d27d7c20b4
Updated semver in install docs URLs ( #8368 )
2022-03-21 15:46:47 -07:00
e51c15160e
fix indent on env ( #8352 )
...
* fix indent on env
* revert tag to - TAG=$_GIT_TAG
2022-03-18 10:04:41 -07:00
3f19fd646f
bump Alpine image in Dockerfile ( #8350 )
2022-03-17 18:19:40 -07:00
40bb6c3d2e
update cloud build ( #8349 )
2022-03-17 12:02:41 -07:00
9602fc193d
Merge pull request #8346 from strongjz/update-builder
...
update cloud build image
2022-03-16 15:40:39 -04:00
569b3c2a70
update cloud build image
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2022-03-16 15:32:45 -04:00
a1853be930
Merge pull request #8344 from strongjz/tag-1.1.3
...
update tag and force a new build
2022-03-16 15:15:08 -04:00
5c47803d0f
fix the cloud build
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2022-03-16 15:13:24 -04:00
0e2447ed0e
add the date per request
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2022-03-16 15:07:38 -04:00
952a6dc22c
control tag with short sha
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2022-03-16 14:52:06 -04:00
2fefd714bd
update tag and force a new build
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2022-03-16 12:57:48 -04:00
8c16e754b0
Merge pull request #8343 from strongjz/alpine-3.15
...
Bump alpine base to 3.15
2022-03-16 12:27:14 -04:00
1953efa9d8
Bumping alpine base to 3.15
2022-03-16 11:52:38 -04:00
ba7f295538
Fix 50% split between canary and mainline tests ( #8315 )
...
* fix 50% canary test
* fix past tense
* after code review
* revert go.sum and go.mod
* run gofmt
2022-03-16 06:25:49 -07:00
01b92b8b3a
Nginx v1.19.10 ( #8307 )
2022-03-14 08:55:57 -07:00
9180ef1ee4
Add the shareProcessNamespace as a configurable setting. ( #8287 )
2022-03-14 08:51:57 -07:00
1fb0aea2c5
Update monitoring.md ( #8324 )
...
Added missing repo on "helm upgrade" command
2022-03-14 08:47:58 -07:00
974d038c2a
Pinned GitHub workflows by SHA ( #8334 )
...
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
- Included permissions for some of the actions. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
Dependabot can upgrade pinned version of actions.
2022-03-14 08:29:58 -07:00
e1eff78160
Names cannot contain _ (underscore)! So I changed it to -. ( #8300 )
...
* The name can't use _(underscore)! So fix it!
The name can't use _(underscore)! So fix it!
* Fix configMap name can't use _(underscore)
Fix configMap name can't use _(underscore)
2022-03-09 06:56:13 -08:00
5a9fe30a5d
Missing annotations ( #8288 )
...
Not quite sure but It seems that `nginx.ingress.kubernetes.io/canary-by-header` is missing.
2022-03-09 06:54:13 -08:00
a43346d975
leaving it the git tag ( #8311 )
...
fixing the git tag for the image version, it is what it is .
2022-03-07 09:38:53 -08:00
3bd32316ba
docs: fix changelog formatting ( #8302 )
2022-03-07 08:32:55 -08:00
fb72fcd817
release-v1.1.2-continued ( #8294 )
...
* v1.1.2 release
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
* release-v1.1.2-continued
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
2022-03-04 11:48:52 -08:00
73ff3e2128
Merge pull request #8291 from kubernetes/strongjz-patch-6
...
remove git tag env from cloud build
2022-03-02 15:03:04 -05:00
c5c35881c0
remove git tag env from cloud build
...
the latest git tag is from helm, so force the make file use of TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD)
2022-03-02 14:49:01 -05:00
6064a1cd72
update tag for image ( #8290 )
2022-03-02 11:07:13 -08:00
7b96999eb9
Fix OpenTelemetry sidecar image build ( #8286 )
...
* fix wrong checksum for nginx image
* fix wrong platform. Arm64 has grpc, when arm doesn't
2022-03-02 08:39:14 -08:00
49761416e1
force prow job by changing something in images/ot dir ( #8281 )
...
Images dir was merged in before the test-infra prow job, so the image was never built.
https://github.com/kubernetes/ingress-nginx/pull/8013 Jan 16
https://github.com/kubernetes/test-infra/pull/25344/files Prow job 4 days ago.
2022-03-01 09:35:55 -08:00
1e2ce80846
fix: deny locations with invalid auth-url annotation ( #8256 )
...
* fix: deny locations with invalid auth-url annotation
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Delete duplicate test
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-03-01 02:13:51 -08:00
f3698d0445
Add OpenSSF Best practices badge ( #8277 )
2022-02-28 20:27:47 -08:00
4ecb3520c8
Add fsGroup value to admission-webhooks/job-patch charts ( #8267 )
...
* added fsGroup to admission createSecret and patchWebhook job
* added fsGroup to admission createSecret and patchWebhook job
* modified helm/README.md to add value for fsGroup
* fixed patch job values ordering
* remove manually edited README for replacement with helm-docs generated version
* re-adding charts/README.md generated by helm-docs
2022-02-28 07:10:57 -08:00
bab0fbab0c
Start Release process for v1.1.2 ( #8275 )
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2022-02-27 06:45:18 -08:00
fd87363b5e
Issue#8241 ( #8273 )
...
* replace daemon set for deployment manifest
* nit
2022-02-26 14:53:17 -08:00
1e66a54974
Add a certificate info metric ( #8253 )
...
When the ingress controller loads certificates (new ones or following a
secret update), it performs a series of check to ensure its validity.
In our systems, we detected a case where, when the secret object is
compromised, for example when the certificate does not match the secret
key, different pods of the ingress controller are serving a different
version of the certificate.
This behaviour is due to the cache mechanism of the ingress controller,
keeping the last known certificate in case of corruption. When this
happens, old ingress-controller pods will keep serving the old one,
while new pods, by failing to load the corrupted certificates, would
use the default certificate, causing invalid certificates for its
clients.
This generates a random error on the client side, depending on the
actual pod instance it reaches.
In order to allow detecting occurences of those situations, add a metric
to expose, for all ingress controlller pods, detailed informations of
the currently loaded certificate.
This will, for example, allow setting an alert when there is a
certificate discrepency across all ingress controller pods using a query
similar to `sum(nginx_ingress_controller_ssl_certificate_info{host="name.tld"})by(serial_number)`
This also allows to catch other exceptions loading certificates (failing
to load the certificate from the k8s API, ...
Co-authored-by: Daniel Ricart <danielricart@users.noreply.github.com>
Co-authored-by: Daniel Ricart <danielricart@users.noreply.github.com>
2022-02-24 07:08:32 -08:00
f85dd79221
Updated confusing error ( #8262 )
2022-02-21 11:52:01 -08:00
527361c8eb
Minor fix for missing pathType property ( #8244 )
2022-02-20 13:14:11 -08:00
d5772069e8
remove 0.46.0 from supported versions table ( #8258 )
2022-02-19 15:12:12 -08:00
c9f61211d3
Versioned static manifests ( #8162 )
...
* update deploy script to generate static manifests for all supported versions
* generate static manifests for all supported versions
2022-02-13 10:47:47 -08:00
5754eb60f4
Append elements on match, instead of removing for cors-annotations ( #8185 )
...
* fixes https://github.com/kubernetes/ingress-nginx/issues/8168 by appending elements on match, instead of removing
* refactor the corsOriginRegex comparison, and initialize CorsAllowOrigin
2022-02-13 10:39:47 -08:00
86964b15a8
fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests ( #8225 )
...
* fix inconsistent-label-cardinality
for prometheus metrics: nginx_ingress_controller_requests
* add host to collectorLabels only if metricsPerHost is true
2022-02-13 10:33:47 -08:00
53a232f829
webhook: remove useless code. ( #8236 )
...
* webhook: remove useless code
Signed-off-by: SpecialYang <940129520@qq.com>
* Remove duplicated codec
2022-02-13 10:25:47 -08:00
c1be3499eb
Adding some geoip variables and default values ( #8159 )
...
* adding geoIp variables that Shopify uses
* adding source remote_addr for geoip2-isp
2022-02-07 09:53:44 -08:00
be65620b31
prometheus+grafana using servicemonitor ( #8186 )
...
* prometheus+grafana using servicemonitor
* fix review comments
* markdown changes
* more formatting changes
* fix review comments
2022-02-07 01:47:45 -08:00
935ea3d830
Update libraries in webhook image ( #8227 )
2022-02-06 12:42:51 -08:00
04035cc1c2
Do not validate ingresses with unknown ingress class in admission webhook endpoint. ( #8221 )
2022-02-06 12:28:51 -08:00
d769ceaa5b
Bump google.golang.org/grpc from 1.43.0 to 1.44.0 ( #8209 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.43.0 to 1.44.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.43.0...v1.44.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-06 12:22:52 -08:00
4b4895b53b
add ingress.class ( #8136 )
...
Signed-off-by: tombokombo <tombo@sysart.tech>
2022-02-06 12:18:51 -08:00
6b6ebf0a7c
Update the $req_id placeholder description ( #8163 )
2022-02-06 12:14:53 -08:00
a46626b259
8217 fix removed extra v ( #8218 )
2022-02-06 12:10:52 -08:00
dcd552ceb5
use functional options to reduce number of methods creating an EchoDeployment ( #8199 )
2022-02-02 05:12:22 -08:00
Long Wu Yuan
James Strong
Ana Claudia Riekstin
sskserk
thomasbruggink
Rodrigo Riccitelli Vieira
Naveen
Daniel Lim
hongkunyoo
Niclas Mietz
Damien Mathieu
Maksim Nabokikh
dylan-bitovi
Jintao Zhang
Indhu Kumar
Thibault Jamet
Goran
Romain Dauby
Noah Ispas
Alastair Firth
Aibek
Endre Kovács
Yang
Ricardo Katz
Elvin Efendi
dependabot[bot]
Tomas Hulata
Alexander Brand
Kundan Kumar