From c5c7c83efcbc341c5ebee9a56aae7178e28a985b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 23 Jun 2025 15:07:04 +0100 Subject: [PATCH 01/11] add namespaced secret to example (#7942) --- .../common-secrets/cafe-secret-cafe-ns.example.com.yaml | 9 +++++++++ .../cross-namespace-configuration/cafe-secret.yaml | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 examples/common-secrets/cafe-secret-cafe-ns.example.com.yaml diff --git a/examples/common-secrets/cafe-secret-cafe-ns.example.com.yaml b/examples/common-secrets/cafe-secret-cafe-ns.example.com.yaml new file mode 100644 index 0000000000..75e9220abc --- /dev/null +++ b/examples/common-secrets/cafe-secret-cafe-ns.example.com.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cafe-secret + namespace: cafe +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdKRENDQkF5Z0F3SUJBZ0lVWUsyTGNWTlJrZVB5ZXUrdis0ckNMWTVJVmJZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1dERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOQk1TRXdId1lEVlFRS0RCaEpiblJsY201bApkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXhHVEFYQmdOVkJBTU1FR05oWm1VdVpYaGhiWEJzWlM1amIyMHdIaGNOCk1qUXhNREk0TVRVMU9UUXhXaGNOTXpReE1ESTJNVFUxT1RReFdqQllNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0cKQTFVRUNBd0NRMEV4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNUlFeDBaREVaTUJjRwpBMVVFQXd3UVkyRm1aUzVsZUdGdGNHeGxMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDCkFnb0NnZ0lCQU9pM3dZaGRCTGI0RldzY20yeHV3S2JNaElPRUM3YXF1aVpDQ2V2bHc5MUZUWVNvdHBGbUU2NkIKc1V6WWlRYVVtRGJLdWxRS3lramNXcC9LNExBbGI3Y2Z0ckdmUkN1b0xDT21oSkhvaXV5RDBMWXlsQXBXWjc5eApnOWEydlVUR3Joa2NVVGF3RVFoMlExT2dnTmk0Szd4S1U2cVJFRktnbmFTMXdTdmdiNXV6WXRaVys3SFdVbTlkCmliUEV4Qkc5TFJGaGVOdGZ5Vk9mSzVLRm11ZzdFVEN1Nzd5V001WWlxTmRKMEI0UnZQbS9XTlNrUzVXZ0c4RnMKaHMxRnlqTWFBWGYrU2t1ZVQxRlpUWEpjZzJjVjZOeEp3L3IrclNjZFozbWRDa29yaVBtSWRrM3FVR3pUaU1Mcgo2aUo2bEl1VTBOWFg4bXlwUXV3YUZtb3hBZWZZbzVqd0s2S3N5Q0tETTBLSWhsSVFVcHBnZHhST3packdXbjJQCm5EVkJuZmllWlRvWlU1dlMxNHNMZzhmQllmc3Z3LzNTZk1oNFoveVp1cnY3UDY3Yi9WSlowTlMvOW1SYmsySmcKblpjd0ViZ3ptUFJwUWdXUCtML1BieHBYaktBdEVXVG5lZW55KzZHaG9tVG0ycWh3NCt6Tm1rL0s3Nm4vMmhaZAphcFRaS0xrQk5rRVo3R0hxZGJBSUZ1RkVaVWo5b0wrYXI1d2hzTmNnU2JrU3RiNTkwMko2OE1oLzlvU2llajcxClNoWEJneklkcFpMWVppRkJEeWYxV3dGaDVBWDJkbVUwU3JGN3hTU1o4bkFseWFkU1lWOStuSlNtUXdiSzhNRUwKT041OVRXVXhWaGx3NG5MZlU3K0RCUVhkV2ZIZHNMK0RqajRUOGxtL3p1L0FzMk9lZWsxeEFnTUJBQUdqZ2VVdwpnZUl3SFFZRFZSME9CQllFRkxqcTBnQTQvUHU5VXZ3dnRXY1lJYTdsdER2Z01Cc0dBMVVkRVFRVU1CS0NFR05oClptVXVaWGhoYlhCc1pTNWpiMjB3Z1pVR0ExVWRJd1NCalRDQmlvQVV1T3JTQURqOCs3MVMvQysxWnhnaHJ1VzAKTytDaFhLUmFNRmd4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSURBSkRRVEVoTUI4R0ExVUVDZ3dZU1c1MApaWEp1WlhRZ1YybGtaMmwwY3lCUWRIa2dUSFJrTVJrd0Z3WURWUVFEREJCallXWmxMbVY0WVcxd2JHVXVZMjl0CmdoUmdyWXR4VTFHUjQvSjY3Ni83aXNJdGpraFZ0akFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUNBUUNnZnZ1MWo4K2FzVHQ3d2lCRmlDTnU1SUR3M25rQjYvOWg1Z3d2STR4YTNOdEhETTliYm5QUgpncnZTWjJXZ3FJNFR5dktKVVB5NHNaRGR3dUhiYjJSVC9MT1lQQTFXaVZhMjRiRTZtcXE1Y3VTNlZNb3h4bnB1CnBmdVllaml3eWpDTytUYXdhbFltTzVvNDFvRUxjR2ZNY21VK0YvK0tZZnozZFMvalNkYVc3cEM5YWpJQnFBTnMKS0daZ1JGKzl1ZlVibUlIcjZHeDJ5MU5oTnBjb1U4T2QrdkxKWXZxOGd1NDRqTG4xNE1Ra3hWZndyUU10T1E5RgpnOGpsTXphaVlMSnMwY3luRTJGSjhrYmI0K01QRkRyZjcranJGNGdlOXZCTDg5TlJkZXFZYWFGNTVMM0RQZzRZClRVVWQ3L1I4dlVUeEs0eHpqZlpNeHdnRGExRmtTMXB2VlNSNmkrVmVuYXdsUmZ2Q3FMUndvN1V3VjJLWUJjbGkKUFlCRzB2Z01mOEhQc0xvU1BibDNIY0xQTFhSdVI4RHZjdTdvUnEyYzRaOFVDNVBJS2FoWlZEekdsS0N6WHZlYwpQZ2xqSStFRzdyTWlnc1Fjcm5MdmxOZmRGdzZIcjkzVmR5OGYrZm4xdkVsN1A0NnBFWThlYnplOVhxNXNWT3I0CmhTcE5JMllGaWhjNXBlNzVmMXh2QjVHcjJJTm1PditZb0Jsc2VKNkUrR2tuOU1QY3Jjc3lwcVBoeXJORHF6THgKdE5DN0dLb2hEWlJRY1F6L3YvdGppV1lYRzFRY2RQU1JNakJiL2dkb1RBenNuNDRBWGpqT1A2YzkwWTEzUjdwaQpuRTJyUlFKWThCUHk4RitTT1pkUUV3d0NBbjZ6M2Job3BLc2ovM1JRU1lUNDhGZElRVndrbmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRG90OEdJWFFTMitCVnIKSEp0c2JzQ216SVNEaEF1MnFyb21RZ25yNWNQZFJVMkVxTGFSWmhPdWdiRk0ySWtHbEpnMnlycFVDc3BJM0ZxZgp5dUN3SlcrM0g3YXhuMFFycUN3anBvU1I2SXJzZzlDMk1wUUtWbWUvY1lQV3RyMUV4cTRaSEZFMnNCRUlka05UCm9JRFl1Q3U4U2xPcWtSQlNvSjJrdGNFcjRHK2JzMkxXVnZ1eDFsSnZYWW16eE1RUnZTMFJZWGpiWDhsVG55dVMKaFpyb094RXdydSs4bGpPV0lxalhTZEFlRWJ6NXYxalVwRXVWb0J2QmJJYk5SY296R2dGMy9rcExuazlSV1UxeQpYSU5uRmVqY1NjUDYvcTBuSFdkNW5RcEtLNGo1aUhaTjZsQnMwNGpDNitvaWVwU0xsTkRWMS9Kc3FVTHNHaFpxCk1RSG4yS09ZOEN1aXJNZ2lnek5DaUlaU0VGS2FZSGNVVHMyYXhscDlqNXcxUVozNG5tVTZHVk9iMHRlTEM0UEgKd1dIN0w4UDkwbnpJZUdmOG1icTcreit1Mi8xU1dkRFV2L1prVzVOaVlKMlhNQkc0TTVqMGFVSUZqL2kvejI4YQpWNHlnTFJGazUzbnA4dnVob2FKazV0cW9jT1BzelpwUHl1K3AvOW9XWFdxVTJTaTVBVFpCR2V4aDZuV3dDQmJoClJHVkkvYUMvbXErY0liRFhJRW01RXJXK2ZkTmlldkRJZi9hRW9ubys5VW9Wd1lNeUhhV1MyR1loUVE4bjlWc0IKWWVRRjluWmxORXF4ZThVa21mSndKY21uVW1GZmZweVVwa01HeXZEQkN6amVmVTFsTVZZWmNPSnkzMU8vZ3dVRgozVm54M2JDL2c0NCtFL0padjg3dndMTmpubnBOY1FJREFRQUJBb0lDQUJaQmFJazllQk4xY3pyc24vS0ZQdmhVCnE4R1dFYmEwNmh0NWlsQmNoMWcwWmY3dlVaSmpKRE8ycEhtWVpiWlM1S0dzenBmMTlqVjBtVmdadzFZbEptTnAKYllQY0d0MWY5bVNzYXBZM21uMlc5NUZORWZwUkhCZmpaN3ZUZXhOR091VWMzNmx1dWhwSWtSVEF6MEdxajBneApCWUpVNEM0K3ZRVEErd25TcTJuRkJJbENCVTBURll3ZjhtaldRdmY5VXYrTUJrNVlnVHoxaG1tN1RENjBVMmNICis5Wlp1UEk5TzA5bmVEYy85QVlnWmdMaitYU0VQTk5KS1RVZFhRSjVGTFhnaEVOcUR1VFZPUUpjVlphNHNpM0wKQWlxUlM0Ym5tWHM0YVFFQjI5WWRWazhLUHduQlN4MTFDVTJsMG1uczMvSHJkbndzemNFZGw1SXRRS1RuQTNJUQpvZkRMVk1OSkg2UHE1Um1zREZYaFh1bnhLdkhXUHpvU0pkZ3REZHNZUnNaaFRnaW5vZ1AwQVdrdmMwT0MwaHh3CjNldWJLcDh3d3F0RndHNk1nWFg0WUFLQUd0K3RzVVdkRENmWUVPYUVWcXBXT3F3UUhsb3J0cmwvN1hmRjNra2UKY0VzalJyRXRMSytCOEhvdjFNSmtibVFlblE0cHdkcXdrdHV3SU41QUdqN2lCQ2V1U2R5S2gyc0hxRUIvbkZEbApTbFh1VzVNTjUranMrZ0lyOU5GRUdDdUEyQ3BGWWpKQk9sNk1nV0t3S0FwWWgwYnEvNTVOV0pwV1JTRllTZ29UCnFiV285S3JYZkR4azJVb05pVFVBcEdVeXBaWTFXT2hyOUs3WU1HOXpHbHQ0WnNrV1dhdXFEMnBQSjhhVXdabjEKeWY1TnMyb25LMkNmZmhvUkRPVC9Bb0lCQVFEOWU5MlE0RWVKamlNQ0JIREhycDgzMUM0eXRJclJHbENJS3pNQgpoMjl6SFIvRWJUanplUmFzU1RLQzQ1SjhhTnQ4MStvM2xpcVFhclJvOFdHelEvNnpqdWVpSW9SRDNpWm5pZUJ3CmU3R1piK0doVmdlVkNKbGtFQ0FTc0dlZ1pkSzA0dWRzZmU5d3JWaDY1TjZnWW92Z2dyOVZPU1NNZ25NSys2Z1IKb0cxNHRSMDArN0kzdndoL0YyQVZLOXdkY3ZoN2puK2FXbGp3R1lFWHRDWUNJWENVbjhHTHpWVU53MlRHckFuRQpOL2d5anUyeTk1R2FrR3JpZTRkdmpoUTl5dTNPbU9haWp1enlXMGxxdnVrakVWTmZ2L3lYbzFNOWJ4OTdQNkFLCkxEU3VGVjJEY1pGSEpvT1NLYVV0eHpibzFIVmdGWmZiK3hpUmNRb0N3c0NjMC9VUEFvSUJBUURyQng4UGQwSjIKVkU3eUhVdC9LMDQ2OXNoejFzVUtEeFkrQ1B0dTZvODFkU0QzUHBMV3c1VzR1aWdSeFJnTUpqK3UyMGFSeEM4UgpMbDhXSmJCR0I4QllyQXhiMWlGMm5XTnFzdFVicVp1ZUlxeUIvbWJNZFk5OSt2L01Iek1WTnZwTjBTdkJsTWFaClhVSTdFWW1zbXJHYjRSMXdOa3VwWVdHL1RpMHNVUk9qSFpSZldsM0kxR1dpbkNVdE5oeEZ2OEtGcWJDd05DVTAKOHNYMjdLTEIza3RRZWhmc3JlTjd4NEw2MGU0T0FKMGhjZFUzL2I5b2VERGttVWFSYVE0bk9TVWEveDdTQW5RdQpnQmxQTTdjUWUrbjYwZEU0QjVrZzJpeG0reEhaL09tMGluK1JTR0ljRTc3eG0vMlhhTlZjcEUxRWlhaGdJT3hTCkpYVU4zWjdsTHBWL0FvSUJBUUNXTkxjWHFYOWFxS3BnQUtlZisvOEhReWxaREprUnpha1k5NWhTK0tGM01qUG4KM3QwWGtaSjQ1eXNTV3E0c0lLcW5jUDZ1ajhLTEwxL1dxK3E4SXJla1NUTkRaWGJCREx2dk1NbVpmZ0xBcklhawpadWs1VEE0eE9FajVLaVZONitpUEhjSUxEUms4eU11Y2oxREk4M3gxdnFTSWFNTWFyQlpsMUxoRU1hK05EcTNPCi9yTWR5NHJLWE55bnp3U3hRcmF4NkwvK2hEa2RsYzlrYjNEeVpFUmxIY0hBQ1IyMGVTdVhlc3lTeEtQRHVlUnEKMzc4ZE95VExMbTRVRWJvMjM3QkpjMXQveW5mb0tXWDQ1a1lhYktMZUkxTVh2RVdRS3ZBWnhac2RUQkt2Y2FPbgpSejNTVHFVNmtJajc5b2U0TW1XWFdWUlNtNWwwWGVxVHRqb1M5SnJMQW9JQkFRQ2JiY2szeENuNjhVU0lUNkZYCkIzK2o5UUtad1FYcjRoQldsRUFibVJsK1EraTZPZktIL3k2cnpNaWsvOUFvY0w4YTF6NnpOYWZlMStqZ1Q2cGsKbGNtNW1vWk4wYTJ0c09aSGNOOElmVUZCOGpKZGdhM2dOenJmR0xoRCtMb2lwSW9pSGx1dW1NSkNPRytOZXNxdQprRnMyK0Vnc3BtdWhKNXFxRm53L1c1cjkrNWpjK25rZFVJR3FhVk1ZdERrOFUxWEVhWFZGQWljOC9mUzNtTVVHCkt3bHB2bVRHRERWdDdZS01kM3JVWGNtTWphaHhiK2srb0lYTkdDU1lFMzdkcDZnSFU0TEJaZ2dKbklPZ1lsWUYKbTcwZ045UUNGdHhJNHFBTXRxdVdtdkMvaWZ4VlN5WSs1VHdZc28yaHJSMjFONTgxM1VleDB2UVdXMWt2QTBxSwp6Q1RuQW9JQkFHVTkrRFY0cnZqV21zSmFnckw4TEV4RWY1ZHVDeVhtY0huak5wZmkrcjdjamQ3dlNYY29aZjQrCm1IaDJ6NVN0NUpsVEpWMCtOcVFWL2ZnUS9EcWlZeVNESFcza1JXaFBNT1ROeHZoV1lmMU4wd1diMmllS3lmTlMKVGRXS2JsUFcwZjh3WGYwL09JOFRaSjZFWXVBVXBpbGpSenB1emlkMVJOT3ZJb3BiUnBxd2pMVUtzb0IvMG5LZAp3YmNOcWdWN0lSNDVDZDlCTm8vTThFc2ppZkRnQVpmQzNZbjRWOGl4eXdSQmFjQ1dWcXhvK3UvT2wzN052QkJJCmhnQ1RqNVBDQ3NBcHZwK0dhRERJdFg0cVpoWURERys0ZFNDRHNpSnB1U1orWjZrQnFSNnVncUliMGJVQXFIbGkKd2hZUllYNklldnF2QUEzNTNxbmJzQW5ZQ09oZk5hVT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= diff --git a/examples/custom-resources/cross-namespace-configuration/cafe-secret.yaml b/examples/custom-resources/cross-namespace-configuration/cafe-secret.yaml index efa8919b4b..6d8cd13e70 120000 --- a/examples/custom-resources/cross-namespace-configuration/cafe-secret.yaml +++ b/examples/custom-resources/cross-namespace-configuration/cafe-secret.yaml @@ -1 +1 @@ -../../common-secrets/cafe-secret-cafe.example.com.yaml \ No newline at end of file +../../common-secrets/cafe-secret-cafe-ns.example.com.yaml \ No newline at end of file From 86e749a3a8e1a7d5d7d4ffad3a31a31060b54879 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 24 Jun 2025 15:14:04 +0100 Subject: [PATCH 02/11] Docker image update 1e04714a --- build/Dockerfile | 8 ++++---- build/dependencies/Dockerfile.ubi8 | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index d401abb0a7..8bc1122963 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -9,8 +9,8 @@ ARG PACKAGE_REPO=pkgs.nginx.com ############################################# Base images containing libs for FIPS ############################################# -FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi8@sha256:aa7430bd04e831cd3688e9e77143e4cf83ce44bbca08374fbd653b93e1337678 AS ubi8-packages -FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi9@sha256:4eec24e39c34fa67c1875fe6de659d50c40281c1645f8a2f228a85fc4467b14d AS ubi9-packages +FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi8@sha256:a17d47206850093f8d00995d128cb877cb72c29ce18d921d18b620861b357110 AS ubi8-packages +FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi9@sha256:966c9aef7ccb3065d031308e407bf4d12bb9a0460a0fc49b92370645dcc62272 AS ubi9-packages FROM ghcr.io/nginx/alpine-fips:0.2.4-alpine3.19@sha256:2a7f8451110b588b733e4cb8727a48153057b1debac5c78ef8a539ff63712fa1 AS alpine-fips-3.19 FROM ghcr.io/nginx/alpine-fips:0.2.4-alpine3.21@sha256:5221dec2e33436f2586c743c7aa3ef4626c0ec54184dc3364d101036d4f4a060 AS alpine-fips-3.21 FROM redhat/ubi9-minimal:9.6@sha256:f172b3082a3d1bbe789a1057f03883c1113243564f01cd3020e27548b911d3f8 AS ubi-minimal @@ -466,7 +466,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ############################################# Base image for UBI8 with NGINX Plus and App Protect WAF ############################################# -FROM redhat/ubi8@sha256:0c1757c4526cfd7fdfedc54fadf4940e7f453201de65c0fefd454f3dde117273 AS ubi-8-plus-nap +FROM redhat/ubi8@sha256:19eae3d00adb37538a62b9bd093fd1e01dc6197f1925e960224244a1ed52bfb5 AS ubi-8-plus-nap ARG NGINX_PLUS_VERSION ARG BUILD_OS @@ -505,7 +505,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ############################################# Base image for UBI8 with NGINX Plus and App Protect WAFv5 ############################################# -FROM redhat/ubi8@sha256:0c1757c4526cfd7fdfedc54fadf4940e7f453201de65c0fefd454f3dde117273 AS ubi-8-plus-nap-v5 +FROM redhat/ubi8@sha256:19eae3d00adb37538a62b9bd093fd1e01dc6197f1925e960224244a1ed52bfb5 AS ubi-8-plus-nap-v5 ARG NGINX_PLUS_VERSION ENV NGINX_VERSION=${NGINX_PLUS_VERSION} diff --git a/build/dependencies/Dockerfile.ubi8 b/build/dependencies/Dockerfile.ubi8 index 8e1a83d8fb..5409422bcb 100644 --- a/build/dependencies/Dockerfile.ubi8 +++ b/build/dependencies/Dockerfile.ubi8 @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1.16 -FROM redhat/ubi8@sha256:0c1757c4526cfd7fdfedc54fadf4940e7f453201de65c0fefd454f3dde117273 AS rpm-build +FROM redhat/ubi8@sha256:19eae3d00adb37538a62b9bd093fd1e01dc6197f1925e960224244a1ed52bfb5 AS rpm-build RUN mkdir -p /rpms/ \ && dnf install rpm-build gcc make cmake -y \ && rpmbuild --rebuild --nodebuginfo https://mirror.stream.centos.org/9-stream/BaseOS/source/tree/Packages/c-ares-1.19.1-1.el9.src.rpm \ From 89820a81934b6f2e94a9b1e2bd5e0d2423f7c033 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 25 Jun 2025 09:06:12 +0100 Subject: [PATCH 03/11] [cherry-pick] [pre-commit.ci] pre-commit autoupdate (#7949) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [pre-commit.ci] pre-commit autoupdate (#7943) updates: - [github.com/python-jsonschema/check-jsonschema: 0.33.0 → 0.33.1](https://github.com/python-jsonschema/check-jsonschema/compare/0.33.0...0.33.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e8560cf44c..895ab90dbe 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -77,7 +77,7 @@ repos: ] - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.33.0 + rev: 0.33.1 hooks: - id: check-jsonschema name: "Check Helm Chart JSON Schema" From d874d81a4d29543ef33c0178e0e80988b01785a0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 26 Jun 2025 16:07:09 +0100 Subject: [PATCH 04/11] Docker image update 79d70b3a (#7963) --- build/Dockerfile | 6 +++--- build/dependencies/Dockerfile.ubi9 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 8bc1122963..dd99968ed7 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -9,11 +9,11 @@ ARG PACKAGE_REPO=pkgs.nginx.com ############################################# Base images containing libs for FIPS ############################################# -FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi8@sha256:a17d47206850093f8d00995d128cb877cb72c29ce18d921d18b620861b357110 AS ubi8-packages -FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi9@sha256:966c9aef7ccb3065d031308e407bf4d12bb9a0460a0fc49b92370645dcc62272 AS ubi9-packages +FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi8@sha256:bd9f3b78bc8932fcb3ffdaa4f4901c512439be6e5bec7762715092fea348cb17 AS ubi8-packages +FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi9@sha256:daea8e91cc5f00b21f086f017cfe6f9d04784d4f3c1af39743c8af3861919e6b AS ubi9-packages FROM ghcr.io/nginx/alpine-fips:0.2.4-alpine3.19@sha256:2a7f8451110b588b733e4cb8727a48153057b1debac5c78ef8a539ff63712fa1 AS alpine-fips-3.19 FROM ghcr.io/nginx/alpine-fips:0.2.4-alpine3.21@sha256:5221dec2e33436f2586c743c7aa3ef4626c0ec54184dc3364d101036d4f4a060 AS alpine-fips-3.21 -FROM redhat/ubi9-minimal:9.6@sha256:f172b3082a3d1bbe789a1057f03883c1113243564f01cd3020e27548b911d3f8 AS ubi-minimal +FROM redhat/ubi9-minimal:9.6@sha256:e12131db2e2b6572613589a94b7f615d4ac89d94f859dad05908aeb478fb090f AS ubi-minimal FROM golang:1.24-alpine@sha256:68932fa6d4d4059845c8f40ad7e654e626f3ebd3706eef7846f319293ab5cb7a AS golang-builder ############################################# NGINX files ############################################# diff --git a/build/dependencies/Dockerfile.ubi9 b/build/dependencies/Dockerfile.ubi9 index e5774144a7..39b10ea810 100644 --- a/build/dependencies/Dockerfile.ubi9 +++ b/build/dependencies/Dockerfile.ubi9 @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1.16 -FROM redhat/ubi9:9.6@sha256:861e833044a903f689ecfa404424494a7e387ab39cf7949c54843285d13a9774 AS rpm-build +FROM redhat/ubi9:9.6@sha256:7a4818cdb8e0461d75d4bdfa42a355d3725bcc8cc0cc5d467021119d5962ce6b AS rpm-build RUN mkdir -p /rpms/ \ && dnf install rpm-build gcc make cmake -y \ && rpmbuild --rebuild --nodebuginfo https://mirror.stream.centos.org/9-stream/BaseOS/source/tree/Packages/c-ares-1.19.1-1.el9.src.rpm \ From 621b0df6535f6a5d8f94db85dbffadaa734bfa5c Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Thu, 26 Jun 2025 16:37:40 +0100 Subject: [PATCH 05/11] update WAFv5 version (#7967) --- build/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index dd99968ed7..90a5683f48 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -255,7 +255,7 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \ && cp -av /tmp/fips/etc/ssl/openssl.cnf /etc/ssl/openssl.cnf \ && mkdir -p /etc/nginx/reporting/ \ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \ - && apk add --no-cache app-protect-module-plus~=34.5.342 \ + && apk add --no-cache app-protect-module-plus~=34.5.442 \ && sed -i -e '/nginx.com/d' /etc/apk/repositories \ && nap-waf.sh \ agent.sh @@ -357,7 +357,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode --mount=type=bind,from=nginx-files,src=nap-waf.sh,target=/usr/local/bin/nap-waf.sh \ --mount=type=bind,from=nginx-files,src=debian-agent-12.sources,target=/etc/apt/sources.list.d/nginx-agent.sources \ apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y nginx-agent=2.* app-protect-module-plus=34+5.342* nginx-plus-module-appprotect=34+5.342* app-protect-plugin=6.12.0* \ + && apt-get install --no-install-recommends --no-install-suggests -y nginx-agent=2.* app-protect-module-plus=34+5.442* nginx-plus-module-appprotect=34+5.442* app-protect-plugin=6.16.0* \ && nap-waf.sh \ && agent.sh @@ -459,7 +459,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \ && rpm -Uvh /ubi-bin/c-ares-*.rpm \ && microdnf --nodocs install -y ca-certificates shadow-utils subscription-manager \ - && microdnf --nodocs install -y nginx-plus-module-otel nginx-agent-2.* app-protect-module-plus-34+5.342* \ + && microdnf --nodocs install -y nginx-plus-module-otel nginx-agent-2.* app-protect-module-plus-34+5.442* \ && nap-waf.sh \ && ubi-clean.sh \ && agent.sh @@ -529,7 +529,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && rpm --import /tmp/nginx_signing.key \ && rpm -Uvh /ubi-bin/c-ares-*.rpm \ && dnf --nodocs install -y nginx-plus nginx-plus-module-njs nginx-plus-module-otel nginx-plus-module-fips-check nginx-agent-2.* \ - && dnf --nodocs install -y app-protect-module-plus-34+5.342* \ + && dnf --nodocs install -y app-protect-module-plus-34+5.442* \ && nap-waf.sh \ && agent.sh \ && dnf clean all From 05d120d176073747fdbe811ce8524da1b46e65d0 Mon Sep 17 00:00:00 2001 From: Paul Abel <128620221+pdabelf5@users.noreply.github.com> Date: Fri, 27 Jun 2025 14:04:44 +0100 Subject: [PATCH 06/11] chore(deps): bump the go group with 2 updates (#7959) (#7964) --- go.mod | 38 ++++++++++++++-------------- go.sum | 80 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 59 insertions(+), 59 deletions(-) diff --git a/go.mod b/go.mod index 7184b7a1bd..493bb3397c 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ require ( github.com/prometheus/client_golang v1.22.0 github.com/spiffe/go-spiffe/v2 v2.5.0 github.com/stretchr/testify v1.10.0 - go.opentelemetry.io/otel v1.36.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 + go.opentelemetry.io/otel v1.37.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0 k8s.io/api v0.33.2 k8s.io/apimachinery v0.33.2 k8s.io/client-go v0.33.2 @@ -88,7 +88,7 @@ require ( github.com/go-errors/errors v1.4.2 // indirect github.com/go-jose/go-jose/v4 v4.0.5 // indirect github.com/go-ldap/ldap/v3 v3.4.8 // indirect - github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -110,7 +110,7 @@ require ( github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect github.com/gruntwork-io/go-commons v0.8.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect @@ -167,26 +167,26 @@ require ( go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect - go.opentelemetry.io/otel/metric v1.36.0 // indirect - go.opentelemetry.io/otel/sdk v1.36.0 // indirect - go.opentelemetry.io/otel/trace v1.36.0 // indirect - go.opentelemetry.io/proto/otlp v1.6.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 // indirect + go.opentelemetry.io/otel/metric v1.37.0 // indirect + go.opentelemetry.io/otel/sdk v1.37.0 // indirect + go.opentelemetry.io/otel/trace v1.37.0 // indirect + go.opentelemetry.io/proto/otlp v1.7.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.38.0 // indirect - golang.org/x/mod v0.24.0 // indirect - golang.org/x/net v0.40.0 // indirect - golang.org/x/oauth2 v0.28.0 // indirect - golang.org/x/sync v0.14.0 // indirect + golang.org/x/crypto v0.39.0 // indirect + golang.org/x/mod v0.25.0 // indirect + golang.org/x/net v0.41.0 // indirect + golang.org/x/oauth2 v0.30.0 // indirect + golang.org/x/sync v0.15.0 // indirect golang.org/x/sys v0.33.0 // indirect golang.org/x/term v0.32.0 // indirect - golang.org/x/text v0.25.0 // indirect + golang.org/x/text v0.26.0 // indirect golang.org/x/time v0.9.0 // indirect - golang.org/x/tools v0.32.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 // indirect - google.golang.org/grpc v1.72.1 // indirect + golang.org/x/tools v0.33.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect + google.golang.org/grpc v1.73.0 // indirect google.golang.org/protobuf v1.36.6 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 7a51fb8abf..4d197d0e53 100644 --- a/go.sum +++ b/go.sum @@ -143,8 +143,8 @@ github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JS github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -207,8 +207,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 h1:5ZPtiqj0JL5oKWmcsq4VMaAW5ukBEgSGXEN89zeH1Jo= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3/go.mod h1:ndYquD05frm2vACXE1nsccT4oJzjhw2arTS2cpUD1PI= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 h1:X5VWvz21y3gzm9Nw/kaUeku/1+uBhcekkmy4IkffJww= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1/go.mod h1:Zanoh4+gvIgluNqcfMVTJueD4wSS5hT7zTt4Mrutd90= github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= github.com/gruntwork-io/terratest v0.50.0 h1:AbBJ7IRCpLZ9H4HBrjeoWESITv8nLjN6/f1riMNcAsw= @@ -426,22 +426,22 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.5 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= -go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= -go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 h1:dNzwXjZKpMpE2JhmO+9HsPl42NIXFIFSUSSs0fiqra0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0/go.mod h1:90PoxvaEB5n6AOdZvi+yWJQoE95U8Dhhw2bSyRqnTD0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 h1:JgtbA0xkWHnTmYk7YusopJFX6uleBmAuZ8n05NEh8nQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0/go.mod h1:179AK5aar5R3eS9FucPy6rggvU0g52cvKId8pv4+v0c= -go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= -go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= -go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= -go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= -go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk= -go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w= -go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= -go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= -go.opentelemetry.io/proto/otlp v1.6.0 h1:jQjP+AQyTf+Fe7OKj/MfkDrmK4MNVtw2NpXsf9fefDI= -go.opentelemetry.io/proto/otlp v1.6.0/go.mod h1:cicgGehlFuNdgZkcALOCh3VE6K/u2tAjzlRhDwmVpZc= +go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= +go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 h1:Ahq7pZmv87yiyn3jeFz/LekZmPLLdKejuO3NcK9MssM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0/go.mod h1:MJTqhM0im3mRLw1i8uGHnCvUEeS7VwRyxlLC78PA18M= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0 h1:EtFWSnwW9hGObjkIdmlnWSydO+Qs8OwzfzXLUPg4xOc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0/go.mod h1:QjUEoiGCPkvFZ/MjK6ZZfNOS6mfVEVKYE99dFhuN2LI= +go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= +go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= +go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= +go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= +go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= +go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= +go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= +go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/proto/otlp v1.7.0 h1:jX1VolD6nHuFzOYso2E73H85i92Mv8JQYk0K9vz09os= +go.opentelemetry.io/proto/otlp v1.7.0/go.mod h1:fSKjH6YJ7HDlwzltzyMj036AJ3ejJLCgCSHGj4efDDo= go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -457,14 +457,14 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8= -golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= -golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= +golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -477,17 +477,17 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= -golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= -golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc= -golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= +golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ= -golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= +golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -520,8 +520,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4= -golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA= +golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= +golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -530,20 +530,20 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU= -golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s= +golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= +golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= -google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237 h1:Kog3KlB4xevJlAcbbbzPfRG0+X9fdoGM+UBRKVz6Wr0= -google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237/go.mod h1:ezi0AVyMKDWy5xAncvjLWH7UcLBB5n7y2fQ8MzjJcto= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 h1:cJfm9zPbe1e873mHJzmQ1nwVEeRDU/T1wXDK2kUSU34= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA= -google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= +google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 h1:oWVWY3NzT7KJppx2UKhKmzPq4SRe0LdCijVRwvGeikY= +google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822/go.mod h1:h3c4v36UTKzUiuaOKQ6gr3S+0hovBtUrXzTG/i3+XEc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= +google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From adbb5e6e3b1dd7ed1b636b9e6d2b04b95325c643 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 2 Jul 2025 10:34:55 +0000 Subject: [PATCH 07/11] Docker image update a48c8357 (#7980) --- build/Dockerfile | 4 ++-- tests/Dockerfile | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 90a5683f48..26c98485d0 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -13,7 +13,7 @@ FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi8@sha256:bd9f3b78bc8932fcb3ffdaa4f4 FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi9@sha256:daea8e91cc5f00b21f086f017cfe6f9d04784d4f3c1af39743c8af3861919e6b AS ubi9-packages FROM ghcr.io/nginx/alpine-fips:0.2.4-alpine3.19@sha256:2a7f8451110b588b733e4cb8727a48153057b1debac5c78ef8a539ff63712fa1 AS alpine-fips-3.19 FROM ghcr.io/nginx/alpine-fips:0.2.4-alpine3.21@sha256:5221dec2e33436f2586c743c7aa3ef4626c0ec54184dc3364d101036d4f4a060 AS alpine-fips-3.21 -FROM redhat/ubi9-minimal:9.6@sha256:e12131db2e2b6572613589a94b7f615d4ac89d94f859dad05908aeb478fb090f AS ubi-minimal +FROM redhat/ubi9-minimal:9.6@sha256:383329bf9c4f968e87e85d30ba3a5cb988a3bbde28b8e4932dcd3a025fd9c98c AS ubi-minimal FROM golang:1.24-alpine@sha256:68932fa6d4d4059845c8f40ad7e654e626f3ebd3706eef7846f319293ab5cb7a AS golang-builder ############################################# NGINX files ############################################# @@ -262,7 +262,7 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \ ############################################# Base image for Debian with NGINX Plus only ############################################# -FROM debian:12-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS debian-plus-only +FROM debian:12-slim@sha256:6ac2c08566499cc2415926653cf2ed7c3aedac445675a013cc09469c9e118fdd AS debian-plus-only ARG NGINX_PLUS_VERSION ENV NGINX_VERSION=${NGINX_PLUS_VERSION} diff --git a/tests/Dockerfile b/tests/Dockerfile index e06a582d2c..e0fcecbb66 100644 --- a/tests/Dockerfile +++ b/tests/Dockerfile @@ -5,7 +5,7 @@ FROM kindest/node:v1.33.1@sha256:050072256b9a903bd914c0b2866828150cb229cea0efe58 # this is here so we can grab the latest version of skopeo and have dependabot keep it up to date FROM quay.io/skopeo/stable:v1.19.0 -FROM python:3.13@sha256:5f69d22a88dd4cc4ee1576def19aef48c8faa1b566054c44291183831cbad13b +FROM python:3.13@sha256:a6af772cf98267c48c145928cbeb35bd8e89b610acd70f93e3e8ac3e96c92af8 RUN apt-get update \ && apt-get install -y curl git apache2-utils \ From 9fccbca8531be7cd450fcbff0e1b740030016aa9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 4 Jul 2025 12:58:18 +0000 Subject: [PATCH 08/11] Pin OSS version in Dockerfile (#7990) Pin OSS version in Dockerfile (#7989) Co-authored-by: Paul Abel <128620221+pdabelf5@users.noreply.github.com> --- Makefile | 7 ++++--- build/Dockerfile | 15 +++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index 9d19a4f4db..305f596ba0 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,7 @@ VER = $(shell grep IC_VERSION .github/data/version.txt | cut -d '=' -f 2) GIT_TAG = $(shell git describe --exact-match --tags || echo untagged) VERSION = $(VER)-SNAPSHOT +NGINX_OSS_VERSION ?= 1.27 NGINX_PLUS_VERSION ?= R34 PLUS_ARGS = --build-arg NGINX_PLUS_VERSION=$(NGINX_PLUS_VERSION) --secret id=nginx-repo.crt,src=nginx-repo.crt --secret id=nginx-repo.key,src=nginx-repo.key @@ -134,11 +135,11 @@ build-goreleaser: ## Build Ingress Controller binary using GoReleaser .PHONY: debian-image debian-image: build ## Create Docker image for Ingress Controller (Debian) - $(DOCKER_CMD) --build-arg BUILD_OS=debian + $(DOCKER_CMD) --build-arg BUILD_OS=debian --build-arg NGINX_OSS_VERSION=$(NGINX_OSS_VERSION) .PHONY: alpine-image alpine-image: build ## Create Docker image for Ingress Controller (Alpine) - $(DOCKER_CMD) --build-arg BUILD_OS=alpine + $(DOCKER_CMD) --build-arg BUILD_OS=alpine --build-arg NGINX_OSS_VERSION=$(NGINX_OSS_VERSION) .PHONY: alpine-image-plus alpine-image-plus: build ## Create Docker image for Ingress Controller (Alpine with NGINX Plus) @@ -179,7 +180,7 @@ debian-image-nap-dos-plus: build ## Create Docker image for Ingress Controller ( .PHONY: ubi-image ubi-image: build ## Create Docker image for Ingress Controller (UBI) - $(DOCKER_CMD) --build-arg BUILD_OS=ubi + $(DOCKER_CMD) --build-arg BUILD_OS=ubi --build-arg NGINX_OSS_VERSION=$(NGINX_OSS_VERSION) .PHONY: ubi-image-plus ubi-image-plus: build ## Create Docker image for Ingress Controller (UBI with NGINX Plus) diff --git a/build/Dockerfile b/build/Dockerfile index 26c98485d0..5da2934edd 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,5 +1,6 @@ # syntax=docker/dockerfile:1.16 ARG BUILD_OS=debian +ARG NGINX_OSS_VERSION=1.27 ARG NGINX_PLUS_VERSION=R34 ARG DOWNLOAD_TAG=edge ARG DEBIAN_FRONTEND=noninteractive @@ -83,6 +84,7 @@ USER 101 ############################################# Base image for Alpine ############################################# FROM nginx:1.27.5-alpine@sha256:65645c7bb6a0661892a8b03b89d0743208a18dd2f3f17a54ef4b76fb8e2f2a10 AS alpine ARG PACKAGE_REPO +ARG NGINX_OSS_VERSION RUN --mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \ --mount=type=bind,from=nginx-files,src=user_agent,target=/tmp/user_agent \ @@ -91,7 +93,7 @@ RUN --mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk && export $(cat /tmp/user_agent) \ && printf "%s%s%s\n" "http://packages.nginx.org/nginx/mainline/alpine/v" `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` "/main" >> /etc/apk/repositories \ && printf "%s%s%s\n" "http://packages.nginx.org/nginx-agent/alpine/v" `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` "/main" >> /etc/apk/repositories \ - && apk add --no-cache nginx-module-otel "nginx-agent<3.1" \ + && apk add --no-cache nginx-module-otel~${NGINX_OSS_VERSION} "nginx-agent<3.1" \ && ldconfig /usr/local/lib/ \ && agent.sh \ && sed -i -e '/nginx.org/d' /etc/apk/repositories @@ -99,6 +101,7 @@ RUN --mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk ############################################# Base image for Debian ############################################# FROM nginx:1.27.5@sha256:6784fb0834aa7dbbe12e3d7471e69c290df3e6ba810dc38b34ae33d3c1c05f7d AS debian +ARG NGINX_OSS_VERSION RUN --mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \ --mount=type=bind,from=nginx-files,src=90pkgs-nginx,target=/etc/apt/apt.conf.d/90pkgs-nginx \ @@ -113,16 +116,16 @@ RUN --mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_s http://packages.nginx.org/nginx-agent/debian `lsb_release -cs` agent" >> /etc/apt/sources.list.d/nginx.list \ && printf "%s" "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" > /etc/apt/preferences.d/99nginx \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y nginx-agent=3.0.* nginx-module-otel \ + && apt-get install --no-install-recommends --no-install-suggests -y nginx-agent=3.0.* nginx-module-otel=${NGINX_OSS_VERSION}* \ && apt-get purge --auto-remove -y gpg \ - && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-agent.sources /etc/apt/preferences.d/99nginx /etc/apt/sources.list.d/nginx.list \ - && agent.sh \ - && ldconfig + && rm -rf /var/lib/apt/lists/* /etc/apt/preferences.d/99nginx /etc/apt/sources.list.d/nginx.list \ + && agent.sh ############################################# Base image for UBI ############################################# FROM ubi-minimal AS ubi ARG IC_VERSION +ARG NGINX_OSS_VERSION LABEL name="NGINX Ingress Controller" \ maintainer="kubernetes@nginx.com" \ @@ -156,7 +159,7 @@ RUN --mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_s && printf "%s\n" "[agent]" "name=agent repo" \ "baseurl=https://packages.nginx.org/nginx-agent/centos/9/\$basearch/" \ "gpgcheck=1" "enabled=1" "module_hotfixes=true" >> /etc/yum.repos.d/nginx.repo \ - && microdnf --nodocs install -y nginx nginx-module-njs nginx-module-otel nginx-module-image-filter nginx-module-xslt nginx-agent-3.0.* \ + && microdnf --nodocs install -y nginx-${NGINX_OSS_VERSION}* nginx-module-njs-${NGINX_OSS_VERSION}* nginx-module-otel-${NGINX_OSS_VERSION}* nginx-module-image-filter-${NGINX_OSS_VERSION}* nginx-module-xslt-${NGINX_OSS_VERSION}* nginx-agent-3.0.* \ && rm /etc/yum.repos.d/nginx.repo \ && ubi-clean.sh From aaa487ac83ddd6a60d3d7dc15fac9a83fe49dae5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 8 Jul 2025 11:20:36 +0000 Subject: [PATCH 09/11] Release 5.1.0 (#7940) --- README.md | 4 ++-- charts/nginx-ingress/Chart.yaml | 4 ++-- charts/nginx-ingress/values-icp.yaml | 2 +- charts/nginx-ingress/values-plus.yaml | 2 +- charts/nginx-ingress/values.schema.json | 10 +++++----- charts/nginx-ingress/values.yaml | 2 +- deployments/daemon-set/nginx-ingress.yaml | 4 ++-- deployments/daemon-set/nginx-plus-ingress.yaml | 4 ++-- deployments/deployment/nginx-ingress.yaml | 4 ++-- deployments/deployment/nginx-plus-ingress.yaml | 4 ++-- examples/custom-resources/service-insight/README.md | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 870d43697e..0ca5e38e15 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ In the case of NGINX, the Ingress Controller is deployed in a pod along with the We publish NGINX Ingress Controller releases on GitHub. See our [releases page](https://github.com/nginx/kubernetes-ingress/releases). -The latest stable release is [5.0.0](https://github.com/nginx/kubernetes-ingress/releases/tag/v5.0.0). For production +The latest stable release is [5.1.0](https://github.com/nginx/kubernetes-ingress/releases/tag/v5.1.0). For production use, we recommend that you choose the latest stable release. The edge version is useful for experimenting with new features that are not yet published in a stable release. To use @@ -141,7 +141,7 @@ your links to the correct versions: | Version | Description | Image for NGINX | Image for NGINX Plus | Installation Manifests and Helm Chart | Documentation and Examples | | ------- | ----------- | --------------- | -------------------- | ---------------------------------------| -------------------------- | -| Latest stable release | For production use | Use the 5.0.0 images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginx/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/build-ingress-controller-image/). | Use the 5.0.0 images from the [F5 Container Registry](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image/) or [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/build-nginx-ingress-controller/). | [Manifests](https://github.com/nginx/kubernetes-ingress/tree/v5.0.0/deployments). [Helm chart](https://github.com/nginx/kubernetes-ingress/tree/v5.0.0/charts/nginx-ingress). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | +| Latest stable release | For production use | Use the 5.1.0 images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginx/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/build-ingress-controller-image/). | Use the 5.1.0 images from the [F5 Container Registry](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image/) or [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/build-nginx-ingress-controller/). | [Manifests](https://github.com/nginx/kubernetes-ingress/tree/v5.1.0/deployments). [Helm chart](https://github.com/nginx/kubernetes-ingress/tree/v5.1.0/charts/nginx-ingress). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | | Edge/Nightly | For testing and experimenting | Use the edge or nightly images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginx/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/build-nginx-ingress-controller/). | [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/build-nginx-ingress-controller/). | [Manifests](https://github.com/nginx/kubernetes-ingress/tree/main/deployments). [Helm chart](https://github.com/nginx/kubernetes-ingress/tree/main/charts/nginx-ingress). | [Documentation](https://docs.nginx.com/nginx-ingress-controller). [Examples](https://github.com/nginx/kubernetes-ingress/tree/main/examples). | ## SBOM (Software Bill of Materials) diff --git a/charts/nginx-ingress/Chart.yaml b/charts/nginx-ingress/Chart.yaml index 28cb45b2ef..d03383981e 100644 --- a/charts/nginx-ingress/Chart.yaml +++ b/charts/nginx-ingress/Chart.yaml @@ -5,10 +5,10 @@ appVersion: 5.1.0 kubeVersion: ">= 1.25.0-0" type: application description: NGINX Ingress Controller -icon: https://raw.githubusercontent.com/nginx/kubernetes-ingress/v5.0.0/charts/nginx-ingress/chart-icon.png +icon: https://raw.githubusercontent.com/nginx/kubernetes-ingress/v5.1.0/charts/nginx-ingress/chart-icon.png home: https://github.com/nginx/kubernetes-ingress sources: - - https://github.com/nginx/kubernetes-ingress/tree/v5.0.0/charts/nginx-ingress + - https://github.com/nginx/kubernetes-ingress/tree/v5.1.0/charts/nginx-ingress keywords: - ingress - nginx diff --git a/charts/nginx-ingress/values-icp.yaml b/charts/nginx-ingress/values-icp.yaml index 2ff124b245..772ea08eab 100644 --- a/charts/nginx-ingress/values-icp.yaml +++ b/charts/nginx-ingress/values-icp.yaml @@ -4,7 +4,7 @@ controller: nginxplus: true image: repository: mycluster.icp:8500/kube-system/nginx-plus-ingress - tag: "5.0.0" + tag: "5.1.0" nodeSelector: beta.kubernetes.io/arch: "amd64" proxy: true diff --git a/charts/nginx-ingress/values-plus.yaml b/charts/nginx-ingress/values-plus.yaml index bf2d5bc56b..0fca3723f8 100644 --- a/charts/nginx-ingress/values-plus.yaml +++ b/charts/nginx-ingress/values-plus.yaml @@ -3,4 +3,4 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "5.0.0" + tag: "5.1.0" diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index bbb6658e04..89ff5e8420 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -697,10 +697,10 @@ }, "tag": { "type": "string", - "default": "5.0.0", + "default": "5.1.0", "title": "The tag of the Ingress Controller image", "examples": [ - "5.0.0" + "5.1.0" ] }, "digest": { @@ -737,7 +737,7 @@ "examples": [ { "repository": "nginx/nginx-ingress", - "tag": "5.0.0", + "tag": "5.1.0", "pullPolicy": "IfNotPresent" } ] @@ -1908,7 +1908,7 @@ "customPorts": [], "image": { "repository": "nginx/nginx-ingress", - "tag": "5.0.0", + "tag": "5.1.0", "digest": "", "pullPolicy": "IfNotPresent" }, @@ -2551,7 +2551,7 @@ "customPorts": [], "image": { "repository": "nginx/nginx-ingress", - "tag": "5.0.0", + "tag": "5.1.0", "digest": "", "pullPolicy": "IfNotPresent" }, diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index 5557e20b83..b8dd865a7d 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -172,7 +172,7 @@ controller: repository: nginx/nginx-ingress ## The tag of the Ingress Controller image. If not specified the appVersion from Chart.yaml is used as a tag. - # tag: "5.0.0" + # tag: "5.1.0" ## The digest of the Ingress Controller image. ## If digest is specified it has precedence over tag and will be used instead # digest: "sha256:CHANGEME" diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index 9f0c2e4be3..0f392de8c3 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -34,7 +34,7 @@ spec: # - name: nginx-log # emptyDir: {} containers: - - image: nginx/nginx-ingress:5.0.0 + - image: nginx/nginx-ingress:5.1.0 imagePullPolicy: IfNotPresent name: nginx-ingress ports: @@ -100,7 +100,7 @@ spec: #- -enable-prometheus-metrics #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration # initContainers: -# - image: nginx/nginx-ingress:5.0.0 +# - image: nginx/nginx-ingress:5.1.0 # imagePullPolicy: IfNotPresent # name: init-nginx-ingress # command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index 47c96a596f..7221e7ded3 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -34,7 +34,7 @@ spec: # - name: nginx-log # emptyDir: {} containers: - - image: nginx-plus-ingress:5.0.0 + - image: nginx-plus-ingress:5.1.0 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: @@ -104,7 +104,7 @@ spec: #- -enable-prometheus-metrics #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration # initContainers: -# - image: nginx/nginx-ingress:5.0.0 +# - image: nginx/nginx-ingress:5.1.0 # imagePullPolicy: IfNotPresent # name: init-nginx-ingress # command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index 273cf70103..84409a04ce 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -35,7 +35,7 @@ spec: # - name: nginx-log # emptyDir: {} containers: - - image: nginx/nginx-ingress:5.0.0 + - image: nginx/nginx-ingress:5.1.0 imagePullPolicy: IfNotPresent name: nginx-ingress ports: @@ -101,7 +101,7 @@ spec: #- -enable-prometheus-metrics #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration # initContainers: -# - image: nginx/nginx-ingress:5.0.0 +# - image: nginx/nginx-ingress:5.1.0 # imagePullPolicy: IfNotPresent # name: init-nginx-ingress # command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index 1ab6b4ddd5..b50d54bea2 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -35,7 +35,7 @@ spec: # - name: nginx-log # emptyDir: {} containers: - - image: nginx-plus-ingress:5.0.0 + - image: nginx-plus-ingress:5.1.0 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: @@ -108,7 +108,7 @@ spec: #- -enable-service-insight #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration # initContainers: -# - image: nginx/nginx-ingress:5.0.0 +# - image: nginx/nginx-ingress:5.1.0 # imagePullPolicy: IfNotPresent # name: init-nginx-ingress # command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] diff --git a/examples/custom-resources/service-insight/README.md b/examples/custom-resources/service-insight/README.md index b8d49810b6..b2b64e81a3 100644 --- a/examples/custom-resources/service-insight/README.md +++ b/examples/custom-resources/service-insight/README.md @@ -32,7 +32,7 @@ spec: securityContext: ... containers: - - image: nginx-plus-ingress:5.0.0 + - image: nginx-plus-ingress:5.1.0 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: @@ -321,7 +321,7 @@ spec: securityContext: ... containers: - - image: nginx-plus-ingress:5.0.0 + - image: nginx-plus-ingress:5.1.0 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: From 3978df54181e1245a7ab70005c1b071a319d868a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 8 Jul 2025 11:59:15 +0000 Subject: [PATCH 10/11] Docker image update 8660c8ed (#7997) Update docker images 8660c8ed Co-authored-by: nginx-bot Co-authored-by: Venktesh Shivam Patel --- build/Dockerfile | 4 ++-- build/dependencies/Dockerfile.ubi8 | 2 +- build/dependencies/Dockerfile.ubi9 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 5da2934edd..8cf43b27ce 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -469,7 +469,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ############################################# Base image for UBI8 with NGINX Plus and App Protect WAF ############################################# -FROM redhat/ubi8@sha256:19eae3d00adb37538a62b9bd093fd1e01dc6197f1925e960224244a1ed52bfb5 AS ubi-8-plus-nap +FROM redhat/ubi8@sha256:312668d24dfec2e2869ab11b679728745a2745835a12aafda8e77f42aec666cb AS ubi-8-plus-nap ARG NGINX_PLUS_VERSION ARG BUILD_OS @@ -508,7 +508,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ############################################# Base image for UBI8 with NGINX Plus and App Protect WAFv5 ############################################# -FROM redhat/ubi8@sha256:19eae3d00adb37538a62b9bd093fd1e01dc6197f1925e960224244a1ed52bfb5 AS ubi-8-plus-nap-v5 +FROM redhat/ubi8@sha256:312668d24dfec2e2869ab11b679728745a2745835a12aafda8e77f42aec666cb AS ubi-8-plus-nap-v5 ARG NGINX_PLUS_VERSION ENV NGINX_VERSION=${NGINX_PLUS_VERSION} diff --git a/build/dependencies/Dockerfile.ubi8 b/build/dependencies/Dockerfile.ubi8 index 5409422bcb..ec28bd30f5 100644 --- a/build/dependencies/Dockerfile.ubi8 +++ b/build/dependencies/Dockerfile.ubi8 @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1.16 -FROM redhat/ubi8@sha256:19eae3d00adb37538a62b9bd093fd1e01dc6197f1925e960224244a1ed52bfb5 AS rpm-build +FROM redhat/ubi8@sha256:312668d24dfec2e2869ab11b679728745a2745835a12aafda8e77f42aec666cb AS rpm-build RUN mkdir -p /rpms/ \ && dnf install rpm-build gcc make cmake -y \ && rpmbuild --rebuild --nodebuginfo https://mirror.stream.centos.org/9-stream/BaseOS/source/tree/Packages/c-ares-1.19.1-1.el9.src.rpm \ diff --git a/build/dependencies/Dockerfile.ubi9 b/build/dependencies/Dockerfile.ubi9 index 39b10ea810..5348a08f6c 100644 --- a/build/dependencies/Dockerfile.ubi9 +++ b/build/dependencies/Dockerfile.ubi9 @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1.16 -FROM redhat/ubi9:9.6@sha256:7a4818cdb8e0461d75d4bdfa42a355d3725bcc8cc0cc5d467021119d5962ce6b AS rpm-build +FROM redhat/ubi9:9.6@sha256:c73e2517941b384059eba8ea4b6ac68dad39a0a2cf0e65c753c778c87c87c321 AS rpm-build RUN mkdir -p /rpms/ \ && dnf install rpm-build gcc make cmake -y \ && rpmbuild --rebuild --nodebuginfo https://mirror.stream.centos.org/9-stream/BaseOS/source/tree/Packages/c-ares-1.19.1-1.el9.src.rpm \ From 39826ed605af472d49baab2eead6dd3d665e9d07 Mon Sep 17 00:00:00 2001 From: Alex Fenlon Date: Tue, 8 Jul 2025 15:04:35 +0100 Subject: [PATCH 11/11] remove azure from release flow --- .github/workflows/release.yml | 80 +++++++++++++++++------------------ 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fc45702327..2ca8863369 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -469,54 +469,54 @@ jobs: key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} if: ${{ needs.variables.outputs.binary_cache_sign_hit != 'true' }} - azure-upload: - if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'azure-upload') }} - name: Upload packages to Azure - runs-on: ubuntu-22.04 - needs: [variables, binaries] - permissions: - id-token: write - contents: read - steps: - - name: Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ inputs.release_branch }} + # azure-upload: + # if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'azure-upload') }} + # name: Upload packages to Azure + # runs-on: ubuntu-22.04 + # needs: [variables, binaries] + # permissions: + # id-token: write + # contents: read + # steps: + # - name: Checkout Repository + # uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # with: + # ref: ${{ inputs.release_branch }} - - name: Fetch Cached Tarball Artifacts - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 - with: - key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} - path: ${{ github.workspace }}/tarballs - fail-on-cache-miss: true + # - name: Fetch Cached Tarball Artifacts + # uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + # with: + # key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} + # path: ${{ github.workspace }}/tarballs + # fail-on-cache-miss: true - - name: Azure login - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # - name: Azure login + # uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 + # with: + # client-id: ${{ secrets.AZURE_CLIENT_ID }} + # tenant-id: ${{ secrets.AZURE_TENANT_ID }} + # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Azure Upload Release Packages - uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 - with: - inlineScript: | - for i in $(find tarballs -type f); do - echo -n "Uploading ${i} to kubernetes-ingress/v${{ inputs.nic_version }}/${i##*/} ... " - if ${{ ! inputs.dry_run}}; then - az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_BUCKET_NAME }} \ - --account-name ${{ secrets.AZURE_STORAGE_ACCOUNT }} --overwrite -n kubernetes-ingress/v${{ inputs.nic_version }}/${i##*/} - echo "done" - else - echo "skipped, dry_run." - fi - done + # - name: Azure Upload Release Packages + # uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 + # with: + # inlineScript: | + # for i in $(find tarballs -type f); do + # echo -n "Uploading ${i} to kubernetes-ingress/v${{ inputs.nic_version }}/${i##*/} ... " + # if ${{ ! inputs.dry_run}}; then + # az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_BUCKET_NAME }} \ + # --account-name ${{ secrets.AZURE_STORAGE_ACCOUNT }} --overwrite -n kubernetes-ingress/v${{ inputs.nic_version }}/${i##*/} + # echo "done" + # else + # echo "skipped, dry_run." + # fi + # done github-release: if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'github-release') }} name: Publish release to GitHub runs-on: ubuntu-22.04 - needs: [variables, binaries, release-oss, release-plus-gcr-nginx, azure-upload] + needs: [variables, binaries, release-oss, release-plus-gcr-nginx] permissions: contents: write # to modify the release issues: write # to close milestone