Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(helm): update chart ingress-nginx to 4.11.3 #31

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 28, 2023

This PR contains the following updates:

Package Update Change
ingress-nginx minor 4.7.1 -> 4.11.3

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

kubernetes/ingress-nginx (ingress-nginx)

v4.11.3

v4.11.2

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.11.1

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.11.0

WARNING

There are known issues with this release, some folks are experiencing core dumps. Please see https://github.com/kubernetes/ingress-nginx/issues/11588 for more information and comment if you are experiencing issues.

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.10.5

Changelog

This file documents all notable changes to ingress-nginx Helm Chart. The release numbering uses semantic versioning.

4.10.5
  • Update Ingress-Nginx version controller-v1.10.5

Full Changelog: kubernetes/ingress-nginx@helm-chart-4.10.4...helm-chart-4.10.5

v4.10.4

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.10.3

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.10.2

WARNING

There are known issues with this release, some folks are experiencing core dumps. Please see https://github.com/kubernetes/ingress-nginx/issues/11588 for more information and comments if you are experiencing issues.

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.10.1

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.10.0

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.9.1

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.9.0

v4.8.3

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.8.2

v4.8.1

v4.8.0

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.7.5

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.7.3

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer

v4.7.2

Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer


Configuration

📅 Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Oct 28, 2023

--- kubernetes/apps/networking/nginx/internal Kustomization: flux-system/cluster-apps-nginx-internal HelmRelease: networking/nginx-internal

+++ kubernetes/apps/networking/nginx/internal Kustomization: flux-system/cluster-apps-nginx-internal HelmRelease: networking/nginx-internal

@@ -9,13 +9,13 @@

     spec:
       chart: ingress-nginx
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx
         namespace: flux-system
-      version: 4.7.1
+      version: 4.11.3
   install:
     remediation:
       retries: 3
   interval: 30m
   maxHistory: 2
   uninstall:
--- kubernetes/apps/networking/nginx/external Kustomization: flux-system/cluster-apps-nginx-external HelmRelease: networking/nginx-external

+++ kubernetes/apps/networking/nginx/external Kustomization: flux-system/cluster-apps-nginx-external HelmRelease: networking/nginx-external

@@ -9,13 +9,13 @@

     spec:
       chart: ingress-nginx
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx
         namespace: flux-system
-      version: 4.7.1
+      version: 4.11.3
   dependsOn:
   - name: cloudflared
     namespace: networking
   install:
     remediation:
       retries: 3

@github-actions
Copy link

github-actions bot commented Oct 28, 2023

--- kubernetes HelmRelease: networking/nginx-internal Job: networking/nginx-internal-admission-patch

+++ kubernetes HelmRelease: networking/nginx-internal Job: networking/nginx-internal-admission-patch

@@ -23,13 +23,13 @@

         app.kubernetes.io/part-of: ingress-nginx
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/component: admission-webhook
     spec:
       containers:
       - name: patch
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f
         imagePullPolicy: IfNotPresent
         args:
         - patch
         - --webhook-name=nginx-internal-admission
         - --namespace=$(POD_NAMESPACE)
         - --patch-mutating=false
@@ -39,15 +39,19 @@

         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65532
+          seccompProfile:
+            type: RuntimeDefault
       restartPolicy: OnFailure
       serviceAccountName: nginx-internal-admission
       nodeSelector:
         kubernetes.io/os: linux
-      securityContext:
-        fsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
 
--- kubernetes HelmRelease: networking/nginx-internal ServiceAccount: networking/nginx-internal-admission

+++ kubernetes HelmRelease: networking/nginx-internal ServiceAccount: networking/nginx-internal-admission

@@ -10,7 +10,8 @@

   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/instance: nginx-internal
     app.kubernetes.io/part-of: ingress-nginx
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/component: admission-webhook
+automountServiceAccountToken: true
 
--- kubernetes HelmRelease: networking/nginx-internal ValidatingWebhookConfiguration: networking/nginx-internal-admission

+++ kubernetes HelmRelease: networking/nginx-internal ValidatingWebhookConfiguration: networking/nginx-internal-admission

@@ -25,14 +25,15 @@

   failurePolicy: Fail
   sideEffects: None
   admissionReviewVersions:
   - v1
   clientConfig:
     service:
+      name: nginx-internal-controller-admission
       namespace: networking
-      name: nginx-internal-controller-admission
+      port: 443
       path: /networking/v1/ingresses
   objectSelector:
     matchExpressions:
     - key: ingress-class
       operator: In
       values:
--- kubernetes HelmRelease: networking/nginx-internal ConfigMap: networking/nginx-internal-controller

