Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nginx v1.19.10 #8307

Merged
merged 1 commit into from
Mar 14, 2022
Merged

Nginx v1.19.10 #8307

merged 1 commit into from
Mar 14, 2022

Conversation

sskserk
Copy link
Contributor

@sskserk sskserk commented Mar 7, 2022

What this PR does / why we need it:

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation only

Which issue/s this PR fixes

How Has This Been Tested?

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I've read the CONTRIBUTION guide
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Mar 7, 2022

CLA Signed

The committers are authorized under a signed CLA.

  • ✅ sskserk (068996c17a214dd4380a52ec46eee19b697205ce)

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 7, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @sskserk. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-priority size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Mar 7, 2022
@sskserk sskserk changed the title nginx 1.19.10 Nginx v1.19.10 Mar 7, 2022
@sskserk
Copy link
Contributor Author

sskserk commented Mar 7, 2022

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: sskserk (a9852faa5ad0d40e586c27401e1c92a7d107cb1c)

Copy link
Contributor

@iamNoah1 iamNoah1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sskserk, please sign the cla first :)

@sskserk
Copy link
Contributor Author

sskserk commented Mar 7, 2022

@sskserk, please sign the cla first :)

I did't already. When I click the "Please click here to be authorized." it redirects me to the https://na3.docusign.net/ . Once I sign the document it redirects me to the wrong PR

@dmathieu
Copy link
Contributor

dmathieu commented Mar 7, 2022

Could you keep the OpenTelemetry image in sync as well?
https://github.com/kubernetes/ingress-nginx/blob/main/images/opentelemetry/rootfs/build.sh#L21

@sskserk
Copy link
Contributor Author

sskserk commented Mar 7, 2022

Could you keep the OpenTelemetry image in sync as well? https://github.com/kubernetes/ingress-nginx/blob/main/images/opentelemetry/rootfs/build.sh#L21

done

@sskserk sskserk requested a review from iamNoah1 March 7, 2022 13:28
@jarias-lfx
Copy link

/easycla

@strongjz
Copy link
Member

strongjz commented Mar 7, 2022

Thanks for the PR! Can we update the PR or post it below on why we need this update to 1.19.10? We can also discuss this on the community call if need be.

Thanks,
James

@sskserk
Copy link
Contributor Author

sskserk commented Mar 7, 2022

Thanks for the PR! Can we update the PR or post it below on why we need this update to 1.19.10? We can also discuss this on the community call if need be.

Thanks, James

@strongjz , the final goal is the property https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time . I need it to control the corresponding property.

I want to increase the version of Nginx and then in a separate PR introduce the "keepalive_time" property

@sskserk sskserk force-pushed the nginx_11910 branch 2 times, most recently from c5eb904 to 068996c Compare March 7, 2022 14:47
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Mar 7, 2022
@sskserk
Copy link
Contributor Author

sskserk commented Mar 7, 2022

Thanks for the PR! Can we update the PR or post it below on why we need this update to 1.19.10? We can also discuss this on the community call if need be.

Thanks, James

@strongjz , thank you! The user.name of the commits is fixed.

@sskserk
Copy link
Contributor Author

sskserk commented Mar 7, 2022

@strongjz
Copy link
Member

strongjz commented Mar 7, 2022

/priority backlog
/triage accepted
/ok-to-test
/kind feature

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/backlog Higher priority than priority/awaiting-more-evidence. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 7, 2022
@k8s-ci-robot k8s-ci-robot removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Mar 7, 2022
@sskserk
Copy link
Contributor Author

sskserk commented Mar 8, 2022

@strongjz , what are the next steps? Are there any additional gaps in this PR?

@strongjz
Copy link
Member

strongjz commented Mar 9, 2022

/lgtm
/hold

I dont see any reason not too from the 1.19.10 change log but I want to hear what @rikatz has to say.

We did just release 1.1.2, nginx 1.19.10 wont go into effect till 1.1.3

@sskserk I'll comment back here what the image sha is so you can still test till we put out 1.1.3

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 9, 2022
@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Mar 9, 2022
@sskserk
Copy link
Contributor Author

sskserk commented Mar 10, 2022

@strongjz , @rikatz , @iamNoah1 ,

I'm trying to start using the keepalive_time property of Nginx v1.19.10 here -> #8319

But the e2e tests fail because they run against image built on v1.19.9 but with the introduced keepalive_time configuration property. Nginx 1.19.9 simply is not starting because it doesn't recognize the new property. I guess this is because the basic image is not rebuilt

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Mar 11, 2022
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 14, 2022
@sskserk sskserk requested review from rikatz and strongjz March 14, 2022 10:25
@strongjz
Copy link
Member

/remove-hold
/lgtm

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Mar 14, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sskserk, strongjz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 01b92b8 into kubernetes:main Mar 14, 2022
@strongjz
Copy link
Member

@sskserk the image build

https://console.cloud.google.com/cloud-build/builds;region=global/c5bcf0d3-c7db-4f19-a1d3-c1c1cd5d0255?project=k8s-staging-ingress-nginx

Image ID.

gcr.io/k8s-staging-ingress-nginx/nginx:v20220314-controller-v1.1.2-8-g01b92b8b3@sha256:68d88ad12e5ab880b0bcaf02b04032c294de62b8bfb0e9994c99bbfe3c0955dc

Prow build output https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/ingress-nginx/8307/pull-ingress-nginx-boilerplate/1503399038462988288

kundan2707 added a commit to kundan2707/ingress-nginx that referenced this pull request Mar 17, 2022
remove 0.46.0 from supported versions table (kubernetes#8258)

Minor fix for missing pathType property (kubernetes#8244)

Updated confusing error (kubernetes#8262)

Add a certificate info metric (kubernetes#8253)

When the ingress controller loads certificates  (new ones or following a
secret update), it performs a series of check to ensure its validity.

In our systems, we detected a case where, when the secret object is
compromised, for example when the certificate does not match the secret
key, different pods of the ingress controller are serving a different
version of the certificate.

This behaviour is due to the cache mechanism of the ingress controller,
keeping the last known certificate in case of corruption. When this
happens, old ingress-controller pods will keep serving the old one,
while new pods, by failing to load the corrupted certificates, would
use the default certificate, causing invalid certificates for its
clients.

This generates a random error on the client side, depending on the
actual pod instance it reaches.

In order to allow detecting occurences of those situations, add a metric
to expose, for all ingress controlller pods, detailed informations of
the currently loaded certificate.

This will, for example, allow setting an alert when there is a
certificate discrepency across all ingress controller pods using a query
similar to `sum(nginx_ingress_controller_ssl_certificate_info{host="name.tld"})by(serial_number)`

This also allows to catch other exceptions loading certificates (failing
to load the certificate from the k8s API, ...

Co-authored-by: Daniel Ricart <[email protected]>

Co-authored-by: Daniel Ricart <[email protected]>

Issue#8241 (kubernetes#8273)

* replace daemon set for deployment manifest

* nit

Start Release process for v1.1.2 (kubernetes#8275)

Signed-off-by: Jintao Zhang <[email protected]>

Add fsGroup value to admission-webhooks/job-patch charts (kubernetes#8267)

* added fsGroup to admission createSecret and patchWebhook job

* added fsGroup to admission createSecret and patchWebhook job

* modified helm/README.md to add value for fsGroup

* fixed patch job values ordering

* remove manually edited README for replacement with helm-docs generated version

* re-adding charts/README.md generated by helm-docs

Add OpenSSF Best practices badge (kubernetes#8277)

fix: deny locations with invalid auth-url annotation (kubernetes#8256)

* fix: deny locations with invalid auth-url annotation

Signed-off-by: m.nabokikh <[email protected]>

* Delete duplicate test

Signed-off-by: m.nabokikh <[email protected]>

force prow job by changing something in images/ot dir (kubernetes#8281)

Images dir was merged in before the test-infra prow job, so the image was never built.

kubernetes#8013 Jan 16

https://github.com/kubernetes/test-infra/pull/25344/files Prow job 4 days ago.

Fix OpenTelemetry sidecar image build (kubernetes#8286)

* fix wrong checksum for nginx image

* fix wrong platform. Arm64 has grpc, when arm doesn't

update tag for image (kubernetes#8290)

remove git tag env from cloud build

the latest git tag is from helm, so force the make file use of TAG ?=v$(shell date +%m%d%Y)-$(shell git rev-parse --short HEAD)

release-v1.1.2-continued (kubernetes#8294)

* v1.1.2 release

Signed-off-by: Jintao Zhang <[email protected]>

* release-v1.1.2-continued

Co-authored-by: Jintao Zhang <[email protected]>

docs: fix changelog formatting (kubernetes#8302)

leaving it the git tag (kubernetes#8311)

fixing the git tag for the image version, it is what it is .

Missing annotations (kubernetes#8288)

Not quite sure but It seems that `nginx.ingress.kubernetes.io/canary-by-header` is missing.

Names cannot contain _ (underscore)! So I changed it to -. (kubernetes#8300)

* The name can't use _(underscore)! So fix it!

The name can't use _(underscore)! So fix it!

* Fix configMap name can't use _(underscore)

Fix configMap name can't use _(underscore)

Pinned GitHub workflows by SHA (kubernetes#8334)

- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
- Included permissions for some of the actions. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

Dependabot can upgrade pinned version of actions.

Update monitoring.md (kubernetes#8324)

Added missing repo on "helm upgrade" command

Add the shareProcessNamespace as a configurable setting. (kubernetes#8287)

Nginx v1.19.10 (kubernetes#8307)

kubectl code overview info
rchshld pushed a commit to joomcode/ingress-nginx that referenced this pull request May 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/backlog Higher priority than priority/awaiting-more-evidence. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants