Update NGINX Ingress Controller to 3.7.0 (#392)

Makefile

@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 2.3.2
+VERSION ?= 2.4.0
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")

README.md

@@ -17,6 +17,7 @@ The following table shows the relation between the versions of the two projects:
 
 | NGINX Ingress Controller | NGINX Ingress Operator |
 | ------------------------ | ---------------------- |
+| 3.7.x                    | 2.4.0                  |
 | 3.6.x                    | 2.3.2                  |
 | 3.5.x                    | 2.2.2                  |
 | 3.4.x                    | 2.1.2                  |
@@ -75,7 +76,7 @@ See [upgrade docs](./docs/upgrades.md)
 
 We publish NGINX Ingress Operator releases on GitHub. See our [releases page](https://github.com/nginxinc/nginx-ingress-helm-operator/releases).
 
-The latest stable release is [2.3.2](https://github.com/nginxinc/nginx-ingress-helm-operator/releases/tag/v2.3.2). For production use, we recommend that you choose the latest stable release.
+The latest stable release is [2.4.0](https://github.com/nginxinc/nginx-ingress-helm-operator/releases/tag/v2.4.0). For production use, we recommend that you choose the latest stable release.
 
 ## Development
 

bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml

@@ -77,7 +77,7 @@ metadata:
               "image": {
                 "pullPolicy": "IfNotPresent",
                 "repository": "nginx/nginx-ingress",
-                "tag": "3.6.2-ubi"
+                "tag": "3.7.0-ubi"
               },
               "includeYear": false,
               "ingressClass": {
@@ -220,7 +220,7 @@ metadata:
     capabilities: Basic Install
     categories: Monitoring, Networking
     certified: "true"
-    containerImage: quay.io/nginx/nginx-ingress-operator:2.3.2
+    containerImage: quay.io/nginx/nginx-ingress-operator:2.4.0
     createdAt: "2024-08-06T10:53:11Z"
     description: The NGINX Ingress Operator is a Kubernetes/OpenShift component which
       deploys and manages one or more NGINX/NGINX Plus Ingress Controllers
@@ -244,7 +244,7 @@ metadata:
     operatorframework.io/arch.arm64: supported
     operatorframework.io/arch.ppc64le: supported
     operatorframework.io/arch.s390x: supported
-  name: nginx-ingress-operator.v2.3.2
+  name: nginx-ingress-operator.v2.4.0
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -448,7 +448,7 @@ spec:
                 - --metrics-bind-address=127.0.0.1:8080
                 - --leader-elect
                 - --leader-election-id=nginx-ingress-operator
-                image: quay.io/nginx/nginx-ingress-operator:2.3.2
+                image: quay.io/nginx/nginx-ingress-operator:2.4.0
                 livenessProbe:
                   httpGet:
                     path: /healthz
@@ -539,4 +539,4 @@ spec:
   minKubeVersion: 1.23.0
   provider:
     name: NGINX Inc
-  version: 2.3.2
+  version: 2.4.0

config/manager/kustomization.yaml

@@ -5,4 +5,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: quay.io/nginx/nginx-ingress-operator
-  newTag: 2.3.2
+  newTag: 2.4.0

config/manifests/bases/kustomization.yaml

@@ -3,4 +3,4 @@ resources:
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 commonAnnotations:
-  containerImage: quay.io/nginx/nginx-ingress-operator:2.3.2
+  containerImage: quay.io/nginx/nginx-ingress-operator:2.4.0

config/samples/charts_v1alpha1_nginxingress.yaml

@@ -35,7 +35,7 @@ spec:
     customPorts: []
     image:
       repository: nginx/nginx-ingress
-      tag: "3.6.2-ubi"
+      tag: "3.7.0-ubi"
       # digest: "sha256:CHANGEME"
       pullPolicy: IfNotPresent
     lifecycle: {}

docs/manual-installation.md

@@ -7,14 +7,14 @@ This will deploy the operator in the `nginx-ingress-operator-system` namespace.
    1. Clone the `nginx-ingress-operator` repo:
 