+++ kubernetes HelmRelease: networking/nginx-internal ConfigMap: networking/nginx-internal-controller

@@ -8,13 +8,13 @@

     app.kubernetes.io/part-of: ingress-nginx
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/component: controller
   name: nginx-internal-controller
   namespace: networking
 data:
-  allow-snippet-annotations: 'true'
+  allow-snippet-annotations: 'false'
   client-body-buffer-size: 100M
   client-body-timeout: '120'
   client-header-timeout: '120'
   enable-brotli: 'true'
   enable-real-ip: 'true'
   hsts-max-age: '3.14496e+07'
--- kubernetes HelmRelease: networking/nginx-internal Job: networking/nginx-internal-admission-create

+++ kubernetes HelmRelease: networking/nginx-internal Job: networking/nginx-internal-admission-create

@@ -23,13 +23,13 @@

         app.kubernetes.io/part-of: ingress-nginx
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/component: admission-webhook
     spec:
       containers:
       - name: create
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f
         imagePullPolicy: IfNotPresent
         args:
         - create
         - --host=nginx-internal-controller-admission,nginx-internal-controller-admission.$(POD_NAMESPACE).svc
         - --namespace=$(POD_NAMESPACE)
         - --secret-name=nginx-internal-admission
@@ -37,15 +37,19 @@

         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65532
+          seccompProfile:
+            type: RuntimeDefault
       restartPolicy: OnFailure
       serviceAccountName: nginx-internal-admission
       nodeSelector:
         kubernetes.io/os: linux
-      securityContext:
-        fsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
 
--- kubernetes HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-controller

+++ kubernetes HelmRelease: networking/nginx-internal Deployment: networking/nginx-internal-controller

@@ -28,13 +28,13 @@

         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/component: controller
     spec:
       dnsPolicy: ClusterFirst
       containers:
       - name: controller
-        image: registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:
             exec:
               command:
               - /wait-shutdown
@@ -47,19 +47,23 @@

         - --configmap=$(POD_NAMESPACE)/nginx-internal-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
         - --default-ssl-certificate=networking/${SECRET_DOMAIN/./-}-production-tls
         securityContext:
+          runAsNonRoot: true
+          runAsUser: 101
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             drop:
             - ALL
             add:
             - NET_BIND_SERVICE
-          runAsUser: 101
-          allowPrivilegeEscalation: true
+          readOnlyRootFilesystem: false
         env:
         - name: POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
         - name: POD_NAMESPACE
--- kubernetes HelmRelease: networking/nginx-external ValidatingWebhookConfiguration: networking/nginx-external-admission

+++ kubernetes HelmRelease: networking/nginx-external ValidatingWebhookConfiguration: networking/nginx-external-admission

@@ -25,14 +25,15 @@

   failurePolicy: Fail
   sideEffects: None
   admissionReviewVersions:
   - v1
   clientConfig:
     service:
+      name: nginx-external-controller-admission
       namespace: networking
-      name: nginx-external-controller-admission
+      port: 443
       path: /networking/v1/ingresses
   objectSelector:
     matchExpressions:
     - key: ingress-class
       operator: In
       values:
--- kubernetes HelmRelease: networking/nginx-external Deployment: networking/nginx-external-controller

+++ kubernetes HelmRelease: networking/nginx-external Deployment: networking/nginx-external-controller

@@ -28,13 +28,13 @@

         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/component: controller
     spec:
       dnsPolicy: ClusterFirst
       containers:
       - name: controller
-        image: registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd
+        image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:
             exec:
               command:
               - /wait-shutdown
@@ -47,19 +47,23 @@

         - --configmap=$(POD_NAMESPACE)/nginx-external-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
         - --default-ssl-certificate=networking/${SECRET_DOMAIN/./-}-production-tls
         securityContext:
+          runAsNonRoot: true
+          runAsUser: 101
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             drop:
             - ALL
             add:
             - NET_BIND_SERVICE
-          runAsUser: 101
-          allowPrivilegeEscalation: true
+          readOnlyRootFilesystem: false
         env:
         - name: POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
         - name: POD_NAMESPACE
--- kubernetes HelmRelease: networking/nginx-external Job: networking/nginx-external-admission-create

+++ kubernetes HelmRelease: networking/nginx-external Job: networking/nginx-external-admission-create

@@ -23,13 +23,13 @@

         app.kubernetes.io/part-of: ingress-nginx
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/component: admission-webhook
     spec:
       containers:
       - name: create
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f
         imagePullPolicy: IfNotPresent
         args:
         - create
         - --host=nginx-external-controller-admission,nginx-external-controller-admission.$(POD_NAMESPACE).svc
         - --namespace=$(POD_NAMESPACE)
         - --secret-name=nginx-external-admission
@@ -37,15 +37,19 @@

