Skip to content

Commit

Permalink
Merge branch 'main' into deps/image-update-main-3a6a51ee
Browse files Browse the repository at this point in the history
  • Loading branch information
@pdabelf5
pdabelf5 authored Jan 6, 2025
2 parents 267c3a0 + a68c154 commit 126dde3
Show file tree
Hide file tree
Showing 28 changed files with 149 additions and 144 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build-plus.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ jobs:
labels: |
org.opencontainers.image.description=NGINX Plus Ingress Controller for Kubernetes
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
DOCKER_METADATA_ANNOTATIONS_LEVELS: ${{ contains(inputs.target, 'aws') && 'manifest' || 'manifest,index' }}

- name: Set base name variable
id: base_name
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -89,7 +89,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -102,6 +102,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
category: "/language:${{matrix.language}}"
8 changes: 4 additions & 4 deletions .github/workflows/image-promotion.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ jobs:
fi
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
if: steps.check-sarif.outputs.sarif_has_results == 'true'
with:
sarif_file: govulncheck.sarif
Expand Down Expand Up @@ -468,7 +468,7 @@ jobs:
overwrite: true

- name: Upload Scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
sarif_file: "${{ steps.directory.outputs.directory }}/"

Expand Down Expand Up @@ -557,7 +557,7 @@ jobs:
overwrite: true

- name: Upload Scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
sarif_file: "${{ steps.directory.outputs.directory }}/"

Expand Down Expand Up @@ -653,7 +653,7 @@ jobs:
overwrite: true

- name: Upload Scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
sarif_file: "${{ steps.directory.outputs.directory }}/"
continue-on-error: true
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/lint-format.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- uses: reviewdog/action-actionlint@08ef4afa963243489a457cca426f705ce4e0d1a5 # v1.60.0
- uses: reviewdog/action-actionlint@534eb894142bcf31616e5436cbe4214641c58101 # v1.61.0
with:
actionlint_flags: -shellcheck ""

Expand All @@ -84,7 +84,7 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- uses: DavidAnson/markdownlint-cli2-action@eb5ca3ab411449c66620fe7f1b3c9e10547144b0 # v18.0.0
- uses: DavidAnson/markdownlint-cli2-action@a23dae216ce3fee4db69da41fed90d2a4af801cf # v19.0.0
with:
config: .markdownlint-cli2.yaml
globs: "**/*.md"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ jobs:
.github/scripts/release-notes-update.sh ${{ github.event.inputs.new_version }} ${{ github.event.inputs.new_helm_version }} "${{ github.event.inputs.k8s_versions }}" "${{ github.event.inputs.release_date }}"
- name: Create Pull Request
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
with:
token: ${{ secrets.NGINX_PAT }}
commit-message: Release ${{ github.event.inputs.new_version }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,7 @@ jobs:
role-to-assume: ${{ secrets.AWS_ROLE_MARKETPLACE }}

- name: Publish to AWS Marketplace
uses: nginxinc/aws-marketplace-publish@47db7444063941b7e5b509cd8cd0be6f25ecb35b # v1.0.6
uses: nginxinc/aws-marketplace-publish@108e752101152582ed409c5faed859a891e0d7aa # v1.0.7
continue-on-error: true
with:
version: ${{ inputs.nic_version }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/update-docker-sha.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ jobs:
echo $GITHUB_OUTPUT
- name: Create Pull Request
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
id: pr
with:
token: ${{ secrets.NGINX_PAT }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/update-kubernetes-version.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
if: ${{ steps.search.outputs.found == 'false' }}

- name: Create Pull Request
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
with:
token: ${{ secrets.NGINX_PAT }}
commit-message: update kubernetes version to ${{ steps.k8s-version.outputs.version }} in helm schema
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/version-bump.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
CHART_VERSION: ${{ inputs.helm_chart_version }}

- name: Create Pull Request
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
with:
token: ${{ secrets.NGINX_PAT }}
commit-message: Version Bump for ${{ github.event.inputs.ic_version }}
Expand Down
6 changes: 3 additions & 3 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ repos:
args: [--new-from-patch=/tmp/diff.patch]

- repo: https://github.com/asottile/pyupgrade
rev: v3.19.0
rev: v3.19.1
hooks:
- id: pyupgrade

Expand Down Expand Up @@ -87,12 +87,12 @@ repos:
args: ["--schemafile", "charts/nginx-ingress/values.schema.json"]

- repo: https://github.com/DavidAnson/markdownlint-cli2
rev: v0.16.0
rev: v0.17.0
hooks:
- id: markdownlint-cli2

- repo: https://github.com/rhysd/actionlint
rev: v1.7.4
rev: v1.7.5
hooks:
- id: actionlint
name: Lint GitHub Actions workflow files
Expand Down
14 changes: 7 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ This repo provides an implementation of an Ingress Controller for NGINX and NGIN

We value community input and would love to see you at the next community call. At these calls, we discuss PRs by community members as well as issues, discussions and feature requests.

**Microsoft Teams Link**: [KIC - GitHub Issues Triage](https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTRhZjFhMDMtZTQwOC00NDA4LWJiOGItZjhhMmE5NzgyMDY0%40thread.v2/0?context=%7b%22Tid%22%3a%22dd3dfd2f-6a3b-40d1-9be0-bf8327d81c50%22%2c%22Oid%22%3a%22ea616cee-2e02-45f5-8e4c-c24967346491%22%7d)
**Microsoft Teams Link**: [NIC - GitHub Issues Triage](https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTRhZjFhMDMtZTQwOC00NDA4LWJiOGItZjhhMmE5NzgyMDY0%40thread.v2/0?context=%7b%22Tid%22%3a%22dd3dfd2f-6a3b-40d1-9be0-bf8327d81c50%22%2c%22Oid%22%3a%22ea616cee-2e02-45f5-8e4c-c24967346491%22%7d)

**Meeting ID:** `298 140 979 789`

Expand All @@ -35,12 +35,12 @@ We value community input and would love to see you at the next community call. A

| **Community Call Dates** |
| ------------------------ |
| **2024-10-07** |
| **2024-10-21** |
| **2024-11-05** |
| **2024-11-18** |
| **2024-12-02** |
| **2024-12-16** |
| **2025-01-13** |
| **2025-01-27** |
| **2025-02-10** |
| **2025-02-24** |
| **2025-03-11** |
| **2025-03-24** |

---

Expand Down
17 changes: 5 additions & 12 deletions cmd/nginx-ingress/flags.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"regexp"
"strings"

internalValidation "github.com/nginxinc/kubernetes-ingress/internal/validation"
api_v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/util/validation"
Expand Down Expand Up @@ -345,22 +346,22 @@ func mustValidateFlags(ctx context.Context) {
nl.Fatalf(l, "Invalid value for leader-election-lock-name: %v", statusLockNameValidationError)
}

statusPortValidationError := validatePort(*nginxStatusPort)
statusPortValidationError := internalValidation.ValidateUnprivilegedPort(*nginxStatusPort)
if statusPortValidationError != nil {
nl.Fatalf(l, "Invalid value for nginx-status-port: %v", statusPortValidationError)
}

metricsPortValidationError := validatePort(*prometheusMetricsListenPort)
metricsPortValidationError := internalValidation.ValidateUnprivilegedPort(*prometheusMetricsListenPort)
if metricsPortValidationError != nil {
nl.Fatalf(l, "Invalid value for prometheus-metrics-listen-port: %v", metricsPortValidationError)
}

readyStatusPortValidationError := validatePort(*readyStatusPort)
readyStatusPortValidationError := internalValidation.ValidateUnprivilegedPort(*readyStatusPort)
if readyStatusPortValidationError != nil {
nl.Fatalf(l, "Invalid value for ready-status-port: %v", readyStatusPortValidationError)
}

healthProbePortValidationError := validatePort(*serviceInsightListenPort)
healthProbePortValidationError := internalValidation.ValidateUnprivilegedPort(*serviceInsightListenPort)
if healthProbePortValidationError != nil {
nl.Fatalf(l, "Invalid value for service-insight-listen-port: %v", metricsPortValidationError)
}
Expand Down Expand Up @@ -464,14 +465,6 @@ func validateResourceName(name string) error {
return nil
}

// validatePort makes sure a given port is inside the valid port range for its usage
func validatePort(port int) error {
if port < 1024 || port > 65535 {
return fmt.Errorf("port outside of valid port range [1024 - 65535]: %v", port)
}
return nil
}

// validateLogLevel makes sure a given logLevel is one of the allowed values
func validateLogLevel(logLevel string) error {
switch strings.ToLower(logLevel) {
Expand Down
18 changes: 0 additions & 18 deletions cmd/nginx-ingress/flags_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,24 +7,6 @@ import (
"testing"
)

func TestValidatePort(t *testing.T) {
badPorts := []int{80, 443, 1, 1023, 65536}
for _, badPort := range badPorts {
err := validatePort(badPort)
if err == nil {
t.Errorf("Expected error for port %v\n", badPort)
}
}

goodPorts := []int{8080, 8081, 8082, 1024, 65535}
for _, goodPort := range goodPorts {
err := validatePort(goodPort)
if err != nil {
t.Errorf("Error for valid port: %v err: %v\n", goodPort, err)
}
}
}

func TestParseNginxStatusAllowCIDRs(t *testing.T) {
badCIDRs := []struct {
input string
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/appprotectdos.f5.com_dosprotectedresources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: dosprotectedresources.appprotectdos.f5.com
spec:
group: appprotectdos.f5.com
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/externaldns.nginx.org_dnsendpoints.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: dnsendpoints.externaldns.nginx.org
spec:
group: externaldns.nginx.org
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/k8s.nginx.org_globalconfigurations.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: globalconfigurations.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/k8s.nginx.org_policies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: policies.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/k8s.nginx.org_transportservers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: transportservers.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/k8s.nginx.org_virtualserverroutes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: virtualserverroutes.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/k8s.nginx.org_virtualservers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: virtualservers.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down
2 changes: 1 addition & 1 deletion deploy/crds-nap-dos.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: dosprotectedresources.appprotectdos.f5.com
spec:
group: appprotectdos.f5.com
Expand Down
12 changes: 6 additions & 6 deletions deploy/crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: dnsendpoints.externaldns.nginx.org
spec:
group: externaldns.nginx.org
Expand Down Expand Up @@ -99,7 +99,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: globalconfigurations.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down Expand Up @@ -165,7 +165,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: policies.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down Expand Up @@ -417,7 +417,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: transportservers.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down Expand Up @@ -592,7 +592,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: virtualserverroutes.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down Expand Up @@ -1321,7 +1321,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.17.0
name: virtualservers.k8s.nginx.org
spec:
group: k8s.nginx.org
Expand Down
Loading

0 comments on commit 126dde3

Please sign in to comment.