diff --git a/NGINX_BASE b/NGINX_BASE index dd8d6c586..c4134bf97 100644 --- a/NGINX_BASE +++ b/NGINX_BASE @@ -1 +1 @@ -registry.k8s.io/ingress-nginx/nginx:v2.0.0@sha256:3e7bda4cf5111d283ed1e4ff5cc9a2b5cdc5ebe62d50ba67473d3e25b1389133 +registry.k8s.io/ingress-nginx/nginx:v1.2.0@sha256:c4b3f79fb88eab2ac03bde5c6b8340ffad941e0fce0eaa797e98481683b3b5aa diff --git a/README.md b/README.md index c95e644de..f72002d5c 100644 --- a/README.md +++ b/README.md @@ -41,13 +41,9 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but | :-------: | --------------------- | ----------------------------- | -------------- | ------------- | ------------------ | | 🔄 | **v1.12.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.21.0 | 1.25.5 | 4.12.0 | | 🔄 | **v1.12.0-beta.0** | 1.32, 1.31, 1.30, 1.29, 1.28 | 3.20.3 | 1.25.5 | 4.12.0-beta.0 | -| 🔄 | **v1.11.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.11.4 | -| 🔄 | **v1.11.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.11.3 | | 🔄 | **v1.11.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.2 | | 🔄 | **v1.11.1** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.1 | | 🔄 | **v1.11.0** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.0 | -| | **v1.10.6** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.21.0 | 1.25.5 | 4.10.6 | -| | **v1.10.5** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.3 | 1.25.5 | 4.10.5 | | | **v1.10.4** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.4 | | | **v1.10.3** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.3 | | | **v1.10.2** | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.2 | diff --git a/TAG b/TAG new file mode 100644 index 000000000..a5effa303 --- /dev/null +++ b/TAG @@ -0,0 +1 @@ +v1.12.0 diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index c4f3b34e0..b5e683f3d 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -41,7 +41,7 @@ function cleanup { } trap cleanup EXIT -E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441} +E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-01b7af21@sha256:f77bb4625985462fe1a2bc846c430d668113abc90e5e5de6b4533403f56a048c} if [[ "$RUNTIME" == podman ]]; then # Podman does not support both tag and digest diff --git a/changelog/controller-1.10.5.md b/changelog/controller-1.10.5.md deleted file mode 100644 index 82be0a608..000000000 --- a/changelog/controller-1.10.5.md +++ /dev/null @@ -1,90 +0,0 @@ -# Changelog - -### controller-v1.10.5 - -Images: - -* registry.k8s.io/ingress-nginx/controller:v1.10.5@sha256:c84d11b1f7bd14ebbf49918a7f0dc01b31c0c6e757e0129520ea93453096315c -* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.5@sha256:030a43bdd5f0212a7e135cc4da76b15a6706ef65a6824eb4cc401f87a81c2987 - -### All changes: - -* Images: Trigger controller build. (#12133) -* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12146) -* Images: Trigger `e2e-test-echo` build. (#12142) -* Images: Drop `s390x`. (#12139) -* Images: Build `s390x` controller. (#12128) -* Chart: Bump Kube Webhook CertGen. (#12122) -* Tests & Docs: Bump images. (#12120) -* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12116) -* Images: Trigger other builds. (#12111) -* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12104) -* Images: Trigger `test-runner` build. (#12101) -* Docs: Add a multi-tenant warning. (#12098) -* Go: Bump to v1.22.8. (#12093) -* Images: Bump `NGINX_BASE` to v0.1.0. (#12079) -* Images: Trigger NGINX build. (#12077) -* Images: Remove NGINX v1.21. (#12057) -* GitHub: Improve Dependabot. (#12037) -* Chart: Improve CI. (#12029) -* Chart: Extend image tests. (#12026) -* Docs: Add health check annotations for AWS. (#12021) -* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12007) -* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12001) -* Chart: Align default backend `PodDisruptionBudget`. (#11998) -* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11985) -* Chart: Improve default backend service account. (#11973) -* Go: Bump to v1.22.7. (#11969) -* Images: Bump OpenTelemetry C++ Contrib. (#11950) -* Docs: Add note about `--watch-namespace`. (#11948) -* Images: Use latest Alpine 3.20 everywhere. (#11945) -* Fix minor typos (#11940) -* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11933) -* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11920) -* Images: Trigger `test-runner` build. (#11918) -* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11888) -* Annotations: Allow commas in URLs. (#11886) -* CI: Grant checks write permissions to E2E Test Report. (#11884) -* Update maxmind post link about geolite2 license changes (#11880) -* Go: Sync `go.work.sum`. (#11876) -* Replace deprecated queue method (#11858) -* Auto-generate annotation docs (#11835) - -### Dependency updates: - -* Bump the actions group with 3 updates (#12150) -* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12108) -* Bump the actions group with 3 updates (#12096) -* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12088) -* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12086) -* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12084) -* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12082) -* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12054) -* Bump the go group across 1 directory with 3 updates (#12052) -* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12048) -* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12044) -* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12045) -* Bump the all group with 2 updates (#12035) -* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12015) -* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12013) -* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12011) -* Bump the all group with 2 updates (#11979) -* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11978) -* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11960) -* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11959) -* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11956) -* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11929) -* Bump the all group with 2 updates (#11924) -* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11912) -* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11907) -* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11906) -* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11905) -* Bump the all group with 2 updates (#11870) -* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11869) -* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11848) -* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11847) -* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11846) -* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11841) -* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11833) - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.4...controller-v1.10.5 diff --git a/changelog/controller-1.10.6.md b/changelog/controller-1.10.6.md deleted file mode 100644 index 695e418d8..000000000 --- a/changelog/controller-1.10.6.md +++ /dev/null @@ -1,92 +0,0 @@ -# Changelog - -### controller-v1.10.6 - -Images: - -* registry.k8s.io/ingress-nginx/controller:v1.10.6@sha256:b6fbd102255edb3ba8e5421feebe14fd3e94cf53d199af9e40687f536152189c -* registry.k8s.io/ingress-nginx/controller-chroot:v1.10.6@sha256:44ceedafc0e04a75521b5d472c1b6b5cc08afb8038b5bbfd79c21d066ccf300e - -### All changes: - -* Images: Trigger controller build. (#12611) -* Chart: Bump Kube Webhook CertGen. (#12608) -* Tests & Docs: Bump images. (#12605) -* Images: Trigger other builds (2/2). (#12598) -* Images: Trigger other builds (1/2). (#12597) -* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12592) -* Images: Trigger `test-runner` build. (#12586) -* Images: Bump `NGINX_BASE` to v0.2.0. (#12584) -* Images: Trigger NGINX build. (#12578) -* Go: Clean `go.work.sum`. (#12575) -* Repository: Update owners. (#12570) -* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12563) -* CI: Update KIND images. (#12559) -* Images: Bump Alpine to v3.21. (#12530) -* Docs: Add guide on how to set a Maintenance Page. (#12527) -* rikatz is stepping down (#12518) -* rikatz is stepping down (#12497) -* Go: Bump to v1.23.4. (#12485) -* Plugin: Bump `goreleaser` to v2. (#12442) -* GitHub: Fix `exec` in issue template. (#12389) -* CI: Update KIND images. (#12368) -* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12341) -* Go: Bump to v1.23.3. (#12339) -* Auth TLS: Add `_` to redirect RegEx. (#12328) -* Auth TLS: Improve redirect RegEx. (#12321) -* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12314) -* Images: Trigger `test-runner` build. (#12307) -* Config: Fix panic on invalid `lua-shared-dict`. (#12282) -* Docs: fix limit-rate-after references (#12280) -* Chart: Rework ServiceMonitor. (#12268) -* Chart: Add ServiceAccount tests. (#12266) -* CI: Fix chart testing. (#12260) -* [fix] fix nginx temp configs cleanup (#12224) -* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12204) -* Docs: Add Pod Security Admission. (#12198) -* Docs: Clarify external & service port in TCP/UDP services explanation. (#12194) - -### Dependency updates: - -* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12565) -* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12557) -* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12552) -* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12549) -* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12546) -* Bump the actions group with 2 updates (#12543) -* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12540) -* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12514) -* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12511) -* Bump the actions group with 3 updates (#12508) -* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12504) -* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12501) -* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12478) -* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12473) -* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12466) -* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12463) -* Bump the go group across 1 directory with 2 updates (#12459) -* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12425) -* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12416) -* Bump the go group across 3 directories with 10 updates (#12414) -* Bump the actions group with 3 updates (#12410) -* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12382) -* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12375) -* Bump golangci-lint on actions and disable deprecated linters (#12363) -* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12356) -* Bump the actions group with 3 updates (#12353) -* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12351) -* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12297) -* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12294) -* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12290) -* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12275) -* Bump the go group across 3 directories with 11 updates (#12246) -* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12241) -* Bump the actions group with 5 updates (#12243) -* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12219) -* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12215) -* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12191) -* Bump the go group across 2 directories with 1 update (#12189) -* Bump the actions group with 2 updates (#12185) -* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12184) - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.10.5...controller-v1.10.6 diff --git a/changelog/controller-1.11.3.md b/changelog/controller-1.11.3.md deleted file mode 100644 index f5c373015..000000000 --- a/changelog/controller-1.11.3.md +++ /dev/null @@ -1,91 +0,0 @@ -# Changelog - -### controller-v1.11.3 - -Images: - -* registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7 -* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.3@sha256:22701f0fc0f2dd209ef782f4e281bfe2d8cccd50ededa00aec88e0cdbe7edd14 - -### All changes: - -* Images: Trigger controller build. (#12134) -* Tests & Docs: Bump `e2e-test-echo` to v1.0.1. (#12145) -* Images: Trigger `e2e-test-echo` build. (#12141) -* Images: Drop `s390x`. (#12138) -* Images: Build `s390x` controller. (#12127) -* Chart: Bump Kube Webhook CertGen. (#12123) -* Tests & Docs: Bump images. (#12121) -* Cloud Build: Bump `gcb-docker-gcloud` to v20240718-5ef92b5c36. (#12117) -* Images: Trigger other builds. (#12112) -* Tests: Bump `e2e-test-runner` to v20241004-114a6abb. (#12105) -* Images: Trigger `test-runner` build. (#12102) -* Docs: Add a multi-tenant warning. (#12099) -* Go: Bump to v1.22.8. (#12094) -* Images: Bump `NGINX_BASE` to v0.1.0. (#12080) -* Images: Trigger NGINX build. (#12076) -* Images: Remove NGINX v1.21. (#12058) -* GitHub: Improve Dependabot. (#12038) -* Chart: Improve CI. (#12030) -* Chart: Extend image tests. (#12027) -* Docs: Add health check annotations for AWS. (#12020) -* Docs: Convert `opentelemetry.md` from CRLF to LF. (#12006) -* Chart: Test `controller.minAvailable` & `controller.maxUnavailable`. (#12002) -* Chart: Align default backend `PodDisruptionBudget`. (#11999) -* Metrics: Fix namespace in `nginx_ingress_controller_ssl_expire_time_seconds`. (#11986) -* Chart: Improve default backend service account. (#11974) -* Go: Bump to v1.22.7. (#11970) -* Images: Bump OpenTelemetry C++ Contrib. (#11951) -* Docs: Add note about `--watch-namespace`. (#11949) -* Images: Use latest Alpine 3.20 everywhere. (#11946) -* Fix minor typos (#11941) -* Chart: Implement `controller.admissionWebhooks.service.servicePort`. (#11934) -* Tests: Bump `e2e-test-runner` to v20240829-2c421762. (#11921) -* Images: Trigger `test-runner` build. (#11917) -* Chart: Add tests for `PrometheusRule` & `ServiceMonitor`. (#11889) -* Annotations: Allow commas in URLs. (#11887) -* CI: Grant checks write permissions to E2E Test Report. (#11885) -* Chart: Use generic values for `ConfigMap` test. (#11879) -* Update maxmind post link about geolite2 license changes (#11881) -* Go: Sync `go.work.sum`. (#11875) -* Replace deprecated queue method (#11859) -* Auto-generate annotation docs (#11831) - -### Dependency updates: - -* Bump the actions group with 3 updates (#12149) -* Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#12109) -* Bump the actions group with 3 updates (#12097) -* Bump sigs.k8s.io/mdtoc from 1.1.0 to 1.4.0 (#12089) -* Bump github.com/prometheus/common from 0.59.1 to 0.60.0 (#12087) -* Bump google.golang.org/grpc from 1.67.0 to 1.67.1 in the go group across 1 directory (#12085) -* Bump k8s.io/cli-runtime from 0.30.0 to 0.31.1 (#12083) -* Bump github/codeql-action from 3.26.9 to 3.26.10 in the actions group (#12055) -* Bump the go group across 1 directory with 3 updates (#12053) -* Bump k8s.io/kube-aggregator from 0.29.3 to 0.31.1 in /images/kube-webhook-certgen/rootfs (#12049) -* Bump k8s.io/apimachinery