8000 Merge branch 'main' into ap-mutli-log-vs · nginx/kubernetes-ingress@38bc8fa · GitHub
[go: up one dir, main page]
Skip to content

Commit 38bc8fa

Browse files
lucacomelucacome
authored
Merge branch 'main' into ap-mutli-log-vs
2 parents 44cdb7a + 90f51fd commit 38bc8fa

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

54 files changed

+431
-383
lines changed

.github/actions/smoke-tests/action.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,8 @@ runs:
8383
- name: Deploy Kubernetes
8484
id: k8s
8585
run: |
86+
# no support for dual stack in < 1.20, we need to use ipv4 only
87+
printf '%s\n' "1.20.0" "${{ inputs.k8s-version }}" | sort --version-sort --check=quiet || echo "Using ipv4" && sed -i 's/dual/ipv4/g' ${{ github.workspace }}/tests/ci-files/ci-kind-config.yaml
8688
kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ inputs.k8s-version }} --config ${{ github.workspace }}/tests/ci-files/ci-kind-config.yaml --kubeconfig kube-${{ github.run_id }} --wait ${{ inputs.k8s-timeout }}
8789
kind load docker-image docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ inputs.image }}-${{ github.sha }} --name ${{ github.run_id }}
8890
echo ::set-output name=cluster_ip::$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${{ github.run_id }}-control-plane)

.github/release-drafter.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ template: |
8181
## Upgrade
8282
8383
- For NGINX, use the v$RESOLVED_VERSION image from our [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/tags?page=1&ordering=last_updated&name=$RESOLVED_VERSION), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress) or [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress).
84-
- For NGINX Plus, use the v$RESOLVED_VERSION image from the F5 Container registry or build your own image using the v$RESOLVED_VERSION source code.
84+
- For NGINX Plus, use the v$RESOLVED_VERSION image from the F5 Container registry or the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE) or build your own image using the v$RESOLVED_VERSION source code.
8585
- For Helm, use version HELM_VERSION_REPLACE_ME! of the chart.
8686
8787
## Resources

.github/workflows/ci.yml

Lines changed: 15 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -107,10 +107,12 @@ jobs:
107107
uses: goreleaser/goreleaser-action@v2
108108
with:
109109
version: latest
110-
args: build --snapshot --rm-dist --id kubernetes-ingress --single-target
110+
args: build --snapshot --rm-dist --single-target
111111
env:
112112
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
113-
GOPATH: ${{ needs.check.outputs.go_path }}
113+
GOPATH: ${{ needs.checks.outputs.go_path }}
114+
AWS_PRODUCT_CODE: ${{ secrets.AWS_PRODUCT_CODE }}
115+
AWS_PUB_KEY: ${{ secrets.AWS_PUB_KEY }}
114116
- name: Store Artifacts in Cache
115117
uses: actions/cache@v3
116118
with:
@@ -277,14 +279,23 @@ jobs:
277279
uses: actions/setup-go@v2
278280
with:
279281
go-version: ${{ needs.checks.outputs.go_version }}
282+
- name: Publish Release Notes on new tag
283+
uses: release-drafter/release-drafter@v5
284+
with:
285+
publish: true
286+
env:
287+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
288+
if: ${{ startsWith(github.ref, 'refs/tags/') }}
280289
- name: Build binaries
281290
uses: goreleaser/goreleaser-action@v2
282291
with:
283292
version: latest
284-
args: build --rm-dist --id kubernetes-ingress ${{ github.event_name == 'pull_request' && '--single-target' || '' }} ${{ !startsWith(github.ref, 'refs/tags/') && '--snapshot' || '' }}
293+
args: ${{ startsWith(github.ref, 'refs/tags/') && 'release' || 'build --snapshot' }} ${{ github.event_name == 'pull_request' && '--single-target' || '' }} --rm-dist
285294
env:
286295
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
287-
GOPATH: ${{ needs.check.outputs.go_path }}
296+
GOPATH: ${{ needs.checks.outputs.go_path }}
297+
AWS_PRODUCT_CODE: ${{ secrets.AWS_PRODUCT_CODE }}
298+
AWS_PUB_KEY: ${{ secrets.AWS_PUB_KEY }}
288299
- name: Store Artifacts in Cache
289300
uses: actions/cache@v3
290301
with:
@@ -600,16 +611,3 @@ jobs:
600611
git -c user.name='${{ env.GIT_NAME }}' -c user.email='${{ env.GIT_MAIL }}' \
601612
commit -m "NGINX Ingress Controller - Release ${{ needs.package-helm.outputs.type }} ${{ needs.package-helm.outputs.version }}"
602613
git push -u origin master
603-
604-
publish-release-notes:
605-
name: Publish Release Notes
606-
runs-on: ubuntu-20.04
607-
needs: release-helm
608-
if: ${{ startsWith(github.ref, 'refs/tags/') }}
609-
steps:
610-
- name: Publish Release Notes
611-
uses: release-drafter/release-drafter@v5
612-
with:
613-
publish: true
614-
env:
615-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/update-docker-images.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ jobs:
5656
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
5757
echo "::set-output name=sha_long::$(git rev-parse HEAD)"
5858
echo "::set-output name=go_version::$(grep "go 1." go.mod | cut -d " " -f 2)"
59-
echo "::set-output name=k8s_version::$(grep -m1 'FROM kindest/node' <tests/docker/Dockerfile | awk -F'[:v]' '{print $3}')"
59+
echo "::set-output name=k8s_version::$(grep "K8S_VERSION:" .github/workflows/ci.yml | awk -F" " '{print $2}')"
6060
6161
check:
6262
name: Check if updates are needed

