diff --git a/.github/data/version.txt b/.github/data/version.txt index 4ad5af6304..31f5eba8ee 100644 --- a/.github/data/version.txt +++ b/.github/data/version.txt @@ -1,2 +1,2 @@ -IC_VERSION=3.7.1 -HELM_CHART_VERSION=1.4.1 +IC_VERSION=3.7.2 +HELM_CHART_VERSION=1.4.2 diff --git a/.github/workflows/build-ubi-dependency.yml b/.github/workflows/build-ubi-dependency.yml index 53106a7af9..d335af7063 100644 --- a/.github/workflows/build-ubi-dependency.yml +++ b/.github/workflows/build-ubi-dependency.yml @@ -5,7 +5,7 @@ on: branches: - main paths: - - build/dependencies/Dockerfile.ubi-ppc64le + - build/dependencies/Dockerfile.ubi workflow_dispatch: inputs: nginx_version: @@ -58,7 +58,7 @@ jobs: if [ -n "${{ inputs.nginx_version }}" ]; then nginx_v=${{ inputs.nginx_version }} else - nginx_v=$(grep -m1 'FROM nginx:' /etc/yum.repos.d/nginx.repo \ - && microdnf --nodocs install -y nginx nginx-module-njs nginx-module-image-filter nginx-module-xslt \ - && rm /etc/yum.repos.d/nginx.repo; \ - else \ + if [ $(uname -p) = ppc64le ] || [ $(uname -p) = s390x ]; then \ rpm -qa --queryformat "%{NAME}\n" | sort > pkgs-installed \ && microdnf --nodocs --setopt=install_weak_deps=0 install -y diffutils dnf \ && rpm -qa --queryformat "%{NAME}\n" | sort > pkgs-new \ @@ -346,6 +340,12 @@ RUN --mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_s && dnf -q repoquery --resolve --requires --recursive --whatrequires nginx --queryformat "%{NAME}" > pkgs-nginx \ && dnf --setopt=protected_packages= remove -y $(comm -13 pkgs-installed pkgs-new | comm -13 pkgs-nginx -) \ && rm pkgs-installed pkgs-new pkgs-nginx; \ + else \ + printf "%s\n" "[nginx]" "name=nginx repo" \ + "baseurl=https://nginx.org/packages/mainline/centos/9/\$basearch/" \ + "gpgcheck=1" "enabled=1" "module_hotfixes=true" > /etc/yum.repos.d/nginx.repo \ + && microdnf --nodocs install -y nginx nginx-module-njs nginx-module-image-filter nginx-module-xslt \ + && rm /etc/yum.repos.d/nginx.repo; \ fi \ && ubi-clean.sh @@ -439,7 +439,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ############################################# Base image for UBI8 with NGINX Plus and App Protect WAF ############################################# -FROM redhat/ubi8@sha256:8990388831e1b41c9a67389e4b691dae8b1283f77d5fb7263e1f4fc69c0a9d05 AS ubi-8-plus-nap +FROM redhat/ubi8@sha256:d497966ce214138de5271eef321680639e18daf105ae94a6bff54247d8a191a3 AS ubi-8-plus-nap ARG NAP_MODULES ARG NGINX_AGENT ARG NGINX_PLUS_VERSION @@ -484,7 +484,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ############################################# Base image for UBI8 with NGINX Plus and App Protect WAFv5 ############################################# -FROM redhat/ubi8@sha256:8990388831e1b41c9a67389e4b691dae8b1283f77d5fb7263e1f4fc69c0a9d05 AS ubi-8-plus-nap-v5 +FROM redhat/ubi8@sha256:d497966ce214138de5271eef321680639e18daf105ae94a6bff54247d8a191a3 AS ubi-8-plus-nap-v5 ARG NAP_MODULES ARG NGINX_AGENT ARG NGINX_PLUS_VERSION diff --git a/build/dependencies/Dockerfile.ubi-ppc64le b/build/dependencies/Dockerfile.ubi similarity index 88% rename from build/dependencies/Dockerfile.ubi-ppc64le rename to build/dependencies/Dockerfile.ubi index 1cec0d7481..1b63443401 100644 --- a/build/dependencies/Dockerfile.ubi-ppc64le +++ b/build/dependencies/Dockerfile.ubi @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1.8 -FROM nginx:1.27.1@sha256:287ff321f9e3cde74b600cc26197424404157a72043226cbbf07ee8304a2c720 AS nginx +FROM nginx:1.27.2@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470 AS nginx FROM redhat/ubi9:9.4@sha256:ee0b908e958a1822afc57e5d386d1ea128eebe492cb2e01b6903ee19c133ea75 AS rpm-build ARG NGINX @@ -10,7 +10,8 @@ ENV NJS_VERSION ${NJS} RUN mkdir -p /nginx/; \ # only build for ppc64le but make multiarch image for mounting - [ $(uname -p) != ppc64le ] && exit 0; \ + [ $(uname -p) = x86_64 ] && exit 0; \ + [ $(uname -p) = aarch64 ] && exit 0; \ rpm --import https://nginx.org/keys/nginx_signing.key \ && MINOR_VERSION=$(echo ${NGINX_VERSION} | cut -d '.' -f 2) \ && if [ $(( $MINOR_VERSION % 2)) -eq 0 ]; then echo mainline=""; else mainline="mainline/"; fi \ diff --git a/charts/nginx-ingress/Chart.yaml b/charts/nginx-ingress/Chart.yaml index bf1933139a..89f967fe40 100644 --- a/charts/nginx-ingress/Chart.yaml +++ b/charts/nginx-ingress/Chart.yaml @@ -1,14 +1,14 @@ apiVersion: v2 name: nginx-ingress -version: 1.4.1 -appVersion: 3.7.1 +version: 1.4.2 +appVersion: 3.7.2 kubeVersion: ">= 1.23.0-0" type: application description: NGINX Ingress Controller -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.7.1/charts/nginx-ingress/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.7.2/charts/nginx-ingress/chart-icon.png home: https://github.com/nginxinc/kubernetes-ingress sources: - - https://github.com/nginxinc/kubernetes-ingress/tree/v3.7.1/charts/nginx-ingress + - https://github.com/nginxinc/kubernetes-ingress/tree/v3.7.2/charts/nginx-ingress keywords: - ingress - nginx diff --git a/charts/nginx-ingress/values-icp.yaml b/charts/nginx-ingress/values-icp.yaml index d94b20ed02..d4047c389b 100644 --- a/charts/nginx-ingress/values-icp.yaml +++ b/charts/nginx-ingress/values-icp.yaml @@ -4,7 +4,7 @@ controller: nginxplus: true image: repository: mycluster.icp:8500/kube-system/nginx-plus-ingress - tag: "3.7.1" + tag: "3.7.2" nodeSelector: beta.kubernetes.io/arch: "amd64" proxy: true diff --git a/charts/nginx-ingress/values-plus.yaml b/charts/nginx-ingress/values-plus.yaml index 4971d5da56..4a0f44a0ac 100644 --- a/charts/nginx-ingress/values-plus.yaml +++ b/charts/nginx-ingress/values-plus.yaml @@ -3,4 +3,4 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "3.7.1" + tag: "3.7.2" diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index 5e932b6485..cf84a50d98 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -46,13 +46,13 @@ "type": "object", "default": {}, "title": "The selectorLabels Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels" }, "annotations": { "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "nginxplus": { "type": "boolean", @@ -168,7 +168,7 @@ "title": "Volumes for App Protect WAF v5", "items": { "type": "object", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Volume" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Volume" } }, "enforcer": { @@ -228,7 +228,7 @@ "title": "The pullPolicy for the App Protect WAF v5 Enforcer image", "allOf": [ { - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy" }, { "enum": [ @@ -257,7 +257,7 @@ "type": "object", "default": {}, "title": "The securityContext Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" } } }, @@ -302,7 +302,7 @@ "title": "The pullPolicy for the App Protect WAF v5 Config Manager image", "allOf": [ { - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy" }, { "enum": [ @@ -340,7 +340,7 @@ } }, "title": "The securityContext Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" } } } @@ -430,7 +430,7 @@ "^.*$": { "anyOf": [ { - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort/properties/hostPort" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort/properties/hostPort" }, { "type": "boolean" @@ -446,7 +446,7 @@ "title": "The containerPort Schema", "patternProperties": { "^.