from 0.23.1 to 0.31.1 in /images/ext-auth-example-authsvc/rootfs (#12047) -* Bump github.com/prometheus/client_golang from 1.11.1 to 1.20.4 in /images/custom-error-pages/rootfs (#12046) -* Bump the all group with 2 updates (#12036) -* Bump github/codeql-action from 3.26.7 to 3.26.8 in the all group (#12016) -* Bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#12014) -* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 in the all group (#12012) -* Bump the all group with 2 updates (#11981) -* Bump github/codeql-action from 3.26.6 to 3.26.7 in the all group (#11980) -* Bump github.com/prometheus/common from 0.57.0 to 0.59.1 (#11961) -* Bump golang.org/x/crypto from 0.26.0 to 0.27.0 (#11958) -* Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 in the all group (#11957) -* Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#11930) -* Bump the all group with 2 updates (#11925) -* Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 in the all group (#11913) -* Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#11910) -* Bump github.com/prometheus/common from 0.55.0 to 0.57.0 (#11909) -* Bump github/codeql-action from 3.26.5 to 3.26.6 in the all group (#11908) -* Bump the all group with 2 updates (#11871) -* Bump github/codeql-action from 3.26.2 to 3.26.5 in the all group (#11868) -* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 (#11840) -* Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.19.0 (#11839) -* Bump dario.cat/mergo from 1.0.0 to 1.0.1 in the all group (#11837) -* Bump k8s.io/component-base from 0.30.3 to 0.31.0 (#11836) -* Bump github/codeql-action from 3.26.0 to 3.26.2 in the all group (#11834) - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.2...controller-v1.11.3 diff --git a/changelog/controller-1.11.4.md b/changelog/controller-1.11.4.md deleted file mode 100644 index a0870d060..000000000 --- a/changelog/controller-1.11.4.md +++ /dev/null @@ -1,94 +0,0 @@ -# Changelog - -### controller-v1.11.4 - -Images: - -* registry.k8s.io/ingress-nginx/controller:v1.11.4@sha256:981a97d78bee3109c0b149946c07989f8f1478a9265031d2d23dea839ba05b52 -* registry.k8s.io/ingress-nginx/controller-chroot:v1.11.4@sha256:f29d0f9e7a9ef4947eda59ed0c09ec13380b13639d1518cf1ab8ec09c3e22ef8 - -### All changes: - -* Images: Trigger controller build. (#12610) -* Chart: Bump Kube Webhook CertGen. (#12607) -* Tests & Docs: Bump images. (#12604) -* Images: Trigger other builds (2/2). (#12600) -* Images: Trigger other builds (1/2). (#12596) -* Tests: Bump `e2e-test-runner` to v20241224-68ed4e7b. (#12591) -* Images: Trigger `test-runner` build. (#12588) -* Images: Bump `NGINX_BASE` to v0.2.0. (#12583) -* Images: Trigger NGINX build. (#12577) -* Go: Clean `go.work.sum`. (#12574) -* Repository: Update owners. (#12569) -* Images: Bump `gcb-docker-gcloud` to v20241217-ff46a068cd. (#12562) -* CI: Update KIND images. (#12558) -* Images: Bump Alpine to v3.21. (#12529) -* Docs: Add guide on how to set a Maintenance Page. (#12526) -* rikatz is stepping down (#12517) -* rikatz is stepping down (#12495) -* Go: Bump to v1.23.4. (#12484) -* Plugin: Bump `goreleaser` to v2. (#12441) -* GitHub: Fix `exec` in issue template. (#12388) -* CI: Update KIND images. (#12365) -* Images: Bump `gcb-docker-gcloud` to v20241110-72bb0b1665. (#12343) -* Go: Bump to v1.23.3. (#12338) -* Auth TLS: Add `_` to redirect RegEx. (#12327) -* Auth TLS: Improve redirect RegEx. (#12322) -* Update custom headers annotation documentation (#12319) -* Tests: Bump `e2e-test-runner` to v20241104-02a3933e. (#12313) -* Images: Trigger `test-runner` build. (#12306) -* Config: Fix panic on invalid `lua-shared-dict`. (#12284) -* Docs: fix limit-rate-after references (#12279) -* Chart: Rework ServiceMonitor. (#12270) -* Chart: Add ServiceAccount tests. (#12264) -* CI: Fix chart testing. (#12259) -* [fix] fix nginx temp configs cleanup (#12223) -* Chart: Suggest `matchLabelKeys` in Topology Spread Constraints. (#12203) -* Docs: Add Pod Security Admission. (#12197) -* Docs: Clarify external & service port in TCP/UDP services explanation. (#12193) -* Docs: Goodbye, v1.10. (#12159) - -### Dependency updates: - -* Bump k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0 (#12567) -* Bump github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.1 (#12556) -* Bump k8s.io/code-generator from 0.31.3 to 0.32.0 (#12551) -* Bump k8s.io/cli-runtime from 0.31.3 to 0.32.0 (#12548) -* Bump k8s.io/apiserver from 0.31.3 to 0.32.0 (#12545) -* Bump the actions group with 2 updates (#12542) -* Bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#12539) -* Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#12513) -* Bump github.com/opencontainers/runc from 1.2.2 to 1.2.3 in the go group across 1 directory (#12510) -* Bump the actions group with 3 updates (#12507) -* Bump k8s.io/kube-aggregator from 0.31.3 to 0.32.0 in /images/kube-webhook-certgen/rootfs (#12503) -* Bump k8s.io/apimachinery from 0.31.3 to 0.32.0 in /images/ext-auth-example-authsvc/rootfs (#12500) -* Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#12477) -* Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /magefiles (#12475) -* Bump github.com/prometheus/common from 0.60.1 to 0.61.0 (#12465) -* Bump github/codeql-action from 3.27.5 to 3.27.6 in the actions group (#12462) -* Bump the go group across 1 directory with 2 updates (#12458) -* Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 (#12427) -* Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12417) -* Bump the go group across 3 directories with 10 updates (#12415) -* Bump the actions group with 3 updates (#12411) -* Bump github.com/opencontainers/runc from 1.2.1 to 1.2.2 in the go group across 1 directory (#12381) -* Bump github/codeql-action from 3.27.1 to 3.27.4 in the actions group (#12374) -* Bump golangci-lint on actions and disable deprecated linters (#12362) -* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#12355) -* Bump the actions group with 3 updates (#12352) -* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#12350) -* Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#12298) -* Bump github.com/opencontainers/runc from 1.2.0 to 1.2.1 in the go group across 1 directory (#12295) -* Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 (#12289) -* Bump actions/dependency-review-action from 4.3.5 to 4.4.0 in the actions group (#12274) -* Bump the go group across 3 directories with 11 updates (#12245) -* Bump github.com/opencontainers/runc from 1.1.15 to 1.2.0 (#12239) -* Bump the actions group with 5 updates (#12240) -* Bump github.com/ncabatoff/process-exporter from 0.8.3 to 0.8.4 in the go group across 1 directory (#12220) -* Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 in the actions group (#12216) -* Bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group (#12190) -* Bump the go group across 2 directories with 1 update (#12187) -* Bump the actions group with 2 updates (#12181) -* Bump github.com/opencontainers/runc from 1.1.14 to 1.1.15 in the go group across 1 directory (#12179) - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.11.3...controller-v1.11.4 diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 7d8c1e74f..dabb53725 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -399,17 +399,12 @@ metadata: | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | | controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. | | controller.metrics.serviceMonitor.enabled | bool | `false` | | -| controller.metrics.serviceMonitor.labelLimit | int | `0` | Per-scrape limit on number of labels that will be accepted for a sample. | -| controller.metrics.serviceMonitor.labelNameLengthLimit | int | `0` | Per-scrape limit on length of labels name that will be accepted for a sample. | -| controller.metrics.serviceMonitor.labelValueLengthLimit | int | `0` | Per-scrape limit on length of labels value that will be accepted for a sample. | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | | | controller.metrics.serviceMonitor.namespace | string | `""` | | | controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | | | controller.metrics.serviceMonitor.relabelings | list | `[]` | | -| controller.metrics.serviceMonitor.sampleLimit | int | `0` | Defines a per-scrape limit on the number of scraped samples that will be accepted. | | controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | | controller.metrics.serviceMonitor.targetLabels | list | `[]` | | -| controller.metrics.serviceMonitor.targetLimit | int | `0` | Defines a limit on the number of scraped targets that will be accepted. | | controller.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. | | controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | controller.name | string | `"controller"` | | @@ -442,24 +437,20 @@ metadata: | controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. | | controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | | controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | -| controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. | | controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. | | controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. | | controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. | -| controller.service.external.labels | object | `{}` | Labels to be added to the external controller service. | | controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | | controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | | controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | | controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | | controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | -| controller.service.internal.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. | | controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | | controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | | controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | | controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | -| controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. | | controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | | controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. | @@ -470,7 +461,6 @@ metadata: | controller.service.internal.ports | object | `{}` | | | controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | | controller.service.internal.targetPorts | object | `{}` | | -| controller.service.internal.trafficDistribution | string | `""` | Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution | | controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | | controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | | controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | @@ -487,7 +477,6 @@ metadata: | controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | | controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. | | controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. | -| controller.service.trafficDistribution | string | `""` | Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution | | controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | | controller.shareProcessNamespace | bool | `false` | | | controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ | @@ -548,7 +537,6 @@ metadata: | defaultBackend.replicaCount | int | `1` | | | defaultBackend.resources | object | `{}` | | | defaultBackend.service.annotations | object | `{}` | | -| defaultBackend.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # | | defaultBackend.service.loadBalancerSourceRanges | list | `[]` | | | defaultBackend.service.servicePort | int | `80` | | diff --git a/charts/ingress-nginx/changelog/helm-chart-4.10.5.md b/charts/ingress-nginx/changelog/helm-chart-4.10.5.md deleted file mode 100644 index 72c72c720..000000000 --- a/charts/ingress-nginx/changelog/helm-chart-4.10.5.md +++ /dev/null @@ -1,9 +0,0 @@ -# Changelog - -This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). - -### 4.10.5 - -* Update Ingress-Nginx version controller-v1.10.5 - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.4...helm-chart-4.10.5 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.10.6.md b/charts/ingress-nginx/changelog/helm-chart-4.10.6.md deleted file mode 100644 index c26c8817b..000000000 --- a/charts/ingress-nginx/changelog/helm-chart-4.10.6.md +++ /dev/null @@ -1,10 +0,0 @@ -# Changelog - -This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). - -### 4.10.6 - -* CI: Fix chart testing. (#12260) -* Update Ingress-Nginx version controller-v1.10.6 - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.10.5...helm-chart-4.10.6 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.11.3.md b/charts/ingress-nginx/changelog/helm-chart-4.11.3.md deleted file mode 100644 index 18ec6ba82..000000000 --- a/charts/ingress-nginx/changelog/helm-chart-4.11.3.md +++ /dev/null @@ -1,9 +0,0 @@ -# Changelog - -This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). - -### 4.11.3 - -* Update Ingress-Nginx version controller-v1.11.3 - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.2...helm-chart-4.11.3 diff --git a/charts/ingress-nginx/changelog/helm-chart-4.11.4.md b/charts/ingress-nginx/changelog/helm-chart-4.11.4.md deleted file mode 100644 index 003c787d3..000000000 --- a/charts/ingress-nginx/changelog/helm-chart-4.11.4.md +++ /dev/null @@ -1,10 +0,0 @@ -# Changelog - -This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). - -### 4.11.4 - -* CI: Fix chart testing. (#12259) -* Update Ingress-Nginx version controller-v1.11.4 - -**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.3...helm-chart-4.11.4 diff --git a/charts/ingress-nginx/ci/controller-service-internal-values.yaml b/charts/ingress-nginx/ci/controller-service-internal-values.yaml index 01635e339..11108fbce 100644 --- a/charts/ingress-nginx/ci/controller-service-internal-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-internal-values.yaml @@ -9,7 +9,5 @@ controller: internal: enabled: true - labels: - external-dns.alpha.kubernetes.io/hostname: internal.example.com annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/charts/ingress-nginx/ci/controller-service-values.yaml b/charts/ingress-nginx/ci/controller-service-values.yaml index 4ba3debba..9039368c2 100644 --- a/charts/ingress-nginx/ci/controller-service-values.yaml +++ b/charts/ingress-nginx/ci/controller-service-values.yaml @@ -7,10 +7,6 @@ controller: service: type: NodePort - external: - labels: - external-dns.alpha.kubernetes.io/hostname: external.example.com - nodePorts: tcp: 9000: 30090 diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml index bb31e60ba..af3ea12a3 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -67,7 +67,6 @@ spec: {{- end }} restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index cf757c98b..87dd2c251 100644 --- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -69,7 +69,6 @@ spec: {{- end }} restartPolicy: OnFailure serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.patch.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }} {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml index 804ff56d9..fd1b13284 100644 --- a/charts/ingress-nginx/templates/controller-daemonset.yaml +++ b/charts/ingress-nginx/templates/controller-daemonset.yaml @@ -202,7 +202,6 @@ spec: topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} volumes: diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml index da8ce97d3..cc41bfbc7 100644 --- a/charts/ingress-nginx/templates/controller-deployment.yaml +++ b/charts/ingress-nginx/templates/controller-deployment.yaml @@ -208,7 +208,6 @@ spec: topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }} {{- end }} serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} volumes: diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml index 8d369526d..6d0b47caf 100644 --- a/charts/ingress-nginx/templates/controller-service-internal.yaml +++ b/charts/ingress-nginx/templates/controller-service-internal.yaml @@ -12,9 +12,6 @@ metadata: {{- if .Values.controller.service.labels }} {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} - {{- if .Values.controller.service.internal.labels }} - {{- toYaml .Values.controller.service.internal.labels | nindent 4 }} - {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }}-internal namespace: {{ include "ingress-nginx.namespace" . }} spec: @@ -22,9 +19,6 @@ spec: {{- if .Values.controller.service.internal.clusterIP }} clusterIP: {{ .Values.controller.service.internal.clusterIP }} {{- end }} -{{- if .Values.controller.service.internal.clusterIPs }} - clusterIPs: {{ toYaml .Values.controller.service.internal.clusterIPs | nindent 4 }} -{{- end }} {{- if .Values.controller.service.internal.externalIPs }} externalIPs: {{ toYaml .Values.controller.service.internal.externalIPs | nindent 4 }} {{- end }} @@ -49,11 +43,6 @@ spec: {{- if .Values.controller.service.internal.healthCheckNodePort }} healthCheckNodePort: {{ .Values.controller.service.internal.healthCheckNodePort }} {{- end }} -{{- if semverCompare ">=1.31.0-0" .Capabilities.KubeVersion.Version -}} -{{- if .Values.controller.service.internal.trafficDistribution }} - trafficDistribution: {{ .Values.controller.service.internal.trafficDistribution }} -{{- end }} -{{- end }} {{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} {{- if .Values.controller.service.internal.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.controller.service.internal.ipFamilyPolicy }} diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml index 36d2e4884..cb78a7035 100644 --- a/charts/ingress-nginx/templates/controller-service.yaml +++ b/charts/ingress-nginx/templates/controller-service.yaml @@ -12,9 +12,6 @@ metadata: {{- if .Values.controller.service.labels }} {{- toYaml .Values.controller.service.labels | nindent 4 }} {{- end }} - {{- if .Values.controller.service.external.labels }} - {{- toYaml .Values.controller.service.external.labels | nindent 4 }} - {{- end }} name: {{ include "ingress-nginx.controller.fullname" . }} namespace: {{ include "ingress-nginx.namespace" . }} spec: @@ -22,9 +19,6 @@ spec: {{- if .Values.controller.service.clusterIP }} clusterIP: {{ .Values.controller.service.clusterIP }} {{- end }} -{{- if .Values.controller.service.clusterIPs }} - clusterIPs: {{ toYaml .Values.controller.service.clusterIPs | nindent 4 }} -{{- end }} {{- if .Values.controller.service.externalIPs }} externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }} {{- end }} @@ -49,11 +43,6 @@ spec: {{- if .Values.controller.service.healthCheckNodePort }} healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} {{- end }} -{{- if semverCompare ">=1.31.0-0" .Capabilities.KubeVersion.Version -}} -{{- if .Values.controller.service.trafficDistribution }} - trafficDistribution: {{ .Values.controller.service.trafficDistribution }} -{{- end }} -{{- end }} {{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} {{- if .Values.controller.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml index 85bb84186..93ab4d242 100644 --- a/charts/ingress-nginx/templates/controller-servicemonitor.yaml +++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml @@ -47,19 +47,4 @@ spec: {{- if .Values.controller.metrics.serviceMonitor.targetLabels }} targetLabels: {{ toYaml .Values.controller.metrics.serviceMonitor.targetLabels | nindent 2 }} {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.labelLimit }} - labelLimit: {{ .Values.controller.metrics.serviceMonitor.labelLimit }} - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.labelNameLengthLimit }} - labelNameLengthLimit: {{ .Values.controller.metrics.serviceMonitor.labelNameLengthLimit }} - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.labelValueLengthLimit }} - labelValueLengthLimit: {{ .Values.controller.metrics.serviceMonitor.labelValueLengthLimit }} - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.sampleLimit }} - sampleLimit: {{ .Values.controller.metrics.serviceMonitor.sampleLimit }} - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.targetLimit }} - targetLimit: {{ .Values.controller.metrics.serviceMonitor.targetLimit }} - {{- end }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml index 4a17f7444..f7d9de121 100644 --- a/charts/ingress-nginx/templates/default-backend-deployment.yaml +++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml @@ -103,7 +103,6 @@ spec: nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} {{- end }} serviceAccountName: {{ include "ingress-nginx.defaultBackend.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} {{- if .Values.defaultBackend.tolerations }} tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }} {{- end }} diff --git a/charts/ingress-nginx/templates/default-backend-service.yaml b/charts/ingress-nginx/templates/default-backend-service.yaml index 5a836365b..65b6b8362 100644 --- a/charts/ingress-nginx/templates/default-backend-service.yaml +++ b/charts/ingress-nginx/templates/default-backend-service.yaml @@ -18,9 +18,6 @@ spec: {{- if .Values.defaultBackend.service.clusterIP }} clusterIP: {{ .Values.defaultBackend.service.clusterIP }} {{- end }} -{{- if .Values.defaultBackend.service.clusterIPs }} - clusterIPs: {{ toYaml .Values.defaultBackend.service.clusterIPs | nindent 4 }} -{{- end }} {{- if .Values.defaultBackend.service.externalIPs }} externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }} {{- end }} diff --git a/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml deleted file mode 100644 index b5272553b..000000000 --- a/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml +++ /dev/null @@ -1,12 +0,0 @@ -suite: Admission Webhooks > Patch Job > Create Secret Job -templates: - - admission-webhooks/job-patch/job-createSecret.yaml - -tests: - - it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false - set: - controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false - asserts: - - equal: - path: spec.template.spec.automountServiceAccountToken - value: false diff --git a/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-patchWebhook_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-patchWebhook_test.yaml deleted file mode 100644 index ca4c6b4c2..000000000 --- a/charts/ingress-nginx/tests/admission-webhooks/job-patch/job-patchWebhook_test.yaml +++ /dev/null @@ -1,12 +0,0 @@ -suite: Admission Webhooks > Patch Job > Patch Webhook Job -templates: - - admission-webhooks/job-patch/job-patchWebhook.yaml - -tests: - - it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false - set: - controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false - asserts: - - equal: - path: spec.template.spec.automountServiceAccountToken - value: false diff --git a/charts/ingress-nginx/tests/controller-daemonset_test.yaml b/charts/ingress-nginx/tests/controller-daemonset_test.yaml index 0321fd376..d2d77befb 100644 --- a/charts/ingress-nginx/tests/controller-daemonset_test.yaml +++ b/charts/ingress-nginx/tests/controller-daemonset_test.yaml @@ -190,12 +190,3 @@ tests: - equal: path: spec.template.spec.containers[0].image value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - - - it: should create a DaemonSet with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false - set: - controller.kind: DaemonSet - serviceAccount.automountServiceAccountToken: false - asserts: - - equal: - path: spec.template.spec.automountServiceAccountToken - value: false diff --git a/charts/ingress-nginx/tests/controller-deployment_test.yaml b/charts/ingress-nginx/tests/controller-deployment_test.yaml index 18306079e..1cc9c9325 100644 --- a/charts/ingress-nginx/tests/controller-deployment_test.yaml +++ b/charts/ingress-nginx/tests/controller-deployment_test.yaml @@ -215,11 +215,3 @@ tests: - equal: path: spec.progressDeadlineSeconds value: 111 - - - it: should create a Deployment with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false - set: - serviceAccount.automountServiceAccountToken: false - asserts: - - equal: - path: spec.template.spec.automountServiceAccountToken - value: false diff --git a/charts/ingress-nginx/tests/controller-service-internal_test.yaml b/charts/ingress-nginx/tests/controller-service-internal_test.yaml index c0ece07d5..5465e1a2b 100644 --- a/charts/ingress-nginx/tests/controller-service-internal_test.yaml +++ b/charts/ingress-nginx/tests/controller-service-internal_test.yaml @@ -23,53 +23,3 @@ tests: - equal: path: metadata.name value: RELEASE-NAME-ingress-nginx-controller-internal - - - it: should create a Service without `clusterIPs` if `controller.service.internal.clusterIPs` is not set - set: - controller.service.internal.enabled: true - controller.service.internal.annotations: - test.annotation: "true" - asserts: - - notExists: - path: spec.clusterIPs - - - it: should create a Service with `clusterIPs` if `controller.service.internal.clusterIPs` is set - set: - controller.service.internal.enabled: true - controller.service.internal.annotations: - test.annotation: "true" - controller.service.internal.clusterIPs: - - 10.0.0.1 - - fd00::1 - asserts: - - equal: - path: spec.clusterIPs - value: - - 10.0.0.1 - - fd00::1 - - - it: should create a Service with `trafficDistribution` if `controller.service.internal.trafficDistribution` is set - capabilities: - majorVersion: 1 - minorVersion: 31 - set: - controller.service.internal.enabled: true - controller.service.internal.annotations: - test.annotation: "true" - controller.service.internal.trafficDistribution: PreferClose - asserts: - - equal: - path: spec.trafficDistribution - value: PreferClose - - - it: should create a Service with labels if `controller.service.internal.labels` is set - set: - controller.service.internal.enabled: true - controller.service.internal.annotations: - test.annotation: "true" - controller.service.internal.labels: - external-dns.alpha.kubernetes.io/hostname: internal.example.com - asserts: - - equal: - path: metadata.labels["external-dns.alpha.kubernetes.io/hostname"] - value: internal.example.com diff --git a/charts/ingress-nginx/tests/controller-service_test.yaml b/charts/ingress-nginx/tests/controller-service_test.yaml index f3e8cf030..10574f227 100644 --- a/charts/ingress-nginx/tests/controller-service_test.yaml +++ b/charts/ingress-nginx/tests/controller-service_test.yaml @@ -30,45 +30,3 @@ tests: - equal: path: spec.type value: NodePort - - - it: should create a Service without `clusterIPs` if `controller.service.clusterIPs` is not set - set: - controller.service.external.enabled: true - asserts: - - notExists: - path: spec.clusterIPs - - - it: should create a Service with `clusterIPs` if `controller.service.clusterIPs` is set - set: - controller.service.external.enabled: true - controller.service.clusterIPs: - - 10.0.0.1 - - fd00::1 - asserts: - - equal: - path: spec.clusterIPs - value: - - 10.0.0.1 - - fd00::1 - - - it: should create a Service with `trafficDistribution` if `controller.service.trafficDistribution` is set - capabilities: - majorVersion: 1 - minorVersion: 31 - set: - controller.service.external.enabled: true - controller.service.trafficDistribution: PreferClose - asserts: - - equal: - path: spec.trafficDistribution - value: PreferClose - - - it: should create a Service with labels if `controller.service.external.labels` is set - set: - controller.service.external.enabled: true - controller.service.external.labels: - external-dns.alpha.kubernetes.io/hostname: external.example.com - asserts: - - equal: - path: metadata.labels["external-dns.alpha.kubernetes.io/hostname"] - value: external.example.com diff --git a/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml b/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml index 7edee98c5..310097c1a 100644 --- a/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml +++ b/charts/ingress-nginx/tests/controller-servicemonitor_test.yaml @@ -27,53 +27,3 @@ tests: path: metadata.annotations value: my-little-annotation: test-value - - - it: should create a ServiceMonitor with `labelLimit` if `controller.metrics.serviceMonitor.labelLimit` is set - set: - controller.metrics.enabled: true - controller.metrics.serviceMonitor.enabled: true - controller.metrics.serviceMonitor.labelLimit: 20 - asserts: - - equal: - path: spec.labelLimit - value: 20 - - - it: should create a ServiceMonitor with `labelNameLengthLimit` if `controller.metrics.serviceMonitor.labelNameLengthLimit` is set - set: - controller.metrics.enabled: true - controller.metrics.serviceMonitor.enabled: true - controller.metrics.serviceMonitor.labelNameLengthLimit: 50 - asserts: - - equal: - path: spec.labelNameLengthLimit - value: 50 - - - it: should create a ServiceMonitor with `labelValueLengthLimit` if `controller.metrics.serviceMonitor.labelValueLengthLimit` is set - set: - controller.metrics.enabled: true - controller.metrics.serviceMonitor.enabled: true - controller.metrics.serviceMonitor.labelValueLengthLimit: 50 - asserts: - - equal: - path: spec.labelValueLengthLimit - value: 50 - - - it: should create a ServiceMonitor with `sampleLimit` if `controller.metrics.serviceMonitor.sampleLimit` is set - set: - controller.metrics.enabled: true - controller.metrics.serviceMonitor.enabled: true - controller.metrics.serviceMonitor.sampleLimit: 5000 - asserts: - - equal: - path: spec.sampleLimit - value: 5000 - - - it: should create a ServiceMonitor with `targetLimit` if `controller.metrics.serviceMonitor.targetLimit` is set - set: - controller.metrics.enabled: true - controller.metrics.serviceMonitor.enabled: true - controller.metrics.serviceMonitor.targetLimit: 100 - asserts: - - equal: - path: spec.targetLimit - value: 100 diff --git a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml index 11d400c46..c3fa33968 100644 --- a/charts/ingress-nginx/tests/default-backend-deployment_test.yaml +++ b/charts/ingress-nginx/tests/default-backend-deployment_test.yaml @@ -187,12 +187,3 @@ tests: - equal: path: spec.template.spec.containers[0].image value: registry.k8s.io/defaultbackend-amd64:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd - - - it: should create a Deployment with token auto-mounting disabled if `defaultBackend.serviceAccount.automountServiceAccountToken` is false - set: - defaultBackend.enabled: true - defaultBackend.serviceAccount.automountServiceAccountToken: false - asserts: - - equal: - path: spec.template.spec.automountServiceAccountToken - value: false diff --git a/charts/ingress-nginx/tests/default-backend-service_test.yaml b/charts/ingress-nginx/tests/default-backend-service_test.yaml index 521d82091..f16904f9f 100644 --- a/charts/ingress-nginx/tests/default-backend-service_test.yaml +++ b/charts/ingress-nginx/tests/default-backend-service_test.yaml @@ -30,23 +30,3 @@ tests: - equal: path: spec.ports[0].port value: 80 - - - it: should create a Service without `clusterIPs` if `defaultBackend.service.clusterIPs` is not set - set: - defaultBackend.enabled: true - asserts: - - notExists: - path: spec.clusterIPs - - - it: should create a Service with `clusterIPs` if `defaultBackend.service.clusterIPs` is set - set: - defaultBackend.enabled: true - defaultBackend.service.clusterIPs: - - 10.0.0.1 - - fd00::1 - asserts: - - equal: - path: spec.clusterIPs - value: - - 10.0.0.1 - - fd00::1 diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index ccebb9ceb..991679b21 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -486,8 +486,6 @@ controller: external: # -- Enable the external controller service or not. Useful for internal-only deployments. enabled: true - # -- Labels to be added to the external controller service. - labels: {} # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. annotations: {} # -- Labels to be added to both controller services. @@ -499,10 +497,6 @@ controller: # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address clusterIP: "" - # -- Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. - # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. - # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address - clusterIPs: [] # -- List of node IP addresses at which the external controller service is available. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips externalIPs: [] @@ -529,10 +523,6 @@ controller: # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 - # -- Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. - # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution - trafficDistribution: "" - # -- Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. # Fields `ipFamilies` and `clusterIP` depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services @@ -576,8 +566,6 @@ controller: internal: # -- Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. enabled: false - # -- Labels to be added to the internal controller service. - labels: {} # -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer annotations: {} @@ -589,10 +577,6 @@ controller: # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address clusterIP: "" - # -- Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. - # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. - # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address - clusterIPs: [] # -- List of node IP addresses at which the internal controller service is available. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips externalIPs: [] @@ -619,10 +603,6 @@ controller: # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 - # -- Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. - # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution - trafficDistribution: "" - # -- Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. # Fields `ipFamilies` and `clusterIP` depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services @@ -902,16 +882,6 @@ controller: targetLabels: [] relabelings: [] metricRelabelings: [] - # -- Per-scrape limit on number of labels that will be accepted for a sample. - labelLimit: 0 - # -- Per-scrape limit on length of labels name that will be accepted for a sample. - labelNameLengthLimit: 0 - # -- Per-scrape limit on length of labels value that will be accepted for a sample. - labelValueLengthLimit: 0 - # -- Defines a per-scrape limit on the number of scraped samples that will be accepted. - sampleLimit: 0 - # -- Defines a limit on the number of scraped targets that will be accepted. - targetLimit: 0 prometheusRule: enabled: false additionalLabels: {} @@ -1175,10 +1145,6 @@ defaultBackend: service: annotations: {} # clusterIP: "" - # -- Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. - # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. - # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address - clusterIPs: [] # -- List of IP addresses at which the default backend service is available ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md index 43726f5a1..163a5ff5c 100644 --- a/docs/e2e-tests.md +++ b/docs/e2e-tests.md @@ -222,10 +222,10 @@ Do not try to edit it manually. - [should set valid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L117) - [should not set invalid proxy timeouts](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L138) - [should turn on proxy-buffering](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L159) -- [should turn off proxy-request-buffering](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L184) -- [should build proxy next upstream](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L199) -- [should setup proxy cookies](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L220) -- [should change the default proxy HTTP version](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L238) +- [should turn off proxy-request-buffering](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L181) +- [should build proxy next upstream](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L196) +- [should setup proxy cookies](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L217) +- [should change the default proxy HTTP version](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxy.go#L235) ### [proxy-ssl-*](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxyssl.go#L32) - [should set valid proxy-ssl-secret](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxyssl.go#L39) - [should set valid proxy-ssl-secret, proxy-ssl-verify to on, proxy-ssl-verify-depth to 2, and proxy-ssl-server-name to on](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/proxyssl.go#L66) @@ -235,10 +235,6 @@ Do not try to edit it manually. ### [permanent-redirect permanent-redirect-code](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/redirect.go#L30) - [should respond with a standard redirect code](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/redirect.go#L33) - [should respond with a custom redirect code](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/redirect.go#L61) -### [relative-redirects](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/relativeredirects.go#L35) -- [configures Nginx correctly](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/relativeredirects.go#L43) -- [should respond with absolute URL in Location](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/relativeredirects.go#L61) -- [should respond with relative URL in Location](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/relativeredirects.go#L85) ### [rewrite-target use-regex enable-rewrite-log](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/rewrite.go#L32) - [should write rewrite logs](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/rewrite.go#L39) - [should use correct longest path match](https://github.com/kubernetes/ingress-nginx/tree/main//test/e2e/annotations/rewrite.go#L68) diff --git a/docs/user-guide/nginx-configuration/annotations-risk.md b/docs/user-guide/nginx-configuration/annotations-risk.md index aff9357b8..3e3b93986 100755 --- a/docs/user-guide/nginx-configuration/annotations-risk.md +++ b/docs/user-guide/nginx-configuration/annotations-risk.md @@ -73,7 +73,6 @@ | Proxy | proxy-buffer-size | Low | location | | Proxy | proxy-buffering | Low | location | | Proxy | proxy-buffers-number | Low | location | -| Proxy | proxy-busy-buffers-size | Low | location | | Proxy | proxy-connect-timeout | Low | location | | Proxy | proxy-cookie-domain | Medium | location | | Proxy | proxy-cookie-path | Medium | location | @@ -104,7 +103,6 @@ | Redirect | from-to-www-redirect | Low | location | | Redirect | permanent-redirect | Medium | location | | Redirect | permanent-redirect-code | Low | location | -| Redirect | relative-redirects | Low | location | | Redirect | temporal-redirect | Medium | location | | Redirect | temporal-redirect-code | Low | location | | Rewrite | app-root | Medium | location | diff --git a/docs/user-guide/nginx-configuration/annotations.md b/docs/user-guide/nginx-configuration/annotations.md index b0ea3cce3..cce553b1c 100755 --- a/docs/user-guide/nginx-configuration/annotations.md +++ b/docs/user-guide/nginx-configuration/annotations.md @@ -116,7 +116,6 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz |[nginx.ingress.kubernetes.io/proxy-buffering](#proxy-buffering)|string| |[nginx.ingress.kubernetes.io/proxy-buffers-number](#proxy-buffers-number)|number| |[nginx.ingress.kubernetes.io/proxy-buffer-size](#proxy-buffer-size)|string| -|[nginx.ingress.kubernetes.io/proxy-busy-buffers-size](#proxy-busy-buffers-size)|string| |[nginx.ingress.kubernetes.io/proxy-max-temp-file-size](#proxy-max-temp-file-size)|string| |[nginx.ingress.kubernetes.io/ssl-ciphers](#ssl-ciphers)|string| |[nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers](#ssl-ciphers)|"true" or "false"| @@ -748,18 +747,6 @@ To configure this setting globally, set `proxy-buffer-size` in [NGINX ConfigMap] nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" ``` -### Proxy busy buffers size - -[Limits the total size of buffers that can be busy](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_busy_buffers_size) sending a response to the client while the response is not yet fully read. - -By default proxy busy buffers size is set as "8k". - -To configure this setting globally, set `proxy-busy-buffers-size` in the [ConfigMap](./configmap.md#proxy-busy-buffers-size). To use custom values in an Ingress rule, define this annotation: - -```yaml -nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "16k" -``` - ### Proxy max temp file size When [`buffering`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) of responses from the proxied server is enabled, and the whole response does not fit into the buffers set by the [`proxy_buffer_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [`proxy_buffers`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directives, a part of the response can be saved to a temporary file. This directive sets the maximum `size` of the temporary file setting the [`proxy_max_temp_file_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size). The size of data written to the temporary file at a time is set by the [`proxy_temp_file_write_size`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_file_write_size) directive. diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index d8b4f6693..aa877d5a8 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -179,7 +179,6 @@ The following table shows a configuration option's name, type, and the default v | [proxy-send-timeout](#proxy-send-timeout) | int | 60 | | | [proxy-buffers-number](#proxy-buffers-number) | int | 4 | | | [proxy-buffer-size](#proxy-buffer-size) | string | "4k" | | -| [proxy-busy-buffers-size](#proxy-busy-buffers-size) | string | "8k" | | | [proxy-cookie-path](#proxy-cookie-path) | string | "off" | | | [proxy-cookie-domain](#proxy-cookie-domain) | string | "off" | | | [proxy-next-upstream](#proxy-next-upstream) | string | "error timeout" | | @@ -224,7 +223,6 @@ The following table shows a configuration option's name, type, and the default v | [debug-connections](#debug-connections) | []string | "127.0.0.1,1.1.1.1/24" | | | [strict-validate-path-type](#strict-validate-path-type) | bool | "true" | | | [grpc-buffer-size-kb](#grpc-buffer-size-kb) | int | 0 | | -| [relative-redirects](#relative-redirects) | bool | false | | ## add-headers @@ -1110,10 +1108,6 @@ Sets the number of the buffer used for [reading the first part of the response]( Sets the size of the buffer used for [reading the first part of the response](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) received from the proxied server. This part usually contains a small response header. -## proxy-busy-buffers-size - -[Limits the total size of buffers that can be busy](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_busy_buffers_size) sending a response to the client while the response is not yet fully read. - ## proxy-cookie-path Sets a text that [should be changed in the path attribute](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path) of the “Set-Cookie” header fields of a proxied server response. @@ -1388,14 +1382,3 @@ Sets the configuration for the GRPC Buffer Size parameter. If not set it will us _References:_ [https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size) - -## relative-redirects - -Use relative redirects instead of absolute redirects. Absolute redirects are the default in nginx. RFC7231 allows relative redirects since 2014. -Similar to the Ingress rule annotation `nginx.ingress.kubernetes.io/relative-redirects`. - -_**default:**_ "false" - -_References:_ -- [https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect) -- [https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.2](https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.2) diff --git a/hack/manifest-templates/provider/kind/values.yaml b/hack/manifest-templates/provider/kind/values.yaml index 6140f6500..ed636f372 100644 --- a/hack/manifest-templates/provider/kind/values.yaml +++ b/hack/manifest-templates/provider/kind/values.yaml @@ -8,9 +8,11 @@ controller: enabled: true terminationGracePeriodSeconds: 0 service: - type: LoadBalancer + type: NodePort watchIngressWithoutClass: true + nodeSelector: + ingress-ready: "true" tolerations: - key: "node-role.kubernetes.io/master" operator: "Equal" diff --git a/images/nginx/TAG b/images/nginx/TAG index 46b105a30..79127d85a 100644 --- a/images/nginx/TAG +++ b/images/nginx/TAG @@ -1 +1 @@ -v2.0.0 +v1.2.0 diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index 297abf777..cce1e8de1 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -18,20 +18,23 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.27.1 +export NGINX_VERSION=1.25.5 # Check for recent changes: https://github.com/vision5/ngx_devel_kit/compare/v0.3.3...master export NDK_VERSION=v0.3.3 # Check for recent changes: https://github.com/openresty/set-misc-nginx-module/compare/v0.33...master -export SETMISC_VERSION=v0.33 +export SETMISC_VERSION=796f5a3e518748eb29a93bd450324e0ad45b704e # Check for recent changes: https://github.com/openresty/headers-more-nginx-module/compare/v0.37...master export MORE_HEADERS_VERSION=v0.37 -# Check for recent changes: https://github.com/atomx/nginx-http-auth-digest/compare/v1.0.0...master +# Check for recent changes: https://github.com/atomx/nginx-http-auth-digest/compare/v1.0.0...atomx:master export NGINX_DIGEST_AUTH=v1.0.0 +# Check for recent changes: https://github.com/yaoweibin/ngx_http_substitutions_filter_module/compare/v0.6.4...master +export NGINX_SUBSTITUTIONS=e12e965ac1837ca709709f9a26f572a54d83430e + # Check for recent changes: https://github.com/SpiderLabs/ModSecurity-nginx/compare/v1.0.3...master export MODSECURITY_VERSION=v1.0.3 @@ -41,62 +44,62 @@ export MODSECURITY_LIB_VERSION=v3.0.13 # Check for recent changes: https://github.com/coreruleset/coreruleset/compare/v4.10.0...main export OWASP_MODSECURITY_CRS_VERSION=v4.10.0 -# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.27...master -export LUA_NGX_VERSION=v0.10.27 +# Check for recent changes: https://github.com/openresty/lua-nginx-module/compare/v0.10.26``...master +export LUA_NGX_VERSION=v0.10.26 -# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/v0.0.15...master -export LUA_STREAM_NGX_VERSION=v0.0.15 +# Check for recent changes: https://github.com/openresty/stream-lua-nginx-module/compare/bea8a0c0de94cede71554f53818ac0267d675d63...master +export LUA_STREAM_NGX_VERSION=bea8a0c0de94cede71554f53818ac0267d675d63 -# Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/v0.07...master -export LUA_UPSTREAM_VERSION=v0.07 +# Check for recent changes: https://github.com/openresty/lua-upstream-nginx-module/compare/8aa93ead98ba2060d4efd594ae33a35d153589bf...master +export LUA_UPSTREAM_VERSION=542be0893543a4e42d89f6dd85372972f5ff2a36 -# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.14...master -export LUA_CJSON_VERSION=2.1.0.14 +# Check for recent changes: https://github.com/openresty/lua-cjson/compare/2.1.0.13...openresty:master +export LUA_CJSON_VERSION=2.1.0.13 -# Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/445df24ef3781e488cee3dfe8a1e111997fc1dfe...master -export GEOIP2_VERSION=445df24ef3781e488cee3dfe8a1e111997fc1dfe +# Check for recent changes: https://github.com/leev/ngx_http_geoip2_module/compare/a607a41a8115fecfc05b5c283c81532a3d605425...master +export GEOIP2_VERSION=a607a41a8115fecfc05b5c283c81532a3d605425 -# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20240815...v2.1-agentzh -export LUAJIT_VERSION=v2.1-20240815 +# Check for recent changes: https://github.com/openresty/luajit2/compare/v2.1-20240314...v2.1-agentzh +export LUAJIT_VERSION=v2.1-20240314 -# Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/v0.05...master -export LUA_RESTY_BALANCER=v0.05 +# Check for recent changes: https://github.com/openresty/lua-resty-balancer/compare/1cd4363c0a239afe4765ec607dcfbbb4e5900eea...master +export LUA_RESTY_BALANCER=1cd4363c0a239afe4765ec607dcfbbb4e5900eea -# Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/v0.15...master -export LUA_RESTY_CACHE=v0.15 +# Check for recent changes: https://github.com/openresty/lua-resty-lrucache/compare/99e7578465b40f36f596d099b82eab404f2b42ed...master +export LUA_RESTY_CACHE=99e7578465b40f36f596d099b82eab404f2b42ed -# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.30...master -export LUA_RESTY_CORE=v0.1.30 +# Check for recent changes: https://github.com/openresty/lua-resty-core/compare/v0.1.27...master +export LUA_RESTY_CORE=v0.1.28 # Check for recent changes: https://github.com/cloudflare/lua-resty-cookie/compare/f418d77082eaef48331302e84330488fdc810ef4...master export LUA_RESTY_COOKIE_VERSION=f418d77082eaef48331302e84330488fdc810ef4 -# Check for recent changes: https://github.com/openresty/lua-resty-dns/compare/v0.23...master -export LUA_RESTY_DNS=v0.23 +# Check for recent changes: https://github.com/openresty/lua-resty-dns/compare/8bb53516e2933e61c317db740a9b7c2048847c2f...master +export LUA_RESTY_DNS=8bb53516e2933e61c317db740a9b7c2048847c2f -# Check for recent changes: https://github.com/ledgetech/lua-resty-http/compare/v0.17.2...master -export LUA_RESTY_HTTP=v0.17.2 +# Check for recent changes: https://github.com/ledgetech/lua-resty-http/compare/v0.17.1...master +export LUA_RESTY_HTTP=v0.17.1 # Check for recent changes: https://github.com/openresty/lua-resty-lock/compare/v0.09...master -export LUA_RESTY_LOCK=v0.09 +export LUA_RESTY_LOCK=405d0bf4cbfa74d742c6ed3158d442221e6212a9 # Check for recent changes: https://github.com/openresty/lua-resty-upload/compare/v0.11...master -export LUA_RESTY_UPLOAD_VERSION=v0.11 +export LUA_RESTY_UPLOAD_VERSION=979372cce011f3176af3c9aff53fd0e992c4bfd3 -# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.16...master -export LUA_RESTY_STRING_VERSION=v0.16 +# Check for recent changes: https://github.com/openresty/lua-resty-string/compare/v0.15...master +export LUA_RESTY_STRING_VERSION=6f1bc21d86daef804df3cc34d6427ef68da26844 # Check for recent changes: https://github.com/openresty/lua-resty-memcached/compare/v0.17...master -export LUA_RESTY_MEMCACHED_VERSION=v0.17 +export LUA_RESTY_MEMCACHED_VERSION=2f02b68bf65fa2332cce070674a93a69a6c7239b -# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.31...master -export LUA_RESTY_REDIS_VERSION=v0.31 +# Check for recent changes: https://github.com/openresty/lua-resty-redis/compare/v0.30...master +export LUA_RESTY_REDIS_VERSION=8641b9f1b6f75cca50c90cf8ca5c502ad8950aa8 -# Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/3e93c53eb8c9884efe939ef070486a0e507cc5be...master +# Check for recent changes: https://github.com/api7/lua-resty-ipmatcher/compare/v0.6.1...master export LUA_RESTY_IPMATCHER_VERSION=3e93c53eb8c9884efe939ef070486a0e507cc5be -# Check for recent changes: https://github.com/microsoft/mimalloc/compare/v2.1.9...master -export MIMALOC_VERSION=v2.1.9 +# Check for recent changes: https://github.com/microsoft/mimalloc/compare/v2.1.7...master +export MIMALOC_VERSION=v2.1.7 # Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp/compare/v1.18.0...main export OPENTELEMETRY_CPP_VERSION=v1.18.0 @@ -211,6 +214,9 @@ get_src 0c0d2ced2ce895b3f45eb2b230cd90508ab2a773299f153de14a43e44c1209b3 \ get_src f09851e6309560a8ff3e901548405066c83f1f6ff88aa7171e0763bd9514762b \ "https://github.com/atomx/nginx-http-auth-digest/archive/$NGINX_DIGEST_AUTH.tar.gz" "nginx-http-auth-digest" +get_src a98b48947359166326d58700ccdc27256d2648218072da138ab6b47de47fbd8f \ + "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/$NGINX_SUBSTITUTIONS.tar.gz" "ngx_http_substitutions_filter_module" + get_src 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b \ "https://github.com/SpiderLabs/ModSecurity-nginx/archive/$MODSECURITY_VERSION.tar.gz" "ModSecurity-nginx" @@ -318,7 +324,8 @@ git config --global --add core.compression -1 cd "$BUILD_PATH" git clone --depth=100 https://github.com/google/ngx_brotli.git cd ngx_brotli -git reset --hard a71f9312c2deb28875acc7bacfdd5695a111aa53 +# https://github.com/google/ngx_brotli/issues/156 +git reset --hard 63ca02abdcf79c9e788d2eedcc388d2335902e52 git submodule init git submodule update @@ -483,6 +490,7 @@ WITH_MODULES=" \ --add-module=$BUILD_PATH/ngx_devel_kit \ --add-module=$BUILD_PATH/set-misc-nginx-module \ --add-module=$BUILD_PATH/headers-more-nginx-module \ + --add-module=$BUILD_PATH/ngx_http_substitutions_filter_module \ --add-module=$BUILD_PATH/lua-nginx-module \ --add-module=$BUILD_PATH/stream-lua-nginx-module \ --add-module=$BUILD_PATH/lua-upstream-nginx-module \ diff --git a/images/nginx/rootfs/patches/01_nginx-1.27.1-win32_max_err_str.patch b/images/nginx/rootfs/patches/01_nginx-1.25.3-win32_max_err_str.patch similarity index 100% rename from images/nginx/rootfs/patches/01_nginx-1.27.1-win32_max_err_str.patch rename to images/nginx/rootfs/patches/01_nginx-1.25.3-win32_max_err_str.patch diff --git a/images/nginx/rootfs/patches/02_nginx-1.27.1-stream_balancer_export.patch b/images/nginx/rootfs/patches/02_nginx-1.25.3-stream_balancer_export.patch similarity index 100% rename from images/nginx/rootfs/patches/02_nginx-1.27.1-stream_balancer_export.patch rename to images/nginx/rootfs/patches/02_nginx-1.25.3-stream_balancer_export.patch diff --git a/images/nginx/rootfs/patches/03_nginx-1.27.1-stream_proxy_get_next_upstream_tries.patch b/images/nginx/rootfs/patches/03_nginx-1.25.3-stream_proxy_get_next_upstream_tries.patch similarity index 100% rename from images/nginx/rootfs/patches/03_nginx-1.27.1-stream_proxy_get_next_upstream_tries.patch rename to images/nginx/rootfs/patches/03_nginx-1.25.3-stream_proxy_get_next_upstream_tries.patch diff --git a/images/nginx/rootfs/patches/04_nginx-1.27.1-stream_proxy_timeout_fields.patch b/images/nginx/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch similarity index 92% rename from images/nginx/rootfs/patches/04_nginx-1.27.1-stream_proxy_timeout_fields.patch rename to images/nginx/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch index e205abb8b..39c59e206 100644 --- a/images/nginx/rootfs/patches/04_nginx-1.27.1-stream_proxy_timeout_fields.patch +++ b/images/nginx/rootfs/patches/04_nginx-1.25.3-stream_proxy_timeout_fields.patch @@ -1,6 +1,6 @@ -diff -u -r -p -Naur nginx-1.27.1/src/stream/ngx_stream.h nginx-1.27.1-patched/src/stream/ngx_stream.h ---- nginx-1.27.1/src/stream/ngx_stream.h 2021-11-04 21:27:55.288708527 +0800 -+++ nginx-1.27.1-patched/src/stream/ngx_stream.h 2021-11-04 21:28:50.768035209 +0800 +diff -u -r -p -Naur nginx-1.25.3/src/stream/ngx_stream.h nginx-1.25.3-patched/src/stream/ngx_stream.h +--- nginx-1.25.3/src/stream/ngx_stream.h 2021-11-04 21:27:55.288708527 +0800 ++++ nginx-1.25.3-patched/src/stream/ngx_stream.h 2021-11-04 21:28:50.768035209 +0800 @@ -254,6 +254,15 @@ typedef struct { } ngx_stream_module_t; @@ -25,9 +25,9 @@ diff -u -r -p -Naur nginx-1.27.1/src/stream/ngx_stream.h nginx-1.27.1-patched/sr typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s, -diff -u -r -p -Naur nginx-1.27.1/src/stream/ngx_stream_proxy_module.c nginx-1.27.1-patched/src/stream/ngx_stream_proxy_module.c ---- nginx-1.27.1/src/stream/ngx_stream_proxy_module.c 2021-11-04 21:27:55.289708533 +0800 -+++ nginx-1.27.1-patched/src/stream/ngx_stream_proxy_module.c 2021-11-04 21:37:03.578936990 +0800 +diff -u -r -p -Naur nginx-1.25.3/src/stream/ngx_stream_proxy_module.c nginx-1.25.3-patched/src/stream/ngx_stream_proxy_module.c +--- nginx-1.25.3/src/stream/ngx_stream_proxy_module.c 2021-11-04 21:27:55.289708533 +0800 ++++ nginx-1.25.3-patched/src/stream/ngx_stream_proxy_module.c 2021-11-04 21:37:03.578936990 +0800 @@ -400,6 +400,7 @@ ngx_stream_proxy_handler(ngx_stream_sess ngx_stream_proxy_srv_conf_t *pscf; ngx_stream_upstream_srv_conf_t *uscf, **uscfp; diff --git a/images/nginx/rootfs/patches/05_nginx-1.27.1-stream_ssl_preread_no_skip.patch b/images/nginx/rootfs/patches/05_nginx-1.25.3-stream_ssl_preread_no_skip.patch similarity index 100% rename from images/nginx/rootfs/patches/05_nginx-1.27.1-stream_ssl_preread_no_skip.patch rename to images/nginx/rootfs/patches/05_nginx-1.25.3-stream_ssl_preread_no_skip.patch diff --git a/images/nginx/rootfs/patches/06_nginx-1.27.1-resolver_conf_parsing.patch b/images/nginx/rootfs/patches/06_nginx-1.25.3-resolver_conf_parsing.patch similarity index 100% rename from images/nginx/rootfs/patches/06_nginx-1.27.1-resolver_conf_parsing.patch rename to images/nginx/rootfs/patches/06_nginx-1.25.3-resolver_conf_parsing.patch diff --git a/images/nginx/rootfs/patches/07_nginx-1.27.1-daemon_destroy_pool.patch b/images/nginx/rootfs/patches/07_nginx-1.25.3-daemon_destroy_pool.patch similarity index 100% rename from images/nginx/rootfs/patches/07_nginx-1.27.1-daemon_destroy_pool.patch rename to images/nginx/rootfs/patches/07_nginx-1.25.3-daemon_destroy_pool.patch diff --git a/images/nginx/rootfs/patches/08_nginx-1.27.1-init_cycle_pool_release.patch b/images/nginx/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch similarity index 65% rename from images/nginx/rootfs/patches/08_nginx-1.27.1-init_cycle_pool_release.patch rename to images/nginx/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch index 4a26b92c5..bd2e9a7d9 100644 --- a/images/nginx/rootfs/patches/08_nginx-1.27.1-init_cycle_pool_release.patch +++ b/images/nginx/rootfs/patches/08_nginx-1.25.3-init_cycle_pool_release.patch @@ -1,6 +1,6 @@ -diff -rup nginx-1.27.1/src/core/nginx.c nginx-1.27.1-patched/src/core/nginx.c ---- nginx-1.27.1/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 -+++ nginx-1.27.1-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 +diff -rup nginx-1.25.3/src/core/nginx.c nginx-1.25.3-patched/src/core/nginx.c +--- nginx-1.25.3/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 ++++ nginx-1.25.3-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 @@ -186,6 +186,7 @@ static u_char *ngx_prefix; static u_char *ngx_conf_file; static u_char *ngx_conf_params; @@ -18,9 +18,9 @@ diff -rup nginx-1.27.1/src/core/nginx.c nginx-1.27.1-patched/src/core/nginx.c if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) { return 1; } -diff -rup nginx-1.27.1/src/core/ngx_core.h nginx-1.27.1-patched/src/core/ngx_core.h ---- nginx-1.27.1/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.27.1-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 +diff -rup nginx-1.25.3/src/core/ngx_core.h nginx-1.25.3-patched/src/core/ngx_core.h +--- nginx-1.25.3/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.25.3-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 @@ -108,4 +108,6 @@ void ngx_cpuinfo(void); #define NGX_DISABLE_SYMLINKS_NOTOWNER 2 #endif @@ -28,9 +28,9 @@ diff -rup nginx-1.27.1/src/core/ngx_core.h nginx-1.27.1-patched/src/core/ngx_cor +extern ngx_pool_t *saved_init_cycle_pool; + #endif /* _NGX_CORE_H_INCLUDED_ */ -diff -rup nginx-1.27.1/src/core/ngx_cycle.c nginx-1.27.1-patched/src/core/ngx_cycle.c ---- nginx-1.27.1/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.27.1-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 +diff -rup nginx-1.25.3/src/core/ngx_cycle.c nginx-1.25.3-patched/src/core/ngx_cycle.c +--- nginx-1.25.3/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.25.3-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 @@ -748,6 +748,10 @@ old_shm_zone_done: if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) { @@ -42,9 +42,9 @@ diff -rup nginx-1.27.1/src/core/ngx_cycle.c nginx-1.27.1-patched/src/core/ngx_cy ngx_destroy_pool(old_cycle->pool); cycle->old_cycle = NULL; -diff -rup nginx-1.27.1/src/os/unix/ngx_process_cycle.c nginx-1.27.1-patched/src/os/unix/ngx_process_cycle.c ---- nginx-1.27.1/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 -+++ nginx-1.27.1-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 +diff -rup nginx-1.25.3/src/os/unix/ngx_process_cycle.c nginx-1.25.3-patched/src/os/unix/ngx_process_cycle.c +--- nginx-1.25.3/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 ++++ nginx-1.25.3-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 @@ -687,6 +692,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc ngx_exit_cycle.files_n = ngx_cycle->files_n; ngx_cycle = &ngx_exit_cycle; diff --git