L53) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L66) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L79) +### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) + +- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) +- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) +- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) + +### [[Security] global-auth-url](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L34) + +- [should return status code 401 when request any protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L85) +- [should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L102) +- [should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L126) +- [should still return status code 200 after auth backend is deleted using cache](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L155) +- [should proxy_method method when global-auth-method is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L197) +- [should add custom error page when global-auth-signin url is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L210) +- [should add auth headers when global-auth-response-headers is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L223) +- [should set request-redirect when global-auth-request-redirect is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L237) +- [should set snippet when global external auth is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L250) +- [user retains cookie by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L326) +- [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L337) +- [user with global-auth-always-set-cookie key in configmap retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L348) ### [global-options](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L28) - [should have worker_rlimit_nofile option](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L31) - [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L38) +### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) + +- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) + +### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) + +- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) +- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) +- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) +- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) +- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) +- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) +- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) + ### [[Flag] ingress-class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L39) - [should ignore Ingress with a different class annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L68) @@ -155,139 +701,164 @@ Do not try to edit it manually. - [should watch Ingress with correct annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L631) - [should ignore Ingress with only IngressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L652) -### [reuse-port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L27) +### [keep-alive keep-alive-requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L28) -- [reuse port should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L38) -- [reuse port should be disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L44) -- [reuse port should be enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L52) +- [should set keepalive_timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L40) +- [should set keepalive_requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L48) +- [should set keepalive connection to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L59) +- [should set keep alive connection timeout to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L68) +- [should set keepalive time to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L77) +- [should set the request count to upstream server through one keep alive connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L86) -### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) +### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) -- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) -- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) +- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) -### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) +### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) -- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) -- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) +- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) +- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) +- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) -### [brotli](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L30) +### [log-format-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L28) -- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) +- [should not configure log-format escape by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L40) +- [should enable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L47) +- [should disable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L55) +- [should enable the log-format-escape-none](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L63) +- [should disable the log-format-escape-none](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L71) +- [log-format-escape-json enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L82) +- [log-format default escape](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L105) +- [log-format-escape-none enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L128) -### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L36) +### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L39) +- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) -### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) +### [main-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L27) -- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) -- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) +- [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) -### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) +### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) -- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) -- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) -- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) +- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) -### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) +### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27) -- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) +- [should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L31) +- [should be enabled when set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L39) +- [should be disabled when set to false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L49) -### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) +### [[Flag] watch namespace selector](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L30) -- [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) +- [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L70) -### [main-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L27) +### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33) -- [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) +- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54) +- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68) +- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82) -### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) +### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) -- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) +- [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) -### [Bad annotation values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L29) +### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42) -- [[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L36) -- [[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L67) -- [[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L102) -- [[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L133) +- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49) -### [[SSL] TLS protocols, ciphers and headers)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L31) +### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L48) -- [setting cipher suite](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L65) -- [enforcing TLS v1.0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L87) -- [setting max-age parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L133) -- [setting includeSubDomains parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L149) -- [setting preload parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L168) -- [overriding what's set from the upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L188) -- [should not use ports during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L209) -- [should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L227) +- [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L58) +- [should exists opentracing directive when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L71) +- [should include opentracing_trust_incoming_span off directive when disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L85) +- [should not exists opentracing_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L100) +- [should exists opentracing_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L115) +- [should not exists opentracing_location_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L130) +- [should exists opentracing_location_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L145) +- [should enable opentracing using zipkin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L160) +- [should enable opentracing using jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L172) +- [should enable opentracing using jaeger with sampler host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L184) +- [should propagate the w3c header when configured with jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L197) +- [should enable opentracing using jaeger with an HTTP endpoint](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L228) +- [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L241) -### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) +### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L28) -- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) +- [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L35) -### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42) +### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L41) -- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49) +- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L44) -### [configmap stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L34) +### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L37) -- [should add value of stream-snippet via config map to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L41) +- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L40) -### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) +### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) -- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) -- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) +- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) +- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) + +### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) + +- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) +- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) ### [proxy-next-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L28) - [should build proxy next upstream using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L36) -### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) +### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) -- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) -- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) -- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) -- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) -- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) -- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) -- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) +- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) +- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) +- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) +- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) -### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33) +### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) -- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54) -- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68) -- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82) +- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) +- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) -### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) +### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) -- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) -- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) -- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) +- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) +- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) -### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) +### [reuse-port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L27) -- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) -- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L92) +- [reuse port should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L38) +- [reuse port should be disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L44) +- [reuse port should be enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L52) -### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) +### [configmap server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L28) -- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) -- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) +- [should add value of server-snippet setting to all ingress config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L35) +- [should add global server-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L92) -### [[Load Balancer] round-robin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L31) +### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L29) -- [should evenly distribute requests with round-robin (default algorithm)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L39) +- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) +- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) -### [[Load Balancer] EWMA](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L31) +### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L28) -- [does not fail requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L42) +- [Add ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L31) -### [[Load Balancer] load-balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L28) +### [configmap stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L35) -- [should apply the configmap load-balance setting](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L35) +- [should add value of stream-snippet via config map to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L42) + +### [[SSL] TLS protocols, ciphers and headers)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L31) + +- [setting cipher suite](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L65) +- [setting max-age parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L111) +- [setting includeSubDomains parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L127) +- [setting preload parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L146) +- [overriding what's set from the upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L166) +- [should not use ports during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L187) +- [should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L205) ### [[SSL] redirect to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L29) @@ -298,22 +869,11 @@ Do not try to edit it manually. - [should not appear references to secret updates not used in ingress rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L40) - [should return the fake SSL certificate if the secret is invalid](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L82) -### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L58) +### [[Status] status update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L38) -- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L61) -- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L94) -- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L128) -- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L152) -- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L183) -- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L216) -- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L247) -- [should sync ingress on external name service addition/deletion](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L310) +- [should update status field after client-go reconnection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L43) -### [[Service] Nil Service Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L31) - -- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) +### [[TCP] tcp-services](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L37) -### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L33) - -- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L36) -- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L54) +- [should expose a TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L40) +- [should expose an ExternalName TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L98) \ No newline at end of file diff --git a/hack/generate-e2e-suite-doc.sh b/hack/generate-e2e-suite-doc.sh index 2265bb079a..a4ccc8fc23 100755 --- a/hack/generate-e2e-suite-doc.sh +++ b/hack/generate-e2e-suite-doc.sh @@ -18,10 +18,6 @@ if [ -n "$DEBUG" ]; then set -x fi -set -o errexit -set -o nounset -set -o pipefail - URL="https://github.com/kubernetes/ingress-nginx/tree/main/" DIR=$(cd $(dirname "${BASH_SOURCE}")/.. && pwd -P) @@ -34,7 +30,7 @@ Do not try to edit it manually. " -for FILE in `find $DIR/test/e2e -name "*.go"`;do +for FILE in $(find $DIR/test/e2e -name "*.go");do # describe definition DESCRIBE=$(cat $FILE | grep -n -oP 'Describe.*') # line number From 3916f7b8b72ce5da7e3ba2377adfb1d06d4bcae8 Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Thu, 29 Dec 2022 19:09:29 -0300 Subject: [PATCH 32/52] move tests to gh actions (#9461) --- .github/workflows/ci.yaml | 57 +++++++++++++++++++ Makefile | 1 + internal/ingress/annotations/authreq/main.go | 3 +- .../ingress/controller/template/template.go | 11 ++-- internal/ingress/resolver/mock.go | 3 +- pkg/util/runtime/cpu_linux.go | 3 +- rootfs/chroot.sh | 1 - test/e2e/framework/util.go | 4 +- 8 files changed, 72 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d064fa6a2f..61f5970dbf 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -75,6 +75,63 @@ jobs: # G307 TODO: Deferring unsafe method "Close" args: -exclude=G109,G601,G104,G204,G304,G306,G307 -tests=false -exclude-dir=test -exclude-dir=images/ -exclude-dir=docs/ ./... + lint: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.go == 'true') + steps: + - name: Checkout + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + + - name: Set up Go + id: go + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: '1.19' + check-latest: true + + - name: Run Lint + run: ./hack/verify-golint.sh + + gofmt: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.go == 'true') + steps: + - name: Checkout + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + + - name: Set up Go + id: go + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: '1.19' + check-latest: true + + - name: Run go-fmt + run: ./hack/verify-gofmt.sh + + test-go: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.go == 'true') + steps: + - name: Checkout + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + + - name: Set up Go + id: go + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: '1.19' + check-latest: true + + - name: Run test + run: make test + build: name: Build runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 8204a20871..5099b46458 100644 --- a/Makefile +++ b/Makefile @@ -141,6 +141,7 @@ test: ## Run go unit tests. COMMIT_SHA=$(COMMIT_SHA) \ REPO_INFO=$(REPO_INFO) \ TAG=$(TAG) \ + GOFLAGS="-buildvcs=false" \ test/test.sh .PHONY: lua-test diff --git a/internal/ingress/annotations/authreq/main.go b/internal/ingress/annotations/authreq/main.go index b607f54828..6a8a4611a6 100644 --- a/internal/ingress/annotations/authreq/main.go +++ b/internal/ingress/annotations/authreq/main.go @@ -149,7 +149,8 @@ func ValidHeader(header string) bool { // ValidCacheDuration checks if the provided string is a valid cache duration // spec: [code ...] [time ...]; // with: code is an http status code -// time must match the time regex and may appear multiple times, e.g. `1h 30m` +// +// time must match the time regex and may appear multiple times, e.g. `1h 30m` func ValidCacheDuration(duration string) bool { elements := strings.Split(duration, " ") seenDuration := false diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index 8d4cb6e752..315262150e 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -75,8 +75,8 @@ type Template struct { bp *BufferPool } -//NewTemplate returns a new Template instance or an -//error if the specified template file contains errors +// NewTemplate returns a new Template instance or an +// error if the specified template file contains errors func NewTemplate(file string) (*Template, error) { data, err := os.ReadFile(file) if err != nil { @@ -287,9 +287,10 @@ var ( // escapeLiteralDollar will replace the $ character with ${literal_dollar} // which is made to work via the following configuration in the http section of // the template: -// geo $literal_dollar { -// default "$"; -// } +// +// geo $literal_dollar { +// default "$"; +// } func escapeLiteralDollar(input interface{}) string { inputStr, ok := input.(string) if !ok { diff --git a/internal/ingress/resolver/mock.go b/internal/ingress/resolver/mock.go index 556262b42a..62c5c6db9b 100644 --- a/internal/ingress/resolver/mock.go +++ b/internal/ingress/resolver/mock.go @@ -41,7 +41,8 @@ func (m Mock) GetSecret(string) (*apiv1.Secret, error) { // GetAuthCertificate resolves a given secret name into an SSL certificate. // The secret must contain 3 keys named: -// ca.crt: contains the certificate chain used for authentication +// +// ca.crt: contains the certificate chain used for authentication func (m Mock) GetAuthCertificate(string) (*AuthSSLCert, error) { return nil, nil } diff --git a/pkg/util/runtime/cpu_linux.go b/pkg/util/runtime/cpu_linux.go index e7513d6199..cfc49d9241 100644 --- a/pkg/util/runtime/cpu_linux.go +++ b/pkg/util/runtime/cpu_linux.go @@ -33,7 +33,8 @@ import ( // NumCPU returns the number of logical CPUs usable by the current process. // If CPU cgroups limits are configured, use cfs_quota_us / cfs_period_us // as formula -// https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt +// +// https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt func NumCPU() int { cpus := runtime.NumCPU() diff --git a/rootfs/chroot.sh b/rootfs/chroot.sh index 3f64aa63f6..9f3cbd804e 100755 --- a/rootfs/chroot.sh +++ b/rootfs/chroot.sh @@ -40,7 +40,6 @@ for dir in "${writeDirs[@]}"; do chown -R www-data.www-data ${dir}; done - mkdir -p /chroot/lib /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run cp /etc/passwd /etc/group /chroot/etc/ cp -a /usr/* /chroot/usr/ diff --git a/test/e2e/framework/util.go b/test/e2e/framework/util.go index 8f50dac982..90f15eb1bb 100644 --- a/test/e2e/framework/util.go +++ b/test/e2e/framework/util.go @@ -189,7 +189,7 @@ func CreateIngressClass(namespace string, c kubernetes.Interface) (string, error return ic.Name, nil } -//deleteIngressClass deletes an IngressClass and its related ClusterRole* objects +// deleteIngressClass deletes an IngressClass and its related ClusterRole* objects func deleteIngressClass(c kubernetes.Interface, ingressclass string) error { var err error grace := int64(0) @@ -215,7 +215,7 @@ func deleteIngressClass(c kubernetes.Interface, ingressclass string) error { return nil } -//GetIngressClassName returns the default IngressClassName given a namespace +// GetIngressClassName returns the default IngressClassName given a namespace func GetIngressClassName(namespace string) *string { icname := fmt.Sprintf("ic-%s", namespace) return &icname From 8b5a25fa141dff2d7f6bb8eecc07ee66a1f1a210 Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 18:59:07 -0500 Subject: [PATCH 33/52] fix change images (#9463) Signed-off-by: James Strong Signed-off-by: James Strong --- changelog/Changelog-1.5.2.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/changelog/Changelog-1.5.2.md b/changelog/Changelog-1.5.2.md index 8b6779e472..8b26179243 100644 --- a/changelog/Changelog-1.5.2.md +++ b/changelog/Changelog-1.5.2.md @@ -3,8 +3,8 @@ ### 1.5.2 Images: - * registry.k8s.io/controller:controller-v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 - * registry.k8s.io/controller-chroot:controller-v1.5.2@sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b + * registry.k8s.io/ingress-nginx/controller:controller-v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + * registry.k8s.io/ingress-nginx/controller-chroot:controller-v1.5.2@sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b ### All Changes: From 11e21bf3e72277740639d20416b83971d99846e1 Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 19:55:27 -0500 Subject: [PATCH 34/52] rollback tag Signed-off-by: James Strong --- TAG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAG b/TAG index a503124bd9..c9b3c015f8 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v1.5.2 +v1.5.1 \ No newline at end of file From 6f9c65abf4a18e4c32bea1d2006efcb2c9896871 Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 19:58:15 -0500 Subject: [PATCH 35/52] revert 1.5.2 Signed-off-by: James Strong --- charts/ingress-nginx/Chart.yaml | 47 +- charts/ingress-nginx/README.md | 8 +- .../changelog/Changelog-1.5.2.md | 12 - charts/ingress-nginx/values.yaml | 1623 +++++++++-------- deploy/static/provider/aws/deploy.yaml | 57 +- .../aws/nlb-with-tls-termination/deploy.yaml | 57 +- deploy/static/provider/baremetal/deploy.yaml | 57 +- deploy/static/provider/cloud/deploy.yaml | 57 +- deploy/static/provider/do/deploy.yaml | 57 +- deploy/static/provider/exoscale/deploy.yaml | 57 +- deploy/static/provider/kind/deploy.yaml | 57 +- deploy/static/provider/scw/deploy.yaml | 57 +- docs/deploy/index.md | 20 +- docs/e2e-tests.md | 924 ++-------- 14 files changed, 1370 insertions(+), 1720 deletions(-) delete mode 100644 charts/ingress-nginx/changelog/Changelog-1.5.2.md diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 11ab036340..461601f594 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -1,26 +1,31 @@ -annotations: - artifacthub.io/changes: | - - "ci: remove setup-helm step (#9404)" - - "feat(helm): Optionally use cert-manager instead admission patch (#9279)" - - "run helm release on main only and when the chart/value changes only (#9290)" - - "Update Ingress-Nginx version controller-v1.5.2" - artifacthub.io/prerelease: "false" apiVersion: v2 -appVersion: 1.5.2 -description: Ingress controller for Kubernetes using NGINX as a reverse proxy and - load balancer -engine: gotpl +name: ingress-nginx +# When the version is modified, make sure the artifacthub.io/changes list is updated +# Also update CHANGELOG.md +version: 4.4.0 +appVersion: 1.5.1 home: https://github.com/kubernetes/ingress-nginx +description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png keywords: -- ingress -- nginx -kubeVersion: '>=1.20.0-0' -maintainers: -- name: rikatz -- name: strongjz -- name: tao12345666333 -name: ingress-nginx + - ingress + - nginx sources: -- https://github.com/kubernetes/ingress-nginx -version: 4.4.1 + - https://github.com/kubernetes/ingress-nginx +maintainers: + - name: rikatz + - name: strongjz + - name: tao12345666333 +engine: gotpl +kubeVersion: ">=1.20.0-0" +annotations: + # Use this annotation to indicate that this chart version is a pre-release. + # https://artifacthub.io/docs/topics/annotations/helm/ + artifacthub.io/prerelease: "false" + # List of changes for the release in artifacthub.io + # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=changelog + artifacthub.io/changes: | + - Adding support for disabling liveness and readiness probes to the Helm chart + - add:(admission-webhooks) ability to set securityContext + - Updated Helm chart to use the fullname for the electionID if not specified + - Rename controller-wehbooks-networkpolicy.yaml diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 4daff76c63..af71493fe2 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.4.1](https://img.shields.io/badge/Version-4.4.1-informational?style=flat-square) ![AppVersion: 1.5.2](https://img.shields.io/badge/AppVersion-1.5.2-informational?style=flat-square) +![Version: 4.4.0](https://img.shields.io/badge/Version-4.4.0-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -332,13 +332,13 @@ Kubernetes: `>=1.20.0-0` | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `true` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655"` | | -| controller.image.digestChroot | string | `"sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b"` | | +| controller.image.digest | string | `"sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629"` | | +| controller.image.digestChroot | string | `"sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.registry | string | `"registry.k8s.io"` | | | controller.image.runAsUser | int | `101` | | -| controller.image.tag | string | `"v1.5.2"` | | +| controller.image.tag | string | `"v1.5.1"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/charts/ingress-nginx/changelog/Changelog-1.5.2.md b/charts/ingress-nginx/changelog/Changelog-1.5.2.md deleted file mode 100644 index 5e05638581..0000000000 --- a/charts/ingress-nginx/changelog/Changelog-1.5.2.md +++ /dev/null @@ -1,12 +0,0 @@ -# Changelog - -This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). - -### 4.4.1 - -* ci: remove setup-helm step (#9404) -* feat(helm): Optionally use cert-manager instead admission patch (#9279) -* run helm release on main only and when the chart/value changes only (#9290) -* Update Ingress-Nginx version controller-v1.5.2 - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.4.1...helm-chart-4.4.1 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index e5f8922a09..b7089addbd 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -14,190 +14,222 @@ commonLabels: {} # myLabel: aakkmd controller: - name: controller - image: - ## Keep false as default for now! - chroot: false - registry: registry.k8s.io - image: ingress-nginx/controller - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: "v1.5.2" - digest: sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 - digestChroot: sha256:84613555694f2c59a8b2551126d226c9aa648544ebf0cde1e0df942f7dbce42b - pullPolicy: IfNotPresent - # www-data -> uid 101 - runAsUser: 101 - allowPrivilegeEscalation: true - # -- Use an existing PSP instead of creating one - existingPsp: "" - # -- Configures the controller container name - containerName: controller - # -- Configures the ports that the nginx-controller listens on - containerPort: - http: 80 - https: 443 - # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ - config: {} - # -- Annotations to be added to the controller config configuration configmap. - configAnnotations: {} - # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers - proxySetHeaders: {} - # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers - addHeaders: {} - # -- Optionally customize the pod dnsConfig. - dnsConfig: {} - # -- Optionally customize the pod hostname. - hostname: {} - # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. - # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller - # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. - dnsPolicy: ClusterFirst - # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network - # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply - reportNodeInternalIp: false - # -- Process Ingress objects without ingressClass annotation/ingressClassName field - # Overrides value for --watch-ingress-without-class flag of the controller binary - # Defaults to false - watchIngressWithoutClass: false - # -- Process IngressClass per name (additionally as per spec.controller). - ingressClassByName: false - # -- This configuration defines if Ingress Controller should allow users to set - # their own *-snippet annotations, otherwise this is forbidden / dropped - # when users add those annotations. - # Global snippets in ConfigMap are still respected - allowSnippetAnnotations: true - # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), - # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 - # is merged - hostNetwork: false - ## Use host ports 80 and 443 - ## Disabled by default - hostPort: - # -- Enable 'hostPort' or not - enabled: false - ports: - # -- 'hostPort' http port - http: 80 - # -- 'hostPort' https port - https: 443 - # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' - electionID: "" - ## This section refers to the creation of the IngressClass resource - ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 - ingressClassResource: - # -- Name of the ingressClass - name: nginx - # -- Is this ingressClass enabled or not - enabled: true - # -- Is this the default ingressClass for the cluster - default: false - # -- Controller-value of the controller that is processing this ingressClass - controllerValue: "k8s.io/ingress-nginx" - # -- Parameters is a link to a custom resource containing additional - # configuration for the controller. This is optional if the controller - # does not require extra parameters. - parameters: {} - # -- For backwards compatibility with ingress.class annotation, use ingressClass. - # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation - ingressClass: nginx - # -- Labels to add to the pod container metadata - podLabels: {} - # key: value - - # -- Security Context policies for controller pods - podSecurityContext: {} - # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls - sysctls: {} - # sysctls: - # "net.core.somaxconn": "8192" - - # -- Allows customization of the source of the IP address or FQDN to report - # in the ingress status field. By default, it reads the information provided - # by the service. If disable, the status field reports the IP address of the - # node or nodes where an ingress controller pod is running. - publishService: - # -- Enable 'publishService' or not - enabled: true - # -- Allows overriding of the publish service to bind to - # Must be / - pathOverride: "" - # Limit the scope of the controller to a specific namespace - scope: - # -- Enable 'scope' or not - enabled: false - # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) - namespace: "" - # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels - # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. - namespaceSelector: "" - # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) - configMapNamespace: "" - tcp: - # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) - configMapNamespace: "" - # -- Annotations to be added to the tcp config configmap - annotations: {} - udp: - # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) - configMapNamespace: "" - # -- Annotations to be added to the udp config configmap - annotations: {} - # -- Maxmind license key to download GeoLite2 Databases. - ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases - maxmindLicenseKey: "" - # -- Additional command line arguments to pass to nginx-ingress-controller - # E.g. to specify the default SSL certificate you can use - extraArgs: {} - ## extraArgs: - ## default-ssl-certificate: "/" + name: controller + image: + ## Keep false as default for now! + chroot: false + registry: registry.k8s.io + image: ingress-nginx/controller + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "v1.5.1" + digest: sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + digestChroot: sha256:c1c091b88a6c936a83bd7b098662760a87868d12452529bad0d178fb36147345 + pullPolicy: IfNotPresent + # www-data -> uid 101 + runAsUser: 101 + allowPrivilegeEscalation: true + + # -- Use an existing PSP instead of creating one + existingPsp: "" + + # -- Configures the controller container name + containerName: controller + + # -- Configures the ports that the nginx-controller listens on + containerPort: + http: 80 + https: 443 + + # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ + config: {} + + # -- Annotations to be added to the controller config configuration configmap. + configAnnotations: {} + + # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers + proxySetHeaders: {} + + # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers + addHeaders: {} + + # -- Optionally customize the pod dnsConfig. + dnsConfig: {} + + # -- Optionally customize the pod hostname. + hostname: {} + + # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. + # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller + # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. + dnsPolicy: ClusterFirst + + # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network + # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply + reportNodeInternalIp: false + + # -- Process Ingress objects without ingressClass annotation/ingressClassName field + # Overrides value for --watch-ingress-without-class flag of the controller binary + # Defaults to false + watchIngressWithoutClass: false + + # -- Process IngressClass per name (additionally as per spec.controller). + ingressClassByName: false + + # -- This configuration defines if Ingress Controller should allow users to set + # their own *-snippet annotations, otherwise this is forbidden / dropped + # when users add those annotations. + # Global snippets in ConfigMap are still respected + allowSnippetAnnotations: true + + # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), + # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 + # is merged + hostNetwork: false + + ## Use host ports 80 and 443 + ## Disabled by default + hostPort: + # -- Enable 'hostPort' or not + enabled: false + ports: + # -- 'hostPort' http port + http: 80 + # -- 'hostPort' https port + https: 443 + + # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader' + electionID: "" + + ## This section refers to the creation of the IngressClass resource + ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 + ingressClassResource: + # -- Name of the ingressClass + name: nginx + # -- Is this ingressClass enabled or not + enabled: true + # -- Is this the default ingressClass for the cluster + default: false + # -- Controller-value of the controller that is processing this ingressClass + controllerValue: "k8s.io/ingress-nginx" + + # -- Parameters is a link to a custom resource containing additional + # configuration for the controller. This is optional if the controller + # does not require extra parameters. + parameters: {} + + # -- For backwards compatibility with ingress.class annotation, use ingressClass. + # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation + ingressClass: nginx + + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + + # -- Security Context policies for controller pods + podSecurityContext: {} + + # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls + sysctls: {} + # sysctls: + # "net.core.somaxconn": "8192" + + # -- Allows customization of the source of the IP address or FQDN to report + # in the ingress status field. By default, it reads the information provided + # by the service. If disable, the status field reports the IP address of the + # node or nodes where an ingress controller pod is running. + publishService: + # -- Enable 'publishService' or not + enabled: true + # -- Allows overriding of the publish service to bind to + # Must be / + pathOverride: "" + + # Limit the scope of the controller to a specific namespace + scope: + # -- Enable 'scope' or not + enabled: false + # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) + namespace: "" + # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels + # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. + namespaceSelector: "" - # -- Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource + # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) + configMapNamespace: "" - # -- Use a `DaemonSet` or `Deployment` - kind: Deployment - # -- Annotations to be added to the controller Deployment or DaemonSet - ## + tcp: + # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the tcp config configmap annotations: {} - # keel.sh/pollSchedule: "@every 60m" - - # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels - ## - labels: {} - # keel.sh/policy: patch - # keel.sh/trigger: poll - # -- The update strategy to apply to the Deployment or DaemonSet - ## - updateStrategy: {} - # rollingUpdate: - # maxUnavailable: 1 - # type: RollingUpdate + udp: + # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the udp config configmap + annotations: {} - # -- `minReadySeconds` to avoid killing pods before we are ready - ## - minReadySeconds: 0 - # -- Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - # -- Affinity and anti-affinity rules for server scheduling to nodes - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} + # -- Maxmind license key to download GeoLite2 Databases. + ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + maxmindLicenseKey: "" + + # -- Additional command line arguments to pass to nginx-ingress-controller + # E.g. to specify the default SSL certificate you can use + extraArgs: {} + ## extraArgs: + ## default-ssl-certificate: "/" + + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + + # -- Use a `DaemonSet` or `Deployment` + kind: Deployment + + # -- Annotations to be added to the controller Deployment or DaemonSet + ## + annotations: {} + # keel.sh/pollSchedule: "@every 60m" + + # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels + ## + labels: {} + # keel.sh/policy: patch + # keel.sh/trigger: poll + + + # -- The update strategy to apply to the Deployment or DaemonSet + ## + updateStrategy: {} + # rollingUpdate: + # maxUnavailable: 1 + # type: RollingUpdate + + # -- `minReadySeconds` to avoid killing pods before we are ready + ## + minReadySeconds: 0 + + + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + # -- Affinity and anti-affinity rules for server scheduling to nodes + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} # # An example of preferred pod anti-affinity, weight is in the range 1-100 # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: @@ -238,10 +270,10 @@ controller: # - controller # topologyKey: "kubernetes.io/hostname" - # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] + # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule @@ -249,605 +281,669 @@ controller: # matchLabels: # app.kubernetes.io/instance: ingress-nginx-internal - # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready - ## wait up to five minutes for the drain of connections + # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready + ## wait up to five minutes for the drain of connections + ## + terminationGracePeriodSeconds: 300 + + # -- Node labels for controller pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux + + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + ## startupProbe: + ## httpGet: + ## # should match container.healthCheckPath + ## path: "/healthz" + ## port: 10254 + ## scheme: HTTP + ## initialDelaySeconds: 5 + ## periodSeconds: 5 + ## timeoutSeconds: 2 + ## successThreshold: 1 + ## failureThreshold: 5 + livenessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + + # -- Path of the health check endpoint. All requests received on the port defined by + # the healthz-port parameter are forwarded internally to this path. + healthCheckPath: "/healthz" + + # -- Address to bind the health check endpoint. + # It is better to set this option to the internal node address + # if the ingress nginx controller is running in the `hostNetwork: true` mode. + healthCheckHost: "" + + # -- Annotations to be added to controller pods + ## + podAnnotations: {} + + replicaCount: 1 + + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Define either 'minAvailable' or 'maxUnavailable', never both. + # maxUnavailable: 1 + + ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes + ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 + ## Ideally, there should be no limits. + ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ + resources: + ## limits: + ## cpu: 100m + ## memory: 90Mi + requests: + cpu: 100m + memory: 90Mi + + # Mutually exclusive with keda autoscaling + autoscaling: + apiVersion: autoscaling/v2 + enabled: false + annotations: {} + minReplicas: 1 + maxReplicas: 11 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + autoscalingTemplate: [] + # Custom or additional autoscaling metrics + # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics + # - type: Pods + # pods: + # metric: + # name: nginx_ingress_controller_nginx_process_requests_total + # target: + # type: AverageValue + # averageValue: 10000m + + # Mutually exclusive with hpa autoscaling + keda: + apiVersion: "keda.sh/v1alpha1" + ## apiVersion changes with keda 1.x vs 2.x + ## 2.x = keda.sh/v1alpha1 + ## 1.x = keda.k8s.io/v1alpha1 + enabled: false + minReplicas: 1 + maxReplicas: 11 + pollingInterval: 30 + cooldownPeriod: 300 + restoreToOriginalReplicaCount: false + scaledObject: + annotations: {} + # Custom annotations for ScaledObject resource + # annotations: + # key: value + triggers: [] + # - type: prometheus + # metadata: + # serverAddress: http://:9090 + # metricName: http_requests_total + # threshold: '100' + # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) + + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + # -- Enable mimalloc as a drop-in replacement for malloc. + ## ref: https://github.com/microsoft/mimalloc + ## + enableMimalloc: true + + ## Override NGINX template + customTemplate: + configMapName: "" + configMapKey: "" + + service: + enabled: true + + # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were + # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http + # It allows choosing the protocol for each backend specified in the Kubernetes service. + # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 + # Will be ignored for Kubernetes versions older than 1.20 ## - terminationGracePeriodSeconds: 300 - # -- Node labels for controller pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + appProtocol: true + + annotations: {} + labels: {} + # clusterIP: "" + + # -- List of IP addresses at which the controller services are available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## - nodeSelector: + externalIPs: [] + + # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + enableHttp: true + enableHttps: true + + ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + + ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + # sessionAffinity: "" + + ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, + ## the service controller allocates a port from your cluster’s NodePort range. + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # healthCheckNodePort: 0 + + # -- Represents the dual-stack-ness requested or required by this Service. Possible values are + # SingleStack, PreferDualStack or RequireDualStack. + # The ipFamilies and clusterIPs fields depend on the value of this field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilyPolicy: "SingleStack" + + # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically + # based on cluster configuration and the ipFamilyPolicy field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilies: + - IPv4 + + ports: + http: 80 + https: 443 + + targetPorts: + http: http + https: https + + type: LoadBalancer + + ## type: NodePort + ## nodePorts: + ## http: 32080 + ## https: 32443 + ## tcp: + ## 8080: 32808 + nodePorts: + http: "" + https: "" + tcp: {} + udp: {} + + external: + enabled: true + + internal: + # -- Enables an additional internal load balancer (besides the external one). + enabled: false + # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. + annotations: {} + + # loadBalancerIP: "" + + # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. + loadBalancerSourceRanges: [] + + ## Set external traffic policy to: "Local" to preserve source IP on + ## providers supporting it + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + + # shareProcessNamespace enables process namespace sharing within the pod. + # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. + shareProcessNamespace: false + + # -- Additional containers to be added to the controller pod. + # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + extraContainers: [] + # - name: my-sidecar + # image: nginx:latest + # - name: lemonldap-ng-controller + # image: lemonldapng/lemonldap-ng-controller:0.2.0 + # args: + # - /lemonldap-ng-controller + # - --alsologtostderr + # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration + # env: + # - name: POD_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.name + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: + # fieldPath: metadata.namespace + # volumeMounts: + # - name: copy-portal-skins + # mountPath: /srv/var/lib/lemonldap-ng/portal/skins + + # -- Additional volumeMounts to the controller main container. + extraVolumeMounts: [] + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + # -- Additional volumes to the controller pod. + extraVolumes: [] + # - name: copy-portal-skins + # emptyDir: {} + + # -- Containers, which are run before the app containers are started. + extraInitContainers: [] + # - name: init-myservice + # image: busybox + # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + + # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module + extraModules: [] + # containerSecurityContext: + # allowPrivilegeEscalation: false + # + # The image must contain a `/usr/local/bin/init_module.sh` executable, which + # will be executed as initContainers, to move its config files within the + # mounted volume. + + opentelemetry: + enabled: false + image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c + containerSecurityContext: + allowPrivilegeEscalation: false + + admissionWebhooks: + annotations: {} + # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". + + ## Additional annotations to the admission webhooks. + ## These annotations will be added to the ValidatingWebhookConfiguration and + ## the Jobs Spec of the admission webhooks. + enabled: true + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + # -- Admission Webhook failure policy to use + failurePolicy: Fail + # timeoutSeconds: 10 + port: 8443 + certificate: "/usr/local/certificates/cert" + key: "/usr/local/certificates/key" + namespaceSelector: {} + objectSelector: {} + # -- Labels to be added to admission webhooks + labels: {} + + # -- Use an existing PSP instead of creating one + existingPsp: "" + networkPolicyEnabled: false + + service: + annotations: {} + # clusterIP: "" + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 443 + type: ClusterIP + + createSecretJob: + securityContext: + allowPrivilegeEscalation: false + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + patchWebhookJob: + securityContext: + allowPrivilegeEscalation: false + resources: {} + + patch: + enabled: true + image: + registry: registry.k8s.io + image: ingress-nginx/kube-webhook-certgen + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: v20220916-gd32f8c343 + digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + pullPolicy: IfNotPresent + # -- Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + podAnnotations: {} + nodeSelector: kubernetes.io/os: linux - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - ## startupProbe: - ## httpGet: - ## # should match container.healthCheckPath - ## path: "/healthz" - ## port: 10254 - ## scheme: HTTP - ## initialDelaySeconds: 5 - ## periodSeconds: 5 - ## timeoutSeconds: 2 - ## successThreshold: 1 - ## failureThreshold: 5 - livenessProbe: - httpGet: - # should match container.healthCheckPath - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: - httpGet: - # should match container.healthCheckPath - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - # -- Path of the health check endpoint. All requests received on the port defined by - # the healthz-port parameter are forwarded internally to this path. - healthCheckPath: "/healthz" - # -- Address to bind the health check endpoint. - # It is better to set this option to the internal node address - # if the ingress nginx controller is running in the `hostNetwork: true` mode. - healthCheckHost: "" - # -- Annotations to be added to controller pods - ## - podAnnotations: {} - replicaCount: 1 - # -- Define either 'minAvailable' or 'maxUnavailable', never both. - minAvailable: 1 - # -- Define either 'minAvailable' or 'maxUnavailable', never both. - # maxUnavailable: 1 - - ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes - ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 - ## Ideally, there should be no limits. - ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ - resources: - ## limits: - ## cpu: 100m - ## memory: 90Mi - requests: - cpu: 100m - memory: 90Mi - # Mutually exclusive with keda autoscaling - autoscaling: - apiVersion: autoscaling/v2 - enabled: false - annotations: {} - minReplicas: 1 - maxReplicas: 11 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - behavior: {} - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 2 - # periodSeconds: 60 - autoscalingTemplate: [] - # Custom or additional autoscaling metrics - # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics - # - type: Pods - # pods: - # metric: - # name: nginx_ingress_controller_nginx_process_requests_total - # target: - # type: AverageValue - # averageValue: 10000m - - # Mutually exclusive with hpa autoscaling - keda: - apiVersion: "keda.sh/v1alpha1" - ## apiVersion changes with keda 1.x vs 2.x - ## 2.x = keda.sh/v1alpha1 - ## 1.x = keda.k8s.io/v1alpha1 - enabled: false - minReplicas: 1 - maxReplicas: 11 - pollingInterval: 30 - cooldownPeriod: 300 - restoreToOriginalReplicaCount: false - scaledObject: - annotations: {} - # Custom annotations for ScaledObject resource - # annotations: - # key: value - triggers: [] - # - type: prometheus - # metadata: - # serverAddress: http://:9090 - # metricName: http_requests_total - # threshold: '100' - # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) - - behavior: {} - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 2 - # periodSeconds: 60 - - # -- Enable mimalloc as a drop-in replacement for malloc. - ## ref: https://github.com/microsoft/mimalloc - ## - enableMimalloc: true - ## Override NGINX template - customTemplate: - configMapName: "" - configMapKey: "" + tolerations: [] + # -- Labels to be added to patch job resources + labels: {} + securityContext: + runAsNonRoot: true + runAsUser: 2000 + fsGroup: 2000 + + # Use certmanager to generate webhook certs + certManager: + enabled: false + # self-signed root certificate + rootCert: + duration: "" # default to be 5y + admissionCert: + duration: "" # default to be 1y + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" + + metrics: + port: 10254 + portName: metrics + # if this port is changed, change healthz-port: in extraArgs: accordingly + enabled: false + service: - enabled: true - # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were - # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # It allows choosing the protocol for each backend specified in the Kubernetes service. - # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 - # Will be ignored for Kubernetes versions older than 1.20 - ## - appProtocol: true - annotations: {} - labels: {} - # clusterIP: "" - - # -- List of IP addresses at which the controller services are available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - loadBalancerIP: "" - loadBalancerSourceRanges: [] - enableHttp: true - enableHttps: true - ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" - - ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". - ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - # sessionAffinity: "" - - ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, - ## the service controller allocates a port from your cluster’s NodePort range. - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - # healthCheckNodePort: 0 - - # -- Represents the dual-stack-ness requested or required by this Service. Possible values are - # SingleStack, PreferDualStack or RequireDualStack. - # The ipFamilies and clusterIPs fields depend on the value of this field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilyPolicy: "SingleStack" - # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically - # based on cluster configuration and the ipFamilyPolicy field. - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ - ipFamilies: - - IPv4 - ports: - http: 80 - https: 443 - targetPorts: - http: http - https: https - type: LoadBalancer - ## type: NodePort - ## nodePorts: - ## http: 32080 - ## https: 32443 - ## tcp: - ## 8080: 32808 - nodePorts: - http: "" - https: "" - tcp: {} - udp: {} - external: - enabled: true - internal: - # -- Enables an additional internal load balancer (besides the external one). - enabled: false - # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. - annotations: {} - # loadBalancerIP: "" - - # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. - loadBalancerSourceRanges: [] - ## Set external traffic policy to: "Local" to preserve source IP on - ## providers supporting it - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - # externalTrafficPolicy: "" - # shareProcessNamespace enables process namespace sharing within the pod. - # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. - shareProcessNamespace: false - # -- Additional containers to be added to the controller pod. - # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. - extraContainers: [] - # - name: my-sidecar - # image: nginx:latest - # - name: lemonldap-ng-controller - # image: lemonldapng/lemonldap-ng-controller:0.2.0 - # args: - # - /lemonldap-ng-controller - # - --alsologtostderr - # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration - # env: - # - name: POD_NAME - # valueFrom: - # fieldRef: - # fieldPath: metadata.name - # - name: POD_NAMESPACE - # valueFrom: - # fieldRef: - # fieldPath: metadata.namespace - # volumeMounts: - # - name: copy-portal-skins - # mountPath: /srv/var/lib/lemonldap-ng/portal/skins - - # -- Additional volumeMounts to the controller main container. - extraVolumeMounts: [] - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins - - # -- Additional volumes to the controller pod. - extraVolumes: [] - # - name: copy-portal-skins - # emptyDir: {} - - # -- Containers, which are run before the app containers are started. - extraInitContainers: [] - # - name: init-myservice - # image: busybox - # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - - # -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module - extraModules: [] - # containerSecurityContext: - # allowPrivilegeEscalation: false - # - # The image must contain a `/usr/local/bin/init_module.sh` executable, which - # will be executed as initContainers, to move its config files within the - # mounted volume. - - opentelemetry: - enabled: false - image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c - containerSecurityContext: - allowPrivilegeEscalation: false - admissionWebhooks: - annotations: {} - # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". - - ## Additional annotations to the admission webhooks. - ## These annotations will be added to the ValidatingWebhookConfiguration and - ## the Jobs Spec of the admission webhooks. - enabled: true - # -- Additional environment variables to set - extraEnvs: [] - # extraEnvs: - # - name: FOO - # valueFrom: - # secretKeyRef: - # key: FOO - # name: secret-resource - # -- Admission Webhook failure policy to use - failurePolicy: Fail - # timeoutSeconds: 10 - port: 8443 - certificate: "/usr/local/certificates/cert" - key: "/usr/local/certificates/key" - namespaceSelector: {} - objectSelector: {} - # -- Labels to be added to admission webhooks - labels: {} - # -- Use an existing PSP instead of creating one - existingPsp: "" - networkPolicyEnabled: false - service: - annotations: {} - # clusterIP: "" - externalIPs: [] - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 443 - type: ClusterIP - createSecretJob: - securityContext: - allowPrivilegeEscalation: false - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi - patchWebhookJob: - securityContext: - allowPrivilegeEscalation: false - resources: {} - patch: - enabled: true - image: - registry: registry.k8s.io - image: ingress-nginx/kube-webhook-certgen - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: v20220916-gd32f8c343 - digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - pullPolicy: IfNotPresent - # -- Provide a priority class name to the webhook patching job - ## - priorityClassName: "" - podAnnotations: {} - nodeSelector: - kubernetes.io/os: linux - tolerations: [] - # -- Labels to be added to patch job resources - labels: {} - securityContext: - runAsNonRoot: true - runAsUser: 2000 - fsGroup: 2000 - # Use certmanager to generate webhook certs - certManager: - enabled: false - # self-signed root certificate - rootCert: - # default to be 5y - duration: "" - admissionCert: - # default to be 1y - duration: "" - # issuerRef: - # name: "issuer" - # kind: "ClusterIssuer" - metrics: - port: 10254 - portName: metrics - # if this port is changed, change healthz-port: in extraArgs: accordingly - enabled: false - service: - annotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "10254" - - # clusterIP: "" - - # -- List of IP addresses at which the stats-exporter service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 10254 - type: ClusterIP - # externalTrafficPolicy: "" - # nodePort: "" - serviceMonitor: - enabled: false - additionalLabels: {} - ## The label to use to retrieve the job name from. - ## jobLabel: "app.kubernetes.io/name" - namespace: "" - namespaceSelector: {} - ## Default: scrape .Release.Namespace only - ## To scrape all, use the following: - ## namespaceSelector: - ## any: true - scrapeInterval: 30s - # honorLabels: true - targetLabels: [] - relabelings: [] - metricRelabelings: [] - prometheusRule: - enabled: false - additionalLabels: {} - # namespace: "" - rules: [] - # # These are just examples rules, please adapt them to your needs - # - alert: NGINXConfigFailed - # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 - # for: 1s - # labels: - # severity: critical - # annotations: - # description: bad ingress config - nginx config test failed - # summary: uninstall the latest ingress changes to allow config reloads to resume - # - alert: NGINXCertificateExpiry - # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 - # for: 1s - # labels: - # severity: critical - # annotations: - # description: ssl certificate(s) will expire in less then a week - # summary: renew expiring certificates to avoid downtime - # - alert: NGINXTooMany500s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: warning - # annotations: - # description: Too many 5XXs - # summary: More than 5% of all requests returned 5XX, this requires your attention - # - alert: NGINXTooMany400s - # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 - # for: 1m - # labels: - # severity: warning - # annotations: - # description: Too many 4XXs - # summary: More than 5% of all requests returned 4XX, this requires your attention - # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: - # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds - # to 300, allowing the draining of connections up to five minutes. - # If the active connections end before that, the pod will terminate gracefully at that time. - # To effectively take advantage of this feature, the Configmap feature - # worker-shutdown-timeout new value is 240s instead of 10s. - ## - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - priorityClassName: "" + annotations: {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "10254" + + # clusterIP: "" + + # -- List of IP addresses at which the stats-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 10254 + type: ClusterIP + # externalTrafficPolicy: "" + # nodePort: "" + + serviceMonitor: + enabled: false + additionalLabels: {} + ## The label to use to retrieve the job name from. + ## jobLabel: "app.kubernetes.io/name" + namespace: "" + namespaceSelector: {} + ## Default: scrape .Release.Namespace only + ## To scrape all, use the following: + ## namespaceSelector: + ## any: true + scrapeInterval: 30s + # honorLabels: true + targetLabels: [] + relabelings: [] + metricRelabelings: [] + + prometheusRule: + enabled: false + additionalLabels: {} + # namespace: "" + rules: [] + # # These are just examples rules, please adapt them to your needs + # - alert: NGINXConfigFailed + # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: bad ingress config - nginx config test failed + # summary: uninstall the latest ingress changes to allow config reloads to resume + # - alert: NGINXCertificateExpiry + # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: ssl certificate(s) will expire in less then a week + # summary: renew expiring certificates to avoid downtime + # - alert: NGINXTooMany500s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 5XXs + # summary: More than 5% of all requests returned 5XX, this requires your attention + # - alert: NGINXTooMany400s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 4XXs + # summary: More than 5% of all requests returned 4XX, this requires your attention + + # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: + # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds + # to 300, allowing the draining of connections up to five minutes. + # If the active connections end before that, the pod will terminate gracefully at that time. + # To effectively take advantage of this feature, the Configmap feature + # worker-shutdown-timeout new value is 240s instead of 10s. + ## + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + + priorityClassName: "" + # -- Rollback limit ## revisionHistoryLimit: 10 + ## Default 404 backend ## defaultBackend: - ## + ## + enabled: false + + name: defaultbackend + image: + registry: registry.k8s.io + image: defaultbackend-amd64 + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "1.5" + pullPolicy: IfNotPresent + # nobody user -> uid 65534 + runAsUser: 65534 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + + # -- Use an existing PSP instead of creating one + existingPsp: "" + + extraArgs: {} + + serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + # -- Additional environment variables to set for defaultBackend pods + extraEnvs: [] + + port: 8080 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 0 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + affinity: {} + + # -- Security Context policies for controller pods + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + podSecurityContext: {} + + # -- Security Context policies for controller main container. + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + containerSecurityContext: {} + + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + + # -- Node labels for default backend pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux + + # -- Annotations to be added to default backend pods + ## + podAnnotations: {} + + replicaCount: 1 + + minAvailable: 1 + + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + extraVolumeMounts: [] + ## Additional volumeMounts to the default backend container. + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + extraVolumes: [] + ## Additional volumes to the default backend pod. + # - name: copy-portal-skins + # emptyDir: {} + + autoscaling: + annotations: {} enabled: false - name: defaultbackend - image: - registry: registry.k8s.io - image: defaultbackend-amd64 - ## for backwards compatibility consider setting the full image url via the repository value below - ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail - ## repository: - tag: "1.5" - pullPolicy: IfNotPresent - # nobody user -> uid 65534 - runAsUser: 65534 - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - # -- Use an existing PSP instead of creating one - existingPsp: "" - extraArgs: {} - serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - # -- Additional environment variables to set for defaultBackend pods - extraEnvs: [] - port: 8080 - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 0 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - # -- Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - affinity: {} - # -- Security Context policies for controller pods - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## - podSecurityContext: {} - # -- Security Context policies for controller main container. - # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for - # notes on enabling and using sysctls - ## - containerSecurityContext: {} - # -- Labels to add to the pod container metadata - podLabels: {} - # key: value + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 - # -- Node labels for default backend pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: - kubernetes.io/os: linux - # -- Annotations to be added to default backend pods + service: + annotations: {} + + # clusterIP: "" + + # -- List of IP addresses at which the default backend service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## - podAnnotations: {} - replicaCount: 1 - minAvailable: 1 - resources: {} - # limits: - # cpu: 10m - # memory: 20Mi - # requests: - # cpu: 10m - # memory: 20Mi - - extraVolumeMounts: [] - ## Additional volumeMounts to the default backend container. - # - name: copy-portal-skins - # mountPath: /var/lib/lemonldap-ng/portal/skins - - extraVolumes: [] - ## Additional volumes to the default backend pod. - # - name: copy-portal-skins - # emptyDir: {} - - autoscaling: - annotations: {} - enabled: false - minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - service: - annotations: {} - # clusterIP: "" - - # -- List of IP addresses at which the default backend service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - # loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - type: ClusterIP - priorityClassName: "" - # -- Labels to be added to the default backend resources - labels: {} + externalIPs: [] + + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + type: ClusterIP + + priorityClassName: "" + # -- Labels to be added to the default backend resources + labels: {} + ## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 rbac: - create: true - scope: false + create: true + scope: false + ## If true, create & use Pod Security Policy resources ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ podSecurityPolicy: - enabled: false + enabled: false + serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - # -- Annotations for the controller service account - annotations: {} + create: true + name: "" + automountServiceAccountToken: true + # -- Annotations for the controller service account + annotations: {} + # -- Optional array of imagePullSecrets containing private registry credentials ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] @@ -868,6 +964,7 @@ udp: {} # -- Prefix for TCP and UDP ports names in ingress controller service ## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration portNamePrefix: "" + # -- (string) A base64-encoded Diffie-Hellman parameter. # This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param diff --git a/deploy/static/provider/aws/deploy.yaml b/deploy/static/provider/aws/deploy.yaml index 54d315b50f..fbdf9486a5 100644 --- a/deploy/static/provider/aws/deploy.yaml +++ b/deploy/static/provider/aws/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -344,7 +359,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -377,7 +392,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -400,7 +415,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -440,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -512,7 +527,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -523,7 +538,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -559,7 +574,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -570,7 +585,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -608,7 +623,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -621,7 +636,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml index 819de90793..73ec24286b 100644 --- a/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml +++ b/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -335,7 +350,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -353,7 +368,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -386,7 +401,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -409,7 +424,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -449,7 +464,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -524,7 +539,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -535,7 +550,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -571,7 +586,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -582,7 +597,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -620,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -633,7 +648,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/baremetal/deploy.yaml b/deploy/static/provider/baremetal/deploy.yaml index 73aec6dc92..9e6e905bb3 100644 --- a/deploy/static/provider/baremetal/deploy.yaml +++ b/deploy/static/provider/baremetal/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -434,7 +449,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -506,7 +521,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -517,7 +532,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -553,7 +568,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -564,7 +579,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -602,7 +617,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -615,7 +630,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/cloud/deploy.yaml b/deploy/static/provider/cloud/deploy.yaml index 19455ed279..dd986a55de 100644 --- a/deploy/static/provider/cloud/deploy.yaml +++ b/deploy/static/provider/cloud/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -373,7 +388,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -396,7 +411,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -436,7 +451,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -508,7 +523,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -519,7 +534,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -555,7 +570,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -566,7 +581,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -604,7 +619,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -617,7 +632,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/do/deploy.yaml b/deploy/static/provider/do/deploy.yaml index 3c4a022c31..64e0366b41 100644 --- a/deploy/static/provider/do/deploy.yaml +++ b/deploy/static/provider/do/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -511,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -522,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -558,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -569,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -607,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -620,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/exoscale/deploy.yaml b/deploy/static/provider/exoscale/deploy.yaml index 084fcd8973..d6a40aed94 100644 --- a/deploy/static/provider/exoscale/deploy.yaml +++ b/deploy/static/provider/exoscale/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -349,7 +364,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -382,7 +397,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -405,7 +420,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -445,7 +460,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -517,7 +532,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -528,7 +543,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -564,7 +579,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -575,7 +590,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -613,7 +628,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -626,7 +641,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/kind/deploy.yaml b/deploy/static/provider/kind/deploy.yaml index 355ca80546..62ead9e34c 100644 --- a/deploy/static/provider/kind/deploy.yaml +++ b/deploy/static/provider/kind/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -328,7 +343,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -340,7 +355,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -372,7 +387,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -395,7 +410,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -440,7 +455,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -522,7 +537,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -533,7 +548,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -569,7 +584,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -580,7 +595,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -618,7 +633,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -631,7 +646,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/deploy/static/provider/scw/deploy.yaml b/deploy/static/provider/scw/deploy.yaml index ff8b820b31..d52f014896 100644 --- a/deploy/static/provider/scw/deploy.yaml +++ b/deploy/static/provider/scw/deploy.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx --- @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx --- @@ -39,7 +39,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx rules: @@ -90,6 +90,21 @@ rules: - get - list - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create - apiGroups: - coordination.k8s.io resourceNames: @@ -129,7 +144,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx rules: @@ -148,7 +163,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx rules: - apiGroups: @@ -230,7 +245,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission rules: - apiGroups: @@ -249,7 +264,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx namespace: ingress-nginx roleRef: @@ -269,7 +284,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission namespace: ingress-nginx roleRef: @@ -288,7 +303,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io @@ -307,7 +322,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission roleRef: apiGroup: rbac.authorization.k8s.io @@ -329,7 +344,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx --- @@ -343,7 +358,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -376,7 +391,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller-admission namespace: ingress-nginx spec: @@ -399,7 +414,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-controller namespace: ingress-nginx spec: @@ -439,7 +454,7 @@ spec: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.5.2@sha256:3870522ed937c9efb94bfa31a7eb16009831567a0d4cbe01846fc5486d622655 + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -511,7 +526,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create namespace: ingress-nginx spec: @@ -522,7 +537,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-create spec: containers: @@ -558,7 +573,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch namespace: ingress-nginx spec: @@ -569,7 +584,7 @@ spec: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission-patch spec: containers: @@ -607,7 +622,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: nginx spec: controller: k8s.io/ingress-nginx @@ -620,7 +635,7 @@ metadata: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.5.2 + app.kubernetes.io/version: 1.5.1 name: ingress-nginx-admission webhooks: - admissionReviewVersions: diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 71a27b15f3..29495b5c0a 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -62,7 +62,7 @@ It will install the controller in the `ingress-nginx` namespace, creating that n **If you don't have Helm** or if you prefer to use a YAML manifest, you can run the following command instead: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` !!! info @@ -225,7 +225,7 @@ In AWS, we use a Network load balancer (NLB) to expose the NGINX Ingress control ##### Network Load Balancer (NLB) ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/deploy.yaml ``` ##### TLS termination in AWS Load Balancer (NLB) @@ -233,10 +233,10 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont By default, TLS is terminated in the ingress controller. But it is also possible to terminate TLS in the Load Balancer. This section explains how to do that on AWS using an NLB. -1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template +1. Download the [deploy.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml) template ```console - wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml + wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml ``` 2. Edit the file and change the VPC CIDR in use for the Kubernetes cluster: @@ -282,7 +282,7 @@ Then, the ingress controller can be installed like this: ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` !!! warning @@ -299,7 +299,7 @@ Proxy-protocol is supported in GCE check the [Official Documentations on how to #### Azure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` More information with regard to Azure annotations for ingress controller can be found in the [official AKS documentation](https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller). @@ -307,7 +307,7 @@ More information with regard to Azure annotations for ingress controller can be #### Digital Ocean ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/do/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/do/deploy.yaml ``` - By default the service object of the ingress-nginx-controller for Digital-Ocean, only configures one annotation. Its this one `service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"`. While this makes the service functional, it was reported that the Digital-Ocean LoadBalancer graphs shows `no data`, unless a few other annotations are also configured. Some of these other annotations require values that can not be generic and hence not forced in a out-of-the-box installation. These annotations and a discussion on them is well documented in [this issue](https://github.com/kubernetes/ingress-nginx/issues/8965). Please refer to the issue to add annotations, with values specific to user, to get graphs of the DO-LB populated with data. @@ -315,7 +315,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont #### Scaleway ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/scw/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/scw/deploy.yaml ``` #### Exoscale @@ -330,7 +330,7 @@ The full list of annotations supported by Exoscale is available in the Exoscale #### Oracle Cloud Infrastructure ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/cloud/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml ``` A @@ -357,7 +357,7 @@ For quick testing, you can use a This should work on almost every cluster, but it will typically use a port in the range 30000-32767. ```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.2/deploy/static/provider/baremetal/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/baremetal/deploy.yaml ``` For more information about bare metal deployments (and how to use port 80 instead of a random port in the 30000-32767 range), diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index f943a96a68..d5aa6cc16b 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -7,685 +7,139 @@ Do not try to edit it manually. -### [[Serial] admission controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L35) - -- [reject ingress with global-rate-limit annotations when memcached is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L48) -- [should not allow overlaps of host and paths without canary annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L75) -- [should allow overlaps of host and paths with canary annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L92) -- [should block ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L113) -- [should return an error if there is an error validating the ingress definition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L130) -- [should return an error if there is an invalid value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L141) -- [should return an error if there is a forbidden value in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L155) -- [should not return an error if the Ingress V1 definition is valid with Ingress Class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L169) -- [should not return an error if the Ingress V1 definition is valid with IngressClass annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L185) -- [should return an error if the Ingress V1 definition contains invalid annotations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L201) -- [should not return an error for an invalid Ingress when it has unknown class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/admission/admission.go#L212) - -### [affinity session-cookie-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L35) - -- [should set sticky cookie SERVERID](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L42) -- [should change cookie name on ingress definition change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L64) -- [should set the path to /something on the generated cookie](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L99) -- [does not set the path to / on the generated cookie if there's more than one rule referring to the same backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L121) -- [should set cookie with expires](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L194) -- [should set cookie with domain](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L225) -- [should not set cookie without domain annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L248) -- [should work with use-regex annotation and session-cookie-path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L270) -- [should warn user when use-regex is true and session-cookie-path is not set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L294) -- [should not set affinity across all server locations when using separate ingresses](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L320) -- [should set sticky cookie without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L352) -- [should work with server-alias annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L372) -- [should set secure in cookie with provided true annotation on http](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L412) -- [should not set secure in cookie with provided false annotation on http](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L435) -- [should set secure in cookie with provided false annotation on https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinity.go#L458) - -### [affinitymode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L31) - -- [Balanced affinity mode should balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L34) -- [Check persistent affinity mode](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/affinitymode.go#L67) - -### [server-alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L29) - -- [should return status code 200 for host 'foo' and 404 for 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L36) -- [should return status code 200 for host 'foo' and 'bar'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L62) -- [should return status code 200 for hosts defined in two ingresses, different path with one alias](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/alias.go#L87) - -### [app-root](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L28) - -- [should redirect to /foo](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/approot.go#L35) - -### [auth-tls-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L29) - -- [should set sslClientCertificate, sslVerifyClient and sslVerifyDepth with auth-tls-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L36) -- [should set valid auth-tls-secret, sslVerify to off, and sslVerifyDepth to 2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L84) -- [should 302 redirect to error page instead of 400 when auth-tls-error-page is set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L114) -- [should pass URL-encoded certificate to upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L161) -- [should validate auth-tls-verify-client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L206) -- [should return 403 using auth-tls-match-cn with no matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L266) -- [should return 200 using auth-tls-match-cn with matching CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L295) -- [should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/authtls.go#L324) - -### [backend-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L27) - -- [should set backend protocol to https:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L34) -- [should set backend protocol to $scheme:// and use proxy_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L49) -- [should set backend protocol to grpc:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L64) -- [should set backend protocol to grpcs:// and use grpc_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L79) -- [should set backend protocol to '' and use fastcgi_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L94) -- [should set backend protocol to '' and use ajp_pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/backendprotocol.go#L109) - -### [canary-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L36) - -- [should response with a 200 status from the mainline upstream when requests are made to the mainline ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L48) -- [should return 404 status for requests to the canary if no matching ingress is found](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L80) -- [should return the correct status codes when endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L107) -- [should route requests to the correct upstream if mainline ingress is created before the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L161) -- [should route requests to the correct upstream if mainline ingress is created after the canary ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L206) -- [should route requests to the correct upstream if the mainline ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L250) -- [should route requests to the correct upstream if the canary ingress is modified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L307) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L372) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L426) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L490) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L532) -- [should routes to mainline upstream when the given Regex causes error](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L566) -- [should route requests to the correct upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L604) -- [respects always and never values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L643) -- [should route requests only to mainline if canary weight is 0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L705) -- [should route requests only to canary if canary weight is 100](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L743) -- [should route requests only to canary if canary weight is equal to canary weight total](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L775) -- [should route requests split between mainline and canary if canary weight is 50](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L808) -- [should not use canary as a catch-all server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L836) -- [should not use canary with domain as a server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L864) -- [does not crash when canary ingress has multiple paths to the same non-matching backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L888) -- [always routes traffic to canary if first request was affinitized to canary (default behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L916) -- [always routes traffic to canary if first request was affinitized to canary (explicit sticky behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L973) -- [routes traffic to either mainline or canary backend (legacy behavior)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/canary.go#L1031) - -### [client-body-buffer-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L28) - -- [should set client_body_buffer_size to 1000](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L35) -- [should set client_body_buffer_size to 1K](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L57) -- [should set client_body_buffer_size to 1k](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L79) -- [should set client_body_buffer_size to 1m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L101) -- [should set client_body_buffer_size to 1M](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L123) -- [should not set client_body_buffer_size to invalid 1b](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/clientbodybuffersize.go#L145) - -### [connection-proxy-header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L29) - -- [set connection header to keep-alive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/connection.go#L36) - -### [cors-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L28) - -- [should enable cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L35) -- [should set cors methods to only allow POST, GET](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L62) -- [should set cors max-age](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L78) -- [should disable cors allow credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L94) -- [should allow origin for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L110) -- [should allow headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L137) -- [should expose headers for cors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L153) -- [should allow - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L169) -- [should not allow - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L196) -- [should allow correct origins - single origin for multiple cors values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L216) -- [should not break functionality](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L267) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L291) -- [should not break functionality with extra domain](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L314) -- [should not match](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L338) -- [should allow - single origin with required port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L358) -- [should not allow - single origin with port and origin without port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L386) -- [should not allow - single origin without port and origin with required port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L405) -- [should allow - matching origin with wildcard origin (2 subdomains)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L425) -- [should not allow - unmatching origin with wildcard origin (2 subdomains)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L468) -- [should allow - matching origin+port with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L488) -- [should not allow - portless origin with wildcard origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L515) -- [should allow correct origins - missing subdomain + origin with wildcard origin and correct origin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L535) -- [should allow - missing origins (should allow all origins)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/cors.go#L571) - -### [custom-http-errors](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L34) - -- [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/customhttperrors.go#L41) - -### [default-backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L29) - -- [should use a custom default backend as upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/default_backend.go#L37) - -### [disable-access-log disable-http-access-log disable-stream-access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L28) - -- [disable-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L35) -- [disable-http-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L53) -- [disable-stream-access-log set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/disableaccesslog.go#L71) - -### [backend-protocol - FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L31) - -- [should use fastcgi_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L38) -- [should add fastcgi_index in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L55) -- [should add fastcgi_param in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L72) -- [should return OK for service with backend protocol FastCGI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fastcgi.go#L105) - -### [force-ssl-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L27) - -- [should redirect to https](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/forcesslredirect.go#L34) - -### [from-to-www-redirect](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L31) - -- [should redirect from www HTTP to HTTP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L38) -- [should redirect from www HTTPS to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/fromtowwwredirect.go#L64) - -### [annotation-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L30) - -- [generates correct configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/globalratelimit.go#L38) - -### [backend-protocol - GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L40) - -- [should use grpc_pass in the configuration file](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L43) -- [should return OK for service with backend protocol GRPC](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L68) -- [authorization metadata should be overwritten by external auth response headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L126) -- [should return OK for service with backend protocol GRPCS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/grpc.go#L199) - -### [http2-push-preload](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L27) - -- [enable the http2-push-preload directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/http2pushpreload.go#L34) - -### [influxdb-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L39) - -- [should send the request metric to the influxdb server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/influxdb.go#L48) - -### [whitelist-source-range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L27) - -- [should set valid ip whitelist range](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/ipwhitelist.go#L34) - -### [Annotation - limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L31) - -- [should limit-connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitconnections.go#L38) - -### [limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L29) - -- [Check limit-rate annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/limitrate.go#L37) - -### [enable-access-log enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L27) - -- [set access_log off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L34) -- [set rewrite_log on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/log.go#L49) - -### [mirror-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L28) - -- [should set mirror-target to http://localhost/mirror](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L36) -- [should set mirror-target to https://test.env.com/$request_uri](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L51) -- [should disable mirror-request-body](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/mirror.go#L67) - -### [modsecurity owasp](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L28) - -- [should enable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L35) -- [should enable modsecurity with transaction ID and OWASP rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L53) -- [should disable modsecurity](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L74) -- [should enable modsecurity with snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L91) -- [should enable modsecurity without using 'modsecurity on;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L110) -- [should disable modsecurity using 'modsecurity off;'](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L132) -- [should enable modsecurity with snippet and block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L153) -- [should enable modsecurity globally and with modsecurity-snippet block requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L189) -- [should enable modsecurity when enable-owasp-modsecurity-crs is set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L225) -- [should enable modsecurity through the config map](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L264) -- [should enable modsecurity through the config map but ignore snippet as disabled by admin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L305) -- [should disable default modsecurity conf setting when modsecurity-snippet is specified](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/modsecurity/modsecurity.go#L347) - -### [preserve-trailing-slash](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L27) - -- [should allow preservation of trailing slashes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/preservetrailingslash.go#L34) - -### [proxy-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L28) - -- [should set proxy_redirect to off](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L36) -- [should set proxy_redirect to default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L52) -- [should set proxy_redirect to hello.com goodbye.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L68) -- [should set proxy client-max-body-size to 8m](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L85) -- [should not set proxy client-max-body-size to incorrect value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L100) -- [should set valid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L115) -- [should not set invalid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L136) -- [should turn on proxy-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L157) -- [should turn off proxy-request-buffering](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L179) -- [should build proxy next upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L194) -- [should setup proxy cookies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L215) -- [should change the default proxy HTTP version](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxy.go#L233) - -### [proxy-ssl-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L30) - -- [should set valid proxy-ssl-secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L37) -- [should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L64) -- [should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L94) -- [should set valid proxy-ssl-secret, proxy-ssl-protocols](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L122) -- [proxy-ssl-location-only flag should change the nginx config server part](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/proxyssl.go#L150) - -### [permanent-redirect permanent-redirect-code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L30) - -- [should respond with a standard redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L33) -- [should respond with a custom redirect code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/redirect.go#L61) - -### [rewrite-target use-regex enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L30) - -- [should write rewrite logs](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L37) -- [should use correct longest path match](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L66) -- [should use ~* location modifier if regex annotation is present](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L111) -- [should fail to use longest match for documented warning](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L158) -- [should allow for custom rewrite parameters](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/rewrite.go#L190) - -### [satisfy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L35) - -- [should configure satisfy directive correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L42) -- [should allow multiple auth with satisfy any](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/satisfy.go#L84) - -### [server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L28) - -- [add valid directives to server via server snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L35) -- [drops server snippet if disabled by the administrator](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serversnippet.go#L61) - -### [service-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L32) - -- [should use the Service Cluster IP and Port ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L41) -- [should use the Service Cluster IP and Port ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L70) -- [should not use the Service Cluster IP and Port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/serviceupstream.go#L99) - -### [configuration-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L28) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L35) -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/snippet.go#L58) - -### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L28) - -- [should change ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/sslciphers.go#L35) - -### [stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L34) - -- [should add value of stream-snippet to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L41) -- [should add stream-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/streamsnippet.go#L85) - -### [upstream-hash-by-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L76) - -- [should connect to the same pod](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L83) -- [should connect to the same subset of pods](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamhashby.go#L92) - -### [upstream-vhost](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L27) - -- [set host to upstreamvhost.bar.com](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/upstreamvhost.go#L34) - -### [x-forwarded-prefix](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L28) - -- [should set the X-Forwarded-Prefix to the annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L35) -- [should not add X-Forwarded-Prefix if the annotation value is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/xforwardedprefix.go#L57) - -### [auth-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L39) - -- [should return status code 200 when no authentication is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L46) -- [should return status code 503 when authentication is configured with an invalid secret](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L65) -- [should return status code 401 when authentication is configured but Authorization header is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L89) -- [should return status code 401 when authentication is configured and Authorization header is sent with invalid credentials](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L116) -- [should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L144) -- [should return status code 200 when authentication is configured and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L172) -- [should return status code 200 when authentication is configured with a map and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L199) -- [should return status code 401 when authentication is configured with invalid content and Authorization header is sent](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L227) -- [ when external auth is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L266) -- [ when external auth is not configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L284) -- [ when auth-headers are set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L301) -- [should set cache_key when external auth cache is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L322) -- [user retains cookie by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L411) -- [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L422) -- [user with annotated ingress retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L433) -- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L485) -- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L494) -- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L505) -- [should overwrite Foo header with auth response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L529) -- [should not create additional upstream block when auth-keepalive is not set](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L552) -- [should not create additional upstream block when host part of auth-url contains a variable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L570) -- [should not create additional upstream block when auth-keepalive is negative](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L590) -- [should not create additional upstream block when auth-keepalive is set with HTTP/2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L609) -- [should create additional upstream block when auth-keepalive is set with HTTP/1.x](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L623) -- [should return status code 200 when signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L678) -- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L687) -- [keeps processing new ingresses even if one of the existing ingresses is misconfigured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L698) -- [should return status code 200 when signed in after auth backend is deleted ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L772) -- [should deny login for different location on same server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L792) -- [should deny login for different servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L820) -- [should redirect to signin url when not signed in](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L849) -- [should return 503 (location was denied)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L879) -- [should add error to the config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/annotations/auth.go#L887) - -### [Debug CLI](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L29) - -- [should list the backend servers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L37) -- [should get information for a specific backend server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L56) -- [should produce valid JSON for /dbg general](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/dbg/main.go#L85) - -### [[Default Backend] custom service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L33) - -- [uses custom default backend that returns 200 as status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/custom_default_backend.go#L36) - -### [[Default Backend]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L30) - -- [should return 404 sending requests when only a default backend is running](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L33) -- [enables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L88) -- [disables access logging for default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/default_backend.go#L105) - -### [[Default Backend] SSL](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L26) - -- [should return a self generated SSL certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/ssl.go#L29) - -### [[Default Backend] change default settings](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L30) - -- [should apply the annotation to the default backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/defaultbackend/with_hosts.go#L38) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/e2e_test.go#L) - -### [[Endpointslices] long service name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L29) - -- [should return 200 when service name has max allowed number of characters 63](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/endpointslices/longname.go#L38) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/deployment.