diff --git a/.dockerignore b/.dockerignore index 6d789f2621..41731ddce8 100644 --- a/.dockerignore +++ b/.dockerignore @@ -4,7 +4,9 @@ grafana tests/.pytest_cache tests/__pycache__ hack -.git* +.git/modules +.git/rr-cache +.git/logs *.md *.crt *.key diff --git a/.github/actions/smoke-tests/action.yaml b/.github/actions/smoke-tests/action.yaml index 83857fe268..af5588a453 100644 --- a/.github/actions/smoke-tests/action.yaml +++ b/.github/actions/smoke-tests/action.yaml @@ -33,7 +33,7 @@ runs: using: composite steps: - name: Fetch Cached Artifacts - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}-single @@ -41,15 +41,15 @@ runs: - name: Ingress type id: ingress-type run: | - echo ::set-output name=name::nginx${{ contains(inputs.image, 'plus') && '-plus' || '' }}-ingress - echo ::set-output name=tag::${{ inputs.image }}${{ contains(inputs.image, 'nap') && '-dos' || '' }}-${{ github.sha }} + echo "name=nginx${{ contains(inputs.image, 'plus') && '-plus' || '' }}-ingress" >> $GITHUB_OUTPUT + echo "tag=${{ inputs.image }}${{ contains(inputs.image, 'nap') && '-dos' || '' }}-${{ github.sha }}" >> $GITHUB_OUTPUT shell: bash - name: Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Build ${{ inputs.image }} Container - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: file: build/Dockerfile context: '.' @@ -68,7 +68,7 @@ runs: ${{ contains(inputs.image, 'plus') && format('"nginx-repo.key={0}"', inputs.nginx-key) || '' }} - name: Build Test-Runner Container - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: file: tests/docker/Dockerfile context: '.' @@ -81,15 +81,13 @@ runs: - name: Deploy Kubernetes id: k8s run: | - # no support for dual stack in < 1.20, we need to use ipv4 only - printf '%s\n' "1.20.0" "${{ inputs.k8s-version }}" | sort --version-sort --check=quiet || echo "Using ipv4" && sed -i 's/dual/ipv4/g' ${{ github.workspace }}/tests/ci-files/ci-kind-config.yaml kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ inputs.k8s-version }} --config ${{ github.workspace }}/tests/ci-files/ci-kind-config.yaml --kubeconfig kube-${{ github.run_id }} --wait ${{ inputs.k8s-timeout }} kind load docker-image docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }} --name ${{ github.run_id }} marker="${{ inputs.marker }}" sanitized_marker="${marker// /_}" name="${sanitized_marker:-${{ inputs.k8s-version }}}" - echo ::set-output name=cluster_ip::$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${{ github.run_id }}-control-plane) - echo ::set-output name=cluster::$(echo nginx-${{ inputs.image }}-$name) + echo "cluster_ip=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${{ github.run_id }}-control-plane)" >> $GITHUB_OUTPUT + echo "cluster=$(echo nginx-${{ inputs.image }}-$name)" >> $GITHUB_OUTPUT shell: bash - name: Setup Kubeconfig diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bfad80c409..646d7bbeae 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,20 +5,12 @@ on: branches: - main - release-* - paths-ignore: - - 'docs/**' - - 'examples/**' - - '**.md' tags: - 'v[0-9]+.[0-9]+.[0-9]+' pull_request: branches: - main - release-* - paths-ignore: - - 'docs/**' - - 'examples/**' - - '**.md' types: - opened - reopened @@ -98,6 +90,8 @@ jobs: GOPATH: ${{ needs.checks.outputs.go_path }} AWS_PRODUCT_CODE: ${{ secrets.AWS_PRODUCT_CODE }} AWS_PUB_KEY: ${{ secrets.AWS_PUB_KEY }} + AWS_NAP_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_DOS_PRODUCT_CODE }} + AWS_NAP_DOS_PUB_KEY: ${{ secrets.AWS_NAP_DOS_PUB_KEY }} - name: Store Artifacts in Cache uses: actions/cache@v3 with: @@ -226,8 +220,8 @@ jobs: {\"image\": \"debian-plus-nap\", \"marker\": \"dos\"}], \ \"k8s\": [\"${{ needs.checks.outputs.k8s_latest }}\"]}" else - echo "::set-output name=matrix::{\"k8s\": [\"1.19.16\", \"1.20.15\", \"1.21.14\", \"1.22.13\", \"1.23.10\", \"1.24.4\", \"${{ needs.checks.outputs.k8s_latest }}\"], \ - \"images\": [{\"image\": \"debian\"}, {\"image\": \"debian-plus\"}]}" + echo "matrix={\"k8s\": [\"1.21.14\", \"1.22.15\", \"1.23.13\", \"1.24.7\", \"${{ needs.checks.outputs.k8s_latest }}\"], \ + \"images\": [{\"image\": \"debian\"}, {\"image\": \"debian-plus\"}]}" >> $GITHUB_OUTPUT fi smoke-tests: @@ -315,7 +309,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/') - name: Download Syft - uses: anchore/sbom-action/download-syft@v0.12.0 + uses: anchore/sbom-action/download-syft@v0.13.1 - name: Build binaries uses: goreleaser/goreleaser-action@v3 @@ -327,6 +321,13 @@ jobs: GOPATH: ${{ needs.checks.outputs.go_path }} AWS_PRODUCT_CODE: ${{ secrets.AWS_PRODUCT_CODE }} AWS_PUB_KEY: ${{ secrets.AWS_PUB_KEY }} + AWS_NAP_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_DOS_PRODUCT_CODE }} + AWS_NAP_DOS_PUB_KEY: ${{ secrets.AWS_NAP_DOS_PUB_KEY }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_COMMUNITY }} + AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }} + AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }} + AZURE_BUCKET_NAME: ${{ secrets.AZURE_BUCKET_NAME }} + - name: Store Artifacts in Cache uses: actions/cache@v3 with: @@ -345,7 +346,7 @@ jobs: platforms: ["linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"] include: - image: ubi - platforms: "linux/arm64, linux/amd64, linux/s390x" + platforms: "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" steps: - name: Checkout Repository uses: actions/checkout@v3 @@ -448,7 +449,7 @@ jobs: BUILD_OS=${{ matrix.image }} IC_VERSION=${{ steps.var.outputs.ic_version }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.7.1 + uses: aquasecurity/trivy-action@0.8.0 continue-on-error: true with: image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }} @@ -488,6 +489,9 @@ jobs: - image: debian-plus-nap platforms: "linux/amd64" target: goreleaser + - image: debian-plus-nap + platforms: "linux/amd64" + target: aws steps: - name: Checkout Repository @@ -529,8 +533,10 @@ jobs: name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') }} name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/heads/release') }} - name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') && contains(matrix.target, 'aws') }} - flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true + name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress${{ contains(matrix.image, 'nap') && '-dos' || '' }},enable=${{ startsWith(github.ref, 'refs/tags/') && contains(matrix.target, 'aws') }} + flavor: | + suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true + latest=${{ contains(matrix.target, 'aws') && 'false' || 'auto' }} tags: | type=edge type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/release') }} @@ -593,7 +599,7 @@ jobs: "nginx-repo.crt=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}" "nginx-repo.key=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}" - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.7.1 + uses: aquasecurity/trivy-action@0.8.0 continue-on-error: true with: image-ref: docker.io/${{ matrix.image }}:${{ steps.meta.outputs.version }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5933b75447..ebc5924c66 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,8 +13,15 @@ concurrency: group: ${{ github.ref_name }}-codeql cancel-in-progress: true +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + jobs: analyze: + permissions: + actions: read # for github/codeql-action/init to get workflow details + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/autobuild to send a status report name: Analyze runs-on: ubuntu-latest diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index f9b20e9042..8e2bd2b0a7 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -13,6 +13,9 @@ concurrency: group: ${{ github.ref_name }}-fossa cancel-in-progress: true +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + jobs: scan: diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 053fddb01f..4413605165 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -2,6 +2,9 @@ name: "Pull Request Labeler" on: - pull_request_target +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + jobs: triage: permissions: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index db60e07a2d..dbe4443aa1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -25,7 +25,7 @@ jobs: lint: name: Lint - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@v3 @@ -39,9 +39,12 @@ jobs: with: only-new-issues: true - lint-python: - runs-on: ubuntu-20.04 + actionlint: + name: Actionlint + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v2 - - uses: isort/isort-action@v1.0.0 - - uses: psf/black@stable + - name: Checkout Repository + uses: actions/checkout@v3 + - uses: reviewdog/action-actionlint@v1 + with: + fail_on_error: true diff --git a/.github/workflows/notifications.yml b/.github/workflows/notifications.yml index 567eb3026e..2986d2848a 100644 --- a/.github/workflows/notifications.yml +++ b/.github/workflows/notifications.yml @@ -9,6 +9,7 @@ on: - "Fossa" - "Lint" - "Update Docker Images" + - "OpenSSF Scorecards" types: - completed diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml new file mode 100644 index 0000000000..7c3ca5be7e --- /dev/null +++ b/.github/workflows/scorecards.yml @@ -0,0 +1,58 @@ +name: OpenSSF Scorecards +on: + # Only the default branch is supported. + branch_protection_rule: + schedule: + - cron: '43 20 * * 0' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecards analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Used to receive a badge. + id-token: write + # Needs for private repositories. + contents: read + actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.5 + with: + results_file: results.sarif + results_format: sarif + repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + + # Publish the results for public repositories to enable scorecard badges. For more details, see + # https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories, `publish_results` will automatically be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 + with: + sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index fdfeb9b095..5ca0e00269 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -3,8 +3,14 @@ on: schedule: - cron: '30 1 * * *' +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + jobs: stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-20.04 steps: - uses: actions/stale@v6 diff --git a/.github/workflows/update-docker-images.yml b/.github/workflows/update-docker-images.yml index 99ebbc1bd9..10596ca6cd 100644 --- a/.github/workflows/update-docker-images.yml +++ b/.github/workflows/update-docker-images.yml @@ -238,7 +238,7 @@ jobs: IC_VERSION=v${{ needs.variables.outputs.kic-tag }} if: ${{ matrix.needs-updating == 'true' }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.7.1 + uses: aquasecurity/trivy-action@0.8.0 continue-on-error: true with: image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }} diff --git a/.goreleaser.yml b/.goreleaser.yml index 4a8c9ebf2c..1db0651666 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -41,10 +41,26 @@ builds: binary: nginx-ingress tags: - aws + - id: aws-nap-dos + goos: + - linux + goarch: + - amd64 + flags: + - -trimpath + gcflags: + - all=-trimpath={{.Env.GOPATH}} + asmflags: + - all=-trimpath={{.Env.GOPATH}} + ldflags: + - -s -w -X main.version={{.Version}} -X main.productCode={{.Env.AWS_NAP_DOS_PRODUCT_CODE}} -X main.pubKeyString={{.Env.AWS_NAP_DOS_PUB_KEY}} + main: ./cmd/nginx-ingress/ + binary: nginx-ingress + tags: + - aws archives: - id: kubernetes-ingress - format: binary builds: [kubernetes-ingress] changelog: @@ -54,7 +70,7 @@ checksum: name_template: 'checksums.txt' sboms: - - artifacts: binary + - artifacts: archive ids: [kubernetes-ingress] release: @@ -62,5 +78,17 @@ release: extra_files: - glob: ./dist/**.sbom +blobs: + - provider: azblob + bucket: '{{.Env.AZURE_BUCKET_NAME}}' + extra_files: + - glob: ./dist/**.sbom + milestones: - close: true + +announce: + slack: + enabled: true + channel: '#announcements' + message_template: 'NGINX Ingress Controller {{ .Tag }} is out! Check it out: {{ .ReleaseURL }}' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000000..7f94becf67 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,66 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +exclude: (^docs/_vendor/|.*pb2.*) +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.3.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + args: [--allow-multiple-documents] + exclude: ^(deployments/helm-chart.*/templates|deployments/helm-chart/crds) + - id: check-ast + - id: check-added-large-files + - id: check-merge-conflict + - id: check-shebang-scripts-are-executable + - id: check-executables-have-shebangs + - id: check-symlinks + - id: check-case-conflict + - id: check-vcs-permalinks + - id: check-json + - id: pretty-format-json + args: [--autofix, --no-sort-keys, --no-ensure-ascii] + - id: mixed-line-ending + args: [--fix=lf] + - id: name-tests-test + args: [--pytest-test-first] + exclude: ^(tests/suite/utils|tests/suite/fixtures|tests/suite/grpc|tests/settings.py) + - id: no-commit-to-branch + - id: requirements-txt-fixer + - id: fix-byte-order-marker + - repo: local + hooks: + - id: golang-diff + name: create-go-diff + entry: bash -c 'git diff -p origin/main > /tmp/diff.patch' + language: system + types: [go] + pass_filenames: false + - repo: https://github.com/golangci/golangci-lint + rev: v1.50.1 + hooks: + - id: golangci-lint + args: [--new-from-patch=/tmp/diff.patch] + - repo: https://github.com/asottile/pyupgrade + rev: v3.2.0 + hooks: + - id: pyupgrade + - repo: https://github.com/PyCQA/isort + rev: 5.10.1 + hooks: + - id: isort + - repo: https://github.com/psf/black + rev: 22.10.0 + hooks: + - id: black + - repo: https://github.com/python-jsonschema/check-jsonschema + rev: 0.18.4 + hooks: + - id: check-jsonschema + name: "Check Helm Chart JSON Schema" + files: deployments/helm-chart/values.yaml + types: [yaml] + args: ['--schemafile', 'deployments/helm-chart/values.schema.json'] +ci: + skip: [golang-diff, golangci-lint, check-jsonschema] diff --git a/CHANGELOG.md b/CHANGELOG.md index 1eb4e179c7..759c2d5f06 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +### 2.4.1 + +An automatically generated list of changes can be found on GitHub at: [2.4.1 Release](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.4.1) + +A curated list of changes can be found on the [Releases](http://docs.nginx.com/nginx-ingress-controller/releases/) page on the NGINX Documentation website. + +### 2.4.0 + +An automatically generated list of changes can be found on GitHub at: [2.4.0 Release](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.4.0) + +A curated list of changes can be found on the [Releases](http://docs.nginx.com/nginx-ingress-controller/releases/) page on the NGINX Documentation website. + ### 2.3.1 An automatically generated list of changes can be found on GitHub at: [2.3.1 Release](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.3.1) diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000000..9934150467 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @nginxinc/kic diff --git a/Makefile b/Makefile index 3b1a05a127..6dbc96981d 100644 --- a/Makefile +++ b/Makefile @@ -6,13 +6,14 @@ VERSION = $(GIT_TAG)-SNAPSHOT-$(GIT_COMMIT_SHORT) PLUS_ARGS = --secret id=nginx-repo.crt,src=nginx-repo.crt --secret id=nginx-repo.key,src=nginx-repo.key # variables that can be overridden by the user -PREFIX = nginx/nginx-ingress## The name of the image. For example, nginx/nginx-ingress -TAG = $(VERSION:v%=%)## The tag of the image. For example, 2.0.0 +PREFIX ?= nginx/nginx-ingress## The name of the image. For example, nginx/nginx-ingress +TAG ?= $(VERSION:v%=%)## The tag of the image. For example, 2.0.0 TARGET ?= local## The target of the build. Possible values: local, container and download override DOCKER_BUILD_OPTIONS += --build-arg IC_VERSION=$(VERSION) --build-arg GIT_COMMIT=$(GIT_COMMIT)## The options for the docker build command. For example, --pull. +ARCH ?= amd64## The architecture of the image or binary. For example: amd64, arm64, ppc64le, s390x. Not all architectures are supported for all targets. # final docker build command -DOCKER_CMD = docker build $(strip $(DOCKER_BUILD_OPTIONS)) --target $(strip $(TARGET)) -f build/Dockerfile -t $(strip $(PREFIX)):$(strip $(TAG)) . +DOCKER_CMD = docker build --platform linux/$(ARCH) $(strip $(DOCKER_BUILD_OPTIONS)) --target $(strip $(TARGET)) -f build/Dockerfile -t $(strip $(PREFIX)):$(strip $(TAG)) . export DOCKER_BUILDKIT = 1 @@ -38,6 +39,11 @@ lint-python: ## Run linter for python tests @isort . @black . +.PHONY: staticcheck +staticcheck: ## Run staticcheck linter + @staticcheck -version >/dev/null 2>&1 || go install honnef.co/go/tools/cmd/staticcheck@2022.1.3; + staticcheck ./... + .PHONY: test test: ## Run tests go test -tags=aws -shuffle=on -race ./... @@ -71,7 +77,7 @@ build: ## Build Ingress Controller binary @docker -v || (code=$$?; printf "\033[0;31mError\033[0m: there was a problem with Docker\n"; exit $$code) ifeq (${TARGET},local) @go version || (code=$$?; printf "\033[0;31mError\033[0m: unable to build locally, try using the parameter TARGET=container or TARGET=download\n"; exit $$code) - CGO_ENABLED=0 GOOS=linux go build -trimpath -ldflags "-s -w -X main.version=${VERSION}" -o nginx-ingress github.com/nginxinc/kubernetes-ingress/cmd/nginx-ingress + CGO_ENABLED=0 GOOS=linux GOARCH=$(ARCH) go build -trimpath -ldflags "-s -w -X main.version=${VERSION}" -o nginx-ingress github.com/nginxinc/kubernetes-ingress/cmd/nginx-ingress else ifeq (${TARGET},download) @$(MAKE) download-binary-docker endif @@ -89,7 +95,7 @@ endif .PHONY: build-goreleaser build-goreleaser: ## Build Ingress Controller binary using GoReleaser @goreleaser -v || (code=$$?; printf "\033[0;31mError\033[0m: there was a problem with GoReleaser. Follow the docs to install it https://goreleaser.com/install\n"; exit $$code) - GOOS=linux GOPATH=$(shell go env GOPATH) goreleaser build --rm-dist --debug --snapshot --id kubernetes-ingress --single-target + GOOS=linux GOPATH=$(shell go env GOPATH) GOARCH=$(ARCH) goreleaser build --rm-dist --debug --snapshot --id kubernetes-ingress --single-target .PHONY: debian-image debian-image: build ## Create Docker image for Ingress Controller (Debian) diff --git a/README.md b/README.md index 3c1986c76f..30d191d7c3 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -[![CI](https://github.com/nginxinc/kubernetes-ingress/actions/workflows/ci.yml/badge.svg)](https://github.com/nginxinc/kubernetes-ingress/actions/workflows/ci.yml) [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Fkubernetes-ingress.svg?type=shield)](https://app.fossa.com/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Fkubernetes-ingress?ref=badge_shield) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Go Report Card](https://goreportcard.com/badge/github.com/nginxinc/kubernetes-ingress)](https://goreportcard.com/report/github.com/nginxinc/kubernetes-ingress) [![codecov](https://codecov.io/gh/nginxinc/kubernetes-ingress/branch/main/graph/badge.svg?token=snCn7Y0zC7)](https://codecov.io/gh/nginxinc/kubernetes-ingress) [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/nginxinc/kubernetes-ingress?logo=github&sort=semver)](https://github.com/nginxinc/kubernetes-ingress/releases/latest) ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/nginxinc/kubernetes-ingress?logo=go) [![Docker Pulls](https://img.shields.io/docker/pulls/nginx/nginx-ingress?logo=docker&logoColor=white)](https://hub.docker.com/r/nginx/nginx-ingress) ![Docker Image Size (latest semver)](https://img.shields.io/docker/image-size/nginx/nginx-ingress?logo=docker&logoColor=white&sort=semver) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/nginx-ingress)](https://artifacthub.io/packages/container/nginx-ingress/kubernetes-ingress) [![Slack](https://img.shields.io/badge/slack-%23nginx--ingress--controller-green?logo=slack)](https://nginxcommunity.slack.com/channels/nginx-ingress-controller) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/nginxinc/kubernetes-ingress/badge)](https://api.securityscorecards.dev/projects/github.com/nginxinc/kubernetes-ingress) [![CI](https://github.com/nginxinc/kubernetes-ingress/actions/workflows/ci.yml/badge.svg)](https://github.com/nginxinc/kubernetes-ingress/actions/workflows/ci.yml) [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Fkubernetes-ingress.svg?type=shield)](https://app.fossa.com/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Fkubernetes-ingress?ref=badge_shield) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Go Report Card](https://goreportcard.com/badge/github.com/nginxinc/kubernetes-ingress)](https://goreportcard.com/report/github.com/nginxinc/kubernetes-ingress) [![codecov](https://codecov.io/gh/nginxinc/kubernetes-ingress/branch/main/graph/badge.svg?token=snCn7Y0zC7)](https://codecov.io/gh/nginxinc/kubernetes-ingress) [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/nginxinc/kubernetes-ingress?logo=github&sort=semver)](https://github.com/nginxinc/kubernetes-ingress/releases/latest) ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/nginxinc/kubernetes-ingress?logo=go) [![Docker Pulls](https://img.shields.io/docker/pulls/nginx/nginx-ingress?logo=docker&logoColor=white)](https://hub.docker.com/r/nginx/nginx-ingress) ![Docker Image Size (latest semver)](https://img.shields.io/docker/image-size/nginx/nginx-ingress?logo=docker&logoColor=white&sort=semver) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/nginx-ingress)](https://artifacthub.io/packages/container/nginx-ingress/kubernetes-ingress) [![Slack](https://img.shields.io/badge/slack-%23nginx--ingress--controller-green?logo=slack)](https://nginxcommunity.slack.com/channels/nginx-ingress-controller) # 🚀 *Help make the NGINX Ingress Controller better by participating in our [survey](https://forms.office.com/Pages/ResponsePage.aspx?id=L_093Ttq0UCb4L-DJ9gcUKLQ7uTJaE1PitM_37KR881UMEs0Rk5PMkYzMTJTWVA0V1hUVTRLUUMyNS4u)!* 🚀 @@ -53,7 +53,7 @@ Read [this doc](https://docs.nginx.com/nginx-ingress-controller/intro/nginx-plus We publish Ingress Controller releases on GitHub. See our [releases page](https://github.com/nginxinc/kubernetes-ingress/releases). -The latest stable release is [2.3.1](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.3.1). For production use, we recommend that you choose the latest stable release. +The latest stable release is [2.4.1](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.4.1). For production use, we recommend that you choose the latest stable release. The edge version is useful for experimenting with new features that are not yet published in a stable release. To use, choose the *edge* version built from the [latest commit](https://github.com/nginxinc/kubernetes-ingress/commits/main) from the main branch. @@ -68,7 +68,7 @@ The table below summarizes the options regarding the images, manifests, helm cha | Version | Description | Image for NGINX | Image for NGINX Plus | Installation Manifests and Helm Chart | Documentation and Examples | | ------- | ----------- | --------------- | -------------------- | ---------------------------------------| -------------------------- | -| Latest stable release | For production use | Use the 2.3.1 images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | Use the 2.3.1 images from the [F5 Container Registry](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image/) or the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE) or [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | +| Latest stable release | For production use | Use the 2.4.1 images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | Use the 2.4.1 images from the [F5 Container Registry](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image/) or the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE) or [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | | Edge/Nightly | For testing and experimenting | Use the edge or nightly images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments/helm-chart). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/main/examples). | ## Contacts diff --git a/build/Dockerfile b/build/Dockerfile index 76a0841c42..fdf406a3df 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -6,12 +6,12 @@ ARG DEBIAN_VERSION=bullseye-slim ############################################# Base images containing libs for Opentracing ############################################# -FROM opentracing/nginx-opentracing:nginx-1.23.1 as opentracing-lib -FROM opentracing/nginx-opentracing:nginx-1.23.1-alpine as alpine-opentracing-lib +FROM opentracing/nginx-opentracing:nginx-1.23.2 as opentracing-lib +FROM opentracing/nginx-opentracing:nginx-1.23.2-alpine as alpine-opentracing-lib ############################################# Base image for Debian ############################################# -FROM nginx:1.23.1 AS debian +FROM nginx:1.23.2 AS debian RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \ apt-get update \ @@ -19,17 +19,14 @@ RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \ && rm -rf /var/lib/apt/lists/* \ && cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \ - && ldconfig \ - && echo $NGINX_VERSION > nginx_version + && ldconfig ############################################# Base image for Alpine ############################################# -FROM nginx:1.23.1-alpine AS alpine +FROM nginx:1.23.2-alpine AS alpine RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \ apk add --no-cache libcap libstdc++ \ - # temp fix for CVE-2022-3209 and CVE-2022-35252 - && apk upgrade --no-cache libxml2 curl libcurl \ && cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \ && ldconfig /usr/local/lib/ @@ -89,8 +86,6 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && printf "%s\n" "deb https://pkgs.nginx.com/app-protect/${NGINX_PLUS_VERSION}/debian ${DEBIAN_VERSION} nginx-plus" \ "deb https://pkgs.nginx.com/app-protect-security-updates/debian ${DEBIAN_VERSION} nginx-plus" > /etc/apt/sources.list.d/nginx-app-protect.list \ && apt-get update \ - # temp fix for CVE-2022-37434 and DLA-3112-1 - && apt-get install zlib1g libbz2-1.0 \ && apt-get install --no-install-recommends --no-install-suggests -y app-protect app-protect-attack-signatures app-protect-threat-campaigns \ && apt-get purge --auto-remove -y curl; \ fi \ @@ -109,10 +104,9 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ############################################# Base image for UBI ############################################# -FROM redhat/ubi8 AS ubi-base +FROM nginxcontrib/nginx:1.23.2-ubi AS ubi ARG IC_VERSION -SHELL ["/bin/bash", "-o", "pipefail", "-c"] LABEL name="NGINX Ingress Controller" \ maintainer="kubernetes@nginx.com" \ vendor="NGINX Inc" \ @@ -123,34 +117,25 @@ LABEL name="NGINX Ingress Controller" \ io.k8s.description="The NGINX Ingress Controller is an application that runs in a cluster and configures an HTTP load balancer according to Ingress resources." \ io.openshift.tags="nginx,ingress-controller,ingress,controller,kubernetes,openshift" -RUN dnf --nodocs install -y shadow-utils ca-certificates \ - && groupadd --system --gid 101 nginx \ - && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx - COPY --link --chown=101:0 LICENSE /licenses/ - -############################################# Base image for UBI OSS ############################################# -FROM ubi-base AS ubi - -RUN --mount=type=bind,from=debian,source=/nginx_version,target=/tmp/nginx_version \ - export NGINX_VERSION=$( /etc/yum.repos.d/nginx.repo \ - && dnf --nodocs install -y nginx-${NGINX_VERSION} \ - && rm /etc/yum.repos.d/nginx.repo +# temp fix for CVE-2022-27404, CVE-2022-33099 and CVE-2022-37434 +RUN microdnf --nodocs upgrade -y freetype lua-libs zlib ############################################# Base image for UBI with NGINX Plus ############################################# -FROM ubi-base AS ubi-plus +FROM redhat/ubi8:8.6-990 AS ubi-plus ARG NGINX_PLUS_VERSION +SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ - rpm --import https://cs.nginx.com/static/keys/nginx_signing.key \ + dnf --nodocs install -y shadow-utils ca-certificates \ + # temp fix for CVE-2022-1304 and CVE-2016-3709 + && dnf --nodocs install -y libcom_err libxml2 \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ + && rpm --import https://cs.nginx.com/static/keys/nginx_signing.key \ && curl -fsSL "https://cs.nginx.com/static/files/nginx-plus-$(grep -E -o '[0-9]+\.[0-9]+' /etc/redhat-release | cut -d"." -f1).repo" | tr 0 1 > /etc/yum.repos.d/nginx-plus.repo \ && sed -i "0,/centos/s;;${NGINX_PLUS_VERSION}/centos;" /etc/yum.repos.d/nginx-plus.repo \ && dnf --nodocs install -y nginx-plus nginx-plus-module-njs @@ -198,24 +183,24 @@ ARG TARGETPLATFORM ARG NAP_MODULES=none # copy oidc files on plus build -RUN --mount=target=/tmp [ -n "${BUILD_OS##*plus*}" ] && exit 0; mkdir -p etc/nginx/oidc/ && cp -a /tmp/internal/configs/oidc/* /etc/nginx/oidc/ +RUN --mount=type=bind,target=/tmp [ -n "${BUILD_OS##*plus*}" ] && exit 0; mkdir -p /etc/nginx/oidc/ && cp -a /tmp/internal/configs/oidc/* /etc/nginx/oidc/ # run only on nap waf build -RUN --mount=target=/tmp [ -n "${NAP_MODULES##*waf*}" ] && exit 0; mkdir -p /etc/nginx/waf/nac-policies /etc/nginx/waf/nac-logconfs /etc/nginx/waf/nac-usersigs /var/log/app_protect /opt/app_protect \ +RUN --mount=type=bind,target=/tmp [ -n "${NAP_MODULES##*waf*}" ] && exit 0; mkdir -p /etc/nginx/waf/nac-policies /etc/nginx/waf/nac-logconfs /etc/nginx/waf/nac-usersigs /var/log/app_protect /opt/app_protect \ && chown -R 101:0 /etc/app_protect /usr/share/ts /var/log/app_protect/ /opt/app_protect/ /var/log/nginx/ \ && touch /etc/nginx/waf/nac-usersigs/index.conf \ && cp -a /tmp/build/log-default.json /etc/nginx # run only on nap dos build -RUN --mount=target=/tmp [ -n "${NAP_MODULES##*dos*}" ] && exit 0; mkdir -p /root/app_protect_dos /etc/nginx/dos/policies /etc/nginx/dos/logconfs /shared/cores /var/log/adm /var/run/adm \ +RUN [ -n "${NAP_MODULES##*dos*}" ] && exit 0; mkdir -p /root/app_protect_dos /etc/nginx/dos/policies /etc/nginx/dos/logconfs /shared/cores /var/log/adm /var/run/adm \ && chmod 777 /shared/cores /var/log/adm /var/run/adm /etc/app_protect_dos -RUN --mount=target=/tmp mkdir -p /var/lib/nginx /etc/nginx/secrets /etc/nginx/stream-conf.d \ +RUN --mount=type=bind,target=/tmp mkdir -p /var/lib/nginx /etc/nginx/secrets /etc/nginx/stream-conf.d \ && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \ && setcap -v 'cap_net_bind_service=+ep' /usr/sbin/nginx 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \ && [ -z "${BUILD_OS##*plus*}" ] && PLUS=-plus; cp -a /tmp/internal/configs/version1/nginx$PLUS.ingress.tmpl /tmp/internal/configs/version1/nginx$PLUS.tmpl \ /tmp/internal/configs/version2/nginx$PLUS.virtualserver.tmpl /tmp/internal/configs/version2/nginx$PLUS.transportserver.tmpl / \ - && chown -R 101:0 /etc/nginx /etc/nginx/secrets /var/cache/nginx /var/lib/nginx /*.tmpl \ + && chown -R 101:0 /etc/nginx /var/cache/nginx /var/lib/nginx /*.tmpl \ && rm -f /etc/nginx/conf.d/* /etc/apt/apt.conf.d/90pkgs-nginx /etc/apt/sources.list.d/nginx-plus.list # Uncomment the line below if you would like to add the default.pem to the image @@ -241,11 +226,12 @@ FROM golang:1.19-alpine AS builder ARG IC_VERSION ARG TARGETARCH -WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/cmd/nginx-ingress -RUN --mount=target=/go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/ --mount=type=cache,target=/root/.cache/go-build \ +WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/ +RUN apk add --no-cache git +RUN --mount=type=bind,target=/go/src/github.com/nginxinc/kubernetes-ingress/ --mount=type=cache,target=/root/.cache/go-build \ go mod download -RUN --mount=target=/go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/ --mount=type=cache,target=/root/.cache/go-build \ - CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build -trimpath -ldflags "-s -w -X main.version=${IC_VERSION}" -o /nginx-ingress +RUN --mount=type=bind,target=/go/src/github.com/nginxinc/kubernetes-ingress/ --mount=type=cache,target=/root/.cache/go-build \ + CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build -trimpath -ldflags "-s -w -X main.version=${IC_VERSION}" -o /nginx-ingress github.com/nginxinc/kubernetes-ingress/cmd/nginx-ingress ############################################# Create image with nginx-ingress built in container ############################################# @@ -270,16 +256,17 @@ ARG TARGETARCH LABEL org.nginx.kic.image.build.version="goreleaser" -COPY --link --chown=101:0 dist/kubernetes-ingress_linux_$TARGETARCH*/nginx-ingress / +COPY --link --chown=101:0 dist/kubernetes-ingress_linux_${TARGETARCH}*/nginx-ingress / ############################################# Create image with nginx-ingress built by GoReleaser for AWS Marketplace ############################################# FROM common AS aws ARG TARGETARCH +ARG NAP_MODULES= LABEL org.nginx.kic.image.build.version="aws" -COPY --link --chown=101:0 dist/aws_linux_$TARGETARCH*/nginx-ingress / +COPY --link --chown=101:0 dist/aws*${NAP_MODULES}_linux_${TARGETARCH}*/nginx-ingress / ############################################# Create image with nginx-ingress extracted from image on Docker Hub ############################################# diff --git a/build/README.md b/build/README.md index 66c0fc4592..8bc31e68ab 100644 --- a/build/README.md +++ b/build/README.md @@ -1,3 +1,3 @@ # NGINX Ingress Controller -This doc is now available at https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/ \ No newline at end of file +This doc is now available at https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/ diff --git a/build/generate_default_cert_and_key.sh b/build/generate_default_cert_and_key.sh index 1581f5d6a3..c7d50663f8 100755 --- a/build/generate_default_cert_and_key.sh +++ b/build/generate_default_cert_and_key.sh @@ -1,5 +1,5 @@ #!/bin/bash openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout default.key -out default.crt -subj "/CN=NGINXIngressController" -cat default.key default.crt > default.pem -rm default.key default.crt \ No newline at end of file +cat default.key default.crt > default.pem +rm default.key default.crt diff --git a/build/log-default.json b/build/log-default.json index e6739af3d2..c68b96e0fd 100644 --- a/build/log-default.json +++ b/build/log-default.json @@ -1,10 +1,10 @@ { - "filter": { - "request_type": "all" - }, - "content": { - "format": "default", - "max_request_size": "any", - "max_message_size": "5k" - } + "filter": { + "request_type": "all" + }, + "content": { + "format": "default", + "max_request_size": "any", + "max_message_size": "5k" + } } diff --git a/cmd/nginx-ingress/flags.go b/cmd/nginx-ingress/flags.go index 239aae2624..c4bf503e76 100644 --- a/cmd/nginx-ingress/flags.go +++ b/cmd/nginx-ingress/flags.go @@ -15,15 +15,6 @@ import ( ) var ( - - // Injected during build - version string - - // Info read from the binary - commitHash = "unknown" - commitTime = "unknown" - dirtyBuild = true - healthStatus = flag.Bool("health-status", false, `Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress Controller`) @@ -40,6 +31,11 @@ var ( watchNamespaces []string + watchSecretNamespace = flag.String("watch-secret-namespace", "", + `Comma separated list of namespaces the Ingress Controller should watch for secrets. If this arg is not configured, the Ingress Controller watches the same namespaces for all resources. See "watch-namespace". `) + + watchSecretNamespaces []string + nginxConfigMaps = flag.String("nginx-configmaps", "", `A ConfigMap resource for customizing NGINX configuration. If a ConfigMap is set, but the Ingress Controller is not able to fetch it from Kubernetes API, the Ingress Controller will fail to start. @@ -187,19 +183,26 @@ var ( ) //gocyclo:ignore -func parseFlags(versionInfo string, binaryInfo string) { +func parseFlags() { flag.Parse() - initialChecks() - if *versionFlag { - printVersionInfo(versionInfo, binaryInfo) + os.Exit(0) } - glog.Infof("Starting NGINX Ingress Controller %v PlusFlag=%v", versionInfo, *nginxPlus) - glog.Info(binaryInfo) + initialChecks() watchNamespaces = strings.Split(*watchNamespace, ",") + glog.Infof("Namespaces watched: %v", watchNamespaces) + + if len(*watchSecretNamespace) > 0 { + watchSecretNamespaces = strings.Split(*watchSecretNamespace, ",") + } else { + // empty => default to watched namespaces + watchSecretNamespaces = watchNamespaces + } + + glog.Infof("Namespaces watched for secrets: %v", watchSecretNamespaces) validationChecks() @@ -284,19 +287,14 @@ func initialChecks() { } } + glog.Infof("Starting with flags: %+q", os.Args[1:]) + unparsed := flag.Args() if len(unparsed) > 0 { glog.Warningf("Ignoring unhandled arguments: %+q", unparsed) } } -// printVersionInfo prints the the version and binary info before exiting if the flag is set -func printVersionInfo(versionInfo string, binaryInfo string) { - fmt.Println(versionInfo) - fmt.Println(binaryInfo) - os.Exit(0) -} - // validationChecks checks the values for various flags func validationChecks() { healthStatusURIValidationError := validateLocation(*healthStatusURI) @@ -314,6 +312,11 @@ func validationChecks() { glog.Fatalf("Invalid values for namespaces: %v", namespacesNameValidationError) } + namespacesNameValidationError = validateNamespaceNames(watchSecretNamespaces) + if namespacesNameValidationError != nil { + glog.Fatalf("Invalid values for secret namespaces: %v", namespacesNameValidationError) + } + statusPortValidationError := validatePort(*nginxStatusPort) if statusPortValidationError != nil { glog.Fatalf("Invalid value for nginx-status-port: %v", statusPortValidationError) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 83a68f7b04..68ed5345ae 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -7,6 +7,7 @@ import ( "net/http" "os" "os/signal" + "runtime" "strings" "syscall" "time" @@ -37,9 +38,14 @@ import ( clientcmdapi "k8s.io/client-go/tools/clientcmd/api" ) +// Injected during build +var version string + func main() { - binaryInfo, versionInfo := getBuildInfo() - parseFlags(binaryInfo, versionInfo) + commitHash, commitTime, dirtyBuild := getBuildInfo() + fmt.Printf("NGINX Ingress Controller Version=%v Commit=%v Date=%v DirtyState=%v Arch=%v/%v Go=%v\n", version, commitHash, commitTime, dirtyBuild, runtime.GOOS, runtime.GOARCH, runtime.Version()) + + parseFlags() config, kubeClient := createConfigAndKubeClient() @@ -47,7 +53,9 @@ func main() { validateIngressClass(kubeClient) - checkNamespaceExists(kubeClient) + checkNamespaceExists(kubeClient, watchNamespaces) + + checkNamespaceExists(kubeClient, watchSecretNamespaces) dynClient, confClient := createCustomClients(config) @@ -121,6 +129,7 @@ func main() { RestConfig: config, ResyncPeriod: 30 * time.Second, Namespace: watchNamespaces, + SecretNamespace: watchSecretNamespaces, NginxConfigurator: cnf, DefaultServerSecret: *defaultServerSecret, AppProtectEnabled: *appProtect, @@ -213,7 +222,7 @@ func kubernetesVersionInfo(kubeClient kubernetes.Interface) { } glog.Infof("Kubernetes version: %v", k8sVersion) - minK8sVersion, err := util_version.ParseGeneric("1.19.0") + minK8sVersion, err := util_version.ParseGeneric("1.21.0") if err != nil { glog.Fatalf("unexpected error parsing minimum supported version: %v", err) } @@ -234,8 +243,8 @@ func validateIngressClass(kubeClient kubernetes.Interface) { } } -func checkNamespaceExists(kubeClient kubernetes.Interface) { - for _, ns := range watchNamespaces { +func checkNamespaceExists(kubeClient kubernetes.Interface, namespaces []string) { + for _, ns := range namespaces { if ns != "" { _, err := kubeClient.CoreV1().Namespaces().Get(context.TODO(), ns, meta_v1.GetOptions{}) if err != nil { diff --git a/cmd/nginx-ingress/utils.go b/cmd/nginx-ingress/utils.go index 406d1b0c79..778aebd729 100644 --- a/cmd/nginx-ingress/utils.go +++ b/cmd/nginx-ingress/utils.go @@ -1,15 +1,17 @@ package main import ( - "fmt" - "runtime" "runtime/debug" ) -func getBuildInfo() (string, string) { +func getBuildInfo() (commitHash string, commitTime string, dirtyBuild string) { + commitHash = "unknown" + commitTime = "unknown" + dirtyBuild = "unknown" + info, ok := debug.ReadBuildInfo() if !ok { - return "", "" + return } for _, kv := range info.Settings { switch kv.Key { @@ -18,11 +20,8 @@ func getBuildInfo() (string, string) { case "vcs.time": commitTime = kv.Value case "vcs.modified": - dirtyBuild = kv.Value == "true" + dirtyBuild = kv.Value } } - binaryInfo := fmt.Sprintf("Commit=%v Date=%v DirtyState=%v Arch=%v/%v Go=%v", commitHash, commitTime, dirtyBuild, runtime.GOOS, runtime.GOARCH, runtime.Version()) - versionInfo := fmt.Sprintf("Version=%v", version) - - return versionInfo, binaryInfo + return commitHash, commitTime, dirtyBuild } diff --git a/deployments/common/crds/appprotect.f5.com_aplogconfs.yaml b/deployments/common/crds/appprotect.f5.com_aplogconfs.yaml index bf29492895..53b7fb40d7 100644 --- a/deployments/common/crds/appprotect.f5.com_aplogconfs.yaml +++ b/deployments/common/crds/appprotect.f5.com_aplogconfs.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.0 + controller-gen.kubebuilder.io/version: v0.10.0 creationTimestamp: null name: aplogconfs.appprotect.f5.com spec: diff --git a/deployments/common/crds/appprotect.f5.com_appolicies.yaml b/deployments/common/crds/appprotect.f5.com_appolicies.yaml index ac4c6c31ef..8c494414cb 100644 --- a/deployments/common/crds/appprotect.f5.com_appolicies.yaml +++ b/deployments/common/crds/appprotect.f5.com_appolicies.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.0 + controller-gen.kubebuilder.io/version: v0.10.0 creationTimestamp: null name: appolicies.appprotect.f5.com spec: @@ -334,6 +334,8 @@ spec: type: object settings: properties: + caseSensitiveHttpHeaders: + type: boolean isEnabled: type: boolean type: object diff --git a/deployments/common/crds/appprotect.f5.com_apusersigs.yaml b/deployments/common/crds/appprotect.f5.com_apusersigs.yaml index 044eeb4563..34eb0784f4 100644 --- a/deployments/common/crds/appprotect.f5.com_apusersigs.yaml +++ b/deployments/common/crds/appprotect.f5.com_apusersigs.