.goreleaser.yml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,19 +25,27 @@ builds:
2525
- linux
2626
goarch:
2727
- amd64
28+
- arm64
2829
flags:
2930
- -trimpath
3031
gcflags:
3132
- all=-trimpath={{.Env.GOPATH}}
3233
asmflags:
3334
- all=-trimpath={{.Env.GOPATH}}
3435
ldflags:
35-
- -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.productCode={{.Env.PRODUCT_CODE}} -X main.pubKeyString={{.Env.PUB_KEY}}
36+
- -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.productCode={{.Env.AWS_PRODUCT_CODE}} -X main.pubKeyString={{.Env.AWS_PUB_KEY}}
3637
main: ./cmd/nginx-ingress/
3738
binary: nginx-ingress
3839
tags:
3940
- aws
4041
archives:
41-
- format: binary
42+
- id: kubernetes-ingress
43+
format: binary
44+
builds: [kubernetes-ingress]
45+
- id: aws
46+
format: binary
47+
builds: [aws]
4248
changelog:
4349
skip: true
50+
release:
51+
ids: [kubernetes-ingress]

CHANGELOG.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,17 @@
11
# Changelog
22

3+
### 2.1.2
4+
5+
An automatically generated list of changes can be found on Github at: [2.1.2 Release](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.1.2)
6+
7+
A curated list of changes can be found in the [Releases](http://docs.nginx.com/nginx-ingress-controller/releases/) page on NGINX Documentation website.
8+
9+
### 1.12.4
10+
11+
An automatically generated list of changes can be found on Github at: [1.12.4 Release](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.12.4)
12+
13+
A curated list of changes can be found in the [Releases](http://docs.nginx.com/nginx-ingress-controller/releases/) page on NGINX Documentation website.
14+
315
### 2.1.1
416

517
An automatically generated list of changes can be found on Github at: [2.1.1 Release](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.1.1)

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ Read [this doc](https://docs.nginx.com/nginx-ingress-controller/intro/nginx-plus
5353

5454
We publish Ingress controller releases on GitHub. See our [releases page](https://github.com/nginxinc/kubernetes-ingress/releases).
5555

56-
The latest stable release is [2.1.1](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.1.1). For production use, we recommend that you choose the latest stable release. As an alternative, you can choose the *edge* version built from the [latest commit](https://github.com/nginxinc/kubernetes-ingress/commits/main) from the main branch. The edge version is useful for experimenting with new features that are not yet published in a stable release.
56+
The latest stable release is [2.1.2](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.1.2). For production use, we recommend that you choose the latest stable release. As an alternative, you can choose the *edge* version built from the [latest commit](https://github.com/nginxinc/kubernetes-ingress/commits/main) from the main branch. The edge version is useful for experimenting with new features that are not yet published in a stable release.
5757

5858
To use the Ingress controller, you need to have access to:
5959
* An Ingress controller image.
@@ -66,7 +66,7 @@ The table below summarizes the options regarding the images, manifests, helm cha
6666