*$": { - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort/properties/containerPort" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort/properties/containerPort" } }, "additionalProperties": false @@ -455,7 +455,7 @@ "type": "string", "allOf": [ { - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/dnsPolicy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/dnsPolicy" }, { "enum": [ @@ -505,7 +505,7 @@ "title": "The customPorts to expose on the NGINX Ingress Controller pod", "items": { "type": "object", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort" }, "examples": [ [ @@ -540,10 +540,10 @@ }, "tag": { "type": "string", - "default": "3.7.1", + "default": "3.7.2", "title": "The tag of the Ingress Controller image", "examples": [ - "3.7.1" + "3.7.2" ] }, "digest": { @@ -560,7 +560,7 @@ "title": "The pullPolicy for the Ingress Controller image", "allOf": [ { - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy" }, { "enum": [ @@ -580,7 +580,7 @@ "examples": [ { "repository": "nginx/nginx-ingress", - "tag": "3.7.1", + "tag": "3.7.2", "pullPolicy": "IfNotPresent" } ] @@ -589,7 +589,7 @@ "type": "object", "default": {}, "title": "The lifecycle Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Lifecycle" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Lifecycle" }, "customConfigMap": { "type": "string", @@ -617,7 +617,7 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "entries": { "type": "object", @@ -704,43 +704,43 @@ "type": "object", "default": {}, "title": "The nodeSelector Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/nodeSelector" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/nodeSelector" }, "terminationGracePeriodSeconds": { "type": "integer", "default": 30, "title": "The terminationGracePeriodSeconds Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/terminationGracePeriodSeconds" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/terminationGracePeriodSeconds" }, "podSecurityContext": { "type": "object", "default": {}, "title": "The podSecurityContext Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSecurityContext" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.PodSecurityContext" }, "securityContext": { "type": "object", "default": {}, "title": "The securityContext Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" }, "initContainerSecurityContext": { "type": "object", "default": {}, "title": "The initContainerSecurityContext Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext" }, "resources": { "type": "object", "default": {}, "title": "The resources Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, "initContainerResources": { "type": "object", "default": {}, "title": "The resources Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, "tolerations": { "type": "array", @@ -748,20 +748,20 @@ "title": "The tolerations Schema", "items": { "type": "object", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration" } }, "affinity": { "type": "object", "default": {}, "title": "The affinity Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity" }, "topologySpreadConstraints": { "type": "object", "default": {}, "title": "The topologySpreadConstraints Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/topologySpreadConstraints" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/topologySpreadConstraints" }, "env": { "type": "array", @@ -769,7 +769,7 @@ "title": "The env Schema", "items": { "type": "object", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar" } }, "volumes": { @@ -778,7 +778,7 @@ "title": "The volumes Schema", "items": { "type": "object", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Volume" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Volume" } }, "volumeMounts": { @@ -787,7 +787,7 @@ "title": "The volumeMounts Schema", "items": { "type": "object", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount" } }, "initContainers": { @@ -796,14 +796,14 @@ "title": "The initContainers Schema", "items": { "type": "object", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Container" } }, "minReadySeconds": { "type": "integer", "default": 0, "title": "The minReadySeconds Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentSpec/properties/minReadySeconds" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentSpec/properties/minReadySeconds" }, "strategy": { "type": "object", @@ -811,7 +811,7 @@ "title": "The strategy Schema", "allOf": [ { - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentStrategy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentStrategy" }, { "properties": { @@ -833,7 +833,7 @@ "title": "The extraContainers Schema", "items": { "type": "object", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Container" } }, "replicaCount": { @@ -1109,19 +1109,19 @@ "type": "string", "default": "", "title": "The type", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/type" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/type" }, "externalTrafficPolicy": { "type": "string", "default": "", "title": "The externalTrafficPolicy", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy" }, "annotations": { "type": "object", "default": {}, "title": "The annotations", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "extraLabels": { "type": "object", @@ -1137,13 +1137,13 @@ "type": "string", "default": "", "title": "The loadBalancerIP", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/loadBalancerIP" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/loadBalancerIP" }, "externalIPs": { "type": "array", "default": [], "title": "The externalIPs", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalIPs" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalIPs" }, "loadBalancerSourceRanges": { "type": "array", @@ -1158,13 +1158,13 @@ "type": "boolean", "default": false, "title": "The allocateLoadBalancerNodePorts Schema", - "ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/allocateLoadBalancerNodePorts" + "ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/allocateLoadBalancerNodePorts" }, "ipFamilyPolicy": { "type": "string", "default": "", "title": "The ipFamilyPolicy Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilyPolicy", + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilyPolicy", "examples": [ "" ] @@ -1173,7 +1173,7 @@ "type": "array", "default": [], "title": "The ipFamilies Schema", - "ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilies" + "ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilies" }, "httpPort": { "type": "object", @@ -1277,7 +1277,7 @@ "title": "The customPorts", "items": { "type": "object", - "ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServicePort" + "ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServicePort" } } }, @@ -1319,7 +1319,7 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "name": { "type": "string", @@ -1464,7 +1464,7 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" } }, "examples": [ @@ -1488,13 +1488,13 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "extraLabels": { "type": "object", "default": {}, "title": "The extraLabels Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" } }, "examples": [ @@ -1508,7 +1508,7 @@ "type": "string", "default": "", "title": "The priorityClassName", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/priorityClassName" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/priorityClassName" }, "podDisruptionBudget": { "type": "object", @@ -1525,13 +1525,13 @@ "type": "object", "default": {}, "title": "The annotations Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, "minAvailable": { - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec/properties/minAvailable" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec/properties/minAvailable" }, "maxUnavailable": { - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec/properties/maxUnavailable" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec/properties/maxUnavailable" } }, "examples": [ @@ -1570,7 +1570,7 @@ "initialDelaySeconds": { "type": "integer", "default": 0, - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.api.core.v1.Probe/properties/initialDelaySeconds" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.api.core.v1.Probe/properties/initialDelaySeconds" } }, "examples": [ @@ -1731,7 +1731,7 @@ "customPorts": [], "image": { "repository": "nginx/nginx-ingress", - "tag": "3.7.1", + "tag": "3.7.2", "digest": "", "pullPolicy": "IfNotPresent" }, @@ -1966,7 +1966,7 @@ "type": "object", "default": {}, "title": "The labels Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" } } }, @@ -1988,13 +1988,13 @@ "type": "object", "default": {}, "title": "The labels Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" }, "selectorMatchLabels": { "type": "object", "default": {}, "title": "The selectorMatchLabels Schema", - "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels" + "$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels" }, "endpoints": { "type": "array", @@ -2346,7 +2346,7 @@ "customPorts": [], "image": { "repository": "nginx/nginx-ingress", - "tag": "3.7.1", + "tag": "3.7.2", "digest": "", "pullPolicy": "IfNotPresent" }, diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index 7aca213d6e..0386a94fec 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -134,7 +134,7 @@ controller: repository: nginx/nginx-ingress ## The tag of the Ingress Controller image. If not specified the appVersion from Chart.yaml is used as a tag. - # tag: "3.7.1" + # tag: "3.7.2" ## The digest of the Ingress Controller image. ## If digest is specified it has precedence over tag and will be used instead # digest: "sha256:CHANGEME" diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index 95e4c1c261..65a7fa8ca1 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -32,7 +32,7 @@ spec: # - name: nginx-log # emptyDir: {} containers: - - image: nginx/nginx-ingress:3.7.1 + - image: nginx/nginx-ingress:3.7.2 imagePullPolicy: IfNotPresent name: nginx-ingress ports: @@ -95,7 +95,7 @@ spec: #- -enable-prometheus-metrics #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration # initContainers: -# - image: nginx/nginx-ingress:3.7.1 +# - image: nginx/nginx-ingress:3.7.2 # imagePullPolicy: IfNotPresent # name: init-nginx-ingress # command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index e5a63033f1..3172fd833c 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -32,7 +32,7 @@ spec: # - name: nginx-log # emptyDir: {} containers: - - image: nginx-plus-ingress:3.7.1 + - image: nginx-plus-ingress:3.7.2 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: @@ -98,7 +98,7 @@ spec: #- -enable-prometheus-metrics #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration # initContainers: -# - image: nginx/nginx-ingress:3.7.1 +# - image: nginx/nginx-ingress:3.7.2 # imagePullPolicy: IfNotPresent # name: init-nginx-ingress # command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index c2708186a2..36bd5860f1 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -33,7 +33,7 @@ spec: # - name: nginx-log # emptyDir: {} containers: - - image: nginx/nginx-ingress:3.7.1 + - image: nginx/nginx-ingress:3.7.2 imagePullPolicy: IfNotPresent name: nginx-ingress ports: @@ -96,7 +96,7 @@ spec: #- -enable-prometheus-metrics #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration # initContainers: -# - image: nginx/nginx-ingress:3.7.1 +# - image: nginx/nginx-ingress:3.7.2 # imagePullPolicy: IfNotPresent # name: init-nginx-ingress # command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index 42e7b1dafd..9645bcef1a 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -33,7 +33,7 @@ spec: # - name: nginx-log # emptyDir: {} containers: - - image: nginx-plus-ingress:3.7.1 + - image: nginx-plus-ingress:3.7.2 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: @@ -102,7 +102,7 @@ spec: #- -enable-service-insight #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration # initContainers: -# - image: nginx/nginx-ingress:3.7.1 +# - image: nginx/nginx-ingress:3.7.2 # imagePullPolicy: IfNotPresent # name: init-nginx-ingress # command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index 84da0510d0..bcbc329d8a 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -32,7 +32,7 @@ spec: securityContext: ... containers: - - image: nginx-plus-ingress:3.7.1 + - image: nginx-plus-ingress:3.7.2 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: @@ -321,7 +321,7 @@ spec: securityContext: ... containers: - - image: nginx-plus-ingress:3.7.1 + - image: nginx-plus-ingress:3.7.2 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: diff --git a/go.mod b/go.mod index 779620ea6d..8a1325b3a7 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,9 @@ module github.com/nginxinc/kubernetes-ingress go 1.23.3 require ( - github.com/aws/aws-sdk-go-v2/config v1.28.3 - github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.5 - github.com/cert-manager/cert-manager v1.16.1 + github.com/aws/aws-sdk-go-v2/config v1.28.5 + github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.6 + github.com/cert-manager/cert-manager v1.16.2 github.com/dlclark/regexp2 v1.11.4 github.com/gkampitakis/go-snaps v0.5.7 github.com/go-chi/chi/v5 v5.1.0 @@ -25,10 +25,10 @@ require ( go.opentelemetry.io/otel v1.32.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - k8s.io/api v0.31.2 - k8s.io/apimachinery v0.31.2 - k8s.io/client-go v0.31.2 - k8s.io/code-generator v0.31.2 + k8s.io/api v0.31.3 + k8s.io/apimachinery v0.31.3 + k8s.io/client-go v0.31.3 + k8s.io/code-generator v0.31.3 k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 sigs.k8s.io/controller-tools v0.16.5 ) @@ -36,18 +36,18 @@ require ( require ( github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/aws/aws-sdk-go-v2 v1.32.4 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.44 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 // indirect + github.com/aws/aws-sdk-go-v2 v1.32.5 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.46 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 // indirect - github.com/aws/smithy-go v1.22.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 // indirect + github.com/aws/smithy-go v1.22.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect diff --git a/go.sum b/go.sum index e0e1ec49df..9dbc474d5e 100644 --- a/go.sum +++ b/go.sum @@ -4,42 +4,42 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= -github.com/aws/aws-sdk-go-v2 v1.32.4 h1:S13INUiTxgrPueTmrm5DZ+MiAo99zYzHEFh1UNkOxNE= -github.com/aws/aws-sdk-go-v2 v1.32.4/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo= -github.com/aws/aws-sdk-go-v2/config v1.28.3 h1:kL5uAptPcPKaJ4q0sDUjUIdueO18Q7JDzl64GpVwdOM= -github.com/aws/aws-sdk-go-v2/config v1.28.3/go.mod h1:SPEn1KA8YbgQnwiJ/OISU4fz7+F6Fe309Jf0QTsRCl4= -github.com/aws/aws-sdk-go-v2/credentials v1.17.44 h1:qqfs5kulLUHUEXlHEZXLJkgGoF3kkUeFUTVA585cFpU= -github.com/aws/aws-sdk-go-v2/credentials v1.17.44/go.mod h1:0Lm2YJ8etJdEdw23s+q/9wTpOeo2HhNE97XcRa7T8MA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 h1:woXadbf0c7enQ2UGCi8gW/WuKmE0xIzxBF/eD94jMKQ= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19/go.mod h1:zminj5ucw7w0r65bP6nhyOd3xL6veAUMc3ElGMoLVb4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 h1:A2w6m6Tmr+BNXjDsr7M90zkWjsu4JXHwrzPg235STs4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23/go.mod h1:35EVp9wyeANdujZruvHiQUAo9E3vbhnIO1mTCAxMlY0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 h1:pgYW9FCabt2M25MoHYCfMrVY2ghiiBKYWUVXfwZs+sU= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23/go.mod h1:c48kLgzO19wAu3CPkDWC28JbaJ+hfQlsdl7I2+oqIbk= +github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo= +github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0= +github.com/aws/aws-sdk-go-v2/config v1.28.5/go.mod h1:4VsPbHP8JdcdUDmbTVgNL/8w9SqOkM5jyY8ljIxLO3o= +github.com/aws/aws-sdk-go-v2/credentials v1.17.46 h1:AU7RcriIo2lXjUfHFnFKYsLCwgbz1E7Mm95ieIRDNUg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.46/go.mod h1:1FmYyLGL08KQXQ6mcTlifyFXfJVCNJTVGuQP4m0d/UA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 h1:sDSXIrlsFSFJtWKLQS4PUWRvrT580rrnuLydJrCQ/yA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20/go.mod h1:WZ/c+w0ofps+/OUqMwWgnfrgzZH1DZO1RIkktICsqnY= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 h1:tHxQi/XHPK0ctd/wdOw0t7Xrc2OxcRCnVzv8lwWPu0c= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4/go.mod h1:4GQbF1vJzG60poZqWatZlhP31y8PGCCVTvIGPdaaYJ0= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.5 h1:Bo2BYwvZWs8/PWd2Mfoina0fOp1VRxkPnQrohriQf4U= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.5/go.mod h1:wnyWIU6CRfpI2Dk/B+lOlopIAtz3Sull+JWAyVibaW4= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 h1:HJwZwRt2Z2Tdec+m+fPjvdmkq2s9Ra+VR0hjF7V2o40= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.5/go.mod h1:wrMCEwjFPms+V86TCQQeOxQF/If4vT44FGIOFiMC2ck= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 h1:zcx9LiGWZ6i6pjdcoE9oXAB6mUdeyC36Ia/QEiIvYdg= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4/go.mod h1:Tp/ly1cTjRLGBBmNccFumbZ8oqpZlpdhFf80SrRh4is= -github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 h1:yDxvkz3/uOKfxnv8YhzOi9m+2OGIxF+on3KOISbK5IU= -github.com/aws/aws-sdk-go-v2/service/sts v1.32.4/go.mod h1:9XEUty5v5UAsMiFOBJrNibZgwCeOma73jgGwwhgffa8= -github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM= -github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.6 h1:3aPcXE6EUx7D+/mzEsp1vVBG+OVO4QsyTsyoLfAUzj4= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.6/go.mod h1:capelnANRLuXXVcT3oPQvDhKDn6unq1Ve2k9b8M12/o= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 h1:3zu537oLmsPfDMyjnUS2g+F2vITgy5pB74tHI+JBNoM= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.6/go.mod h1:WJSZH2ZvepM6t6jwu4w/Z45Eoi75lPN7DcydSRtJg6Y= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 h1:K0OQAsDywb0ltlFrZm0JHPY3yZp/S9OaoLU33S7vPS8= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5/go.mod h1:ORITg+fyuMoeiQFiVGoqB3OydVTLkClw/ljbblMq6Cc= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/cert-manager/cert-manager v1.16.1 h1:1ceFMqTtwiqY2vyfaRT85CNiVmK7pJjt3GebYCx9awY= -github.com/cert-manager/cert-manager v1.16.1/go.mod h1:MfLVTL45hFZsqmaT1O0+b2ugaNNQQZttSFV9hASHUb0= +github.com/cert-manager/cert-manager v1.16.2 h1:c9UU2E+8XWGruyvC/mdpc1wuLddtgmNr8foKdP7a8Jg= +github.com/cert-manager/cert-manager v1.16.2/go.mod h1:MfLVTL45hFZsqmaT1O0+b2ugaNNQQZttSFV9hASHUb0= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= @@ -420,18 +420,18 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= -k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= +k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= +k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM= -k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= -k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= +k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apiserver v0.31.2 h1:VUzOEUGRCDi6kX1OyQ801m4A7AUPglpsmGvdsekmcI4= k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE= -k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc= -k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= -k8s.io/code-generator v0.31.2 h1:xLWxG0HEpMSHfcM//3u3Ro2Hmc6AyyLINQS//Z2GEOI= -k8s.io/code-generator v0.31.2/go.mod h1:eEQHXgBU/m7LDaToDoiz3t97dUUVyOblQdwOr8rivqc= +k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= +k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= +k8s.io/code-generator v0.31.3 h1:Pj0fYOBms+ZrsulLi4DMsCEx1jG8fWKRLy44onHsLBI= +k8s.io/code-generator v0.31.3/go.mod h1:/umCIlT84g1+Yu5ZXtP1KGSRTnGiIzzX5AzUAxsNlts= k8s.io/component-base v0.31.2 h1:Z1J1LIaC0AV+nzcPRFqfK09af6bZ4D1nAOpWsy9owlA= k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ= k8s.io/gengo/v2 v2.0.0-20240826214909-a7b603a56eb7 h1:cErOOTkQ3JW19o4lo91fFurouhP8NcoBvb7CkvhZZpk= diff --git a/internal/configs/oidc/oidc.conf b/internal/configs/oidc/oidc.conf index 7384e3b651..9d63e7d201 100644 --- a/internal/configs/oidc/oidc.conf +++ b/internal/configs/oidc/oidc.conf @@ -39,8 +39,7 @@ internal; proxy_ssl_server_name on; # For SNI to the IdP proxy_set_header Content-Type "application/x-www-form-urlencoded"; - proxy_set_body "grant_type=authorization_code&client_id=$oidc_client&$args&redirect_uri=$redirect_base$redir_location"; - proxy_method POST; + proxy_set_header Authorization $arg_secret_basic; proxy_pass $oidc_token_endpoint; } @@ -51,8 +50,7 @@ internal; proxy_ssl_server_name on; # For SNI to the IdP proxy_set_header Content-Type "application/x-www-form-urlencoded"; - proxy_set_body "grant_type=refresh_token&refresh_token=$arg_token&client_id=$oidc_client&client_secret=$oidc_client_secret"; - proxy_method POST; + proxy_set_header Authorization $arg_secret_basic; proxy_pass $oidc_token_endpoint; } diff --git a/internal/configs/version2/nginx-plus.virtualserver.tmpl b/internal/configs/version2/nginx-plus.virtualserver.tmpl index 7b2977892f..06c9347328 100644 --- a/internal/configs/version2/nginx-plus.virtualserver.tmpl +++ b/internal/configs/version2/nginx-plus.virtualserver.tmpl @@ -90,6 +90,7 @@ server { include oidc/oidc.conf; set $oidc_pkce_enable 0; + set $oidc_client_auth_method "client_secret_post"; set $oidc_logout_redirect "{{ $oidc.PostLogoutRedirectURI }}"; set $oidc_hmac_key "{{ $s.VSName }}"; set $zone_sync_leeway {{ $oidc.ZoneSyncLeeway }}; diff --git a/site/content/installation/installing-nic/installation-with-helm.md b/site/content/installation/installing-nic/installation-with-helm.md index 5c4511083b..fb9beb22aa 100644 --- a/site/content/installation/installing-nic/installation-with-helm.md +++ b/site/content/installation/installing-nic/installation-with-helm.md @@ -27,7 +27,7 @@ NGINX Ingress Controller requires custom resource definitions (CRDs) installed i If you do not use the custom resources that require those CRDs (which corresponds to `controller.enableCustomResources` set to `false` and `controller.appprotect.enable` set to `false` and `controller.appprotectdos.enable` set to `false`), the installation of the CRDs can be skipped by specifying `--skip-crds` for the helm install command. ---- +--- ### Upgrade the CRDs @@ -287,7 +287,7 @@ The steps you should follow depend on the Helm release name: ## Run multiple NGINX Ingress Controllers -If you are running NGINX Ingress Controller releases in your cluster with custom resources enabled, the releases will share a single version of the CRDs. +If you are running NGINX Ingress Controller releases in your cluster with custom resources enabled, the releases will share a single version of the CRDs. Ensure the NGINX Ingress Controller versions match the version of the CRDs. When uninstalling a release, ensure that you don’t remove the CRDs until there are no other NGINX Ingress Controller releases running in the cluster. @@ -472,7 +472,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |**nginxAgent.instanceManager.tls.enable** | Enable TLS for Instance Manager connection. | true | |**nginxAgent.instanceManager.tls.skipVerify** | Skip certification verification for Instance Manager connection. | false | |**nginxAgent.instanceManager.tls.caSecret** | Name of `nginx.org/ca` secret used for verification of Instance Manager TLS. | "" | -|**nginxAgent.instanceManager.tls.secret** | Name of `kubernetes.io/tls` secret with a TLS certificate and key for using mTLS between NGINX Agent and Instance Manager. See the NGINX Instance Manager [docs](https://docs.nginx.com/nginx-management-suite/admin-guides/configuration/secure-traffic/#mutual-client-certificate-auth-setup-mtls) and the NGINX Agent [docs](https://docs.nginx.com/nginx-agent/configuration/encrypt-communication/) for more details. | "" | +|**nginxAgent.instanceManager.tls.secret** | Name of `kubernetes.io/tls` secret with a TLS certificate and key for using mTLS between NGINX Agent and Instance Manager. See the NGINX Instance Manager [docs](https://docs.nginx.com/nginx-instance-manager/system-configuration/secure-traffic/#mutual-client-certificate-authentication-setup-mtls) and the NGINX Agent [docs](https://docs.nginx.com/nginx-agent/configuration/encrypt-communication/) for more details. | "" | |**nginxAgent.syslog.host** | Address for NGINX Agent to run syslog listener. | 127.0.0.1 | |**nginxAgent.syslog.port** | Port for NGINX Agent to run syslog listener. | 1514 | |**nginxAgent.napMonitoring.collectorBufferSize** | Buffer size for collector. Will contain log lines and parsed log lines. | 50000 | diff --git a/site/content/installation/integrations/app-protect-waf-v5/compile-waf-policies.md b/site/content/installation/integrations/app-protect-waf-v5/compile-waf-policies.md index 46ad91d8b3..fe0d6c4d43 100644 --- a/site/content/installation/integrations/app-protect-waf-v5/compile-waf-policies.md +++ b/site/content/installation/integrations/app-protect-waf-v5/compile-waf-policies.md @@ -17,15 +17,15 @@ The following steps describe how to use the NGINX Instance Manager API to create ## Before you start ### Requirements -- A working [NGINX Management Suite](https://docs.nginx.com/nginx-management-suite/installation/) instance. -- An [NGINX Management Suite user](https://docs.nginx.com/nginx-management-suite/admin-guides/rbac/rbac-getting-started/) for API requests. +- A working [NGINX Instance Manager](https://docs.nginx.com/nginx-instance-manager/deploy/) instance. +- An [NGINX Instance Manager user](https://docs.nginx.com/nginx-instance-manager/admin-guide/rbac/overview-rbac/) for API requests. - A NGINX Ingress Controller [deployment with NGINX App Protect WAF]({{< relref "/installation/integrations/app-protect-waf/installation.md" >}}). ## Create a new security policy {{< tip >}} You can skip this step if you intend to use an existing security policy. {{< /tip >}} -Create a [new security policy](https://docs.nginx.com/nginx-management-suite/nim/how-to/app-protect/manage-waf-security-policies/#create-security-policy) using the API: this will require the use of a tool such as [`curl`](https://curl.se/) or [Postman](https://www.postman.com/) +Create a [new security policy](https://docs.nginx.com/nginx-instance-manager/app-protect/manage-waf-security-policies/#create-security-policy) using the API: this will require the use of a tool such as [`curl`](https://curl.se/) or [Postman](https://www.postman.com/) Create the file `simple-policy.json` with the contents below: @@ -82,7 +82,7 @@ It is one of two unique IDs we will use to download the bundle: it will be refer ## Create a new security bundle -Once you have created (Or selected) a security policy, [create a security bundle](https://docs.nginx.com/nginx-management-suite/nim/how-to/app-protect/manage-waf-security-policies/#create-security-policy-bundles) using the API. The version in the bundle you create **must** match the WAF compiler version you intend to use. +Once you have created (Or selected) a security policy, [create a security bundle](https://docs.nginx.com/nginx-instance-manager/app-protect/manage-waf-security-policies/#create-security-policy-bundles) using the API. The version in the bundle you create **must** match the WAF compiler version you intend to use. You can check which version is installed in NGINX Instance Manager by checking the operating system packages. If the wrong version is noted in the JSON payload, you will receive an error similar to below: @@ -191,7 +191,7 @@ curl -X GET "https://{NMS_FQDN}/api/platform/v1/security/policies//b This GET request uses the policy and bundle IDs from the previous examples: ```shell -curl -X GET -k 'https://127.0.0.1/api/platform/v1/security/policies/6af9f261-658b-4be1-b07a-cebd83e917a1/bundles/de08b324-99d8-4155-b2eb-fe687b21034e' \ +curl -X GET -k 'https://127.0.0.1/api/platform/v1/security/policies/6af9f261-658b-4be1-b07a-cebd83e917a1/bundles/de08b324-99d8-4155-b2eb-fe687b21034e' \ -H "Authorization: Basic YWRtaW46UncxQXBQS3lRRTRuQXRXOFRYa1J4ZFdVSWVTSGtU" \ | jq -r '.content' | base64 -d > security-policy-bundle.tgz ``` diff --git a/site/content/installation/integrations/app-protect-waf-v5/installation.md b/site/content/installation/integrations/app-protect-waf-v5/installation.md index bc8e6404c5..6de9443c99 100644 --- a/site/content/installation/integrations/app-protect-waf-v5/installation.md +++ b/site/content/installation/integrations/app-protect-waf-v5/installation.md @@ -373,7 +373,7 @@ If you prefer not to build your own NGINX Ingress Controller image, you can use {{< bootstrap-table "table table-bordered table-striped table-responsive" >}} | NIC Version | App Protect WAFv5 Version | Config Manager | Enforcer | | --- | --- | --- | --- | -| 3.7.0 | 32_5.144 | 5.3.0 | 5.3.0 | +| 3.7.2 | 32_5.144 | 5.3.0 | 5.3.0 | | 3.6.2 | 32_5.48 | 5.2.0 | 5.2.0 | {{% /bootstrap-table %}} diff --git a/site/content/overview/product-telemetry.md b/site/content/overview/product-telemetry.md index bd4cc57b77..2c78d19486 100644 --- a/site/content/overview/product-telemetry.md +++ b/site/content/overview/product-telemetry.md @@ -12,7 +12,7 @@ Learn why, what and how F5 NGINX Ingress Controller collects telemetry. NGINX Ingress Controller collects product telemetry data to allow its developers to understand how it's deployed and configured by users. This data is used to triage development work, prioritizing features and functionality that will benefit the most people. -Product telemetry is enabled by default, collected once every 24 hours. It's then sent to a service managed by F5 over HTTPS. +Product telemetry is enabled by default, collected once every 24 hours. It's then sent over HTTPS to a service managed by F5 at `oss.edge.df.f5.com`. {{< note >}} If you would prefer not to send any telemetry data, you can [opt-out](#opt-out) when installing NGINX Ingress Controller. {{< /note >}} diff --git a/site/content/releases.md b/site/content/releases.md index acc802d5a5..6b8aa8c6d4 100644 --- a/site/content/releases.md +++ b/site/content/releases.md @@ -8,7 +8,7 @@ toc: true weight: 2100 --- -{{< note >}} +{{< note >}} FIPS compliant images are currently impacted by compatibility issues with a dependent library. We recommend against: @@ -23,7 +23,7 @@ This will not affect logs generated by NGINX. To ensure backwards compatibility, we will ensure the existing log format, `glog`, will be maintained through a configuration option for the next 3 releases. {{< /note >}} -{{< important >}} +{{< important >}} CRD version removal notice. In our next major release, `v4.0.0`, support for the following apiVersions for these listed CRDs will be dropped: 1. `k8s.nginx.org/v1alpha` for `GlobalConfiguration` @@ -36,6 +36,36 @@ If a resource of `kind: GlobalConfiguration`, `kind: Policy` or `kind: Transport When `v4.0.0` is released, the release notes will contain the required upgrade steps to go from `v3.X.X` to `v4.X.X` {{< /important >}} +## 3.7.2 + +25 Nov 2024 + +### Fixes +- [6838](https://github.com/nginxinc/kubernetes-ingress/pull/6838) Update oidc_template and conf + +### Dependencies +- [6779](https://github.com/nginxinc/kubernetes-ingress/pull/6779), [6790](https://github.com/nginxinc/kubernetes-ingress/pull/6790) & [6851](https://github.com/nginxinc/kubernetes-ingress/pull/6851) Bump the Docker dependencies +- [6791](https://github.com/nginxinc/kubernetes-ingress/pull/6791), [6849](https://github.com/nginxinc/kubernetes-ingress/pull/6849) & [6839](https://github.com/nginxinc/kubernetes-ingress/pull/6839) Bump the go dependencies + +### Upgrade + +- For NGINX, use the 3.7.2 images from our +[DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/tags?page=1&ordering=last_updated&name=3.7.2), +[GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), +[Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress). +- For NGINX Plus, use the 3.7.2 images from the F5 Container registry, +the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE), +the [GCP Marketplace](https://console.cloud.google.com/marketplace/browse?filter=partner:F5,%20Inc.&filter=solution-type:k8s&filter=category:networking) +or build your own image using the 3.7.2 source code +- For Helm, use version 1.4.2 of the chart. + +### Supported Platforms + +We will provide technical support for NGINX Ingress Controller on any Kubernetes platform that is currently supported by +its provider and that passes the Kubernetes conformance tests. This release was fully tested on the following Kubernetes +versions: 1.25-1.31. + +--- ## 3.7.1 06 Nov 2024 @@ -197,7 +227,7 @@ versions: 1.25-1.30. 25 Jun 2024 Added support for the latest generation of NGINX App Protect Web Application Firewall, v5. NGINX Ingress Controller will continue to support the NGINX App Protect v4 family to allow customers to implement new Policy Bundle workflow at their own pace. -NGINX App Protect WAF v5 does not accept the JSON based policies, instead requiring users to compile a Policy Bundle outside of the NGINX Ingress Controller pod. Policy bundles contain a combination of custom Policy, signatures, and campaigns. Bundles can be compiled using either App Protect [compiler](https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/compiler/), or [NGINX Instance Manager](https://docs.nginx.com/nginx-management-suite/nim/how-to/app-protect/manage-waf-security-policies/#list-security-policy-bundles). Learn more here, https://docs.nginx.com/nginx-ingress-controller/installation/integrations/app-protect-waf-v5/. +NGINX App Protect WAF v5 does not accept the JSON based policies, instead requiring users to compile a Policy Bundle outside of the NGINX Ingress Controller pod. Policy bundles contain a combination of custom Policy, signatures, and campaigns. Bundles can be compiled using either App Protect [compiler](https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/compiler/), or [NGINX Instance Manager](https://docs.nginx.com/nginx-instance-manager/app-protect/manage-waf-security-policies/#list-security-policy-bundles). Learn more here, https://docs.nginx.com/nginx-ingress-controller/installation/integrations/app-protect-waf-v5/. With this release, NGINX Ingress Controller is implementing a new image maintenance policy. Container images for subscribed users will be updated on a regular basis in-between releases to reduce the CVE vulnerabilities. Customers can observe the 3.6.x tag when listing images in the registry and select the latest image to update to for the current release. @@ -312,12 +342,12 @@ versions: 1.23-1.29. 26 Mar 2024 -NGINX Ingress Controller and NGINX App Protect WAF users can can now view violations through NGINX Instance Manager Security Monitor. Security Monitor can be used to build Policy bundles, reducing reload time impacts on NGINX Ingress Controller. Read more information in [NGINX App Protect WAF Bundles](https://docs.nginx.com/nginx-ingress-controller/installation/integrations/app-protect-waf/configuration/#waf-bundles) and [Security Monitoring](https://docs.nginx.com/nginx-management-suite/security/). +NGINX Ingress Controller and NGINX App Protect WAF users can can now view violations through NGINX Instance Manager Security Monitor. Security Monitor can be used to build Policy bundles, reducing reload time impacts on NGINX Ingress Controller. Read more information in [NGINX App Protect WAF Bundles](https://docs.nginx.com/nginx-ingress-controller/installation/integrations/app-protect-waf/configuration/#waf-bundles) and [Security Monitoring](https://docs.nginx.com/nginx-instance-manager/security-monitoring/). When using NGINX Plus for two version [split rollouts](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#split), you can now control progressive rollouts of a new backend version without reloading NGINX using the [**-weight-changes-dynamic-reload**](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#-weight-changes-dynamic-reload) command line argument. The [**use-cluster-ip**](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/#backend-services-upstreams) annotation is now available for the Ingress resource. -**use-cluster-ip** supports service meshes and specific use cases where the backend service should be the target instead of individual backend service pods, bypassing upstream load balancing. +**use-cluster-ip** supports service meshes and specific use cases where the backend service should be the target instead of individual backend service pods, bypassing upstream load balancing. ### Features - [5179](https://github.com/nginxinc/kubernetes-ingress/pull/5179) & [5051](https://github.com/nginxinc/kubernetes-ingress/pull/5051) Add NIM Security Dashboard integration for App Protect WAF security violations diff --git a/site/content/tutorials/security-monitoring.md b/site/content/tutorials/security-monitoring.md index 2aa2696583..4dfc7d683f 100644 --- a/site/content/tutorials/security-monitoring.md +++ b/site/content/tutorials/security-monitoring.md @@ -10,7 +10,7 @@ This document explains how to use NGINX Ingress Controller to configure NGINX Ag ## Prerequisites -This guide assumes that you have an installation of NGINX Instance Manager with [NGINX Security Monitoring](https://docs.nginx.com/nginx-management-suite/installation/vm-bare-metal/install-security-monitoring/) which is reachable from the Kubernetes cluster on which NGINX Ingress Controller is deployed. +This guide assumes that you have an installation of NGINX Instance Manager with [NGINX Security Monitoring](https://docs.nginx.com/nginx-instance-manager/monitoring/security-monitoring/deploy/install-security-monitoring/) which is reachable from the Kubernetes cluster on which NGINX Ingress Controller is deployed. If you use custom container images, NGINX Agent must be installed along with NGINX App Protect WAF. See the [Dockerfile](https://github.com/nginxinc/kubernetes-ingress/tree/v{{< nic-version >}}/build/Dockerfile) for examples of how to install NGINX Agent or the [NGINX Agent installation documentation](https://docs.nginx.com/nginx-agent/installation-upgrade/) for more information. diff --git a/site/content/usage-reporting.md b/site/content/usage-reporting.md index ab1934ec2b..e10c5ac051 100644 --- a/site/content/usage-reporting.md +++ b/site/content/usage-reporting.md @@ -13,9 +13,9 @@ This page describes how to enable Usage Reporting for F5 NGINX Ingress Controlle ## Overview -Usage Reporting is a Kubernetes controller that connects to the NGINX Management Suite and reports the number of NGINX Ingress Controller nodes in the cluster. It is installed as a Kubernetes Deployment in the same cluster as NGINX Ingress Controller whose nodes you would like reported. +Usage Reporting is a Kubernetes controller that connects to the NGINX Instance Manager and reports the number of NGINX Ingress Controller nodes in the cluster. It is installed as a Kubernetes Deployment in the same cluster as NGINX Ingress Controller whose nodes you would like reported. -To use Usage Reporting, you must have access to NGINX Management Suite. For more information, see [NGINX Management Suite](https://www.f5.com/products/nginx/instance-manager/). Usage Reporting is a requirement of the new Flexible Consumption Program for NGINX Ingress Controller. +To use Usage Reporting, you must have access to NGINX Instance Manager. For more information, see [NGINX Instance Manager](https://www.f5.com/products/nginx/instance-manager/). Usage Reporting is a requirement of the new Flexible Consumption Program for NGINX Ingress Controller. --- @@ -24,11 +24,11 @@ To use Usage Reporting, you must have access to NGINX Management Suite. For more To deploy Usage Reporting, you must have the following: - [NGINX Ingress Controller 3.2.0](https://docs.nginx.com/nginx-ingress-controller) or later -- [NGINX Management Suite 2.11](https://docs.nginx.com/nginx-management-suite) or later +- [NGINX Instance Manager 2.11.0](https://docs.nginx.com/nginx-instance-manager) or later In addition to the software requirements, you will need: -- Access to an NGINX Management Suite username and password for basic authentication. You will need the URL of your NGINX Management Suite system, and a username and password for Usage Reporting. The Usage Reporting user account must have access to the `/api/platform/v1/k8s-usage` endpoint. +- Access to an NGINX Instance Manager username and password for basic authentication. You will need the URL of your NGINX Instance Manager system, and a username and password for Usage Reporting. The Usage Reporting user account must have access to the `/api/platform/v1/k8s-usage` endpoint. - Access to the Kubernetes cluster where NGINX Ingress Controller is deployed, with the ability to deploy a Kubernetes Deployment and a Kubernetes Secret. - Access to public internet to pull the Usage Reporting image. This image is hosted in the NGINX container registry at `docker-registry.nginx.com/cluster-connector`. You can pull the image and push it to a private container registry for deployment. @@ -36,16 +36,16 @@ In addition to the software requirements, you will need: --- -## Add a user account to NGINX Management Suite +## Add a user account to NGINX Instance Manager Usage Reporting needs a user account to send usage data to NGINX Instance Manager: these are the steps involved. -1. Create a role following the steps in [Create a Role](https://docs.nginx.com/nginx-management-suite/admin-guides/access-control/set-up-rbac/#create-role) section of the NGINX Management Suite documentation. Select these permissions in step 6 for the role: +1. Create a role following the steps in [Create a Role](https://docs.nginx.com/nginx-instance-manager/admin-guide/rbac/create-roles/#create-roles) section of the NGINX Instance Manager documentation. Select these permissions in step 6 for the role: - Module: Instance Manager - Feature: NGINX Plus Usage - Access: CRUD -1. Create a user account following the steps in [Add Users](https://docs.nginx.com/nginx-management-suite/admin-guides/access-control/set-up-rbac/#add-users) section of the NGINX Management Suite documentation. In step 6, assign the user to the role created above. Note that currently only "basic auth" authentication is supported for usage reporting purposes. +1. Create a user account following the steps in [Add Users](https://docs.nginx.com/nginx-instance-manager/admin-guide/rbac/assign-roles/#assign-roles-to-users-basic-authentication) section of the NGINX Instance Manager documentation. In step 5, assign the user to the role created above. Note that currently only "basic auth" authentication is supported for usage reporting purposes. --- @@ -61,11 +61,11 @@ Create the Kubernetes namespace `nginx-cluster-connector` for Usage Reporting: --- -### Pass the credential to the NGINX Management Suite API +### Pass the credential to the NGINX Instance Manager API -To make the credential available to Usage Reporting, create a Kubernetes secret. The username and password created in the previous section are required to connect the NGINX Management Suite API. +To make the credential available to Usage Reporting, create a Kubernetes secret. The username and password created in the previous section are required to connect the NGINX Instance Manager API. -Both the username and password are stored in the Kubernetes Secret and need to be converted to base64. In this example the username will be `foo` and the password will be `bar`. +Both the username and password are stored in the Kubernetes Secret and need to be converted to base64. In this example the username will be `foo` and the password will be `bar`. To obtain the base64 representation of a string, use the following command: @@ -104,7 +104,7 @@ If you are using a different namespace, change the namespace in the `metadata` s kubectl apply -f nms-basic-auth.yaml ``` -If you need to update the basic-auth credentials for NGINX Management Suite in the future, update the `username` and `password` fields, and apply the changes by running the command again. Usage Reporting will automatically detect the changes, using the new username and password without redeployment. +If you need to update the basic-auth credentials for NGINX Instance Manager in the future, update the `username` and `password` fields, and apply the changes by running the command again. Usage Reporting will automatically detect the changes, using the new username and password without redeployment. Download and save the deployment file [cluster-connector.yaml](https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v{{< nic-version >}}/examples/shared-examples/usage-reporting/cluster-connector.yaml). Edit the following under the `args` section and then save the file: @@ -114,10 +114,10 @@ Download and save the deployment file [cluster-connector.yaml](https://raw.githu - -nms-basic-auth-secret=nginx-cluster-connector/nms-basic-auth ``` -- `-nms-server-address` should be the address of the Usage Reporting API, which will be the combination of NGINX Management Suite server hostname and the URI `api/platform/v1` +- `-nms-server-address` should be the address of the Usage Reporting API, which will be the combination of NGINX Instance Manager server hostname and the URI `api/platform/v1` - `nms-basic-auth-secret` should be the namespace/name of the secret created in step 3: `nginx-cluster-connector/nms-basic-auth`. -{{< note >}} OpenShift requires a SecurityContextConstraints object for NGINX Cluster Connector. +{{< note >}} OpenShift requires a SecurityContextConstraints object for NGINX Cluster Connector. It can be created with the command `oc create -f scc.yaml`, using the file found in `shared-examples/` {{< /note >}} @@ -135,9 +135,9 @@ kubectl apply -f cluster-connector.yaml --- -## Viewing usage data from the NGINX Management Suite API +## Viewing usage data from the NGINX Instance Manager API -Usage Reporting sends the number of NGINX Ingress Controller instances and nodes in the cluster to NGINX Management Suite. To view the usage data, query the NGINX Management Suite API. The usage data is available at the following endpoint: +Usage Reporting sends the number of NGINX Ingress Controller instances and nodes in the cluster to NGINX Instance Manager. To view the usage data, query the NGINX Instance Manager API. The usage data is available at the following endpoint: ```shell @@ -243,7 +243,7 @@ kubectl delete -f cluster-connector.yaml ## Command-line arguments -Usage Reporting supports several command-line arguments, which can be specified in the `args` section of the Kubernetes deployment file. +Usage Reporting supports several command-line arguments, which can be specified in the `args` section of the Kubernetes deployment file. The following is a list of the supported command-line arguments and their usage: @@ -251,14 +251,14 @@ The following is a list of the supported command-line arguments and their usage: ### -nms-server-address `` -The address of the NGINX Management Suite host. IPv4 addresses and hostnames are supported. +The address of the NGINX Instance Manager host. IPv4 addresses and hostnames are supported. Default: `http://apigw.nms.svc.cluster.local/api/platform/v1/k8s-usage`. --- ### -nms-basic-auth-secret `` -Secret for basic authentication to the NGINX Management Suite API. The secret must be in `kubernetes.io/basic-auth` format using base64 encoding. +Secret for basic authentication to the NGINX Instance Manager API. The secret must be in `kubernetes.io/basic-auth` format using base64 encoding. Format: `/`. --- @@ -271,7 +271,7 @@ The display name of the Kubernetes cluster. ### -skip-tls-verify -Skip TLS verification for the NGINX Management Suite server. +Skip TLS verification for the NGINX Instance Manager server. {{< warning >}} This argument is intended for using a self-assigned certificate for testing purposes only. {{< /warning >}} @@ -279,7 +279,7 @@ Skip TLS verification for the NGINX Management Suite server. ### -min-update-interval `` -The minimum interval between updates to the NGINX Management Suite. +The minimum interval between updates to the NGINX Instance Manager. Default: `24h`. {{< warning >}} This argument is intended for testing purposes only. {{< /warning >}} diff --git a/site/go.mod b/site/go.mod index 2164b714cd..a88d5f6260 100644 --- a/site/go.mod +++ b/site/go.mod @@ -1,5 +1,5 @@ module github.com/nginxinc/kubernetes-ingress/docs -go 1.23 +go 1.23.0 require github.com/nginxinc/nginx-hugo-theme v0.41.20 // indirect diff --git a/site/layouts/shortcodes/nic-helm-version.html b/site/layouts/shortcodes/nic-helm-version.html index 13175fdc43..c9929e36a8 100644 --- a/site/layouts/shortcodes/nic-helm-version.html +++ b/site/layouts/shortcodes/nic-helm-version.html @@ -1 +1 @@ -1.4.1 \ No newline at end of file +1.4.2 \ No newline at end of file diff --git a/site/layouts/shortcodes/nic-operator-version.html b/site/layouts/shortcodes/nic-operator-version.html index 58073ef8d7..acdc3f1b0b 100644 --- a/site/layouts/shortcodes/nic-operator-version.html +++ b/site/layouts/shortcodes/nic-operator-version.html @@ -1 +1 @@ -2.4.1 \ No newline at end of file +2.4.2 \ No newline at end of file diff --git a/site/layouts/shortcodes/nic-version.html b/site/layouts/shortcodes/nic-version.html index 5cdb444f3d..47b6be3faf 100644 --- a/site/layouts/shortcodes/nic-version.html +++ b/site/layouts/shortcodes/nic-version.html @@ -1 +1 @@ -3.7.1 \ No newline at end of file +3.7.2 \ No newline at end of file diff --git a/tests/Dockerfile b/tests/Dockerfile index bb552dd614..fdccb557fa 100644 --- a/tests/Dockerfile +++ b/tests/Dockerfile @@ -1,11 +1,11 @@ # syntax=docker/dockerfile:1.5 # this is here so we can grab the latest version of kind and have dependabot keep it up to date -FROM kindest/node:v1.31.1@sha256:cd224d8da58d50907d1dd41d476587643dad2ffd9f6a4d96caf530fb3b9a5956 +FROM kindest/node:v1.31.2@sha256:18fbefc20a7113353c7b75b5c869d7145a6abd6269154825872dc59c1329912e # this is here so we can grab the latest version of skopeo and have dependabot keep it up to date -FROM quay.io/skopeo/stable:v1.16.1 +FROM quay.io/skopeo/stable:v1.17.0 -FROM python:3.13@sha256:a31cbb4db18c6f09e3300fa85b77f6d56702501fcb9bdb8792ec702a39ba6200 +FROM python:3.13@sha256:bc78d3c007f86dbb87d711b8b082d9d564b8025487e780d24ccb8581d83ef8b0 RUN apt-get update \ && apt-get install -y curl git \