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.0 + controller-gen.kubebuilder.io/version: v0.10.0 creationTimestamp: null name: apusersigs.appprotect.f5.com spec: diff --git a/deployments/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml b/deployments/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml index f6e0f7110e..e23e87184b 100644 --- a/deployments/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml +++ b/deployments/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml @@ -38,13 +38,11 @@ spec: - splunk - arcsight - user-defined - default: splunk type: string format_string: type: string max_message_size: pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$ - default: 5k type: string type: object filter: diff --git a/deployments/common/ns-and-sa.yaml b/deployments/common/ns-and-sa.yaml index 0bdee73511..b7316e6f30 100644 --- a/deployments/common/ns-and-sa.yaml +++ b/deployments/common/ns-and-sa.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Namespace metadata: - name: nginx-ingress + name: nginx-ingress --- apiVersion: v1 kind: ServiceAccount metadata: - name: nginx-ingress + name: nginx-ingress namespace: nginx-ingress -#automountServiceAccountToken: false \ No newline at end of file +#automountServiceAccountToken: false diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index 48f34e01d8..7b87dd0e6b 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -19,7 +19,7 @@ spec: serviceAccountName: nginx-ingress automountServiceAccountToken: true containers: - - image: nginx/nginx-ingress:2.3.1 + - image: nginx/nginx-ingress:2.4.1 imagePullPolicy: IfNotPresent name: nginx-ingress ports: diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index c5ec7a9337..59af9c0d73 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -19,7 +19,7 @@ spec: serviceAccountName: nginx-ingress automountServiceAccountToken: true containers: - - image: nginx-plus-ingress:2.3.1 + - image: nginx-plus-ingress:2.4.1 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index d87820e004..e26248e694 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -20,7 +20,7 @@ spec: serviceAccountName: nginx-ingress automountServiceAccountToken: true containers: - - image: nginx/nginx-ingress:2.3.1 + - image: nginx/nginx-ingress:2.4.1 imagePullPolicy: IfNotPresent name: nginx-ingress ports: diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index 4b43606ad3..97a0b08dc1 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -20,7 +20,7 @@ spec: serviceAccountName: nginx-ingress automountServiceAccountToken: true containers: - - image: nginx-plus-ingress:2.3.1 + - image: nginx-plus-ingress:2.4.1 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: diff --git a/deployments/helm-chart-dos-arbitrator/Chart.yaml b/deployments/helm-chart-dos-arbitrator/Chart.yaml index e222d5c2b4..b0cce89c2f 100644 --- a/deployments/helm-chart-dos-arbitrator/Chart.yaml +++ b/deployments/helm-chart-dos-arbitrator/Chart.yaml @@ -2,12 +2,12 @@ name: nginx-appprotect-dos-arbitrator version: 0.1.0 appVersion: 1.1.0 apiVersion: v1 -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" description: NGINX App Protect Dos arbitrator -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.0/deployments/helm-chart-dos-arbitrator/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/deployments/helm-chart-dos-arbitrator/chart-icon.png home: https://github.com/nginxinc/kubernetes-ingress sources: - - https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.0/deployments/helm-chart-dos-arbitrator + - https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/deployments/helm-chart-dos-arbitrator keywords: - appprotect-dos - nginx diff --git a/deployments/helm-chart-dos-arbitrator/README.md b/deployments/helm-chart-dos-arbitrator/README.md index 87a34b5a20..af51a69c9d 100644 --- a/deployments/helm-chart-dos-arbitrator/README.md +++ b/deployments/helm-chart-dos-arbitrator/README.md @@ -16,7 +16,7 @@ This step is required if you're installing the chart using its sources. Addition 1. Clone the Ingress Controller repo: ```console - $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.3.1 + $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.4.1 ``` 2. Change your working directory to /deployments/helm-chart-dos-arbitrator: ```console diff --git a/deployments/helm-chart-dos-arbitrator/templates/_helpers.tpl b/deployments/helm-chart-dos-arbitrator/templates/_helpers.tpl index 029b5434ce..02714455be 100644 --- a/deployments/helm-chart-dos-arbitrator/templates/_helpers.tpl +++ b/deployments/helm-chart-dos-arbitrator/templates/_helpers.tpl @@ -15,4 +15,4 @@ app.kubernetes.io/name: {{ include "arbitrator.name" . }} helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/deployments/helm-chart-dos-arbitrator/values.yaml b/deployments/helm-chart-dos-arbitrator/values.yaml index 1c42666205..eeacd9d3cf 100644 --- a/deployments/helm-chart-dos-arbitrator/values.yaml +++ b/deployments/helm-chart-dos-arbitrator/values.yaml @@ -1,6 +1,6 @@ arbitrator: ## The resources of the Arbitrator pods. - resources: + resources: limits: cpu: 500m memory: 128Mi diff --git a/deployments/helm-chart/Chart.yaml b/deployments/helm-chart/Chart.yaml index 5d10d941a1..00a42d0bfa 100644 --- a/deployments/helm-chart/Chart.yaml +++ b/deployments/helm-chart/Chart.yaml @@ -1,14 +1,14 @@ apiVersion: v2 name: nginx-ingress -version: 0.14.1 -appVersion: 2.3.1 -kubeVersion: ">= 1.19.0-0" +version: 0.15.1 +appVersion: 2.4.1 +kubeVersion: ">= 1.21.0-0" type: application description: NGINX Ingress Controller -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.1/deployments/helm-chart/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/deployments/helm-chart/chart-icon.png home: https://github.com/nginxinc/kubernetes-ingress sources: - - https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/deployments/helm-chart + - https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/deployments/helm-chart keywords: - ingress - nginx diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index e1f3b7988f..fce988fce2 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -23,7 +23,7 @@ This step is required if you're installing the chart using its sources. Addition 1. Clone the Ingress Controller repo: ```console - $ git clone https://github.com/nginxinc/kubernetes-ingress --branch v2.3.1 + $ git clone https://github.com/nginxinc/kubernetes-ingress --branch v2.4.1 ``` **Note**: If you want to use the experimental repository (`edge`), remove the `--branch` flag and value. @@ -150,14 +150,16 @@ Parameter | Description | Default --- | --- | --- `controller.name` | The name of the Ingress Controller daemonset or deployment. | Autogenerated `controller.kind` | The kind of the Ingress Controller installation - deployment or daemonset. | deployment +`controller.annotations` | Allows for setting of `annotations` for deployment or daemonset. | {} `controller.nginxplus` | Deploys the Ingress Controller for NGINX Plus. | false `controller.nginxReloadTimeout` | The timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. | 60000 `controller.hostNetwork` | Enables the Ingress Controller pods to use the host's network namespace. | false +`controller.dnsPolicy` | DNS policy for the Ingress Controller pods. | ClusterFirst `controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false `controller.logLevel` | The log level of the Ingress Controller. | 1 `controller.image.digest ` | The image digest of the Ingress Controller. | None `controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress -`controller.image.tag` | The tag of the Ingress Controller image. | 2.3.1 +`controller.image.tag` | The tag of the Ingress Controller image. | 2.4.1 `controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent `controller.lifecycle` | The lifecycle of the Ingress Controller pods. | {} `controller.customConfigMap` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | "" @@ -184,7 +186,8 @@ Parameter | Description | Default `controller.replicaCount` | The number of replicas of the Ingress Controller deployment. | 1 `controller.ingressClass` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx `controller.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass`. | false -`controller.watchNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. | "" +`controller.watchNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchNamespace="default\,nginx-ingress"`. | "" +`controller.watchSecretNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources of type Secret. If this arg is not configured, the Ingress Controller watches the same namespaces for all resources. See `watch-namespace`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchSecretNamespace="default\,nginx-ingress"`. | "" `controller.enableCustomResources` | Enable the custom resources. | true `controller.enablePreviewPolicies` | Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use `controller.enableOIDC` instead. | false `controller.enableOIDC` | Enable OIDC policies. | false @@ -218,6 +221,7 @@ Parameter | Description | Default `controller.service.httpsPort.port` | The HTTPS port of the Ingress Controller service. | 443 `controller.service.httpsPort.nodePort` | The custom NodePort for the HTTPS port. Requires `controller.service.type` set to `NodePort`. | "" `controller.service.httpsPort.targetPort` | The target port of the HTTPS port of the Ingress Controller service. | 443 +`controller.serviceAccount.annotations` | The annotations of the Ingress Controller service account. | {} `controller.serviceAccount.name` | The name of the service account of the Ingress Controller pods. Used for RBAC. | Autogenerated `controller.serviceAccount.imagePullSecretName` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. | "" `controller.serviceMonitor.name` | The name of the serviceMonitor. | Autogenerated @@ -244,6 +248,12 @@ Parameter | Description | Default `controller.readyStatus.initialDelaySeconds` | The number of seconds after the Ingress Controller pod has started before readiness probes are initiated. | 0 `controller.enableLatencyMetrics` | Enable collection of latency metrics for upstreams. Requires `prometheus.create`. | false `controller.minReadySeconds` | Specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) | 0 +`controller.autoscaling.enabled` | Enables HorizontalPodAutoscaling. | false +`controller.autoscaling.annotations` | The annotations of the Ingress Controller HorizontalPodAutoscaler. | {} +`controller.autoscaling.minReplicas` | Minimum number of replicas for the HPA. | 1 +`controller.autoscaling.maxReplicas` | Maximum number of replicas for the HPA. | 3 +`controller.autoscaling.targetCPUUtilizationPercentage` | The target CPU utilization percentage. | 50 +`controller.autoscaling.targetMemoryUtilizationPercentage` | The target memory utilization percentage. | 50 `controller.strategy` | Specifies the strategy used to replace old Pods by new ones. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | {} `controller.disableIPV6` | Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. | false `rbac.create` | Configures RBAC. | true diff --git a/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml b/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml index bf29492895..53b7fb40d7 100644 --- a/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml +++ b/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.0 + controller-gen.kubebuilder.io/version: v0.10.0 creationTimestamp: null name: aplogconfs.appprotect.f5.com spec: diff --git a/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml b/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml index ac4c6c31ef..8c494414cb 100644 --- a/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml +++ b/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.0 + controller-gen.kubebuilder.io/version: v0.10.0 creationTimestamp: null name: appolicies.appprotect.f5.com spec: @@ -334,6 +334,8 @@ spec: type: object settings: properties: + caseSensitiveHttpHeaders: + type: boolean isEnabled: type: boolean type: object diff --git a/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml b/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml index 044eeb4563..34eb0784f4 100644 --- a/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml +++ b/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.0 + controller-gen.kubebuilder.io/version: v0.10.0 creationTimestamp: null name: apusersigs.appprotect.f5.com spec: diff --git a/deployments/helm-chart/crds/appprotectdos.f5.com_apdoslogconfs.yaml b/deployments/helm-chart/crds/appprotectdos.f5.com_apdoslogconfs.yaml index f6e0f7110e..e23e87184b 100644 --- a/deployments/helm-chart/crds/appprotectdos.f5.com_apdoslogconfs.yaml +++ b/deployments/helm-chart/crds/appprotectdos.f5.com_apdoslogconfs.yaml @@ -38,13 +38,11 @@ spec: - splunk - arcsight - user-defined - default: splunk type: string format_string: type: string max_message_size: pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$ - default: 5k type: string type: object filter: diff --git a/deployments/helm-chart/templates/NOTES.txt b/deployments/helm-chart/templates/NOTES.txt index c61fbd1a23..c5f4cdf405 100644 --- a/deployments/helm-chart/templates/NOTES.txt +++ b/deployments/helm-chart/templates/NOTES.txt @@ -1 +1 @@ -The NGINX Ingress Controller has been installed. \ No newline at end of file +The NGINX Ingress Controller has been installed. diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index f097814afd..7b311fa2d8 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "nginx-ingress.labels" . | nindent 4 }} +{{- if .Values.controller.annotations }} + annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} +{{- end }} spec: selector: matchLabels: @@ -68,6 +71,7 @@ spec: priorityClassName: {{ .Values.controller.priorityClassName }} {{- end }} hostNetwork: {{ .Values.controller.hostNetwork }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} containers: - name: {{ include "nginx-ingress.name" . }} image: {{ include "nginx-ingress.image" . }} @@ -159,6 +163,9 @@ spec: - -ingress-class={{ .Values.controller.ingressClass }} {{- if .Values.controller.watchNamespace }} - -watch-namespace={{ .Values.controller.watchNamespace }} +{{- end }} +{{- if .Values.controller.watchSecretNamespace }} + - -watch-secret-namespace={{ .Values.controller.watchSecretNamespace }} {{- end }} - -health-status={{ .Values.controller.healthStatus }} - -health-status-uri={{ .Values.controller.healthStatusURI }} @@ -216,7 +223,6 @@ spec: {{- if .Values.controller.initContainers }} initContainers: {{ toYaml .Values.controller.initContainers | nindent 8 }} {{- end }} -{{- end }} {{- if .Values.controller.strategy }} updateStrategy: {{ toYaml .Values.controller.strategy | indent 4 }} @@ -224,3 +230,4 @@ spec: {{- if .Values.controller.minReadySeconds }} minReadySeconds: {{ .Values.controller.minReadySeconds }} {{- end }} +{{- end }} diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index e8b20d4252..9ec53bf972 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "nginx-ingress.labels" . | nindent 4 }} +{{- if .Values.controller.annotations }} + annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} +{{- end }} spec: replicas: {{ .Values.controller.replicaCount }} selector: @@ -73,6 +76,7 @@ spec: automountServiceAccountToken: true terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} hostNetwork: {{ .Values.controller.hostNetwork }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} containers: - image: {{ include "nginx-ingress.image" . }} name: {{ include "nginx-ingress.name" . }} @@ -162,6 +166,9 @@ spec: - -ingress-class={{ .Values.controller.ingressClass }} {{- if .Values.controller.watchNamespace }} - -watch-namespace={{ .Values.controller.watchNamespace }} +{{- end }} +{{- if .Values.controller.watchSecretNamespace }} + - -watch-secret-namespace={{ .Values.controller.watchSecretNamespace }} {{- end }} - -health-status={{ .Values.controller.healthStatus }} - -health-status-uri={{ .Values.controller.healthStatusURI }} @@ -219,7 +226,6 @@ spec: {{- if .Values.controller.initContainers }} initContainers: {{ toYaml .Values.controller.initContainers | nindent 8 }} {{- end }} -{{- end }} {{- if .Values.controller.strategy }} strategy: {{ toYaml .Values.controller.strategy | indent 4 }} @@ -227,3 +233,4 @@ spec: {{- if .Values.controller.minReadySeconds }} minReadySeconds: {{ .Values.controller.minReadySeconds }} {{- end }} +{{- end }} diff --git a/deployments/helm-chart/templates/controller-hpa.yaml b/deployments/helm-chart/templates/controller-hpa.yaml new file mode 100644 index 0000000000..1d705f15d1 --- /dev/null +++ b/deployments/helm-chart/templates/controller-hpa.yaml @@ -0,0 +1,37 @@ +{{- if and .Values.controller.autoscaling.enabled (eq .Values.controller.kind "deployment") (semverCompare ">=1.23.0" .Capabilities.KubeVersion.Version) -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "nginx-ingress.serviceName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +{{- if .Values.controller.autoscaling.annotations }} + annotations: +{{ toYaml .Values.controller.autoscaling.annotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ default (include "nginx-ingress.name" .) .Values.controller.name }} + minReplicas: {{ .Values.controller.autoscaling.minReplicas }} + maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} + metrics: + {{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/deployments/helm-chart/templates/controller-serviceaccount.yaml b/deployments/helm-chart/templates/controller-serviceaccount.yaml index c03c6a793b..e1a3b51a06 100644 --- a/deployments/helm-chart/templates/controller-serviceaccount.yaml +++ b/deployments/helm-chart/templates/controller-serviceaccount.yaml @@ -2,6 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: +{{- if .Values.controller.serviceAccount.annotations }} + annotations: {{- toYaml .Values.controller.serviceAccount.annotations | nindent 4 }} +{{- end }} name: {{ include "nginx-ingress.serviceAccountName" . }} namespace: {{ .Release.Namespace }} labels: diff --git a/deployments/helm-chart/templates/rbac.yaml b/deployments/helm-chart/templates/rbac.yaml index 55329394e2..ad95710a86 100644 --- a/deployments/helm-chart/templates/rbac.yaml +++ b/deployments/helm-chart/templates/rbac.yaml @@ -7,14 +7,14 @@ metadata: {{- include "nginx-ingress.labels" . | nindent 4 }} rules: {{- if .Values.controller.appprotect.enable }} -- apiGroups: +- apiGroups: - appprotect.f5.com - resources: + resources: - appolicies - aplogconfs - apusersigs - verbs: - - get + verbs: + - get - watch - list {{- end }} @@ -66,6 +66,14 @@ rules: verbs: - list - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -74,6 +82,16 @@ rules: - create - patch - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - create - apiGroups: - networking.k8s.io resources: diff --git a/deployments/helm-chart/values-icp.yaml b/deployments/helm-chart/values-icp.yaml index f50a2ff984..1d0a6e7012 100644 --- a/deployments/helm-chart/values-icp.yaml +++ b/deployments/helm-chart/values-icp.yaml @@ -3,7 +3,7 @@ controller: nginxplus: true image: repository: mycluster.icp:8500/kube-system/nginx-plus-ingress - tag: "2.3.1" + tag: "2.4.1" nodeSelector: beta.kubernetes.io/arch: "amd64" proxy: true diff --git a/deployments/helm-chart/values-nsm.yaml b/deployments/helm-chart/values-nsm.yaml index 73e7b93166..153a3aeb86 100644 --- a/deployments/helm-chart/values-nsm.yaml +++ b/deployments/helm-chart/values-nsm.yaml @@ -2,7 +2,7 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "2.3.1" + tag: "2.4.1" enableLatencyMetrics: true nginxServiceMesh: enable: true diff --git a/deployments/helm-chart/values-plus.yaml b/deployments/helm-chart/values-plus.yaml index cb202bb3d3..479854940d 100644 --- a/deployments/helm-chart/values-plus.yaml +++ b/deployments/helm-chart/values-plus.yaml @@ -2,4 +2,4 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "2.3.1" + tag: "2.4.1" diff --git a/deployments/helm-chart/values.schema.json b/deployments/helm-chart/values.schema.json new file mode 100644 index 0000000000..09163df0fe --- /dev/null +++ b/deployments/helm-chart/values.schema.json @@ -0,0 +1,1595 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "type": "object", + "default": {}, + "title": "Root Schema", + "required": [ + "controller", + "rbac", + "prometheus", + "nginxServiceMesh" + ], + "properties": { + "controller": { + "type": "object", + "default": {}, + "title": "The Ingress Controller Helm Schema", + "required": [ + "kind", + "image" + ], + "properties": { + "name": { + "type": "string", + "default": "", + "title": "The name of the Ingress Controller", + "examples": [ + "nginx-ingress" + ] + }, + "kind": { + "type": "string", + "default": "", + "title": "The kind of the Ingress Controller", + "enum": [ + "deployment", + "daemonset" + ], + "examples": [ + "deployment", + "daemonset" + ] + }, + "nginxplus": { + "type": "boolean", + "default": false, + "title": "Deploys the Ingress Controller for NGINX Plus", + "examples": [ + false, + true + ] + }, + "nginxReloadTimeout": { + "type": "integer", + "default": 0, + "title": "Timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start", + "examples": [ + 60000 + ] + }, + "appprotect": { + "type": "object", + "default": {}, + "title": "The App Protect WAF Schema", + "required": [ + "enable" + ], + "properties": { + "enable": { + "type": "boolean", + "default": false, + "title": "Enable the App Protect WAF module in the Ingress Controller", + "examples": [ + false, + true + ] + }, + "logLevel": { + "type": "string", + "default": "", + "title": "The logLevel for App Protect WAF", + "enum": [ + "fatal", + "error", + "warn", + "info", + "debug", + "trace" + ], + "examples": [ + "fatal", + "error", + "warn", + "info", + "debug", + "trace" + ] + } + }, + "examples": [ + { + "enable": true, + "logLevel": "fatal" + } + ] + }, + "appprotectdos": { + "type": "object", + "default": {}, + "title": "The App Protect DoS Schema", + "required": [ + "enable" + ], + "properties": { + "enable": { + "type": "boolean", + "default": false, + "title": "Enable the App Protect DoS module in the Ingress Controller", + "examples": [ + false, + true + ] + }, + "debug": { + "type": "boolean", + "default": false, + "title": "debugging for App Protect DoS", + "examples": [ + false, + true + ] + }, + "maxWorkers": { + "type": "integer", + "default": 0, + "title": "Max number of nginx processes to support", + "examples": [ + 0 + ] + }, + "maxDaemons": { + "type": "integer", + "default": 0, + "title": "Max number of ADMD instances", + "examples": [ + 0 + ] + }, + "memory": { + "type": "integer", + "default": 0, + "title": "RAM memory size to consume in MB", + "examples": [ + 0 + ] + } + }, + "examples": [ + { + "enable": true, + "debug": false, + "maxWorkers": 0, + "maxDaemons": 0, + "memory": 0 + } + ] + }, + "hostNetwork": { + "type": "boolean", + "default": false, + "title": "The hostNetwork Schema", + "examples": [ + false, + true + ] + }, + "nginxDebug": { + "type": "boolean", + "default": false, + "title": "Enables debugging for NGINX", + "examples": [ + false, + true + ] + }, + "logLevel": { + "type": "integer", + "default": 1, + "title": "The logLevel of the Ingress Controller", + "enum": [ + 0, + 1, + 2, + 3 + ], + "examples": [ + 1 + ] + }, + "customPorts": { + "type": "array", + "default": [], + "title": "The customPorts to expose on the NGINX ingress controller pod", + "items": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort" + }, + "examples": [ + [ + { + "name": "http", + "containerPort": 80, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 443, + "protocol": "TCP" + } + ] + ] + }, + "image": { + "type": "object", + "default": {}, + "title": "The image Schema", + "required": [ + "repository", + "tag" + ], + "properties": { + "repository": { + "type": "string", + "default": "nginx/nginx-ingress", + "title": "The repository of the Ingress Controller", + "examples": [ + "nginx/nginx-ingress" + ] + }, + "tag": { + "type": "string", + "default": "2.3.1", + "title": "The tag of the Ingress Controller image", + "examples": [ + "2.3.1" + ] + }, + "digest": { + "type": "string", + "default": "", + "title": "The digest of the Ingress Controller image", + "examples": [ + "sha256:2710c264e8eaeb663cee63db37b75a1ac1709f63a130fb091c843a6c3a4dc572" + ] + }, + "pullPolicy": { + "type": "string", + "default": "IfNotPresent", + "title": "The pullPolicy for the Ingress Controller image", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy" + }, + { + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] + } + ], + "examples": [ + "Always", + "IfNotPresent", + "Never" + ] + } + }, + "examples": [ + { + "repository": "nginx/nginx-ingress", + "tag": "2.3.1", + "pullPolicy": "IfNotPresent" + } + ] + }, + "lifecycle": { + "type": "object", + "default": {}, + "title": "The lifecycle Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.Lifecycle" + }, + "customConfigMap": { + "type": "string", + "default": "", + "title": "The customConfigMap Schema", + "examples": [ + "" + ] + }, + "config": { + "type": "object", + "default": {}, + "title": "The config Schema", + "required": [], + "properties": { + "name": { + "type": "string", + "default": "", + "title": "The name Schema", + "examples": [ + "" + ] + }, + "annotations": { + "type": "object", + "default": {}, + "title": "The annotations Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + }, + "entries": { + "type": "object", + "default": {}, + "title": "The entries Schema", + "required": [], + "properties": {}, + "examples": [ + {} + ] + } + }, + "examples": [ + { + "name": "", + "annotations": {}, + "entries": {} + } + ] + }, + "defaultTLS": { + "type": "object", + "default": {}, + "title": "The defaultTLS Schema", + "required": [], + "properties": { + "cert": { + "type": "string", + "default": "", + "title": "The cert Schema", + "examples": [] + }, + "key": { + "type": "string", + "default": "", + "title": "The key Schema", + "examples": [] + }, + "secret": { + "type": "string", + "default": "", + "title": "The secret Schema", + "examples": [ + "" + ] + } + }, + "examples": [] + }, + "wildcardTLS": { + "type": "object", + "default": {}, + "title": "The wildcardTLS Schema", + "required": [], + "properties": { + "cert": { + "type": "string", + "default": "", + "title": "The cert Schema", + "examples": [ + "" + ] + }, + "key": { + "type": "string", + "default": "", + "title": "The key Schema", + "examples": [ + "" + ] + }, + "secret": { + "type": "string", + "default": "", + "title": "The secret Schema", + "examples": [ + "" + ] + } + }, + "examples": [] + }, + "nodeSelector": { + "type": "object", + "default": {}, + "title": "The nodeSelector Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.NodeSelector" + }, + "terminationGracePeriodSeconds": { + "type": "integer", + "default": 30, + "title": "The terminationGracePeriodSeconds Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/terminationGracePeriodSeconds" + }, + "resources": { + "type": "object", + "default": {}, + "title": "The resources Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "tolerations": { + "type": "array", + "default": [], + "title": "The tolerations Schema", + "items": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration" + } + }, + "affinity": { + "type": "object", + "default": {}, + "title": "The affinity Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity" + }, + "topologySpreadConstraints": { + "type": "object", + "default": {}, + "title": "The topologySpreadConstraints Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "volumes": { + "type": "array", + "default": [], + "title": "The volumes Schema", + "items": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.Volume" + } + }, + "volumeMounts": { + "type": "array", + "default": [], + "title": "The volumeMounts Schema", + "items": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount" + } + }, + "initContainers": { + "type": "array", + "default": [], + "title": "The initContainers Schema", + "items": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.Container" + } + }, + "minReadySeconds": { + "type": "integer", + "default": 0, + "title": "The minReadySeconds Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentSpec/properties/minReadySeconds" + }, + "strategy": { + "type": "object", + "default": {}, + "title": "The strategy Schema", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentStrategy" + }, + { + "properties": { + "type": { + "type": "string", + "enum": [ + "Recreate", + "RollingUpdate" + ] + } + } + } + ] + }, + "extraContainers": { + "type": "array", + "default": [], + "title": "The extraContainers Schema", + "items": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.Container" + } + }, + "replicaCount": { + "type": "integer", + "default": 1, + "title": "The replicaCount", + "examples": [ + 1 + ] + }, + "ingressClass": { + "type": "string", + "default": "", + "title": "The ingressClass", + "examples": [ + "nginx" + ] + }, + "setAsDefaultIngress": { + "type": "boolean", + "default": false, + "title": "The setAsDefaultIngress", + "examples": [ + false + ] + }, + "watchNamespace": { + "type": "string", + "default": "", + "title": "The watchNamespace", + "examples": [ + "" + ] + }, + "enableCustomResources": { + "type": "boolean", + "default": false, + "title": "The enableCustomResources", + "examples": [ + true + ] + }, + "enablePreviewPolicies": { + "type": "boolean", + "default": false, + "title": "The enablePreviewPolicies", + "examples": [ + false + ] + }, + "enableOIDC": { + "type": "boolean", + "default": false, + "title": "The enableOIDC", + "examples": [ + false + ] + }, + "includeYear": { + "type": "boolean", + "default": false, + "title": "The includeYear", + "examples": [ + false + ] + }, + "enableTLSPassthrough": { + "type": "boolean", + "default": false, + "title": "The enableTLSPassthrough", + "examples": [ + false + ] + }, + "enableCertManager": { + "type": "boolean", + "default": false, + "title": "The enableCertManager", + "examples": [ + false + ] + }, + "enableExternalDNS": { + "type": "boolean", + "default": false, + "title": "The enableExternalDNS", + "examples": [ + false + ] + }, + "globalConfiguration": { + "type": "object", + "default": {}, + "title": "The globalConfiguration Schema", + "required": [ + "create", + "spec" + ], + "properties": { + "create": { + "type": "boolean", + "default": false, + "title": "The create Schema", + "examples": [ + false + ] + }, + "spec": { + "type": "object", + "default": {}, + "title": "The spec Schema", + "required": [], + "properties": { + "listeners": { + "type": "array", + "default": [], + "title": "The listeners Schema", + "items": { + "type": "object", + "default": {}, + "properties": { + "port": { + "type": "integer", + "default": 0, + "title": "The port", + "examples": [ + 5353 + ] + }, + "protocol": { + "type": "string", + "default": "", + "title": "The protocol", + "examples": [ + "TCP" + ] + }, + "name": { + "type": "string", + "default": "", + "title": "The name", + "examples": [ + "dns-tcp" + ] + } + } + } + } + }, + "examples": [ + {} + ] + } + }, + "examples": [ + { + "create": false, + "spec": {} + } + ] + }, + "enableSnippets": { + "type": "boolean", + "default": false, + "title": "The enableSnippets", + "examples": [ + false + ] + }, + "healthStatus": { + "type": "boolean", + "default": false, + "title": "The healthStatus", + "examples": [ + false + ] + }, + "healthStatusURI": { + "type": "string", + "format": "uri-reference", + "default": "/nginx-health", + "title": "The healthStatusURI Schema", + "examples": [ + "/nginx-health" + ] + }, + "nginxStatus": { + "type": "object", + "default": {}, + "title": "The nginxStatus Schema", + "required": [], + "properties": { + "enable": { + "type": "boolean", + "default": false, + "title": "The enable", + "examples": [ + true + ] + }, + "port": { + "type": "integer", + "default": 8080, + "title": "The port", + "examples": [ + 8080 + ] + }, + "allowCidrs": { + "type": "string", + "default": "127.0.0.1", + "title": "The allowCidrs", + "examples": [ + "127.0.0.1" + ] + } + }, + "examples": [ + { + "enable": true, + "port": 8080, + "allowCidrs": "127.0.0.1" + } + ] + }, + "service": { + "type": "object", + "default": {}, + "title": "The service Schema", + "required": [], + "properties": { + "create": { + "type": "boolean", + "default": false, + "title": "The create", + "examples": [ + true + ] + }, + "type": { + "type": "string", + "default": "", + "title": "The type", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/type" + }, + "externalTrafficPolicy": { + "type": "string", + "default": "", + "title": "The externalTrafficPolicy", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy" + }, + "annotations": { + "type": "object", + "default": {}, + "title": "The annotations", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + }, + "extraLabels": { + "type": "object", + "default": {}, + "title": "The extraLabels", + "required": [], + "properties": {}, + "examples": [ + {} + ] + }, + "loadBalancerIP": { + "type": "string", + "default": "", + "title": "The loadBalancerIP", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/loadBalancerIP" + }, + "externalIPs": { + "type": "array", + "default": [], + "title": "The externalIPs", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalIPs" + }, + "loadBalancerSourceRanges": { + "type": "array", + "default": [], + "title": "The loadBalancerSourceRanges", + "items": {}, + "examples": [ + [] + ] + }, + "name": { + "type": "string", + "default": "", + "title": "The name", + "examples": [ + "" + ] + }, + "allocateLoadBalancerNodePorts": { + "type": "boolean", + "default": false, + "title": "The allocateLoadBalancerNodePorts Schema", + "ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/allocateLoadBalancerNodePorts" + }, + "ipFamilyPolicy": { + "type": "string", + "default": "", + "title": "The ipFamilyPolicy Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilyPolicy", + "examples": [ + "" + ] + }, + "ipFamilies": { + "type": "array", + "default": [], + "title": "The ipFamilies Schema", + "ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilies" + }, + "httpPort": { + "type": "object", + "default": {}, + "title": "The httpPort", + "required": [], + "properties": { + "enable": { + "type": "boolean", + "default": false, + "title": "The enable", + "examples": [ + true + ] + }, + "port": { + "type": "integer", + "default": 0, + "title": "The port", + "examples": [ + 80 + ] + }, + "nodePort": { + "type": "integer", + "default": 0, + "title": "The nodePort", + "examples": [ + 443 + ] + }, + "targetPort": { + "type": "integer", + "default": 0, + "title": "The targetPort", + "examples": [ + 80 + ] + } + }, + "examples": [ + { + "enable": true, + "port": 80, + "nodePort": "", + "targetPort": 80 + } + ] + }, + "httpsPort": { + "type": "object", + "default": {}, + "title": "The httpsPort", + "required": [], + "properties": { + "enable": { + "type": "boolean", + "default": false, + "title": "The enable", + "examples": [ + true + ] + }, + "port": { + "type": "integer", + "default": 0, + "title": "The port", + "examples": [ + 443 + ] + }, + "nodePort": { + "type": "integer", + "default": 0, + "title": "The nodePort", + "examples": [ + 443 + ] + }, + "targetPort": { + "type": "integer", + "default": 0, + "title": "The targetPort", + "examples": [ + 443 + ] + } + }, + "examples": [ + { + "enable": true, + "port": 443, + "nodePort": "", + "targetPort": 443 + } + ] + }, + "customPorts": { + "type": "array", + "default": [], + "title": "The customPorts", + "items": { + "type": "object", + "ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.ServicePort" + } + } + }, + "examples": [ + { + "create": true, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local", + "annotations": {}, + "extraLabels": {}, + "loadBalancerIP": "", + "externalIPs": [], + "loadBalancerSourceRanges": [], + "name": "", + "allocateLoadBalancerNodePorts": false, + "ipFamilyPolicy": "", + "ipFamilies": [], + "httpPort": { + "enable": true, + "port": 80, + "targetPort": 80 + }, + "httpsPort": { + "enable": true, + "port": 443, + "targetPort": 443 + }, + "customPorts": [] + } + ] + }, + "serviceAccount": { + "type": "object", + "default": {}, + "title": "The serviceAccount Schema", + "required": [], + "properties": { + "name": { + "type": "string", + "default": "", + "title": "The name Schema", + "examples": [ + "" + ] + }, + "imagePullSecretName": { + "type": "string", + "default": "", + "title": "The imagePullSecretName", + "examples": [ + "" + ] + } + }, + "examples": [ + { + "name": "", + "imagePullSecretName": "" + } + ] + }, + "serviceMonitor": { + "type": "object", + "default": {}, + "title": "The serviceMonitor Schema", + "required": [], + "properties": { + "create": { + "type": "boolean", + "default": false, + "title": "The create", + "examples": [ + false + ] + }, + "name": { + "type": "string", + "default": "", + "title": "The name", + "examples": [ + "" + ] + }, + "labels": { + "type": "object", + "default": {}, + "title": "The labels Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" + }, + "selectorMatchLabels": { + "type": "object", + "default": {}, + "title": "The selectorMatchLabels Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels" + }, + "endpoints": { + "type": "array", + "default": [], + "title": "The endpoints", + "required": [], + "items": {} + } + }, + "examples": [ + { + "create": false, + "name": "", + "labels": {}, + "selectorMatchLabels": {}, + "endpoints": [] + } + ] + }, + "reportIngressStatus": { + "type": "object", + "default": {}, + "title": "The reportIngressStatus Schema", + "required": [ + "enable" + ], + "properties": { + "enable": { + "type": "boolean", + "default": false, + "title": "The enable", + "examples": [ + true + ] + }, + "externalService": { + "type": "string", + "default": "", + "title": "The externalService", + "examples": [ + "" + ] + }, + "ingressLink": { + "type": "string", + "default": "", + "title": "The ingressLink", + "examples": [ + "" + ] + }, + "enableLeaderElection": { + "type": "boolean", + "default": false, + "title": "The enableLeaderElection", + "examples": [ + true + ] + }, + "leaderElectionLockName": { + "type": "string", + "default": "", + "title": "The leaderElectionLockName", + "examples": [ + "" + ] + }, + "annotations": { + "type": "object", + "default": {}, + "title": "The annotations Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + } + }, + "examples": [ + { + "enable": true, + "externalService": "", + "ingressLink": "", + "enableLeaderElection": true, + "leaderElectionLockName": "", + "annotations": {} + } + ] + }, + "pod": { + "type": "object", + "default": {}, + "title": "The pod Schema", + "required": [], + "properties": { + "annotations": { + "type": "object", + "default": {}, + "title": "The annotations Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + }, + "extraLabels": { + "type": "object", + "default": {}, + "title": "The extraLabels Schema", + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels" + } + }, + "examples": [ + { + "annotations": {}, + "extraLabels": {} + } + ] + }, + "priorityClassName": { + "type": "null", + "default": null, + "title": "The priorityClassName", + "examples": [ + null + ] + }, + "readyStatus": { + "type": "object", + "default": {}, + "title": "The readyStatus", + "required": [], + "properties": { + "enable": { + "type": "boolean", + "default": false, + "title": "The enable", + "examples": [ + true + ] + }, + "port": { + "type": "integer", + "default": 0, + "title": "The port", + "examples": [ + 8081 + ] + }, + "initialDelaySeconds": { + "type": "integer", + "default": 0, + "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2/_definitions.json#/definitions/io.k8s.api.core.v1.Probe/properties/initialDelaySeconds" + } + }, + "examples": [ + { + "enable": true, + "port": 8081, + "initialDelaySeconds": 0 + } + ] + }, + "enableLatencyMetrics": { + "type": "boolean", + "default": false, + "title": "The enableLatencyMetrics", + "examples": [ + false + ] + }, + "disableIPV6": { + "type": "boolean", + "default": false, + "title": "The disableIPV6", + "examples": [ + false + ] + } + }, + "examples": [ + { + "name": "", + "kind": "deployment", + "nginxplus": false, + "nginxReloadTimeout": 60000, + "appprotect": { + "enable": false, + "logLevel": "fatal" + }, + "appprotectdos": { + "enable": false, + "debug": false, + "maxWorkers": 0, + "maxDaemons": 0, + "memory": 0 + }, + "hostNetwork": false, + "nginxDebug": false, + "logLevel": 1, + "customPorts": [], + "image": { + "repository": "nginx/nginx-ingress", + "tag": "2.3.1", + "digest": "", + "pullPolicy": "IfNotPresent" + }, + "lifecycle": {}, + "customConfigMap": "", + "config": { + "name": "", + "annotations": {}, + "entries": {} + }, + "defaultTLS": { + "cert": "", + "key": "", + "secret": "" + }, + "wildcardTLS": { + "cert": "", + "key": "", + "secret": "" + }, + "nodeSelector": {}, + "terminationGracePeriodSeconds": 30, + "resources": { + "requests": { + "cpu": "100m", + "memory": "128Mi" + } + }, + "tolerations": [], + "affinity": {}, + "topologySpreadConstraints": {}, + "volumes": [], + "volumeMounts": [], + "initContainers": [], + "minReadySeconds": 0, + "strategy": {}, + "extraContainers": [], + "replicaCount": 