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/exec.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/fastcgi_helloserver.go#L) - -### [[Setting] ](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L190) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L206) -- [ [MemoryLeak]](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/framework.go#L207) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/grpc_fortune_teller.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/healthz.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/array.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/array.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/chain.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/chain.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/cookie.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/cookie.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/match.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/match.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/object.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/object.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/reporter.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/reporter.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/request.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/response.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/response.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/string.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/string.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/value.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/httpexpect/value.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/influxdb.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/k8s.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/logs.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/metrics.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/ssl.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/ssl.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/test_context.go#L) - -### [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) - -- [](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/framework/util.go#L) - -### [[Shutdown] Grace period shutdown](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L32) - -- [/healthz should return status code 500 during shutdown grace period](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/grace_period.go#L35) - -### [[Shutdown] ingress controller](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L30) - -- [should shutdown in less than 60 secons without pending connections](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L40) -- [should shutdown after waiting 60 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L61) -- [should shutdown after waiting 150 seconds for pending connections to be closed](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/shutdown.go#L106) - -### [[Shutdown] Graceful shutdown with pending request](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L25) - -- [should let slow requests finish before shutting down](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/gracefulshutdown/slow_requests.go#L33) - -### [[Ingress] DeepInspection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/deep_inspection.go#L27) - -- [should drop whole ingress if one path matches invalid regex](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/deep_inspection.go#L34) - -### [single ingress - multiple hosts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L30) - -- [should set the correct $service_name NGINX variable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/multiple_rules.go#L38) - -### [[Ingress] [PathType] exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L30) - -- [should choose exact location for /exact](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_exact.go#L37) - -### [[Ingress] [PathType] mix Exact and Prefix paths](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L30) - -- [should choose the correct location](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_mixed.go#L39) - -### [[Ingress] [PathType] prefix checks](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L28) +### [Geoip2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L37) -- [should return 404 when prefix /aaa does not match request /aaaccc](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/pathtype_prefix.go#L35) +- [should include geoip2 line in config when enabled and db file exists](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L46) +- [should only allow requests from specific countries](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L70) -### [[Ingress] definition without host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L31) +### [[Security] global-auth-url](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L34) -- [should set ingress details variables for ingresses without a host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L34) -- [should set ingress details variables for ingresses with host without IngressRuleValue, only Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ingress/without_host.go#L55) +- [should return status code 401 when request any protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L85) +- [should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L102) +- [should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L126) +- [should still return status code 200 after auth backend is deleted using cache](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L155) +- [should proxy_method method when global-auth-method is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L197) +- [should add custom error page when global-auth-signin url is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L210) +- [should add auth headers when global-auth-response-headers is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L223) +- [should set request-redirect when global-auth-request-redirect is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L237) +- [should set snippet when global external auth is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L250) +- [user retains cookie by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L326) +- [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L337) +- [user with global-auth-always-set-cookie key in configmap retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L348) -### [[Memory Leak] Dynamic Certificates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L35) +### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L40) -- [should not leak memory from ingress SSL certificates or configuration updates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/leaks/lua_ssl.go#L42) +- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L43) -### [[Load Balancer] load-balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L28) +### [log-format-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L28) -- [should apply the configmap load-balance setting](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L35) +- [should disable the log-format-escape-json by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L40) +- [should enable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L47) +- [should disable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L55) +- [log-format-escape-json enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L66) +- [log-format-escape-json disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L89) -### [[Load Balancer] EWMA](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L31) +### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L29) -- [does not fail requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L42) +- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) +- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) -### [[Load Balancer] round-robin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L31) +### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) -- [should evenly distribute requests with round-robin (default algorithm)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L39) +- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) +- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) -### [[Lua] dynamic certificates](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L37) +### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L28) -- [picks up the certificate when we add TLS spec to existing ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L45) -- [picks up the previously missing secret for a given ingress without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L70) -- [supports requests with domain with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L145) -- [picks up the updated certificate without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L149) -- [falls back to using default certificate when secret gets deleted without reloading](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L185) -- [picks up a non-certificate only change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L218) -- [removes HTTPS configuration when we delete TLS spec](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_certificates.go#L233) +- [Add ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L31) -### [[Lua] dynamic configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L42) +### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) -- [configures balancer Lua middleware correctly](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L50) -- [handles endpoints only changes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L62) -- [handles endpoints only changes (down scaling of replicas)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L87) -- [handles endpoints only changes consistently (down scaling of replicas vs. empty service)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L125) -- [handles an annotation change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/lua/dynamic_configuration.go#L171) +- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) +- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) +- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) +- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) -### [nginx-configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L99) +### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L28) -- [start nginx with default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L102) -- [fails when using alias directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L115) -- [fails when using root directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/nginx/nginx.go#L124) +- [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L35) -### [[Security] request smuggling](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L32) +### [configmap server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L28) -- [should not return body content from error_page](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/request_smuggling.go#L39) +- [should add value of server-snippet setting to all ingress config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L35) +- [should add global server-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L92) -### [[Security] validate path fields](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L42) +### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L33) -- [should accept an ingress with valid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L49) -- [should drop an ingress with invalid path](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L67) -- [should drop an ingress with regex path and regex disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L84) -- [should accept an ingress with regex path and regex enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L101) -- [should reject an ingress with invalid path and regex enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/security/invalid_paths.go#L118) +- [should ignore catch all Ingress with backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L50) +- [should ignore catch all Ingress with backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L69) +- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L81) +- [should allow Ingress with rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L123) -### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L33) +### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) -- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L36) -- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L54) +- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) +- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) -### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L59) +### [keep-alive keep-alive-requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L28) -- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L62) -- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L95) -- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L129) -- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L153) -- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L184) -- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L217) -- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L248) -- [should sync ingress on external name service addition/deletion](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L311) +- [should set keepalive_timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L40) +- [should set keepalive_requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L48) +- [should set keepalive connection to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L59) +- [should set keep alive connection timeout to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L68) +- [should set the request count to upstream server through one keep alive connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L77) -### [[Service] Nil Service Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L31) +### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27) -- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) +- [should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L31) +- [should be enabled when set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L39) +- [should be disabled when set to false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L49) -### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L27) +### [[Flag] watch namespace selector](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L30) -- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L32) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L42) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L54) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L67) -- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L80) +- [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L70) -### [Bad annotation values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L29) +### [[Flag] disable-service-external-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L34) -- [[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L36) -- [[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L67) -- [[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L102) -- [[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L133) +- [should ignore services of external-name type](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L51) -### [brotli](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L30) +### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L48) -- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) +- [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L58) +- [should exists opentracing directive when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L71) +- [should include opentracing_trust_incoming_span off directive when disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L85) +- [should not exists opentracing_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L100) +- [should exists opentracing_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L115) +- [should not exists opentracing_location_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L130) +- [should exists opentracing_location_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L145) +- [should enable opentracing using zipkin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L160) +- [should enable opentracing using jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L172) +- [should enable opentracing using jaeger with sampler host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L184) +- [should propagate the w3c header when configured with jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L197) +- [should enable opentracing using jaeger with an HTTP endpoint](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L228) +- [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L241) ### [Configmap change](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L29) - [should reload after an update in the configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/configmap_change.go#L36) -### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) - -- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) -- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) - -### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) - -- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) -- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) - -### [[Flag] disable-catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L33) - -- [should ignore catch all Ingress with backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L50) -- [should ignore catch all Ingress with backend and rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L69) -- [should delete Ingress updated to catch-all](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L81) -- [should allow Ingress with rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_catch_all.go#L123) - -### [[Flag] disable-service-external-name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L35) - -- [should ignore services of external-name type](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/disable_service_external_name.go#L52) - -### [enable-real-ip](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L30) - -- [trusts X-Forwarded-For header only when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L40) -- [should not trust X-Forwarded-For header when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/enable_real_ip.go#L78) - -### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) - -- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) -- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L92) - -### [Geoip2](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L37) - -- [should include geoip2 line in config when enabled and db file exists](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L46) -- [should only allow requests from specific countries](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/geoip2.go#L70) +### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) -### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) +- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) -- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) -- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) -- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) +### [access-log](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L26) -### [[Security] global-auth-url](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L34) - -- [should return status code 401 when request any protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L85) -- [should return status code 200 when request whitelisted (via no-auth-locations) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L102) -- [should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L126) -- [should still return status code 200 after auth backend is deleted using cache](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L155) -- [should proxy_method method when global-auth-method is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L197) -- [should add custom error page when global-auth-signin url is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L210) -- [should add auth headers when global-auth-response-headers is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L223) -- [should set request-redirect when global-auth-request-redirect is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L237) -- [should set snippet when global external auth is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L250) -- [user retains cookie by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L326) -- [user does not retain cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L337) -- [user with global-auth-always-set-cookie key in configmap retains cookie if upstream returns error status code](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_external_auth.go#L348) +- [use the default configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L31) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L41) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L53) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L66) +- [use the specified configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/access_log.go#L79) ### [global-options](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L28) - [should have worker_rlimit_nofile option](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L31) - [should have worker_rlimit_nofile option and be independent on amount of worker processes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_options.go#L38) -### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) - -- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) - -### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) - -- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) -- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) -- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) -- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) -- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) -- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) -- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) - ### [[Flag] ingress-class](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L39) - [should ignore Ingress with a different class annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L68) @@ -701,164 +155,139 @@ Do not try to edit it manually. - [should watch Ingress with correct annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L631) - [should ignore Ingress with only IngressClassName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ingress_class.go#L652) -### [keep-alive keep-alive-requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L28) - -- [should set keepalive_timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L40) -- [should set keepalive_requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L48) -- [should set keepalive connection to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L59) -- [should set keep alive connection timeout to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L68) -- [should set keepalive time to upstream server](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L77) -- [should set the request count to upstream server through one keep alive connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/keep-alive.go#L86) - -### [Configmap - limit-rate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L28) - -- [Check limit-rate config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/limit_rate.go#L36) - -### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) +### [reuse-port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L27) -- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) -- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) -- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) +- [reuse port should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L38) +- [reuse port should be disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L44) +- [reuse port should be enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L52) -### [log-format-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L28) +### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) -- [should not configure log-format escape by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L40) -- [should enable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L47) -- [should disable the log-format-escape-json](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L55) -- [should enable the log-format-escape-none](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L63) -- [should disable the log-format-escape-none](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L71) -- [log-format-escape-json enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L82) -- [log-format default escape](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L105) -- [log-format-escape-none enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/log-format.go#L128) +- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) +- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) -### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) +### [[SSL] [Flag] default-ssl-certificate](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L33) -- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) +- [uses default ssl certificate for catch-all ingress](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L64) +- [uses default ssl certificate for host based ingress when configured certificate does not match host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/default_ssl_certificate.go#L80) -### [main-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L27) +### [brotli](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L30) -- [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) +- [ condition](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/brotli.go#L39) -### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) +### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L36) -- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) +- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L39) -### [enable-multi-accept](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L27) +### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) -- [should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L31) -- [should be enabled when set to true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L39) -- [should be disabled when set to false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/multi_accept.go#L49) +- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) +- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) -### [[Flag] watch namespace selector](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L30) +### [[Security] block-*](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L28) -- [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L70) +- [should block CIDRs defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L38) +- [should block User-Agents defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L55) +- [should block Referers defined in the ConfigMap](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/global_access_block.go#L88) -### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33) +### [settings-global-rate-limit](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L30) -- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54) -- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68) -- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82) +- [generates correct NGINX configuration](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/globalratelimit.go#L38) ### [Add no tls redirect locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L28) - [Check no tls redirect locations config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_tls_redirect_locations.go#L31) -### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42) +### [main-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L27) -- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49) +- [should add value of main-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/main_snippet.go#L31) -### [Configure OpenTracing](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L48) +### [[Lua] lua-shared-dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L26) -- [should not exists opentracing directive](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L58) -- [should exists opentracing directive when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L71) -- [should include opentracing_trust_incoming_span off directive when disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L85) -- [should not exists opentracing_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L100) -- [should exists opentracing_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L115) -- [should not exists opentracing_location_operation_name directive when is empty](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L130) -- [should exists opentracing_location_operation_name directive when is configured](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L145) -- [should enable opentracing using zipkin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L160) -- [should enable opentracing using jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L172) -- [should enable opentracing using jaeger with sampler host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L184) -- [should propagate the w3c header when configured with jaeger](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L197) -- [should enable opentracing using jaeger with an HTTP endpoint](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L228) -- [should enable opentracing using datadog](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/opentracing.go#L241) +- [configures lua shared dicts](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/lua_shared_dicts.go#L29) -### [plugins](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L28) +### [Bad annotation values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L29) -- [should exist a x-hello-world header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/plugins.go#L35) +- [[BAD_ANNOTATIONS] should drop an ingress if there is an invalid character in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L36) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a forbidden word in some annotation](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L67) +- [[BAD_ANNOTATIONS] should allow an ingress if there is a default blocklist config in place](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L102) +- [[BAD_ANNOTATIONS] should drop an ingress if there is a custom blocklist config in place and allow others to pass](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/badannotationvalues.go#L133) -### [[Security] Pod Security Policies](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L41) +### [[SSL] TLS protocols, ciphers and headers)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L31) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy.go#L44) +- [setting cipher suite](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L65) +- [enforcing TLS v1.0](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L87) +- [setting max-age parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L133) +- [setting includeSubDomains parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L149) +- [setting preload parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L168) +- [overriding what's set from the upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L188) +- [should not use ports during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L209) +- [should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L227) -### [[Security] Pod Security Policies with volumes](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L37) +### [[Security] modsecurity-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L27) -- [should be running with a Pod Security Policy](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/pod_security_policy_volumes.go#L40) +- [should add value of modsecurity-snippet setting to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/modsecurity/modsecurity_snippet.go#L30) -### [proxy-connect-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L28) +### [OCSP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L42) -- [should set valid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L36) -- [should not set invalid proxy timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_connect_timeout.go#L52) +- [should enable OCSP and contain stapling information in the connection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ocsp/ocsp.go#L49) -### [Dynamic $proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L28) +### [configmap stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L34) -- [should exist a proxy_host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L36) -- [should exist a proxy_host using the upstream-vhost annotation value](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_host.go#L57) +- [should add value of stream-snippet via config map to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L41) -### [proxy-next-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L28) +### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) -- [should build proxy next upstream using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L36) +- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) +- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) -### [use-proxy-protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L36) +### [proxy-next-upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L28) -- [should respect port passed by the PROXY Protocol](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L46) -- [should respect proto passed by the PROXY Protocol server port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L79) -- [should enable PROXY Protocol for HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L112) -- [should enable PROXY Protocol for TCP](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_protocol.go#L155) +- [should build proxy next upstream using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_next_upstream.go#L36) -### [proxy-read-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L28) +### [hash size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L27) -- [should set valid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L36) -- [should not set invalid proxy read timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_read_timeout.go#L52) +- [should set server_names_hash_bucket_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L40) +- [should set server_names_hash_max_size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L48) +- [should set proxy-headers-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L60) +- [should set proxy-headers-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L68) +- [should set variables-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L80) +- [should set variables-hash-max-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L88) +- [should set vmap-hash-bucket-size](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/hash-size.go#L100) -### [proxy-send-timeout](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L28) +### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33) -- [should set valid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L36) -- [should not set invalid proxy send timeouts using configmap values](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/proxy_send_timeout.go#L52) +- [should return status code 401 when accessing '/' unauthentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L54) +- [should return status code 200 when accessing '/' authentication](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L68) +- [should return status code 200 when accessing '/noauth' unauthenticated](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L82) -### [reuse-port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L27) +### [[Flag] custom HTTP and HTTPS ports](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L32) -- [reuse port should be enabled by default](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L38) -- [reuse port should be disabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L44) -- [reuse port should be enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/reuse-port.go#L52) +- [should set X-Forwarded-Port headers accordingly when listening on a non-default HTTP port](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L48) +- [should set X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L70) +- [should set the X-Forwarded-Port header to 443](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/listen_nondefault_ports.go#L100) -### [configmap server-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L28) +### [use-forwarded-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L30) -- [should add value of server-snippet setting to all ingress config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L35) -- [should add global server-snippet and drop annotations per admin config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_snippet.go#L92) +- [should trust X-Forwarded headers when setting is true](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L40) +- [should not trust X-Forwarded headers when setting is false](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/forwarded_headers.go#L92) -### [server-tokens](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L29) +### [add-headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L30) -- [should not exists Server header in the response](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L38) -- [should exists Server header in the response when is enabled](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/server_tokens.go#L50) +- [Add a custom header](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L40) +- [Add multiple custom headers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/custom_header.go#L65) -### [ssl-ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L28) +### [[Load Balancer] round-robin](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L31) -- [Add ssl ciphers](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/ssl_ciphers.go#L31) +- [should evenly distribute requests with round-robin (default algorithm)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/round_robin.go#L39) -### [configmap stream-snippet](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L35) +### [[Load Balancer] EWMA](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L31) -- [should add value of stream-snippet via config map to nginx config](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/stream_snippet.go#L42) +- [does not fail requests](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/ewma.go#L42) -### [[SSL] TLS protocols, ciphers and headers)](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L31) +### [[Load Balancer] load-balance](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L28) -- [setting cipher suite](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L65) -- [setting max-age parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L111) -- [setting includeSubDomains parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L127) -- [setting preload parameter](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L146) -- [overriding what's set from the upstream](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L166) -- [should not use ports during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L187) -- [should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/tls.go#L205) +- [should apply the configmap load-balance setting](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/loadbalance/configmap.go#L35) ### [[SSL] redirect to HTTPS](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/http_redirect.go#L29) @@ -869,11 +298,22 @@ Do not try to edit it manually. - [should not appear references to secret updates not used in ingress rules](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L40) - [should return the fake SSL certificate if the secret is invalid](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/ssl/secret_update.go#L82) -### [[Status] status update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L38) +### [[Service] Type ExternalName](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L58) -- [should update status field after client-go reconnection](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/status/update.go#L43) +- [works with external name set to incomplete fqdn](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L61) +- [should return 200 for service type=ExternalName without a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L94) +- [should return 200 for service type=ExternalName with a port defined](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L128) +- [should return status 502 for service type=ExternalName with an invalid host](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L152) +- [should return 200 for service type=ExternalName using a port name](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L183) +- [should return 200 for service type=ExternalName using FQDN with trailing dot](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L216) +- [should update the external name after a service update](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L247) +- [should sync ingress on external name service addition/deletion](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_externalname.go#L310) -### [[TCP] tcp-services](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L37) +### [[Service] Nil Service Backend](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L31) + +- [should return 404 when backend service is nil](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_nil_backend.go#L38) -- [should expose a TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L40) -- [should expose an ExternalName TCP service](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/tcpudp/tcp.go#L98) \ No newline at end of file +### [[Service] backend status code 503](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L33) + +- [should return 503 when backend service does not exist](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L36) +- [should return 503 when all backend service endpoints are unavailable](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/servicebackend/service_backend.go#L54) From a6badc438f33b5d7d2fff5f3444c0364af76a42d Mon Sep 17 00:00:00 2001 From: James Strong Date: Thu, 29 Dec 2022 20:02:55 -0500 Subject: [PATCH 36/52] roll helm chart forward Signed-off-by: James Strong --- charts/ingress-nginx/Chart.yaml | 2 +- charts/ingress-nginx/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index 461601f594..2a15960f71 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 4.4.0 +version: 4.4.2 appVersion: 1.5.1 home: https://github.com/kubernetes/ingress-nginx description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index af71493fe2..e4ef9ec1bf 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.4.0](https://img.shields.io/badge/Version-4.4.0-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) +![Version: 4.4.2](https://img.shields.io/badge/Version-4.4.2-informational?style=flat-square) ![AppVersion: 1.5.1](https://img.shields.io/badge/AppVersion-1.5.1-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. From 5bfd3e2a674a0b6e36282df3d48077c9ed5bd8c8 Mon Sep 17 00:00:00 2001 From: Kir Shatrov Date: Fri, 6 Jan 2023 18:07:58 +0300 Subject: [PATCH 37/52] Optional podman support (#9294) --- .gitignore | 1 + build/run-in-docker.sh | 45 ++++++++++++++++++++++-------------------- 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/.gitignore b/.gitignore index 0943c3b1af..2c0accad75 100644 --- a/.gitignore +++ b/.gitignore @@ -59,3 +59,4 @@ images/fastcgi-helloserver/rootfs/fastcgi-helloserver cmd/plugin/release/ingress-nginx.yaml cmd/plugin/release/*.tar.gz cmd/plugin/release/LICENSE +tmp/ diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index d41464e2ec..44ca2d5f79 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -19,20 +19,26 @@ if [ "$DEBUG" == "true" ]; then set -x fi +RUNTIME=${RUNTIME:-"docker"} + set -o errexit set -o nounset set -o pipefail # temporal directory for the /etc/ingress-controller directory -INGRESS_VOLUME=$(mktemp -d) +if [[ "$OSTYPE" == darwin* ]] && [[ "$RUNTIME" == podman ]]; then + mkdir -p "tmp" + INGRESS_VOLUME=$(pwd)/$(mktemp -d tmp/XXXXXX) +else + INGRESS_VOLUME=$(mktemp -d) + if [[ "$OSTYPE" == darwin* ]]; then + INGRESS_VOLUME=/private$INGRESS_VOLUME + fi +fi # make sure directory for SSL cert storage exists under ingress volume mkdir "${INGRESS_VOLUME}/ssl" -if [[ "$OSTYPE" == darwin* ]]; then - INGRESS_VOLUME=/private$INGRESS_VOLUME -fi - function cleanup { rm -rf "${INGRESS_VOLUME}" } @@ -40,6 +46,11 @@ trap cleanup EXIT E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20221221-controller-v1.5.1-62-g6ffaef32a@sha256:8f025472964cd15ae2d379503aba150565a8d78eb36b41ddfc5f1e3b1ca81a8e} +if [[ "$RUNTIME" == podman ]]; then + # Podman does not support both tag and digest + E2E_IMAGE=$(echo $E2E_IMAGE | awk -F "@sha" '{print $1}') +fi + DOCKER_OPTS=${DOCKER_OPTS:-} DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-} @@ -82,20 +93,12 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then /bin/bash -c "${FLAGS}" else echo "Reached DIND check ELSE block, inside run-in-docker.sh" - docker run \ - ${PLATFORM_FLAG} ${PLATFORM} \ - --tty \ - --rm \ - ${DOCKER_OPTS} \ - -e DEBUG=${DEBUG} \ - -e GOCACHE="/go/src/${PKG}/.cache" \ - -e GOMODCACHE="/go/src/${PKG}/.modcache" \ - -e DOCKER_IN_DOCKER_ENABLED="true" \ - -v "${HOME}/.kube:${HOME}/.kube" \ - -v "${KUBE_ROOT}:/go/src/${PKG}" \ - -v "${KUBE_ROOT}/bin/${ARCH}:/go/bin/linux_${ARCH}" \ - -v "/var/run/docker.sock:/var/run/docker.sock" \ - -v "${INGRESS_VOLUME}:/etc/ingress-controller/" \ - -w "/go/src/${PKG}" \ - ${E2E_IMAGE} /bin/bash -c "${FLAGS}" + + args="${PLATFORM_FLAG} ${PLATFORM} --tty --rm ${DOCKER_OPTS} -e DEBUG=${DEBUG} -e GOCACHE="/go/src/${PKG}/.cache" -e GOMODCACHE="/go/src/${PKG}/.modcache" -e DOCKER_IN_DOCKER_ENABLED="true" -v "${HOME}/.kube:${HOME}/.kube" -v "${KUBE_ROOT}:/go/src/${PKG}" -v "${KUBE_ROOT}/bin/${ARCH}:/go/bin/linux_${ARCH}" -v "${INGRESS_VOLUME}:/etc/ingress-controller/" -w "/go/src/${PKG}"" + + if [[ "$RUNTIME" == "docker" ]]; then + args="$args -v /var/run/docker.sock:/var/run/docker.sock" + fi + + ${RUNTIME} run $args ${E2E_IMAGE} /bin/bash -c "${FLAGS}" fi From 96b3d216550e8aa538a730fa112a40e8f75aec95 Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Sun, 8 Jan 2023 00:37:27 +0100 Subject: [PATCH 38/52] bump OpenTelemetry (#9489) --- images/opentelemetry/rootfs/CMakeLists.txt | 2 +- images/opentelemetry/rootfs/Dockerfile | 4 ++-- images/opentelemetry/rootfs/build.sh | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/images/opentelemetry/rootfs/CMakeLists.txt b/images/opentelemetry/rootfs/CMakeLists.txt index e4abc7346b..ef90b5805b 100644 --- a/images/opentelemetry/rootfs/CMakeLists.txt +++ b/images/opentelemetry/rootfs/CMakeLists.txt @@ -21,7 +21,7 @@ project( LANGUAGES CXX VERSION 0.0.1) -set(CMAKE_CXX_STANDARD 11) +set(CMAKE_CXX_STANDARD 17) set(CMAKE_CXX_EXTENSIONS OFF) set(CMAKE_CXX_STANDARD_REQUIRED ON) set(CMAKE_CXX_FLAGS "-O2") diff --git a/images/opentelemetry/rootfs/Dockerfile b/images/opentelemetry/rootfs/Dockerfile index 7746edbf10..aa4e219afd 100644 --- a/images/opentelemetry/rootfs/Dockerfile +++ b/images/opentelemetry/rootfs/Dockerfile @@ -26,12 +26,12 @@ RUN apk update \ # install gRPC FROM base as grpc -RUN bash /opt/third_party/build.sh -g v1.43.2 +RUN bash /opt/third_party/build.sh -g v1.49.2 # install OpenTelemetry-cpp FROM base as otel-cpp COPY --from=grpc /opt/third_party/install/ /usr -RUN bash /opt/third_party/build.sh -o v1.3.0 +RUN bash /opt/third_party/build.sh -o v1.8.1 # install otel_ngx_module.so FROM base as nginx diff --git a/images/opentelemetry/rootfs/build.sh b/images/opentelemetry/rootfs/build.sh index 19914932cc..6ad4601c66 100755 --- a/images/opentelemetry/rootfs/build.sh +++ b/images/opentelemetry/rootfs/build.sh @@ -100,9 +100,9 @@ install_otel() -DBUILD_SHARED_LIBS=OFF \ -DWITH_OTLP=ON \ -DWITH_OTLP_GRPC=ON \ - -DWITH_EXAMPLES=OFF \ - -DWITH_ABSEIL=ON \ -DWITH_OTLP_HTTP=OFF \ + -DWITH_ABSEIL=OFF \ + -DWITH_EXAMPLES=OFF \ .. cmake --build . -j ${CORES} --target install } @@ -126,7 +126,7 @@ install_nginx() export NGINX_VERSION=1.21.6 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/2656a4...main - export OPENTELEMETRY_CONTRIB_COMMIT=6467ec2e4d67b08b44580b7eb7a298786f4eef91 + export OPENTELEMETRY_CONTRIB_COMMIT=1ec94c82095bab61f06c7393b6f3272469d285af mkdir -p /etc/nginx cd "$BUILD_PATH" From 490e872b4ab779b811d4828502309971c348f6ba Mon Sep 17 00:00:00 2001 From: Ehsan Saei <71217171+esigo@users.noreply.github.com> Date: Sun, 8 Jan 2023 22:21:28 +0100 Subject: [PATCH 39/52] update OpenTelemetry image (#9491) * update OpenTelemetry image * helm-doc --- charts/ingress-nginx/README.md | 2 +- charts/ingress-nginx/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index e4ef9ec1bf..57f4ea0726 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -393,7 +393,7 @@ Kubernetes: `>=1.20.0-0` | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | | controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | controller.opentelemetry.enabled | bool | `false` | | -| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c"` | | +| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230107-helm-chart-4.4.2-2-g96b3d2165@sha256:331b9bebd6acfcd2d3048abbdd86555f5be76b7e3d0b5af4300b04235c6056c9"` | | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index b7089addbd..26252ac291 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -593,7 +593,7 @@ controller: opentelemetry: enabled: false - image: registry.k8s.io/ingress-nginx/opentelemetry:v20221114-controller-v1.5.1-6-ga66ee73c5@sha256:41076fd9fb4255677c1a3da1ac3fc41477f06eba3c7ebf37ffc8f734dad51d7c + image: registry.k8s.io/ingress-nginx/opentelemetry:v20230107-helm-chart-4.4.2-2-g96b3d2165@sha256:331b9bebd6acfcd2d3048abbdd86555f5be76b7e3d0b5af4300b04235c6056c9 containerSecurityContext: allowPrivilegeEscalation: false From 5b0403314c61e8f28a5a5c6b30c5fa36c7b34114 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Sun, 8 Jan 2023 22:59:28 +0100 Subject: [PATCH 40/52] Admission Webhooks/Job: Add `NetworkPolicy`. (#9218) --- .../job-patch/clusterrolebinding.yaml | 2 +- .../job-patch/networkpolicy.yaml | 26 +++++++++++++++++++ .../admission-webhooks/job-patch/role.yaml | 2 +- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml index 002abd43ba..8719532611 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.fullname" . }}-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml new file mode 100644 index 0000000000..08b32257c9 --- /dev/null +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.networkPolicyEnabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "ingress-nginx.labels" . | nindent 6 }} + app.kubernetes.io/component: admission-webhook + policyTypes: + - Ingress + - Egress + egress: + - {} +{{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml index 2aab6f4b12..ea7c208189 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "ingress-nginx.fullname" . }}-admission + name: {{ include "ingress-nginx.fullname" . }}-admission namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade From f82e29a7302d1219c30726588c8e3aa0409fcfe2 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Sun, 8 Jan 2023 23:25:27 +0100 Subject: [PATCH 41/52] add github actions stale bot (#9439) Signed-off-by: cpanato Signed-off-by: cpanato --- .github/workflows/stale.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/stale.yaml diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml new file mode 100644 index 0000000000..736585e05a --- /dev/null +++ b/.github/workflows/stale.yaml @@ -0,0 +1,24 @@ +name: 'Stale Issues and PRs' + +on: + schedule: + - cron: '30 1 * * *' + +jobs: + stale: + runs-on: ubuntu-latest + + permissions: + issues: write + pull-requests: write + + steps: + - uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b # v7.0.0 + with: + stale-issue-message: 'This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack.' + stale-pr-message: 'This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack.' + stale-issue-label: lifecycle/frozen + stale-pr-label: lifecycle/frozen + days-before-issue-stale: 30 + days-before-pr-stale: 45 + days-before-close: -1 # dont not close issues/prs From 0b34a037ce41efacbbb1fe13ea0fea617452458b Mon Sep 17 00:00:00 2001 From: Naseem Ullah <24660299+naseemkullah@users.noreply.github.com> Date: Sun, 8 Jan 2023 17:27:28 -0500 Subject: [PATCH 42/52] Update monitoring.md (#9269) --- docs/user-guide/monitoring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/monitoring.md b/docs/user-guide/monitoring.md index 5c53213ea6..cc9fb91ec0 100644 --- a/docs/user-guide/monitoring.md +++ b/docs/user-guide/monitoring.md @@ -357,7 +357,7 @@ Prometheus metrics are exposed on port 10254. * `nginx_ingress_controller_request_duration_seconds` Histogram - The request processing time in milliseconds (affected by client speed) + The request processing time in seconds (affected by client speed) nginx var: `request_time` From 9926f1d642335b57c05b79ce00e5e55904cca6e4 Mon Sep 17 00:00:00 2001 From: Julien Pellet Date: Sun, 8 Jan 2023 17:29:27 -0500 Subject: [PATCH 43/52] Fix indentation on serviceAccount annotation (#9129) From bbf7c79f96d54e3815c28c0e4ca54334a902925d Mon Sep 17 00:00:00 2001 From: yutachaos <18604471+yutachaos@users.noreply.github.com> Date: Mon, 9 Jan 2023 07:37:27 +0900 Subject: [PATCH 44/52] Add update updateStrategy and minReadySeconds for defaultBackend (#8506) * Add update updateStrategy and minReadySeconds for defaultBackend * Bump chart * Fixed docs helm-docs version --- charts/ingress-nginx/README.md | 2 ++ .../templates/default-backend-deployment.yaml | 5 +++++ charts/ingress-nginx/values.yaml | 11 +++++++++++ 3 files changed, 18 insertions(+) diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 57f4ea0726..00d85156ea 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -481,6 +481,7 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.livenessProbe.successThreshold | int | `1` | | | defaultBackend.livenessProbe.timeoutSeconds | int | `5` | | | defaultBackend.minAvailable | int | `1` | | +| defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | defaultBackend.name | string | `"defaultbackend"` | | | defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | | defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # | @@ -504,6 +505,7 @@ Kubernetes: `>=1.20.0-0` | defaultBackend.serviceAccount.create | bool | `true` | | | defaultBackend.serviceAccount.name | string | `""` | | | defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| defaultBackend.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | | dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | | imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | | podSecurityPolicy.enabled | bool | `false` | | diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index fd3e96e9ef..87aced49db 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -19,6 +19,11 @@ spec: replicas: {{ .Values.defaultBackend.replicaCount }} {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if .Values.defaultBackend.updateStrategy }} + strategy: + {{ toYaml .Values.defaultBackend.updateStrategy | nindent 4 }} + {{- end }} + minReadySeconds: {{ .Values.defaultBackend.minReadySeconds }} template: metadata: {{- if .Values.defaultBackend.podAnnotations }} diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 26252ac291..a7fab0fe90 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -841,6 +841,17 @@ defaultBackend: successThreshold: 1 timeoutSeconds: 5 + # -- The update strategy to apply to the Deployment or DaemonSet + ## + updateStrategy: {} + # rollingUpdate: + # maxUnavailable: 1 + # type: RollingUpdate + + # -- `minReadySeconds` to avoid killing pods before we are ready + ## + minReadySeconds: 0 + # -- Node tolerations for server scheduling to nodes with taints ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## From 8ed3a27e255aef5616de631986f8cbfc1b882a5a Mon Sep 17 00:00:00 2001 From: Phil Nichol <35630607+philnichol@users.noreply.github.com> Date: Sun, 8 Jan 2023 22:43:28 +0000 Subject: [PATCH 45/52] Adding ipdenylist annotation (#8795) * feat: Add support for IP Deny List * fixed gomod * Update package * go mod tidy * Revert "go mod tidy" This reverts commit e6a837e1e76d72115e8727a33d2f4c1cd7249f1f. * update ginko version * Updates e2e tests * fix test typo --- .../nginx-configuration/annotations.md | 12 + .../nginx-configuration/configmap.md | 6 + internal/ingress/annotations/annotations.go | 3 + .../ingress/annotations/ipdenylist/main.go | 95 + .../annotations/ipdenylist/main_test.go | 216 ++ internal/ingress/controller/config/config.go | 1 + internal/ingress/controller/controller.go | 1 + .../ingress/controller/template/configmap.go | 8 + .../controller/template/configmap_test.go | 2 + internal/ingress/defaults/main.go | 4 + pkg/apis/ingress/types.go | 6 + pkg/apis/ingress/types_equals.go | 3 + rootfs/etc/nginx/template/nginx.tmpl | 4 + test/data/config.json | 3060 +++++++++++++++++ test/e2e/annotations/ipdenylist.go | 147 + 15 files changed, 3568 insertions(+) create mode 100644 internal/ingress/annotations/ipdenylist/main.go create mode 100644 internal/ingress/annotations/ipdenylist/main_test.go create mode 100644 test/e2e/annotations/ipdenylist.go diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 49e2525897..8cc6f4c168 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -109,6 +109,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/x-forwarded-prefix](#x-forwarded-prefix-header)|string| |[nginx.ingress.kubernetes.io/load-balance](#custom-nginx-load-balancing)|string| |[nginx.ingress.kubernetes.io/upstream-vhost](#custom-nginx-upstream-vhost)|string| +|[nginx.ingress.kubernetes.io/denylist-source-range](#denylist-source-range)|CIDR| |[nginx.ingress.kubernetes.io/whitelist-source-range](#whitelist-source-range)|CIDR| |[nginx.ingress.kubernetes.io/proxy-buffering](#proxy-buffering)|string| |[nginx.ingress.kubernetes.io/proxy-buffers-number](#proxy-buffers-number)|number| @@ -638,6 +639,17 @@ To enable this feature use the annotation `nginx.ingress.kubernetes.io/from-to-w !!! attention For HTTPS to HTTPS redirects is mandatory the SSL Certificate defined in the Secret, located in the TLS section of Ingress, contains both FQDN in the common name of the certificate. +### Denylist source range + +You can specify blocked client IP source ranges through the `nginx.ingress.kubernetes.io/denylist-source-range` annotation. +The value is a comma separated list of [CIDRs](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing), e.g. `10.0.0.0/24,172.10.0.1`. + +To configure this setting globally for all Ingress rules, the `denylist-source-range` value may be set in the [NGINX ConfigMap](./configmap.md#denylist-source-range). + +!!! note + Adding an annotation to an Ingress rule overrides any global restriction. + + ### Whitelist source range You can specify allowed client IP source ranges through the `nginx.ingress.kubernetes.io/whitelist-source-range` annotation. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index f5d22d11c4..77cee05078 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -176,6 +176,7 @@ The following table shows a configuration option's name, type, and the default v |[proxy-request-buffering](#proxy-request-buffering)|string|"on"| |[ssl-redirect](#ssl-redirect)|bool|"true"| |[force-ssl-redirect](#force-ssl-redirect)|bool|"false"| +|[denylist-source-range](#denylist-source-range)|[]string|[]string{}| |[whitelist-source-range](#whitelist-source-range)|[]string|[]string{}| |[skip-access-log-urls](#skip-access-log-urls)|[]string|[]string{}| |[limit-rate](#limit-rate)|int|0| @@ -1096,6 +1097,11 @@ _**default:**_ "true" Sets the global value of redirects (308) to HTTPS if the server has a default TLS certificate (defined in extra-args). _**default:**_ "false" +## denylist-source-range + +Sets the default denylisted IPs for each `server` block. This can be overwritten by an annotation on an Ingress rule. +See [ngx_http_access_module](https://nginx.org/en/docs/http/ngx_http_access_module.html). + ## whitelist-source-range Sets the default whitelisted IPs for each `server` block. This can be overwritten by an annotation on an Ingress rule. diff --git a/internal/ingress/annotations/annotations.go b/internal/ingress/annotations/annotations.go index fe7400ac76..14415a4f7b 100644 --- a/internal/ingress/annotations/annotations.go +++ b/internal/ingress/annotations/annotations.go @@ -44,6 +44,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/http2pushpreload" "k8s.io/ingress-nginx/internal/ingress/annotations/influxdb" + "k8s.io/ingress-nginx/internal/ingress/annotations/ipdenylist" "k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist" "k8s.io/ingress-nginx/internal/ingress/annotations/loadbalancing" "k8s.io/ingress-nginx/internal/ingress/annotations/log" @@ -110,6 +111,7 @@ type Ingress struct { LoadBalancing string UpstreamVhost string Whitelist ipwhitelist.SourceRange + Denylist ipdenylist.SourceRange XForwardedPrefix string SSLCipher sslcipher.Config Logs log.Config @@ -160,6 +162,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor { "LoadBalancing": loadbalancing.NewParser(cfg), "UpstreamVhost": upstreamvhost.NewParser(cfg), "Whitelist": ipwhitelist.NewParser(cfg), + "Denylist": ipdenylist.NewParser(cfg), "XForwardedPrefix": xforwardedprefix.NewParser(cfg), "SSLCipher": sslcipher.NewParser(cfg), "Logs": log.NewParser(cfg), diff --git a/internal/ingress/annotations/ipdenylist/main.go b/internal/ingress/annotations/ipdenylist/main.go new file mode 100644 index 0000000000..f6a0e10f19 --- /dev/null +++ b/internal/ingress/annotations/ipdenylist/main.go @@ -0,0 +1,95 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ipdenylist + +import ( + "fmt" + "sort" + "strings" + + networking "k8s.io/api/networking/v1" + "k8s.io/ingress-nginx/internal/net" + + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + ing_errors "k8s.io/ingress-nginx/internal/ingress/errors" + "k8s.io/ingress-nginx/internal/ingress/resolver" + "k8s.io/ingress-nginx/pkg/util/sets" +) + +// SourceRange returns the CIDR +type SourceRange struct { + CIDR []string `json:"cidr,omitempty"` +} + +// Equal tests for equality between two SourceRange types +func (sr1 *SourceRange) Equal(sr2 *SourceRange) bool { + if sr1 == sr2 { + return true + } + if sr1 == nil || sr2 == nil { + return false + } + + return sets.StringElementsMatch(sr1.CIDR, sr2.CIDR) +} + +type ipdenylist struct { + r resolver.Resolver +} + +// NewParser creates a new denylist annotation parser +func NewParser(r resolver.Resolver) parser.IngressAnnotation { + return ipdenylist{r} +} + +// ParseAnnotations parses the annotations contained in the ingress +// rule used to limit access to certain client addresses or networks. +// Multiple ranges can specified using commas as separator +// e.g. `18.0.0.0/8,56.0.0.0/8` +func (a ipdenylist) Parse(ing *networking.Ingress) (interface{}, error) { + defBackend := a.r.GetDefaultBackend() + + defaultDenylistSourceRange := make([]string, len(defBackend.DenylistSourceRange)) + copy(defaultDenylistSourceRange, defBackend.DenylistSourceRange) + sort.Strings(defaultDenylistSourceRange) + + val, err := parser.GetStringAnnotation("denylist-source-range", ing) + // A missing annotation is not a problem, just use the default + if err == ing_errors.ErrMissingAnnotations { + return &SourceRange{CIDR: defaultDenylistSourceRange}, nil + } + + values := strings.Split(val, ",") + ipnets, ips, err := net.ParseIPNets(values...) + if err != nil && len(ips) == 0 { + return &SourceRange{CIDR: defaultDenylistSourceRange}, ing_errors.LocationDenied{ + Reason: fmt.Errorf("the annotation does not contain a valid IP address or network: %w", err), + } + } + + cidrs := []string{} + for k := range ipnets { + cidrs = append(cidrs, k) + } + for k := range ips { + cidrs = append(cidrs, k) + } + + sort.Strings(cidrs) + + return &SourceRange{cidrs}, nil +} diff --git a/internal/ingress/annotations/ipdenylist/main_test.go b/internal/ingress/annotations/ipdenylist/main_test.go new file mode 100644 index 0000000000..eb69aa5202 --- /dev/null +++ b/internal/ingress/annotations/ipdenylist/main_test.go @@ -0,0 +1,216 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ipdenylist + +import ( + "testing" + + api "k8s.io/api/core/v1" + networking "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + "k8s.io/ingress-nginx/internal/ingress/defaults" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +func buildIngress() *networking.Ingress { + defaultBackend := networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: "default-backend", + Port: networking.ServiceBackendPort{ + Number: 80, + }, + }, + } + + return &networking.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "foo", + Namespace: api.NamespaceDefault, + }, + Spec: networking.IngressSpec{ + DefaultBackend: &networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: "default-backend", + Port: networking.ServiceBackendPort{ + Number: 80, + }, + }, + }, + Rules: []networking.IngressRule{ + { + Host: "foo.bar.com", + IngressRuleValue: networking.IngressRuleValue{ + HTTP: &networking.HTTPIngressRuleValue{ + Paths: []networking.HTTPIngressPath{ + { + Path: "/foo", + Backend: defaultBackend, + }, + }, + }, + }, + }, + }, + }, + } +} + +func TestParseAnnotations(t *testing.T) { + ing := buildIngress() + tests := map[string]struct { + net string + expectCidr []string + expectErr bool + errOut string + }{ + "test parse a valid net": { + net: "10.0.0.0/24", + expectCidr: []string{"10.0.0.0/24"}, + expectErr: false, + }, + "test parse a invalid net": { + net: "ww", + expectErr: true, + errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ww", + }, + "test parse a empty net": { + net: "", + expectErr: true, + errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ", + }, + "test parse a malicious escaped string": { + net: `10.0.0.0/8"rm /tmp",11.0.0.0/8`, + expectErr: true, + errOut: `the annotation does not contain a valid IP address or network: invalid CIDR address: 10.0.0.0/8"rm /tmp"`, + }, + "test parse multiple valid cidr": { + net: "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24", + expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"}, + expectErr: false, + }, + } + + for testName, test := range tests { + data := map[string]string{} + data[parser.GetAnnotationWithPrefix("denylist-source-range")] = test.net + ing.SetAnnotations(data) + p := NewParser(&resolver.Mock{}) + i, err := p.Parse(ing) + if err != nil && !test.expectErr { + t.Errorf("%v:unexpected error: %v", testName, err) + } + if test.expectErr { + if err.Error() != test.errOut { + t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error()) + } + } + if !test.expectErr { + sr, ok := i.(*SourceRange) + if !ok { + t.Errorf("%v:expected a SourceRange type", testName) + } + if !strsEquals(sr.CIDR, test.expectCidr) { + t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR) + } + } + } +} + +type mockBackend struct { + resolver.Mock +} + +// GetDefaultBackend returns the backend that must be used as default +func (m mockBackend) GetDefaultBackend() defaults.Backend { + return defaults.Backend{ + DenylistSourceRange: []string{"4.4.4.0/24", "1.2.3.4/32"}, + } +} + +// Test that when we have a denylist set on the Backend that is used when we +// don't have the annotation +func TestParseAnnotationsWithDefaultConfig(t *testing.T) { + ing := buildIngress() + + mockBackend := mockBackend{} + + tests := map[string]struct { + net string + expectCidr []string + expectErr bool + errOut string + }{ + "test parse a valid net": { + net: "10.0.0.0/24", + expectCidr: []string{"10.0.0.0/24"}, + expectErr: false, + }, + "test parse a invalid net": { + net: "ww", + expectErr: true, + errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ww", + }, + "test parse a empty net": { + net: "", + expectErr: true, + errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ", + }, + "test parse multiple valid cidr": { + net: "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24", + expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"}, + expectErr: false, + }, + } + + for testName, test := range tests { + data := map[string]string{} + data[parser.GetAnnotationWithPrefix("denylist-source-range")] = test.net + ing.SetAnnotations(data) + p := NewParser(mockBackend) + i, err := p.Parse(ing) + if err != nil && !test.expectErr { + t.Errorf("%v:unexpected error: %v", testName, err) + } + if test.expectErr { + if err.Error() != test.errOut { + t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error()) + } + } + if !test.expectErr { + sr, ok := i.(*SourceRange) + if !ok { + t.Errorf("%v:expected a SourceRange type", testName) + } + if !strsEquals(sr.CIDR, test.expectCidr) { + t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR) + } + } + } +} + +func strsEquals(a, b []string) bool { + if len(a) != len(b) { + return false + } + for i, v := range a { + if v != b[i] { + return false + } + } + return true +} diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 8bf71b7749..f064dad53e 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -895,6 +895,7 @@ func NewDefault() Configuration { PreserveTrailingSlash: false, SSLRedirect: true, CustomHTTPErrors: []int{}, + DenylistSourceRange: []string{}, WhitelistSourceRange: []string{}, SkipAccessLogURLs: []string{}, LimitRate: 0, diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index f60f7a0533..8eee56647b 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -1412,6 +1412,7 @@ func locationApplyAnnotations(loc *ingress.Location, anns *annotations.Ingress) loc.Redirect = anns.Redirect loc.Rewrite = anns.Rewrite loc.UpstreamVhost = anns.UpstreamVhost + loc.Denylist = anns.Denylist loc.Whitelist = anns.Whitelist loc.Denied = anns.Denied loc.XForwardedPrefix = anns.XForwardedPrefix diff --git a/internal/ingress/controller/template/configmap.go b/internal/ingress/controller/template/configmap.go index 35a0e45367..61e8e49985 100644 --- a/internal/ingress/controller/template/configmap.go +++ b/internal/ingress/controller/template/configmap.go @@ -41,6 +41,7 @@ const ( customHTTPErrors = "custom-http-errors" skipAccessLogUrls = "skip-access-log-urls" whitelistSourceRange = "whitelist-source-range" + denylistSourceRange = "denylist-source-range" proxyRealIPCIDR = "proxy-real-ip-cidr" bindAddress = "bind-address" httpRedirectCode = "http-redirect-code" @@ -100,6 +101,7 @@ func ReadConfig(src map[string]string) config.Configuration { to := config.NewDefault() errors := make([]int, 0) skipUrls := make([]string, 0) + denyList := make([]string, 0) whiteList := make([]string, 0) proxyList := make([]string, 0) hideHeadersList := make([]string, 0) @@ -169,6 +171,11 @@ func ReadConfig(src map[string]string) config.Configuration { skipUrls = splitAndTrimSpace(val, ",") } + if val, ok := conf[denylistSourceRange]; ok { + delete(conf, denylistSourceRange) + denyList = append(denyList, splitAndTrimSpace(val, ",")...) + } + if val, ok := conf[whitelistSourceRange]; ok { delete(conf, whitelistSourceRange) whiteList = append(whiteList, splitAndTrimSpace(val, ",")...) @@ -395,6 +402,7 @@ func ReadConfig(src map[string]string) config.Configuration { to.CustomHTTPErrors = filterErrors(errors) to.SkipAccessLogURLs = skipUrls + to.DenylistSourceRange = denyList to.WhitelistSourceRange = whiteList to.ProxyRealIPCIDR = proxyList to.BindAddressIpv4 = bindAddressIpv4List diff --git a/internal/ingress/controller/template/configmap_test.go b/internal/ingress/controller/template/configmap_test.go index be3ffb0cec..c662e0bc71 100644 --- a/internal/ingress/controller/template/configmap_test.go +++ b/internal/ingress/controller/template/configmap_test.go @@ -149,6 +149,7 @@ func TestMergeConfigMapToStruct(t *testing.T) { def = config.NewDefault() def.LuaSharedDicts = defaultLuaSharedDicts + def.DenylistSourceRange = []string{"2.2.2.2/32"} def.WhitelistSourceRange = []string{"1.1.1.1/32"} def.DisableIpv6DNS = true @@ -161,6 +162,7 @@ func TestMergeConfigMapToStruct(t *testing.T) { def.Checksum = fmt.Sprintf("%v", hash) to = ReadConfig(map[string]string{ + "denylist-source-range": "2.2.2.2/32", "whitelist-source-range": "1.1.1.1/32", "disable-ipv6-dns": "true", }) diff --git a/internal/ingress/defaults/main.go b/internal/ingress/defaults/main.go index bc97342574..0aab2ff478 100644 --- a/internal/ingress/defaults/main.go +++ b/internal/ingress/defaults/main.go @@ -139,6 +139,10 @@ type Backend struct { // http://nginx.org/en/docs/http/ngx_http_access_module.html WhitelistSourceRange []string `json:"whitelist-source-range"` + // DenylistSourceRange allows limiting access to certain client addresses + // http://nginx.org/en/docs/http/ngx_http_access_module.html + DenylistSourceRange []string `json:"denylist-source-range"` + // Limits the rate of response transmission to a client. // The rate is specified in bytes per second. The zero value disables rate limiting. // The limit is set per a request, and so if a client simultaneously opens two connections, diff --git a/pkg/apis/ingress/types.go b/pkg/apis/ingress/types.go index 7c1c825b75..9395683ece 100644 --- a/pkg/apis/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -30,6 +30,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations/fastcgi" "k8s.io/ingress-nginx/internal/ingress/annotations/globalratelimit" "k8s.io/ingress-nginx/internal/ingress/annotations/influxdb" + "k8s.io/ingress-nginx/internal/ingress/annotations/ipdenylist" "k8s.io/ingress-nginx/internal/ingress/annotations/ipwhitelist" "k8s.io/ingress-nginx/internal/ingress/annotations/log" "k8s.io/ingress-nginx/internal/ingress/annotations/mirror" @@ -222,6 +223,7 @@ type Server struct { // In some cases when more than one annotations is defined a particular order in the execution // is required. // The chain in the execution order of annotations should be: +// - Denylist // - Whitelist // - RateLimit // - BasicDigestAuth @@ -292,6 +294,10 @@ type Location struct { // Rewrite describes the redirection this location. // +optional Rewrite rewrite.Config `json:"rewrite,omitempty"` + // Denylist indicates only connections from certain client + // addresses or networks are allowed. + // +optional + Denylist ipdenylist.SourceRange `json:"denylist,omitempty"` // Whitelist indicates only connections from certain client // addresses or networks are allowed. // +optional diff --git a/pkg/apis/ingress/types_equals.go b/pkg/apis/ingress/types_equals.go index a954a253bf..0941e09560 100644 --- a/pkg/apis/ingress/types_equals.go +++ b/pkg/apis/ingress/types_equals.go @@ -401,6 +401,9 @@ func (l1 *Location) Equal(l2 *Location) bool { if !(&l1.Rewrite).Equal(&l2.Rewrite) { return false } + if !(&l1.Denylist).Equal(&l2.Denylist) { + return false + } if !(&l1.Whitelist).Equal(&l2.Whitelist) { return false } diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 3ace12bc32..02c5637f00 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -1262,6 +1262,10 @@ stream { {{ buildModSecurityForLocation $all.Cfg $location }} {{ if isLocationAllowed $location }} + {{ if gt (len $location.Denylist.CIDR) 0 }} + {{ range $ip := $location.Denylist.CIDR }} + deny {{ $ip }};{{ end }} + {{ end }} {{ if gt (len $location.Whitelist.CIDR) 0 }} {{ range $ip := $location.Whitelist.CIDR }} allow {{ $ip }};{{ end }} diff --git a/test/data/config.json b/test/data/config.json index b506399bd8..5d8a88cbe1 100644 --- a/test/data/config.json +++ b/test/data/config.json @@ -100,6 +100,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": ["1.1.1.1"] + }, "whitelist": { "cidr": ["1.1.1.1"] }, @@ -150,6 +153,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": ["1.1.1.1"] + }, "whitelist": { "cidr": ["1.1.1.1"] }, @@ -206,6 +212,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -256,6 +265,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -306,6 +318,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": null + }, "whitelist": { "cidr": null }, @@ -362,6 +377,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": null + }, "whitelist": { "cidr": null }, @@ -418,6 +436,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -474,6 +495,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -530,6 +554,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -586,6 +613,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -642,6 +672,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -698,6 +731,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -754,6 +790,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -810,6 +849,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -866,6 +908,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -922,6 +967,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -978,6 +1026,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1034,6 +1085,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1090,6 +1144,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1146,6 +1203,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1202,6 +1262,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1258,6 +1321,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1314,6 +1380,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1370,6 +1439,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1426,6 +1498,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1482,6 +1557,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1538,6 +1616,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1594,6 +1675,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1650,6 +1734,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1706,6 +1793,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1762,6 +1852,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1818,6 +1911,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1874,6 +1970,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1930,6 +2029,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -1986,6 +2088,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2042,6 +2147,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2098,6 +2206,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2154,6 +2265,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2210,6 +2324,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2266,6 +2383,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2322,6 +2442,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2378,6 +2501,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2434,6 +2560,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2490,6 +2619,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2546,6 +2678,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2602,6 +2737,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2658,6 +2796,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2714,6 +2855,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2770,6 +2914,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2826,6 +2973,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2882,6 +3032,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2938,6 +3091,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -2994,6 +3150,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3050,6 +3209,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3106,6 +3268,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3162,6 +3327,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3218,6 +3386,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3274,6 +3445,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3330,6 +3504,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3386,6 +3563,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3442,6 +3622,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3498,6 +3681,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3554,6 +3740,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3610,6 +3799,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3666,6 +3858,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3722,6 +3917,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3778,6 +3976,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3834,6 +4035,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3890,6 +4094,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -3946,6 +4153,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4002,6 +4212,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4058,6 +4271,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4114,6 +4330,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4170,6 +4389,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4226,6 +4448,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4282,6 +4507,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4338,6 +4566,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4394,6 +4625,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4450,6 +4684,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4506,6 +4743,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4562,6 +4802,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4618,6 +4861,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4674,6 +4920,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4730,6 +4979,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4786,6 +5038,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4842,6 +5097,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4898,6 +5156,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -4954,6 +5215,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5010,6 +5274,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5066,6 +5333,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5122,6 +5392,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5178,6 +5451,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5234,6 +5510,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5290,6 +5569,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5346,6 +5628,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5402,6 +5687,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5458,6 +5746,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5514,6 +5805,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5570,6 +5864,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5626,6 +5923,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5682,6 +5982,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5738,6 +6041,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5794,6 +6100,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5850,6 +6159,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5906,6 +6218,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -5962,6 +6277,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6018,6 +6336,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6074,6 +6395,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6130,6 +6454,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6186,6 +6513,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6242,6 +6572,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6298,6 +6631,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6354,6 +6690,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6410,6 +6749,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6466,6 +6808,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6522,6 +6867,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6578,6 +6926,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6634,6 +6985,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6690,6 +7044,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6746,6 +7103,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6802,6 +7162,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6858,6 +7221,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6914,6 +7280,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -6970,6 +7339,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7026,6 +7398,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7082,6 +7457,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7138,6 +7516,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7194,6 +7575,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7250,6 +7634,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7306,6 +7693,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7362,6 +7752,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7418,6 +7811,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7474,6 +7870,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7530,6 +7929,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7586,6 +7988,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7642,6 +8047,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7698,6 +8106,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7754,6 +8165,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7810,6 +8224,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7866,6 +8283,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7922,6 +8342,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -7978,6 +8401,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8034,6 +8460,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8090,6 +8519,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8146,6 +8578,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8202,6 +8637,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8258,6 +8696,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8314,6 +8755,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8370,6 +8814,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8426,6 +8873,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8482,6 +8932,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8538,6 +8991,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8594,6 +9050,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8650,6 +9109,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8706,6 +9168,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8762,6 +9227,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8818,6 +9286,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8874,6 +9345,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8930,6 +9404,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -8986,6 +9463,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9042,6 +9522,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9098,6 +9581,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9154,6 +9640,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9210,6 +9699,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9266,6 +9758,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9322,6 +9817,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9378,6 +9876,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9434,6 +9935,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9490,6 +9994,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9546,6 +10053,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9602,6 +10112,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9658,6 +10171,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9714,6 +10230,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9770,6 +10289,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9826,6 +10348,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9882,6 +10407,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9938,6 +10466,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -9994,6 +10525,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10050,6 +10584,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10106,6 +10643,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10162,6 +10702,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10218,6 +10761,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10274,6 +10820,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10330,6 +10879,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10386,6 +10938,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10442,6 +10997,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10498,6 +11056,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10554,6 +11115,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10610,6 +11174,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10666,6 +11233,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10722,6 +11292,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10778,6 +11351,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10834,6 +11410,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10890,6 +11469,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -10946,6 +11528,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11002,6 +11587,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11058,6 +11646,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11114,6 +11705,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11170,6 +11764,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11226,6 +11823,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11282,6 +11882,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11338,6 +11941,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11394,6 +12000,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11450,6 +12059,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11506,6 +12118,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11562,6 +12177,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11618,6 +12236,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11674,6 +12295,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11730,6 +12354,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11786,6 +12413,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11842,6 +12472,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11898,6 +12531,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -11954,6 +12590,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12010,6 +12649,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12066,6 +12708,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12122,6 +12767,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12178,6 +12826,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12234,6 +12885,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12290,6 +12944,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12346,6 +13003,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12402,6 +13062,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12458,6 +13121,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12514,6 +13180,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12570,6 +13239,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12626,6 +13298,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12682,6 +13357,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12738,6 +13416,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12794,6 +13475,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12850,6 +13534,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12906,6 +13593,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -12962,6 +13652,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13018,6 +13711,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13074,6 +13770,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13130,6 +13829,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13186,6 +13888,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13242,6 +13947,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13298,6 +14006,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13354,6 +14065,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13410,6 +14124,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13466,6 +14183,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13522,6 +14242,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13578,6 +14301,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13634,6 +14360,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13690,6 +14419,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13746,6 +14478,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13802,6 +14537,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13858,6 +14596,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13914,6 +14655,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -13970,6 +14714,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14026,6 +14773,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14082,6 +14832,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14138,6 +14891,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14194,6 +14950,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14250,6 +15009,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14306,6 +15068,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14362,6 +15127,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14418,6 +15186,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14474,6 +15245,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14530,6 +15304,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14586,6 +15363,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14642,6 +15422,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14698,6 +15481,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14754,6 +15540,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14810,6 +15599,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14866,6 +15658,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14922,6 +15717,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -14978,6 +15776,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15034,6 +15835,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15090,6 +15894,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15146,6 +15953,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15202,6 +16012,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15258,6 +16071,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15314,6 +16130,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15370,6 +16189,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15426,6 +16248,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15482,6 +16307,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15538,6 +16366,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15594,6 +16425,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15650,6 +16484,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15706,6 +16543,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15762,6 +16602,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15818,6 +16661,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15874,6 +16720,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15930,6 +16779,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -15986,6 +16838,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16042,6 +16897,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16098,6 +16956,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16154,6 +17015,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16210,6 +17074,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16266,6 +17133,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16322,6 +17192,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16378,6 +17251,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16434,6 +17310,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16490,6 +17369,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16546,6 +17428,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16602,6 +17487,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16658,6 +17546,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16714,6 +17605,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16770,6 +17664,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16826,6 +17723,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16882,6 +17782,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16938,6 +17841,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -16994,6 +17900,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17050,6 +17959,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17106,6 +18018,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17162,6 +18077,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17218,6 +18136,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17274,6 +18195,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17330,6 +18254,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17386,6 +18313,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17442,6 +18372,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17498,6 +18431,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17554,6 +18490,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17610,6 +18549,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17666,6 +18608,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17722,6 +18667,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17778,6 +18726,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17834,6 +18785,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17890,6 +18844,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -17946,6 +18903,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18002,6 +18962,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18058,6 +19021,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18114,6 +19080,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18170,6 +19139,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18226,6 +19198,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18282,6 +19257,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18338,6 +19316,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18394,6 +19375,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18450,6 +19434,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18506,6 +19493,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18562,6 +19552,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18618,6 +19611,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18674,6 +19670,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18730,6 +19729,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18786,6 +19788,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18842,6 +19847,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18898,6 +19906,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -18954,6 +19965,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19010,6 +20024,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19066,6 +20083,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19122,6 +20142,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19178,6 +20201,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19234,6 +20260,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19290,6 +20319,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19346,6 +20378,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19402,6 +20437,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19458,6 +20496,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19514,6 +20555,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19570,6 +20614,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19626,6 +20673,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19682,6 +20732,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19738,6 +20791,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19794,6 +20850,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19850,6 +20909,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19906,6 +20968,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -19962,6 +21027,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20018,6 +21086,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20074,6 +21145,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20130,6 +21204,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20186,6 +21263,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20242,6 +21322,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20298,6 +21381,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20354,6 +21440,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20410,6 +21499,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20466,6 +21558,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20522,6 +21617,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20578,6 +21676,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20634,6 +21735,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20690,6 +21794,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20746,6 +21853,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20802,6 +21912,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20858,6 +21971,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20914,6 +22030,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -20970,6 +22089,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21026,6 +22148,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21082,6 +22207,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21138,6 +22266,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21194,6 +22325,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21250,6 +22384,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21306,6 +22443,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21362,6 +22502,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21418,6 +22561,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21474,6 +22620,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21530,6 +22679,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21586,6 +22738,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21642,6 +22797,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21698,6 +22856,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21754,6 +22915,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21810,6 +22974,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21866,6 +23033,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21922,6 +23092,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -21978,6 +23151,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22034,6 +23210,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22090,6 +23269,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22146,6 +23328,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22202,6 +23387,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22258,6 +23446,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22314,6 +23505,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22370,6 +23564,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22426,6 +23623,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22482,6 +23682,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22538,6 +23741,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22594,6 +23800,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22650,6 +23859,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22706,6 +23918,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22762,6 +23977,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22818,6 +24036,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22874,6 +24095,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22930,6 +24154,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -22986,6 +24213,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23042,6 +24272,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23098,6 +24331,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23154,6 +24390,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23210,6 +24449,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23266,6 +24508,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23322,6 +24567,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23378,6 +24626,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23434,6 +24685,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23490,6 +24744,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23546,6 +24803,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23602,6 +24862,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23658,6 +24921,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23714,6 +24980,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23770,6 +25039,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23826,6 +25098,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23882,6 +25157,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23938,6 +25216,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -23994,6 +25275,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24050,6 +25334,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24106,6 +25393,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24162,6 +25452,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24218,6 +25511,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24274,6 +25570,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24330,6 +25629,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24386,6 +25688,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24442,6 +25747,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24498,6 +25806,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24554,6 +25865,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24610,6 +25924,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24666,6 +25983,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24722,6 +26042,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24778,6 +26101,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24834,6 +26160,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24890,6 +26219,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -24946,6 +26278,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25002,6 +26337,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25058,6 +26396,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25114,6 +26455,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25170,6 +26514,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25226,6 +26573,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25282,6 +26632,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25338,6 +26691,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25394,6 +26750,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25450,6 +26809,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25506,6 +26868,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25562,6 +26927,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25618,6 +26986,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25674,6 +27045,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25730,6 +27104,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25786,6 +27163,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25842,6 +27222,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25898,6 +27281,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -25954,6 +27340,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26010,6 +27399,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26066,6 +27458,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26122,6 +27517,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26178,6 +27576,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26234,6 +27635,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26290,6 +27694,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26346,6 +27753,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26402,6 +27812,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26458,6 +27871,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26514,6 +27930,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26570,6 +27989,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26626,6 +28048,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26682,6 +28107,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26738,6 +28166,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26794,6 +28225,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26850,6 +28284,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26906,6 +28343,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -26962,6 +28402,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27018,6 +28461,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27074,6 +28520,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27130,6 +28579,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27186,6 +28638,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27242,6 +28697,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27298,6 +28756,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27354,6 +28815,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27410,6 +28874,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27466,6 +28933,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27522,6 +28992,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27578,6 +29051,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27634,6 +29110,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27690,6 +29169,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27746,6 +29228,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27802,6 +29287,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27858,6 +29346,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27914,6 +29405,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -27970,6 +29464,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28026,6 +29523,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28082,6 +29582,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28138,6 +29641,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28194,6 +29700,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28250,6 +29759,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28306,6 +29818,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28362,6 +29877,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28418,6 +29936,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28474,6 +29995,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28530,6 +30054,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28586,6 +30113,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28642,6 +30172,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28698,6 +30231,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28754,6 +30290,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28810,6 +30349,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28866,6 +30408,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28922,6 +30467,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -28978,6 +30526,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29034,6 +30585,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29090,6 +30644,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29146,6 +30703,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29202,6 +30762,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29258,6 +30821,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29314,6 +30880,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29370,6 +30939,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29426,6 +30998,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29482,6 +31057,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29538,6 +31116,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29594,6 +31175,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29650,6 +31234,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29706,6 +31293,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29762,6 +31352,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29818,6 +31411,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29874,6 +31470,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29930,6 +31529,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -29986,6 +31588,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30042,6 +31647,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30098,6 +31706,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30154,6 +31765,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30210,6 +31824,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30266,6 +31883,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30322,6 +31942,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30378,6 +32001,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30434,6 +32060,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30490,6 +32119,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30546,6 +32178,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30602,6 +32237,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30658,6 +32296,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30714,6 +32355,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30770,6 +32414,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30826,6 +32473,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30882,6 +32532,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30938,6 +32591,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -30994,6 +32650,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31050,6 +32709,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31106,6 +32768,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31162,6 +32827,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31218,6 +32886,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31274,6 +32945,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31330,6 +33004,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31386,6 +33063,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31442,6 +33122,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31498,6 +33181,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31554,6 +33240,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31610,6 +33299,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31666,6 +33358,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31722,6 +33417,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31778,6 +33476,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31834,6 +33535,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31890,6 +33594,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -31946,6 +33653,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32002,6 +33712,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32058,6 +33771,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32114,6 +33830,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32170,6 +33889,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32226,6 +33948,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32282,6 +34007,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32338,6 +34066,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32394,6 +34125,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32450,6 +34184,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32506,6 +34243,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32562,6 +34302,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32618,6 +34361,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32674,6 +34420,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32730,6 +34479,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32786,6 +34538,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32842,6 +34597,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32898,6 +34656,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -32954,6 +34715,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33010,6 +34774,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33066,6 +34833,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33122,6 +34892,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33178,6 +34951,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33234,6 +35010,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33290,6 +35069,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33346,6 +35128,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33402,6 +35187,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33458,6 +35246,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33514,6 +35305,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33570,6 +35364,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33626,6 +35423,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33682,6 +35482,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33738,6 +35541,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33794,6 +35600,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33850,6 +35659,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33906,6 +35718,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -33962,6 +35777,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34018,6 +35836,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34074,6 +35895,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34130,6 +35954,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34186,6 +36013,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34242,6 +36072,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34298,6 +36131,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34354,6 +36190,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34410,6 +36249,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34466,6 +36308,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34522,6 +36367,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34578,6 +36426,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34634,6 +36485,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34690,6 +36544,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34746,6 +36603,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34802,6 +36662,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34858,6 +36721,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34914,6 +36780,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -34970,6 +36839,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35026,6 +36898,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35082,6 +36957,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35138,6 +37016,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35194,6 +37075,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35250,6 +37134,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35306,6 +37193,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35362,6 +37252,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35418,6 +37311,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35474,6 +37370,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35530,6 +37429,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35586,6 +37488,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35642,6 +37547,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35698,6 +37606,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35754,6 +37665,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35810,6 +37724,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35866,6 +37783,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35922,6 +37842,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -35978,6 +37901,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36034,6 +37960,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36090,6 +38019,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36146,6 +38078,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36202,6 +38137,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36258,6 +38196,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36314,6 +38255,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36370,6 +38314,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36426,6 +38373,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36482,6 +38432,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36538,6 +38491,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36594,6 +38550,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36650,6 +38609,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36706,6 +38668,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36762,6 +38727,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36818,6 +38786,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36874,6 +38845,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36930,6 +38904,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -36986,6 +38963,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37042,6 +39022,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37098,6 +39081,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37154,6 +39140,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37210,6 +39199,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37266,6 +39258,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37322,6 +39317,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37378,6 +39376,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37434,6 +39435,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37490,6 +39494,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37546,6 +39553,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37602,6 +39612,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37658,6 +39671,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37714,6 +39730,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37770,6 +39789,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37826,6 +39848,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37882,6 +39907,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37938,6 +39966,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -37994,6 +40025,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38050,6 +40084,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38106,6 +40143,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38162,6 +40202,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38218,6 +40261,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38274,6 +40320,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38330,6 +40379,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38386,6 +40438,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38442,6 +40497,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38498,6 +40556,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38554,6 +40615,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38610,6 +40674,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38666,6 +40733,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38722,6 +40792,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38778,6 +40851,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38834,6 +40910,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38890,6 +40969,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -38946,6 +41028,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39002,6 +41087,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39058,6 +41146,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39114,6 +41205,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39170,6 +41264,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39226,6 +41323,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39282,6 +41382,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39338,6 +41441,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39394,6 +41500,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39450,6 +41559,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39506,6 +41618,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39562,6 +41677,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39618,6 +41736,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39674,6 +41795,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39730,6 +41854,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39786,6 +41913,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39842,6 +41972,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39898,6 +42031,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -39954,6 +42090,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40010,6 +42149,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40066,6 +42208,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40122,6 +42267,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40178,6 +42326,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40234,6 +42385,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40290,6 +42444,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40346,6 +42503,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40402,6 +42562,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40458,6 +42621,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40514,6 +42680,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40570,6 +42739,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40626,6 +42798,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40682,6 +42857,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40738,6 +42916,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40794,6 +42975,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40850,6 +43034,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40906,6 +43093,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -40962,6 +43152,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41018,6 +43211,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41074,6 +43270,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41130,6 +43329,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41186,6 +43388,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41242,6 +43447,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41298,6 +43506,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41354,6 +43565,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41410,6 +43624,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41466,6 +43683,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41522,6 +43742,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41578,6 +43801,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41634,6 +43860,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41690,6 +43919,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41746,6 +43978,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41802,6 +44037,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41858,6 +44096,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41914,6 +44155,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -41970,6 +44214,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42026,6 +44273,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42082,6 +44332,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42138,6 +44391,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42194,6 +44450,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42250,6 +44509,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42306,6 +44568,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42362,6 +44627,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42418,6 +44686,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42474,6 +44745,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42530,6 +44804,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42586,6 +44863,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42642,6 +44922,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42698,6 +44981,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42754,6 +45040,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42810,6 +45099,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42866,6 +45158,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42922,6 +45217,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -42978,6 +45276,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43034,6 +45335,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43090,6 +45394,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43146,6 +45453,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43202,6 +45512,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43258,6 +45571,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43314,6 +45630,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43370,6 +45689,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43426,6 +45748,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43482,6 +45807,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43538,6 +45866,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43594,6 +45925,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43650,6 +45984,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43706,6 +46043,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43762,6 +46102,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43818,6 +46161,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43874,6 +46220,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43930,6 +46279,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -43986,6 +46338,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44042,6 +46397,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44098,6 +46456,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44154,6 +46515,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44210,6 +46574,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44266,6 +46633,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44322,6 +46692,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44378,6 +46751,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44434,6 +46810,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44490,6 +46869,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44546,6 +46928,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44602,6 +46987,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44658,6 +47046,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44714,6 +47105,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44770,6 +47164,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44826,6 +47223,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44882,6 +47282,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44938,6 +47341,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -44994,6 +47400,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45050,6 +47459,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45106,6 +47518,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45162,6 +47577,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45218,6 +47636,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45274,6 +47695,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45330,6 +47754,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45386,6 +47813,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45442,6 +47872,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45498,6 +47931,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45554,6 +47990,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45610,6 +48049,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45666,6 +48108,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45722,6 +48167,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45778,6 +48226,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45834,6 +48285,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45890,6 +48344,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -45946,6 +48403,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46002,6 +48462,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46058,6 +48521,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46114,6 +48580,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46170,6 +48639,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46226,6 +48698,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46282,6 +48757,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46338,6 +48816,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46394,6 +48875,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46450,6 +48934,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46506,6 +48993,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46562,6 +49052,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46618,6 +49111,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46674,6 +49170,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46730,6 +49229,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46786,6 +49288,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46842,6 +49347,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46898,6 +49406,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -46954,6 +49465,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47010,6 +49524,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47066,6 +49583,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47122,6 +49642,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47178,6 +49701,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47234,6 +49760,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47290,6 +49819,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47346,6 +49878,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47402,6 +49937,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47458,6 +49996,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47514,6 +50055,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47570,6 +50114,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47626,6 +50173,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47682,6 +50232,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47738,6 +50291,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47794,6 +50350,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47850,6 +50409,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47906,6 +50468,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -47962,6 +50527,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48018,6 +50586,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48074,6 +50645,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48130,6 +50704,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48186,6 +50763,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48242,6 +50822,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48298,6 +50881,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48354,6 +50940,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48410,6 +50999,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48466,6 +51058,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48522,6 +51117,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48578,6 +51176,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48634,6 +51235,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48690,6 +51294,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48746,6 +51353,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48802,6 +51412,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48858,6 +51471,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48914,6 +51530,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -48970,6 +51589,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49026,6 +51648,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49082,6 +51707,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49138,6 +51766,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49194,6 +51825,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49250,6 +51884,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49306,6 +51943,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49362,6 +52002,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49418,6 +52061,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49474,6 +52120,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49530,6 +52179,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49586,6 +52238,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49642,6 +52297,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49698,6 +52356,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49754,6 +52415,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49810,6 +52474,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49866,6 +52533,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49922,6 +52592,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -49978,6 +52651,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50034,6 +52710,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50090,6 +52769,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50146,6 +52828,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50202,6 +52887,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50258,6 +52946,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50314,6 +53005,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50370,6 +53064,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50426,6 +53123,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50482,6 +53182,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50538,6 +53241,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50594,6 +53300,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50650,6 +53359,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50706,6 +53418,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50762,6 +53477,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50818,6 +53536,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50874,6 +53595,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50930,6 +53654,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -50986,6 +53713,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51042,6 +53772,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51098,6 +53831,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51154,6 +53890,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51210,6 +53949,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51266,6 +54008,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51322,6 +54067,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51378,6 +54126,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51434,6 +54185,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51490,6 +54244,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51546,6 +54303,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51602,6 +54362,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51658,6 +54421,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51714,6 +54480,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51770,6 +54539,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51826,6 +54598,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51882,6 +54657,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51938,6 +54716,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -51994,6 +54775,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52050,6 +54834,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52106,6 +54893,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52162,6 +54952,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52218,6 +55011,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52274,6 +55070,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52330,6 +55129,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52386,6 +55188,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52442,6 +55247,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52498,6 +55306,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52554,6 +55365,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52610,6 +55424,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52666,6 +55483,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52722,6 +55542,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52778,6 +55601,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52834,6 +55660,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52890,6 +55719,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -52946,6 +55778,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53002,6 +55837,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53058,6 +55896,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53114,6 +55955,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53170,6 +56014,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53226,6 +56073,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53282,6 +56132,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53338,6 +56191,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53394,6 +56250,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53450,6 +56309,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53506,6 +56368,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53562,6 +56427,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53618,6 +56486,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53674,6 +56545,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53730,6 +56604,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53786,6 +56663,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53842,6 +56722,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53898,6 +56781,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -53954,6 +56840,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54010,6 +56899,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54066,6 +56958,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54122,6 +57017,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54178,6 +57076,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54234,6 +57135,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54290,6 +57194,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54346,6 +57253,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54402,6 +57312,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54458,6 +57371,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54514,6 +57430,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54570,6 +57489,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54626,6 +57548,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54682,6 +57607,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54738,6 +57666,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54794,6 +57725,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54850,6 +57784,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54906,6 +57843,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -54962,6 +57902,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55018,6 +57961,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55074,6 +58020,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55130,6 +58079,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55186,6 +58138,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55242,6 +58197,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55298,6 +58256,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55354,6 +58315,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55410,6 +58374,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55466,6 +58433,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55522,6 +58492,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55578,6 +58551,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55634,6 +58610,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55690,6 +58669,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55746,6 +58728,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55802,6 +58787,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55858,6 +58846,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55914,6 +58905,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -55970,6 +58964,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56026,6 +59023,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56082,6 +59082,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56138,6 +59141,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56194,6 +59200,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56250,6 +59259,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56306,6 +59318,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56362,6 +59377,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56418,6 +59436,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56468,6 +59489,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56524,6 +59548,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56580,6 +59607,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56636,6 +59666,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56692,6 +59725,9 @@ "addBaseUrl": true, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56742,6 +59778,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": null }, @@ -56798,6 +59837,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56854,6 +59896,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -56904,6 +59949,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": null }, @@ -56960,6 +60008,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -57010,6 +60061,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": null }, @@ -57066,6 +60120,9 @@ "addBaseUrl": false, "sslRedirect": true }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, @@ -57122,6 +60179,9 @@ "addBaseUrl": false, "sslRedirect": false }, + "denylist": { + "cidr": [] + }, "whitelist": { "cidr": [] }, diff --git a/test/e2e/annotations/ipdenylist.go b/test/e2e/annotations/ipdenylist.go new file mode 100644 index 0000000000..9c1d45cf54 --- /dev/null +++ b/test/e2e/annotations/ipdenylist.go @@ -0,0 +1,147 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package annotations + +import ( + "net/http" + "strings" + + "github.com/onsi/ginkgo/v2" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.DescribeAnnotation("denylist-source-range", func() { + f := framework.NewDefaultFramework("ipdenylist") + + ginkgo.BeforeEach(func() { + f.NewEchoDeployment() + }) + + ginkgo.It("only deny explicitly denied IPs, allow all others", func() { + host := "ipdenylist.foo.com" + namespace := f.Namespace + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/denylist-source-range": "18.0.0.0/8, 56.0.0.1", + } + + ing := framework.NewSingleIngress(host, "/", host, namespace, framework.EchoService, 80, annotations) + + // Temporarily trust forwarded headers so we can test IP based access control + f.UpdateNginxConfigMapData("use-forwarded-headers", "true") + defer func() { + // Return to the original value + f.UpdateNginxConfigMapData("use-forwarded-headers", "false") + }() + + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, "deny 18.0.0.0/8;") && + strings.Contains(server, "deny 56.0.0.1;") && + !strings.Contains(server, "deny all;") + }) + + ginkgo.By("sending request from an explicitly denied IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "18.0.0.1"). + Expect(). + Status(http.StatusForbidden) + + ginkgo.By("sending request from an explicitly denied IP address") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "56.0.0.1"). + Expect(). + Status(http.StatusForbidden) + + ginkgo.By("sending request from an implicitly allowed IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "56.0.0.2"). + Expect(). + Status(http.StatusOK) + }) + + ginkgo.It("only allow explicitly allowed IPs, deny all others", func() { + host := "ipdenylist.foo.com" + namespace := f.Namespace + + annotations := map[string]string{ + "nginx.ingress.kubernetes.io/denylist-source-range": "18.1.0.0/16, 56.0.0.0/8", + "nginx.ingress.kubernetes.io/whitelist-source-range": "18.0.0.0/8, 55.0.0.0/8", + } + + ing := framework.NewSingleIngress(host, "/", host, namespace, framework.EchoService, 80, annotations) + + // Temporarily trust forwarded headers so we can test IP based access control + f.UpdateNginxConfigMapData("use-forwarded-headers", "true") + defer func() { + // Return to the original value + f.UpdateNginxConfigMapData("use-forwarded-headers", "false") + }() + + f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, "deny 18.1.0.0/16;") && + strings.Contains(server, "deny 56.0.0.0/8;") && + strings.Contains(server, "allow 18.0.0.0/8;") && + strings.Contains(server, "allow 55.0.0.0/8;") && + strings.Contains(server, "deny all;") + }) + + ginkgo.By("sending request from an explicitly denied IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "18.1.0.1"). + Expect(). + Status(http.StatusForbidden) + + ginkgo.By("sending request from an implicitly denied IP") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "10.10.10.10"). + Expect(). + Status(http.StatusForbidden) + + ginkgo.By("sending request from an explicitly allowed IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "18.4.0.1"). + Expect(). + Status(http.StatusOK) + + ginkgo.By("sending request from an explicitly allowed IP range") + f.HTTPTestClient(). + GET("/"). + WithHeader("Host", host). + WithHeader("X-Forwarded-For", "55.55.55.55"). + Expect(). + Status(http.StatusOK) + }) +}) From 424cc8671b1c6df1db08283179d113fbaa5b2213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Sun, 8 Jan 2023 23:49:27 +0100 Subject: [PATCH 46/52] fix: disable auth access logs (#9049) --- rootfs/etc/nginx/template/nginx.tmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 02c5637f00..cde7b2b878 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -1058,6 +1058,8 @@ stream { opentracing_propagate_context; {{ end }} + access_log off; + # Ensure that modsecurity will not run on an internal location as this is not accessible from outside {{ if $all.Cfg.EnableModsecurity }} modsecurity off; From 275d5e15e7024af34fa864c2bdbcbf404efea6f6 Mon Sep 17 00:00:00 2001 From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com> Date: Mon, 9 Jan 2023 14:01:29 +0300 Subject: [PATCH 47/52] Add buildResolvers to the stream module (#9184) --- rootfs/etc/nginx/template/nginx.tmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index cde7b2b878..fc48de9128 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -736,6 +736,8 @@ stream { lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;;"; lua_shared_dict tcp_udp_configuration_data 5M; + + {{ buildResolvers $cfg.Resolver $cfg.DisableIpv6DNS }} init_by_lua_block { collectgarbage("collect") From 54dd88a5d1c1ae432e132b5f96ead24ce3b3314b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 06:09:32 -0800 Subject: [PATCH 48/52] Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (#9494) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index b074e7c10f..2daf8e6674 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/yudai/gojsondiff v1.0.0 github.com/zakjan/cert-chain-resolver v0.0.0-20211122211144-c6b0b792af9a - golang.org/x/crypto v0.4.0 + golang.org/x/crypto v0.5.0 google.golang.org/grpc v1.51.0 google.golang.org/grpc/examples v0.0.0-20221220003428-4f16fbe410f7 gopkg.in/go-playground/pool.v3 v3.1.1 @@ -109,11 +109,11 @@ require ( github.com/yudai/pp v2.0.1+incompatible // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.7.0 // indirect - golang.org/x/net v0.4.0 // indirect + golang.org/x/net v0.5.0 // indirect golang.org/x/oauth2 v0.3.0 // indirect - golang.org/x/sys v0.3.0 // indirect - golang.org/x/term v0.3.0 // indirect - golang.org/x/text v0.5.0 // indirect + golang.org/x/sys v0.4.0 // indirect + golang.org/x/term v0.4.0 // indirect + golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/tools v0.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 684ae5beb3..84a8bb106a 100644 --- a/go.sum +++ b/go.sum @@ -423,8 +423,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= -golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= +golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= +golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -491,8 +491,8 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= -golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -558,19 +558,19 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg= +golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From e7bee5308e84269d13b58352aeae3a6f27ea6e52 Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Mon, 9 Jan 2023 14:37:31 +0000 Subject: [PATCH 49/52] added option to disable sync event creation (#8528) * added option to disable event creation Signed-off-by: Marcus Noble * Re-trigger github workflows Signed-off-by: Marcus Noble Signed-off-by: Marcus Noble --- docs/user-guide/cli-arguments.md | 1 + internal/ingress/controller/controller.go | 2 + .../ingress/controller/controller_test.go | 4 +- internal/ingress/controller/nginx.go | 3 +- internal/ingress/controller/store/store.go | 11 +- .../ingress/controller/store/store_test.go | 33 ++++-- pkg/flags/flags.go | 3 + test/e2e/settings/disable_sync_events.go | 107 ++++++++++++++++++ 8 files changed, 147 insertions(+), 17 deletions(-) create mode 100644 test/e2e/settings/disable_sync_events.go diff --git a/docs/user-guide/cli-arguments.md b/docs/user-guide/cli-arguments.md index ab483b1cd6..4379d0b340 100644 --- a/docs/user-guide/cli-arguments.md +++ b/docs/user-guide/cli-arguments.md @@ -18,6 +18,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment | `--disable-catch-all` | Disable support for catch-all Ingresses. (default false) | | `--disable-full-test` | Disable full test of all merged ingresses at the admission stage and tests the template of the ingress being created or updated (full test of all ingresses is enabled by default). | | `--disable-svc-external-name` | Disable support for Services of type ExternalName. (default false) | +| `--disable-sync-events` | Disables the creation of 'Sync' Event resources, but still logs them | | `--dynamic-configuration-retries` | Number of times to retry failed dynamic configuration before failing to sync an ingress. (default 15) | | `--election-id` | Election id to use for Ingress status updates. (default "ingress-controller-leader") | | `--enable-metrics` | Enables the collection of NGINX metrics. (default true) | diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 8eee56647b..010eba162b 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -129,6 +129,8 @@ type Configuration struct { DeepInspector bool DynamicConfigurationRetries int + + DisableSyncEvents bool } // GetPublishService returns the Service used to set the load-balancer status of Ingresses. diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index da9f10e454..796012cd3c 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -2404,6 +2404,7 @@ func newNGINXController(t *testing.T) *NGINXController { Controller: "k8s.io/ingress-nginx", AnnotationValue: "nginx", }, + false, ) sslCert := ssl.GetFakeSSLCert() @@ -2468,7 +2469,8 @@ func newDynamicNginxController(t *testing.T, setConfigMap func(string) *v1.Confi &ingressclass.IngressClassConfiguration{ Controller: "k8s.io/ingress-nginx", AnnotationValue: "nginx", - }) + }, + false) sslCert := ssl.GetFakeSSLCert() config := &Configuration{ diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 4b543ea2ff..5575009ea6 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -136,7 +136,8 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro n.updateCh, config.DisableCatchAll, config.DeepInspector, - config.IngressClassConfiguration) + config.IngressClassConfiguration, + config.DisableSyncEvents) n.syncQueue = task.NewTaskQueue(n.syncIngress) diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 7f493bd8a2..13af281371 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -251,7 +251,8 @@ func New( updateCh *channels.RingChannel, disableCatchAll bool, deepInspector bool, - icConfig *ingressclass.IngressClassConfiguration) Storer { + icConfig *ingressclass.IngressClassConfiguration, + disableSyncEvents bool) Storer { store := &k8sStore{ informers: &Informer{}, @@ -267,9 +268,11 @@ func New( eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartLogging(klog.Infof) - eventBroadcaster.StartRecordingToSink(&clientcorev1.EventSinkImpl{ - Interface: client.CoreV1().Events(namespace), - }) + if !disableSyncEvents { + eventBroadcaster.StartRecordingToSink(&clientcorev1.EventSinkImpl{ + Interface: client.CoreV1().Events(namespace), + }) + } recorder := eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{ Component: "nginx-ingress-controller", }) diff --git a/internal/ingress/controller/store/store_test.go b/internal/ingress/controller/store/store_test.go index 9b8947f9c2..9fe6e37bb4 100644 --- a/internal/ingress/controller/store/store_test.go +++ b/internal/ingress/controller/store/store_test.go @@ -125,7 +125,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -206,7 +207,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) ic := createIngressClass(clientSet, t, "not-k8s.io/not-ingress-nginx") @@ -310,7 +312,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) validSpec := commonIngressSpec @@ -426,7 +429,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - ingressClassconfig) + ingressClassconfig, + false) storer.Run(stopCh) @@ -556,7 +560,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - ingressClassconfig) + ingressClassconfig, + false) storer.Run(stopCh) validSpec := commonIngressSpec @@ -656,7 +661,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -750,7 +756,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) invalidSpec := commonIngressSpec @@ -836,7 +843,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -932,7 +940,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -1056,7 +1065,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) @@ -1177,7 +1187,8 @@ func TestStore(t *testing.T) { updateCh, false, true, - DefaultClassConfig) + DefaultClassConfig, + false) storer.Run(stopCh) diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go index 65b5fbcdc1..6e183289c0 100644 --- a/pkg/flags/flags.go +++ b/pkg/flags/flags.go @@ -214,6 +214,8 @@ Takes the form ":port". If not provided, no admission controller is starte deepInspector = flags.Bool("deep-inspect", true, "Enables ingress object security deep inspector") dynamicConfigurationRetries = flags.Int("dynamic-configuration-retries", 15, "Number of times to retry failed dynamic configuration before failing to sync an ingress.") + + disableSyncEvents = flags.Bool("disable-sync-events", false, "Disables the creation of 'Sync' event resources") ) flags.StringVar(&nginx.MaxmindMirror, "maxmind-mirror", "", `Maxmind mirror url (example: http://geoip.local/databases.`) @@ -364,6 +366,7 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g ValidationWebhookCertPath: *validationWebhookCert, ValidationWebhookKeyPath: *validationWebhookKey, InternalLoggerAddress: *internalLoggerAddress, + DisableSyncEvents: *disableSyncEvents, } if *apiserverHost != "" { diff --git a/test/e2e/settings/disable_sync_events.go b/test/e2e/settings/disable_sync_events.go new file mode 100644 index 0000000000..7d12980874 --- /dev/null +++ b/test/e2e/settings/disable_sync_events.go @@ -0,0 +1,107 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package settings + +import ( + "context" + "fmt" + "strings" + + "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "k8s.io/ingress-nginx/test/e2e/framework" +) + +var _ = framework.IngressNginxDescribe("[Flag] disable-sync-events", func() { + f := framework.NewDefaultFramework("disable-sync-events") + + ginkgo.It("should create sync events (default)", func() { + host := "sync-events-default" + f.NewEchoDeployment(framework.WithDeploymentReplicas(1)) + + ing := framework.NewSingleIngressWithIngressClass(host, "/", host, f.Namespace, framework.EchoService, f.IngressClass, 80, nil) + ing = f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %v", host)) + }) + + events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host}) + assert.Nil(ginkgo.GinkgoT(), err, "listing events") + + assert.NotEmpty(ginkgo.GinkgoT(), events.Items, "got events") + }) + + ginkgo.It("should create sync events", func() { + host := "disable-sync-events-false" + f.NewEchoDeployment(framework.WithDeploymentReplicas(1)) + + err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { + args := deployment.Spec.Template.Spec.Containers[0].Args + args = append(args, "--disable-sync-events=false") + deployment.Spec.Template.Spec.Containers[0].Args = args + _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) + return err + }) + assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags") + + ing := framework.NewSingleIngressWithIngressClass(host, "/", host, f.Namespace, framework.EchoService, f.IngressClass, 80, nil) + ing = f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %v", host)) + }) + + events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host}) + assert.Nil(ginkgo.GinkgoT(), err, "listing events") + + assert.NotEmpty(ginkgo.GinkgoT(), events.Items, "got events") + }) + + ginkgo.It("should not create sync events", func() { + host := "disable-sync-events-true" + f.NewEchoDeployment(framework.WithDeploymentReplicas(1)) + + err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error { + args := deployment.Spec.Template.Spec.Containers[0].Args + args = append(args, "--disable-sync-events=true") + deployment.Spec.Template.Spec.Containers[0].Args = args + _, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{}) + return err + }) + assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags") + + ing := framework.NewSingleIngressWithIngressClass(host, "/", host, f.Namespace, framework.EchoService, f.IngressClass, 80, nil) + ing = f.EnsureIngress(ing) + + f.WaitForNginxServer(host, + func(server string) bool { + return strings.Contains(server, fmt.Sprintf("server_name %v", host)) + }) + + events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host}) + assert.Nil(ginkgo.GinkgoT(), err, "listing events") + + assert.Empty(ginkgo.GinkgoT(), events.Items, "got events") + }) + +}) From b8e9b55a7e99aa300b19fb47c021211f775e38e2 Mon Sep 17 00:00:00 2001 From: chriss-de Date: Wed, 14 Dec 2022 15:06:09 +0100 Subject: [PATCH 50/52] added proxy-intercept-errors config option --- .../nginx-configuration/annotations.md | 12 ++++ .../nginx-configuration/configmap.md | 9 ++- internal/ingress/annotations/annotations.go | 3 + .../annotations/proxyintercepterrors/main.go | 43 +++++++++++++ .../proxyintercepterrors/main_test.go | 61 +++++++++++++++++++ internal/ingress/controller/config/config.go | 6 ++ internal/ingress/defaults/main.go | 7 +++ pkg/apis/ingress/types.go | 5 ++ pkg/apis/ingress/types_equals.go | 4 ++ rootfs/etc/nginx/template/nginx.tmpl | 4 +- 10 files changed, 151 insertions(+), 3 deletions(-) create mode 100644 internal/ingress/annotations/proxyintercepterrors/main.go create mode 100644 internal/ingress/annotations/proxyintercepterrors/main_test.go diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 49e2525897..652c7311af 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -49,6 +49,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/client-body-buffer-size](#client-body-buffer-size)|string| |[nginx.ingress.kubernetes.io/configuration-snippet](#configuration-snippet)|string| |[nginx.ingress.kubernetes.io/custom-http-errors](#custom-http-errors)|[]int| +|[nginx.ingress.kubernetes.io/proxy-intercept-errors](#proxy-intercept-errors)|"true" or "false"| |[nginx.ingress.kubernetes.io/default-backend](#default-backend)|string| |[nginx.ingress.kubernetes.io/enable-cors](#enable-cors)|"true" or "false"| |[nginx.ingress.kubernetes.io/cors-allow-origin](#enable-cors)|string| @@ -330,6 +331,17 @@ Example usage: nginx.ingress.kubernetes.io/custom-http-errors: "404,415" ``` +## Proxy intercept Errors + +Like the [`proxy-intercept-errors`](./configmap.md#proxy-intercept-errors) value in the ConfigMap, this annotation allows to disable NGINX `proxy-intercept-errors` when `custom-http-errors` are set, but only for the NGINX location associated with this ingress. If a [default backend annotation](#default-backend) is specified on the ingress, the errors will be routed to that annotation's default backend service (instead of the global default backend). +Different ingresses can specify different sets of errors codes and there are UseCases where NGINX shall not intercept all errors returned from upstream. +If `proxy-intercept-errors` is also specified globally, the annotation will override the global value for the given ingress' hostname and path. + +Example usage: +``` +nginx.ingress.kubernetes.io/proxy-intercept-errors: "false" +``` + ### Default Backend This annotation is of the form `nginx.ingress.kubernetes.io/default-backend: ` to specify a custom default backend. This `` is a reference to a service inside of the same namespace in which you are applying this annotation. This annotation overrides the global default backend. In case the service has [multiple ports](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services), the first one is the one which will receive the backend traffic. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index f5d22d11c4..2fe4235e3d 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -161,6 +161,7 @@ The following table shows a configuration option's name, type, and the default v |[stream-snippet](#stream-snippet)|string|""| |[location-snippet](#location-snippet)|string|""| |[custom-http-errors](#custom-http-errors)|[]int|[]int{}| +|[proxy-intercept-errors](#proxy-intercept-errors)|bool|"true"| |[proxy-body-size](#proxy-body-size)|string|"1m"| |[proxy-connect-timeout](#proxy-connect-timeout)|int|5| |[proxy-read-timeout](#proxy-read-timeout)|int|60| @@ -1027,10 +1028,16 @@ You can not use this to add new locations that proxy to the Kubernetes pods, as Enables which HTTP codes should be passed for processing with the [error_page directive](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) -Setting at least one code also enables [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) which are required to process error_page. +Setting at least one code also enables [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) if not disabled with [proxy-intercept-errors](#proxy-intercept-errors). Example usage: `custom-http-errors: 404,415` +## proxy-intercept-errors + +Allows to disable proxy-intercept-errors if [custom-http-errors](#custom-http-errors) are set. Disabling [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) allows to pass upstream errors to client even if [custom-http-errors](#custom-http-errors) are set. + +Example usage: `proxy-intercept-errors: "false"` + ## proxy-body-size Sets the maximum allowed size of the client request body. diff --git a/internal/ingress/annotations/annotations.go b/internal/ingress/annotations/annotations.go index fe7400ac76..37d518086d 100644 --- a/internal/ingress/annotations/annotations.go +++ b/internal/ingress/annotations/annotations.go @@ -20,6 +20,7 @@ import ( "github.com/imdario/mergo" "k8s.io/ingress-nginx/internal/ingress/annotations/canary" "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" + "k8s.io/ingress-nginx/internal/ingress/annotations/proxyintercepterrors" "k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl" "k8s.io/ingress-nginx/internal/ingress/annotations/sslcipher" "k8s.io/ingress-nginx/internal/ingress/annotations/streamsnippet" @@ -85,6 +86,7 @@ type Ingress struct { Connection connection.Config CorsConfig cors.Config CustomHTTPErrors []int + ProxyInterceptErrors bool DefaultBackend *apiv1.Service //TODO: Change this back into an error when https://github.com/imdario/mergo/issues/100 is resolved FastCGI fastcgi.Config @@ -137,6 +139,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor { "Connection": connection.NewParser(cfg), "CorsConfig": cors.NewParser(cfg), "CustomHTTPErrors": customhttperrors.NewParser(cfg), + "ProxyInterceptErrors": proxyintercepterrors.NewParser(cfg), "DefaultBackend": defaultbackend.NewParser(cfg), "FastCGI": fastcgi.NewParser(cfg), "ExternalAuth": authreq.NewParser(cfg), diff --git a/internal/ingress/annotations/proxyintercepterrors/main.go b/internal/ingress/annotations/proxyintercepterrors/main.go new file mode 100644 index 0000000000..4f7584ed35 --- /dev/null +++ b/internal/ingress/annotations/proxyintercepterrors/main.go @@ -0,0 +1,43 @@ +/* +Copyright 2017 The Kubernetes Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package proxyintercepterrors + +import ( + networking "k8s.io/api/networking/v1" + + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + "k8s.io/ingress-nginx/internal/ingress/errors" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +type proxyInterceptErrors struct { + r resolver.Resolver +} + +// NewParser creates a new proxyintercepterrors annotation parser +func NewParser(r resolver.Resolver) parser.IngressAnnotation { + return proxyInterceptErrors{r} +} + +func (s proxyInterceptErrors) Parse(ing *networking.Ingress) (interface{}, error) { + defBackend := s.r.GetDefaultBackend() + + val, err := parser.GetBoolAnnotation("proxy-intercept-errors", ing) + // A missing annotation is not a problem, just use the default + if err == errors.ErrMissingAnnotations { + return defBackend.ProxyInterceptErrors, nil + } + + return val, nil +} diff --git a/internal/ingress/annotations/proxyintercepterrors/main_test.go b/internal/ingress/annotations/proxyintercepterrors/main_test.go new file mode 100644 index 0000000000..1bb548568e --- /dev/null +++ b/internal/ingress/annotations/proxyintercepterrors/main_test.go @@ -0,0 +1,61 @@ +/* +Copyright 2017 The Kubernetes Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package proxyintercepterrors + +import ( + "testing" + + api "k8s.io/api/core/v1" + networking "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +func buildIngress() *networking.Ingress { + return &networking.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "foo", + Namespace: api.NamespaceDefault, + }, + Spec: networking.IngressSpec{ + DefaultBackend: &networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: "default-backend", + Port: networking.ServiceBackendPort{ + Number: 80, + }, + }, + }, + }, + } +} + +func TestParseAnnotations(t *testing.T) { + ing := buildIngress() + + _, err := NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + data := map[string]string{} + data[parser.GetAnnotationWithPrefix("proxy-intercept-errors")] = "true" + ing.SetAnnotations(data) + // test ingress using the annotation without a TLS section + _, err = NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("unexpected error parsing ingress with proxy intercept errors") + } +} diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 8bf71b7749..d4748db89a 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -519,6 +519,10 @@ type Configuration struct { // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version ProxyHTTPVersion string `json:"proxy-http-version"` + // Disables NGINX proxy-intercept-errors when error_page/custom-http-errors are set + // https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors + ProxyInterceptErrors bool `json:"proxy-intercept-errors,omitempty"` + // Sets the ipv4 addresses on which the server will accept requests. BindAddressIpv4 []string `json:"bind-address-ipv4,omitempty"` @@ -873,6 +877,7 @@ func NewDefault() Configuration { VariablesHashBucketSize: 256, VariablesHashMaxSize: 2048, UseHTTP2: true, + ProxyInterceptErrors: true, ProxyStreamTimeout: "600s", ProxyStreamNextUpstream: true, ProxyStreamNextUpstreamTimeout: "600s", @@ -895,6 +900,7 @@ func NewDefault() Configuration { PreserveTrailingSlash: false, SSLRedirect: true, CustomHTTPErrors: []int{}, + ProxyInterceptErrors: true, WhitelistSourceRange: []string{}, SkipAccessLogURLs: []string{}, LimitRate: 0, diff --git a/internal/ingress/defaults/main.go b/internal/ingress/defaults/main.go index bc97342574..ec3c83bff8 100644 --- a/internal/ingress/defaults/main.go +++ b/internal/ingress/defaults/main.go @@ -34,6 +34,13 @@ type Backend struct { // toggles whether or not to remove trailing slashes during TLS redirects PreserveTrailingSlash bool `json:"preserve-trailing-slash"` + // for use when using CustomHTTPErrors without intecepting service errors + // e.g. custom 404 and 503 when service-a does not exist or is not available + // but service-a can return 404 and 503 error codes without intercept + // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors + // By default this is enabled when CustomHTTPErrors is enabled + ProxyInterceptErrors bool `json:"proxy-intercept-errors"` + // http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size // Sets the maximum allowed size of the client request body ProxyBodySize string `json:"proxy-body-size"` diff --git a/pkg/apis/ingress/types.go b/pkg/apis/ingress/types.go index 7c1c825b75..a0eda78329 100644 --- a/pkg/apis/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -343,6 +343,11 @@ type Location struct { // CustomHTTPErrors specifies the error codes that should be intercepted. // +optional CustomHTTPErrors []int `json:"custom-http-errors"` + // for use when using CustomHTTPErrors without intecepting service errors + // e.g. custom 404 and 503 when service-a does not exist or is not available + // but service-a can return 404 and 503 error codes without intercept + // +optional + ProxyInterceptErrors bool `json:"proxy-intercept-errors"` // ModSecurity allows to enable and configure modsecurity // +optional ModSecurity modsecurity.Config `json:"modsecurity"` diff --git a/pkg/apis/ingress/types_equals.go b/pkg/apis/ingress/types_equals.go index a954a253bf..52f46b9ec0 100644 --- a/pkg/apis/ingress/types_equals.go +++ b/pkg/apis/ingress/types_equals.go @@ -469,6 +469,10 @@ func (l1 *Location) Equal(l2 *Location) bool { return false } + if !l1.ProxyInterceptErrors != l2.ProxyInterceptErrors { + return false + } + return true } diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 3ace12bc32..ed831d7105 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -470,7 +470,7 @@ http { ssl_certificate {{ $cfg.DefaultSSLCertificate.PemFileName }}; ssl_certificate_key {{ $cfg.DefaultSSLCertificate.PemFileName }}; - {{ if gt (len $cfg.CustomHTTPErrors) 0 }} + {{ if and (gt (len $cfg.CustomHTTPErrors) 0) $cfg.ProxyInterceptErrors }} proxy_intercept_errors on; {{ end }} @@ -1442,7 +1442,7 @@ stream { {{ end }} {{/* if a location-specific error override is set, add the proxy_intercept here */}} - {{ if $location.CustomHTTPErrors }} + {{ if and $location.CustomHTTPErrors $location.ProxyInterceptErrors }} # Custom error pages per ingress proxy_intercept_errors on; {{ end }} From e47014874fe1c19cd5d84b9816cd59bc2a9b602e Mon Sep 17 00:00:00 2001 From: chriss-de Date: Wed, 14 Dec 2022 15:06:09 +0100 Subject: [PATCH 51/52] added proxy-intercept-errors config option --- .../nginx-configuration/annotations.md | 12 ++++ .../nginx-configuration/configmap.md | 9 ++- internal/ingress/annotations/annotations.go | 3 + .../annotations/proxyintercepterrors/main.go | 43 +++++++++++++ .../proxyintercepterrors/main_test.go | 61 +++++++++++++++++++ internal/ingress/controller/config/config.go | 5 ++ internal/ingress/defaults/main.go | 7 +++ pkg/apis/ingress/types.go | 5 ++ pkg/apis/ingress/types_equals.go | 4 ++ rootfs/etc/nginx/template/nginx.tmpl | 4 +- 10 files changed, 150 insertions(+), 3 deletions(-) create mode 100644 internal/ingress/annotations/proxyintercepterrors/main.go create mode 100644 internal/ingress/annotations/proxyintercepterrors/main_test.go diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index 8cc6f4c168..48765cc8b2 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -49,6 +49,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/client-body-buffer-size](#client-body-buffer-size)|string| |[nginx.ingress.kubernetes.io/configuration-snippet](#configuration-snippet)|string| |[nginx.ingress.kubernetes.io/custom-http-errors](#custom-http-errors)|[]int| +|[nginx.ingress.kubernetes.io/proxy-intercept-errors](#proxy-intercept-errors)|"true" or "false"| |[nginx.ingress.kubernetes.io/default-backend](#default-backend)|string| |[nginx.ingress.kubernetes.io/enable-cors](#enable-cors)|"true" or "false"| |[nginx.ingress.kubernetes.io/cors-allow-origin](#enable-cors)|string| @@ -331,6 +332,17 @@ Example usage: nginx.ingress.kubernetes.io/custom-http-errors: "404,415" ``` +## Proxy intercept Errors + +Like the [`proxy-intercept-errors`](./configmap.md#proxy-intercept-errors) value in the ConfigMap, this annotation allows to disable NGINX `proxy-intercept-errors` when `custom-http-errors` are set, but only for the NGINX location associated with this ingress. If a [default backend annotation](#default-backend) is specified on the ingress, the errors will be routed to that annotation's default backend service (instead of the global default backend). +Different ingresses can specify different sets of errors codes and there are UseCases where NGINX shall not intercept all errors returned from upstream. +If `proxy-intercept-errors` is also specified globally, the annotation will override the global value for the given ingress' hostname and path. + +Example usage: +``` +nginx.ingress.kubernetes.io/proxy-intercept-errors: "false" +``` + ### Default Backend This annotation is of the form `nginx.ingress.kubernetes.io/default-backend: ` to specify a custom default backend. This `` is a reference to a service inside of the same namespace in which you are applying this annotation. This annotation overrides the global default backend. In case the service has [multiple ports](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services), the first one is the one which will receive the backend traffic. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index 77cee05078..1824027861 100755 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -161,6 +161,7 @@ The following table shows a configuration option's name, type, and the default v |[stream-snippet](#stream-snippet)|string|""| |[location-snippet](#location-snippet)|string|""| |[custom-http-errors](#custom-http-errors)|[]int|[]int{}| +|[proxy-intercept-errors](#proxy-intercept-errors)|bool|"true"| |[proxy-body-size](#proxy-body-size)|string|"1m"| |[proxy-connect-timeout](#proxy-connect-timeout)|int|5| |[proxy-read-timeout](#proxy-read-timeout)|int|60| @@ -1028,10 +1029,16 @@ You can not use this to add new locations that proxy to the Kubernetes pods, as Enables which HTTP codes should be passed for processing with the [error_page directive](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) -Setting at least one code also enables [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) which are required to process error_page. +Setting at least one code also enables [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) if not disabled with [proxy-intercept-errors](#proxy-intercept-errors). Example usage: `custom-http-errors: 404,415` +## proxy-intercept-errors + +Allows to disable proxy-intercept-errors if [custom-http-errors](#custom-http-errors) are set. Disabling [proxy_intercept_errors](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors) allows to pass upstream errors to client even if [custom-http-errors](#custom-http-errors) are set. + +Example usage: `proxy-intercept-errors: "false"` + ## proxy-body-size Sets the maximum allowed size of the client request body. diff --git a/internal/ingress/annotations/annotations.go b/internal/ingress/annotations/annotations.go index 14415a4f7b..9b15f6561e 100644 --- a/internal/ingress/annotations/annotations.go +++ b/internal/ingress/annotations/annotations.go @@ -20,6 +20,7 @@ import ( "github.com/imdario/mergo" "k8s.io/ingress-nginx/internal/ingress/annotations/canary" "k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity" + "k8s.io/ingress-nginx/internal/ingress/annotations/proxyintercepterrors" "k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl" "k8s.io/ingress-nginx/internal/ingress/annotations/sslcipher" "k8s.io/ingress-nginx/internal/ingress/annotations/streamsnippet" @@ -86,6 +87,7 @@ type Ingress struct { Connection connection.Config CorsConfig cors.Config CustomHTTPErrors []int + ProxyInterceptErrors bool DefaultBackend *apiv1.Service //TODO: Change this back into an error when https://github.com/imdario/mergo/issues/100 is resolved FastCGI fastcgi.Config @@ -139,6 +141,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor { "Connection": connection.NewParser(cfg), "CorsConfig": cors.NewParser(cfg), "CustomHTTPErrors": customhttperrors.NewParser(cfg), + "ProxyInterceptErrors": proxyintercepterrors.NewParser(cfg), "DefaultBackend": defaultbackend.NewParser(cfg), "FastCGI": fastcgi.NewParser(cfg), "ExternalAuth": authreq.NewParser(cfg), diff --git a/internal/ingress/annotations/proxyintercepterrors/main.go b/internal/ingress/annotations/proxyintercepterrors/main.go new file mode 100644 index 0000000000..4f7584ed35 --- /dev/null +++ b/internal/ingress/annotations/proxyintercepterrors/main.go @@ -0,0 +1,43 @@ +/* +Copyright 2017 The Kubernetes Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package proxyintercepterrors + +import ( + networking "k8s.io/api/networking/v1" + + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + "k8s.io/ingress-nginx/internal/ingress/errors" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +type proxyInterceptErrors struct { + r resolver.Resolver +} + +// NewParser creates a new proxyintercepterrors annotation parser +func NewParser(r resolver.Resolver) parser.IngressAnnotation { + return proxyInterceptErrors{r} +} + +func (s proxyInterceptErrors) Parse(ing *networking.Ingress) (interface{}, error) { + defBackend := s.r.GetDefaultBackend() + + val, err := parser.GetBoolAnnotation("proxy-intercept-errors", ing) + // A missing annotation is not a problem, just use the default + if err == errors.ErrMissingAnnotations { + return defBackend.ProxyInterceptErrors, nil + } + + return val, nil +} diff --git a/internal/ingress/annotations/proxyintercepterrors/main_test.go b/internal/ingress/annotations/proxyintercepterrors/main_test.go new file mode 100644 index 0000000000..1bb548568e --- /dev/null +++ b/internal/ingress/annotations/proxyintercepterrors/main_test.go @@ -0,0 +1,61 @@ +/* +Copyright 2017 The Kubernetes Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package proxyintercepterrors + +import ( + "testing" + + api "k8s.io/api/core/v1" + networking "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" + "k8s.io/ingress-nginx/internal/ingress/resolver" +) + +func buildIngress() *networking.Ingress { + return &networking.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "foo", + Namespace: api.NamespaceDefault, + }, + Spec: networking.IngressSpec{ + DefaultBackend: &networking.IngressBackend{ + Service: &networking.IngressServiceBackend{ + Name: "default-backend", + Port: networking.ServiceBackendPort{ + Number: 80, + }, + }, + }, + }, + } +} + +func TestParseAnnotations(t *testing.T) { + ing := buildIngress() + + _, err := NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + data := map[string]string{} + data[parser.GetAnnotationWithPrefix("proxy-intercept-errors")] = "true" + ing.SetAnnotations(data) + // test ingress using the annotation without a TLS section + _, err = NewParser(&resolver.Mock{}).Parse(ing) + if err != nil { + t.Errorf("unexpected error parsing ingress with proxy intercept errors") + } +} diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index f064dad53e..9df8aa0c1a 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -519,6 +519,10 @@ type Configuration struct { // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version ProxyHTTPVersion string `json:"proxy-http-version"` + // Disables NGINX proxy-intercept-errors when error_page/custom-http-errors are set + // https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors + ProxyInterceptErrors bool `json:"proxy-intercept-errors,omitempty"` + // Sets the ipv4 addresses on which the server will accept requests. BindAddressIpv4 []string `json:"bind-address-ipv4,omitempty"` @@ -873,6 +877,7 @@ func NewDefault() Configuration { VariablesHashBucketSize: 256, VariablesHashMaxSize: 2048, UseHTTP2: true, + ProxyInterceptErrors: true, ProxyStreamTimeout: "600s", ProxyStreamNextUpstream: true, ProxyStreamNextUpstreamTimeout: "600s", diff --git a/internal/ingress/defaults/main.go b/internal/ingress/defaults/main.go index 0aab2ff478..034e2b4202 100644 --- a/internal/ingress/defaults/main.go +++ b/internal/ingress/defaults/main.go @@ -34,6 +34,13 @@ type Backend struct { // toggles whether or not to remove trailing slashes during TLS redirects PreserveTrailingSlash bool `json:"preserve-trailing-slash"` + // for use when using CustomHTTPErrors without intecepting service errors + // e.g. custom 404 and 503 when service-a does not exist or is not available + // but service-a can return 404 and 503 error codes without intercept + // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors + // By default this is enabled when CustomHTTPErrors is enabled + ProxyInterceptErrors bool `json:"proxy-intercept-errors"` + // http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size // Sets the maximum allowed size of the client request body ProxyBodySize string `json:"proxy-body-size"` diff --git a/pkg/apis/ingress/types.go b/pkg/apis/ingress/types.go index 9395683ece..b323b4469f 100644 --- a/pkg/apis/ingress/types.go +++ b/pkg/apis/ingress/types.go @@ -349,6 +349,11 @@ type Location struct { // CustomHTTPErrors specifies the error codes that should be intercepted. // +optional CustomHTTPErrors []int `json:"custom-http-errors"` + // for use when using CustomHTTPErrors without intecepting service errors + // e.g. custom 404 and 503 when service-a does not exist or is not available + // but service-a can return 404 and 503 error codes without intercept + // +optional + ProxyInterceptErrors bool `json:"proxy-intercept-errors"` // ModSecurity allows to enable and configure modsecurity // +optional ModSecurity modsecurity.Config `json:"modsecurity"` diff --git a/pkg/apis/ingress/types_equals.go b/pkg/apis/ingress/types_equals.go index 0941e09560..3100273355 100644 --- a/pkg/apis/ingress/types_equals.go +++ b/pkg/apis/ingress/types_equals.go @@ -472,6 +472,10 @@ func (l1 *Location) Equal(l2 *Location) bool { return false } + if !l1.ProxyInterceptErrors != l2.ProxyInterceptErrors { + return false + } + return true } diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index fc48de9128..dce50eb6f2 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -470,7 +470,7 @@ http { ssl_certificate {{ $cfg.DefaultSSLCertificate.PemFileName }}; ssl_certificate_key {{ $cfg.DefaultSSLCertificate.PemFileName }}; - {{ if gt (len $cfg.CustomHTTPErrors) 0 }} + {{ if and (gt (len $cfg.CustomHTTPErrors) 0) $cfg.ProxyInterceptErrors }} proxy_intercept_errors on; {{ end }} @@ -1450,7 +1450,7 @@ stream { {{ end }} {{/* if a location-specific error override is set, add the proxy_intercept here */}} - {{ if $location.CustomHTTPErrors }} + {{ if and $location.CustomHTTPErrors $location.ProxyInterceptErrors }} # Custom error pages per ingress proxy_intercept_errors on; {{ end }} From bfe74747c0a02abf11aeb04895ada729ee6634e4 Mon Sep 17 00:00:00 2001 From: chriss-de Date: Wed, 14 Dec 2022 15:06:09 +0100 Subject: [PATCH 52/52] added proxy-intercept-errors config option --- internal/ingress/controller/config/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 9df8aa0c1a..a0c0c6d747 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -901,6 +901,7 @@ func NewDefault() Configuration { SSLRedirect: true, CustomHTTPErrors: []int{}, DenylistSourceRange: []string{}, + ProxyInterceptErrors: true, WhitelistSourceRange: []string{}, SkipAccessLogURLs: []string{}, LimitRate: 0,