a/images/nginx/rootfs/patches/09_nginx-1.27.1-balancer_status_code.patch b/images/nginx/rootfs/patches/09_nginx-1.25.3-balancer_status_code.patch similarity index 100% rename from images/nginx/rootfs/patches/09_nginx-1.27.1-balancer_status_code.patch rename to images/nginx/rootfs/patches/09_nginx-1.25.3-balancer_status_code.patch diff --git a/images/nginx/rootfs/patches/10_nginx-1.27.1-delayed_posted_events.patch b/images/nginx/rootfs/patches/10_nginx-1.25.3-delayed_posted_events.patch similarity index 100% rename from images/nginx/rootfs/patches/10_nginx-1.27.1-delayed_posted_events.patch rename to images/nginx/rootfs/patches/10_nginx-1.25.3-delayed_posted_events.patch diff --git a/images/nginx/rootfs/patches/11_nginx-1.27.1-privileged_agent_process.patch b/images/nginx/rootfs/patches/11_nginx-1.25.3-privileged_agent_process.patch similarity index 100% rename from images/nginx/rootfs/patches/11_nginx-1.27.1-privileged_agent_process.patch rename to images/nginx/rootfs/patches/11_nginx-1.25.3-privileged_agent_process.patch diff --git a/images/nginx/rootfs/patches/12_nginx-1.27.1-privileged_agent_process_connections.patch b/images/nginx/rootfs/patches/12_nginx-1.25.3-privileged_agent_process_connections.patch similarity index 100% rename from images/nginx/rootfs/patches/12_nginx-1.27.1-privileged_agent_process_connections.patch rename to images/nginx/rootfs/patches/12_nginx-1.25.3-privileged_agent_process_connections.patch diff --git a/images/nginx/rootfs/patches/13_nginx-1.27.1-privileged_agent_process_thread_pool.patch b/images/nginx/rootfs/patches/13_nginx-1.25.3-privileged_agent_process_thread_pool.patch similarity index 100% rename from images/nginx/rootfs/patches/13_nginx-1.27.1-privileged_agent_process_thread_pool.patch rename to images/nginx/rootfs/patches/13_nginx-1.25.3-privileged_agent_process_thread_pool.patch diff --git a/images/nginx/rootfs/patches/14_nginx-1.27.1-single_process_graceful_exit.patch b/images/nginx/rootfs/patches/14_nginx-1.25.3-single_process_graceful_exit.patch similarity index 100% rename from images/nginx/rootfs/patches/14_nginx-1.27.1-single_process_graceful_exit.patch rename to images/nginx/rootfs/patches/14_nginx-1.25.3-single_process_graceful_exit.patch diff --git a/images/nginx/rootfs/patches/15_nginx-1.27.1-intercept_error_log.patch b/images/nginx/rootfs/patches/15_nginx-1.25.3-intercept_error_log.patch similarity index 100% rename from images/nginx/rootfs/patches/15_nginx-1.27.1-intercept_error_log.patch rename to images/nginx/rootfs/patches/15_nginx-1.25.3-intercept_error_log.patch diff --git a/images/nginx/rootfs/patches/16_nginx-1.27.1-upstream_pipelining.patch b/images/nginx/rootfs/patches/16_nginx-1.25.3-upstream_pipelining.patch similarity index 100% rename from images/nginx/rootfs/patches/16_nginx-1.27.1-upstream_pipelining.patch rename to images/nginx/rootfs/patches/16_nginx-1.25.3-upstream_pipelining.patch diff --git a/images/nginx/rootfs/patches/17_nginx-1.27.1-no_error_pages.patch b/images/nginx/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch similarity index 93% rename from images/nginx/rootfs/patches/17_nginx-1.27.1-no_error_pages.patch rename to images/nginx/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch index 593fcefd6..aceb2e988 100644 --- a/images/nginx/rootfs/patches/17_nginx-1.27.1-no_error_pages.patch +++ b/images/nginx/rootfs/patches/17_nginx-1.25.3-no_error_pages.patch @@ -1,6 +1,6 @@ -diff -upr nginx-1.27.1/src/http/ngx_http_core_module.c nginx-1.27.1-patched/src/http/ngx_http_core_module.c ---- nginx-1.27.1/src/http/ngx_http_core_module.c 2017-08-31 18:14:41.000000000 -0700 -+++ nginx-1.27.1-patched/src/http/ngx_http_core_module.c 2017-08-31 18:21:31.638098196 -0700 +diff -upr nginx-1.25.3/src/http/ngx_http_core_module.c nginx-1.25.3-patched/src/http/ngx_http_core_module.c +--- nginx-1.25.3/src/http/ngx_http_core_module.c 2017-08-31 18:14:41.000000000 -0700 ++++ nginx-1.25.3-patched/src/http/ngx_http_core_module.c 2017-08-31 18:21:31.638098196 -0700 @@ -64,6 +64,8 @@ static char *ngx_http_core_directio(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static char *ngx_http_core_error_page(ngx_conf_t *cf, ngx_command_t *cmd, diff --git a/images/nginx/rootfs/patches/18_nginx-1.25.3-no_Werror.patch b/images/nginx/rootfs/patches/18_nginx-1.25.3-no_Werror.patch new file mode 100644 index 000000000..f7176faff --- /dev/null +++ b/images/nginx/rootfs/patches/18_nginx-1.25.3-no_Werror.patch @@ -0,0 +1,36 @@ +diff -urp nginx-1.25.3/auto/cc/clang nginx-1.25.3-patched/auto/cc/clang +--- nginx-1.25.3/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.25.3-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 +@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali + CFLAGS="$CFLAGS -Wno-unused-parameter" + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.25.3/auto/cc/gcc nginx-1.25.3-patched/auto/cc/gcc +--- nginx-1.25.3/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.25.3-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 +@@ -168,7 +168,7 @@ esac + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.25.3/auto/cc/icc nginx-1.25.3-patched/auto/cc/icc +--- nginx-1.25.3/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.25.3-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 +@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in + esac + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/18_nginx-1.27.1-no_Werror.patch b/images/nginx/rootfs/patches/18_nginx-1.27.1-no_Werror.patch deleted file mode 100644 index d0aa7a31e..000000000 --- a/images/nginx/rootfs/patches/18_nginx-1.27.1-no_Werror.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -urp nginx-1.27.1/auto/cc/clang nginx-1.27.1-patched/auto/cc/clang ---- nginx-1.27.1/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.27.1-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 -@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali - CFLAGS="$CFLAGS -Wno-unused-parameter" - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.27.1/auto/cc/gcc nginx-1.27.1-patched/auto/cc/gcc ---- nginx-1.27.1/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.27.1-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 -@@ -168,7 +168,7 @@ esac - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.27.1/auto/cc/icc nginx-1.27.1-patched/auto/cc/icc ---- nginx-1.27.1/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.27.1-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 -@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in - esac - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/19_nginx-1.27.1-log_escape_non_ascii.patch b/images/nginx/rootfs/patches/19_nginx-1.25.3-log_escape_non_ascii.patch similarity index 100% rename from images/nginx/rootfs/patches/19_nginx-1.27.1-log_escape_non_ascii.patch rename to images/nginx/rootfs/patches/19_nginx-1.25.3-log_escape_non_ascii.patch diff --git a/images/nginx/rootfs/patches/20_nginx-1.27.1-proxy_host_port_vars.patch b/images/nginx/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch similarity index 87% rename from images/nginx/rootfs/patches/20_nginx-1.27.1-proxy_host_port_vars.patch rename to images/nginx/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch index b81a299c8..82a344324 100644 --- a/images/nginx/rootfs/patches/20_nginx-1.27.1-proxy_host_port_vars.patch +++ b/images/nginx/rootfs/patches/20_nginx-1.25.3-proxy_host_port_vars.patch @@ -1,5 +1,5 @@ ---- nginx-1.27.1/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 -+++ nginx-1.27.1-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 +--- nginx-1.25.3/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 ++++ nginx-1.25.3-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 @@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach static ngx_http_variable_t ngx_http_proxy_vars[] = { diff --git a/images/nginx/rootfs/patches/21_nginx-1.27.1-cache_manager_exit.patch b/images/nginx/rootfs/patches/21_nginx-1.25.3-cache_manager_exit.patch similarity index 100% rename from images/nginx/rootfs/patches/21_nginx-1.27.1-cache_manager_exit.patch rename to images/nginx/rootfs/patches/21_nginx-1.25.3-cache_manager_exit.patch diff --git a/images/nginx/rootfs/patches/22_nginx-1.27.1-larger_max_error_str.patch b/images/nginx/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch similarity index 62% rename from images/nginx/rootfs/patches/22_nginx-1.27.1-larger_max_error_str.patch rename to images/nginx/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch index b821297e6..e5cd07e67 100644 --- a/images/nginx/rootfs/patches/22_nginx-1.27.1-larger_max_error_str.patch +++ b/images/nginx/rootfs/patches/22_nginx-1.25.3-larger_max_error_str.patch @@ -1,5 +1,5 @@ ---- nginx-1.27.1/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 -+++ nginx-1.27.1-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 +--- nginx-1.25.3/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 ++++ nginx-1.25.3-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 @@ -64,7 +64,9 @@ struct ngx_log_s { }; diff --git a/images/nginx/rootfs/patches/23_nginx-1.27.1-pcre_conf_opt.patch b/images/nginx/rootfs/patches/23_nginx-1.25.3-pcre_conf_opt.patch similarity index 100% rename from images/nginx/rootfs/patches/23_nginx-1.27.1-pcre_conf_opt.patch rename to images/nginx/rootfs/patches/23_nginx-1.25.3-pcre_conf_opt.patch diff --git a/images/nginx/rootfs/patches/24_nginx-1.27.1-always_enable_cc_feature_tests.patch b/images/nginx/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch similarity index 65% rename from images/nginx/rootfs/patches/24_nginx-1.27.1-always_enable_cc_feature_tests.patch rename to images/nginx/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch index 9517e92c4..b381d9b07 100644 --- a/images/nginx/rootfs/patches/24_nginx-1.27.1-always_enable_cc_feature_tests.patch +++ b/images/nginx/rootfs/patches/24_nginx-1.25.3-always_enable_cc_feature_tests.patch @@ -1,5 +1,5 @@ ---- nginx-1.27.1/auto/cc/conf 2015-10-30 22:47:50.000000000 +0800 -+++ nginx-1.27.1-patched/auto/cc/conf 2015-11-02 12:23:05.385156987 +0800 +--- nginx-1.25.3/auto/cc/conf 2015-10-30 22:47:50.000000000 +0800 ++++ nginx-1.25.3-patched/auto/cc/conf 2015-11-02 12:23:05.385156987 +0800 @@ -144,7 +144,7 @@ fi CFLAGS="$CFLAGS $NGX_CC_OPT" NGX_TEST_LD_OPT="$NGX_LD_OPT" diff --git a/images/nginx/rootfs/patches/25_nginx-1.27.1-ssl_cert_cb_yield.patch b/images/nginx/rootfs/patches/25_nginx-1.25.3-ssl_cert_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/25_nginx-1.27.1-ssl_cert_cb_yield.patch rename to images/nginx/rootfs/patches/25_nginx-1.25.3-ssl_cert_cb_yield.patch diff --git a/images/nginx/rootfs/patches/26_nginx-1.27.1-ssl_sess_cb_yield.patch b/images/nginx/rootfs/patches/26_nginx-1.25.3-ssl_sess_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/26_nginx-1.27.1-ssl_sess_cb_yield.patch rename to images/nginx/rootfs/patches/26_nginx-1.25.3-ssl_sess_cb_yield.patch diff --git a/images/nginx/rootfs/patches/27_nginx-1.27.1-ssl_client_hello_cb_yield.patch b/images/nginx/rootfs/patches/27_nginx-1.25.3-ssl_client_hello_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/27_nginx-1.27.1-ssl_client_hello_cb_yield.patch rename to images/nginx/rootfs/patches/27_nginx-1.25.3-ssl_client_hello_cb_yield.patch diff --git a/images/nginx/rootfs/patches/28_nginx-1.27.1-upstream_timeout_fields.patch b/images/nginx/rootfs/patches/28_nginx-1.25.3-upstream_timeout_fields.patch similarity index 100% rename from images/nginx/rootfs/patches/28_nginx-1.27.1-upstream_timeout_fields.patch rename to images/nginx/rootfs/patches/28_nginx-1.25.3-upstream_timeout_fields.patch diff --git a/images/nginx/rootfs/patches/29_nginx-1.27.1-safe_resolver_ipv6_option.patch b/images/nginx/rootfs/patches/29_nginx-1.25.3-safe_resolver_ipv6_option.patch similarity index 100% rename from images/nginx/rootfs/patches/29_nginx-1.27.1-safe_resolver_ipv6_option.patch rename to images/nginx/rootfs/patches/29_nginx-1.25.3-safe_resolver_ipv6_option.patch diff --git a/images/nginx/rootfs/patches/30_nginx-1.27.1-socket_cloexec.patch b/images/nginx/rootfs/patches/30_nginx-1.25.3-socket_cloexec.patch similarity index 100% rename from images/nginx/rootfs/patches/30_nginx-1.27.1-socket_cloexec.patch rename to images/nginx/rootfs/patches/30_nginx-1.25.3-socket_cloexec.patch diff --git a/images/nginx/rootfs/patches/31_nginx-1.27.1-reuseport_close_unused_fds.patch b/images/nginx/rootfs/patches/31_nginx-1.25.3-reuseport_close_unused_fds.patch similarity index 100% rename from images/nginx/rootfs/patches/31_nginx-1.27.1-reuseport_close_unused_fds.patch rename to images/nginx/rootfs/patches/31_nginx-1.25.3-reuseport_close_unused_fds.patch diff --git a/images/nginx/rootfs/patches/32_nginx-1.27.1-proc_exit_handler.patch b/images/nginx/rootfs/patches/32_nginx-1.27.1-proc_exit_handler.patch deleted file mode 100644 index f050c09d8..000000000 --- a/images/nginx/rootfs/patches/32_nginx-1.27.1-proc_exit_handler.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c -index c4e3c50..fa1408b 100644 ---- a/src/core/ngx_cycle.c -+++ b/src/core/ngx_cycle.c -@@ -264,6 +264,9 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) - } - - -+#if !(NGX_WIN32) -+ ngx_proc_exit_top_handler = ngx_proc_exit_def_handler; -+#endif - conf.ctx = cycle->conf_ctx; - conf.cycle = cycle; - conf.pool = pool; -diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c -index 12a8c68..874c9bf 100644 ---- a/src/os/unix/ngx_process.c -+++ b/src/os/unix/ngx_process.c -@@ -34,6 +34,7 @@ ngx_int_t ngx_process_slot; - ngx_socket_t ngx_channel; - ngx_int_t ngx_last_process; - ngx_process_t ngx_processes[NGX_MAX_PROCESSES]; -+ngx_proc_exit_pt ngx_proc_exit_top_handler; - - - ngx_signal_t signals[] = { -@@ -83,6 +84,13 @@ ngx_signal_t signals[] = { - }; - - -+void -+ngx_proc_exit_def_handler(ngx_pid_t pid) -+{ -+ /* do nothing */ -+} -+ -+ - ngx_pid_t - ngx_spawn_process(ngx_cycle_t *cycle, ngx_spawn_proc_pt proc, void *data, - char *name, ngx_int_t respawn) -@@ -564,6 +572,7 @@ ngx_process_get_status(void) - } - - ngx_unlock_mutexes(pid); -+ ngx_proc_exit_top_handler(pid); - } - } - -diff --git a/src/os/unix/ngx_process.h b/src/os/unix/ngx_process.h -index 3986639..0b55d98 100644 ---- a/src/os/unix/ngx_process.h -+++ b/src/os/unix/ngx_process.h -@@ -18,6 +18,8 @@ typedef pid_t ngx_pid_t; - #define NGX_INVALID_PID -1 - - typedef void (*ngx_spawn_proc_pt) (ngx_cycle_t *cycle, void *data); -+#define NGX_HAVE_PROC_EXIT 1 -+typedef void (*ngx_proc_exit_pt)(ngx_pid_t pid); - - typedef struct { - ngx_pid_t pid; -@@ -66,6 +68,7 @@ ngx_pid_t ngx_spawn_process(ngx_cycle_t *cycle, - ngx_pid_t ngx_execute(ngx_cycle_t *cycle, ngx_exec_ctx_t *ctx); - ngx_int_t ngx_init_signals(ngx_log_t *log); - void ngx_debug_point(void); -+void ngx_proc_exit_def_handler(ngx_pid_t pid); - - - #if (NGX_HAVE_SCHED_YIELD) -@@ -85,6 +88,7 @@ extern ngx_socket_t ngx_channel; - extern ngx_int_t ngx_process_slot; - extern ngx_int_t ngx_last_process; - extern ngx_process_t ngx_processes[NGX_MAX_PROCESSES]; -+extern ngx_proc_exit_pt ngx_proc_exit_top_handler; - - - #endif /* _NGX_PROCESS_H_INCLUDED_ */ diff --git a/images/test-runner/TAG b/images/test-runner/TAG index 46b105a30..18fa8e74f 100644 --- a/images/test-runner/TAG +++ b/images/test-runner/TAG @@ -1 +1 @@ -v2.0.0 +v1.3.0 diff --git a/internal/ingress/annotations/cors/main.go b/internal/ingress/annotations/cors/main.go index cef4fb1b2..b81514820 100644 --- a/internal/ingress/annotations/cors/main.go +++ b/internal/ingress/annotations/cors/main.go @@ -40,12 +40,12 @@ var ( // that could cause the Response to contain some internal value/variable (like returning $pid, $upstream_addr, etc) // Origin must contain a http/s Origin (including or not the port) or the value '*' // This Regex is composed of the following: - // * Sets a group that can be (https?://)?*?.something.com:port? OR null + // * Sets a group that can be (https?://)?*?.something.com:port? // * Allows this to be repeated as much as possible, and separated by comma // Otherwise it should be '*' - corsOriginRegexValidator = regexp.MustCompile(`^((((([a-z]+://)?(\*\.)?[A-Za-z0-9\-.]*(:\d+)?,?)|null)+)|\*)?$`) + corsOriginRegexValidator = regexp.MustCompile(`^(((([a-z]+://)?(\*\.)?[A-Za-z0-9\-.]*(:\d+)?,?)+)|\*)?$`) // corsOriginRegex defines the regex for validation inside Parse - corsOriginRegex = regexp.MustCompile(`^([a-z]+://(\*\.)?[A-Za-z0-9\-.]*(:\d+)?|\*|null)?$`) + corsOriginRegex = regexp.MustCompile(`^([a-z]+://(\*\.)?[A-Za-z0-9\-.]*(:\d+)?|\*)?$`) // Method must contain valid methods list (PUT, GET, POST, BLA) // May contain or not spaces between each verb corsMethodsRegex = regexp.MustCompile(`^([A-Za-z]+,?\s?)+$`) @@ -78,7 +78,7 @@ var corsAnnotation = parser.Annotation{ Scope: parser.AnnotationScopeIngress, Risk: parser.AnnotationRiskMedium, Documentation: `This annotation controls what's the accepted Origin for CORS. - This is a multi-valued field, separated by ','. It must follow this format: protocol://origin-site.com, protocol://origin-site.com:port, null, or *. + This is a multi-valued field, separated by ','. It must follow this format: protocol://origin-site.com or protocol://origin-site.com:port It also supports single level wildcard subdomains and follows this format: https://*.foo.bar, http://*.bar.foo:8080 or myprotocol://*.abc.bar.foo:9000 Protocol can be any lowercase string, like http, https, or mycustomprotocol.`, }, diff --git a/internal/ingress/annotations/cors/main_test.go b/internal/ingress/annotations/cors/main_test.go index 0b6b3671b..dee36fcae 100644 --- a/internal/ingress/annotations/cors/main_test.go +++ b/internal/ingress/annotations/cors/main_test.go @@ -82,7 +82,7 @@ func TestIngressCorsConfigValid(t *testing.T) { data[parser.GetAnnotationWithPrefix(corsAllowHeadersAnnotation)] = "DNT,X-CustomHeader, Keep-Alive,User-Agent" data[parser.GetAnnotationWithPrefix(corsAllowCredentialsAnnotation)] = "false" data[parser.GetAnnotationWithPrefix(corsAllowMethodsAnnotation)] = "GET, PATCH" - data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "null, https://origin123.test.com:4443" + data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "https://origin123.test.com:4443" data[parser.GetAnnotationWithPrefix(corsExposeHeadersAnnotation)] = "*, X-CustomResponseHeader" data[parser.GetAnnotationWithPrefix(corsMaxAgeAnnotation)] = "600" ing.SetAnnotations(data) @@ -113,7 +113,7 @@ func TestIngressCorsConfigValid(t *testing.T) { t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsAllowMethodsAnnotation)], nginxCors.CorsAllowMethods) } - if !reflect.DeepEqual(nginxCors.CorsAllowOrigin, []string{"null", "https://origin123.test.com:4443"}) { + if nginxCors.CorsAllowOrigin[0] != "https://origin123.test.com:4443" { t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)], nginxCors.CorsAllowOrigin) } @@ -176,7 +176,7 @@ func TestIngressCorsConfigInvalid(t *testing.T) { } } -func TestIngressCorsConfigAllowOriginWithTrailingComma(t *testing.T) { +func TestIngresCorsConfigAllowOriginWithTrailingComma(t *testing.T) { ing := buildIngress() data := map[string]string{} @@ -206,36 +206,6 @@ func TestIngressCorsConfigAllowOriginWithTrailingComma(t *testing.T) { } } -func TestIngressCorsConfigAllowOriginNull(t *testing.T) { - ing := buildIngress() - - data := map[string]string{} - data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)] = enableAnnotation - - // Include a trailing comma and an empty value between the commas. - data[parser.GetAnnotationWithPrefix(corsAllowOriginAnnotation)] = "https://origin123.test.com:4443,null,https://origin321.test.com:4443" - ing.SetAnnotations(data) - - corst, err := NewParser(&resolver.Mock{}).Parse(ing) - if err != nil { - t.Errorf("error parsing annotations: %v", err) - } - - nginxCors, ok := corst.(*Config) - if !ok { - t.Errorf("expected a Config type but returned %t", corst) - } - - if !nginxCors.CorsEnabled { - t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix(corsEnableAnnotation)], nginxCors.CorsEnabled) - } - - expectedCorsAllowOrigins := []string{"https://origin123.test.com:4443", "null", "https://origin321.test.com:4443"} - if !reflect.DeepEqual(nginxCors.CorsAllowOrigin, expectedCorsAllowOrigins) { - t.Errorf("expected %v but returned %v", expectedCorsAllowOrigins, nginxCors.CorsAllowOrigin) - } -} - func TestIngressCorsConfigAllowOriginWithNonHttpProtocol(t *testing.T) { ing := buildIngress() diff --git a/internal/ingress/annotations/proxy/main.go b/internal/ingress/annotations/proxy/main.go index aaa093eaf..9d2646261 100644 --- a/internal/ingress/annotations/proxy/main.go +++ b/internal/ingress/annotations/proxy/main.go @@ -31,7 +31,6 @@ const ( proxyReadTimeoutAnnotation = "proxy-read-timeout" proxyBuffersNumberAnnotation = "proxy-buffers-number" proxyBufferSizeAnnotation = "proxy-buffer-size" - proxyBusyBuffersSizeAnnotation = "proxy-busy-buffers-size" proxyCookiePathAnnotation = "proxy-cookie-path" proxyCookieDomainAnnotation = "proxy-cookie-domain" proxyBodySizeAnnotation = "proxy-body-size" @@ -83,12 +82,6 @@ var proxyAnnotations = parser.Annotation{ Documentation: `This annotation sets the size of the buffer proxy_buffer_size used for reading the first part of the response received from the proxied server. By default proxy buffer size is set as "4k".`, }, - proxyBusyBuffersSizeAnnotation: { - Validator: parser.ValidateRegex(parser.SizeRegex, true), - Scope: parser.AnnotationScopeLocation, - Risk: parser.AnnotationRiskLow, - Documentation: `This annotation limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read. By default proxy busy buffers size is set as "8k".`, - }, proxyCookiePathAnnotation: { Validator: parser.ValidateRegex(parser.URLIsValidRegex, true), Scope: parser.AnnotationScopeLocation, @@ -174,7 +167,6 @@ type Config struct { ReadTimeout int `json:"readTimeout"` BuffersNumber int `json:"buffersNumber"` BufferSize string `json:"bufferSize"` - BusyBuffersSize string `json:"busyBuffersSize"` CookieDomain string `json:"cookieDomain"` CookiePath string `json:"cookiePath"` NextUpstream string `json:"nextUpstream"` @@ -214,9 +206,6 @@ func (l1 *Config) Equal(l2 *Config) bool { if l1.BufferSize != l2.BufferSize { return false } - if l1.BusyBuffersSize != l2.BusyBuffersSize { - return false - } if l1.CookieDomain != l2.CookieDomain { return false } @@ -301,11 +290,6 @@ func (a proxy) Parse(ing *networking.Ingress) (interface{}, error) { config.BufferSize = defBackend.ProxyBufferSize } - config.BusyBuffersSize, err = parser.GetStringAnnotation(proxyBusyBuffersSizeAnnotation, ing, a.annotationConfig.Annotations) - if err != nil { - config.BusyBuffersSize = defBackend.ProxyBusyBuffersSize - } - config.CookiePath, err = parser.GetStringAnnotation(proxyCookiePathAnnotation, ing, a.annotationConfig.Annotations) if err != nil { config.CookiePath = defBackend.ProxyCookiePath diff --git a/internal/ingress/annotations/proxy/main_test.go b/internal/ingress/annotations/proxy/main_test.go index b6ce07fb2..9446ae970 100644 --- a/internal/ingress/annotations/proxy/main_test.go +++ b/internal/ingress/annotations/proxy/main_test.go @@ -88,7 +88,6 @@ func (m mockBackend) GetDefaultBackend() defaults.Backend { ProxyReadTimeout: 20, ProxyBuffersNumber: 4, ProxyBufferSize: "10k", - ProxyBusyBuffersSize: "15k", ProxyBodySize: "3k", ProxyNextUpstream: "error", ProxyNextUpstreamTimeout: 0, @@ -109,7 +108,6 @@ func TestProxy(t *testing.T) { data[parser.GetAnnotationWithPrefix("proxy-read-timeout")] = "3" data[parser.GetAnnotationWithPrefix("proxy-buffers-number")] = "8" data[parser.GetAnnotationWithPrefix("proxy-buffer-size")] = "1k" - data[parser.GetAnnotationWithPrefix("proxy-busy-buffers-size")] = "4k" data[parser.GetAnnotationWithPrefix("proxy-body-size")] = "2k" data[parser.GetAnnotationWithPrefix("proxy-next-upstream")] = off data[parser.GetAnnotationWithPrefix("proxy-next-upstream-timeout")] = "5" @@ -143,9 +141,6 @@ func TestProxy(t *testing.T) { if p.BufferSize != "1k" { t.Errorf("expected 1k as buffer-size but returned %v", p.BufferSize) } - if p.BusyBuffersSize != "4k" { - t.Errorf("expected 4k as busy-buffers-size but returned %v", p.BusyBuffersSize) - } if p.BodySize != "2k" { t.Errorf("expected 2k as body-size but returned %v", p.BodySize) } @@ -181,7 +176,6 @@ func TestProxyComplex(t *testing.T) { data[parser.GetAnnotationWithPrefix("proxy-read-timeout")] = "3" data[parser.GetAnnotationWithPrefix("proxy-buffers-number")] = "8" data[parser.GetAnnotationWithPrefix("proxy-buffer-size")] = "1k" - data[parser.GetAnnotationWithPrefix("proxy-busy-buffers-size")] = "4k" data[parser.GetAnnotationWithPrefix("proxy-body-size")] = "2k" data[parser.GetAnnotationWithPrefix("proxy-next-upstream")] = "error http_502" data[parser.GetAnnotationWithPrefix("proxy-next-upstream-timeout")] = "5" @@ -215,9 +209,6 @@ func TestProxyComplex(t *testing.T) { if p.BufferSize != "1k" { t.Errorf("expected 1k as buffer-size but returned %v", p.BufferSize) } - if p.BusyBuffersSize != "4k" { - t.Errorf("expected 4k as buffer-size but returned %v", p.BusyBuffersSize) - } if p.BodySize != "2k" { t.Errorf("expected 2k as body-size but returned %v", p.BodySize) } @@ -273,9 +264,6 @@ func TestProxyWithNoAnnotation(t *testing.T) { if p.BufferSize != "10k" { t.Errorf("expected 10k as buffer-size but returned %v", p.BufferSize) } - if p.BusyBuffersSize != "15k" { - t.Errorf("expected 15k as buffer-size but returned %v", p.BusyBuffersSize) - } if p.BodySize != "3k" { t.Errorf("expected 3k as body-size but returned %v", p.BodySize) } diff --git a/internal/ingress/annotations/redirect/redirect.go b/internal/ingress/annotations/redirect/redirect.go index edc3d279c..0716e1ce1 100644 --- a/internal/ingress/annotations/redirect/redirect.go +++ b/internal/ingress/annotations/redirect/redirect.go @@ -38,7 +38,6 @@ type Config struct { URL string `json:"url"` Code int `json:"code"` FromToWWW bool `json:"fromToWWW"` - Relative bool `json:"relative"` } const ( @@ -47,7 +46,6 @@ const ( temporalRedirectAnnotationCode = "temporal-redirect-code" permanentRedirectAnnotation = "permanent-redirect" permanentRedirectAnnotationCode = "permanent-redirect-code" - relativeRedirectsAnnotation = "relative-redirects" ) var redirectAnnotations = parser.Annotation{ @@ -85,12 +83,6 @@ var redirectAnnotations = parser.Annotation{ Risk: parser.AnnotationRiskLow, // Low, as it allows just a set of options Documentation: `This annotation allows you to modify the status code used for permanent redirects.`, }, - relativeRedirectsAnnotation: { - Validator: parser.ValidateBool, - Scope: parser.AnnotationScopeLocation, - Risk: parser.AnnotationRiskLow, - Documentation: `If enabled, redirects issued by nginx will be relative. See https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect`, - }, }, } @@ -117,11 +109,6 @@ func (r redirect) Parse(ing *networking.Ingress) (interface{}, error) { return nil, err } - rr, err := parser.GetBoolAnnotation(relativeRedirectsAnnotation, ing, r.annotationConfig.Annotations) - if err != nil && !errors.IsMissingAnnotations(err) { - return nil, err - } - tr, err := parser.GetStringAnnotation(temporalRedirectAnnotation, ing, r.annotationConfig.Annotations) if err != nil && !errors.IsMissingAnnotations(err) { return nil, err @@ -145,7 +132,6 @@ func (r redirect) Parse(ing *networking.Ingress) (interface{}, error) { URL: tr, Code: trc, FromToWWW: r3w, - Relative: rr, }, nil } @@ -168,13 +154,6 @@ func (r redirect) Parse(ing *networking.Ingress) (interface{}, error) { URL: pr, Code: prc, FromToWWW: r3w, - Relative: rr, - }, nil - } - - if rr { - return &Config{ - Relative: rr, }, nil } @@ -198,9 +177,6 @@ func (r1 *Config) Equal(r2 *Config) bool { if r1.FromToWWW != r2.FromToWWW { return false } - if r1.Relative != r2.Relative { - return false - } return true } diff --git a/internal/ingress/annotations/redirect/redirect_test.go b/internal/ingress/annotations/redirect/redirect_test.go index f4734ae5b..b5c34879e 100644 --- a/internal/ingress/annotations/redirect/redirect_test.go +++ b/internal/ingress/annotations/redirect/redirect_test.go @@ -193,22 +193,3 @@ func TestIsValidURL(t *testing.T) { t.Errorf("expected nil but got %v", err) } } - -func TestParseAnnotations(t *testing.T) { - ing := new(networking.Ingress) - - data := map[string]string{} - data[parser.GetAnnotationWithPrefix(relativeRedirectsAnnotation)] = "true" - ing.SetAnnotations(data) - - _, err := NewParser(&resolver.Mock{}).Parse(ing) - if err != nil { - t.Errorf("unexpected error: %v", err) - } - - // test ingress using the annotation without a TLS section - _, err = NewParser(&resolver.Mock{}).Parse(ing) - if err != nil { - t.Errorf("unexpected error parsing ingress with relative-redirects") - } -} diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index beac1405d..a0275697f 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -549,10 +549,6 @@ type Configuration struct { // https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors DisableProxyInterceptErrors bool `json:"disable-proxy-intercept-errors,omitempty"` - // Disable absolute redirects and enables relative redirects. - // https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect - RelativeRedirects bool `json:"relative-redirects"` - // Sets the ipv4 addresses on which the server will accept requests. BindAddressIpv4 []string `json:"bind-address-ipv4,omitempty"` @@ -838,7 +834,6 @@ func NewDefault() Configuration { VariablesHashMaxSize: 2048, UseHTTP2: true, DisableProxyInterceptErrors: false, - RelativeRedirects: false, ProxyStreamTimeout: "600s", ProxyStreamNextUpstream: true, ProxyStreamNextUpstreamTimeout: "600s", @@ -850,7 +845,6 @@ func NewDefault() Configuration { ProxySendTimeout: 60, ProxyBuffersNumber: 4, ProxyBufferSize: "4k", - ProxyBusyBuffersSize: "8k", ProxyCookieDomain: "off", ProxyCookiePath: "off", ProxyNextUpstream: "error timeout", @@ -863,7 +857,6 @@ func NewDefault() Configuration { SSLRedirect: true, CustomHTTPErrors: []int{}, DisableProxyInterceptErrors: false, - RelativeRedirects: false, DenylistSourceRange: []string{}, WhitelistSourceRange: []string{}, SkipAccessLogURLs: []string{}, diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 652a80e49..aa8f4c4b9 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -1255,7 +1255,6 @@ func (n *NGINXController) createServers(data []*ingress.Ingress, ReadTimeout: bdef.ProxyReadTimeout, BuffersNumber: bdef.ProxyBuffersNumber, BufferSize: bdef.ProxyBufferSize, - BusyBuffersSize: bdef.ProxyBusyBuffersSize, CookieDomain: bdef.ProxyCookieDomain, CookiePath: bdef.ProxyCookiePath, NextUpstream: bdef.ProxyNextUpstream, diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index d4bd6136f..284f53209 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -240,8 +240,6 @@ type k8sStore struct { backendConfigMu *sync.RWMutex defaultSSLCertificate string - - recorder record.EventRecorder } // New creates a new object store to be used in the ingress controller. @@ -281,7 +279,6 @@ func New( recorder := eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{ Component: "nginx-ingress-controller", }) - store.recorder = recorder // k8sStore fulfills resolver.Resolver interface store.annotations = annotations.NewAnnotationExtractor(store) @@ -941,9 +938,6 @@ func (s *k8sStore) syncIngress(ing *networkingv1.Ingress) { klog.Error(err) return } - if parsed.Denied != nil { - s.recorder.Eventf(ing, corev1.EventTypeWarning, "AnnotationParsingFailed", fmt.Sprintf("Error parsing annotations: %v", *parsed.Denied)) - } err = s.listers.IngressWithAnnotation.Update(&ingress.Ingress{ Ingress: *copyIng, ParsedAnnotations: parsed, diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go index ed052e4ec..d2c8a05a9 100644 --- a/internal/ingress/controller/template/template.go +++ b/internal/ingress/controller/template/template.go @@ -602,12 +602,17 @@ func buildAuthResponseHeaders(proxySetHeader string, headers []string, lua bool) return res } -func buildAuthUpstreamLuaHeaders(headers []string) string { +func buildAuthUpstreamLuaHeaders(headers []string) []string { + res := []string{} + if len(headers) == 0 { - return "" + return res } - return strings.Join(headers, ",") + for i, h := range headers { + res = append(res, fmt.Sprintf("ngx.var.authHeader%d = res.header['%s']", i, h)) + } + return res } func buildAuthProxySetHeaders(headers map[string]string) []string { diff --git a/internal/ingress/controller/template/template_test.go b/internal/ingress/controller/template/template_test.go index 6553f5daf..59d2d6256 100644 --- a/internal/ingress/controller/template/template_test.go +++ b/internal/ingress/controller/template/template_test.go @@ -537,7 +537,10 @@ func TestBuildAuthResponseHeaders(t *testing.T) { func TestBuildAuthResponseLua(t *testing.T) { externalAuthResponseHeaders := []string{"h1", "H-With-Caps-And-Dashes"} - expected := "h1,H-With-Caps-And-Dashes" + expected := []string{ + "ngx.var.authHeader0 = res.header['h1']", + "ngx.var.authHeader1 = res.header['H-With-Caps-And-Dashes']", + } headers := buildAuthUpstreamLuaHeaders(externalAuthResponseHeaders) diff --git a/internal/ingress/defaults/main.go b/internal/ingress/defaults/main.go index bec1b08e2..cfad388ef 100644 --- a/internal/ingress/defaults/main.go +++ b/internal/ingress/defaults/main.go @@ -69,11 +69,6 @@ type Backend struct { // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) ProxyBufferSize string `json:"proxy-buffer-size"` - // Limits the total size of buffers that can be busy sending a response to the client while - // the response is not yet fully read. - // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_busy_buffers_size - ProxyBusyBuffersSize string `json:"proxy-busy-buffers-size"` - // Sets a text that should be changed in the path attribute of the “Set-Cookie” header fields of // a proxied server response. // http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_path @@ -130,11 +125,6 @@ type Backend struct { // Default: false UsePortInRedirects bool `json:"use-port-in-redirects"` - // Enables or disables relative redirects. By default nginx uses absolute redirects. - // http://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect - // Default: false - RelativeRedirects bool `json:"relative-redirects"` - // Enable stickiness by client-server mapping based on a NGINX variable, text or a combination of both. // A consistent hashing method will be used which ensures only a few keys would be remapped to different // servers on upstream group changes diff --git a/rootfs/etc/nginx/lua/nginx/ngx_conf_external_auth.lua b/rootfs/etc/nginx/lua/nginx/ngx_conf_external_auth.lua deleted file mode 100644 index 6c68cf07c..000000000 --- a/rootfs/etc/nginx/lua/nginx/ngx_conf_external_auth.lua +++ /dev/null @@ -1,30 +0,0 @@ -local auth_path = ngx.var.auth_path -local auth_keepalive_share_vars = ngx.var.auth_keepalive_share_vars -local auth_response_headers = ngx.var.auth_response_headers -local ngx_re_split = require("ngx.re").split -local ipairs = ipairs -local ngx_log = ngx.log -local ngx_ERR = ngx.ERR - -local res = ngx.location.capture(auth_path, { - method = ngx.HTTP_GET, body = '', - share_all_vars = auth_keepalive_share_vars }) - -if res.status == ngx.HTTP_OK then - local header_parts, err = ngx_re_split(auth_response_headers, ",") - if err then - ngx_log(ngx_ERR, err) - return - end - ngx.var.auth_cookie = res.header['Set-Cookie'] - for i, header_name in ipairs(header_parts) do - local varname = "authHeader" .. tostring(i) - ngx.var[varname] = res.header[header_name] - end - return -end - -if res.status == ngx.HTTP_UNAUTHORIZED or res.status == ngx.HTTP_FORBIDDEN then - ngx.exit(res.status) -end -ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) \ No newline at end of file diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 6b8e750b0..f32860dc2 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -459,10 +459,6 @@ http { proxy_intercept_errors on; {{ end }} - {{ if $cfg.RelativeRedirects }} - absolute_redirect off; - {{ end }} - {{ range $errCode := $cfg.CustomHTTPErrors }} error_page {{ $errCode }} = @custom_upstream-default-backend_{{ $errCode }};{{ end }} @@ -1041,7 +1037,6 @@ stream { {{ end }} proxy_buffer_size {{ $location.Proxy.BufferSize }}; proxy_buffers {{ $location.Proxy.BuffersNumber }} {{ $location.Proxy.BufferSize }}; - proxy_busy_buffers_size {{ $location.Proxy.BusyBuffersSize }}; proxy_request_buffering {{ $location.Proxy.RequestBuffering }}; proxy_ssl_server_name on; @@ -1190,10 +1185,20 @@ stream { {{- end }} # `auth_request` module does not support HTTP keepalives in upstream block: # https://trac.nginx.org/nginx/ticket/1579 - set $auth_path '{{ $authPath }}'; - set $auth_keepalive_share_vars {{ $externalAuth.KeepaliveShareVars }}; - set $auth_response_headers '{{ buildAuthUpstreamLuaHeaders $externalAuth.ResponseHeaders }}'; - access_by_lua_file /etc/nginx/lua/nginx/ngx_conf_external_auth.lua; + access_by_lua_block { + local res = ngx.location.capture('{{ $authPath }}', { method = ngx.HTTP_GET, body = '', share_all_vars = {{ $externalAuth.KeepaliveShareVars }} }) + if res.status == ngx.HTTP_OK then + ngx.var.auth_cookie = res.header['Set-Cookie'] + {{- range $line := buildAuthUpstreamLuaHeaders $externalAuth.ResponseHeaders }} + {{ $line }} + {{- end }} + return + end + if res.status == ngx.HTTP_UNAUTHORIZED or res.status == ngx.HTTP_FORBIDDEN then + ngx.exit(res.status) + end + ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) + } {{ else }} auth_request {{ $authPath }}; auth_request_set $auth_cookie $upstream_http_set_cookie; @@ -1297,7 +1302,6 @@ stream { proxy_buffering {{ $location.Proxy.ProxyBuffering }}; proxy_buffer_size {{ $location.Proxy.BufferSize }}; proxy_buffers {{ $location.Proxy.BuffersNumber }} {{ $location.Proxy.BufferSize }}; - proxy_busy_buffers_size {{ $location.Proxy.BusyBuffersSize }}; {{ if isValidByteSize $location.Proxy.ProxyMaxTempFileSize true }} proxy_max_temp_file_size {{ $location.Proxy.ProxyMaxTempFileSize }}; {{ end }} @@ -1349,10 +1353,6 @@ stream { satisfy {{ $location.Satisfy }}; {{ end }} - {{ if $location.Redirect.Relative }} - absolute_redirect off; - {{ end }} - {{/* if a location-specific error override is set, add the proxy_intercept here */}} {{ if and $location.CustomHTTPErrors (not $location.DisableProxyInterceptErrors) }} # Custom error pages per ingress diff --git a/test/e2e-image/Makefile b/test/e2e-image/Makefile index f72651f48..023fe68d3 100644 --- a/test/e2e-image/Makefile +++ b/test/e2e-image/Makefile @@ -1,6 +1,6 @@ DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441" +E2E_BASE_IMAGE ?= "registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-01b7af21@sha256:f77bb4625985462fe1a2bc846c430d668113abc90e5e5de6b4533403f56a048c" image: echo "..entered Makefile in /test/e2e-image" diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index ddda1dce5..01c14be39 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -653,7 +653,7 @@ http { func(server string) bool { return strings.Contains(server, `upstream auth-external-auth`) && strings.Contains(server, `keepalive 10;`) && - strings.Contains(server, `set $auth_keepalive_share_vars false;`) + strings.Contains(server, `share_all_vars = false`) }) }) @@ -673,7 +673,7 @@ http { func(server string) bool { return strings.Contains(server, `upstream auth-external-auth`) && strings.Contains(server, `keepalive 10;`) && - strings.Contains(server, `set $auth_keepalive_share_vars true;`) + strings.Contains(server, `share_all_vars = true`) }) }) }) diff --git a/test/e2e/annotations/proxy.go b/test/e2e/annotations/proxy.go index 8e9866021..235b828e7 100644 --- a/test/e2e/annotations/proxy.go +++ b/test/e2e/annotations/proxy.go @@ -160,13 +160,11 @@ var _ = framework.DescribeAnnotation("proxy-*", func() { proxyBuffering := "on" proxyBuffersNumber := "8" proxyBufferSize := "8k" - proxyBusyBuffersSize := "16k" annotations := make(map[string]string) annotations["nginx.ingress.kubernetes.io/proxy-buffering"] = proxyBuffering annotations["nginx.ingress.kubernetes.io/proxy-buffers-number"] = proxyBuffersNumber annotations["nginx.ingress.kubernetes.io/proxy-buffer-size"] = proxyBufferSize - annotations["nginx.ingress.kubernetes.io/proxy-busy-buffers-size"] = proxyBusyBuffersSize ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations) f.EnsureIngress(ing) @@ -176,7 +174,6 @@ var _ = framework.DescribeAnnotation("proxy-*", func() { return strings.Contains(server, fmt.Sprintf("proxy_buffering %s;", proxyBuffering)) && strings.Contains(server, fmt.Sprintf("proxy_buffer_size %s;", proxyBufferSize)) && strings.Contains(server, fmt.Sprintf("proxy_buffers %s %s;", proxyBuffersNumber, proxyBufferSize)) && - strings.Contains(server, fmt.Sprintf("proxy_busy_buffers_size %s;", proxyBusyBuffersSize)) && strings.Contains(server, fmt.Sprintf("proxy_request_buffering %s;", proxyBuffering)) }) }) diff --git a/test/e2e/annotations/relativeredirects.go b/test/e2e/annotations/relativeredirects.go deleted file mode 100644 index 430b357e4..000000000 --- a/test/e2e/annotations/relativeredirects.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2023 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package annotations - -import ( - "fmt" - "net/http" - "strings" - - "github.com/onsi/ginkgo/v2" - "github.com/stretchr/testify/assert" - "k8s.io/ingress-nginx/test/e2e/framework" -) - -const ( - relativeRedirectsHostname = "rr.foo.com" - relativeRedirectsRedirectPath = "/something" - relativeRedirectsRelativeRedirectURL = "/new-location" -) - -var _ = framework.DescribeAnnotation("relative-redirects", func() { - f := framework.NewDefaultFramework("relative-redirects") - - ginkgo.BeforeEach(func() { - f.NewHttpbunDeployment() - f.NewEchoDeployment() - }) - - ginkgo.It("configures Nginx correctly", func() { - annotations := map[string]string{ - "nginx.ingress.kubernetes.io/relative-redirects": "true", - } - - ing := framework.NewSingleIngress(relativeRedirectsHostname, "/", relativeRedirectsHostname, f.Namespace, framework.HTTPBunService, 80, annotations) - f.EnsureIngress(ing) - - var serverConfig string - f.WaitForNginxServer(relativeRedirectsHostname, func(srvCfg string) bool { - serverConfig = srvCfg - return strings.Contains(serverConfig, fmt.Sprintf("server_name %s", relativeRedirectsHostname)) - }) - - ginkgo.By("turning off absolute_redirect directive") - assert.Contains(ginkgo.GinkgoT(), serverConfig, "absolute_redirect off;") - }) - - ginkgo.It("should respond with absolute URL in Location", func() { - absoluteRedirectURL := fmt.Sprintf("http://%s%s", relativeRedirectsHostname, relativeRedirectsRelativeRedirectURL) - annotations := map[string]string{ - "nginx.ingress.kubernetes.io/permanent-redirect": relativeRedirectsRelativeRedirectURL, - "nginx.ingress.kubernetes.io/relative-redirects": "false", - } - - ginkgo.By("setup ingress") - ing := framework.NewSingleIngress(relativeRedirectsHostname, relativeRedirectsRedirectPath, relativeRedirectsHostname, f.Namespace, framework.EchoService, 80, annotations) - f.EnsureIngress(ing) - - f.WaitForNginxServer(relativeRedirectsHostname, func(srvCfg string) bool { - return strings.Contains(srvCfg, fmt.Sprintf("server_name %s", relativeRedirectsHostname)) - }) - - ginkgo.By("sending request to redirected URL path") - f.HTTPTestClient(). - GET(relativeRedirectsRedirectPath). - WithHeader("Host", relativeRedirectsHostname). - Expect(). - Status(http.StatusMovedPermanently). - Header("Location").Equal(absoluteRedirectURL) - }) - - ginkgo.It("should respond with relative URL in Location", func() { - annotations := map[string]string{ - "nginx.ingress.kubernetes.io/permanent-redirect": relativeRedirectsRelativeRedirectURL, - "nginx.ingress.kubernetes.io/relative-redirects": "true", - } - - ginkgo.By("setup ingress") - ing := framework.NewSingleIngress(relativeRedirectsHostname, relativeRedirectsRedirectPath, relativeRedirectsHostname, f.Namespace, framework.EchoService, 80, annotations) - f.EnsureIngress(ing) - - f.WaitForNginxServer(relativeRedirectsHostname, func(srvCfg string) bool { - return strings.Contains(srvCfg, fmt.Sprintf("server_name %s", relativeRedirectsHostname)) - }) - - ginkgo.By("sending request to redirected URL path") - f.HTTPTestClient(). - GET(relativeRedirectsRedirectPath). - WithHeader("Host", relativeRedirectsHostname). - Expect(). - Status(http.StatusMovedPermanently). - Header("Location").Equal(relativeRedirectsRelativeRedirectURL) - }) -}) diff --git a/test/e2e/run-chart-test.sh b/test/e2e/run-chart-test.sh index 7e3f2fe9b..b998600d0 100755 --- a/test/e2e/run-chart-test.sh +++ b/test/e2e/run-chart-test.sh @@ -114,5 +114,5 @@ docker run \ --workdir /workdir \ --entrypoint ct \ --rm \ - registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-a188f4eb@sha256:043038b1e30e5a0b64f3f919f096c5c9488ac3f617ac094b07fb9db8215f9441 \ + registry.k8s.io/ingress-nginx/e2e-test-runner:v20250112-01b7af21@sha256:f77bb4625985462fe1a2bc846c430d668113abc90e5e5de6b4533403f56a048c \ install --charts charts/ingress-nginx