Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: nginx/kubernetes-ingress
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3739046a8e16a42921a8ae5c7a09c1f6a5c02604
Choose a base ref
..
head repository: nginx/kubernetes-ingress
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: ad30156fc9af880c91b04794ffaeda42416f04cf
Choose a head ref
8 changes: 8 additions & 0 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: NGINX Ingress Controller Documentation
url: https://docs.nginx.com/nginx-ingress-controller
about: Check out our documentation.
- name: General inquiries
url: https://github.com/nginxinc/kubernetes-ingress/discussions
about: Please use Discussions for all other questions.
30 changes: 14 additions & 16 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -31,7 +31,7 @@ defaults:
shell: bash

env:
K8S_VERSION: 1.23.3
K8S_VERSION: 1.23.4
K8S_TIMEOUT: 75s
HELM_CHART_DIR: deployments/helm-chart
GIT_NAME: NGINX Kubernetes Team
@@ -51,7 +51,7 @@ jobs:
go_path: ${{ steps.go.outputs.go_path }}
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Cache Go controller tools
uses: actions/cache@v2
with:
@@ -87,7 +87,7 @@ jobs:
needs: checks
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache Go build
@@ -123,7 +123,7 @@ jobs:
needs: checks
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Cache Go tests
uses: actions/cache@v2
with:
@@ -166,7 +166,7 @@ jobs:
{\"image\": \"opentracing-plus\", \"marker\": \"vsr\"}, \
{\"image\": \"ubi-plus\", \"marker\": \"policies\"}]}"
else
echo "::set-output name=matrix::{\"k8s\": [\"1.19.11\", \"1.20.7\", \"1.21.2\", \"1.22.5\", \"1.23.3\"], \
echo "::set-output name=matrix::{\"k8s\": [\"1.19.16\", \"1.20.15\", \"1.21.10\", \"1.22.7\", \"1.23.4\"], \
\"images\": [{\"image\": \"debian\"}, {\"image\": \"debian-plus\"}]}"
fi
@@ -178,7 +178,7 @@ jobs:
matrix: ${{ fromJSON(needs.setup-matrix.outputs.matrix) }}
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Run Smoke Tests
id: smoke-tests
uses: ./.github/actions/smoke-tests
@@ -206,7 +206,7 @@ jobs:
HELM_HTTP_POSTFIX: s
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Fetch Cached Artifacts
uses: actions/cache@v2
with:
@@ -259,7 +259,7 @@ jobs:
needs: [checks, smoke-tests]
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache Go build
@@ -303,7 +303,7 @@ jobs:
platforms: "linux/arm64, linux/amd64, linux/s390x"
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Fetch Cached Artifacts
@@ -391,8 +391,7 @@ jobs:
continue-on-error: true
with:
image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }}
format: 'template'
template: '@/contrib/sarif.tpl'
format: 'sarif'
output: 'trivy-results-${{ matrix.image }}.sarif'
ignore-unfixed: 'true'
- name: Upload Trivy scan results to GitHub Security tab
@@ -421,7 +420,7 @@ jobs:
platforms: "linux/arm64, linux/amd64, linux/s390x"
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Fetch Cached Artifacts
@@ -516,8 +515,7 @@ jobs:
continue-on-error: true
with:
image-ref: docker.io/${{ matrix.image }}:${{ steps.meta.outputs.version }}
format: 'template'
template: '@/contrib/sarif.tpl'
format: 'sarif'
output: 'trivy-results-${{ matrix.image }}.sarif'
ignore-unfixed: 'true'
- name: Upload Trivy scan results to GitHub Security tab
@@ -543,7 +541,7 @@ jobs:
if: ${{ github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release') }}
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Output Variables
id: var
run: |
@@ -573,7 +571,7 @@ jobs:
if: ${{ github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release') }}
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
repository: nginxinc/helm-charts
fetch-depth: 1
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -25,7 +25,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
2 changes: 1 addition & 1 deletion .github/workflows/dockerhub-description.yml
Original file line number Diff line number Diff line change
@@ -16,7 +16,7 @@ jobs:
dockerHubDescription:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- name: Modify readme for DockerHub
run: |
2 changes: 1 addition & 1 deletion .github/workflows/fossa.yml
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Scan
uses: fossas/fossa-action@v1
with:
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -28,7 +28,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Output Variables
id: vars
run: echo "::set-output name=go_version::$(grep "go 1." go.mod | cut -d " " -f 2)"
4 changes: 2 additions & 2 deletions .github/workflows/sync.yml
Original file line number Diff line number Diff line change
@@ -32,7 +32,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Run CRD File Sync
uses: BetaHuhn/repo-file-sync-action@v1
with:
@@ -57,7 +57,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Sync Labels
uses: micnncim/action-label-syncer@v1
with:
11 changes: 5 additions & 6 deletions .github/workflows/update-docker-images.yml
Original file line number Diff line number Diff line change
@@ -31,7 +31,7 @@ jobs:
k8s_version: ${{ steps.vars.outputs.k8s_version }}
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set KIC version
@@ -40,7 +40,7 @@ jobs:
tag=$(git tag --sort=-version:refname | head -n1)
echo "::set-output name=tag::${tag//v}"
- name: Checkout Repository at ${{ steps.kic.outputs.tag }}
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
ref: refs/tags/v${{ steps.kic.outputs.tag }}
- name: Set NGINX versions
@@ -92,7 +92,7 @@ jobs:
needs: [check, variables]
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: refs/tags/v${{ needs.variables.outputs.kic-tag }}
@@ -155,7 +155,7 @@ jobs:
needs-updating: ${{ needs.check.outputs.needs-updating-ubi }}
steps:
- name: Checkout Repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
ref: refs/tags/v${{ needs.variables.outputs.kic-tag }}
if: ${{ matrix.needs-updating == 'true' }}
@@ -254,8 +254,7 @@ jobs:
continue-on-error: true
with:
image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }}
format: 'template'
template: '@/contrib/sarif.tpl'
format: 'sarif'
output: 'trivy-results-${{ matrix.image }}.sarif'
ignore-unfixed: 'true'
if: ${{ matrix.needs-updating == 'true' }}
4 changes: 3 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -28,6 +28,7 @@ nginx-ingress
osx-nginx-plus-ingress
nginx-plus-ingress
cmd/nginx-ingress/nginx-ingress
dist/

# NGINX Plus license files
*.crt
@@ -53,11 +54,12 @@ site/
venv/
docs/public
docs/themes/f5-hugo
dist/
.netlify/
docs/.netlify

# trivy container scanning cache
.trivycache/

# coverage files
coverage.txt
coverage.out
4 changes: 4 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -39,6 +39,10 @@ test: ## Run tests
cover: ## Generate coverage report
@./hack/test-cover.sh

cover-html: ## Generate and show coverage report in HTML format
go test -shuffle=on -race ./... -count=1 -cover -covermode=atomic -coverprofile=coverage.out
go tool cover -html coverage.out

.PHONY: verify-codegen
verify-codegen: ## Verify code generation
./hack/verify-codegen.sh
16 changes: 16 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Security Policy

## Supported Versions

We advise users to run the most recent release of the NGINX Ingress Controller, and we issue software updates to the most recent release. We provide technical support for F5 customers who are using the most recent version of the NGINX Ingress Controller, and any version released within two years of the current release.

For more information visit https://docs.nginx.com/nginx-ingress-controller/technical-specifications/

## Reporting a Vulnerability

The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities.

- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support).
- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at F5SIRT@f5.com

For more information visit https://www.f5.com/services/support/report-a-vulnerability
4 changes: 3 additions & 1 deletion docs/content/app-protect/configuration.md
Original file line number Diff line number Diff line change
@@ -30,7 +30,9 @@ You can define App Protect policies for your Ingress resources by creating an `A
> **Note**: [The Advanced gRPC Protection for Unary Traffic](/nginx-app-protect/configuration/#advanced-grpc-protection-for-unary-traffic) only supports providing an `idl-file` inline. The fields `policy.idl-files[].link`, `policy.idl-files[].$ref`, and
`policy.idl-files[].file` are not supported. The IDL file should be provided in field `policy.idl-files[].contents`. The value of this field can be base64 encoded. In this case the field `policy.idl-files[].isBase64` should be set to `true`.

To add any [App Protect policy](/nginx-app-protect/declarative-policy/policy/) to an Ingress resource:
> **Note**: [External References](/nginx-app-protect/configuration-guide/configuration/#external-references) in the Ingress Controller are deprecated and will not be supported in future releases.
To add any [App Protect policy](/nginx-app-protect/policy/#policy) to an Ingress resource:

1. Create an `APPolicy` Custom resource manifest.
2. Add the desired policy to the `spec` field in the `APPolicy` resource.
8 changes: 1 addition & 7 deletions docs/content/configuration/transportserver-resource.md
Original file line number Diff line number Diff line change
@@ -12,8 +12,6 @@ The TransportServer resource allows you to configure TCP, UDP, and TLS Passthrou

This document is the reference documentation for the TransportServer resource. To see additional examples of using the resource for specific use cases, go to the [examples/custom-resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.1.1/examples/custom-resources) folder in our GitHub repo.

> **Feature Status**: The TransportServer resource is available as a preview feature[^1]: We might introduce some backward-incompatible changes to the resource definition. The feature is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller.
## Prerequisites

* For TCP and UDP, the TransportServer resource must be used in conjunction with the [GlobalConfiguration resource](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource), which must be created separately.
@@ -378,9 +376,5 @@ The [ConfigMap](/nginx-ingress-controller/configuration/global-configuration/con
## Limitations
The TransportServer resource is a preview feature. Currently, it comes with the following limitation:
The TransportServer resource currently comes with the following limitation:
* When using TLS Passthrough, it is not possible to configure [Proxy Protocol](https://github.com/nginxinc/kubernetes-ingress/tree/v2.0.1/examples/proxy-protocol) for port 443 both for regular HTTPS and TLS Passthrough traffic.
## Footnotes
[^1]: Capabilities labeled in preview status are fully supported.
15 changes: 14 additions & 1 deletion docs/content/technical-specifications.md
Original file line number Diff line number Diff line change
@@ -17,7 +17,20 @@ The 1.12 release supports the Ingress v1beta1 API and continues to receive secur

## Supported Kubernetes Versions

We explicitly test the NGINX Ingress Controller on a range of Kubernetes platforms at each release, and the [release notes](/nginx-ingress-controller/releases) list which platforms were tested. We will provide technical support for the NGINX Ingress Controller on any Kubernetes platform that is currently supported by its provider and which passes the [Kubernetes conformance tests](https://www.cncf.io/certification/software-conformance/).
We explicitly test the NGINX Ingress Controller (NIC) on a range of Kubernetes platforms at each release, and the [release notes](/nginx-ingress-controller/releases) list which platforms were tested. We will provide technical support for the NGINX Ingress Controller (NIC) on any Kubernetes platform that is currently supported by its provider and which passes the [Kubernetes conformance tests](https://www.cncf.io/certification/software-conformance/).

{{% table %}}
| NIC Version | Supported Kubernetes Version | NIC Helm Chart Version | NIC Operator Version | NGINX / NGINX Plus version |
| --- | --- | --- | --- | --- |
| 2.1.1 | 1.23 - 1.19 | 0.12.1 | 0.5.1 | 1.21.6 / R26 |
| 2.0.3 | 1.22 - 1.19 | 0.11.3 | 0.4.0 | 1.21.3 / R25 |
| 1.12.3 | 1.21 - 1.16 | 0.10.3 | 0.3.0 | 1.21.0 / R24 |
| 1.11.3 | 1.20 - 1.16 | 0.9.0 | 0.2.0 | 1.21.0 / R23 P1 |
| 1.10.1 | 1.19 - 1.16 | 0.8.0 | 0.1.0 | 1.19.8 / R23 |
| 1.9.1 | 1.18 - 1.16 | 0.7.1 | 0.0.7 | 1.19.3 / R22 |
| 1.8.1 | | 0.6.0 | 0.0.6 | 1.19.2 / R22 |
| 1.7.2 | | 0.5.1 | 0.0.4 | 1.19.0 / R22 |
| 1.6.3 | | 0.4.3 | -- | 1.17.9 / R21 |

## Supported Docker Images

24 changes: 12 additions & 12 deletions go.mod
Original file line number Diff line number Diff line change
@@ -3,8 +3,8 @@ module github.com/nginxinc/kubernetes-ingress
go 1.17

require (
github.com/aws/aws-sdk-go-v2/config v1.14.0
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.12.0
github.com/aws/aws-sdk-go-v2/config v1.15.0
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.0
github.com/golang-jwt/jwt/v4 v4.3.0
github.com/golang/glog v1.0.0
github.com/google/go-cmp v0.5.7
@@ -22,16 +22,16 @@ require (
require (
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/aws/aws-sdk-go-v2 v1.14.0 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.9.0 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.8.0 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.10.0 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.15.0 // indirect
github.com/aws/smithy-go v1.11.0 // indirect
github.com/aws/aws-sdk-go-v2 v1.15.0 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.10.0 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.6 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.7 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.0 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.11.0 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.16.0 // indirect
github.com/aws/smithy-go v1.11.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
Loading