[FCP-3522] Sync with upstream v1.9.4 #14

wdq · 2023-11-01T15:19:35Z

Summary

Solves these Dependabot tickets:

Technical

Merge upstream kubernetes/ingress-nginx changes up to the latest stable version (v1.9.4) into our fork which resolves the security vulnerabilities.

How was this tested?

Tested in dev cluster by building v1.9.4 image, syncing a test branch in fleet-config, and migrating to new ingress node pool to have all of the pods rebuilt with new image.
Verified sites work, and that staging sites idle and unidle successfully.

Notes

Related PR:

https://github.com/getflywheel/fleet-config/pull/302

Signed-off-by: James Strong <james.strong@chainguard.dev>

fix controller tag in release

add the missing quotes

…9527)

Signed-off-by: Spazzy <brendankamp757@gmail.com>

add option for annotations in PodDisruptionBudget

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…es#9937) Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](prometheus/client_model@v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Validate path types * Fix the year of header * Update internal/ingress/controller/config/config.go Co-authored-by: Jintao Zhang <tao12345666333@163.com> --------- Co-authored-by: Jintao Zhang <tao12345666333@163.com>

) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.42.0 to 0.43.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](prometheus/common@v0.42.0...v0.43.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [securego/gosec](https://github.com/securego/gosec) from 2.15.0 to 2.16.0. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](securego/gosec@a459eb0...c5ea1b7) --- updated-dependencies: - dependency-name: securego/gosec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@4d34df0...fac708d) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0. - [Commits](golang/crypto@v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…#9792) * fix: opentelemetry module for controller-daemonset * fix: Align controller-daemonset with controller-deployment * Fix typo in github/workflows/ci

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.0 to 2.9.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.9.0...v2.9.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add warning feature in admission code * Apply suggestions from code review Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * Add deprecation and validation path notice --------- Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.90.1 to 2.100.1. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](kubernetes/klog@v2.90.1...v2.100.1) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@08b4669...483ef80) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/commits/v0.5.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.2 to 1.58.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.58.2...v1.58.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add upstream patch * add source * remove auto-added depend

* Bump curl and Go version * Add NGINX BAse image scanning * Try again

) * update nginx base, httpbun, e2e, helm webhook cert gen Signed-off-by: James Strong <strong.james.e@gmail.com> * fix helm docs Signed-off-by: James Strong <strong.james.e@gmail.com> --------- Signed-off-by: James Strong <strong.james.e@gmail.com>

Signed-off-by: James Strong <strong.james.e@gmail.com>

release 1.9.3

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

Bumps [dorny/test-reporter](https://github.com/dorny/test-reporter) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/dorny/test-reporter/releases) - [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md) - [Commits](dorny/test-reporter@c9b3d0e...afe6793) --- updated-dependencies: - dependency-name: dorny/test-reporter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…tes#10535)

…works.md (kubernetes#10554)

* feat: add namespace overrides * add value in readme * fix: readme description * fix: description in value * fix: set max length and trim last "-"

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8ade135...b4ffde6) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…-sync-upstream-v1-9-4

James Strong and others added 30 commits May 5, 2023 09:52

fix controller tag in release

c3a22a2

Signed-off-by: James Strong <james.strong@chainguard.dev>

Keep project name display aligned (kubernetes#9920)

788b360

Merge pull request kubernetes#9930 from strongjz/fix-tag

57848e6

fix controller tag in release

Update charts/* to keep project name display aligned (kubernetes#9931)

8ab8803

Update annotations.md (kubernetes#9933)

57d9456

add the missing quotes

Add geoname id value into $geoip2_*_geoname_id variables (kubernetes#…

2794129

…9527)

image_update (kubernetes#9942)

eec4351

chore: update httpbin to httpbun (kubernetes#9919)

0bdb643

Signed-off-by: Spazzy <brendankamp757@gmail.com>

add option for annotations in PodDisruptionBudget (kubernetes#9843)

f18826b

add option for annotations in PodDisruptionBudget

Use dl.k8s.io instead of hardcoded GCS URIs (kubernetes#9946)