1, + "ingressClass": "nginx", + "setAsDefaultIngress": false, + "watchNamespace": "", + "enableCustomResources": true, + "enablePreviewPolicies": false, + "enableOIDC": false, + "includeYear": false, + "enableTLSPassthrough": false, + "enableCertManager": false, + "enableExternalDNS": false, + "globalConfiguration": { + "create": false, + "spec": {} + }, + "enableSnippets": false, + "healthStatus": false, + "healthStatusURI": "/nginx-health", + "nginxStatus": { + "enable": true, + "port": 8080, + "allowCidrs": "127.0.0.1" + }, + "service": { + "create": true, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local", + "annotations": {}, + "extraLabels": {}, + "loadBalancerIP": "", + "externalIPs": [], + "loadBalancerSourceRanges": [], + "name": "", + "allocateLoadBalancerNodePorts": false, + "ipFamilyPolicy": "", + "ipFamilies": [], + "httpPort": { + "enable": true, + "port": 80, + "targetPort": 80 + }, + "httpsPort": { + "enable": true, + "port": 443, + "targetPort": 443 + }, + "customPorts": [] + }, + "serviceAccount": { + "name": "", + "imagePullSecretName": "" + }, + "serviceMonitor": { + "create": false, + "name": "", + "labels": {}, + "selectorMatchLabels": {}, + "endpoints": {} + }, + "reportIngressStatus": { + "enable": true, + "externalService": "", + "ingressLink": "", + "enableLeaderElection": true, + "leaderElectionLockName": "", + "annotations": {} + }, + "pod": { + "annotations": {}, + "extraLabels": {} + }, + "priorityClassName": null, + "readyStatus": { + "enable": true, + "port": 8081, + "initialDelaySeconds": 0 + }, + "enableLatencyMetrics": false, + "disableIPV6": false + } + ] + }, + "rbac": { + "type": "object", + "default": {}, + "title": "The rbac Schema", + "required": [ + "create" + ], + "properties": { + "create": { + "type": "boolean", + "default": false, + "title": "The create Schema", + "examples": [ + true + ] + } + }, + "examples": [ + { + "create": true + } + ] + }, + "prometheus": { + "type": "object", + "default": {}, + "title": "The prometheus Schema", + "required": [ + "create" + ], + "properties": { + "create": { + "type": "boolean", + "default": false, + "title": "The create", + "examples": [ + true + ] + }, + "port": { + "type": "integer", + "default": 9113, + "title": "The port", + "examples": [ + 9113 + ] + }, + "secret": { + "type": "string", + "default": "", + "title": "The secret", + "examples": [ + "" + ] + }, + "scheme": { + "type": "string", + "default": "http", + "title": "The scheme", + "examples": [ + "http" + ] + } + }, + "examples": [ + { + "create": true, + "port": 9113, + "secret": "", + "scheme": "http" + } + ] + }, + "nginxServiceMesh": { + "type": "object", + "default": {}, + "title": "The nginxServiceMesh Schema", + "required": [ + "enable" + ], + "properties": { + "enable": { + "type": "boolean", + "default": false, + "title": "The enable", + "examples": [ + false + ] + }, + "enableEgress": { + "type": "boolean", + "default": false, + "title": "The enableEgress", + "examples": [ + false + ] + } + }, + "examples": [ + { + "enable": false, + "enableEgress": false + } + ] + } + }, + "examples": [ + { + "controller": { + "name": "", + "kind": "deployment", + "nginxplus": false, + "nginxReloadTimeout": 60000, + "appprotect": { + "enable": false, + "logLevel": "fatal" + }, + "appprotectdos": { + "enable": false, + "debug": false, + "maxWorkers": 0, + "maxDaemons": 0, + "memory": 0 + }, + "hostNetwork": false, + "nginxDebug": false, + "logLevel": 1, + "customPorts": [], + "image": { + "repository": "nginx/nginx-ingress", + "tag": "2.3.1", + "digest": "", + "pullPolicy": "IfNotPresent" + }, + "lifecycle": {}, + "customConfigMap": "", + "config": { + "name": "", + "annotations": {}, + "entries": {} + }, + "defaultTLS": { + "cert": "", + "key": "", + "secret": "" + }, + "wildcardTLS": { + "cert": "", + "key": "", + "secret": "" + }, + "nodeSelector": {}, + "terminationGracePeriodSeconds": 30, + "resources": { + "requests": { + "cpu": "100m", + "memory": "128Mi" + } + }, + "tolerations": [], + "affinity": {}, + "topologySpreadConstraints": {}, + "volumes": [], + "volumeMounts": [], + "initContainers": [], + "minReadySeconds": 0, + "strategy": {}, + "extraContainers": [], + "replicaCount": 1, + "ingressClass": "nginx", + "setAsDefaultIngress": false, + "watchNamespace": "", + "enableCustomResources": true, + "enablePreviewPolicies": false, + "enableOIDC": false, + "includeYear": false, + "enableTLSPassthrough": false, + "enableCertManager": false, + "enableExternalDNS": false, + "globalConfiguration": { + "create": false, + "spec": {} + }, + "enableSnippets": false, + "healthStatus": false, + "healthStatusURI": "/nginx-health", + "nginxStatus": { + "enable": true, + "port": 8080, + "allowCidrs": "127.0.0.1" + }, + "service": { + "create": true, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local", + "annotations": {}, + "extraLabels": {}, + "loadBalancerIP": "", + "externalIPs": [], + "loadBalancerSourceRanges": [], + "name": "", + "allocateLoadBalancerNodePorts": false, + "ipFamilyPolicy": "", + "ipFamilies": [], + "httpPort": { + "enable": true, + "port": 80, + "nodePort": "", + "targetPort": 80 + }, + "httpsPort": { + "enable": true, + "port": 443, + "nodePort": "", + "targetPort": 443 + }, + "customPorts": [] + }, + "serviceAccount": { + "name": "", + "imagePullSecretName": "" + }, + "serviceMonitor": { + "create": false, + "name": "", + "labels": {}, + "selectorMatchLabels": {}, + "endpoints": {} + }, + "reportIngressStatus": { + "enable": true, + "externalService": "", + "ingressLink": "", + "enableLeaderElection": true, + "leaderElectionLockName": "", + "annotations": {} + }, + "pod": { + "annotations": {}, + "extraLabels": {} + }, + "priorityClassName": null, + "readyStatus": { + "enable": true, + "port": 8081, + "initialDelaySeconds": 0 + }, + "enableLatencyMetrics": false, + "disableIPV6": false + }, + "rbac": { + "create": true + }, + "prometheus": { + "create": true, + "port": 9113, + "secret": "", + "scheme": "http" + }, + "nginxServiceMesh": { + "enable": false, + "enableEgress": false + } + } + ] +} diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index 3ff90c4636..1a0dd650f9 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -6,6 +6,9 @@ controller: ## The kind of the Ingress Controller installation - deployment or daemonset. kind: deployment + ## Annotations for deployments and daemonsets + annotations: {} + ## Deploys the Ingress Controller for NGINX Plus. nginxplus: false @@ -19,11 +22,11 @@ controller: ## Sets log level for App Protect WAF. Allowed values: fatal, error, warn, info, debug, trace # logLevel: fatal - ## Support for App Protect Dos + ## Support for App Protect DoS appprotectdos: - ## Enable the App Protect Dos module in the Ingress Controller. + ## Enable the App Protect DoS module in the Ingress Controller. enable: false - ## Enable debugging for App Protect Dos. + ## Enable debugging for App Protect DoS. debug: false ## Max number of nginx processes to support. maxWorkers: 0 @@ -35,6 +38,9 @@ controller: ## Enables the Ingress Controller pods to use the host's network namespace. hostNetwork: false + ## DNS policy for the Ingress Controller pods + dnsPolicy: ClusterFirst + ## Enables debugging for NGINX. Uses the nginx-debug binary. Requires error-log-level: debug in the ConfigMap via `controller.config.entries`. nginxDebug: false @@ -49,7 +55,7 @@ controller: repository: nginx/nginx-ingress ## The tag of the Ingress Controller image. - tag: "2.3.1" + tag: "2.4.1" ## The digest of the Ingress Controller image. ## If digest is specified it has precedence over tag and will be used instead @@ -90,7 +96,7 @@ controller: ## Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. ## Note: Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. ## Format: / - secret: + secret: "" wildcardTLS: ## The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. @@ -105,14 +111,29 @@ controller: ## The value must follow the following format: `/`. ## Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters. ## Format: / - secret: + secret: "" ## The node selector for pod assignment for the Ingress Controller pods. - nodeSelector: {} + # nodeSelector: {} ## The termination grace period of the Ingress Controller pod. terminationGracePeriodSeconds: 30 + ## HorizontalPodAutoscaling (HPA) + autoscaling: + ## Enables HorizontalPodAutoscaling. + enabled: false + ## The annotations of the Ingress Controller HorizontalPodAutoscaler. + annotations: {} + ## Minimum number of replicas for the HPA. + minReplicas: 1 + ## Maximum number of replicas for the HPA. + maxReplicas: 3 + ## The target cpu utilization percentage. + targetCPUUtilizationPercentage: 50 + ## The target memory utilization percentage. + targetMemoryUtilizationPercentage: 50 + ## The resources of the Ingress Controller pods. resources: requests: @@ -130,7 +151,7 @@ controller: affinity: {} ## The topology spread constraints of the Ingress controller pods. - topologySpreadConstraints: {} + # topologySpreadConstraints: {} ## The volumes of the Ingress Controller pods. volumes: [] @@ -180,6 +201,9 @@ controller: ## Comma separated list of namespaces to watch for Ingress resources. By default the Ingress Controller watches all namespaces. watchNamespace: "" + ## Comma separated list of namespaces to watch for Secret resources. By default the Ingress Controller watches all namespaces. + watchSecretNamespace: "" + ## Enable the custom resources. enableCustomResources: true @@ -284,7 +308,7 @@ controller: port: 80 ## The custom NodePort for the HTTP port. Requires controller.service.type set to NodePort. - nodePort: "" + # nodePort: 80 ## The HTTP port on the POD where the Ingress Controller service is running. targetPort: 80 @@ -297,7 +321,7 @@ controller: port: 443 ## The custom NodePort for the HTTPS port. Requires controller.service.type set to NodePort. - nodePort: "" + # nodePort: 443 ## The HTTPS port on the POD where the Ingress Controller service is running. targetPort: 443 @@ -306,6 +330,9 @@ controller: customPorts: [] serviceAccount: + ## The annotations of the service account of the Ingress Controller pods. + annotations: {} + ## The name of the service account of the Ingress Controller pods. Used for RBAC. ## Autogenerated if not set or set to "". # name: nginx-ingress @@ -330,7 +357,7 @@ controller: selectorMatchLabels: {} ## A list of endpoints allowed as part of this ServiceMonitor. - endpoints: {} + endpoints: [] reportIngressStatus: ## Updates the address field in the status of Ingress resources with an external address of the Ingress Controller. diff --git a/deployments/rbac/ap-rbac.yaml b/deployments/rbac/ap-rbac.yaml index 781ca4784f..87d673884c 100644 --- a/deployments/rbac/ap-rbac.yaml +++ b/deployments/rbac/ap-rbac.yaml @@ -3,15 +3,15 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nginx-ingress-app-protect rules: -- apiGroups: +- apiGroups: - appprotect.f5.com - resources: + resources: - appolicies - aplogconfs - apusersigs - verbs: - - "get" - - "watch" + verbs: + - "get" + - "watch" - "list" --- kind: ClusterRoleBinding diff --git a/deployments/service/appprotect-dos-arb-svc.yaml b/deployments/service/appprotect-dos-arb-svc.yaml index b7632351fd..1b8031afc3 100644 --- a/deployments/service/appprotect-dos-arb-svc.yaml +++ b/deployments/service/appprotect-dos-arb-svc.yaml @@ -11,4 +11,4 @@ spec: port: 3000 protocol: TCP targetPort: 3000 - clusterIP: None \ No newline at end of file + clusterIP: None diff --git a/deployments/service/nodeport.yaml b/deployments/service/nodeport.yaml index 1ff655bd7f..f263b66388 100644 --- a/deployments/service/nodeport.yaml +++ b/deployments/service/nodeport.yaml @@ -4,7 +4,7 @@ metadata: name: nginx-ingress namespace: nginx-ingress spec: - type: NodePort + type: NodePort ports: - port: 80 targetPort: 80 diff --git a/docs/Makefile b/docs/Makefile index f26bedeac1..92d688ffec 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -22,7 +22,7 @@ hugo-mod: build-production: hugo --gc -e production - + build-staging: hugo --gc -e staging @@ -37,4 +37,4 @@ netlify: netlify deploy -d public replace-theme: - go mod edit -replace "$(THEME_MODULE)"="$(THEME_PATH)" \ No newline at end of file + go mod edit -replace "$(THEME_MODULE)"="$(THEME_PATH)" diff --git a/docs/_vendor/gitlab.com/f5/nginx/controller/poc/f5-hugo/layouts/partials/meta.html b/docs/_vendor/gitlab.com/f5/nginx/controller/poc/f5-hugo/layouts/partials/meta.html index 679e718229..9fd1bf7d99 100644 --- a/docs/_vendor/gitlab.com/f5/nginx/controller/poc/f5-hugo/layouts/partials/meta.html +++ b/docs/_vendor/gitlab.com/f5/nginx/controller/poc/f5-hugo/layouts/partials/meta.html @@ -47,7 +47,7 @@ https://kit.fontawesome.com/ https://*.netlify.app https://gist.github.com - https://www.googletagmanager.com/gtm.js + https://mktg.tags.f5.com/ https://tag.demandbase.com/pscSDsz4.min.js https://cdn.f5.com https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js diff --git a/docs/_vendor/gitlab.com/f5/nginx/controller/poc/f5-hugo/layouts/partials/sidebar.html b/docs/_vendor/gitlab.com/f5/nginx/controller/poc/f5-hugo/layouts/partials/sidebar.html index 1b18646c1e..023ab60a71 100644 --- a/docs/_vendor/gitlab.com/f5/nginx/controller/poc/f5-hugo/layouts/partials/sidebar.html +++ b/docs/_vendor/gitlab.com/f5/nginx/controller/poc/f5-hugo/layouts/partials/sidebar.html @@ -18,13 +18,13 @@

    • -
    +
    {{ range .Sections }} -
    +
    {{ range .Sections }} -
    +
    {{ range .Pages }}
      @@ -136,13 +136,13 @@

      • -
      +
      {{ range .Sections }} {{if eq .Title "NGINX Controller Application Delivery Module" }} @@ -170,14 +170,14 @@

      -
      +
      {{ range .Pages }}
        @@ -244,13 +244,13 @@

        • -
        +
        {{ range .Sections }} {{if eq .Title "NGINX Controller API Management Module" }} @@ -277,14 +277,14 @@

        -
        +
        {{ range .Pages }}
          @@ -308,8 +308,7 @@

          {{ if not (eq .Title "NGINX Controller v3.0 - 3.18.2") }}
            -
          • - +
          • {{ .Title }}
            • diff --git a/docs/_vendor/modules.txt b/docs/_vendor/modules.txt index 3e49e487ce..3cf010ec97 100644 --- a/docs/_vendor/modules.txt +++ b/docs/_vendor/modules.txt @@ -1 +1 @@ -# gitlab.com/f5/nginx/controller/poc/f5-hugo v0.23.3 +# gitlab.com/f5/nginx/controller/poc/f5-hugo v0.24.1 diff --git a/docs/content/_index.md b/docs/content/_index.md index 98246c5e30..2efd331f71 100644 --- a/docs/content/_index.md +++ b/docs/content/_index.md @@ -1,6 +1,6 @@ --- title: NGINX Ingress Controller -description: +description: linkTitle: "NGINX Ingress Controller" menu: docs --- diff --git a/docs/content/app-protect-dos/configuration.md b/docs/content/app-protect-dos/configuration.md index 39afa1a7ad..b620063a24 100644 --- a/docs/content/app-protect-dos/configuration.md +++ b/docs/content/app-protect-dos/configuration.md @@ -9,7 +9,7 @@ docs: "DOCS-580" --- This document describes how to configure the NGINX App Protect DoS module -> Check out the complete [NGINX Ingress Controller with App Protect DoS example for VirtualServer](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/app-protect-dos) and the [NGINX Ingress Controller with App Protect DoS example for Ingress](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-dos). +> Check out the complete [NGINX Ingress Controller with App Protect DoS example for VirtualServer](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/app-protect-dos) and the [NGINX Ingress Controller with App Protect DoS example for Ingress](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-dos). ## App Protect DoS Configuration @@ -112,12 +112,9 @@ For example, say you want to log state changing requests for your Ingress resour ```json { "filter": { - "request_type": "all" - }, - "content": { - "format": "default", - "max_request_size": "any", - "max_message_size": "64k" + "traffic-mitigation-stats": "all", + "bad-actors": "top 10", + "attack-signatures": "top 10" } } ``` @@ -130,9 +127,6 @@ kind: APDosLogConf metadata: name: doslogconf spec: - content: - format: splunk - max_message_size: 64k filter: traffic-mitigation-stats: all bad-actors: top 10 diff --git a/docs/content/app-protect-dos/installation-with-helm-dos-arbitrator.md b/docs/content/app-protect-dos/installation-with-helm-dos-arbitrator.md index 6f6785bdaa..17b3f1e514 100644 --- a/docs/content/app-protect-dos/installation-with-helm-dos-arbitrator.md +++ b/docs/content/app-protect-dos/installation-with-helm-dos-arbitrator.md @@ -19,7 +19,7 @@ This step is required if you're installing the chart using its sources. Addition 1. Clone the Ingress Controller repo: ```console - $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.3.1 + $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.4.1 ``` 2. Change your working directory to /deployments/helm-chart-dos-arbitrator: ```console diff --git a/docs/content/app-protect-dos/installation.md b/docs/content/app-protect-dos/installation.md index 8f19d3afb8..622b548611 100644 --- a/docs/content/app-protect-dos/installation.md +++ b/docs/content/app-protect-dos/installation.md @@ -19,7 +19,7 @@ This document provides an overview of the steps required to use NGINX App Protec * It is also possible to build your own image and push it to your private Docker registry by following the instructions from [here](/nginx-ingress-controller/installation/building-ingress-controller-image). 2. Clone the Ingress Controller repo: ``` - $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.3.1 + $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.4.1 $ cd kubernetes-ingress ``` @@ -66,4 +66,4 @@ Take the steps below to set up and deploy the NGINX Ingress Controller and App P 3. Enable the App Protect Dos module by adding the `enable-app-protect-dos` [cli argument](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-app-protect-dos) to your Deployment or DaemonSet file. 4. [Deploy the Ingress Controller](/nginx-ingress-controller/installation/installation-with-manifests/#3-deploy-the-ingress-controller). -For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect-dos/configuration),the [NGINX Ingress Controller with App Protect DoS example for VirtualServer](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/app-protect-dos) and the [NGINX Ingress Controller with App Protect DoS example for Ingress](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-dos). +For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect-dos/configuration),the [NGINX Ingress Controller with App Protect DoS example for VirtualServer](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/app-protect-dos) and the [NGINX Ingress Controller with App Protect DoS example for Ingress](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-dos). diff --git a/docs/content/app-protect-waf/configuration.md b/docs/content/app-protect-waf/configuration.md index 742683f939..096d45eaec 100644 --- a/docs/content/app-protect-waf/configuration.md +++ b/docs/content/app-protect-waf/configuration.md @@ -9,7 +9,7 @@ docs: "DOCS-578" aliases: ["/app-protect/configuration/"] --- -> Check out the complete NGINX Ingress Controller with App Protect WAF example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-waf). +> Check out the complete NGINX Ingress Controller with App Protect WAF example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-waf). ## Global Configuration @@ -17,10 +17,10 @@ The NGINX Ingress Controller has a set of global configuration parameters that a ## Enabling App Protect -You can enable and configure NGINX App Protect WAF on the Custom Resources (VirtualServer, VirtualServerRoute) or on the Ingress-resource basis. - +You can enable and configure NGINX App Protect WAF on the Custom Resources (VirtualServer, VirtualServerRoute) or on the Ingress-resource basis. + To configure NGINX App Protect WAF on a VirtualServer resource, you would create a Policy Custom Resource referencing the APPolicy Custom Resource, and add this to the VirtualServer definition. See the documentation on the [App Protect WAF Policy](/nginx-ingress-controller/configuration/policy-resource/#waf). - + To configure NGINX App Protect WAF on an Ingress resource, you would apply the [App Protect annotations](/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/#app-protect) to each desired resource. @@ -211,7 +211,7 @@ spec: ## OpenAPI Specification in NGINX Ingress Controller -The OpenAPI Specification defines the spec file format needed to describe RESTful APIs. The spec file can be written either in JSON or YAML. Using a spec file simplifies the work of implementing API protection. Refer to the [OpenAPI Specification](#https://github.com/OAI/OpenAPI-Specification) (formerly called Swagger) for details. +The OpenAPI Specification defines the spec file format needed to describe RESTful APIs. The spec file can be written either in JSON or YAML. Using a spec file simplifies the work of implementing API protection. Refer to the [OpenAPI Specification](#https://github.com/OAI/OpenAPI-Specification) (formerly called Swagger) for details. NGINX Ingress Controller supports OpenAPI Specification versions 2.0 and 3.0. @@ -219,7 +219,7 @@ The simplest way to create an API protection policy is using an OpenAPI Specific * Methods * URLs * Parameters -* JSON profiles +* JSON profiles An OpenAPI-ready policy template is provided with the NGINX App Protect WAF packages and is located in: `/etc/app_protect/conf/NginxApiSecurityPolicy.json` @@ -246,8 +246,8 @@ These are the typical steps to deploy an OpenAPI protection Policy in NGINX Ingr 3. Make other custom changes if needed (e.g. enable Data Guard protection). 4. Use a tool to convert the result to YAML. There are many, for example: [`yq` utility](https://github.com/mikefarah/yq). 5. Add the YAML properties to create an `APPolicy` Custom Resource putting the policy itself (as in step 4) within the `spec` property of the Custom Resource. Refer to [App Protect Policies](#app-protect-policies) section above. -6. Create a `Policy` object which references the `APPolicy` Custom Resource as in [this example](https://github.com/nginxinc/kubernetes-ingress/blob/v2.3.1/examples/custom-resources/waf/waf.yaml). -7. Finally, attach the `Policy` object to a `VirtualServer` resource as in [this example](https://github.com/nginxinc/kubernetes-ingress/blob/v2.3.1/examples/custom-resources/waf/virtual-server.yaml). +6. Create a `Policy` object which references the `APPolicy` Custom Resource as in [this example](https://github.com/nginxinc/kubernetes-ingress/blob/v2.4.1/examples/custom-resources/waf/waf.yaml). +7. Finally, attach the `Policy` object to a `VirtualServer` resource as in [this example](https://github.com/nginxinc/kubernetes-ingress/blob/v2.4.1/examples/custom-resources/waf/virtual-server.yaml). **Note**: You need to make sure that the server where the resource files are located is always available when you are compiling your policy. @@ -359,7 +359,7 @@ paths: required: false allowEmptyValue: true schema: - type: string + type: string responses: 200: description: OK @@ -383,7 +383,7 @@ The `link` option is also available in the `openApiFileReference` property and i ## Configuration in NGINX Plus Ingress Controller using Virtual Server Resource In this example we deploy the NGINX Plus Ingress Controller with NGINX App Protect WAF, a simple web application and then configure load balancing and WAF protection for that application using the VirtualServer resource. -**Note:** You can find the example, and the files referenced, on [GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/waf). +**Note:** You can find the example, and the files referenced, on [GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/waf). ## Prerequisites @@ -398,33 +398,33 @@ In this example we deploy the NGINX Plus Ingress Controller with NGINX App Prote $ IC_HTTP_PORT= ``` -### Step 1. Deploy a Web Application +### Step 1. Deploy a Web Application Create the application deployment and service: ``` - $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.1/examples/custom-resources/waf/webapp.yaml + $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/examples/custom-resources/waf/webapp.yaml ``` ### Step 2. Deploy the AP Policy 1. Create the syslog service and pod for the App Protect security logs: ``` - $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.1/examples/custom-resources/waf/syslog.yaml + $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/examples/custom-resources/waf/syslog.yaml ``` 2. Create the User Defined Signature, App Protect WAF policy, and log configuration: ``` - $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.1/examples/custom-resources/waf/ap-apple-uds.yaml - $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.1/examples/custom-resources/waf/ap-dataguard-alarm-policy.yaml - $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.1/examples/custom-resources/waf/ap-logconf.yaml + $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/examples/custom-resources/waf/ap-apple-uds.yaml + $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/examples/custom-resources/waf/ap-dataguard-alarm-policy.yaml + $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/examples/custom-resources/waf/ap-logconf.yaml ``` ### Step 3 - Deploy the WAF Policy Create the WAF policy - ``` - $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.1/examples/custom-resources/waf/waf.yaml + ``` + $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/examples/custom-resources/waf/waf.yaml ``` Note the App Protect configuration settings in the Policy resource. They enable WAF protection by configuring App Protect with the policy and log configuration created in the previous step. @@ -432,7 +432,7 @@ Create the WAF policy 1. Create the VirtualServer Resource: ``` - $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.1/examples/custom-resources/waf/virtual-server.yaml + $ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/examples/custom-resources/waf/virtual-server.yaml ``` Note that the VirtualServer references the policy waf-policy created in Step 3. @@ -467,7 +467,7 @@ To access the application, curl the coffee and the tea services. We'll use the - ### Configuration Example of Virtual Server -Refer to github repo for [Virtual Server example](https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.3.1/examples/custom-resources/waf/webapp.yaml). +Refer to github repo for [Virtual Server example](https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.1/examples/custom-resources/waf/webapp.yaml). ```yaml apiVersion: k8s.nginx.org/v1 @@ -486,4 +486,4 @@ spec: - path: / action: pass: webapp -``` \ No newline at end of file +``` diff --git a/docs/content/app-protect-waf/installation.md b/docs/content/app-protect-waf/installation.md index c70ceeb65c..1aa5314788 100644 --- a/docs/content/app-protect-waf/installation.md +++ b/docs/content/app-protect-waf/installation.md @@ -22,7 +22,7 @@ You can also [install the Ingress Controller with App Protect WAF by using Helm] * It is also possible to build your own image and push it to your private Docker registry by following the instructions from [here](/nginx-ingress-controller/installation/building-ingress-controller-image). 2. Clone the Ingress Controller repo: ``` - $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.3.1 + $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.4.1 $ cd kubernetes-ingress ``` @@ -63,4 +63,4 @@ Take the steps below to set up and deploy the NGINX Ingress Controller and App P 3. Enable the App Protect WAF module by adding the `enable-app-protect` [cli argument](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-app-protect) to your Deployment or DaemonSet file. 4. [Deploy the Ingress Controller](/nginx-ingress-controller/installation/installation-with-manifests/#3-deploy-the-ingress-controller). -For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect/configuration) and the NGINX Ingress Controller with App Protect example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-waf). +For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect/configuration) and the NGINX Ingress Controller with App Protect example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-waf). diff --git a/docs/content/configuration/_index.md b/docs/content/configuration/_index.md index a6b1fde8d4..7e15009732 100644 --- a/docs/content/configuration/_index.md +++ b/docs/content/configuration/_index.md @@ -1,6 +1,6 @@ --- title: Configuration -description: +description: weight: 1400 menu: docs: diff --git a/docs/content/configuration/configuration-examples.md b/docs/content/configuration/configuration-examples.md index 388769a9b0..f1255d45b6 100644 --- a/docs/content/configuration/configuration-examples.md +++ b/docs/content/configuration/configuration-examples.md @@ -10,5 +10,5 @@ docs: "DOCS-584" Our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress) includes a number of configuration examples: -* [*Examples of Custom Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources) show how to advanced NGINX features by using VirtualServer, VirtualServerRoute, TransportServer and Policy Custom Resources. -* [*Examples of Ingress Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources) show how to use advanced NGINX features in Ingress resources with annotations. +* [*Examples of Custom Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources) show how to advanced NGINX features by using VirtualServer, VirtualServerRoute, TransportServer and Policy Custom Resources. +* [*Examples of Ingress Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources) show how to use advanced NGINX features in Ingress resources with annotations. diff --git a/docs/content/configuration/global-configuration/_index.md b/docs/content/configuration/global-configuration/_index.md index 13c83ce9d3..f2b919eb4c 100644 --- a/docs/content/configuration/global-configuration/_index.md +++ b/docs/content/configuration/global-configuration/_index.md @@ -1,6 +1,6 @@ --- title: Global Configuration -description: +description: weight: 1400 menu: docs: diff --git a/docs/content/configuration/global-configuration/command-line-arguments.md b/docs/content/configuration/global-configuration/command-line-arguments.md index b30def42b5..5d192acc57 100644 --- a/docs/content/configuration/global-configuration/command-line-arguments.md +++ b/docs/content/configuration/global-configuration/command-line-arguments.md @@ -466,4 +466,4 @@ Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. Default `false`.   - \ No newline at end of file + diff --git a/docs/content/configuration/global-configuration/configmap-resource.md b/docs/content/configuration/global-configuration/configmap-resource.md index 62bc251df5..699cfb9c53 100644 --- a/docs/content/configuration/global-configuration/configmap-resource.md +++ b/docs/content/configuration/global-configuration/configmap-resource.md @@ -86,10 +86,10 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres |``worker-shutdown-timeout`` | Sets the value of the [worker_shutdown_timeout](https://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout) directive. | N/A | | |``server-names-hash-bucket-size`` | Sets the value of the [server_names_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size) directive. | ``256`` | | |``server-names-hash-max-size`` | Sets the value of the [server_names_hash_max_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size) directive. | ``1024`` | | -|``resolver-addresses`` | Sets the value of the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) addresses. Note: If you use a DNS name (for example, ``kube-dns.kube-system.svc.cluster.local`` ) as a resolver address, NGINX Plus will resolve it using the system resolver during the start and on every configuration reload. If the name cannot be resolved or the DNS server doesn't respond, NGINX Plus will fail to start or reload. To avoid this, we recommend using IP addresses as resolver addresses instead of DNS names. Supported in NGINX Plus only. | N/A | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/externalname-services). | -|``resolver-ipv6`` | Enables IPv6 resolution in the resolver. Supported in NGINX Plus only. | ``True`` | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/externalname-services). | -|``resolver-valid`` | Sets the time NGINX caches the resolved DNS records. Supported in NGINX Plus only. | TTL value of a DNS record | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/externalname-services). | -|``resolver-timeout`` | Sets the [resolver_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver_timeout) for name resolution. Supported in NGINX Plus only. | ``30s`` | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/externalname-services). | +|``resolver-addresses`` | Sets the value of the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) addresses. Note: If you use a DNS name (for example, ``kube-dns.kube-system.svc.cluster.local`` ) as a resolver address, NGINX Plus will resolve it using the system resolver during the start and on every configuration reload. If the name cannot be resolved or the DNS server doesn't respond, NGINX Plus will fail to start or reload. To avoid this, we recommend using IP addresses as resolver addresses instead of DNS names. Supported in NGINX Plus only. | N/A | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/externalname-services). | +|``resolver-ipv6`` | Enables IPv6 resolution in the resolver. Supported in NGINX Plus only. | ``True`` | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/externalname-services). | +|``resolver-valid`` | Sets the time NGINX caches the resolved DNS records. Supported in NGINX Plus only. | TTL value of a DNS record | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/externalname-services). | +|``resolver-timeout`` | Sets the [resolver_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver_timeout) for name resolution. Supported in NGINX Plus only. | ``30s`` | [Support for Type ExternalName Services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/externalname-services). | |``keepalive-timeout`` | Sets the value of the [keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) directive. | ``65s`` | | |``keepalive-requests`` | Sets the value of the [keepalive_requests](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests) directive. | ``100`` | | |``variables-hash-bucket-size`` | Sets the value of the [variables_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables_hash_bucket_size) directive. | ``256`` | | @@ -104,9 +104,9 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres |``error-log-level`` | Sets the global [error log level](https://nginx.org/en/docs/ngx_core_module.html#error_log) for NGINX. | ``notice`` | | |``access-log-off`` | Disables the [access log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log). | ``False`` | | |``default-server-access-log-off`` | Disables the [access log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) for the default server. If access log is disabled globally (``access-log-off: "True"``), then the default server access log is always disabled. | ``False`` | | -|``log-format`` | Sets the custom [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) for HTTP and HTTPS traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. | See the [template file](https://github.com/nginxinc/kubernetes-ingress/blob/v2.3.1/internal/configs/version1/nginx.tmpl) for the access log. | [Custom Log Format](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/shared-examples/custom-log-format). | +|``log-format`` | Sets the custom [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) for HTTP and HTTPS traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. | See the [template file](https://github.com/nginxinc/kubernetes-ingress/blob/v2.4.1/internal/configs/version1/nginx.tmpl) for the access log. | [Custom Log Format](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/shared-examples/custom-log-format). | |``log-format-escaping`` | Sets the characters escaping for the variables of the log format. Supported values: ``json`` (JSON escaping), ``default`` (the default escaping) ``none`` (disables escaping). | ``default`` | | -|``stream-log-format`` | Sets the custom [log format](https://nginx.org/en/docs/stream/ngx_stream_log_module.html#log_format) for TCP, UDP, and TLS Passthrough traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. | See the [template file](https://github.com/nginxinc/kubernetes-ingress/blob/v2.3.1/internal/configs/version1/nginx.tmpl). | | +|``stream-log-format`` | Sets the custom [log format](https://nginx.org/en/docs/stream/ngx_stream_log_module.html#log_format) for TCP, UDP, and TLS Passthrough traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. | See the [template file](https://github.com/nginxinc/kubernetes-ingress/blob/v2.4.1/internal/configs/version1/nginx.tmpl). | | |``stream-log-format-escaping`` | Sets the characters escaping for the variables of the stream log format. Supported values: ``json`` (JSON escaping), ``default`` (the default escaping) ``none`` (disables escaping). | ``default`` | | {{% /table %}} @@ -142,7 +142,7 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres |ConfigMap Key | Description | Default | Example | | ---| ---| ---| --- | |``http2`` | Enables HTTP/2 in servers with SSL enabled. | ``False`` | | -|``proxy-protocol`` | Enables PROXY Protocol for incoming connections. | ``False`` | [Proxy Protocol](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/proxy-protocol). | +|``proxy-protocol`` | Enables PROXY Protocol for incoming connections. | ``False`` | [Proxy Protocol](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/shared-examples/proxy-protocol). | {{% /table %}} ### Backend Services (Upstreams) @@ -166,7 +166,7 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres |``http-snippets`` | Sets a custom snippet in http context. | N/A | | |``location-snippets`` | Sets a custom snippet in location context. | N/A | | |``server-snippets`` | Sets a custom snippet in server context. | N/A | | -|``stream-snippets`` | Sets a custom snippet in stream context. | N/A | [Support for TCP/UDP Load Balancing](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/tcp-udp). | +|``stream-snippets`` | Sets a custom snippet in stream context. | N/A | [Support for TCP/UDP Load Balancing](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/tcp-udp). | |``main-template`` | Sets the main NGINX configuration template. | By default the template is read from the file in the container. | [Custom Templates](/nginx-ingress-controller/configuration/global-configuration/custom-templates). | |``ingress-template`` | Sets the NGINX configuration template for an Ingress resource. | By default the template is read from the file on the container. | [Custom Templates](/nginx-ingress-controller/configuration/global-configuration/custom-templates). | |``virtualserver-template`` | Sets the NGINX configuration template for an VirtualServer resource. | By default the template is read from the file on the container. | [Custom Templates](/nginx-ingress-controller/configuration/global-configuration/custom-templates). | diff --git a/docs/content/configuration/global-configuration/custom-templates.md b/docs/content/configuration/global-configuration/custom-templates.md index 42f8791749..b50ed521ca 100644 --- a/docs/content/configuration/global-configuration/custom-templates.md +++ b/docs/content/configuration/global-configuration/custom-templates.md @@ -9,4 +9,4 @@ docs: "DOCS-587" --- -The Ingress Controller uses templates to generate NGINX configuration for Ingress resources, VirtualServer resources and the main NGINX configuration file. You can customize the templates and apply them via the ConfigMap. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/shared-examples/custom-templates). +The Ingress Controller uses templates to generate NGINX configuration for Ingress resources, VirtualServer resources and the main NGINX configuration file. You can customize the templates and apply them via the ConfigMap. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/shared-examples/custom-templates). diff --git a/docs/content/configuration/global-configuration/globalconfiguration-resource.md b/docs/content/configuration/global-configuration/globalconfiguration-resource.md index 1ced93dd91..669005ecd2 100644 --- a/docs/content/configuration/global-configuration/globalconfiguration-resource.md +++ b/docs/content/configuration/global-configuration/globalconfiguration-resource.md @@ -22,7 +22,7 @@ When [installing](/nginx-ingress-controller/installation/installation-with-manif The GlobalConfiguration resource defines the global configuration parameters of the Ingress Controller. Below is an example: ```yaml apiVersion: k8s.nginx.org/v1alpha1 -kind: GlobalConfiguration +kind: GlobalConfiguration metadata: name: nginx-configuration namespace: nginx-ingress @@ -34,13 +34,13 @@ spec: - name: dns-tcp port: 5353 protocol: TCP -``` +``` -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``listeners`` | A list of listeners. | [[]listener](#listener) | No | -{{% /table %}} +{{% table %}} +|Field | Description | Type | Required | +| ---| ---| ---| --- | +|``listeners`` | A list of listeners. | [[]listener](#listener) | No | +{{% /table %}} ### Listener @@ -51,15 +51,15 @@ port: 5353 protocol: TCP ``` -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the listener. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``listener-123`` are valid. The name must be unique among all listeners. The name ``tls-passthrough`` is reserved for the built-in TLS Passthrough listener and cannot be used. | ``string`` | Yes | -|``port`` | The port of the listener. The port must fall into the range ``1..65535`` with the following exceptions: ``80``, ``443``, the [status port](/nginx-ingress-controller/logging-and-monitoring/status-page), the [Prometheus metrics port](/nginx-ingress-controller/logging-and-monitoring/prometheus). Among all listeners, only a single combination of a port-protocol is allowed. | ``int`` | Yes | -|``protocol`` | The protocol of the listener. Supported values: ``TCP`` and ``UDP``. | ``string`` | Yes | -{{% /table %}} +{{% table %}} +|Field | Description | Type | Required | +| ---| ---| ---| --- | +|``name`` | The name of the listener. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``listener-123`` are valid. The name must be unique among all listeners. The name ``tls-passthrough`` is reserved for the built-in TLS Passthrough listener and cannot be used. | ``string`` | Yes | +|``port`` | The port of the listener. The port must fall into the range ``1..65535`` with the following exceptions: ``80``, ``443``, the [status port](/nginx-ingress-controller/logging-and-monitoring/status-page), the [Prometheus metrics port](/nginx-ingress-controller/logging-and-monitoring/prometheus). Among all listeners, only a single combination of a port-protocol is allowed. | ``int`` | Yes | +|``protocol`` | The protocol of the listener. Supported values: ``TCP`` and ``UDP``. | ``string`` | Yes | +{{% /table %}} -## Using GlobalConfiguration +## Using GlobalConfiguration You can use the usual `kubectl` commands to work with a GlobalConfiguration resource. @@ -107,7 +107,7 @@ If a resource is not rejected (it doesn't violate the structural schema), the In The Ingress Controller validates the fields of a GlobalConfiguration resource. If a resource is invalid, the Ingress Controller will not use it. Consider the following two cases: 1. When the Ingress Controller pod starts, if the GlobalConfiguration resource is invalid, the Ingress Controller will fail to start and exit with an error. -1. When the Ingress Controller is running, if the GlobalConfiguration resource becomes invalid, the Ingress Controller will ignore the new version. It will report an error and continue to use the previous version. When the resource becomes valid again, the Ingress Controller will start using it. +1. When the Ingress Controller is running, if the GlobalConfiguration resource becomes invalid, the Ingress Controller will ignore the new version. It will report an error and continue to use the previous version. When the resource becomes valid again, the Ingress Controller will start using it. **Note**: If a GlobalConfiguration is deleted while the Ingress Controller is running, the controller will keep using the previous version of the resource. diff --git a/docs/content/configuration/global-configuration/reporting-resources-status.md b/docs/content/configuration/global-configuration/reporting-resources-status.md index d23732ba11..73e87c4489 100644 --- a/docs/content/configuration/global-configuration/reporting-resources-status.md +++ b/docs/content/configuration/global-configuration/reporting-resources-status.md @@ -47,7 +47,7 @@ $ kubectl get virtualservers To see an external hostname address associated with a VirtualServer resource, use the `-o wide` option: ``` -$ kubectl get virtualservers -o wide +$ kubectl get virtualservers -o wide NAME STATE HOST IP EXTERNALHOSTNAME PORTS AGE cafe Valid cafe.example.com ae430f41a1a0042908655abcdefghijkl-12345678.eu-west-2.elb.amazonaws.com [80,443] 106s ``` diff --git a/docs/content/configuration/handling-host-and-listener-collisions.md b/docs/content/configuration/handling-host-and-listener-collisions.md index dcddb95f66..c954abc885 100644 --- a/docs/content/configuration/handling-host-and-listener-collisions.md +++ b/docs/content/configuration/handling-host-and-listener-collisions.md @@ -79,7 +79,7 @@ Similarly, if `cafe-ingress` was created first, it will win `cafe.example.com` a It is possible to merge configuration for multiple Ingress resources for the same host. One common use case for this approach is distributing resources across multiple namespaces. See the [Cross-namespace Configuration](/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration/) doc for more information. -It is *not* possible to merge the configurations for multiple VirtualServer resources for the same host. However, you can split the VirtualServers into multiple VirtualServerRoute resources, which a single VirtualServer can then reference. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/cross-namespace-configuration) on GitHub. +It is *not* possible to merge the configurations for multiple VirtualServer resources for the same host. However, you can split the VirtualServers into multiple VirtualServerRoute resources, which a single VirtualServer can then reference. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/cross-namespace-configuration) on GitHub. It is *not* possible to merge configuration for multiple TransportServer resources. diff --git a/docs/content/configuration/ingress-resources/_index.md b/docs/content/configuration/ingress-resources/_index.md index adcf777c81..32bdae29ad 100644 --- a/docs/content/configuration/ingress-resources/_index.md +++ b/docs/content/configuration/ingress-resources/_index.md @@ -1,6 +1,6 @@ --- title: Ingress Resources -description: +description: weight: 1500 menu: docs: diff --git a/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md b/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md index 6afac0f6c2..8a8e070f5b 100644 --- a/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md +++ b/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md @@ -114,7 +114,7 @@ The table below summarizes the available annotations. | ---| ---| ---| ---| --- | |``nginx.org/proxy-hide-headers`` | ``proxy-hide-headers`` | Sets the value of one or more [proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directives. Example: ``"nginx.org/proxy-hide-headers": "header-a,header-b"`` | N/A | | |``nginx.org/proxy-pass-headers`` | ``proxy-pass-headers`` | Sets the value of one or more [proxy_pass_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directives. Example: ``"nginx.org/proxy-pass-headers": "header-a,header-b"`` | N/A | | -|``nginx.org/rewrites`` | N/A | Configures URI rewriting using [proxy_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) directive. | N/A | [Rewrites Support](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/rewrites). | +|``nginx.org/rewrites`` | N/A | Configures URI rewriting using [proxy_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) directive. | N/A | [Rewrites Support](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/rewrites). | {{% /table %}} ### Auth and SSL/TLS @@ -130,10 +130,10 @@ The table below summarizes the available annotations. |``nginx.org/hsts-behind-proxy`` | ``hsts-behind-proxy`` | Enables HSTS based on the value of the ``http_x_forwarded_proto`` request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the ``nginx.org/redirect-to-https`` annotation. | ``False`` | | |``nginx.org/basic-auth-secret`` | N/A | Specifies a Secret resource with a user list for HTTP Basic authentication. | N/A | | |``nginx.org/basic-auth-realm`` | N/A | Specifies a realm. | N/A | | -|``nginx.com/jwt-key`` | N/A | Specifies a Secret resource with keys for validating JSON Web Tokens (JWTs). | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/jwt). | -|``nginx.com/jwt-realm`` | N/A | Specifies a realm. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/jwt). | -|``nginx.com/jwt-token`` | N/A | Specifies a variable that contains a JSON Web Token. | By default, a JWT is expected in the ``Authorization`` header as a Bearer Token. | [Support for JSON Web Tokens (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/jwt). | -|``nginx.com/jwt-login-url`` | N/A | Specifies a URL to which a client is redirected in case of an invalid or missing JWT. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/jwt). | +|``nginx.com/jwt-key`` | N/A | Specifies a Secret resource with keys for validating JSON Web Tokens (JWTs). | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/jwt). | +|``nginx.com/jwt-realm`` | N/A | Specifies a realm. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/jwt). | +|``nginx.com/jwt-token`` | N/A | Specifies a variable that contains a JSON Web Token. | By default, a JWT is expected in the ``Authorization`` header as a Bearer Token. | [Support for JSON Web Tokens (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/jwt). | +|``nginx.com/jwt-login-url`` | N/A | Specifies a URL to which a client is redirected in case of an invalid or missing JWT. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/jwt). | {{% /table %}} ### Listeners @@ -151,19 +151,19 @@ The table below summarizes the available annotations. |Annotation | ConfigMap Key | Description | Default | Example | | ---| ---| ---| ---| --- | |``nginx.org/lb-method`` | ``lb-method`` | Sets the [load balancing method](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#choosing-a-load-balancing-method). To use the round-robin method, specify ``"round_robin"``. | ``"random two least_conn"`` | | -|``nginx.org/ssl-services`` | N/A | Enables HTTPS or gRPC over SSL when connecting to the endpoints of services. | N/A | [SSL Services Support](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/ssl-services). | -|``nginx.org/grpc-services`` | N/A | Enables gRPC for services. Note: requires HTTP/2 (see ``http2`` ConfigMap key); only works for Ingresses with TLS termination enabled. | N/A | [GRPC Services Support](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/grpc-services). | -|``nginx.org/websocket-services`` | N/A | Enables WebSocket for services. | N/A | [WebSocket support](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/websocket). | +|``nginx.org/ssl-services`` | N/A | Enables HTTPS or gRPC over SSL when connecting to the endpoints of services. | N/A | [SSL Services Support](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/ssl-services). | +|``nginx.org/grpc-services`` | N/A | Enables gRPC for services. Note: requires HTTP/2 (see ``http2`` ConfigMap key); only works for Ingresses with TLS termination enabled. | N/A | [GRPC Services Support](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/grpc-services). | +|``nginx.org/websocket-services`` | N/A | Enables WebSocket for services. | N/A | [WebSocket support](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/websocket). | |``nginx.org/max-fails`` | ``max-fails`` | Sets the value of the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) parameter of the ``server`` directive. | ``1`` | | |``nginx.org/max-conns`` | N\A | Sets the value of the [max_conns](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_conns) parameter of the ``server`` directive. | ``0`` | | |``nginx.org/upstream-zone-size`` | ``upstream-zone-size`` | Sets the size of the shared memory [zone](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. | ``256K`` | | |``nginx.org/fail-timeout`` | ``fail-timeout`` | Sets the value of the [fail_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) parameter of the ``server`` directive. | ``10s`` | | -|``nginx.com/sticky-cookie-services`` | N/A | Configures session persistence. | N/A | [Session Persistence](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/session-persistence). | +|``nginx.com/sticky-cookie-services`` | N/A | Configures session persistence. | N/A | [Session Persistence](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/session-persistence). | |``nginx.org/keepalive`` | ``keepalive`` | Sets the value of the [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive. Note that ``proxy_set_header Connection "";`` is added to the generated configuration when the value > 0. | ``0`` | | -|``nginx.com/health-checks`` | N/A | Enables active health checks. | ``False`` | [Support for Active Health Checks](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/health-checks). | -|``nginx.com/health-checks-mandatory`` | N/A | Configures active health checks as mandatory. | ``False`` | [Support for Active Health Checks](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/health-checks). | -|``nginx.com/health-checks-mandatory-queue`` | N/A | When active health checks are mandatory, creates a queue where incoming requests are temporarily stored while NGINX Plus is checking the health of the endpoints after a configuration reload. | ``0`` | [Support for Active Health Checks](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/health-checks). | -|``nginx.com/slow-start`` | N/A | Sets the upstream server [slow-start period](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#server-slow-start). By default, slow-start is activated after a server becomes [available](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#passive-health-checks) or [healthy](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#active-health-checks). To enable slow-start for newly-added servers, configure [mandatory active health checks](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/health-checks). | ``"0s"`` | | +|``nginx.com/health-checks`` | N/A | Enables active health checks. | ``False`` | [Support for Active Health Checks](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/health-checks). | +|``nginx.com/health-checks-mandatory`` | N/A | Configures active health checks as mandatory. | ``False`` | [Support for Active Health Checks](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/health-checks). | +|``nginx.com/health-checks-mandatory-queue`` | N/A | When active health checks are mandatory, creates a queue where incoming requests are temporarily stored while NGINX Plus is checking the health of the endpoints after a configuration reload. | ``0`` | [Support for Active Health Checks](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/health-checks). | +|``nginx.com/slow-start`` | N/A | Sets the upstream server [slow-start period](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#server-slow-start). By default, slow-start is activated after a server becomes [available](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#passive-health-checks) or [healthy](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#active-health-checks). To enable slow-start for newly-added servers, configure [mandatory active health checks](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/health-checks). | ``"0s"`` | | {{% /table %}} ### Snippets and Custom Templates @@ -182,11 +182,11 @@ The table below summarizes the available annotations. {{% table %}} |Annotation | ConfigMap Key | Description | Default | Example | | ---| ---| ---| ---| --- | -|``appprotect.f5.com/app-protect-policy`` | N/A | The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable`` is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-waf). | -|``appprotect.f5.com/app-protect-enable`` | N/A | Enable App Protect for the Ingress Resource. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-waf). | -|``appprotect.f5.com/app-protect-security-log-enable`` | N/A | Enable the [security log](/nginx-app-protect/troubleshooting/#app-protect-logging-overview) for App Protect. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-waf). | -|``appprotect.f5.com/app-protect-security-log`` | N/A | The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the default is used which is: filter: ``illegal``, format: ``default``. Multiple configurations can be specified in a comma separated list. Both log configurations and destinations list (see below) must be of equal length. Configs and destinations are paired by the list indices. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-waf). | -|``appprotect.f5.com/app-protect-security-log-destination`` | N/A | The destination of the security log. For more information check the [DESTINATION argument](/nginx-app-protect/troubleshooting/#app-protect-logging-overview). Multiple destinations can be specified in a comma-separated list. Both log configurations and destinations list (see above) must be of equal length. Configs and destinations are paired by the list indices. | ``syslog:server=localhost:514`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-waf). | +|``appprotect.f5.com/app-protect-policy`` | N/A | The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable`` is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-waf). | +|``appprotect.f5.com/app-protect-enable`` | N/A | Enable App Protect for the Ingress Resource. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-waf). | +|``appprotect.f5.com/app-protect-security-log-enable`` | N/A | Enable the [security log](/nginx-app-protect/troubleshooting/#app-protect-logging-overview) for App Protect. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-waf). | +|``appprotect.f5.com/app-protect-security-log`` | N/A | The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the default is used which is: filter: ``illegal``, format: ``default``. Multiple configurations can be specified in a comma separated list. Both log configurations and destinations list (see below) must be of equal length. Configs and destinations are paired by the list indices. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-waf). | +|``appprotect.f5.com/app-protect-security-log-destination`` | N/A | The destination of the security log. For more information check the [DESTINATION argument](/nginx-app-protect/troubleshooting/#app-protect-logging-overview). Multiple destinations can be specified in a comma-separated list. Both log configurations and destinations list (see above) must be of equal length. Configs and destinations are paired by the list indices. | ``syslog:server=localhost:514`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-waf). | {{% /table %}} ### App Protect DoS @@ -196,5 +196,5 @@ The table below summarizes the available annotations. {{% table %}} |Annotation | ConfigMap Key | Description | Default | Example | | ---| ---| ---| ---| --- | -|``appprotectdos.f5.com/app-protect-dos-resource`` | N/A | Enable App Protect DoS for the Ingress Resource by specifying a [DosProtectedResource](/nginx-ingress-controller/app-protect-dos/dos-protected/). | N/A | [Example for App Protect DoS](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/app-protect-dos). | +|``appprotectdos.f5.com/app-protect-dos-resource`` | N/A | Enable App Protect DoS for the Ingress Resource by specifying a [DosProtectedResource](/nginx-ingress-controller/app-protect-dos/dos-protected/). | N/A | [Example for App Protect DoS](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/app-protect-dos). | {{% /table %}} diff --git a/docs/content/configuration/ingress-resources/basic-configuration.md b/docs/content/configuration/ingress-resources/basic-configuration.md index 7d4c9984f5..8b58ac355f 100644 --- a/docs/content/configuration/ingress-resources/basic-configuration.md +++ b/docs/content/configuration/ingress-resources/basic-configuration.md @@ -51,7 +51,7 @@ Here is a breakdown of what this Ingress resource definition means: * The rule with the path `/coffee` instructs NGINX to distribute the requests with the `/coffee` URI among the pods of the *coffee* service, which is deployed with the name `coffee‑svc` in the cluster. * Both rules instruct NGINX to distribute the requests to `port 80` of the corresponding service (the `servicePort` field). -> For complete instructions on deploying the Ingress and Secret resources in the cluster, see the [complete example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/complete-example) in our GitHub repo. +> For complete instructions on deploying the Ingress and Secret resources in the cluster, see the [complete example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/complete-example) in our GitHub repo. > To learn more about the Ingress resource, see the [Ingress resource documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) in the Kubernetes docs. diff --git a/docs/content/configuration/ingress-resources/cross-namespace-configuration.md b/docs/content/configuration/ingress-resources/cross-namespace-configuration.md index e60f78720c..d9229acafc 100644 --- a/docs/content/configuration/ingress-resources/cross-namespace-configuration.md +++ b/docs/content/configuration/ingress-resources/cross-namespace-configuration.md @@ -9,6 +9,6 @@ docs: "DOCS-594" --- -You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the *same* or *different* namespaces. This enables easier management when using a large number of paths. See the [Mergeable Ingress Resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/mergeable-ingress-types) example in our GitHub repo. +You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the *same* or *different* namespaces. This enables easier management when using a large number of paths. See the [Mergeable Ingress Resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/mergeable-ingress-types) example in our GitHub repo. -As an alternative to Mergeable Ingress resources, you can use [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) for cross-namespace configuration. See the [Cross-Namespace Configuration](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/cross-namespace-configuration) example in our GitHub repo. +As an alternative to Mergeable Ingress resources, you can use [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) for cross-namespace configuration. See the [Cross-Namespace Configuration](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/cross-namespace-configuration) example in our GitHub repo. diff --git a/docs/content/configuration/ingress-resources/custom-annotations.md b/docs/content/configuration/ingress-resources/custom-annotations.md index 36751aab24..9ac346017f 100644 --- a/docs/content/configuration/ingress-resources/custom-annotations.md +++ b/docs/content/configuration/ingress-resources/custom-annotations.md @@ -23,7 +23,7 @@ Custom annotations allow you to add an annotation for an NGINX feature that is n ## Usage -The Ingress Controller generates NGINX configuration for Ingress resources by executing a configuration template. See [NGINX template](https://github.com/nginxinc/kubernetes-ingress/blob/v2.3.1/internal/configs/version1/nginx.ingress.tmpl) or [NGINX Plus template](https://github.com/nginxinc/kubernetes-ingress/blob/v2.3.1/internal/configs/version1/nginx-plus.ingress.tmpl). +The Ingress Controller generates NGINX configuration for Ingress resources by executing a configuration template. See [NGINX template](https://github.com/nginxinc/kubernetes-ingress/blob/v2.4.1/internal/configs/version1/nginx.ingress.tmpl) or [NGINX Plus template](https://github.com/nginxinc/kubernetes-ingress/blob/v2.4.1/internal/configs/version1/nginx-plus.ingress.tmpl). To support custom annotations, the template has access to the information about the Ingress resource - its *name*, *namespace* and *annotations*. It is possible to check if a particular annotation present in the Ingress resource and conditionally insert NGINX configuration directives at multiple NGINX contexts - `http`, `server`, `location` or `upstream`. Additionally, you can get the value that is set to the annotation. @@ -132,4 +132,4 @@ deny all; ## Example -See the [custom annotations example](https://github.com/nginxinc/kubernetes-ingress/blob/v2.3.1/examples/ingress-resources/custom-annotations). +See the [custom annotations example](https://github.com/nginxinc/kubernetes-ingress/blob/v2.4.1/examples/ingress-resources/custom-annotations). diff --git a/docs/content/configuration/policy-resource.md b/docs/content/configuration/policy-resource.md index fa4db29d1e..ac41f531f1 100644 --- a/docs/content/configuration/policy-resource.md +++ b/docs/content/configuration/policy-resource.md @@ -13,7 +13,7 @@ The Policy resource allows you to configure features like access control and rat The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the Policy resource. An example of a Policy for access control is available in our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/v2.3.1/examples/custom-resources/access-control). +This document is the reference documentation for the Policy resource. An example of a Policy for access control is available in our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/v2.4.1/examples/custom-resources/access-control). ## Prerequisites @@ -329,7 +329,7 @@ NGINX Plus will pass the ID of an authenticated user to the backend in the HTTP #### Prerequisites In order to use OIDC, you need to enable [zone synchronization](https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync/). If you don't set up zone synchronization, NGINX Plus will fail to reload. -You also need to configure a resolver, which NGINX Plus will use to resolve the IDP authorization endpoint. You can find an example configuration [in our GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/v2.3.1/examples/custom-resources/oidc#step-7---configure-nginx-plus-zone-synchronization-and-resolver). +You also need to configure a resolver, which NGINX Plus will use to resolve the IDP authorization endpoint. You can find an example configuration [in our GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/v2.4.1/examples/custom-resources/oidc#step-7---configure-nginx-plus-zone-synchronization-and-resolver). > **Note**: The configuration in the example doesn't enable TLS and the synchronization between the replica happens in clear text. This could lead to the exposure of tokens. diff --git a/docs/content/configuration/transportserver-resource.md b/docs/content/configuration/transportserver-resource.md index 64d7539b4b..ea31a8dee2 100644 --- a/docs/content/configuration/transportserver-resource.md +++ b/docs/content/configuration/transportserver-resource.md @@ -10,7 +10,7 @@ docs: "DOCS-598" The TransportServer resource allows you to configure TCP, UDP, and TLS Passthrough load balancing. The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the TransportServer resource. To see additional examples of using the resource for specific use cases, go to the [examples/custom-resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources) folder in our GitHub repo. +This document is the reference documentation for the TransportServer resource. To see additional examples of using the resource for specific use cases, go to the [examples/custom-resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources) folder in our GitHub repo. ## Prerequisites diff --git a/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md b/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md index 26e10fdd50..fd333c3af3 100644 --- a/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md +++ b/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md @@ -12,7 +12,7 @@ docs: "DOCS-599" The VirtualServer and VirtualServerRoute resources, introduced in release 1.5, enable use cases not supported with the Ingress resource, such as traffic splitting and advanced content-based routing. The resources are implemented as [Custom Resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the resources. To see additional examples of using the resources for specific use cases, go to the [examples/custom-resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources) folder in our GitHub repo. +This document is the reference documentation for the resources. To see additional examples of using the resources for specific use cases, go to the [examples/custom-resources](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources) folder in our GitHub repo. ## VirtualServer Specification @@ -312,7 +312,7 @@ tls: |Field | Description | Type | Required | | ---| ---| ---| --- | |``name`` | The name of the upstream. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``upstream-123`` are valid. The name must be unique among all upstreams of the resource. | ``string`` | Yes | -|``service`` | The name of a [service](https://kubernetes.io/docs/concepts/services-networking/service/). The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. For NGINX Plus only, services of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) are also supported (check the [prerequisites](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/externalname-services#prerequisites) ). | ``string`` | Yes | +|``service`` | The name of a [service](https://kubernetes.io/docs/concepts/services-networking/service/). The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. For NGINX Plus only, services of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) are also supported (check the [prerequisites](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/externalname-services#prerequisites) ). | ``string`` | Yes | |``subselector`` | Selects the pods within the service using label keys and values. By default, all pods of the service are selected. Note: the specified labels are expected to be present in the pods when they are created. If the pod labels are updated, the Ingress Controller will not see that change until the number of the pods is changed. | ``map[string]string`` | No | |``use-cluster-ip`` | Enables using the Cluster IP and port of the service instead of the default behavior of using the IP and port of the pods. When this field is enabled, the fields that configure NGINX behavior related to multiple upstream servers (like ``lb-method`` and ``next-upstream``) will have no effect, as the Ingress Controller will configure NGINX with only one upstream server that will match the service Cluster IP. | ``boolean`` | No | |``port`` | The port of the service. If the service doesn't define that port, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. The port must fall into the range ``1..65535``. | ``uint16`` | Yes | @@ -587,7 +587,7 @@ proxy: |``upstream`` | The name of the upstream which the requests will be proxied to. The upstream with that name must be defined in the resource. | ``string`` | Yes | |``requestHeaders`` | The request headers modifications. | [action.Proxy.RequestHeaders](#actionproxyrequestheaders) | No | |``responseHeaders`` | The response headers modifications. | [action.Proxy.ResponseHeaders](#actionproxyresponseheaders) | No | -|``rewritePath`` | The rewritten URI. If the route path is a regular expression -- starts with `~` -- the `rewritePath` can include capture groups with ``$1-9``. For example `$1` for the first group, and so on. For more information, check the [rewrite](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/rewrites) example. | ``string`` | No | +|``rewritePath`` | The rewritten URI. If the route path is a regular expression -- starts with `~` -- the `rewritePath` can include capture groups with ``$1-9``. For example `$1` for the first group, and so on. For more information, check the [rewrite](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/rewrites) example. | ``string`` | No | {{% /table %}} ### Action.Proxy.RequestHeaders @@ -631,7 +631,7 @@ The ResponseHeaders field modifies the headers of the response to the client. {{% table %}} |Field | Description | Type | Required | | ---| ---| ---| --- | -|``hide`` | The headers that will not be passed* in the response to the client from a proxied upstream server. See the [proxy_hide_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directive for more information. | ``bool`` | No | +|``hide`` | The headers that will not be passed* in the response to the client from a proxied upstream server. See the [proxy_hide_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directive for more information. | ``[]string`` | No | |``pass`` | Allows passing the hidden header fields* to the client from a proxied upstream server. See the [proxy_pass_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directive for more information. | ``[]string`` | No | |``ignore`` | Disables processing of certain headers** to the client from a proxied upstream server. See the [proxy_ignore_headers](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers) directive for more information. | ``[]string`` | No | |``add`` | Adds headers to the response to the client. | [[]addHeader](#addheader) | No | diff --git a/docs/content/installation/_index.md b/docs/content/installation/_index.md index d7fa03d7f7..ec6d633972 100644 --- a/docs/content/installation/_index.md +++ b/docs/content/installation/_index.md @@ -1,6 +1,6 @@ --- title: Installation -description: +description: weight: 1300 menu: docs: diff --git a/docs/content/installation/building-ingress-controller-image.md b/docs/content/installation/building-ingress-controller-image.md index 4edc188e78..6c1f3a58a6 100644 --- a/docs/content/installation/building-ingress-controller-image.md +++ b/docs/content/installation/building-ingress-controller-image.md @@ -32,7 +32,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c 1. Clone the Ingress Controller repo: ``` - $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.3.1 + $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.4.1 $ cd kubernetes-ingress ``` @@ -47,7 +47,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c ``` `myregistry.example.com/nginx-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - As a result, the image **myregistry.example.com/nginx-ingress:2.3.1** is built. Note that the tag `2.3.1` comes from the `VERSION` variable, defined in the Makefile. + As a result, the image **myregistry.example.com/nginx-ingress:2.4.1** is built. Note that the tag `2.4.1` comes from the `VERSION` variable, defined in the Makefile. * For **NGINX Plus**, first, make sure that the certificate (`nginx-repo.crt`) and the key (`nginx-repo.key`) of your license are located in the root of the project: ``` @@ -60,7 +60,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c ``` `myregistry.example.com/nginx-plus-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - As a result, the image **myregistry.example.com/nginx-plus-ingress:2.3.1** is built. Note that the tag `2.3.1` comes from the `VERSION` variable, defined in the Makefile. + As a result, the image **myregistry.example.com/nginx-plus-ingress:2.4.1** is built. Note that the tag `2.4.1` comes from the `VERSION` variable, defined in the Makefile. **Note**: In the event of a patch version of [NGINX Plus being released](/nginx/releases/), make sure to rebuild your image to get the latest version. If your system is caching the Docker layers and not updating the packages, add `DOCKER_BUILD_OPTIONS="--pull --no-cache"` to the `make` command. @@ -105,7 +105,8 @@ A few other useful targets: ### Makefile Variables The **Makefile** contains the following main variables for you to customize (either by changing the Makefile or by overriding the variables in the make command): +* **ARCH** -- the architecture of the image (and the binary). The default value is `amd64`. The most common architectures are `amd64` and `arm64`. Some other popular options are `arm`, `ppc64le` and `s390x`. * **PREFIX** -- the name of the image. The default is `nginx/nginx-ingress`. * **TAG** -- the tag added to the image. It's set to the version of the Ingress Controller by default. * **DOCKER_BUILD_OPTIONS** -- the [options](https://docs.docker.com/engine/reference/commandline/build/#options) for the `docker build` command. For example, `--pull`. -* **TARGET** -- By default, the Ingress Controller is compiled locally using a `local` golang environment. If you want to compile the Ingress Controller using your local golang environment, make sure that the Ingress Controller repo is in your `$GOPATH`. To compile the Ingress Controller using the Docker [golang](https://hub.docker.com/_/golang/) container, specify `TARGET=container`. If you checked out a tag or are on the latest commit on `main` you can specify `TARGET=download` to avoid compiling the binary. +* **TARGET** -- by default, the Ingress Controller is compiled locally using a `local` golang environment. If you want to compile the Ingress Controller using your local golang environment, make sure that the Ingress Controller repo is in your `$GOPATH`. To compile the Ingress Controller using the Docker [golang](https://hub.docker.com/_/golang/) container, specify `TARGET=container`. If you checked out a tag or are on the latest commit on `main` you can specify `TARGET=download` to avoid compiling the binary. diff --git a/docs/content/installation/installation-with-helm.md b/docs/content/installation/installation-with-helm.md index 8f5141d779..23a662683c 100644 --- a/docs/content/installation/installation-with-helm.md +++ b/docs/content/installation/installation-with-helm.md @@ -1,6 +1,6 @@ --- title: Installation with Helm -description: "This document describes how to install the NGINX Ingress Controller in your Kubernetes cluster using Helm." +description: This document describes how to install the NGINX Ingress Controller in your Kubernetes cluster using Helm. weight: 1900 doctypes: [""] toc: true @@ -8,8 +8,6 @@ docs: "DOCS-602" --- -This document describes how to install the NGINX Ingress Controller in your Kubernetes cluster using [Helm](https://helm.sh/). - ## Prerequisites - A [Kubernetes Version Supported by the Ingress Controller](/nginx-ingress-controller/technical-specifications/#supported-kubernetes-versions) @@ -28,7 +26,7 @@ This step is required if you're installing the chart using its sources. Addition 1. Clone the Ingress Controller repo: ```console - $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.3.1 + $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.4.1 ``` 2. Change your working directory to /deployments/helm-chart: ```console @@ -161,7 +159,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |``controller.logLevel`` | The log level of the Ingress Controller. | 1 | |``controller.image.repository`` | The image repository of the Ingress Controller. | nginx/nginx-ingress | |``controller.image.digest`` | The digest of the Ingress Controller image. Digest has precedence over tag | None | -|``controller.image.tag`` | The tag of the Ingress Controller image. | 2.3.1 | +|``controller.image.tag`` | The tag of the Ingress Controller image. | 2.4.1 | |``controller.image.pullPolicy`` | The pull policy for the Ingress Controller image. | IfNotPresent | |``controller.lifecycle`` | The lifecycle of the Ingress Controller pods. | {} | |``controller.customConfigMap`` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | "" | @@ -186,7 +184,8 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |``controller.replicaCount`` | The number of replicas of the Ingress Controller deployment. | 1 | |``controller.ingressClass`` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx | |``controller.setAsDefaultIngress`` | New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`. | false | -|``controller.watchNamespace`` | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. | "" | +|``controller.watchNamespace`` | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. ``--set controller.watchNamespace="default\,nginx-ingress"``. | "" | +|``controller.watchSecretNamespace`` | Comma separated list of namespaces the Ingress Controller should watch for resources of type Secret. If this arg is not configured, the Ingress Controller watches the same namespaces for all resources. See `watch-namespace`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. ``--set controller.watchSecretNamespace="default\,nginx-ingress"``. | "" | |``controller.enableCustomResources`` | Enable the custom resources. | true | |``controller.enablePreviewPolicies`` | Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use ``controller.enableOIDC`` instead. | false | |``controller.enableOIDC`` | Enable OIDC policies. | false | @@ -236,6 +235,12 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |``controller.readyStatus.initialDelaySeconds`` | The number of seconds after the Ingress Controller pod has started before readiness probes are initiated. | 0 | |``controller.enableLatencyMetrics`` | Enable collection of latency metrics for upstreams. Requires ``prometheus.create``. | false | |``controller.minReadySeconds`` | Specifies the minimum number of seconds for which a newly created Pod should be ready, without any of its containers crashing, for it to be considered available. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) | 0 | +|``controller.autoscaling.enabled`` | Enables HorizontalPodAutoscaling. | false | +|``controller.autoscaling.annotations`` | The annotations of the Ingress Controller HorizontalPodAutoscaler. | {} | +|``controller.autoscaling.minReplicas`` | Minimum number of replicas for the HPA. | 1 | +|``controller.autoscaling.maxReplicas`` | Maximum number of replicas for the HPA. | 3 | +|``controller.autoscaling.targetCPUUtilizationPercentage`` | The target CPU utilization percentage. | 50 | +|``controller.autoscaling.targetMemoryUtilizationPercentage`` | The target memory utilization percentage. | 50 | |``controller.strategy`` | Specifies the strategy used to replace old Pods with new ones. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | {} | | `controller.disableIPV6` | Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. | false | |``rbac.create`` | Configures RBAC. | true | diff --git a/docs/content/installation/installation-with-manifests.md b/docs/content/installation/installation-with-manifests.md index a4d0091843..f7825cdeee 100644 --- a/docs/content/installation/installation-with-manifests.md +++ b/docs/content/installation/installation-with-manifests.md @@ -10,8 +10,6 @@ docs: "DOCS-603" --- -This document describes how to install the NGINX Ingress Controller in your Kubernetes cluster using Kubernetes manifests. - ## Prerequisites 1. Make sure you have access to the Ingress Controller image: @@ -21,7 +19,7 @@ This document describes how to install the NGINX Ingress Controller in your Kube * It is also possible to build your own image and push it to your private Docker registry by following the instructions from [here](/nginx-ingress-controller/installation/building-ingress-controller-image). 2. Clone the Ingress Controller repo and change into the deployments folder: ``` - $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.3.1 + $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.4.1 $ cd kubernetes-ingress/deployments ``` @@ -72,11 +70,12 @@ In this section, we create resources common for most of the Ingress Controller i **Note**: The Ingress Controller will fail to start without an IngressClass resource. -### Create Custom Resources +## 3. Create Custom Resources > **Note**: By default, it is required to create custom resource definitions for VirtualServer, VirtualServerRoute, TransportServer and Policy. Otherwise, the Ingress Controller pods will not become `Ready`. If you'd like to disable that requirement, configure [`-enable-custom-resources`](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments#cmdoption-global-configuration) command-line argument to `false` and skip this section. 1. Create custom resource definitions for [VirtualServer and VirtualServerRoute](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources), [TransportServer](/nginx-ingress-controller/configuration/transportserver-resource) and [Policy](/nginx-ingress-controller/configuration/policy-resource) resources: + ``` $ kubectl apply -f common/crds/k8s.nginx.org_virtualservers.yaml $ kubectl apply -f common/crds/k8s.nginx.org_virtualserverroutes.yaml @@ -84,17 +83,15 @@ In this section, we create resources common for most of the Ingress Controller i $ kubectl apply -f common/crds/k8s.nginx.org_policies.yaml ``` -If you would like to use the TCP and UDP load balancing features of the Ingress Controller, create the following additional resources: -1. Create a custom resource definition for [GlobalConfiguration](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource) resource: - ``` - $ kubectl apply -f common/crds/k8s.nginx.org_globalconfigurations.yaml - ``` +2. If you would like to use the TCP and UDP load balancing features of the Ingress Controller, create the following additional resources: + +Create a custom resource definition for [GlobalConfiguration](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource) resource: -### Resources for NGINX App Protect + $ kubectl apply -f common/crds/k8s.nginx.org_globalconfigurations.yaml -If you would like to use the App Protect WAF module, create the following additional resources: +3. If you would like to use the App Protect WAF module, create the following additional resources: -1. Create a custom resource definition for `APPolicy`, `APLogConf` and `APUserSig`: +Create a custom resource definition for `APPolicy`, `APLogConf` and `APUserSig`: ``` $ kubectl apply -f common/crds/appprotect.f5.com_aplogconfs.yaml @@ -102,11 +99,9 @@ If you would like to use the App Protect WAF module, create the following additi $ kubectl apply -f common/crds/appprotect.f5.com_apusersigs.yaml ``` -### Resources for NGINX App Protect DoS - -If you would like to use the App Protect DoS module, create the following additional resources: +4. If you would like to use the App Protect DoS module, create the following additional resources: -1. Create a custom resource definition for `APDosPolicy`, `APDosLogConf` and `DosProtectedResource`: +Create a custom resource definition for `APDosPolicy`, `APDosLogConf` and `DosProtectedResource`: ``` $ kubectl apply -f common/crds/appprotectdos.f5.com_apdoslogconfs.yaml @@ -123,11 +118,11 @@ We include two options for deploying the Ingress Controller: > Before creating a Deployment or Daemonset resource, make sure to update the [command-line arguments](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments) of the Ingress Controller container in the corresponding manifest file according to your requirements. ### Deploy Arbitrator for NGINX App Protect DoS -If you would like to use the App Protect DoS module, need to add arbitrator deployment. +If you would like to use the App Protect DoS module, you will need to deploy the Arbitrator. -* build your own image and push it to your private Docker registry by following the instructions from [here](/nginx-ingress-controller/app-protect-dos/installation#Build-the-app-protect-dos-arb-Docker-Image). +* Build your own image and push it to your private Docker registry by following the instructions from [here](/nginx-ingress-controller/app-protect-dos/installation#Build-the-app-protect-dos-arb-Docker-Image). -* run the Arbitrator by using a Deployment and Service +* Run the Arbitrator by using a Deployment and Service ``` $ kubectl apply -f deployment/appprotect-dos-arb.yaml diff --git a/docs/content/installation/installation-with-operator.md b/docs/content/installation/installation-with-operator.md index 3bd1b31de8..5d2a961b21 100644 --- a/docs/content/installation/installation-with-operator.md +++ b/docs/content/installation/installation-with-operator.md @@ -8,10 +8,6 @@ toc: true docs: "DOCS-604" --- -{{< note >}} -An NGINX Ingress Operator version compatible with the 2.3.1 NGINX Ingress Controller release is not available yet. We will update this document and remove this note once we publish a compatible Operator version. -{{< /note >}} - This document describes how to install the NGINX Ingress Controller in your Kubernetes cluster using the NGINX Ingress Operator. ## Prerequisites @@ -41,7 +37,7 @@ spec: image: pullPolicy: IfNotPresent repository: nginx/nginx-ingress - tag: 2.3.1-ubi + tag: 2.4.1-ubi ingressClass: nginx kind: deployment nginxplus: false diff --git a/docs/content/installation/pulling-ingress-controller-image.md b/docs/content/installation/pulling-ingress-controller-image.md index e4fc8ce29b..7a1517d5d0 100644 --- a/docs/content/installation/pulling-ingress-controller-image.md +++ b/docs/content/installation/pulling-ingress-controller-image.md @@ -35,17 +35,17 @@ Before you can pull the image, make sure that the following software is installe 2. Use Docker to pull the required image from `private-registry.nginx.com`. Choose the image from the available images listed in the [tech specs guide]({{< relref "technical-specifications#images-with-nginx-plus" >}}). For NGINX Plus Ingress Controller, pull from `private-registry.nginx.com/nginx-ic/nginx-plus-ingress`. For example: ``` - $ docker pull private-registry.nginx.com/nginx-ic/nginx-plus-ingress:2.3.1 + $ docker pull private-registry.nginx.com/nginx-ic/nginx-plus-ingress:2.4.1 ``` For NGINX Plus Ingress Controller with App Protect WAF, pull from `private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress`. For example: ``` - $ docker pull private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress:2.3.1 + $ docker pull private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress:2.4.1 ``` For NGINX Plus Ingress Controller with App Protect DoS, pull from `private-registry.nginx.com/nginx-ic-dos/nginx-plus-ingress`. For example: ``` - $ docker pull private-registry.nginx.com/nginx-ic-dos/nginx-plus-ingress:2.3.1 + $ docker pull private-registry.nginx.com/nginx-ic-dos/nginx-plus-ingress:2.4.1 ``` @@ -55,9 +55,9 @@ Before you can pull the image, make sure that the following software is installe { "name": "nginx-ic/nginx-plus-ingress", "tags": [ - "2.3.1-alpine", - "2.3.1-ubi", - "2.3.1" + "2.4.1-alpine", + "2.4.1-ubi", + "2.4.1" ] } @@ -65,8 +65,8 @@ Before you can pull the image, make sure that the following software is installe { "name": "nginx-ic-nap/nginx-plus-ingress", "tags": [ - "2.3.1-ubi", - "2.3.1" + "2.4.1-ubi", + "2.4.1" ] } @@ -74,8 +74,8 @@ Before you can pull the image, make sure that the following software is installe { "name": "nginx-ic-dos/nginx-plus-ingress", "tags": [ - "2.3.1-ubi", - "2.3.1" + "2.4.1-ubi", + "2.4.1" ] } ``` @@ -86,18 +86,18 @@ Before you can pull the image, make sure that the following software is installe - Replace `` in the examples below with the correct path to your private Docker registry. ``` - $ docker tag private-registry.nginx.com/nginx-ic/nginx-plus-ingress:2.3.1 /nginx-ic/nginx-plus-ingress:2.3.1 - $ docker push /nginx-ic/nginx-plus-ingress:2.3.1 + $ docker tag private-registry.nginx.com/nginx-ic/nginx-plus-ingress:2.4.1 /nginx-ic/nginx-plus-ingress:2.4.1 + $ docker push /nginx-ic/nginx-plus-ingress:2.4.1 ``` or for NGINX App Protect WAF enabled image ``` - $ docker tag private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress:2.3.1 /nginx-ic-nap/nginx-plus-ingress:2.3.1 - $ docker push /nginx-ic-nap/nginx-plus-ingress:2.3.1 + $ docker tag private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress:2.4.1 /nginx-ic-nap/nginx-plus-ingress:2.4.1 + $ docker push /nginx-ic-nap/nginx-plus-ingress:2.4.1 ``` or for NGINX App Protect DoS enabled image ``` - $ docker tag private-registry.nginx.com/nginx-ic-dos/nginx-plus-ingress:2.3.1 /nginx-ic-dos/nginx-plus-ingress:2.3.1 - $ docker push /nginx-ic-dos/nginx-plus-ingress:2.3.1 + $ docker tag private-registry.nginx.com/nginx-ic-dos/nginx-plus-ingress:2.4.1 /nginx-ic-dos/nginx-plus-ingress:2.4.1 + $ docker push /nginx-ic-dos/nginx-plus-ingress:2.4.1 ``` diff --git a/docs/content/installation/using-the-jwt-token-docker-secret.md b/docs/content/installation/using-the-jwt-token-docker-secret.md index 9b7e7bdd84..4dfc1b536f 100644 --- a/docs/content/installation/using-the-jwt-token-docker-secret.md +++ b/docs/content/installation/using-the-jwt-token-docker-secret.md @@ -9,18 +9,18 @@ docs: "DOCS-608" This document explains how to use the NGINX Plus Ingress Controller image from the F5 Docker registry in your Kubernetes cluster by using your NGINX Ingress Controller subscription JWT token. **Please note that an NGINX Plus subscription certificate and key will not work with the F5 Docker registry.** You can also get the image using alternative methods: -* You can use Docker to pull an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](/nginx-ingress-controller/installation/pulling-ingress-controller-image). -* Please see [here](/nginx-ingress-controller/installation/building-ingress-controller-image) for information on how to build an Ingress Controller image using the source code from this repository and your NGINX Plus subscription certificate and key. +* You can use Docker to pull an Ingress Controller image with NGINX Plus and push it to your private registry by following the [Pulling the Ingress Controller Image]({{< relref "/installation/pulling-ingress-controller-image.md" >}}) documentation. +* Please see the [information on how to build an Ingress Controller image]({{< relref "/installation/building-ingress-controller-image.md" >}}) using the source code from this repository and your NGINX Plus subscription certificate and key. * Note that for NGINX Ingress Controller based on NGINX OSS, we provide the image through [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/). ## Prerequisites -* For NGINX Ingress Controller, you must have the NGINX Ingress Controller subscription -- download the NGINX Plus Ingress Controller (per instance) JWT access token from [MyF5](https://myf5.com). -* To list the available image tags using the Docker registry API, you will also need to download the NGINX Plus Ingress Controller (per instance) certificate (`nginx-repo.crt`) and the key (`nginx-repo.key`) from [MyF5](https://myf5.com). +* For NGINX Ingress Controller, you must have the NGINX Ingress Controller subscription -- download the NGINX Plus Ingress Controller (per instance) JWT access token from [MyF5](https://my.f5.com). +* To list the available image tags using the Docker registry API, you will also need to download the NGINX Plus Ingress Controller (per instance) certificate (`nginx-repo.crt`) and the key (`nginx-repo.key`) from [MyF5](https://my.f5.com). ## Using the JWT token in a Docker Config Secret -1. Create a `docker-registry` secret on the cluster using the JWT token as the username, and `none` for password (password is unused). The name of the docker server is `private-registry.nginx.com`. Optionally namespace the secret. +1. Create a `docker-registry` secret on the cluster using the JWT token as the username and `none` for password (password is unused). The name of the docker server is `private-registry.nginx.com`. Optionally namespace the secret. ``` kubectl create secret docker-registry regcred --docker-server=private-registry.nginx.com --docker-username= --docker-password=none [-n nginx-ingress] @@ -28,13 +28,13 @@ This document explains how to use the NGINX Plus Ingress Controller image from t 2. Confirm the details of the created secret by running: - ``` + ```bash kubectl get secret regcred --output=yaml ``` -3. This secret can now be added to a deployment spec, or to a service account to apply to all deployments for a given SA spec. See the official documentation [here](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) and [here](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account) for more details. +3. You can now add this secret to a deployment spec or to a service account to apply to all deployments for a given SA spec. See the [Create a Pod that uses your Secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) and [Add ImagePullSecrets to a service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account) documentation for more details. -4. Update the deployment spec with the chosen image path. Choose the image from the available images listed [here](/nginx-ingress-controller/technical-specifications/#images-with-nginx-plus). +4. Update the deployment spec with the chosen image path. Choose the image from the [available images]({{< relref "/technical-specifications.md#images-with-nginx-plus" >}}). 5. You can use the certificate and key from the MyF5 portal and the Docker registry API to list the available image tags for the repositories, e.g.: ``` @@ -42,9 +42,9 @@ This document explains how to use the NGINX Plus Ingress Controller image from t { "name": "nginx-ic/nginx-plus-ingress", "tags": [ - "2.3.1-alpine", - "2.3.1-ubi", - "2.3.1" + "2.4.1-alpine", + "2.4.1-ubi", + "2.4.1" ] } @@ -52,8 +52,8 @@ This document explains how to use the NGINX Plus Ingress Controller image from t { "name": "nginx-ic-nap/nginx-plus-ingress", "tags": [ - "2.3.1-ubi", - "2.3.1" + "2.4.1-ubi", + "2.4.1" ] } @@ -61,8 +61,8 @@ This document explains how to use the NGINX Plus Ingress Controller image from t { "name": "nginx-ic-dos/nginx-plus-ingress", "tags": [ - "2.3.1-ubi", - "2.3.1" + "2.4.1-ubi", + "2.4.1" ] } ``` diff --git a/docs/content/intro/_index.md b/docs/content/intro/_index.md index c09fe8fd54..6a9784506c 100644 --- a/docs/content/intro/_index.md +++ b/docs/content/intro/_index.md @@ -1,6 +1,6 @@ --- title: Intro -description: +description: weight: 1200 menu: docs: diff --git a/docs/content/intro/how-nginx-ingress-controller-works.md b/docs/content/intro/how-nginx-ingress-controller-works.md index f0571e6f78..f0f9156074 100644 --- a/docs/content/intro/how-nginx-ingress-controller-works.md +++ b/docs/content/intro/how-nginx-ingress-controller-works.md @@ -266,7 +266,7 @@ Reloading NGINX is necessary to apply the new configuration and involves the fol 1. The administrator sends a HUP (hangup) signal to the NGINX master process to trigger a reload. 1. The master process brings down the worker processes with the old configuration and starts worker processes with the new configuration. 1. The administrator verifies the reload has successfully finished. - + > Refer to the [NGINX documentation](https://nginx.org/en/docs/control.html#reconfiguration) for more details about reloading. See also [this blog post](https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/) for an overview of the NGINX architecture. #### How to Reload @@ -298,13 +298,13 @@ Since both the old and new NGINX worker processes coexist during a reload, reloa ### Reloading in the IC -The Ingress Controller reloads NGINX to apply configuration changes. +The Ingress Controller reloads NGINX to apply configuration changes. -To facilitate reloading, the Ingress Controller configures a server listening on the Unix socket `unix:/var/lib/nginx/nginx-config-version.sock` that responds with the config version for `/configVersion` URI. The Ingress Controller writes the config to `/etc/nginx/config-version.conf`. +To facilitate reloading, the Ingress Controller configures a server listening on the Unix socket `unix:/var/lib/nginx/nginx-config-version.sock` that responds with the config version for `/configVersion` URI. The Ingress Controller writes the config to `/etc/nginx/config-version.conf`. A reload involves multiple steps: 1. The Ingress Controller updates generated configuration files, including any secrets. -1. The Ingress Controller updates the config version in `/etc/nginx/config-version.conf`. +1. The Ingress Controller updates the config version in `/etc/nginx/config-version.conf`. 1. The Ingress Controller runs `nginx -s reload`. If the command fails, the Ingress Controller logs the error and considers the reload failed. 2. Assuming the command succeeds, the Ingress Controller periodically checks for the config version by sending an HTTP request to the config version server on `unix:/var/lib/nginx/nginx-config-version.sock`. 3. Once the Ingress Controller sees the correct config version returned by NGINX, it considers the reload successful. If it doesn't see the correct config version after the configurable timeout (see `-nginx-reload-timeout` [cli argument](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments), the Ingress Controller considers the reload failed. @@ -317,5 +317,5 @@ The Ingress Controller reloads NGINX every time the Control Loop processes a cha There are three special cases: - *Start*. When the Ingress Controller starts, it processes all resources in the cluster and only then reloads NGINX. This avoids creating a "reload storm" by reloading only once. -- *Batch updates*. When the Ingress Controller receives a number of concurrent requests from the Kubernetes API, it will pause NGINX reloads untill the task queue is empty. This reduces the number of reloads to minimize the impact of batch updates and reduce the risk of OOM (Out of Memory) errors. +- *Batch updates*. When the Ingress Controller receives a number of concurrent requests from the Kubernetes API, it will pause NGINX reloads until the task queue is empty. This reduces the number of reloads to minimize the impact of batch updates and reduce the risk of OOM (Out of Memory) errors. - *NGINX Plus*. If the Ingress Controller uses NGINX Plus, it will not reload NGINX Plus for changes to the Endpoints resources. In this case, the Ingress Controller will use the NGINX Plus API to update the corresponding upstreams and skip reloading. diff --git a/docs/content/intro/nginx-ingress-controllers.md b/docs/content/intro/nginx-ingress-controllers.md index 67f3671d13..b8d2964361 100644 --- a/docs/content/intro/nginx-ingress-controllers.md +++ b/docs/content/intro/nginx-ingress-controllers.md @@ -29,11 +29,11 @@ The table below summarizes the key difference between nginxinc/kubernetes-ingres | NGINX version | [Custom](https://github.com/kubernetes/ingress-nginx/tree/main/images/nginx) NGINX build that includes several third-party modules | NGINX official mainline [build](https://github.com/nginxinc/docker-nginx) | NGINX Plus | | Commercial support | N/A | N/A | Included | | **Load balancing configuration via the Ingress resource** | -| Merging Ingress rules with the same host | Supported | Supported via [Mergeable Ingresses](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/mergeable-ingress-types) | Supported via [Mergeable Ingresses](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/mergeable-ingress-types) | +| Merging Ingress rules with the same host | Supported | Supported via [Mergeable Ingresses](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/mergeable-ingress-types) | Supported via [Mergeable Ingresses](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/mergeable-ingress-types) | | HTTP load balancing extensions - Annotations | See the [supported annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) | See the [supported annotations](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/) | See the [supported annotations](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/)| | HTTP load balancing extensions -- ConfigMap | See the [supported ConfigMap keys](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/) | See the [supported ConfigMap keys](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) | See the [supported ConfigMap keys](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) | | TCP/UDP | Supported via a ConfigMap | Supported via custom resources | Supported via custom resources | -| Websocket | Supported | Supported via an [annotation](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/websocket) | Supported via an [annotation](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/websocket) | +| Websocket | Supported | Supported via an [annotation](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/websocket) | Supported via an [annotation](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/websocket) | | TCP SSL Passthrough | Supported via a ConfigMap | Supported via custom resources | Supported via custom resources | | JWT validation | Not supported | Not supported | Supported | | Session persistence | Supported via a third-party module | Not supported | Supported | diff --git a/docs/content/intro/nginx-plus.md b/docs/content/intro/nginx-plus.md index e3a3127a7f..b563189331 100644 --- a/docs/content/intro/nginx-plus.md +++ b/docs/content/intro/nginx-plus.md @@ -18,9 +18,9 @@ Below are the key characteristics that NGINX Plus brings on top of NGINX into th * *Real-time metrics* A number metrics about how NGINX Plus and applications are performing are available through the API or a [built-in dashboard](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/status-page/). Optionally, the metrics can be exported to [Prometheus](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/prometheus/). * *Additional load balancing methods*. The following additional methods are available: `least_time` and `random two least_time` and their derivatives. See the [documentation](https://nginx.org/en/docs/http/ngx_http_upstream_module.html) for the complete list of load balancing methods. -* *Session persistence* The *sticky cookie* method is available. See the [Session Persistence for VirtualServer Resources example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/session-persistence) and the [Session Persistence for Ingress Resources example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/session-persistence). -* *Active health checks*. See the [Support for Active Health Checks for VirtualServer Resources example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/health-checks) and the [Support for Active Health Checks for Ingress Resources example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/health-checks). -* *JWT validation*. See the [Support for JSON Web Tokens for VirtualServer Resources example (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/custom-resources/jwt) and the [Support for JSON Web Tokens for Ingress Resources example (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples/ingress-resources/jwt). +* *Session persistence* The *sticky cookie* method is available. See the [Session Persistence for VirtualServer Resources example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/session-persistence) and the [Session Persistence for Ingress Resources example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/session-persistence). +* *Active health checks*. See the [Support for Active Health Checks for VirtualServer Resources example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/health-checks) and the [Support for Active Health Checks for Ingress Resources example](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/health-checks). +* *JWT validation*. See the [Support for JSON Web Tokens for VirtualServer Resources example (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/custom-resources/jwt) and the [Support for JSON Web Tokens for Ingress Resources example (JWTs)](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples/ingress-resources/jwt). See the [VirtualServer](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources.md), [Policy](https://docs.nginx.com/nginx-ingress-controller/configuration/policy-resource.md) and [TransportServer](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources.md) docs for a comprehensive guide of the NGINX Plus features available by using our custom resources diff --git a/docs/content/logging-and-monitoring/_index.md b/docs/content/logging-and-monitoring/_index.md index 7dbecfa185..88551ab274 100644 --- a/docs/content/logging-and-monitoring/_index.md +++ b/docs/content/logging-and-monitoring/_index.md @@ -1,6 +1,6 @@ --- title: Logging And Monitoring -description: +description: weight: 1500 menu: docs: diff --git a/docs/content/releases.md b/docs/content/releases.md index e7731c50f2..b510aec63a 100644 --- a/docs/content/releases.md +++ b/docs/content/releases.md @@ -6,9 +6,97 @@ doctypes: ["concept"] toc: true docs: "DOCS-616" --- +## NGINX Ingress Controller 2.4.1 + +19 October 2022 + +CHANGES: +* [3183](https://github.com/nginxinc/kubernetes-ingress/pull/3183) Update NGINX version to 1.23.2. +* [3175](https://github.com/nginxinc/kubernetes-ingress/pull/3175) Update Go dependencies. +* Update NGINX Plus version to R27 P1. + +FIXES: +* [3139](https://github.com/nginxinc/kubernetes-ingress/pull/3139) Remove all IPV6 listeners in ingress resources with -disable-ipv6 command line. + +HELM CHART: +* The version of the Helm chart is now 0.15.1. + +UPGRADE: +* For NGINX, use the 2.4.1 images from our [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/tags?page=1&ordering=last_updated&name=2.4.1), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress). +* For NGINX Plus, use the 2.4.1 images from the F5 Container registry or the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE) or build your own image using the 2.4.1 source code. +* For Helm, use version 0.15.1 of the chart. + +## NGINX Ingress Controller 1.12.5 + +19 October 2022 + +CHANGES: +* Update NGINX version to 1.23.2. +* Update NGINX Plus version to R27 P1. +* Update Alpine to 3.16. +* Update Go to 1.19 and Go dependencies. + +HELM CHART: +* The version of the Helm chart is now 0.10.5. + +UPGRADE: +* For NGINX, use the 1.12.5 image from our DockerHub: `nginx/nginx-ingress:1.12.5`, `nginx/nginx-ingress:1.12.5-alpine` or `nginx/nginx-ingress:1.12.5-ubi` +* For NGINX Plus, please build your own image using the 1.12.5 source code. +* For Helm, use version 0.10.5 of the chart. + +## NGINX Ingress Controller 2.4.0 + +04 October 2022 + +OVERVIEW: + +* Added support for enabling [proxy_protocol](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.0/examples/shared-examples/proxy-protocol) when port 443 is being used for both HTTPS traffic and [TLS Passthrough traffic](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.0/examples/custom-resources/tls-passthrough). +* Updates to the TransportServer resource to support using [ExternalName services](https://kubernetes.io/docs/concepts/services-networking/service/#externalname). For examples, see [externalname-services](https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.0/examples/custom-resources/externalname-services). +* VirtualServer resource now supports [wildcard hostname](https://kubernetes.io/docs/concepts/services-networking/ingress/#hostname-wildcards). +* NGINX Ingress Controller images including the combined NGINX AppProtect WAF and NGINX AppProtect DoS solutions are now published to our registry. See [Images with NGINX Plus](https://docs.nginx.com/nginx-ingress-controller/technical-specifications/#images-with-nginx-plus) for a detailed list of images in our registry. +* Added support for watching multiple namespaces using the [-watch-namespace](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#-watch-namespace-string) cli argument. This can configured by passing a comma-separated list of namespaces to the `-watch-namespace` CLI argument (e.g. `-watch-namespace=ns-1,ns-2`). +* A new cli argument has been added: [-include-year](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#-include-year). This appends the current year to the log output from the ingress controller. Example output: `I20220512 09:20:42.345457`. +* Post-startup configuration reloads have been optimized to reduce traffic impacts. When many resources are modified at the same time, changes are combined to reduce the number of data plane reloads. + +FEATURES: + +* [2986](https://github.com/nginxinc/kubernetes-ingress/pull/2986) Batch reloads at runtime. +* [2914](https://github.com/nginxinc/kubernetes-ingress/pull/2914) Support watching multiple namespaces. +* [2884](https://github.com/nginxinc/kubernetes-ingress/pull/2884) Include year in logs. +* [2993](https://github.com/nginxinc/kubernetes-ingress/pull/2993) Accept proxy protocol when TLS passthrough enabled. +* [3041](https://github.com/nginxinc/kubernetes-ingress/pull/3041) Support external name service for TansportServer. +* [2939](https://github.com/nginxinc/kubernetes-ingress/pull/2939) Add support for wildcard hostname in VirtualServer. + +IMPROVEMENTS: + +* [3040](https://github.com/nginxinc/kubernetes-ingress/pull/3040) Add command line argument to manually disable IPV6 listeners for unsupported clusters. +* [3088](https://github.com/nginxinc/kubernetes-ingress/pull/3088) Filter secrets of type helm.sh/release.v1. + +FIXES: + +* [2971](https://github.com/nginxinc/kubernetes-ingress/pull/2971) fix: Correct error message on missing path in path validation. Thanks to [Zachary Seguin](https://github.com/zachomedia). +* [3095](https://github.com/nginxinc/kubernetes-ingress/pull/3095) do not create configmap if customConfigMap is used. Thanks to [Bryan Hendryx](https://github.com/coolbry95). + +HELM CHART: + +* [3087](https://github.com/nginxinc/kubernetes-ingress/pull/3087) Allow omitting the default server secret from Helm installs. +* [2831](https://github.com/nginxinc/kubernetes-ingress/pull/2831) Add ServiceMonitor to Helm Chart. Thanks to [araineUnity](https://github.com/araineUnity). +* [2855](https://github.com/nginxinc/kubernetes-ingress/pull/2854) Add initialDelaySeconds to helm charts. Thanks to [Daniel Edgar](https://github.com/aknot242). +* [2979](https://github.com/nginxinc/kubernetes-ingress/pull/2979) Allow to specify image with digest in helm chart. Thanks to [Hans Feldt](https://github.com/hafe). +* [3031](https://github.com/nginxinc/kubernetes-ingress/pull/3031) Adding automountServiceAccountToken to helm chart. + +UPGRADE: +* For NGINX, use the 2.4.0 images from our [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/tags?page=1&ordering=last_updated&name=2.4.0), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress) or [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress). +* For NGINX Plus, use the 2.4.0 images from the F5 Container registry or the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE) or build your own image using the 2.4.0 source code. +* For Helm, use version 0.15.0 of the chart. If you're using custom resources like VirtualServer and TransportServer (`controller.enableCustomResources` is set to `true`), after you run the `helm upgrade` command, the CRDs will not be upgraded. After running the `helm upgrade` command, run `kubectl apply -f deployments/helm-chart/crds` to upgrade the CRDs. + +SUPPORTED PLATFORMS: + +We will provide technical support for NGINX Ingress Controller on any Kubernetes platform that is currently supported by its provider and that passes the Kubernetes conformance tests. This release was fully tested on the following Kubernetes versions: 1.19-1.25. + ## NGINX Ingress Controller 2.3.1 -16 Sep 2022 +16 September 2022 CHANGES: * [3048](https://github.com/nginxinc/kubernetes-ingress/pull/3048) Bump NGINX to 1.23.1 @@ -121,7 +209,7 @@ UPGRADE: ## NGINX Ingress Controller 2.2.0 -12 Apr 2022 +12 April 2022 OVERVIEW: @@ -171,7 +259,7 @@ We will provide technical support for the NGINX Ingress Controller on any Kubern ## NGINX Ingress Controller 2.1.2 -29 Mar 2022 +29 March 2022 CHANGES: * Update UBI based images to 8. @@ -209,7 +297,7 @@ UPGRADE: ## NGINX Ingress Controller 2.1.1 -17 Feb 2022 +17 February 2022 CHANGES: * Update NGINX version to 1.21.6. @@ -225,7 +313,7 @@ UPGRADE: ## NGINX Ingress Controller 2.1.0 -06 Jan 2022 +06 January 2022 OVERVIEW: @@ -285,7 +373,7 @@ We will provide technical support for the NGINX Ingress Controller on any Kubern ## NGINX Ingress Controller 2.0.3 -28 Oct 2021 +28 October 2021 CHANGES: * [2124](https://github.com/nginxinc/kubernetes-ingress/pull/2124) Apply -enable-snippets cli arg to Ingresses. This PR extends the existing -enable-snippets cli argument to apply to Ingress resources. If snippets are not enabled, the Ingress Controller will reject any Ingress resources with snippets annotations. Previously, the argument only applied to VirtualServer, VirtualServerRoute and TransportServer resources. Please Note: this is a breaking change. See the `UPGRADE` instructions below. @@ -319,7 +407,7 @@ UPGRADE: ## NGINX Ingress Controller 2.0.2 -13 Oct 2021 +13 October 2021 CHANGES: * Update NGINX App Protect version to 3.6. @@ -336,7 +424,7 @@ UPGRADE: ## NGINX Ingress Controller 2.0.1 -07 Oct 2021 +07 October 2021 FIXES: * [2051](https://github.com/nginxinc/kubernetes-ingress/pull/2051) Use release specific repo for NGINX Plus on Debian. This fixes an error when building the Debian-based image with NGINX Plus and App Protect: previously, building the image would fail with the error `Package 'nginx-plus-r24' has no installation candidate`. diff --git a/docs/content/technical-specifications.md b/docs/content/technical-specifications.md index 52522ba415..d972eaa40d 100644 --- a/docs/content/technical-specifications.md +++ b/docs/content/technical-specifications.md @@ -22,6 +22,7 @@ We explicitly test the NGINX Ingress Controller (NIC) on a range of Kubernetes p {{% table %}} | NIC Version | Supported Kubernetes Version | NIC Helm Chart Version | NIC Operator Version | NGINX / NGINX Plus version | | --- | --- | --- | --- | --- | +| 2.4.1 | 1.25 - 1.19 | 0.15.1 | 1.2.1 | 1.23.2 / R27 | | 2.3.1 | 1.24 - 1.19 | 0.14.1 | 1.1.0 | 1.23.1 / R27 | | 2.2.2 | 1.23 - 1.19 | 0.13.2 | 1.0.0 | 1.21.6 / R26 | | 2.1.2 | 1.23 - 1.19 | 0.12.1 | 0.5.1 | 1.21.6 / R26 | @@ -40,14 +41,14 @@ We provide the following Docker images, which include NGINX/NGINX Plus bundled w ### Images with NGINX -All images include NGINX 1.23.1. +All images include NGINX 1.23.2. {{% table %}} |Name | Base image | Third-party modules | DockerHub image | Architectures | | ---| ---| ---| --- | --- | -|Alpine-based image | ``nginx:1.23.1-alpine``, which is based on ``alpine:3.16`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.3.1-alpine`` | arm/v7, arm64, amd64, ppc64le, s390x | -|Debian-based image | ``nginx:1.23.1``, which is based on ``debian:bullseye-slim`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.3.1`` | arm/v7, arm64, amd64, ppc64le, s390x | -|Ubi-based image | ``redhat/ubi8`` | | ``nginx/nginx-ingress:2.3.1-ubi`` | arm64, amd64, s390x | +|Alpine-based image | ``nginx:1.23.2-alpine``, which is based on ``alpine:3.16`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.4.1-alpine`` | arm/v7, arm64, amd64, ppc64le, s390x | +|Debian-based image | ``nginx:1.23.2``, which is based on ``debian:bullseye-slim`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.4.1`` | arm/v7, arm64, amd64, ppc64le, s390x | +|Ubi-based image | ``nginxcontrib/nginx:1.23.2-ubi``, which is based on ``redhat/ubi9-minimal`` | | ``nginx/nginx-ingress:2.4.1-ubi`` | arm64, amd64, ppc64le, s390x | {{% /table %}} ### Images with NGINX Plus @@ -59,15 +60,15 @@ NGINX Plus images are available through the F5 Container registry `private-regis {{% table %}} |Name | Base image | Third-party modules | F5 Container Registry Image | Architectures | | ---| ---| --- | --- | --- | -|Alpine-based image | ``alpine:3.16`` | NGINX Plus JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:2.3.1-alpine` | arm64, amd64 | -|Debian-based image | ``debian:bullseye-slim`` | NGINX Plus JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:2.3.1` | arm64, amd64 | -|Debian-based image with App Protect WAF | ``debian:buster-slim`` | NGINX Plus App Protect WAF, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-nap/nginx-plus-ingress:2.3.1` | amd64 | -|Debian-based image with App Protect DoS | ``debian:bullseye-slim`` | NGINX Plus App Protect DoS, JavaScript module and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-dos/nginx-plus-ingress:2.3.1` | amd64 | -|Debian-based image with App Protect WAF and DoS | ``debian:buster-slim`` | NGINX Plus App Protect WAF, DoS, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-nap-dos/nginx-plus-ingress:2.3.1` | amd64 | -|Ubi-based image | ``redhat/ubi8`` | NGINX Plus JavaScript module | `nginx-ic/nginx-plus-ingress:2.3.1-ubi` | arm64, amd64, s390x | -|Ubi-based image with App Protect WAF | ``redhat/ubi8`` | NGINX Plus App Protect WAF and JavaScript modules | `nginx-ic-nap/nginx-plus-ingress:2.3.1-ubi` | amd64 | -|Ubi-based image with App Protect DoS | ``redhat/ubi8`` | NGINX Plus App Protect DoS and JavaScript modules | `nginx-ic-dos/nginx-plus-ingress:2.3.1-ubi` | amd64 | -|Ubi-based image with App Protect WAF and DoS | ``redhat/ubi8`` | NGINX Plus App Protect WAF, DoS and JavaScript modules | `nginx-ic-nap-dos/nginx-plus-ingress:2.3.1-ubi` | amd64 | +|Alpine-based image | ``alpine:3.16`` | NGINX Plus JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:2.4.1-alpine` | arm64, amd64 | +|Debian-based image | ``debian:bullseye-slim`` | NGINX Plus JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:2.4.1` | arm64, amd64 | +|Debian-based image with App Protect WAF | ``debian:buster-slim`` | NGINX Plus App Protect WAF, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-nap/nginx-plus-ingress:2.4.1` | amd64 | +|Debian-based image with App Protect DoS | ``debian:bullseye-slim`` | NGINX Plus App Protect DoS, JavaScript module and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-dos/nginx-plus-ingress:2.4.1` | amd64 | +|Debian-based image with App Protect WAF and DoS | ``debian:buster-slim`` | NGINX Plus App Protect WAF, DoS, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-nap-dos/nginx-plus-ingress:2.4.1` | amd64 | +|Ubi-based image | ``redhat/ubi8`` | NGINX Plus JavaScript module | `nginx-ic/nginx-plus-ingress:2.4.1-ubi` | arm64, amd64, s390x | +|Ubi-based image with App Protect WAF | ``redhat/ubi8`` | NGINX Plus App Protect WAF and JavaScript modules | `nginx-ic-nap/nginx-plus-ingress:2.4.1-ubi` | amd64 | +|Ubi-based image with App Protect DoS | ``redhat/ubi8`` | NGINX Plus App Protect DoS and JavaScript modules | `nginx-ic-dos/nginx-plus-ingress:2.4.1-ubi` | amd64 | +|Ubi-based image with App Protect WAF and DoS | ``redhat/ubi8`` | NGINX Plus App Protect WAF, DoS and JavaScript modules | `nginx-ic-nap-dos/nginx-plus-ingress:2.4.1-ubi` | amd64 | {{% /table %}} We also provide NGINX Plus images through the AWS Marketplace. Please see [Using the AWS Marketplace Ingress Controller Image](/nginx-ingress-controller/installation/using-aws-marketplace-image/) for details on how to set up the required IAM resources in your EKS cluster. diff --git a/docs/content/third-party-modules/_index.md b/docs/content/third-party-modules/_index.md index 194205a02d..77b0c5e387 100644 --- a/docs/content/third-party-modules/_index.md +++ b/docs/content/third-party-modules/_index.md @@ -1,6 +1,6 @@ --- title: Third Party Modules -description: +description: weight: 1700 menu: docs: diff --git a/docs/content/third-party-modules/opentracing.md b/docs/content/third-party-modules/opentracing.md index 546eca5192..676c6d8414 100644 --- a/docs/content/third-party-modules/opentracing.md +++ b/docs/content/third-party-modules/opentracing.md @@ -17,8 +17,8 @@ This document explains how to use OpenTracing with the Ingress Controller. **Note**: The examples below use the snippets annotations, which are disabled by default. To use snippets, set the [`enable-snippets`](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments#cmdoption-enable-snippets) command-line argument. ## Prerequisites -1. **Use an Ingress Controller image that contains OpenTracing.** - - You can find the images that include OpenTracing listed [in the technical specs doc]({{< relref "technical-specifications.md#supported-docker-images" >}}). +1. **Use an Ingress Controller image that contains OpenTracing.** + - You can find the images that include OpenTracing listed [in the technical specs doc]({{< relref "technical-specifications.md#supported-docker-images" >}}). - Alternatively, you can [build your own image]({{< relref "installation/building-ingress-controller-image.md" >}}) using `debian-image` (or `alpine-image`) for NGINX or `debian-image-plus` (or `alpine-image-plus`) for NGINX Plus. [Jaeger](https://github.com/jaegertracing/jaeger-client-cpp), [Zipkin](https://github.com/rnburn/zipkin-cpp-opentracing) and [Datadog](https://github.com/DataDog/dd-opentracing-cpp/) tracers are installed by default. diff --git a/docs/content/troubleshooting/_index.md b/docs/content/troubleshooting/_index.md index 9c34322d21..64ce8a39e4 100644 --- a/docs/content/troubleshooting/_index.md +++ b/docs/content/troubleshooting/_index.md @@ -5,4 +5,4 @@ weight: 2000 menu: docs: parent: NGINX Ingress Controller ---- \ No newline at end of file +--- diff --git a/docs/content/troubleshooting/troubleshoot-ingress-controller.md b/docs/content/troubleshooting/troubleshoot-ingress-controller.md index 0d353dc11a..7f425859ae 100644 --- a/docs/content/troubleshooting/troubleshoot-ingress-controller.md +++ b/docs/content/troubleshooting/troubleshoot-ingress-controller.md @@ -23,16 +23,16 @@ This document describes how to troubleshoot problems with the Ingress Controller The table below categorizes some potential problems with the Ingress Controller you may encounter and suggests how to troubleshoot those problems using one or more methods from the next section. -{{% table %}} +{{% table %}} | Problem Area | Symptom | Troubleshooting Method | Common Cause | |-----|-----|-----|-----| | Start | The Ingress Controller fails to start. | Check the logs. | Misconfigured RBAC, a missing default server TLS Secret.| | Ingress Resource and Annotations | The configuration is not applied | Check the events of the Ingress resource, check the logs, check the generated config. | Invalid values of annotations. | -| VirtualServer and VirtualServerRoute Resources | The configuration is not applied. | Check the events of the VirtualServer and VirtualServerRoutes, check the logs, check the generated config. | VirtualServer or VirtualServerRoute is invalid. | +| VirtualServer and VirtualServerRoute Resources | The configuration is not applied. | Check the events of the VirtualServer and VirtualServerRoutes, check the logs, check the generated config. | VirtualServer or VirtualServerRoute is invalid. | | Policy Resource | The configuration is not applied. | Check the events of the Policy resource as well as the events of the VirtualServers that reference that policy, check the logs, check the generated config. | Policy is invalid. | | ConfigMap Keys | The configuration is not applied. | Check the events of the ConfigMap, check the logs, check the generated config. | Invalid values of ConfigMap keys. | | NGINX | NGINX responds with unexpected responses. | Check the logs, check the generated config, check the live activity dashboard (NGINX Plus only), run NGINX in the debug mode. | Unhealthy backend pods, a misconfigured backend service. | -{{% /table %}} +{{% /table %}} ## Troubleshooting Methods @@ -81,7 +81,7 @@ Note that in the events section, we have a `Normal` event with the `AddedOrUpdat Checking the events of a VirtualServerRoute is similar: ``` -$ kubectl describe vsr coffee +$ kubectl describe vsr coffee . . . Events: Type Reason Age From Message @@ -129,7 +129,7 @@ You can view the content of the main configuration file by running: $ kubectl exec -n nginx-ingress -- cat /etc/nginx/nginx.conf ``` -Similarly, you can view the content of any generated configuration file in the `/etc/nginx/conf.d` folder. +Similarly, you can view the content of any generated configuration file in the `/etc/nginx/conf.d` folder. You can also print all NGINX configuration files together: ``` diff --git a/docs/content/troubleshooting/troubleshooting-with-app-protect.md b/docs/content/troubleshooting/troubleshooting-with-app-protect.md index 3cd57261cf..2bf9fec20f 100644 --- a/docs/content/troubleshooting/troubleshooting-with-app-protect.md +++ b/docs/content/troubleshooting/troubleshooting-with-app-protect.md @@ -13,19 +13,19 @@ This document describes how to troubleshoot problems with the Ingress Controller For general troubleshooting of the Ingress Controller, check the general [troubleshooting]({{< relref "troubleshooting/troubleshoot-ingress-controller.md" >}}) documentation. -{{< see-also >}}You can find more troubleshooting tips in the NGINX App Protect WAF [troubleshooting guide](/nginx-app-protect/troubleshooting/) {{< /see-also >}}. +{{< see-also >}}You can find more troubleshooting tips in the NGINX App Protect WAF [troubleshooting guide](/nginx-app-protect/troubleshooting/) {{< /see-also >}}. ## Potential Problems The table below categorizes some potential problems with the Ingress Controller when App Protect WAF module is enabled. It suggests how to troubleshoot those problems, using one or more methods from the next section. -{{% table %}} -|Problem area | Symptom | Troubleshooting method | Common cause | -| ---| ---| ---| --- | -|Start. | The Ingress Controller fails to start. | Check the logs. | Misconfigured APLogConf or APPolicy. | -|APLogConf, APPolicy or Ingress Resource. | The configuration is not applied. | Check the events of the APLogConf, APPolicy and Ingress Resource, check the logs, replace the policy. | APLogConf or APPolicy is invalid. | -|NGINX. | The Ingress Controller NGINX verification timeouts while starting for the first time or while reloading after a change. | Check the logs for ``Unable to fetch version: X`` message. Check the Availability of APPolicy External References. | Too many Ingress Resources with App Protect enabled. Check the `NGINX fails to start/reload section <#nginx-fails-to-start-or-reload>`_ of the Known Issues. | -{{% /table %}} +{{% table %}} +|Problem area | Symptom | Troubleshooting method | Common cause | +| ---| ---| ---| --- | +|Start. | The Ingress Controller fails to start. | Check the logs. | Misconfigured APLogConf or APPolicy. | +|APLogConf, APPolicy or Ingress Resource. | The configuration is not applied. | Check the events of the APLogConf, APPolicy and Ingress Resource, check the logs, replace the policy. | APLogConf or APPolicy is invalid. | +|NGINX. | The Ingress Controller NGINX verification timeouts while starting for the first time or while reloading after a change. | Check the logs for ``Unable to fetch version: X`` message. Check the Availability of APPolicy External References. | Too many Ingress Resources with App Protect enabled. Check the `NGINX fails to start/reload section <#nginx-fails-to-start-or-reload>`_ of the Known Issues. | +{{% /table %}} ## Troubleshooting Methods @@ -49,7 +49,7 @@ After you create or update an APLogConf, you can immediately check if the NGINX $ kubectl describe aplogconf logconf Name: logconf Namespace: default -. . . +. . . Events: Type Reason Age From Message ---- ------ ---- ---- ------- @@ -64,7 +64,7 @@ After you create or update an APPolicy, you can immediately check if the NGINX c $ kubectl describe appolicy dataguard-alarm Name: dataguard-alarm Namespace: default -. . . +. . . Events: Type Reason Age From Message ---- ------ ---- ---- ------- @@ -74,7 +74,7 @@ Note that in the events section, we have a `Normal` event with the `AddedOrUpdat ### Replace the policy -NOTE: This method only applies if using [external references](/nginx-app-protect/configuration/#external-references) +NOTE: This method only applies if using [external references](/nginx-app-protect/configuration/#external-references) If items on the external reference change but the spec of the APPolicy remains unchanged (even when re-applying the policy), kubernetes will not detect the update. In this case you can force-replace the resource. This will remove the resource and add it again, triggering a reload. For example: @@ -86,7 +86,7 @@ kubectl replace appolicy -f your-policy-manifest.yaml --force NOTE: This method only applies if you're using [external references](/nginx-app-protect/configuration/#external-references) in NGINX App Protect policies. -To check what servers host the external references of a policy: +To check what servers host the external references of a policy: ``` kubectl get appolicy mypolicy -o jsonpath='{.items[*].spec.policy.*.link}' | tr ' ' '\n' @@ -106,17 +106,17 @@ When you set the Ingress Controller to use debug mode, the setting also applies When using the Ingress Controller with the App Protect WAF module, the following issues have been reported. The occurrence of these issues is commonly related to a higher number of Ingress Resources with App Protect being enabled in a cluster. -When you make a change that requires NGINX to apply a new configuration, the Ingress Controller reloads NGINX automatically. Without the App Protect WAF module enabled, usual reload times are around 150ms. If App Protect WAF module is enabled and is being used by any number of Ingress Resources, these reloads might take a few seconds instead. +When you make a change that requires NGINX to apply a new configuration, the Ingress Controller reloads NGINX automatically. Without the App Protect WAF module enabled, usual reload times are around 150ms. If App Protect WAF module is enabled and is being used by any number of Ingress Resources, these reloads might take a few seconds instead. ### NGINX Configuration Skew If you are running more than one instance of the Ingress Controller, the extended reload time may cause the NGINX configuration of your instances to be out of sync. This can occur because there is no order imposed on how the Ingress Controller processes the Kubernetes Resources. The configurations will be the same after all instances have completed the reload. -In order to reduce these inconsistencies, we advise that you do not apply changes to multiple resources handled by the Ingress Controller at the same time. +In order to reduce these inconsistencies, we advise that you do not apply changes to multiple resources handled by the Ingress Controller at the same time. ### NGINX Fails to Start or Reload -The first time the Ingress Controller starts, or whenever there is a change that requires reloading NGINX, the Ingress Controller will verify if the reload was successful. The timeout for this verification is normally 4 seconds. When App Protect is enabled, this timeout is 20 seconds. +The first time the Ingress Controller starts, or whenever there is a change that requires reloading NGINX, the Ingress Controller will verify if the reload was successful. The timeout for this verification is normally 4 seconds. When App Protect is enabled, this timeout is 20 seconds. This timeout should be more than enough to verify configurations. However, when numerous Ingress Resources with App Protect enabled are handled by the Ingress Controller at the same time, you may find that you need to extend the timeout further. Examples of when this might be necessary include: diff --git a/docs/content/tutorials/nginx-ingress-istio.md b/docs/content/tutorials/nginx-ingress-istio.md index b02bea8682..d46074d1d8 100644 --- a/docs/content/tutorials/nginx-ingress-istio.md +++ b/docs/content/tutorials/nginx-ingress-istio.md @@ -1,284 +1,283 @@ ---- -title: NGINX Ingress Controller and Istio Service Mesh -description: | - Use NGINX Ingress Controller with Istio Service Mesh. -weight: 1800 -doctypes: ["concept"] -toc: true -docs: "DOCS-889" ---- - -## Using NGINX Ingress Controller with Istio service mesh - -NGINX Ingress Controller can now be used as the ingress controller for applications running inside an Istio service mesh. This allows you to continue using the advanced capabilities that NGINX IC provides on Istio-based environments without resorting to any workarounds. -This is accomplished using the special setting [use-cluster-ip](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#upstream) for the backend. - - -Here is a standard deployment of NGINX Ingress Controller without a sidecar proxy injected into the pod. - -{{< img src="./img/nginx_plain.png" alt="NGINX stand alone." >}} - -Notice that NGINX Ingress Controller enumerates the pods of the backend service and balances traffic directly to them, granting full control of the backend load balancer and stickiness behavior. -If your service pods support TLS, then NIC can re-encrypt the traffic to them and provide end-to-end encryption. - -But then, if your services could do that, you might not be implementing a Service Mesh. - - -To begin, Istio needs to be installed into your cluster. - -## Install Istio - -Link to Istio install guide: -[Installing istio](https://istio.io/latest/docs/setup/install/) - -It is crucial to make sure you install Istio **BEFORE** installing NGINX Ingress Controller. This ensures that the Istio sidecar is injected correctly into the NGINX Ingress controller pod. - -You can install Istio by your preferred method (helm, operator, etc.). In this case, I ran the following command to install Istio into my cluster: - -``` -istioctl install --set profile=minimal -``` - -We need to ensure that Istio injects sidecar proxies into our namespace for testing. To do so, we need to tell Istio what namespaces to inject sidecars into. We can do that with the following command: - -```bash - -kubectl label ns istio-injection=enabled -``` -Before proceeding, and before installing NGINX Ingress Controller you need to tell Istio that it will be injecting sidecars with the NGINX Ingress controller pods as they are deployed. - -```bash - -kubectl label namespace nginx-ingress istio-injection=enabled -``` - - -Using `kubectl`, we can see that the namespace for our demo (nginx-ingress) now has `istio-injection=enabled` specified: - -```bash - -kubectl get namespacess -A --show-labels - - -default Active 28h -istio-system Active 24h istio-injection=disabled -kube-node-lease Active 28h -kube-public Active 28h -kube-system Active 28h -kubernetes-dashboard Active 16h -local-path-storage Active 28h -nginx-ingress Active 27h istio-injection=enabled -``` - -After we have set up and configured Istio, we can deploy NGINX Plus Ingress and our applications that will be part of the service mesh. Istio will now inject sidecar proxies based upon how we have configured Istio (namespace configuration). -Now, our deployment will look like the following (with Envoy sidecar proxies). - -The image below shows how an NGINX Ingress Controller and Istio deployment looks: - -{{< img src="./img/nginx-envoy.png" alt="NGINX with envoy sidecar." >}} - - -## Install NGINX Ingress Controller - -Once Istio is installed, you can install NGINX Ingress Controller. - - -## Setting up NGINX Plus Ingress controller deployment for Istio. - -When deploying NGINX Plus Ingress Controller with Istio, you must modify your Deployment file to include the specific annotations required to work with Istio. Those four specific lines are: - -```yaml -traffic.sidecar.istio.io/includeInboundPorts: "" -traffic.sidecar.istio.io/excludeInboundPorts: "80,443" -traffic.sidecar.istio.io/excludeOutboundIPRanges: "substitute_for_correct_subnet_range" -sidecar.istio.io/inject: 'true' -``` - -Additional information on the above annotations can be found on Istio's website. -[Istio Service Mesh Annotations](https://istio.io/latest/docs/reference/config/annotations/) - - -Your updated `nginx-plus-ingress.yaml` file will look something like this with the added annotations: - -```yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-ingress - namespace: nginx-ingress -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-ingress - template: - metadata: - labels: - app: nginx-ingress - annotations: - traffic.sidecar.istio.io/includeInboundPorts: "" - traffic.sidecar.istio.io/excludeInboundPorts: "80,443" - traffic.sidecar.istio.io/excludeOutboundIPRanges: "10.90.0.0/16,10.45.0.0/16" - sidecar.istio.io/inject: 'true' -``` - - -{{< img src="./img/nginx_istio_small.png" alt="NGINX Ingress pod with envoy sidecar." >}} - - -We can now see that after configuring Istio, an Istio sidecar proxy has been installed into the same pod as NGINX Ingress Controller. Now, there are two containers in the same pod for NGINX Ingress Controller: the NGINX Ingress controller container and the Istio sidecar proxy container. - -``` -kubectl get pods -A - -NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system coredns-854c77959c-h2vrq 1/1 Running 0 60m -kube-system metrics-server-86cbb8457f-fct86 1/1 Running 0 60m -kube-system local-path-provisioner-5ff76fc89d-5hjbl 1/1 Running 0 60m -istio-system istiod-7c9c9d46d4-qpgff 1/1 Running 0 60m -nginx-ingress nginx-ingress-5898f94c49-v4jrf 2/2 Running 1 41s -``` - -Here is our VirtualServer configuration for Istio service mesh (note `use-cluster-ip` and `requestHeaders`). These settings are required when using Istio service mesh: - - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: VirtualServer -metadata: - name: cafe - namespace: nginx-ingress -spec: - host: cafe.example.com - tls: - secret: cafe-secret - upstreams: - - name: tea - service: tea-svc - port: 80 - use-cluster-ip: true - - name: coffee - service: coffee-svc - port: 80 - use-cluster-ip: true - routes: - - path: /tea - action: - proxy: - upstream: tea - requestHeaders: - set: - - name: Host - value: tea-svc.nginx-ingress.svc.cluster.local - - path: /coffee - action: - proxy: - upstream: coffee - requestHeaders: - set: - - name: Host - value: coffee-svc.nginx-ingress.svc.cluster.local -``` - -With our new Host header control in v1.11, when VirtualServer is configured with `requestHeaders`, the value specified will be used and `proxy_set_header $host` will NOT be used. -The value of `requestHeaders` should be: ``. Adjust the value for your specific environment. - - -When `use-cluster-ip` is set to `true`, NGINX forwards requests to the service IP. In our example above, that would be `tea-svc` and `coffee-svc`. - -Here is a simple example of what your `upstream` section will look like now in `virtualServer/virtualServerRoute`: - -```yaml -upstreams: - - name: tea - service: tea-svc - port: 80 - use-cluster-ip: true - - name: coffee - service: coffee-svc - port: 80 - use-cluster-ip: true -``` - -NGINX Ingress `upstreams` will be populated with the `Service/cluster IP`. In the example above, the service/cluster IPs for `tea-svc` and `coffee-svc` will be added to the `upstream` configuration as the `server` addresses. - - -Now we can test our NGINX Ingress with Istio setup with a simple curl request to our application. - -```bash -curl -kI https://cafe.example.com/coffee - -HTTP/1.1 200 OK -Server: nginx/1.19.5 -Date: Thu, 25 Mar 2021 18:47:21 GMT -Content-Type: text/plain -Content-Length: 159 -Connection: keep-alive -expires: Thu, 25 Mar 2021 18:47:20 GMT -cache-control: no-cache -x-envoy-upstream-service-time: 0 -x-envoy-decorator-operation: coffee-svc.nginx-ingress.svc.cluster.local:80/* -``` - -We can see in the above output that our curl request is sent and received by NGINX Ingress Controller. We can see that the envoy sidecar proxy sends the request to the service IP to the application (coffee). The full request is complete and correct. Now we have a full working NGINX+ Ingress with Istio as the sidecar proxies are deployed. - - - -## Additional Technical information details - -By default, for NGINX Ingress Controller, we populate the upstream server addresses with the endpoint IPs of the pods. - -When using the new `use-cluster-ip` feature, we will no populate the upstream with the `service` IP address, instead of the endpoint IP addresses. - -In the 1.11 release, NGINX Ingress controller will only send one host header, depending on how you configure Ingress. By default NGINX Ingress Controller will send `proxy_set_header $host`. If Ingress has been configured with `action.proxy.requestHeaders` this ensures that only one set of headers will be sent to the upstream server. In summary, by setting `action.proxy.requestHeaders` in the `VirtualServer` CRD, NGINX Ingress will only send the specified headers that have been defined. - - - -Here is the output of `nginx -T` to show our upstreams and proxy_set_header values. -The server IP address the upstream is the IP address of the service for that given application. - - -```bash -upstream vs_nginx-ingress_cafe_tea { - zone vs_nginx-ingress_cafe_tea 256k; - random two least_conn; - server 10.96.222.104:80 max_fails=1 fail_timeout=10s max_conns=0; -} - -upstream vs_nginx-ingress_cafe_coffee { - zone vs_nginx-ingress_cafe_coffee 256k; - random two least_conn; - server 10.96.252.249:80 max_fails=1 fail_timeout=10s max_conns=0; -} - -server { - listen 80; - - location /tea { - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $vs_connection_header; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header Host "tea-svc.nginx-ingress.svc.cluster.local"; - } - - location /coffee { - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $vs_connection_header; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header Host "coffee-svc.nginx-ingress.svc.cluster.local"; - } -} -``` - +--- +title: NGINX Ingress Controller and Istio Service Mesh +description: | + Use NGINX Ingress Controller with Istio Service Mesh. +weight: 1800 +doctypes: ["concept"] +toc: true +docs: "DOCS-889" +--- + +## Using NGINX Ingress Controller with Istio service mesh + +NGINX Ingress Controller can now be used as the ingress controller for applications running inside an Istio service mesh. This allows you to continue using the advanced capabilities that NGINX IC provides on Istio-based environments without resorting to any workarounds. +This is accomplished using the special setting [use-cluster-ip](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#upstream) for the backend. + + +Here is a standard deployment of NGINX Ingress Controller without a sidecar proxy injected into the pod. + +{{< img src="./img/nginx_plain.png" alt="NGINX stand alone." >}} + +Notice that NGINX Ingress Controller enumerates the pods of the backend service and balances traffic directly to them, granting full control of the backend load balancer and stickiness behavior. +If your service pods support TLS, then NIC can re-encrypt the traffic to them and provide end-to-end encryption. + +But then, if your services could do that, you might not be implementing a Service Mesh. + + +To begin, Istio needs to be installed into your cluster. + +## Install Istio + +Link to Istio install guide: +[Installing istio](https://istio.io/latest/docs/setup/install/) + +It is crucial to make sure you install Istio **BEFORE** installing NGINX Ingress Controller. This ensures that the Istio sidecar is injected correctly into the NGINX Ingress controller pod. + +You can install Istio by your preferred method (helm, operator, etc.). In this case, I ran the following command to install Istio into my cluster: + +``` +istioctl install --set profile=minimal +``` + +We need to ensure that Istio injects sidecar proxies into our namespace for testing. To do so, we need to tell Istio what namespaces to inject sidecars into. We can do that with the following command: + +```bash + +kubectl label ns istio-injection=enabled +``` +Before proceeding, and before installing NGINX Ingress Controller you need to tell Istio that it will be injecting sidecars with the NGINX Ingress controller pods as they are deployed. + +```bash + +kubectl label namespace nginx-ingress istio-injection=enabled +``` + + +Using `kubectl`, we can see that the namespace for our demo (nginx-ingress) now has `istio-injection=enabled` specified: + +```bash + +kubectl get namespacess -A --show-labels + + +default Active 28h +istio-system Active 24h istio-injection=disabled +kube-node-lease Active 28h +kube-public Active 28h +kube-system Active 28h +kubernetes-dashboard Active 16h +local-path-storage Active 28h +nginx-ingress Active 27h istio-injection=enabled +``` + +After we have set up and configured Istio, we can deploy NGINX Plus Ingress and our applications that will be part of the service mesh. Istio will now inject sidecar proxies based upon how we have configured Istio (namespace configuration). +Now, our deployment will look like the following (with Envoy sidecar proxies). + +The image below shows how an NGINX Ingress Controller and Istio deployment looks: + +{{< img src="./img/nginx-envoy.png" alt="NGINX with envoy sidecar." >}} + + +## Install NGINX Ingress Controller + +Once Istio is installed, you can install NGINX Ingress Controller. + + +## Setting up NGINX Plus Ingress controller deployment for Istio. + +When deploying NGINX Plus Ingress Controller with Istio, you must modify your Deployment file to include the specific annotations required to work with Istio. Those four specific lines are: + +```yaml +traffic.sidecar.istio.io/includeInboundPorts: "" +traffic.sidecar.istio.io/excludeInboundPorts: "80,443" +traffic.sidecar.istio.io/excludeOutboundIPRanges: "substitute_for_correct_subnet_range" +sidecar.istio.io/inject: 'true' +``` + +Additional information on the above annotations can be found on Istio's website. +[Istio Service Mesh Annotations](https://istio.io/latest/docs/reference/config/annotations/) + + +Your updated `nginx-plus-ingress.yaml` file will look something like this with the added annotations: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + replicas: 1 + selector: + matchLabels: + app: nginx-ingress + template: + metadata: + labels: + app: nginx-ingress + annotations: + traffic.sidecar.istio.io/includeInboundPorts: "" + traffic.sidecar.istio.io/excludeInboundPorts: "80,443" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "10.90.0.0/16,10.45.0.0/16" + sidecar.istio.io/inject: 'true' +``` + + +{{< img src="./img/nginx_istio_small.png" alt="NGINX Ingress pod with envoy sidecar." >}} + + +We can now see that after configuring Istio, an Istio sidecar proxy has been installed into the same pod as NGINX Ingress Controller. Now, there are two containers in the same pod for NGINX Ingress Controller: the NGINX Ingress controller container and the Istio sidecar proxy container. + +``` +kubectl get pods -A + +NAMESPACE NAME READY STATUS RESTARTS AGE +kube-system coredns-854c77959c-h2vrq 1/1 Running 0 60m +kube-system metrics-server-86cbb8457f-fct86 1/1 Running 0 60m +kube-system local-path-provisioner-5ff76fc89d-5hjbl 1/1 Running 0 60m +istio-system istiod-7c9c9d46d4-qpgff 1/1 Running 0 60m +nginx-ingress nginx-ingress-5898f94c49-v4jrf 2/2 Running 1 41s +``` + +Here is our VirtualServer configuration for Istio service mesh (note `use-cluster-ip` and `requestHeaders`). These settings are required when using Istio service mesh: + + +```yaml +apiVersion: k8s.nginx.org/v1 +kind: VirtualServer +metadata: + name: cafe + namespace: nginx-ingress +spec: + host: cafe.example.com + tls: + secret: cafe-secret + upstreams: + - name: tea + service: tea-svc + port: 80 + use-cluster-ip: true + - name: coffee + service: coffee-svc + port: 80 + use-cluster-ip: true + routes: + - path: /tea + action: + proxy: + upstream: tea + requestHeaders: + set: + - name: Host + value: tea-svc.nginx-ingress.svc.cluster.local + - path: /coffee + action: + proxy: + upstream: coffee + requestHeaders: + set: + - name: Host + value: coffee-svc.nginx-ingress.svc.cluster.local +``` + +With our new Host header control in v1.11, when VirtualServer is configured with `requestHeaders`, the value specified will be used and `proxy_set_header $host` will NOT be used. +The value of `requestHeaders` should be: ``. Adjust the value for your specific environment. + + +When `use-cluster-ip` is set to `true`, NGINX forwards requests to the service IP. In our example above, that would be `tea-svc` and `coffee-svc`. + +Here is a simple example of what your `upstream` section will look like now in `virtualServer/virtualServerRoute`: + +```yaml +upstreams: + - name: tea + service: tea-svc + port: 80 + use-cluster-ip: true + - name: coffee + service: coffee-svc + port: 80 + use-cluster-ip: true +``` + +NGINX Ingress `upstreams` will be populated with the `Service/cluster IP`. In the example above, the service/cluster IPs for `tea-svc` and `coffee-svc` will be added to the `upstream` configuration as the `server` addresses. + + +Now we can test our NGINX Ingress with Istio setup with a simple curl request to our application. + +```bash +curl -kI https://cafe.example.com/coffee + +HTTP/1.1 200 OK +Server: nginx/1.19.5 +Date: Thu, 25 Mar 2021 18:47:21 GMT +Content-Type: text/plain +Content-Length: 159 +Connection: keep-alive +expires: Thu, 25 Mar 2021 18:47:20 GMT +cache-control: no-cache +x-envoy-upstream-service-time: 0 +x-envoy-decorator-operation: coffee-svc.nginx-ingress.svc.cluster.local:80/* +``` + +We can see in the above output that our curl request is sent and received by NGINX Ingress Controller. We can see that the envoy sidecar proxy sends the request to the service IP to the application (coffee). The full request is complete and correct. Now we have a full working NGINX+ Ingress with Istio as the sidecar proxies are deployed. + + + +## Additional Technical information details + +By default, for NGINX Ingress Controller, we populate the upstream server addresses with the endpoint IPs of the pods. + +When using the new `use-cluster-ip` feature, we will no populate the upstream with the `service` IP address, instead of the endpoint IP addresses. + +In the 1.11 release, NGINX Ingress controller will only send one host header, depending on how you configure Ingress. By default NGINX Ingress Controller will send `proxy_set_header $host`. If Ingress has been configured with `action.proxy.requestHeaders` this ensures that only one set of headers will be sent to the upstream server. In summary, by setting `action.proxy.requestHeaders` in the `VirtualServer` CRD, NGINX Ingress will only send the specified headers that have been defined. + + + +Here is the output of `nginx -T` to show our upstreams and proxy_set_header values. +The server IP address the upstream is the IP address of the service for that given application. + + +```bash +upstream vs_nginx-ingress_cafe_tea { + zone vs_nginx-ingress_cafe_tea 256k; + random two least_conn; + server 10.96.222.104:80 max_fails=1 fail_timeout=10s max_conns=0; +} + +upstream vs_nginx-ingress_cafe_coffee { + zone vs_nginx-ingress_cafe_coffee 256k; + random two least_conn; + server 10.96.252.249:80 max_fails=1 fail_timeout=10s max_conns=0; +} + +server { + listen 80; + + location /tea { + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $vs_connection_header; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_set_header Host "tea-svc.nginx-ingress.svc.cluster.local"; + } + + location /coffee { + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $vs_connection_header; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_set_header Host "coffee-svc.nginx-ingress.svc.cluster.local"; + } +} +``` diff --git a/docs/go.mod b/docs/go.mod index 8b1b506cf8..50a651881f 100644 --- a/docs/go.mod +++ b/docs/go.mod @@ -2,4 +2,4 @@ module github.com/nginxinc/kubernetes-ingress/docs go 1.15 -require gitlab.com/f5/nginx/controller/poc/f5-hugo v0.23.3 // indirect +require gitlab.com/f5/nginx/controller/poc/f5-hugo v0.24.1 // indirect diff --git a/docs/go.sum b/docs/go.sum index b56091812e..c63203d5fc 100644 --- a/docs/go.sum +++ b/docs/go.sum @@ -28,3 +28,7 @@ gitlab.com/f5/nginx/controller/poc/f5-hugo v0.22.2 h1:NTQmkbyS8/SA4p8c2J6idx/KQh gitlab.com/f5/nginx/controller/poc/f5-hugo v0.22.2/go.mod h1:Y9Ez7EKgsbFXNsflK0tGLe6FWqlPToWFGZyrkduYdM4= gitlab.com/f5/nginx/controller/poc/f5-hugo v0.23.3 h1:PwuNzUQWW4G3FUYa+vmh/FK+sKsdg7oKgAQDKF2QkT4= gitlab.com/f5/nginx/controller/poc/f5-hugo v0.23.3/go.mod h1:Y9Ez7EKgsbFXNsflK0tGLe6FWqlPToWFGZyrkduYdM4= +gitlab.com/f5/nginx/controller/poc/f5-hugo v0.24.0 h1:2lkCeWVT7EeJWuXa5pyZvDMYGv7OQEoteK2L6uoLAAw= +gitlab.com/f5/nginx/controller/poc/f5-hugo v0.24.0/go.mod h1:Y9Ez7EKgsbFXNsflK0tGLe6FWqlPToWFGZyrkduYdM4= +gitlab.com/f5/nginx/controller/poc/f5-hugo v0.24.1 h1:T7y56NzgU4sJ1ymoWDw8CeZeTyOXJSPY5NwFBBZ/EXA= +gitlab.com/f5/nginx/controller/poc/f5-hugo v0.24.1/go.mod h1:Y9Ez7EKgsbFXNsflK0tGLe6FWqlPToWFGZyrkduYdM4= diff --git a/examples/custom-resources/access-control/README.md b/examples/custom-resources/access-control/README.md index 651d8ba9ba..b48a1797e7 100644 --- a/examples/custom-resources/access-control/README.md +++ b/examples/custom-resources/access-control/README.md @@ -53,11 +53,11 @@ $ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.c ``` -We got a 403 response from NGINX, which means that our policy successfully blocked our request. +We got a 403 response from NGINX, which means that our policy successfully blocked our request. ## Step 5 - Update the Policy -In this step, we update the policy to allow requests from clients from the subnet `10.0.0.0/8`. Make sure to change the `allow` field of the `access-control-policy-allow.yaml` according to your environment. +In this step, we update the policy to allow requests from clients from the subnet `10.0.0.0/8`. Make sure to change the `allow` field of the `access-control-policy-allow.yaml` according to your environment. Update the policy: ``` diff --git a/examples/custom-resources/access-control/access-control-policy-allow.yaml b/examples/custom-resources/access-control/access-control-policy-allow.yaml index 94db9288da..a5b3d0b314 100644 --- a/examples/custom-resources/access-control/access-control-policy-allow.yaml +++ b/examples/custom-resources/access-control/access-control-policy-allow.yaml @@ -1,8 +1,8 @@ apiVersion: k8s.nginx.org/v1 -kind: Policy +kind: Policy metadata: - name: webapp-policy + name: webapp-policy spec: accessControl: allow: - - 10.0.0.0/8 \ No newline at end of file + - 10.0.0.0/8 diff --git a/examples/custom-resources/access-control/access-control-policy-deny.yaml b/examples/custom-resources/access-control/access-control-policy-deny.yaml index d34ac99f80..99e50e7c96 100644 --- a/examples/custom-resources/access-control/access-control-policy-deny.yaml +++ b/examples/custom-resources/access-control/access-control-policy-deny.yaml @@ -1,8 +1,8 @@ apiVersion: k8s.nginx.org/v1 -kind: Policy +kind: Policy metadata: name: webapp-policy spec: accessControl: deny: - - 10.0.0.0/8 \ No newline at end of file + - 10.0.0.0/8 diff --git a/examples/custom-resources/access-control/virtual-server.yaml b/examples/custom-resources/access-control/virtual-server.yaml index 9376de470e..683d1cab22 100644 --- a/examples/custom-resources/access-control/virtual-server.yaml +++ b/examples/custom-resources/access-control/virtual-server.yaml @@ -1,16 +1,16 @@ apiVersion: k8s.nginx.org/v1 kind: VirtualServer metadata: - name: webapp + name: webapp spec: host: webapp.example.com policies: - name: webapp-policy upstreams: - - name: webapp + - name: webapp service: webapp-svc port: 80 routes: - path: / action: - pass: webapp \ No newline at end of file + pass: webapp diff --git a/examples/custom-resources/access-control/webapp.yaml b/examples/custom-resources/access-control/webapp.yaml index 67556cf616..31fde92a6e 100644 --- a/examples/custom-resources/access-control/webapp.yaml +++ b/examples/custom-resources/access-control/webapp.yaml @@ -29,4 +29,4 @@ spec: protocol: TCP name: http selector: - app: webapp \ No newline at end of file + app: webapp diff --git a/examples/custom-resources/advanced-routing/README.md b/examples/custom-resources/advanced-routing/README.md index 83ef68621f..dfd461c8c4 100644 --- a/examples/custom-resources/advanced-routing/README.md +++ b/examples/custom-resources/advanced-routing/README.md @@ -5,7 +5,7 @@ In this example we use the [VirtualServer](https://docs.nginx.com/nginx-ingress- * Instead of one version of the coffee service, we have two: `coffee-v1-svc` and `coffee-v2-svc`. We send requests that include the cookie `version` set to `v2` to `coffee-v2-svc` and all other requests to `coffee-v1-svc`. * To simplify the example, we have removed TLS termination. -## Prerequisites +## Prerequisites 1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller with custom resources enabled. 1. Save the public IP address of the Ingress Controller into a shell variable: @@ -43,7 +43,7 @@ $ kubectl create -f cafe-virtual-server.yaml Normal AddedOrUpdated 2s nginx-ingress-controller Configuration for default/cafe was added or updated ``` 1. Access the tea service using curl. We'll use curl's `--resolve` option to set the IP address and HTTP port of the Ingress Controller to the domain name of the cafe application: - + Send a POST request and confirm that the response comes from `tea-post-svc`: ``` $ curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP http://cafe.example.com:$IC_HTTP_PORT/tea -X POST @@ -61,7 +61,7 @@ $ kubectl create -f cafe-virtual-server.yaml ``` 1. Access the coffee service: - + Send a request with the cookie `version=v2` and confirm that the response comes from `coffee-v2-svc`: ``` $ curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP http://cafe.example.com:$IC_HTTP_PORT/coffee --cookie "version=v2" @@ -76,4 +76,4 @@ $ kubectl create -f cafe-virtual-server.yaml Server address: 10.16.0.153:80 Server name: coffee-v1-78754bdcfb-bs9nh . . . - ``` \ No newline at end of file + ``` diff --git a/examples/custom-resources/advanced-routing/cafe-virtual-server.yaml b/examples/custom-resources/advanced-routing/cafe-virtual-server.yaml index 8813fe9fd9..fffb29484a 100644 --- a/examples/custom-resources/advanced-routing/cafe-virtual-server.yaml +++ b/examples/custom-resources/advanced-routing/cafe-virtual-server.yaml @@ -14,7 +14,7 @@ spec: - name: coffee-v1 service: coffee-v1-svc port: 80 - - name: coffee-v2 + - name: coffee-v2 service: coffee-v2-svc port: 80 routes: @@ -35,4 +35,4 @@ spec: action: pass: coffee-v2 action: - pass: coffee-v1 \ No newline at end of file + pass: coffee-v1 diff --git a/examples/custom-resources/advanced-routing/cafe.yaml b/examples/custom-resources/advanced-routing/cafe.yaml index 3daaf2744f..40236b7138 100644 --- a/examples/custom-resources/advanced-routing/cafe.yaml +++ b/examples/custom-resources/advanced-routing/cafe.yaml @@ -72,14 +72,14 @@ spec: replicas: 1 selector: matchLabels: - app: tea-post + app: tea-post template: metadata: labels: - app: tea-post + app: tea-post spec: containers: - - name: tea-post + - name: tea-post image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 @@ -105,14 +105,14 @@ spec: replicas: 1 selector: matchLabels: - app: tea + app: tea template: metadata: labels: - app: tea + app: tea spec: containers: - - name: tea + - name: tea image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 @@ -128,4 +128,4 @@ spec: protocol: TCP name: http selector: - app: tea \ No newline at end of file + app: tea diff --git a/examples/custom-resources/app-protect-dos/apdos-logconf.yaml b/examples/custom-resources/app-protect-dos/apdos-logconf.yaml index 885a524647..688f3ea786 100644 --- a/examples/custom-resources/app-protect-dos/apdos-logconf.yaml +++ b/examples/custom-resources/app-protect-dos/apdos-logconf.yaml @@ -3,9 +3,6 @@ kind: APDosLogConf metadata: name: doslogconf spec: - content: - format: splunk - max_message_size: 64k filter: traffic-mitigation-stats: all bad-actors: top 10 diff --git a/examples/custom-resources/app-protect-dos/virtual-server.yaml b/examples/custom-resources/app-protect-dos/virtual-server.yaml index b713d08528..27fd08f658 100644 --- a/examples/custom-resources/app-protect-dos/virtual-server.yaml +++ b/examples/custom-resources/app-protect-dos/virtual-server.yaml @@ -12,4 +12,4 @@ spec: - path: / dos: dos-protected action: - pass: webapp \ No newline at end of file + pass: webapp diff --git a/examples/custom-resources/basic-auth/cafe-virtual-server.yaml b/examples/custom-resources/basic-auth/cafe-virtual-server.yaml index 5bd87ca984..352748e17a 100644 --- a/examples/custom-resources/basic-auth/cafe-virtual-server.yaml +++ b/examples/custom-resources/basic-auth/cafe-virtual-server.yaml @@ -21,4 +21,4 @@ spec: pass: tea - path: /coffee action: - pass: coffee \ No newline at end of file + pass: coffee diff --git a/examples/custom-resources/basic-auth/cafe.yaml b/examples/custom-resources/basic-auth/cafe.yaml index fc14eae89f..f049e8bf29 100644 --- a/examples/custom-resources/basic-auth/cafe.yaml +++ b/examples/custom-resources/basic-auth/cafe.yaml @@ -39,14 +39,14 @@ spec: replicas: 1 selector: matchLabels: - app: tea + app: tea template: metadata: labels: - app: tea + app: tea spec: containers: - - name: tea + - name: tea image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 @@ -62,4 +62,4 @@ spec: protocol: TCP name: http selector: - app: tea \ No newline at end of file + app: tea diff --git a/examples/custom-resources/basic-configuration/README.md b/examples/custom-resources/basic-configuration/README.md index 09288f3e16..3b8104277d 100644 --- a/examples/custom-resources/basic-configuration/README.md +++ b/examples/custom-resources/basic-configuration/README.md @@ -4,7 +4,7 @@ In this example we configure load balancing with TLS termination for a simple we The example is similar to the [complete example](../../examples/complete-example/README.md). However, instead of the Ingress resource, we use the VirtualServer. -## Prerequisites +## Prerequisites 1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller with custom resources enabled. 1. Save the public IP address of the Ingress Controller into a shell variable: @@ -47,7 +47,7 @@ $ kubectl create -f cafe.yaml Normal AddedOrUpdated 7s nginx-ingress-controller Configuration for default/cafe was added or updated ``` 1. Access the application using curl. We'll use curl's `--insecure` option to turn off certificate verification of our self-signed certificate and `--resolve` option to set the IP address and HTTPS port of the Ingress Controller to the domain name of the cafe application: - + To get coffee: ``` $ curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/coffee --insecure @@ -60,4 +60,4 @@ $ kubectl create -f cafe.yaml $ curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/tea --insecure Server address: 10.16.0.149:80 Server name: tea-7d57856c44-zlftd - ... \ No newline at end of file + ... diff --git a/examples/custom-resources/basic-configuration/cafe-virtual-server.yaml b/examples/custom-resources/basic-configuration/cafe-virtual-server.yaml index c87af04890..cd006a8d93 100644 --- a/examples/custom-resources/basic-configuration/cafe-virtual-server.yaml +++ b/examples/custom-resources/basic-configuration/cafe-virtual-server.yaml @@ -19,4 +19,4 @@ spec: pass: tea - path: /coffee action: - pass: coffee \ No newline at end of file + pass: coffee diff --git a/examples/custom-resources/basic-configuration/cafe.yaml b/examples/custom-resources/basic-configuration/cafe.yaml index fc14eae89f..f049e8bf29 100644 --- a/examples/custom-resources/basic-configuration/cafe.yaml +++ b/examples/custom-resources/basic-configuration/cafe.yaml @@ -39,14 +39,14 @@ spec: replicas: 1 selector: matchLabels: - app: tea + app: tea template: metadata: labels: - app: tea + app: tea spec: containers: - - name: tea + - name: tea image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 @@ -62,4 +62,4 @@ spec: protocol: TCP name: http selector: - app: tea \ No newline at end of file + app: tea diff --git a/examples/custom-resources/basic-tcp-udp/README.md b/examples/custom-resources/basic-tcp-udp/README.md index 7042da6ec8..545dbea51a 100644 --- a/examples/custom-resources/basic-tcp-udp/README.md +++ b/examples/custom-resources/basic-tcp-udp/README.md @@ -1,11 +1,11 @@ -# Basic TCP/UDP Load Balancing +# Basic TCP/UDP Load Balancing In this example, we deploy a DNS server in a cluster and configure TCP and UDP load balancing for it using the TransportServer resource. As a result, NGINX will pass any connections or datagrams coming to its port 5353 to the DNS server pods. -## Prerequisites +## Prerequisites 1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller: - * As part of Step 2 of those instructions, make sure to deploy the GlobalConfiguration resource and configure the Ingress Controller to use it. + * As part of Step 2 of those instructions, make sure to deploy the GlobalConfiguration resource and configure the Ingress Controller to use it. * Expose port 5353 of the Ingress Controller both for TCP and UDP traffic. 1. Save the public IP address of the Ingress Controller into a shell variable: ``` @@ -127,4 +127,4 @@ To test that the configured TCP/UDP load balancing works, we resolve the name `k ;; SERVER: #5353() ;; WHEN: Thu Mar 12 22:02:12 UTC 2020 ;; MSG SIZE rcvd: 71 - ``` \ No newline at end of file + ``` diff --git a/examples/custom-resources/basic-tcp-udp/global-configuration.yaml b/examples/custom-resources/basic-tcp-udp/global-configuration.yaml index 2ced7c188c..66bbd0632d 100644 --- a/examples/custom-resources/basic-tcp-udp/global-configuration.yaml +++ b/examples/custom-resources/basic-tcp-udp/global-configuration.yaml @@ -1,5 +1,5 @@ apiVersion: k8s.nginx.org/v1alpha1 -kind: GlobalConfiguration +kind: GlobalConfiguration metadata: name: nginx-configuration namespace: nginx-ingress @@ -10,4 +10,4 @@ spec: protocol: UDP - name: dns-tcp port: 5353 - protocol: TCP \ No newline at end of file + protocol: TCP diff --git a/examples/custom-resources/basic-tcp-udp/transport-server-tcp.yaml b/examples/custom-resources/basic-tcp-udp/transport-server-tcp.yaml index 42478c43a2..c8f389eedc 100644 --- a/examples/custom-resources/basic-tcp-udp/transport-server-tcp.yaml +++ b/examples/custom-resources/basic-tcp-udp/transport-server-tcp.yaml @@ -4,7 +4,7 @@ metadata: name: dns-tcp spec: listener: - name: dns-tcp + name: dns-tcp protocol: TCP upstreams: - name: dns-app diff --git a/examples/custom-resources/basic-tcp-udp/transport-server-udp.yaml b/examples/custom-resources/basic-tcp-udp/transport-server-udp.yaml index 0fd50d7593..4b273a721e 100644 --- a/examples/custom-resources/basic-tcp-udp/transport-server-udp.yaml +++ b/examples/custom-resources/basic-tcp-udp/transport-server-udp.yaml @@ -4,8 +4,8 @@ metadata: name: dns-udp spec: listener: - name: dns-udp - protocol: UDP + name: dns-udp + protocol: UDP upstreams: - name: dns-app service: coredns @@ -14,4 +14,4 @@ spec: udpRequests: 1 udpResponses: 1 action: - pass: dns-app \ No newline at end of file + pass: dns-app diff --git a/examples/custom-resources/certmanager/cafe.yaml b/examples/custom-resources/certmanager/cafe.yaml index 67803bc138..cda0f23573 100644 --- a/examples/custom-resources/certmanager/cafe.yaml +++ b/examples/custom-resources/certmanager/cafe.yaml @@ -39,14 +39,14 @@ spec: replicas: 3 selector: matchLabels: - app: tea + app: tea template: metadata: labels: - app: tea + app: tea spec: containers: - - name: tea + - name: tea image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 diff --git a/examples/custom-resources/cross-namespace-configuration/README.md b/examples/custom-resources/cross-namespace-configuration/README.md index de32b01406..6be7a0011b 100644 --- a/examples/custom-resources/cross-namespace-configuration/README.md +++ b/examples/custom-resources/cross-namespace-configuration/README.md @@ -5,7 +5,7 @@ In this example we use the [VirtualServer and VirtualServerRoute](https://docs.n * In the coffee namespace, we create the coffee deployment, service, and the corresponding load-balancing configuration. * In the cafe namespace, we create the cafe secret with the TLS certificate and key and the load-balancing configuration for the cafe application. That configuration references the coffee and tea configurations. -## Prerequisites +## Prerequisites 1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller with custom resources enabled. 1. Save the public IP address of the Ingress Controller into a shell variable: @@ -21,14 +21,14 @@ In this example we use the [VirtualServer and VirtualServerRoute](https://docs.n Create the required tea, coffee, and cafe namespaces: ``` -$ kubectl create -f namespaces.yaml +$ kubectl create -f namespaces.yaml ``` ## Step 2 - Deploy the Cafe Application 1. Create the tea deployment and service in the tea namespace: ``` - $ kubectl create -f tea.yaml + $ kubectl create -f tea.yaml ``` 1. Create the coffee deployment and service in the coffee namespace: ``` @@ -65,8 +65,8 @@ $ kubectl create -f namespaces.yaml ---- ------ ---- ---- ------- Warning NoVirtualServersFound 2m nginx-ingress-controller No VirtualServer references VirtualServerRoute tea/tea Normal AddedOrUpdated 1m nginx-ingress-controller Configuration for tea/tea was added or updated - - $ kubectl describe virtualserverroute coffee -n coffee + + $ kubectl describe virtualserverroute coffee -n coffee . . . Events: Type Reason Age From Message @@ -82,7 +82,7 @@ $ kubectl create -f namespaces.yaml Normal AddedOrUpdated 1m nginx-ingress-controller Configuration for cafe/cafe was added or updated ``` 1. Access the application using curl. We'll use curl's `--insecure` option to turn off certificate verification of our self-signed certificate and `--resolve` option to set the IP address and HTTPS port of the Ingress Controller to the domain name of the cafe application: - + To get coffee: ``` $ curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/coffee --insecure @@ -95,4 +95,4 @@ $ kubectl create -f namespaces.yaml $ curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/tea --insecure Server address: 10.16.0.157:80 Server name: tea-7d57856c44-674b8 - ... \ No newline at end of file + ... diff --git a/examples/custom-resources/cross-namespace-configuration/coffee-virtual-server-route.yaml b/examples/custom-resources/cross-namespace-configuration/coffee-virtual-server-route.yaml index 4bcd351573..4f89de0779 100644 --- a/examples/custom-resources/cross-namespace-configuration/coffee-virtual-server-route.yaml +++ b/examples/custom-resources/cross-namespace-configuration/coffee-virtual-server-route.yaml @@ -1,15 +1,15 @@ apiVersion: k8s.nginx.org/v1 kind: VirtualServerRoute metadata: - name: coffee + name: coffee namespace: coffee spec: host: cafe.example.com upstreams: - - name: coffee + - name: coffee service: coffee-svc port: 80 subroutes: - - path: /coffee + - path: /coffee action: - pass: coffee \ No newline at end of file + pass: coffee diff --git a/examples/custom-resources/cross-namespace-configuration/coffee.yaml b/examples/custom-resources/cross-namespace-configuration/coffee.yaml index 7d27a8983c..1349f927ce 100644 --- a/examples/custom-resources/cross-namespace-configuration/coffee.yaml +++ b/examples/custom-resources/cross-namespace-configuration/coffee.yaml @@ -31,4 +31,4 @@ spec: protocol: TCP name: http selector: - app: coffee \ No newline at end of file + app: coffee diff --git a/examples/custom-resources/cross-namespace-configuration/namespaces.yaml b/examples/custom-resources/cross-namespace-configuration/namespaces.yaml index 8e7275f71d..6c47c83f34 100644 --- a/examples/custom-resources/cross-namespace-configuration/namespaces.yaml +++ b/examples/custom-resources/cross-namespace-configuration/namespaces.yaml @@ -1,14 +1,14 @@ apiVersion: v1 kind: Namespace metadata: - name: cafe + name: cafe --- apiVersion: v1 kind: Namespace metadata: - name: tea + name: tea --- apiVersion: v1 kind: Namespace metadata: - name: coffee \ No newline at end of file + name: coffee diff --git a/examples/custom-resources/cross-namespace-configuration/tea-virtual-server-route.yaml b/examples/custom-resources/cross-namespace-configuration/tea-virtual-server-route.yaml index b1e7966f9e..25e7a08b45 100644 --- a/examples/custom-resources/cross-namespace-configuration/tea-virtual-server-route.yaml +++ b/examples/custom-resources/cross-namespace-configuration/tea-virtual-server-route.yaml @@ -1,15 +1,15 @@ apiVersion: k8s.nginx.org/v1 kind: VirtualServerRoute metadata: - name: tea + name: tea namespace: tea spec: host: cafe.example.com upstreams: - - name: tea + - name: tea service: tea-svc port: 80 subroutes: - - path: /tea + - path: /tea action: - pass: tea \ No newline at end of file + pass: tea diff --git a/examples/custom-resources/cross-namespace-configuration/tea.yaml b/examples/custom-resources/cross-namespace-configuration/tea.yaml index 8d19efc58c..615e2fd436 100644 --- a/examples/custom-resources/cross-namespace-configuration/tea.yaml +++ b/examples/custom-resources/cross-namespace-configuration/tea.yaml @@ -7,14 +7,14 @@ spec: replicas: 1 selector: matchLabels: - app: tea + app: tea template: metadata: labels: - app: tea + app: tea spec: containers: - - name: tea + - name: tea image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 @@ -31,4 +31,4 @@ spec: protocol: TCP name: http selector: - app: tea \ No newline at end of file + app: tea diff --git a/examples/custom-resources/egress-mtls/egress-mtls-secret.yaml b/examples/custom-resources/egress-mtls/egress-mtls-secret.yaml index 663227e02e..b83a8af04e 100644 --- a/examples/custom-resources/egress-mtls/egress-mtls-secret.yaml +++ b/examples/custom-resources/egress-mtls/egress-mtls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRekNDQWlzQ0NRRE5Tc2YvSXpBaElUQU5CZ2txaGtpRzl3MEJBUXNGQURCbU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhGakFVQmdOVkJBY01EVk5oYmlCR2NtRnVjMmx6WTI4eERqQU1CZ05WQkFvTQpCVTVIU1U1WU1Rd3dDZ1lEVlFRTERBTkxTVU14RkRBU0JnTlZCQU1NQzJWNFlXMXdiR1V1WTI5dE1CNFhEVEl3Ck1URXhNakl5TXpFek9Gb1hEVE13TVRFeE1ESXlNekV6T0Zvd1lURUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlYKQkFnTUFrTkJNUll3RkFZRFZRUUhEQTFUWVc0Z1JuSmhibk5wYzJOdk1RNHdEQVlEVlFRS0RBVk9SMGxPV0RFTQpNQW9HQTFVRUN3d0RTMGxETVE4d0RRWURWUVFEREFaamJHbGxiblF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBCkE0SUJEd0F3Z2dFS0FvSUJBUUM1M2djYWFXMGo0ZVdWZmV5OWZIYkZtUzMvRWtjMFFYbFVrdUZsSUc4T016blQKQ2hFUmd3a1hyOWNFeTZEY2hxN0FlNjh3SjBHcmdHdjl6elEyTHdyOHJLd1NNWUVmUXIwQ2NJc1ZXUy9ncDNrSAp2VG1FS3RacXdIL1VhWWJHVFVzRlBpaENFeEV1T3pwRWROMmhDZ1Vsclk2Y1RPMGJjRzNGbk1Dbk9IZE0zZ2tsCkFOajRYd0pBSXhVN216bkNSWFkyWGRJVHhZbG0yc0FyWmVxR1JycGVKNTJDejhhME9iN3poUTgwK2d3QjZBczEKL2dXeHVTR2Y4eGhrL1NhVlpQUE4xU2RTeDcwUU5BZnFFU21tQ0lnVEYralFGQkx3bDhnTkZxajYvR2lSdElvWgozMEpEaXhuZVBrUTQ3S2ZoOS96c0xsRy9WV0hyUXA0d29TY1BqTlBkQWdNQkFBRXdEUVlKS29aSWh2Y05BUUVMCkJRQURnZ0VCQUZtS05PK0dRQVpFcHBZdXBYNnJ6NktZcUFXUEtkcXRPUjJaNlR0K0ZSNlNPRExSem56RDJuRjkKU3ZhZitaZkJ4SFhtR1FwRkZXTEpINUlmbEgzM21KOFZORlh2Z0F6WnVwNG9tSDJobndHYW9NaklCS2FQSnZUZQpPQ3IwTWpjMjB4Qk82WTdzdU1Eem5VTDRRTjJib3QrM3M2SXZSaHhWeEM3ZS9OSWMzaHVQTjUxUEJUWDRCVkJWCkwweVc5Z2ltMXdibHJOVllaRDB1cnFDZ05wTm8rbWpqZXJsRkxpN0p6YWhNSllIV0JNUDc2Vnp0bk82ZnFhMU8KZXRBd3RYUnNnVnpxUkhWK0lFWk0rNUtZY2RYcEY3bjVBeFFkNUdxVDVhNTBaRnBYS2tJaURFRE91TXFUY0NQWQp2K0szQ1EzaW5wUXg4bXUwckRUL0ZQdDgrVnhpVEpBPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdWQ0SEdtbHRJK0hsbFgzc3ZYeDJ4Wmt0L3hKSE5FRjVWSkxoWlNCdkRqTTUwd29SCkVZTUpGNi9YQk11ZzNJYXV3SHV2TUNkQnE0QnIvYzgwTmk4Sy9LeXNFakdCSDBLOUFuQ0xGVmt2NEtkNUI3MDUKaENyV2FzQi8xR21HeGsxTEJUNG9RaE1STGpzNlJIVGRvUW9GSmEyT25FenRHM0J0eFp6QXB6aDNUTjRKSlFEWQorRjhDUUNNVk81czV3a1YyTmwzU0U4V0padHJBSzJYcWhrYTZYaWVkZ3MvR3REbSs4NFVQTlBvTUFlZ0xOZjRGCnNia2huL01ZWlAwbWxXVHp6ZFVuVXNlOUVEUUg2aEVwcGdpSUV4Zm8wQlFTOEpmSURSYW8rdnhva2JTS0dkOUMKUTRzWjNqNUVPT3luNGZmODdDNVJ2MVZoNjBLZU1LRW5ENHpUM1FJREFRQUJBb0lCQUM1enNmekUyblQ4VVArUwprQ2N2UXhQUlc3Q0M1ZTdHYWtkYnloOFhBd3BlZlJZa1R1MjhmUHBCaFJCNnY4STltdEVhV0VkRm1HRC9ZSDMzCldnb3NxYWRLbEZxYnFyU2dYbEtNeEFYYTIxOWZHNTEyaWpoZzZHT1hwcHIwb0sxUXhlNFNnY2M1c3JLR05PTEUKL2xyd0FTZFFmL0xLT3Z2L2xqK3NGRzMyYThKMjBtWVY0dFpsZmJsaUlxNHd0YzVnc0JWUVJ2T3RielQzQzRscwowM1JwbnJPbitxV3NwVkVleU52WjRjM2NKUGJpVTJ4WmkvcE1MZWhnUUhZcDZ0bEpVMFZQRDJaWDJoaDkrRlNDCndOaGNhQVBMTkZrNy9Vc3grdTVhMUM3b3Y0WEw1MExWVE15RjVkdVpCY2ZsUmd3ZWJVc0JqNlRWUDl4Tkp3aTUKb3VmOXJDRUNnWUVBNFJCVE5Oam5LWC9qQVJVZW1tTEpZVFpYNm12bXUzMTJSU1ZuK1ZUV1VzMHVhZVhaS2pmMwpWa3Q0Z3VkdzB1UWh1aFhJbkxVclJhdmVhZHBNc0o0VkZxRHJSRW5LVWlmZWU5QzQraWJOSnk3NHBYcVJpaVpaCjVCT2RKWjNlNVZCbDlTcDJNNExxMUNFNGF5cyt5djAyak9jSjJPallJSW9MU2IxL21WZnVpTmtDZ1lFQTAycHYKTTQyTEljWjFJQW9jMStlTXZIVVpuQ0ltei8vMVBGTTJoaGdlSUs1VXhZM0FRRVg5dzJDWUFKT202Q05WbHhiNAp6dkVrVnVOMnZ0cE5LaWlUQkRGczZtLzBkSE8wTERQdDdjV2ozNDAzbUtwcjBPY2pEVjllYnhpVWJ0R0lKVE84CkpyYzB2OUNUMnFJaFBpTElZdXBpOXg3SFZHUi9pTCswMnJNZm9LVUNnWUVBdktDaERBYktYd2EzSy80V1l4QnUKZFZKRmhzeWVXZjlCODV2eE00LzkvUEhJZDZyVFFzWWJQekVMdExMaTVXMmNNc2oxRlJubVJZTlJhbWd5cEVncApwb2lDQmY3T1dlTGVYZWxHVHluY0FYNGxtUk5NRFh3dEZMRzNvSUpiQU5oTVM1a2w3ZkJJZmpmRmdGU0RVVCs5Cnk0UUx4Y2NJOU9TZHAxVHlMNFA2QUtrQ2dZRUEwQmZVU3I4SWNuOC83QUJvTVkrRmRENGlyZzdqZXhwcVRTMXUKM29CQXIxUkl0b2IyODR5dzRhMWpFRFpGTS9zTGxRTVVkY1RmU3ZMcmY2R3FFRlFObVRQNUM2eVV4a2JZMGlWdgpEUG5iZWdBcStBYk94cm1yUTg5YVNTbTllSEtmZWxhNDNMYTVvZy93YUdQcktwamIrcGpRUG9NNkdmUXRuL0ZxClYxVzJUTTBDZ1lBNXg3aVRLa0lZQlgwR0JhWERZOUlxMVBWeTkxK3pFeDhIWUdDczRNR2ttME42Y3lncm84UmwKMzA3R09ocnhwam1wMTNEb1JtM21XZWhQMmV1WEdhLy9VS2gxaTUvVkQ0R1ltL2psc1plZUx6MURiR2crQVZqegpWVFdueFJCemYwRmdGZkZkTmNIeFlwNTJ3VTZuK2x3MTVTdkNTWmJKQzYzUTBsZ3N1NlhZN3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdWQ0SEdtbHRJK0hsbFgzc3ZYeDJ4Wmt0L3hKSE5FRjVWSkxoWlNCdkRqTTUwd29SCkVZTUpGNi9YQk11ZzNJYXV3SHV2TUNkQnE0QnIvYzgwTmk4Sy9LeXNFakdCSDBLOUFuQ0xGVmt2NEtkNUI3MDUKaENyV2FzQi8xR21HeGsxTEJUNG9RaE1STGpzNlJIVGRvUW9GSmEyT25FenRHM0J0eFp6QXB6aDNUTjRKSlFEWQorRjhDUUNNVk81czV3a1YyTmwzU0U4V0padHJBSzJYcWhrYTZYaWVkZ3MvR3REbSs4NFVQTlBvTUFlZ0xOZjRGCnNia2huL01ZWlAwbWxXVHp6ZFVuVXNlOUVEUUg2aEVwcGdpSUV4Zm8wQlFTOEpmSURSYW8rdnhva2JTS0dkOUMKUTRzWjNqNUVPT3luNGZmODdDNVJ2MVZoNjBLZU1LRW5ENHpUM1FJREFRQUJBb0lCQUM1enNmekUyblQ4VVArUwprQ2N2UXhQUlc3Q0M1ZTdHYWtkYnloOFhBd3BlZlJZa1R1MjhmUHBCaFJCNnY4STltdEVhV0VkRm1HRC9ZSDMzCldnb3NxYWRLbEZxYnFyU2dYbEtNeEFYYTIxOWZHNTEyaWpoZzZHT1hwcHIwb0sxUXhlNFNnY2M1c3JLR05PTEUKL2xyd0FTZFFmL0xLT3Z2L2xqK3NGRzMyYThKMjBtWVY0dFpsZmJsaUlxNHd0YzVnc0JWUVJ2T3RielQzQzRscwowM1JwbnJPbitxV3NwVkVleU52WjRjM2NKUGJpVTJ4WmkvcE1MZWhnUUhZcDZ0bEpVMFZQRDJaWDJoaDkrRlNDCndOaGNhQVBMTkZrNy9Vc3grdTVhMUM3b3Y0WEw1MExWVE15RjVkdVpCY2ZsUmd3ZWJVc0JqNlRWUDl4Tkp3aTUKb3VmOXJDRUNnWUVBNFJCVE5Oam5LWC9qQVJVZW1tTEpZVFpYNm12bXUzMTJSU1ZuK1ZUV1VzMHVhZVhaS2pmMwpWa3Q0Z3VkdzB1UWh1aFhJbkxVclJhdmVhZHBNc0o0VkZxRHJSRW5LVWlmZWU5QzQraWJOSnk3NHBYcVJpaVpaCjVCT2RKWjNlNVZCbDlTcDJNNExxMUNFNGF5cyt5djAyak9jSjJPallJSW9MU2IxL21WZnVpTmtDZ1lFQTAycHYKTTQyTEljWjFJQW9jMStlTXZIVVpuQ0ltei8vMVBGTTJoaGdlSUs1VXhZM0FRRVg5dzJDWUFKT202Q05WbHhiNAp6dkVrVnVOMnZ0cE5LaWlUQkRGczZtLzBkSE8wTERQdDdjV2ozNDAzbUtwcjBPY2pEVjllYnhpVWJ0R0lKVE84CkpyYzB2OUNUMnFJaFBpTElZdXBpOXg3SFZHUi9pTCswMnJNZm9LVUNnWUVBdktDaERBYktYd2EzSy80V1l4QnUKZFZKRmhzeWVXZjlCODV2eE00LzkvUEhJZDZyVFFzWWJQekVMdExMaTVXMmNNc2oxRlJubVJZTlJhbWd5cEVncApwb2lDQmY3T1dlTGVYZWxHVHluY0FYNGxtUk5NRFh3dEZMRzNvSUpiQU5oTVM1a2w3ZkJJZmpmRmdGU0RVVCs5Cnk0UUx4Y2NJOU9TZHAxVHlMNFA2QUtrQ2dZRUEwQmZVU3I4SWNuOC83QUJvTVkrRmRENGlyZzdqZXhwcVRTMXUKM29CQXIxUkl0b2IyODR5dzRhMWpFRFpGTS9zTGxRTVVkY1RmU3ZMcmY2R3FFRlFObVRQNUM2eVV4a2JZMGlWdgpEUG5iZWdBcStBYk94cm1yUTg5YVNTbTllSEtmZWxhNDNMYTVvZy93YUdQcktwamIrcGpRUG9NNkdmUXRuL0ZxClYxVzJUTTBDZ1lBNXg3aVRLa0lZQlgwR0JhWERZOUlxMVBWeTkxK3pFeDhIWUdDczRNR2ttME42Y3lncm84UmwKMzA3R09ocnhwam1wMTNEb1JtM21XZWhQMmV1WEdhLy9VS2gxaTUvVkQ0R1ltL2psc1plZUx6MURiR2crQVZqegpWVFdueFJCemYwRmdGZkZkTmNIeFlwNTJ3VTZuK2x3MTVTdkNTWmJKQzYzUTBsZ3N1NlhZN3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/examples/custom-resources/external-dns/README.md b/examples/custom-resources/external-dns/README.md index 135f61cb2e..a348079d71 100644 --- a/examples/custom-resources/external-dns/README.md +++ b/examples/custom-resources/external-dns/README.md @@ -1,8 +1,8 @@ -# External DNS +# External DNS In this example we configure a VirtualServer resource to integrate with [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) to make the resource discoverable via a public DNS server. In this example, we deploy an ExternalDNS deployment with the AWS provider enabled. -## Prerequisites +## Prerequisites 1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller with custom resources enabled. Additionally, the Ingress Controller must be configured to report the VirtualServer status by setting either the `external-service` command line argument, or setting the `external-status-address` key in the ConfigMap resource (see the [Reporting Resources Status docs](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/reporting-resources-status#virtualserver-and-virtualserverroute-resources) for more details). diff --git a/examples/custom-resources/external-dns/cafe.yaml b/examples/custom-resources/external-dns/cafe.yaml index b07f350de2..f049e8bf29 100644 --- a/examples/custom-resources/external-dns/cafe.yaml +++ b/examples/custom-resources/external-dns/cafe.yaml @@ -62,4 +62,4 @@ spec: protocol: TCP name: http selector: - app: tea \ No newline at end of file + app: tea diff --git a/examples/custom-resources/externalname-services/transport-server/externalname-svc.yaml b/examples/custom-resources/externalname-services/transport-server/externalname-svc.yaml index 06905441bf..14f8550d14 100644 --- a/examples/custom-resources/externalname-services/transport-server/externalname-svc.yaml +++ b/examples/custom-resources/externalname-services/transport-server/externalname-svc.yaml @@ -4,4 +4,4 @@ metadata: name: externalname-service spec: type: ExternalName - externalName: secure-app-external-backend-svc.external-ns.svc.cluster.local \ No newline at end of file + externalName: secure-app-external-backend-svc.external-ns.svc.cluster.local diff --git a/examples/custom-resources/externalname-services/transport-server/nginx-config.yaml b/examples/custom-resources/externalname-services/transport-server/nginx-config.yaml index b272bb4932..06be76485c 100644 --- a/examples/custom-resources/externalname-services/transport-server/nginx-config.yaml +++ b/examples/custom-resources/externalname-services/transport-server/nginx-config.yaml @@ -4,4 +4,4 @@ metadata: name: nginx-config namespace: nginx-ingress data: - resolver-addresses: "kube-dns.kube-system.svc.cluster.local" \ No newline at end of file + resolver-addresses: "kube-dns.kube-system.svc.cluster.local" diff --git a/examples/custom-resources/ingress-mtls/ingress-mtls-secret.yaml b/examples/custom-resources/ingress-mtls/ingress-mtls-secret.yaml index 9c069e6b79..418bb5e937 100644 --- a/examples/custom-resources/ingress-mtls/ingress-mtls-secret.yaml +++ b/examples/custom-resources/ingress-mtls/ingress-mtls-secret.yaml @@ -4,4 +4,4 @@ metadata: apiVersion: v1 type: nginx.org/ca data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQvVENDQXVXZ0F3SUJBZ0lVSzdhbU14OFlLWG1BVG51SkZETDlWS2ZUR2ZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZMHhDekFKQmdOVkJBWVRBbFZUTVFzd0NRWURWUVFJREFKRFFURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeQpZVzVqYVhOamJ6RU9NQXdHQTFVRUNnd0ZUa2RKVGxneEREQUtCZ05WQkFzTUEwdEpRekVXTUJRR0ExVUVBd3dOCmEybGpMbTVuYVc1NExtTnZiVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVhM1ZpWlhKdVpYUmxjMEJ1WjJsdWVDNWoKYjIwd0hoY05NakF3T1RFNE1qQXlOVEkyV2hjTk16QXdPVEUyTWpBeU5USTJXakNCalRFTE1Ba0dBMVVFQmhNQwpWVk14Q3pBSkJnTlZCQWdNQWtOQk1SWXdGQVlEVlFRSERBMVRZVzRnUm5KaGJtTnBjMk52TVE0d0RBWURWUVFLCkRBVk9SMGxPV0RFTU1Bb0dBMVVFQ3d3RFMwbERNUll3RkFZRFZRUUREQTFyYVdNdWJtZHBibmd1WTI5dE1TTXcKSVFZSktvWklodmNOQVFrQkZoUnJkV0psY201bGRHVnpRRzVuYVc1NExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTgpBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmFINVRzaTZzaUFsU085dEJnYmY3VVRwcWowMUhRTlQ2UjhtQy9pCjhLYXFaSW9XSUdvN2xhTW9xTDYydTc4ay9WOHM2Z0FJaU1DSzBjekFvTFhNSnlJQkxQeTg4Yzdtc2xwZXgxTkEKVmRtMkVTVkN6bVlERE1TT3FpVmszWmpYeC9URmo2QzhNRFhhRkZUWFg1dWdtbWdscnFCWlh0OVI5VVBwVTJMNwo1bEZ0NlJ2R3VGczgvbVZORVR5c1A0SFhCWlh2ZE9mdG1YWUkvK01hOW5CMzIzNjdmcTI0L0RKZ2YvK2xRbUsxCkJLR3poSTZSc1pSSmdWOXdpK1VuZTBYNjlaS2lLOFdXU3lZS252YnRrcHZuTDA2dGNJaXJZNi80UzZ4Sm1HRVQKZEJUNmVxc0NoSUpQUStWSEp5dTROdnV6WmVCUXpGdmMwNytnUGZkVWZra1FXODhDQXdFQUFhTlRNRkV3SFFZRApWUjBPQkJZRUZKUGdhcnFYa00rdEJ0djVhdndTUWhUQmpTU2VNQjhHQTFVZEl3UVlNQmFBRkpQZ2FycVhrTSt0CkJ0djVhdndTUWhUQmpTU2VNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUIKQUl3WXpoY0s4OWtRL0xGWjZFRHgrQWp2bnJTVSs1cmdwQkgrRjVTNUUyY3pXOE5rNXhySnl0Y0ZUbUtlKzZScwpENHlxeTZSVVFEeWNYaDlPelBjbzgzYTBoeFlCZ1M5MWtJa25wYWF4dndLRDJleWc3UGNnK1lkS1FhZFlMcUY0CmI3cWVtc1FVVkpOWHdkZS9VanRBejlEOTh4dngwM2hQY2Qwb2dzUUhWZ21BZVpFd2l3UzFmTy9WNUE4dTl3MEkKcHlJRTVReXlHcHNpS2dpalpiMmhrS05RVHVJcEhiVnFydVA4eEV6TlFnamhkdS9uUW5OYy9lRUltVUlrQkFUVQpiSHdQc2xwYzVhdVV1TXJxR3lEQ0p2QUJpV3J2SmE3Yi9XcmtDT3FUWVhtR2NGM0w1ZU9FeTBhYkp0M2NNcSs5CnJLTUNVQWlkNG0yNEthWnc3OUk2anNBPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \ No newline at end of file + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQvVENDQXVXZ0F3SUJBZ0lVSzdhbU14OFlLWG1BVG51SkZETDlWS2ZUR2ZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZMHhDekFKQmdOVkJBWVRBbFZUTVFzd0NRWURWUVFJREFKRFFURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeQpZVzVqYVhOamJ6RU9NQXdHQTFVRUNnd0ZUa2RKVGxneEREQUtCZ05WQkFzTUEwdEpRekVXTUJRR0ExVUVBd3dOCmEybGpMbTVuYVc1NExtTnZiVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVhM1ZpWlhKdVpYUmxjMEJ1WjJsdWVDNWoKYjIwd0hoY05NakF3T1RFNE1qQXlOVEkyV2hjTk16QXdPVEUyTWpBeU5USTJXakNCalRFTE1Ba0dBMVVFQmhNQwpWVk14Q3pBSkJnTlZCQWdNQWtOQk1SWXdGQVlEVlFRSERBMVRZVzRnUm5KaGJtTnBjMk52TVE0d0RBWURWUVFLCkRBVk9SMGxPV0RFTU1Bb0dBMVVFQ3d3RFMwbERNUll3RkFZRFZRUUREQTFyYVdNdWJtZHBibmd1WTI5dE1TTXcKSVFZSktvWklodmNOQVFrQkZoUnJkV0psY201bGRHVnpRRzVuYVc1NExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTgpBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmFINVRzaTZzaUFsU085dEJnYmY3VVRwcWowMUhRTlQ2UjhtQy9pCjhLYXFaSW9XSUdvN2xhTW9xTDYydTc4ay9WOHM2Z0FJaU1DSzBjekFvTFhNSnlJQkxQeTg4Yzdtc2xwZXgxTkEKVmRtMkVTVkN6bVlERE1TT3FpVmszWmpYeC9URmo2QzhNRFhhRkZUWFg1dWdtbWdscnFCWlh0OVI5VVBwVTJMNwo1bEZ0NlJ2R3VGczgvbVZORVR5c1A0SFhCWlh2ZE9mdG1YWUkvK01hOW5CMzIzNjdmcTI0L0RKZ2YvK2xRbUsxCkJLR3poSTZSc1pSSmdWOXdpK1VuZTBYNjlaS2lLOFdXU3lZS252YnRrcHZuTDA2dGNJaXJZNi80UzZ4Sm1HRVQKZEJUNmVxc0NoSUpQUStWSEp5dTROdnV6WmVCUXpGdmMwNytnUGZkVWZra1FXODhDQXdFQUFhTlRNRkV3SFFZRApWUjBPQkJZRUZKUGdhcnFYa00rdEJ0djVhdndTUWhUQmpTU2VNQjhHQTFVZEl3UVlNQmFBRkpQZ2FycVhrTSt0CkJ0djVhdndTUWhUQmpTU2VNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUIKQUl3WXpoY0s4OWtRL0xGWjZFRHgrQWp2bnJTVSs1cmdwQkgrRjVTNUUyY3pXOE5rNXhySnl0Y0ZUbUtlKzZScwpENHlxeTZSVVFEeWNYaDlPelBjbzgzYTBoeFlCZ1M5MWtJa25wYWF4dndLRDJleWc3UGNnK1lkS1FhZFlMcUY0CmI3cWVtc1FVVkpOWHdkZS9VanRBejlEOTh4dngwM2hQY2Qwb2dzUUhWZ21BZVpFd2l3UzFmTy9WNUE4dTl3MEkKcHlJRTVReXlHcHNpS2dpalpiMmhrS05RVHVJcEhiVnFydVA4eEV6TlFnamhkdS9uUW5OYy9lRUltVUlrQkFUVQpiSHdQc2xwYzVhdVV1TXJxR3lEQ0p2QUJpV3J2SmE3Yi9XcmtDT3FUWVhtR2NGM0w1ZU9FeTBhYkp0M2NNcSs5CnJLTUNVQWlkNG0yNEthWnc3OUk2anNBPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== diff --git a/examples/custom-resources/oidc/README.md b/examples/custom-resources/oidc/README.md index 50d0d7a5e5..a891074aa1 100644 --- a/examples/custom-resources/oidc/README.md +++ b/examples/custom-resources/oidc/README.md @@ -2,7 +2,7 @@ In this example, we deploy a web application, configure load balancing for it via a VirtualServer, and protect the application using an OpenID Connect policy and [Keycloak](https://www.keycloak.org/). -**Note**: The KeyCloak container does not support IPv6 environments. +**Note**: The KeyCloak container does not support IPv6 environments. ## Prerequisites diff --git a/examples/custom-resources/rate-limit/webapp.yaml b/examples/custom-resources/rate-limit/webapp.yaml index 67556cf616..31fde92a6e 100644 --- a/examples/custom-resources/rate-limit/webapp.yaml +++ b/examples/custom-resources/rate-limit/webapp.yaml @@ -29,4 +29,4 @@ spec: protocol: TCP name: http selector: - app: webapp \ No newline at end of file + app: webapp diff --git a/examples/custom-resources/rewrites/README.md b/examples/custom-resources/rewrites/README.md index 9b97ef4a42..7f680d2f2a 100644 --- a/examples/custom-resources/rewrites/README.md +++ b/examples/custom-resources/rewrites/README.md @@ -2,7 +2,7 @@ You can configure NGINX to rewrite the URI of a request before sending it to the application. For example, `/tea/green` can be rewritten to `/green`. -To configure URI rewriting you need to use the [ActionProxy](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#action-proxy) of the [VirtualServer or VirtualServerRoute](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/). +To configure URI rewriting you need to use the [ActionProxy](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#action-proxy) of the [VirtualServer or VirtualServerRoute](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/). ## Example with a Prefix Path @@ -72,4 +72,4 @@ Note the capture group in the path `(.*)` is used in the rewritePath `/$1`. This Below are the examples of how the URI of requests to the *tea-svc* are rewritten. * `/tea` -> `/` * `/tea/` -> `/` -* `/tea/abc` -> `/abc` \ No newline at end of file +* `/tea/abc` -> `/abc` diff --git a/examples/custom-resources/tls-passthrough/README.md b/examples/custom-resources/tls-passthrough/README.md index 2ce4c12455..bed068027c 100644 --- a/examples/custom-resources/tls-passthrough/README.md +++ b/examples/custom-resources/tls-passthrough/README.md @@ -8,11 +8,11 @@ We will deploy a backend application (we call it the *secure app*) that exposes ## About the Secure App -The secure app is an NGINX pod (not to be confused with the Ingress Controller pod, which also includes NGINX) configured to serve HTTPS traffic on port 8443 for the host `app.example.com`. For TLS termination, a self-signed TLS certificate and key are used. The app responds to clients HTTPS requests with a simple text response `hello from pod `. +The secure app is an NGINX pod (not to be confused with the Ingress Controller pod, which also includes NGINX) configured to serve HTTPS traffic on port 8443 for the host `app.example.com`. For TLS termination, a self-signed TLS certificate and key are used. The app responds to clients HTTPS requests with a simple text response `hello from pod `. You can see how the Secure App is implemented in the `secure-app.yaml` file. -## Prerequisites +## Prerequisites 1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller: * As part of Step 2 of those instructions, make sure to deploy the custom resource definition for the TransportServer resource. @@ -55,4 +55,4 @@ Now we access the secure app using *curl*. We'll use curl's `--insecure` option ``` $ curl --resolve app.example.com:$IC_HTTPS_PORT:$IC_IP https://app.example.com:$IC_HTTPS_PORT --insecure hello from pod secure-app-d986bcf6b-jwm2s -``` \ No newline at end of file +``` diff --git a/examples/custom-resources/tls-passthrough/transport-server-passthrough.yaml b/examples/custom-resources/tls-passthrough/transport-server-passthrough.yaml index 94e48d506b..82b0d84f0d 100644 --- a/examples/custom-resources/tls-passthrough/transport-server-passthrough.yaml +++ b/examples/custom-resources/tls-passthrough/transport-server-passthrough.yaml @@ -12,4 +12,4 @@ spec: service: secure-app port: 8443 action: - pass: secure-app \ No newline at end of file + pass: secure-app diff --git a/examples/custom-resources/traffic-splitting/README.md b/examples/custom-resources/traffic-splitting/README.md index 96fb025fd5..7fd26b19be 100644 --- a/examples/custom-resources/traffic-splitting/README.md +++ b/examples/custom-resources/traffic-splitting/README.md @@ -1,10 +1,10 @@ -# Traffic Splitting +# Traffic Splitting In this example we use the [VirtualServer](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) resource to configure traffic splitting for the cafe application from the [Basic Configuration](../basic-configuration/) example, for which we have introduced the following changes: * Instead of one version of the coffee service, we have two: `coffee-v1-svc` and `coffee-v2-svc`. We send 90% of the coffee traffic to `coffee-v1-svc` and the remaining 10% to `coffee-v2-svc`. * To simplify the example, we have removed TLS termination and the tea service. -## Prerequisites +## Prerequisites 1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller with custom resources enabled. 1. Save the public IP address of the Ingress Controller into a shell variable: @@ -57,4 +57,4 @@ $ kubectl create -f cafe-virtual-server.yaml ``` Server address: 10.16.0.152:80 Server name: coffee-v2-7fd446968b-lwhgcd - ... \ No newline at end of file + ... diff --git a/examples/custom-resources/traffic-splitting/cafe-virtual-server.yaml b/examples/custom-resources/traffic-splitting/cafe-virtual-server.yaml index e9ee2be14f..e28357454b 100644 --- a/examples/custom-resources/traffic-splitting/cafe-virtual-server.yaml +++ b/examples/custom-resources/traffic-splitting/cafe-virtual-server.yaml @@ -8,7 +8,7 @@ spec: - name: coffee-v1 service: coffee-v1-svc port: 80 - - name: coffee-v2 + - name: coffee-v2 service: coffee-v2-svc port: 80 routes: diff --git a/examples/custom-resources/traffic-splitting/cafe.yaml b/examples/custom-resources/traffic-splitting/cafe.yaml index a4be8b1194..8ad17e5162 100644 --- a/examples/custom-resources/traffic-splitting/cafe.yaml +++ b/examples/custom-resources/traffic-splitting/cafe.yaml @@ -62,4 +62,4 @@ spec: protocol: TCP name: http selector: - app: coffee-v2 \ No newline at end of file + app: coffee-v2 diff --git a/examples/ingress-resources/app-protect-dos/apdos-logconf.yaml b/examples/ingress-resources/app-protect-dos/apdos-logconf.yaml index 885a524647..688f3ea786 100644 --- a/examples/ingress-resources/app-protect-dos/apdos-logconf.yaml +++ b/examples/ingress-resources/app-protect-dos/apdos-logconf.yaml @@ -3,9 +3,6 @@ kind: APDosLogConf metadata: name: doslogconf spec: - content: - format: splunk - max_message_size: 64k filter: traffic-mitigation-stats: all bad-actors: top 10 diff --git a/examples/ingress-resources/app-protect-dos/webapp-ingress.yaml b/examples/ingress-resources/app-protect-dos/webapp-ingress.yaml index 6ba4017353..1b88283898 100644 --- a/examples/ingress-resources/app-protect-dos/webapp-ingress.yaml +++ b/examples/ingress-resources/app-protect-dos/webapp-ingress.yaml @@ -17,7 +17,7 @@ spec: - path: / pathType: Prefix backend: - service: + service: name: webapp-svc port: number: 80 diff --git a/examples/ingress-resources/app-protect-waf/ap-dataguard-alarm-policy.yaml b/examples/ingress-resources/app-protect-waf/ap-dataguard-alarm-policy.yaml index f1b412bdb8..7293ebdfc3 100644 --- a/examples/ingress-resources/app-protect-waf/ap-dataguard-alarm-policy.yaml +++ b/examples/ingress-resources/app-protect-waf/ap-dataguard-alarm-policy.yaml @@ -6,10 +6,10 @@ spec: policy: signature-requirements: - tag: Fruits - signature-sets: + signature-sets: - name: apple_sigs block: true - signatureSet: + signatureSet: filter: tagValue: Fruits tagFilter: eq diff --git a/examples/ingress-resources/app-protect-waf/cafe.yaml b/examples/ingress-resources/app-protect-waf/cafe.yaml index 2958e4f11d..918a54ba7f 100644 --- a/examples/ingress-resources/app-protect-waf/cafe.yaml +++ b/examples/ingress-resources/app-protect-waf/cafe.yaml @@ -39,14 +39,14 @@ spec: replicas: 3 selector: matchLabels: - app: tea + app: tea template: metadata: labels: - app: tea + app: tea spec: containers: - - name: tea + - name: tea image: nginxdemos/hello:plain-text ports: - containerPort: 80 diff --git a/examples/ingress-resources/basic-auth/cafe.yaml b/examples/ingress-resources/basic-auth/cafe.yaml index 67803bc138..cda0f23573 100644 --- a/examples/ingress-resources/basic-auth/cafe.yaml +++ b/examples/ingress-resources/basic-auth/cafe.yaml @@ -39,14 +39,14 @@ spec: replicas: 3 selector: matchLabels: - app: tea + app: tea template: metadata: labels: - app: tea + app: tea spec: containers: - - name: tea + - name: tea image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 diff --git a/examples/ingress-resources/complete-example/cafe.yaml b/examples/ingress-resources/complete-example/cafe.yaml index 67803bc138..cda0f23573 100644 --- a/examples/ingress-resources/complete-example/cafe.yaml +++ b/examples/ingress-resources/complete-example/cafe.yaml @@ -39,14 +39,14 @@ spec: replicas: 3 selector: matchLabels: - app: tea + app: tea template: metadata: labels: - app: tea + app: tea spec: containers: - - name: tea + - name: tea image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 diff --git a/examples/ingress-resources/customization/README.md b/examples/ingress-resources/customization/README.md index 54e5690852..410380649a 100644 --- a/examples/ingress-resources/customization/README.md +++ b/examples/ingress-resources/customization/README.md @@ -1,3 +1,3 @@ # Customization of NGINX Configuration -This example has been transformed into the [ConfigMap](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) and [Annotations](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/) doc. \ No newline at end of file +This example has been transformed into the [ConfigMap](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) and [Annotations](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/) doc. diff --git a/examples/ingress-resources/mergeable-ingress-types/cafe.yaml b/examples/ingress-resources/mergeable-ingress-types/cafe.yaml index 67803bc138..cda0f23573 100644 --- a/examples/ingress-resources/mergeable-ingress-types/cafe.yaml +++ b/examples/ingress-resources/mergeable-ingress-types/cafe.yaml @@ -39,14 +39,14 @@ spec: replicas: 3 selector: matchLabels: - app: tea + app: tea template: metadata: labels: - app: tea + app: tea spec: containers: - - name: tea + - name: tea image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 diff --git a/examples/ingress-resources/tcp-udp/nginx-plus-config.yaml b/examples/ingress-resources/tcp-udp/nginx-plus-config.yaml index f5e2e45dbd..153eefa054 100644 --- a/examples/ingress-resources/tcp-udp/nginx-plus-config.yaml +++ b/examples/ingress-resources/tcp-udp/nginx-plus-config.yaml @@ -30,4 +30,4 @@ data: listen [::]:5353; proxy_pass coredns-tcp; status_zone coredns-tcp; - } + } diff --git a/examples/shared-examples/custom-log-format/README.md b/examples/shared-examples/custom-log-format/README.md index a1ff14539e..e6e07a8335 100644 --- a/examples/shared-examples/custom-log-format/README.md +++ b/examples/shared-examples/custom-log-format/README.md @@ -2,7 +2,7 @@ This example lets you set the log-format for NGINX using the configmap resource -```yaml +```yaml kind: ConfigMap apiVersion: v1 metadata: diff --git a/go.mod b/go.mod index 0f3ba5a36d..790761ac2b 100644 --- a/go.mod +++ b/go.mod @@ -3,44 +3,44 @@ module github.com/nginxinc/kubernetes-ingress go 1.19 require ( - github.com/aws/aws-sdk-go-v2/config v1.17.7 - github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.19 - github.com/cert-manager/cert-manager v1.9.1 + github.com/aws/aws-sdk-go-v2/config v1.18.0 + github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.22 + github.com/cert-manager/cert-manager v1.10.0 github.com/golang-jwt/jwt/v4 v4.4.2 github.com/golang/glog v1.0.0 github.com/google/go-cmp v0.5.9 - github.com/kr/pretty v0.3.0 + github.com/kr/pretty v0.3.1 github.com/nginxinc/nginx-plus-go-client v0.10.0 github.com/nginxinc/nginx-prometheus-exporter v0.11.0 - github.com/prometheus/client_golang v1.13.0 + github.com/prometheus/client_golang v1.14.0 github.com/spiffe/go-spiffe/v2 v2.1.1 - github.com/stretchr/testify v1.8.0 + github.com/stretchr/testify v1.8.1 golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d - google.golang.org/grpc v1.49.0 - k8s.io/api v0.25.2 - k8s.io/apimachinery v0.25.2 - k8s.io/client-go v0.25.2 - k8s.io/code-generator v0.25.2 - k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed + google.golang.org/grpc v1.50.1 + k8s.io/api v0.25.4 + k8s.io/apimachinery v0.25.4 + k8s.io/client-go v0.25.4 + k8s.io/code-generator v0.25.4 + k8s.io/utils v0.0.0-20220922133306-665eaaec4324 sigs.k8s.io/controller-tools v0.10.0 ) require ( - github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect + github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect github.com/Microsoft/go-winio v0.5.2 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect - github.com/aws/aws-sdk-go-v2 v1.16.16 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.12.20 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.11.23 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 // indirect - github.com/aws/smithy-go v1.13.3 // indirect + github.com/aws/aws-sdk-go-v2 v1.17.1 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.13.0 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.19 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.19 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.3.26 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.19 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.11.25 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.17.2 // indirect + github.com/aws/smithy-go v1.13.4 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -48,11 +48,11 @@ require ( github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect - github.com/evanphx/json-patch v4.12.0+incompatible // indirect + github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/fatih/color v1.13.0 // indirect github.com/felixge/httpsnoop v1.0.1 // indirect - github.com/go-asn1-ber/asn1-ber v1.5.1 // indirect - github.com/go-ldap/ldap/v3 v3.4.2 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect + github.com/go-ldap/ldap/v3 v3.4.4 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect @@ -80,11 +80,11 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_model v0.2.0 // indirect + github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.37.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect - github.com/rogpeppe/go-internal v1.8.0 // indirect - github.com/spf13/cobra v1.4.0 // indirect + github.com/rogpeppe/go-internal v1.9.0 // indirect + github.com/spf13/cobra v1.5.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/zeebo/errs v1.2.2 // indirect go.etcd.io/etcd/api/v3 v3.5.4 // indirect @@ -101,42 +101,44 @@ require ( go.opentelemetry.io/otel/sdk/metric v0.20.0 // indirect go.opentelemetry.io/otel/trace v1.3.0 // indirect go.opentelemetry.io/proto/otlp v0.11.0 // indirect - go.uber.org/atomic v1.7.0 // indirect + go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect - go.uber.org/zap v1.19.1 // indirect - golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect + go.uber.org/zap v1.21.0 // indirect + golang.org/x/crypto v0.0.0-20220924013350-4ba4fb4dd9e7 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect - golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect + golang.org/x/net v0.0.0-20220921155015-db77216a4ee9 // indirect + golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect + golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/tools v0.1.12 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect + google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/square/go-jose.v2 v2.5.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.25.0 // indirect - k8s.io/apiserver v0.25.0 // indirect - k8s.io/component-base v0.25.0 // indirect + k8s.io/apiextensions-apiserver v0.25.2 // indirect + k8s.io/apiserver v0.25.2 // indirect + k8s.io/component-base v0.25.2 // indirect k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect - k8s.io/klog/v2 v2.70.1 // indirect - k8s.io/kube-aggregator v0.24.2 // indirect - k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect + k8s.io/klog/v2 v2.80.1 // indirect + k8s.io/kube-aggregator v0.25.2 // indirect + k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32 // indirect - sigs.k8s.io/gateway-api v0.4.3 // indirect + sigs.k8s.io/gateway-api v0.5.0 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) replace ( + // workaround for "cloud.google.com/go/compute/metadata: ambiguous import" error with cert-manager v1.10.0 + cloud.google.com/go => cloud.google.com/go v0.104.0 github.com/golang/glog => github.com/nginxinc/glog v1.1.2 - // theses are needed until https://github.com/kubernetes/kubernetes/issues/106536 gets fixed + // these are needed until https://github.com/kubernetes/kubernetes/issues/106536 gets fixed go.opentelemetry.io/contrib => go.opentelemetry.io/contrib v0.20.