6767
| Version | Description | Image for NGINX | Image for NGINX Plus | Installation Manifests and Helm Chart | Documentation and Examples |
6868
| ------- | ----------- | --------------- | -------------------- | ---------------------------------------| -------------------------- |
69-
| Latest stable release | For production use | Use the 2.1.1 images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress) or [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | Use the 2.1.1 images from the [F5 Container Registry](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image/) or [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v2.1.1/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v2.1.1/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). |
69+
| Latest stable release | For production use | Use the 2.1.2 images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress) or [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | Use the 2.1.2 images from the [F5 Container Registry](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image/) or the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE) or [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v2.1.2/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v2.1.2/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). |
7070
| Edge/Nightly | For testing and experimenting | Use the edge or nightly images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress) or [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments/helm-chart). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/main/examples). |
7171

7272
## Contacts

build/Dockerfile

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ FROM nginx:1.21.6 AS debian
99

1010
RUN apt-get update \
1111
&& apt-get install --no-install-recommends --no-install-suggests -y libcap2-bin \
12+
# temp fix for CVE-2022-0891, CVE-2021-33574, CVE-2021-3997 and CVE-2022-23308
13+
&& apt-get install -y libtiff5 libc6 libc-bin libxml2 libsystemd0 libudev1 \
1214
&& rm -rf /var/lib/apt/lists/* \
1315
&& echo $NGINX_VERSION > nginx_version
1416

@@ -30,9 +32,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
3032
--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
3133
wget -nv -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub \
3234
&& printf "%s\n" "https://pkgs.nginx.com/plus/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
33-
&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r} \
34-
# Temp fix for CVE-2022-0778
35-
&& apk upgrade --no-cache libretls
35+
&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r}
3636

3737

3838
############################################# Base image for Debian with NGINX Plus #############################################
@@ -46,6 +46,8 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
4646
--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
4747
apt-get update \
4848
&& apt-get install --no-install-recommends --no-install-suggests -y ca-certificates gnupg curl apt-transport-https libcap2-bin \
49+
# temp fix for CVE-2021-33574 and CVE-2021-3997
50+
&& apt-get install -y libc6 libc-bin libsystemd0 libudev1 \
4951
&& curl -fsSL https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx_signing.gpg \
5052
&& curl -fsSL -o /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx \
5153
&& DEBIAN_VERSION=$(awk -F '=' '/^VERSION_CODENAME=/ {print $2}' /etc/os-release) \
@@ -80,6 +82,8 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
8082
&& apt-get update \
8183
&& apt-get install --no-install-recommends --no-install-suggests -y app-protect-dos; \
8284
fi \
85+
# temp fix for CVE-2021-43618
86+
&& apt-get install -y libgmp10 \
8387
&& apt-get purge --auto-remove -y apt-transport-https gnupg \
8488
&& rm -rf /var/lib/apt/lists/* \
8589
&& rm /etc/apt/sources.list.d/nginx-app-protect*.list
@@ -105,8 +109,6 @@ LABEL name="NGINX Ingress Controller" \
105109
io.openshift.tags="nginx,ingress-controller,ingress,controller,kubernetes,openshift"
106110

107111
RUN dnf --nodocs install -y shadow-utils ca-certificates \
108-
# temporary fix for CVE-2022-24407, CVE-2022-25315 and CVE-2022-23308
109-
&& dnf --nodocs upgrade -y cyrus-sasl-lib expat libxml2 \
110112
&& groupadd --system --gid 101 nginx \
111113
&& useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx
112114

@@ -252,7 +254,7 @@ LABEL org.nginx.kic.image.build.nginx.version="${NGINX_PLUS_VERSION}${NGINX_VERS
252254

253255

254256
############################################# Build nginx-ingress in golang container #############################################
255-
FROM golang:1.17-alpine AS builder
257+
FROM golang:1.18-alpine AS builder
256258
ARG IC_VERSION
257259
ARG GIT_COMMIT
258260
ARG DATE

deployments/daemon-set/nginx-ingress.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ spec:
1818
spec:
1919
serviceAccountName: nginx-ingress
2020
containers:
21-
- image: nginx/nginx-ingress:2.1.1
21+
- image: nginx/nginx-ingress:2.1.2
2222
imagePullPolicy: IfNotPresent
2323
name: nginx-ingress
2424
ports:

deployments/daemon-set/nginx-plus-ingress.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ spec:
1818
spec:
1919
serviceAccountName: nginx-ingress
2020
containers:
21-
- image: nginx-plus-ingress:2.1.1
21+
- image: nginx-plus-ingress:2.1.2
2222
imagePullPolicy: IfNotPresent
2323
name: nginx-plus-ingress
2424
ports:

0 commit comments

Comments
 (0)
0