3b3cf8b

HPA: Use capabilites & align manifests. (kubernetes#9521)

06612e6

Update feature_request.md (kubernetes#9951)

98780d7

Update PULL_REQUEST_TEMPLATE.md (kubernetes#9952)

55e37c6

Validate path types (kubernetes#9967)

c540b58

* Validate path types * Fix the year of header * Update internal/ingress/controller/config/config.go Co-authored-by: Jintao Zhang <tao12345666333@163.com> --------- Co-authored-by: Jintao Zhang <tao12345666333@163.com>

fix: avoid builds and tests for changes to markdown (kubernetes#9962)

0cb3dcf

Correct annotations in monitoring docs (kubernetes#9976)

4d57ddb

OpenTelemetry default config (kubernetes#9978)

ac9a507

helm: Fix opentelemetry module installation for daemonset (kubernetes…

8c7981b

…#9792) * fix: opentelemetry module for controller-daemonset * fix: Align controller-daemonset with controller-deployment * Fix typo in github/workflows/ci

bumped ginkgo to v2.9.5 (kubernetes#9985)

5bc7dc8

updated testrunner image tag+sha (kubernetes#9987)

8d9210f

Add OPA examples on pathType restrictions (kubernetes#9992)

8977835

dependabot bot and others added 25 commits October 10, 2023 18:22

add upstream patch for CVE-2023-44487 (kubernetes#10494)

86f1ced

* add upstream patch * add source * remove auto-added depend

Remove legacy GeoIP from controller (kubernetes#10495)

cbed4c6

added warning for configuration-snippets usage (kubernetes#10492)

3732fc6

Bump curl and Go version (kubernetes#10503)

8b53cab

* Bump curl and Go version * Add NGINX BAse image scanning * Try again

Bump x/net (kubernetes#10514)

b473801

release 1.9.3

6f2ad83

Signed-off-by: James Strong <strong.james.e@gmail.com>

Merge pull request kubernetes#10520 from strongjz/release-v1.9.3

895bb15

release 1.9.3

explicitly state TLS termination location (kubernetes#10516)

2f7486b

DOCS Remove support for running Both (kubernetes#10255)

b9d8bb4

Update mkdocs version (kubernetes#10522)

9db8fe5

Remove legacy GeoIP from image (kubernetes#10500)

0055ba3

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com> Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

Fix fcgi configmap value parsing (kubernetes#10528)

a879829

Documenting flag enable-auth-access-log (kubernetes#10518) (kuberne…

b1ac371

…tes#10535)

Fix list item format on troubleshooting.md (kubernetes#10552)

72fb480

Docs: Fixed broken link of "synchronization loop pattern" on how-it-…

560771e

…works.md (kubernetes#10554)

changed readme as per issue 10556 (kubernetes#10558)

b97bc81

feat: add namespace overrides (kubernetes#10539)

7ce6cc8

* feat: add namespace overrides * add value in readme * fix: readme description * fix: description in value * fix: set max length and trim last "-"

Release v1.9.4 (kubernetes#10568)

5583f90

Merge commit '5583f90c7f3525b6267747d6b07541c01218a9ea' into FCP-3522…

fd7e3d6

…-sync-upstream-v1-9-4

wdq marked this pull request as ready for review November 2, 2023 16:25

wdq requested a review from a team as a code owner November 2, 2023 16:25

freddyesteban approved these changes Nov 2, 2023

View reviewed changes

wdq merged commit 92bc7da into main Nov 6, 2023
36 checks passed

wdq deleted the FCP-3522-sync-upstream-v1-9-4 branch November 6, 2023 16:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FCP-3522] Sync with upstream v1.9.4 #14

[FCP-3522] Sync with upstream v1.9.4 #14

wdq commented Nov 1, 2023 •

edited

Loading

[FCP-3522] Sync with upstream v1.9.4 #14

[FCP-3522] Sync with upstream v1.9.4 #14

Conversation

wdq commented Nov 1, 2023 • edited Loading

Summary

Technical

How was this tested?

Notes

wdq commented Nov 1, 2023 •

edited

Loading