         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65532
+          seccompProfile:
+            type: RuntimeDefault
       restartPolicy: OnFailure
       serviceAccountName: nginx-external-admission
       nodeSelector:
         kubernetes.io/os: linux
-      securityContext:
-        fsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
 
--- kubernetes HelmRelease: networking/nginx-external Job: networking/nginx-external-admission-patch

+++ kubernetes HelmRelease: networking/nginx-external Job: networking/nginx-external-admission-patch

@@ -23,13 +23,13 @@

         app.kubernetes.io/part-of: ingress-nginx
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/component: admission-webhook
     spec:
       containers:
       - name: patch
-        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4@sha256:a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f
         imagePullPolicy: IfNotPresent
         args:
         - patch
         - --webhook-name=nginx-external-admission
         - --namespace=$(POD_NAMESPACE)
         - --patch-mutating=false
@@ -39,15 +39,19 @@

         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65532
+          seccompProfile:
+            type: RuntimeDefault
       restartPolicy: OnFailure
       serviceAccountName: nginx-external-admission
       nodeSelector:
         kubernetes.io/os: linux
-      securityContext:
-        fsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
 
--- kubernetes HelmRelease: networking/nginx-external ServiceAccount: networking/nginx-external-admission

+++ kubernetes HelmRelease: networking/nginx-external ServiceAccount: networking/nginx-external-admission

@@ -10,7 +10,8 @@

   labels:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/instance: nginx-external
     app.kubernetes.io/part-of: ingress-nginx
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/component: admission-webhook
+automountServiceAccountToken: true
 
--- kubernetes HelmRelease: networking/nginx-external ConfigMap: networking/nginx-external-controller

+++ kubernetes HelmRelease: networking/nginx-external ConfigMap: networking/nginx-external-controller

@@ -8,13 +8,13 @@

     app.kubernetes.io/part-of: ingress-nginx
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/component: controller
   name: nginx-external-controller
   namespace: networking
 data:
-  allow-snippet-annotations: 'true'
+  allow-snippet-annotations: 'false'
   client-body-buffer-size: 100M
   client-body-timeout: '120'
   client-header-timeout: '120'
   enable-brotli: 'true'
   enable-real-ip: 'true'
   hsts-max-age: '3.14496e+07'

@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.8.3 feat(helm): update chart ingress-nginx to 4.8.4 Dec 2, 2023
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch from 39b7728 to 6b67ff7 Compare December 2, 2023 16:38
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.8.4 feat(helm): update chart ingress-nginx to 4.8.3 Dec 20, 2023
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch 2 times, most recently from dbb8368 to cdb4ced Compare December 21, 2023 12:37
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.8.3 feat(helm): update chart ingress-nginx to 4.9.0 Dec 21, 2023
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch from cdb4ced to 06510ab Compare January 27, 2024 09:13
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.9.0 feat(helm): update chart ingress-nginx to 4.9.1 Jan 27, 2024
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.9.1 feat(helm): update chart ingress-nginx to 4.10.0 Feb 29, 2024
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch from 06510ab to 77e83dd Compare February 29, 2024 01:53
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.10.0 feat(helm): update chart ingress-nginx to 4.10.1 Apr 26, 2024
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch from 77e83dd to c06bb59 Compare April 26, 2024 17:35
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch from c06bb59 to 5ecb066 Compare July 8, 2024 19:11
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.10.1 feat(helm): update chart ingress-nginx to 4.10.2 Jul 8, 2024
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch from 5ecb066 to 0ea6b2d Compare July 8, 2024 21:48
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.10.2 feat(helm): update chart ingress-nginx to 4.11.0 Jul 8, 2024
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch from 0ea6b2d to 17120e5 Compare July 18, 2024 18:10
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.11.0 feat(helm): update chart ingress-nginx to 4.11.1 Jul 18, 2024
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch from 17120e5 to 3e0b974 Compare August 16, 2024 09:57
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.11.1 feat(helm): update chart ingress-nginx to 4.11.2 Aug 16, 2024
@renovate renovate bot force-pushed the renovate/ingress-nginx-4.x branch from 3e0b974 to 18abe5e Compare October 8, 2024 21:59
@renovate renovate bot changed the title feat(helm): update chart ingress-nginx to 4.11.2 feat(helm): update chart ingress-nginx to 4.11.3 Oct 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants