Skip to content

chore(chart-deps): update ingress-nginx to version 4.13.1 #2453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 51 commits into from
Sep 9, 2025
Merged

chore(chart-deps): update ingress-nginx to version 4.13.1 #2453

merged 51 commits into from
Sep 9, 2025

Conversation

@svcAPLBot
Copy link
Contributor

@svcAPLBot svcAPLBot commented Aug 13, 2025
edited by merll
Loading

This PR updates the dependency ingress-nginx to version 4.13.1.

It also includes a number of changes, partially as a cleanup and for compatibility:

  • Many commented configuration lines, upstream defaults, and deprecated (or otherwise non-functional) options were removed.
  • The controller scope was extended to its own namespace (using label selector), as errors were logged accordingly even before this upgrade.
  • proxy-busy-buffers-size was added to override the default. The value needs to be >= proxy-buffer-size which we have increased.
  • Log verbosity was tuned down as this was not any helpful.
  • OpenTelemetry is no longer a sidecar, but the module is included already.
  • Snippets within the Ingress resource are considered a security risk with rating Critical (https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations-risk/) and only permitted after setting configuration options to disable checks. It has turned out that existing snippets were either ineffective due to configuration errors, or in case of OAuth2-Proxy no longer necessary.

@svcAPLBot svcAPLBot added the chart-deps Auto generated helm chart dependencies label Aug 13, 2025
@merll merll mentioned this pull request Aug 13, 2025
Closed
svcAPLBot and others added 27 commits August 13, 2025 10:53
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
6e8c11c 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
31b79a0 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
eafe168 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
c68b76d 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
e17bbdf 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
7d29603 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
e8f7c4a 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
54c1fda 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
0149028 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
8cce0e8 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
6aeb384 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
b8907ae 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
4cc455c 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
7f19099 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
5e3eec4 
…nx-to-4.13.1
@svcAPLBot
Merge remote-tracking branch 'origin/main' into ci-update-ingress-ngi…
cf14494 
…nx-to-4.13.1
@merll
chore: cleaned up deprecated and replaced options
e3b435c
@merll
chore: simplify registry
9110292
@merll
fix: set increased proxy-busy-buffers-size to match other settings
4196e14
@merll
fix: extend namespace scope of ingress controller
c9a337b
@merll
fix: add allowed annotation level
083beee
@merll
chore: skip comment output
7db40fa
@merll
chore: removed unused annotation
3b3501d
@merll
chore: clean up commented options
026eb26
@merll
feat: lower log verbosity
41ab2ea
@merll
fix: template comment syntax
507aac1
@merll
fix: trailing comma
665f571
@merll merll requested a review from Ani1357 as a code owner August 28, 2025 10:51
CasLubbers
CasLubbers reviewed Aug 28, 2025
View reviewed changes
CasLubbers
CasLubbers approved these changes Aug 28, 2025
View reviewed changes
Copy link
Contributor

@CasLubbers CasLubbers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested on cluster created workloads with some services and all worked. Couldn't find regression ✅

CasLubbers
CasLubbers requested changes Aug 28, 2025
View reviewed changes
Copy link
Contributor

@CasLubbers CasLubbers left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was a bit to soon with my approval. When I press log-out. It redirects to:
https://auth.caslubbers-1.dev-akamai-apl.net/oauth2/start?rd=https://console.caslubbers-1.dev-akamai-apl.net%2Fapps%2Fadmin
And I see:
default backend - 404
This was on a cluster that was on main and then upgraded to this branch

edit: it keeps redirecting to that page so I cannot log back and I am basically stuck

@merll merll requested a review from ferruhcihan as a code owner September 1, 2025 14:31
@merll merll requested a review from CasLubbers September 1, 2025 15:23
@merll
Copy link
Contributor

merll commented Sep 1, 2025

I was a bit to soon with my approval. When I press log-out. It redirects to: https://auth.caslubbers-1.dev-akamai-apl.net/oauth2/start?rd=https://console.caslubbers-1.dev-akamai-apl.net%2Fapps%2Fadmin And I see: default backend - 404 This was on a cluster that was on main and then upgraded to this branch

edit: it keeps redirecting to that page so I cannot log back and I am basically stuck

Tested different approaches to fix this, and added a post-upgrade script to run Helmfile with that one ingress that does not get updated.

CasLubbers
CasLubbers approved these changes Sep 2, 2025
View reviewed changes
Copy link
Contributor

@CasLubbers CasLubbers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested upgrade on cluster again and worked without issue

svcAPLBot and others added 9 commits September 3, 2025 15:47
Ani1357
Ani1357 approved these changes Sep 8, 2025
View reviewed changes
Copy link
Contributor

@Ani1357 Ani1357 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested again and now it works as expected.

@merll merll merged commit dd30e4b into main Sep 9, 2025
12 checks passed
@merll merll deleted the ci-update-ingress-nginx-to-4.13.1 branch September 9, 2025 08:21
@merll merll mentioned this pull request Sep 26, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CasLubbers CasLubbers CasLubbers approved these changes

@Ani1357 Ani1357 Ani1357 approved these changes

@j-zimnowoda j-zimnowoda Awaiting requested review from j-zimnowoda j-zimnowoda is a code owner

@merll merll Awaiting requested review from merll merll is a code owner

@ferruhcihan ferruhcihan Awaiting requested review from ferruhcihan ferruhcihan is a code owner

Assignees

No one assigned

Labels

chart-deps Auto generated helm chart dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@svcAPLBot @merll @CasLubbers @Ani1357