    ```shell
-   git clone https://github.com/nginxinc/nginx-ingress-helm-operator/ --branch v2.3.2
+   git clone https://github.com/nginxinc/nginx-ingress-helm-operator/ --branch v2.4.0
    cd nginx-ingress-helm-operator/
    ```
 
    2. To deploy the Operator and associated resources to all environments, run:
 
    ```shell
-   make deploy IMG=nginx/nginx-ingress-operator:2.3.2
+   make deploy IMG=nginx/nginx-ingress-operator:2.4.0
    ```
 
 2. Check that the Operator is running:
@@ -30,11 +30,11 @@ This will deploy the operator in the `nginx-ingress-operator-system` namespace.
 
 In order to deploy NGINX Ingress Controller instances into OpenShift environments, a new SCC is required to be created on the cluster which will be used to bind the specific required capabilities to the NGINX Ingress service account(s). To do so for NIC deployments, please run the following command (assuming you are logged in with administrator access to the cluster):
 
-`kubectl apply -f https://github.com/nginxinc/nginx-ingress-helm-operator/v2.3.2/resources/scc.yaml`
+`kubectl apply -f https://github.com/nginxinc/nginx-ingress-helm-operator/v2.4.0/resources/scc.yaml`
 
 Alternatively, to create an SCC for NIC daemonsets, please run this command:
 
-`kubectl apply -f https://github.com/nginxinc/nginx-ingress-helm-operator/v2.3.2/resources/scc-daemonset.yaml`
+`kubectl apply -f https://github.com/nginxinc/nginx-ingress-helm-operator/v2.4.0/resources/scc-daemonset.yaml`
 
 You can now deploy the NGINX Ingress Controller instances.
 
@@ -44,19 +44,19 @@ You can now deploy the NGINX Ingress Controller instances.
 You can use the operator (including the kube-rbac-proxy) images from your own private registry.
 1. Tag the images for your private registry
    ```shell
-   docker tag quay.io/nginx/nginx-ingress-operator:2.3.2 <my-private-registry>/nginx-ingress-operator:2.3.2
+   docker tag quay.io/nginx/nginx-ingress-operator:2.4.0 <my-private-registry>/nginx-ingress-operator:2.4.0
    docker tag quay.io/brancz/kube-rbac-proxy:v0.18.0 <my-private-registry>/kube-rbac-proxy:v0.18.0
    ```
 
 2. Push the image to your private registry
    ```shell
-   docker push <my-private-registry>/nginx-ingress-operator:2.3.2
+   docker push <my-private-registry>/nginx-ingress-operator:2.4.0
    docker push <my-private-registry>/kube-rbac-proxy:v0.18.0
    ```
 
 3. Follow step 1 above but in step 1.2 you can run
    ```shell
-   make deploy IMG=<my-private-registry>/nginx-ingress-operator:2.3.2 KRP_IMAGE_BASE=<my-private-registry>/kube-rbac-proxy
+   make deploy IMG=<my-private-registry>/nginx-ingress-operator:2.4.0 KRP_IMAGE_BASE=<my-private-registry>/kube-rbac-proxy
    ```
    **Note: If you need to use a different `kube-rbac-proxy` version than the default, use the `KRP_IMAGE_TAG` variable**  
 

docs/nginx-ingress-controller.md

@@ -47,7 +47,7 @@ spec:
     customPorts: []
     image:
       repository: nginx/nginx-ingress
-      tag: "3.6.2-ubi"
+      tag: "3.7.0-ubi"
       # digest: "sha256:CHANGEME"
       pullPolicy: IfNotPresent
     lifecycle: {}

docs/openshift-installation.md

@@ -23,10 +23,10 @@ Additional steps:
 
 In order to deploy NGINX Ingress Controller instances into OpenShift environments, a new SCC is required to be created on the cluster which will be used to bind the specific required capabilities to the NGINX Ingress service account(s). To do so for NIC deployments, please run the following command (assuming you are logged in with administrator access to the cluster):
 
-`kubectl apply -f https://github.com/nginxinc/nginx-ingress-helm-operator/v2.3.2/resources/scc.yaml`
+`kubectl apply -f https://github.com/nginxinc/nginx-ingress-helm-operator/v2.4.0/resources/scc.yaml`
 
 Alternatively, to create an SCC for NIC daemonsets, please run this command:
 
-`kubectl apply -f https://github.com/nginxinc/nginx-ingress-helm-operator/v2.3.2/resources/scc-daemonset.yaml`
+`kubectl apply -f https://github.com/nginxinc/nginx-ingress-helm-operator/v2.4.0/resources/scc-daemonset.yaml`
 
 You can now deploy the NGINX Ingress Controller instances.

examples/deployment-oss-min/nginx-ingress-controller.yaml

@@ -11,7 +11,7 @@ spec:
     image:
       pullPolicy: IfNotPresent
       repository: nginx/nginx-ingress
-      tag: 3.6.2-ubi
+      tag: 3.7.0-ubi
     ingressClass:
       name: nginx
     kind: deployment

examples/deployment-plus-min/nginx-ingress-controller.yaml

@@ -11,7 +11,7 @@ spec:
     image:
       pullPolicy: IfNotPresent
       repository: nginx/nginx-ingress
-      tag: 3.6.2-ubi
+      tag: 3.7.0-ubi
     ingressClass:
       name: nginx
     kind: deployment

helm-charts/nginx-ingress/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 3.6.2
+appVersion: 3.7.0
 description: NGINX Ingress Controller
 home: https://github.com/nginxinc/kubernetes-ingress
-icon: https://github.com/nginxinc/kubernetes-ingress/v3.6.2/charts/nginx-ingress/chart-icon.png
+icon: https://github.com/nginxinc/kubernetes-ingress/v3.7.0/charts/nginx-ingress/chart-icon.png
 keywords:
 - ingress
 - nginx
@@ -12,6 +12,6 @@ maintainers:
   name: nginxinc
 name: nginx-ingress
 sources:
-- https://github.com/nginxinc/kubernetes-ingress/tree/v3.6.2/charts/nginx-ingress
+- https://github.com/nginxinc/kubernetes-ingress/tree/v3.7.0/charts/nginx-ingress
 type: application
-version: 1.3.2
+version: 1.4.0

helm-charts/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: dosprotectedresources.appprotectdos.f5.com
 spec:
   group: appprotectdos.f5.com
@@ -42,6 +42,16 @@ spec:
             description: DosProtectedResourceSpec defines the properties and values
               a DosProtectedResource can have.
             properties:
+              allowList:
+                description: AllowList is a list of allowed IPs and subnet masks
+                items:
+                  description: AllowListEntry represents an IP address and a subnet
+                    mask.
+                  properties:
+                    ipWithMask:
+                      type: string
+                  type: object
+                type: array
               apDosMonitor:
                 description: 'ApDosMonitor is how NGINX App Protect DoS monitors the
                   stress level of the protected object. The monitor requests are sent

helm-charts/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: dnsendpoints.externaldns.nginx.org
 spec:
   group: externaldns.nginx.org

helm-charts/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: globalconfigurations.k8s.nginx.org
 spec:
   group: k8s.nginx.org
@@ -46,6 +46,10 @@ spec:
                 items:
                   description: Listener defines a listener.
                   properties:
+                    ipv4:
+                      type: string
+                    ipv6:
+                      type: string
                     name:
                       type: string
                     port:

helm-charts/nginx-ingress/crds/k8s.nginx.org_policies.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: policies.k8s.nginx.org
 spec:
   group: k8s.nginx.org
@@ -87,9 +87,7 @@ spec:
                     type: object
                 type: object
               basicAuth:
-                description: |-
-                  BasicAuth holds HTTP Basic authentication configuration
-                  policy status: preview
+                description: BasicAuth holds HTTP Basic authentication configuration
                 properties:
                   realm:
                     type: string
@@ -161,8 +159,12 @@ spec:
                     type: string
                   clientSecret:
                     type: string
+                  endSessionEndpoint:
+                    type: string
                   jwksURI:
                     type: string
+                  postLogoutRedirectURI:
+                    type: string
                   redirectURI:
                     type: string
                   scope:

helm-charts/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: transportservers.k8s.nginx.org
 spec:
   group: k8s.nginx.org

helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: virtualserverroutes.k8s.nginx.org
 spec:
   group: k8s.nginx.org

helm-charts/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: virtualservers.k8s.nginx.org
 spec:
   group: k8s.nginx.org

helm-charts/nginx-ingress/templates/_helpers.tpl

@@ -277,7 +277,6 @@ Build the args for the service binary.
 - -service-insight-tls-secret={{ .Values.serviceInsight.secret }}
 - -enable-custom-resources={{ .Values.controller.enableCustomResources }}
 - -enable-snippets={{ .Values.controller.enableSnippets }}
-- -include-year={{ .Values.controller.includeYear }}
 - -disable-ipv6={{ .Values.controller.disableIPV6 }}
 {{- if .Values.controller.enableCustomResources }}
 - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}

helm-charts/nginx-ingress/templates/controller-globalconfiguration.yaml

@@ -1,5 +1,5 @@
 {{ if .Values.controller.globalConfiguration.create }}
-apiVersion: k8s.nginx.org/v1alpha1
+apiVersion: k8s.nginx.org/v1
 kind: GlobalConfiguration
 metadata:
   name: {{ include "nginx-ingress.controller.fullname" . }}

helm-charts/nginx-ingress/templates/controller-lease.yaml

@@ -0,0 +1,13 @@
+{{ if .Values.controller.reportIngressStatus.enableLeaderElection }}
+apiVersion: coordination.k8s.io/v1
+kind: Lease
+metadata:
+  name: {{ include "nginx-ingress.leaderElectionName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "nginx-ingress.labels" . | nindent 4 }}
+{{- if .Values.controller.reportIngressStatus.annotations }}
+  annotations
+{{ toYaml .Values.controller.reportIngressStatus.annotations | indent 4 }}
+{{- end }}
+{{- end }}

helm-charts/nginx-ingress/templates/controller-service.yaml

@@ -50,7 +50,7 @@ spec:
     targetPort: {{ .Values.controller.service.httpPort.targetPort }}
     protocol: TCP
     name: http
-  {{- if eq .Values.controller.service.type "NodePort" }}
+  {{- if or (eq .Values.controller.service.type "LoadBalancer") (eq .Values.controller.service.type "NodePort") }}
     nodePort: {{ .Values.controller.service.httpPort.nodePort }}
   {{- end }}
 {{- end }}
@@ -59,7 +59,7 @@ spec:
     targetPort: {{ .Values.controller.service.httpsPort.targetPort }}
     protocol: TCP
     name: https
-  {{- if eq .Values.controller.service.type "NodePort" }}
+  {{- if or (eq .Values.controller.service.type "LoadBalancer") (eq .Values.controller.service.type "NodePort") }}
     nodePort: {{ .Values.controller.service.httpsPort.nodePort }}
   {{- end }}
 {{- end }}

helm-charts/nginx-ingress/values-icp.yaml

@@ -4,7 +4,7 @@ controller:
   nginxplus: true
   image:
     repository: mycluster.icp:8500/kube-system/nginx-plus-ingress
-    tag: "3.6.2"
+    tag: "3.7.0"
   nodeSelector:
     beta.kubernetes.io/arch: "amd64"
     proxy: true

helm-charts/nginx-ingress/values-plus.yaml

@@ -3,4 +3,4 @@ controller:
   nginxplus: true
   image:
     repository: nginx-plus-ingress
-    tag: "3.6.2"
+    tag: "3.7.0"