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0 @@ -151,4 +153,6 @@ replace ( go.opentelemetry.io/proto/otlp => go.opentelemetry.io/proto/otlp v0.7.0 // temporary fix for CVE-2022-27664 golang.org/x/net => golang.org/x/net v0.0.0-20220906165146-f3363e06e74c + // temporary fix for CVE-2022-32149 + golang.org/x/text v0.3.7 => golang.org/x/text v0.3.8 ) diff --git a/go.sum b/go.sum index 2b489df4e6..d75eb9a6e3 100644 --- a/go.sum +++ b/go.sum @@ -1,106 +1,56 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.99.0 h1:y/cM2iqGgGi5D5DQZl6D9STN/3dR/Vx5Mp8s752oJTY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= -github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= -github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28= -github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +cloud.google.com/go v0.104.0 h1:gSmWO7DY1vOm0MVU6DNXM11BWHHsTUmsC5cv1fuW5X8= +cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= +cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= +cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= +cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= +cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= +cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= +cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= +cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= +cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= +github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU= +github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/ahmetb/gen-crd-api-reference-docs v0.3.0/go.mod h1:TdjdkYhlOifCQWPs1UdTma97kQQMozf5h26hTuG70u8= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/aws/aws-sdk-go-v2 v1.16.16 h1:M1fj4FE2lB4NzRb9Y0xdWsn2P0+2UHVxwKyOa4YJNjk= -github.com/aws/aws-sdk-go-v2 v1.16.16/go.mod h1:SwiyXi/1zTUZ6KIAmLK5V5ll8SiURNUYOqTerZPaF9k= -github.com/aws/aws-sdk-go-v2/config v1.17.7 h1:odVM52tFHhpqZBKNjVW5h+Zt1tKHbhdTQRb+0WHrNtw= -github.com/aws/aws-sdk-go-v2/config v1.17.7/go.mod h1:dN2gja/QXxFF15hQreyrqYhLBaQo1d9ZKe/v/uplQoI= -github.com/aws/aws-sdk-go-v2/credentials v1.12.20 h1:9+ZhlDY7N9dPnUmf7CDfW9In4sW5Ff3bh7oy4DzS1IE= -github.com/aws/aws-sdk-go-v2/credentials v1.12.20/go.mod h1:UKY5HyIux08bbNA7Blv4PcXQ8cTkGh7ghHMFklaviR4= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17 h1:r08j4sbZu/RVi+BNxkBJwPMUYY3P8mgSDuKkZ/ZN1lE= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17/go.mod h1:yIkQcCDYNsZfXpd5UX2Cy+sWA1jPgIhGTw9cOBzfVnQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23 h1:s4g/wnzMf+qepSNgTvaQQHNxyMLKSawNhKCPNy++2xY= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23/go.mod h1:2DFxAQ9pfIRy0imBCJv+vZ2X6RKxves6fbnEuSry6b4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17 h1:/K482T5A3623WJgWT8w1yRAFK4RzGzEl7y39yhtn9eA= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17/go.mod h1:pRwaTYCJemADaqCbUAxltMoHKata7hmB5PjEXeu0kfg= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24 h1:wj5Rwc05hvUSvKuOF29IYb9QrCLjU+rHAy/x/o0DK2c= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24/go.mod h1:jULHjqqjDlbyTa7pfM7WICATnOv+iOhjletM3N0Xbu8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17 h1:Jrd/oMh0PKQc6+BowB+pLEwLIgaQF29eYbe7E1Av9Ug= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17/go.mod h1:4nYOrY41Lrbk2170/BGkcJKBhws9Pfn8MG3aGqjjeFI= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.19 h1:6rxMT+zWZh2+0F1XHdDWCSzuMQIJI+tGlfrFi6V/UlU= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.19/go.mod h1:wGzRNLBD3V8/KKoBSYz0OWv1dnQNvqTyb193fS97dXQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.11.23 h1:pwvCchFUEnlceKIgPUouBJwK81aCkQ8UDMORfeFtW10= -github.com/aws/aws-sdk-go-v2/service/sso v1.11.23/go.mod h1:/w0eg9IhFGjGyyncHIQrXtU8wvNsTJOP0R6PPj0wf80= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5 h1:GUnZ62TevLqIoDyHeiWj2P7EqaosgakBKVvWriIdLQY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5/go.mod h1:csZuQY65DAdFBt1oIjO5hhBR49kQqop4+lcuCjf2arA= -github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 h1:9pPi0PsFNAGILFfPCk8Y0iyEBGc6lu6OQ97U7hmdesg= -github.com/aws/aws-sdk-go-v2/service/sts v1.16.19/go.mod h1:h4J3oPZQbxLhzGnk+j9dfYHi5qIOVJ5kczZd658/ydM= -github.com/aws/smithy-go v1.13.3 h1:l7LYxGuzK6/K+NzJ2mC+VvLUbae0sL3bXU//04MkmnA= -github.com/aws/smithy-go v1.13.3/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/aws/aws-sdk-go-v2 v1.17.1 h1:02c72fDJr87N8RAC2s3Qu0YuvMRZKNZJ9F+lAehCazk= +github.com/aws/aws-sdk-go-v2 v1.17.1/go.mod h1:JLnGeGONAyi2lWXI1p0PCIOIy333JMVK1U7Hf0aRFLw= +github.com/aws/aws-sdk-go-v2/config v1.18.0 h1:ULASZmfhKR/QE9UeZ7mzYjUzsnIydy/K1YMT6uH1KC0= +github.com/aws/aws-sdk-go-v2/config v1.18.0/go.mod h1:H13DRX9Nv5tAcQvPABrE3dm5XnLp1RC7fVSM3OWiLvA= +github.com/aws/aws-sdk-go-v2/credentials v1.13.0 h1:W5f73j1qurASap+jdScUo4aGzSXxaC7wq1i7CiwhvU8= +github.com/aws/aws-sdk-go-v2/credentials v1.13.0/go.mod h1:prZpUfBu1KZLBLVX482Sq4DpDXGugAre08TPEc21GUg= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.19 h1:E3PXZSI3F2bzyj6XxUXdTIfvp425HHhwKsFvmzBwHgs= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.19/go.mod h1:VihW95zQpeKQWVPGkwT+2+WJNQV8UXFfMTWdU6VErL8= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25 h1:nBO/RFxeq/IS5G9Of+ZrgucRciie2qpLy++3UGZ+q2E= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25/go.mod h1:Zb29PYkf42vVYQY6pvSyJCJcFHlPIiY+YKdPtwnvMkY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.19 h1:oRHDrwCTVT8ZXi4sr9Ld+EXk7N/KGssOr2ygNeojEhw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.19/go.mod h1:6Q0546uHDp421okhmmGfbxzq2hBqbXFNpi4k+Q1JnQA= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.26 h1:Mza+vlnZr+fPKFKRq/lKGVvM6B/8ZZmNdEopOwSQLms= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.26/go.mod h1:Y2OJ+P+MC1u1VKnavT+PshiEuGPyh/7DqxoDNij4/bg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.19 h1:GE25AWCdNUPh9AOJzI9KIJnja7IwUc1WyUqz/JTyJ/I= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.19/go.mod h1:02CP6iuYP+IVnBX5HULVdSAku/85eHB2Y9EsFhrkEwU= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.22 h1:abXVcIh8pjiuWdPBk8vZYwxO5yZCmRHR8grHf6ZqCdY= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.22/go.mod h1:mRGY+k3s1yt7yQA3AfzJhnr68OCs1xDfQfIABFUk+ek= +github.com/aws/aws-sdk-go-v2/service/sso v1.11.25 h1:GFZitO48N/7EsFDt8fMa5iYdmWqkUDDB3Eje6z3kbG0= +github.com/aws/aws-sdk-go-v2/service/sso v1.11.25/go.mod h1:IARHuzTXmj1C0KS35vboR0FeJ89OkEy1M9mWbK2ifCI= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.8 h1:jcw6kKZrtNfBPJkaHrscDOZoe5gvi9wjudnxvozYFJo= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.8/go.mod h1:er2JHN+kBY6FcMfcBBKNGCT3CarImmdFzishsqBmSRI= +github.com/aws/aws-sdk-go-v2/service/sts v1.17.2 h1:tpwEMRdMf2UsplengAOnmSIRdvAxf75oUFR+blBr92I= +github.com/aws/aws-sdk-go-v2/service/sts v1.17.2/go.mod h1:bXcN3koeVYiJcdDU89n3kCYILob7Y34AeLopUbZgLT4= +github.com/aws/smithy-go v1.13.4 h1:/RN2z1txIJWeXeOkzX+Hk/4Uuvv7dWtCjbmVJcrskyk= +github.com/aws/smithy-go v1.13.4/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -108,169 +58,99 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= -github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cert-manager/cert-manager v1.9.1 h1:bNIsQyfWdIMSEwxgO4sVUEyAn6xuSgNwdt9m92OBACc= -github.com/cert-manager/cert-manager v1.9.1/go.mod h1:Bs3WsNX1LPKTs3boh//p7jLOn6ZRGEPz99ITeZU0g3c= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= +github.com/cert-manager/cert-manager v1.10.0 h1:qWMM2nqt3pyCVKTWoS645PORJpK5XvtE0iImk9qTPsc= +github.com/cert-manager/cert-manager v1.10.0/go.mod h1:xKakpUDYRHgUry/DkvcCCgQDRSwVSeSXTlw7slT+AYo= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= +github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= -github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= +github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= -github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= +github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8= -github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A= +github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= -github.com/go-ldap/ldap/v3 v3.4.2 h1:zFZKcXKLqZpFMrMQGHeHWKXbDTdNCmhGY9AK41zPh+8= -github.com/go-ldap/ldap/v3 v3.4.2/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= +github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs= +github.com/go-ldap/ldap/v3 v3.4.4/go.mod h1:fe1MsuN5eJJ1FeLT/LEBVdWfNWKh459R7aXgXtJC+aI= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v0.4.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= -github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= -github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= -github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/spec v0.19.5/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= -github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/gobuffalo/flect v0.2.3/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= github.com/gobuffalo/flect v0.2.5 h1:H6vvsv2an0lalEaCDRThvtBfmg44W/QHXBCYUXf/6S4= github.com/gobuffalo/flect v0.2.5/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs= github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= @@ -284,25 +164,20 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -310,148 +185,68 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= -github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= +github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= +github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= +github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= +github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= +github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= -github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -459,12 +254,10 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nginxinc/glog v1.1.2 h1:zyoZXhCoYvNMJq4qMsKislUCGyJ4eU2gNl3Nt7cjESg= github.com/nginxinc/glog v1.1.2/go.mod h1:Q2FpGp/qFhJEVnuC88BVfbLDPmio9aHYUj4al6w0138= github.com/nginxinc/nginx-plus-go-client v0.10.0 h1:3zsMMkPvRDo8D7ZSprXtbAEW/SDmezZWzxdyS+6oAlc= @@ -473,56 +266,31 @@ github.com/nginxinc/nginx-prometheus-exporter v0.11.0 h1:21xjnqNgxtni2jDgAQ90bl1 github.com/nginxinc/nginx-prometheus-exporter v0.11.0/go.mod h1:GdyHnWAb8q8OW1Pssrrqbcqra0SH0Vn6UXICMmyWkw8= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.14.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= -github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI= +github.com/onsi/gomega v1.20.2 h1:8uQq0zMgLEfa0vRrrBgaJF2gyW9Da9BmfGV+OyUzfkY= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU= -github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= +github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= +github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= +github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= @@ -530,66 +298,34 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= -github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY= -github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= -github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= +github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/spiffe/go-spiffe/v2 v2.1.1 h1:RT9kM8MZLZIsPTH+HKQEP5yaAk3yd/VBzlINaRjXs8k= github.com/spiffe/go-spiffe/v2 v2.1.1/go.mod h1:5qg6rpqlwIub0JAiF1UK9IMD6BpPTmvG6yfSgDBs5lg= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -597,60 +333,32 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 h1:uruHq4dN7GR16kFc5fp3d1RIYzJW5onx8Ybykw2YQFA= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zeebo/errs v1.2.2 h1:5NFypMTuSdoySVTqlNs1dEoU21QVamMQJxW/Fii5O7g= github.com/zeebo/errs v1.2.2/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo= -go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.5.4 h1:OHVyt3TopwtUQ2GKdd5wu3PmmipR4FTwCqoEjSyRdIc= go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/pkg/v3 v3.5.4 h1:lrneYvz923dvC14R54XcA7FXoZ3mlGZAgmwhfm7HqOg= go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v2 v2.305.4 h1:Dcx3/MYyfKcPNLpR4VVQUP5KgYrBeJtktBwEKkw08Ao= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/client/v3 v3.5.1/go.mod h1:OnjH4M8OnAotwaB2l9bVgZzRFKru7/ZMoS46OtKyd3Q= go.etcd.io/etcd/client/v3 v3.5.4 h1:p83BUL3tAYS0OT/r0qglgc3M1JjhM0diV8DSWAhVXv4= go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= go.etcd.io/etcd/pkg/v3 v3.5.4 h1:V5Dvl7S39ZDwjkKqJG2BfXgxZ3QREqqKifWQgIw5IM0= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= go.etcd.io/etcd/raft/v3 v3.5.4 h1:YGrnAgRfgXloBNuqa+oBI/aRZMcK/1GS6trJePJ/Gqc= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= go.etcd.io/etcd/server/v3 v3.5.4 h1:CMAZd0g8Bn5NRhynW6pKhc4FRg41/0QYy3d7aNm9874= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/contrib v0.20.0 h1:ubFQUn0VCZ0gPwIoJfBJVpeBlyRMxu8Mm/huKWYd9p0= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= @@ -676,369 +384,210 @@ go.opentelemetry.io/otel/trace v0.20.0 h1:1DL6EXUdcg95gukhuRRvLDO/4X5THh/5dIV52l go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/proto/otlp v0.7.0 h1:rwOQPCuKAKmwGKq2aVNnYIibI6wnV7EvzgfTCzcdGg8= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= +go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.1.11-0.20210813005559-691160354723 h1:sHOAIxRGBp443oHZIPB+HsUGaksVCXVQENPxwTfQdH4= -go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= +go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= -go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= +go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= +go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA= -golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220924013350-4ba4fb4dd9e7 h1:WJywXQVIb56P2kAvXeMGTIgQ1ZHQxR60+F9dLsodECc= +golang.org/x/crypto v0.0.0-20220924013350-4ba4fb4dd9e7/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d h1:vtUKgx8dahOomfFzLREU8nSv25YHnTgLBn4rDnWZdU0= golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20220906165146-f3363e06e74c h1:yKufUcDwucU5urd+50/Opbt4AYpqthk7wHpHok8f1lo= golang.org/x/net v0.0.0-20220906165146-f3363e06e74c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA= +golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/time v0.0.0-20220609170525-579cf78fd858 h1:Dpdu/EMxGMFgq0CeYMh4fazTD2vtlZRYE7wyynxJb9U= +golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= +golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= +google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= +google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= +google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= +google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= +google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= +google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= +google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g= +google.golang.org/api v0.93.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= +google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc h1:Nf+EdcTLHR8qDNN/KfkQL0u0ssxt9OhbaWCl5C0ucEI= +google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw= -google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= +google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/grpc/examples v0.0.0-20201130180447-c456688b1860/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1062,23 +611,13 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1093,98 +632,43 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.21.3/go.mod h1:hUgeYHUbBp23Ue4qdX9tR8/ANi/g3ehylAqDn9NWVOg= -k8s.io/api v0.22.1/go.mod h1:bh13rkTp3F1XEaLGykbyRD2QaTTzPm0e/BMd8ptFONY= -k8s.io/api v0.24.2/go.mod h1:AHqbSkTm6YrQ0ObxjO3Pmp/ubFF/KuM7jU+3khoBsOg= -k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8= -k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0= -k8s.io/apiextensions-apiserver v0.21.3/go.mod h1:kl6dap3Gd45+21Jnh6utCx8Z2xxLm8LGDkprcd+KbsE= -k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY= -k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E= -k8s.io/apimachinery v0.21.3/go.mod h1:H/IM+5vH9kZRNJ4l3x/fXP/5bOPJaVP/guptnZPeCFI= -k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= -k8s.io/apimachinery v0.24.2/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM= -k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs= -k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA= -k8s.io/apiserver v0.21.3/go.mod h1:eDPWlZG6/cCCMj/JBcEpDoK+I+6i3r9GsChYBHSbAzU= -k8s.io/apiserver v0.24.2/go.mod h1:pSuKzr3zV+L+MWqsEo0kHHYwCo77AT5qXbFXP2jbvFI= -k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4= -k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo= -k8s.io/client-go v0.21.3/go.mod h1:+VPhCgTsaFmGILxR/7E1N0S+ryO010QBeNCv5JwRGYU= -k8s.io/client-go v0.22.1/go.mod h1:BquC5A4UOo4qVDUtoc04/+Nxp1MeHcVc1HJm1KmG8kk= -k8s.io/client-go v0.24.2/go.mod h1:zg4Xaoo+umDsfCWr4fCnmLEtQXyCNXCvJuSsglNcV30= -k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo= -k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4= -k8s.io/code-generator v0.21.3/go.mod h1:K3y0Bv9Cz2cOW2vXUrNZlFbflhuPvuadW6JdnN6gGKo= -k8s.io/code-generator v0.22.0/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= -k8s.io/code-generator v0.24.2/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w= -k8s.io/code-generator v0.25.2 h1:qEHux0+E1c+j1MhsWn9+4Z6av8zrZBixOTPW064rSiY= -k8s.io/code-generator v0.25.2/go.mod h1:f61OcU2VqVQcjt/6TrU0sta1TA5hHkOO6ZZPwkL9Eys= -k8s.io/component-base v0.21.3/go.mod h1:kkuhtfEHeZM6LkX0saqSK8PbdO7A0HigUngmhhrwfGQ= -k8s.io/component-base v0.24.2/go.mod h1:ucHwW76dajvQ9B7+zecZAP3BVqvrHoOxm8olHEg0nmM= -k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y= -k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk= -k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs= +k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ= +k8s.io/apiextensions-apiserver v0.25.2 h1:8uOQX17RE7XL02ngtnh3TgifY7EhekpK+/piwzQNnBo= +k8s.io/apiextensions-apiserver v0.25.2/go.mod h1:iRwwRDlWPfaHhuBfQ0WMa5skdQfrE18QXJaJvIDLvE8= +k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc= +k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= +k8s.io/apiserver v0.25.2 h1:YePimobk187IMIdnmsMxsfIbC5p4eX3WSOrS9x6FEYw= +k8s.io/apiserver v0.25.2/go.mod h1:30r7xyQTREWCkG2uSjgjhQcKVvAAlqoD+YyrqR6Cn+I= +k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8= +k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw= +k8s.io/code-generator v0.25.4 h1:tjQ7/+9eN7UOiU2DP+0v4ntTI4JZLi2c1N0WllpFhTc= +k8s.io/code-generator v0.25.4/go.mod h1:9F5fuVZOMWRme7MYj2YT3L9ropPWPokd9VRhVyD3+0w= +k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY= +k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.8.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.10.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ= -k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-aggregator v0.24.2 h1:vaKw45vFA5fIT0wdSehPIL7idjVxgLqz6iedOHedLG4= -k8s.io/kube-aggregator v0.24.2/go.mod h1:Ju2jNDixn+vqeeKEBfjfpc204bO1pbdXX0N9knCxeMQ= -k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE= -k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= -k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210722164352-7f3ee0f31471/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4= -k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.19/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= +k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= +k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-aggregator v0.25.2 h1:NJHDtwmQR0EfoIQ00JNT8QrBIOljojtxtpXcTQqWZeg= +k8s.io/kube-aggregator v0.25.2/go.mod h1:7N5x4bK6jyxkEYCd77mgiz2uGTwiVs18MRwLwCPeUz8= +k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg+zw/JGNrgyZRQR7/m6uWg= +k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= +k8s.io/utils v0.0.0-20220922133306-665eaaec4324 h1:i+xdFemcSNuJvIfBlaYuXgRondKxK4z4prVPKzEaelI= +k8s.io/utils v0.0.0-20220922133306-665eaaec4324/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32 h1:2WjukG7txtEsbXsSKWtTibCdsyYAhcu6KFnttyDdZOQ= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= -sigs.k8s.io/controller-runtime v0.9.6/go.mod h1:q6PpkM5vqQubEKUKOM6qr06oXGzOBcCby1DA9FbyZeA= -sigs.k8s.io/controller-tools v0.6.2/go.mod h1:oaeGpjXn6+ZSEIQkUe/+3I40PNiDYp9aeawbt3xTgJ8= sigs.k8s.io/controller-tools v0.10.0 h1:0L5DTDTFB67jm9DkfrONgTGmfc/zYow0ZaHyppizU2U= sigs.k8s.io/controller-tools v0.10.0/go.mod h1:uvr0EW6IsprfB0jpQq6evtKy+hHyHCXNfdWI5ONPx94= -sigs.k8s.io/gateway-api v0.4.3 h1:9kdHAcfkyP7jVMSFshc8EYEKNLlFM7hbZL8vCKcMwps= -sigs.k8s.io/gateway-api v0.4.3/go.mod h1:r3eiNP+0el+NTLwaTfOrCNXy8TukC+dIM3ggc+fbNWk= -sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= +sigs.k8s.io/gateway-api v0.5.0 h1:ze+k9fJqvmL8s1t3e4q1ST8RnN+f09dEv+gfacahlAE= +sigs.k8s.io/gateway-api v0.5.0/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/grafana/README.md b/grafana/README.md index 644a5064a6..cd7ec5e74f 100644 --- a/grafana/README.md +++ b/grafana/README.md @@ -45,5 +45,5 @@ The dashboard comes with 4 rows with the following graphs (the corresponding Pro * Upstream Error Rate (`nginxplus_upstream_server_responses`). This graph shows all the `4XX` and `5XX` status code responses of upstreams over time. * Upstream Server Count (`nginxplus_upstream_server_state`). This graph shows the count for the total number of upstream servers. * Upstream Server State (`nginxplus_upstream_server_state`). This graph shows the current state of the upstream servers. -* SSL - * SSL Performance (`nginxplus_ssl_handshakes`, `nginxplus_ssl_handshakes_failed`). The graph shows the total number of SSL handshakes and the total number of SSL handshakes that failed. +* SSL + * SSL Performance (`nginxplus_ssl_handshakes`, `nginxplus_ssl_handshakes_failed`). The graph shows the total number of SSL handshakes and the total number of SSL handshakes that failed. diff --git a/hack/docker.sh b/hack/docker.sh index 8707c51693..57aac1c785 100755 --- a/hack/docker.sh +++ b/hack/docker.sh @@ -4,16 +4,17 @@ git_commit=$1 git_tag=$2 docker_tag=edge -commit_tag=$(git tag --contains ${git_commit}) +commit_tag=$(git describe --exact-match ${git_commit} 2>/dev/null) if [[ ${commit_tag} == ${git_tag} ]]; then - # we're on the tag, use the docker image for the tag + # we're on the exact commit of the tag, use the docker image for the tag docker_tag=${git_tag//v/} echo ${docker_tag} exit 0 else - # we're on main or a branch, try to download the latest edge and see if sha matches + # we're on a random commit, pull the 'edge' docker image to compare commits + # if it's the latest commit from 'main' the SHA will match the 'revision' of the 'edge' docker image docker pull nginx/nginx-ingress:${docker_tag} >/dev/null 2>&1 DOCKER_SHA=$(docker inspect --format '{{ index .Config.Labels "org.opencontainers.image.revision" }}' nginx/nginx-ingress:${docker_tag}) if [[ ${DOCKER_SHA} == ${git_commit} ]]; then diff --git a/internal/certmanager/cm_controller.go b/internal/certmanager/cm_controller.go index 5138389452..03a6876b1c 100644 --- a/internal/certmanager/cm_controller.go +++ b/internal/certmanager/cm_controller.go @@ -56,16 +56,15 @@ const ( // and creates/ updates certificates for VS resources as required, // and VS resources when certificate objects are created/ updated type CmController struct { - vsLister []listers_v1.VirtualServerLister - sync SyncFn - ctx context.Context - mustSync []cache.InformerSynced - queue workqueue.RateLimitingInterface - vsSharedInformerFactory []vsinformers.SharedInformerFactory - cmSharedInformerFactory []cm_informers.SharedInformerFactory - kubeSharedInformerFactory []kubeinformers.SharedInformerFactory - recorder record.EventRecorder - cmClient *cm_clientset.Clientset + sync SyncFn + ctx context.Context + mustSync []cache.InformerSynced + queue workqueue.RateLimitingInterface + informerGroup map[string]*namespacedInformer + recorder record.EventRecorder + cmClient *cm_clientset.Clientset + kubeClient kubernetes.Interface + vsClient k8s_nginx.Interface } // CmOpts is the options required for building the CmController @@ -78,27 +77,42 @@ type CmOpts struct { vsClient k8s_nginx.Interface } +type namespacedInformer struct { + vsSharedInformerFactory vsinformers.SharedInformerFactory + cmSharedInformerFactory cm_informers.SharedInformerFactory + kubeSharedInformerFactory kubeinformers.SharedInformerFactory + vsLister listers_v1.VirtualServerLister + cmLister cmlisters.CertificateLister +} + func (c *CmController) register() workqueue.RateLimitingInterface { - var cmLister []cmlisters.CertificateLister - for _, sif := range c.vsSharedInformerFactory { - c.vsLister = append(c.vsLister, sif.K8s().V1().VirtualServers().Lister()) - sif.K8s().V1().VirtualServers().Informer().AddEventHandler(&controllerpkg.QueuingEventHandler{ - Queue: c.queue, - }) - c.mustSync = append(c.mustSync, sif.K8s().V1().VirtualServers().Informer().HasSynced) - } + c.sync = SyncFnFor(c.recorder, c.cmClient, c.informerGroup) + return c.queue +} - for _, cif := range c.cmSharedInformerFactory { - cif.Certmanager().V1().Certificates().Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{ - WorkFunc: certificateHandler(c.queue), - }) - cmLister = append(cmLister, cif.Certmanager().V1().Certificates().Lister()) - c.mustSync = append(c.mustSync, cif.Certmanager().V1().Certificates().Informer().HasSynced) - } +func (c *CmController) newNamespacedInformer(ns string) { + nsi := &namespacedInformer{} + nsi.cmSharedInformerFactory = cm_informers.NewSharedInformerFactoryWithOptions(c.cmClient, resyncPeriod, cm_informers.WithNamespace(ns)) + nsi.kubeSharedInformerFactory = kubeinformers.NewSharedInformerFactoryWithOptions(c.kubeClient, resyncPeriod, kubeinformers.WithNamespace(ns)) + nsi.vsSharedInformerFactory = vsinformers.NewSharedInformerFactoryWithOptions(c.vsClient, resyncPeriod, vsinformers.WithNamespace(ns)) - c.sync = SyncFnFor(c.recorder, c.cmClient, cmLister) + c.addHandlers(nsi) - return c.queue + c.informerGroup[ns] = nsi +} + +func (c *CmController) addHandlers(nsi *namespacedInformer) { + nsi.vsLister = nsi.vsSharedInformerFactory.K8s().V1().VirtualServers().Lister() + nsi.vsSharedInformerFactory.K8s().V1().VirtualServers().Informer().AddEventHandler(&controllerpkg.QueuingEventHandler{ + Queue: c.queue, + }) + c.mustSync = append(c.mustSync, nsi.vsSharedInformerFactory.K8s().V1().VirtualServers().Informer().HasSynced) + + nsi.cmSharedInformerFactory.Certmanager().V1().Certificates().Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{ + WorkFunc: certificateHandler(c.queue), + }) + nsi.cmLister = nsi.cmSharedInformerFactory.Certmanager().V1().Certificates().Lister() + c.mustSync = append(c.mustSync, nsi.cmSharedInformerFactory.Certmanager().V1().Certificates().Informer().HasSynced) } func (c *CmController) processItem(ctx context.Context, key string) error { @@ -108,14 +122,11 @@ func (c *CmController) processItem(ctx context.Context, key string) error { runtime.HandleError(fmt.Errorf("invalid resource key: %s", key)) return err } + nsi := getNamespacedInformer(namespace, c.informerGroup) var vs *conf_v1.VirtualServer - for _, vl := range c.vsLister { - vs, err = vl.VirtualServers(namespace).Get(name) - if err == nil { - break - } - } + vs, err = nsi.vsLister.VirtualServers(namespace).Get(name) + if err != nil { return err } @@ -127,16 +138,16 @@ func (c *CmController) processItem(ctx context.Context, key string) error { // example, the following Certificate "cert-1" is controlled by the VirtualServer // "vs-1": // -// kind: Certificate -// metadata: Note that the owner -// namespace: cert-1 reference does not -// ownerReferences: have a namespace, -// - controller: true since owner refs -// apiVersion: networking.x-k8s.io/v1alpha1 only work inside -// kind: VirtualServer the same namespace. -// name: vs-1 -// blockOwnerDeletion: true -// uid: 7d3897c2-ce27-4144-883a-e1b5f89bd65a +// kind: Certificate +// metadata: Note that the owner +// namespace: cert-1 reference does not +// ownerReferences: have a namespace, +// - controller: true since owner refs +// apiVersion: networking.x-k8s.io/v1alpha1 only work inside +// kind: VirtualServer the same namespace. +// name: vs-1 +// blockOwnerDeletion: true +// uid: 7d3897c2-ce27-4144-883a-e1b5f89bd65a func certificateHandler(queue workqueue.RateLimitingInterface) func(obj interface{}) { return func(obj interface{}) { crt, ok := obj.(*cmapi.Certificate) @@ -168,25 +179,22 @@ func NewCmController(opts *CmOpts) *CmController { // Create a cert-manager api client intcl, _ := cm_clientset.NewForConfig(opts.kubeConfig) - var vsSharedInformerFactory []vsinformers.SharedInformerFactory - var cmSharedInformerFactory []cm_informers.SharedInformerFactory - var kubeSharedInformerFactory []kubeinformers.SharedInformerFactory + ig := make(map[string]*namespacedInformer) - for _, ns := range opts.namespace { - cmSharedInformerFactory = append(cmSharedInformerFactory, cm_informers.NewSharedInformerFactoryWithOptions(intcl, resyncPeriod, cm_informers.WithNamespace(ns))) - kubeSharedInformerFactory = append(kubeSharedInformerFactory, kubeinformers.NewSharedInformerFactoryWithOptions(opts.kubeClient, resyncPeriod, kubeinformers.WithNamespace(ns))) - vsSharedInformerFactory = append(vsSharedInformerFactory, vsinformers.NewSharedInformerFactoryWithOptions(opts.vsClient, resyncPeriod, vsinformers.WithNamespace(ns))) + cm := &CmController{ + ctx: opts.context, + queue: workqueue.NewNamedRateLimitingQueue(controllerpkg.DefaultItemBasedRateLimiter(), ControllerName), + informerGroup: ig, + recorder: opts.eventRecorder, + cmClient: intcl, + kubeClient: opts.kubeClient, + vsClient: opts.vsClient, } - cm := &CmController{ - ctx: opts.context, - queue: workqueue.NewNamedRateLimitingQueue(controllerpkg.DefaultItemBasedRateLimiter(), ControllerName), - cmSharedInformerFactory: cmSharedInformerFactory, - kubeSharedInformerFactory: kubeSharedInformerFactory, - recorder: opts.eventRecorder, - cmClient: intcl, - vsSharedInformerFactory: vsSharedInformerFactory, + for _, ns := range opts.namespace { + cm.newNamespacedInformer(ns) } + cm.register() return cm } @@ -201,14 +209,10 @@ func (c *CmController) Run(stopCh <-chan struct{}) { glog.Infof("Starting cert-manager control loop") - for _, vif := range c.vsSharedInformerFactory { - go vif.Start(c.ctx.Done()) - } - for _, cif := range c.cmSharedInformerFactory { - go cif.Start(c.ctx.Done()) - } - for _, kif := range c.kubeSharedInformerFactory { - go kif.Start(c.ctx.Done()) + for _, ig := range c.informerGroup { + go ig.vsSharedInformerFactory.Start(c.ctx.Done()) + go ig.cmSharedInformerFactory.Start(c.ctx.Done()) + go ig.kubeSharedInformerFactory.Start(c.ctx.Done()) } // // wait for all the informer caches we depend on are synced glog.V(3).Infof("Waiting for %d caches to sync", len(c.mustSync)) diff --git a/internal/certmanager/cm_controller_test.go b/internal/certmanager/cm_controller_test.go index b7b0da7980..92c9dcaaaf 100644 --- a/internal/certmanager/cm_controller_test.go +++ b/internal/certmanager/cm_controller_test.go @@ -23,19 +23,16 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmclient "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" - cm_informers "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions" controllerpkg "github.com/cert-manager/cert-manager/pkg/controller" testpkg "github.com/nginxinc/kubernetes-ingress/internal/certmanager/test_files" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - kubeinformers "k8s.io/client-go/informers" "k8s.io/client-go/util/workqueue" vsapi "github.com/nginxinc/kubernetes-ingress/pkg/apis/configuration/v1" k8s_nginx "github.com/nginxinc/kubernetes-ingress/pkg/client/clientset/versioned" - vsinformers "github.com/nginxinc/kubernetes-ingress/pkg/client/informers/externalversions" ) func Test_controller_Register(t *testing.T) { @@ -138,15 +135,27 @@ func Test_controller_Register(t *testing.T) { // Certificate event is received then HasSynced has not been setup // properly. + ig := make(map[string]*namespacedInformer) + + nsi := &namespacedInformer{ + cmSharedInformerFactory: b.Context.SharedInformerFactory, + kubeSharedInformerFactory: b.Context.KubeSharedInformerFactory, + vsSharedInformerFactory: b.VsSharedInformerFactory, + } + + ig[""] = nsi + cm := &CmController{ - ctx: b.RootContext, - queue: workqueue.NewNamedRateLimitingQueue(controllerpkg.DefaultItemBasedRateLimiter(), ControllerName), - cmSharedInformerFactory: []cm_informers.SharedInformerFactory{b.FakeCMInformerFactory()}, - kubeSharedInformerFactory: []kubeinformers.SharedInformerFactory{b.FakeKubeInformerFactory()}, - recorder: b.Recorder, - vsSharedInformerFactory: []vsinformers.SharedInformerFactory{b.VsSharedInformerFactory}, + ctx: b.RootContext, + queue: workqueue.NewNamedRateLimitingQueue(controllerpkg.DefaultItemBasedRateLimiter(), ControllerName), + informerGroup: ig, + recorder: b.Recorder, + kubeClient: b.Client, + vsClient: b.VSClient, } + cm.addHandlers(nsi) + queue := cm.register() b.Start() diff --git a/internal/certmanager/helper.go b/internal/certmanager/helper.go index 3ccb3efa59..03c60d05b1 100644 --- a/internal/certmanager/helper.go +++ b/internal/certmanager/helper.go @@ -49,25 +49,26 @@ var ( // apiVersion: k8s.nginx.org/v1 // kind: VirtualServer // spec: -// <...> -// tls: -// <...> -// cert-manager: -// common-name: example.com -// duration: 2160h -// renew-before: 1440h -// usages: "digital signature,key encipherment" +// +// <...> +// tls: +// <...> +// cert-manager: +// common-name: example.com +// duration: 2160h +// renew-before: 1440h +// usages: "digital signature,key encipherment" // // is mapped to the following Certificate: // -// kind: Certificate -// spec: -// commonName: example.com -// duration: 2160h -// renewBefore: 1440h -// usages: -// - digital signature -// - key encipherment +// kind: Certificate +// spec: +// commonName: example.com +// duration: 2160h +// renewBefore: 1440h +// usages: +// - digital signature +// - key encipherment func translateVsSpec(crt *cmapi.Certificate, vsCmSpec *vsapi.CertManager) error { var errs []string if crt == nil { @@ -119,3 +120,21 @@ func translateVsSpec(crt *cmapi.Certificate, vsCmSpec *vsapi.CertManager) error } return nil } + +func getNamespacedInformer(ns string, ig map[string]*namespacedInformer) *namespacedInformer { + var nsi *namespacedInformer + var isGlobalNs bool + var exists bool + + nsi, isGlobalNs = ig[""] + + if !isGlobalNs { + // get the correct namespaced informers + nsi, exists = ig[ns] + if !exists { + // we are not watching this namespace + return nil + } + } + return nsi +} diff --git a/internal/certmanager/sync.go b/internal/certmanager/sync.go index 89aee7ec65..e4c7cd8e34 100644 --- a/internal/certmanager/sync.go +++ b/internal/certmanager/sync.go @@ -60,7 +60,7 @@ type SyncFn func(context.Context, *vsapi.VirtualServer) error func SyncFnFor( rec record.EventRecorder, cmClient clientset.Interface, - cmLister []cmlisters.CertificateLister, + ig map[string]*namespacedInformer, ) SyncFn { return func(ctx context.Context, vs *vsapi.VirtualServer) error { var err error @@ -75,7 +75,9 @@ func SyncFnFor( return err } - newCrts, updateCrts, err := buildCertificates(cmLister, vs, issuerName, issuerKind, issuerGroup) + nsi := getNamespacedInformer(vs.GetNamespace(), ig) + + newCrts, updateCrts, err := buildCertificates(nsi.cmLister, vs, issuerName, issuerKind, issuerGroup) if err != nil { glog.Errorf("Incorrect cert-manager configuration for VirtualServer resource: %v", err) rec.Eventf(vs, corev1.EventTypeWarning, reasonBadConfig, "Incorrect cert-manager configuration for VirtualServer resource: %s", @@ -106,12 +108,8 @@ func SyncFnFor( } var certs []*cmapi.Certificate - for _, cl := range cmLister { - certs, err = cl.Certificates(vs.GetNamespace()).List(labels.Everything()) - if len(certs) > 0 { - break - } - } + certs, err = nsi.cmLister.Certificates(vs.GetNamespace()).List(labels.Everything()) + if err != nil { return err } @@ -131,7 +129,7 @@ func SyncFnFor( } func buildCertificates( - cmLister []cmlisters.CertificateLister, + cmLister cmlisters.CertificateLister, vs *vsapi.VirtualServer, issuerName, issuerKind, issuerGroup string, ) (newCert, update []*cmapi.Certificate, _ error) { @@ -140,12 +138,8 @@ func buildCertificates( var existingCrt *cmapi.Certificate var err error - for _, cl := range cmLister { - existingCrt, err = cl.Certificates(vs.Namespace).Get(vs.Spec.TLS.Secret) - if err == nil { - break - } - } + existingCrt, err = cmLister.Certificates(vs.Namespace).Get(vs.Spec.TLS.Secret) + if !apierrors.IsNotFound(err) && err != nil { return nil, nil, err } @@ -274,10 +268,10 @@ func certNeedsUpdate(a, b *cmapi.Certificate) bool { // Certificate created for the given VirtualServer resource. We look up the following // VS TLS Cert-Manager fields: // -// cluster-issuer -// issuer -// issuer-kind -// issuer-group +// cluster-issuer +// issuer +// issuer-kind +// issuer-group func issuerForVirtualServer(vs *vsapi.VirtualServer) (name, kind, group string, err error) { var errs []string vsCmSpec := vs.Spec.TLS.CertManager diff --git a/internal/certmanager/sync_test.go b/internal/certmanager/sync_test.go index 453f7b1975..b3b662fd14 100644 --- a/internal/certmanager/sync_test.go +++ b/internal/certmanager/sync_test.go @@ -23,7 +23,6 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - cmlisters "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" "github.com/cert-manager/cert-manager/test/unit/gen" "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -491,7 +490,19 @@ func TestSync(t *testing.T) { } b.Init() defer b.Stop() - sync := SyncFnFor(b.Recorder, b.CMClient, []cmlisters.CertificateLister{b.SharedInformerFactory.Certmanager().V1().Certificates().Lister()}) + + ig := make(map[string]*namespacedInformer) + + nsi := &namespacedInformer{ + cmSharedInformerFactory: b.FakeCMInformerFactory(), + kubeSharedInformerFactory: b.FakeKubeInformerFactory(), + vsSharedInformerFactory: b.VsSharedInformerFactory, + cmLister: b.SharedInformerFactory.Certmanager().V1().Certificates().Lister(), + } + + ig[""] = nsi + + sync := SyncFnFor(b.Recorder, b.CMClient, ig) b.Start() err := sync(context.Background(), &test.VirtualServer) diff --git a/internal/configs/annotations.go b/internal/configs/annotations.go index f620183083..120e440f10 100644 --- a/internal/configs/annotations.go +++ b/internal/configs/annotations.go @@ -148,20 +148,12 @@ func parseAnnotations(ingEx *IngressEx, baseCfgParams *ConfigParams, isPlus bool } } - if serverSnippets, exists, err := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/server-snippets", ingEx.Ingress, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.ServerSnippets = serverSnippets - } + if serverSnippets, exists := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/server-snippets", ingEx.Ingress, "\n"); exists { + cfgParams.ServerSnippets = serverSnippets } - if locationSnippets, exists, err := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/location-snippets", ingEx.Ingress, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.LocationSnippets = locationSnippets - } + if locationSnippets, exists := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/location-snippets", ingEx.Ingress, "\n"); exists { + cfgParams.LocationSnippets = locationSnippets } if proxyConnectTimeout, exists := ingEx.Ingress.Annotations["nginx.org/proxy-connect-timeout"]; exists { @@ -188,20 +180,12 @@ func parseAnnotations(ingEx *IngressEx, baseCfgParams *ConfigParams, isPlus bool } } - if proxyHideHeaders, exists, err := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/proxy-hide-headers", ingEx.Ingress, ","); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.ProxyHideHeaders = proxyHideHeaders - } + if proxyHideHeaders, exists := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/proxy-hide-headers", ingEx.Ingress, ","); exists { + cfgParams.ProxyHideHeaders = proxyHideHeaders } - if proxyPassHeaders, exists, err := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/proxy-pass-headers", ingEx.Ingress, ","); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.ProxyPassHeaders = proxyPassHeaders - } + if proxyPassHeaders, exists := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/proxy-pass-headers", ingEx.Ingress, ","); exists { + cfgParams.ProxyPassHeaders = proxyPassHeaders } if clientMaxBodySize, exists := ingEx.Ingress.Annotations["nginx.org/client-max-body-size"]; exists { diff --git a/internal/configs/configmaps.go b/internal/configs/configmaps.go index 5250efd36c..9de5e00fa2 100644 --- a/internal/configs/configmaps.go +++ b/internal/configs/configmaps.go @@ -58,20 +58,12 @@ func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool, hasA cfgParams.ProxySendTimeout = proxySendTimeout } - if proxyHideHeaders, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "proxy-hide-headers", cfgm, ","); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.ProxyHideHeaders = proxyHideHeaders - } + if proxyHideHeaders, exists := GetMapKeyAsStringSlice(cfgm.Data, "proxy-hide-headers", cfgm, ","); exists { + cfgParams.ProxyHideHeaders = proxyHideHeaders } - if proxyPassHeaders, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "proxy-pass-headers", cfgm, ","); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.ProxyPassHeaders = proxyPassHeaders - } + if proxyPassHeaders, exists := GetMapKeyAsStringSlice(cfgm.Data, "proxy-pass-headers", cfgm, ","); exists { + cfgParams.ProxyPassHeaders = proxyPassHeaders } if clientMaxBodySize, exists := cfgm.Data["client-max-body-size"]; exists { @@ -170,12 +162,8 @@ func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool, hasA } } - if setRealIPFrom, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "set-real-ip-from", cfgm, ","); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.SetRealIPFrom = setRealIPFrom - } + if setRealIPFrom, exists := GetMapKeyAsStringSlice(cfgm.Data, "set-real-ip-from", cfgm, ","); exists { + cfgParams.SetRealIPFrom = setRealIPFrom } if realIPRecursive, exists, err := GetMapKeyAsBool(cfgm.Data, "real-ip-recursive", cfgm); exists { @@ -219,12 +207,8 @@ func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool, hasA } } - if logFormat, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "log-format", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.MainLogFormat = logFormat - } + if logFormat, exists := GetMapKeyAsStringSlice(cfgm.Data, "log-format", cfgm, "\n"); exists { + cfgParams.MainLogFormat = logFormat } if logFormatEscaping, exists := cfgm.Data["log-format-escaping"]; exists { @@ -234,12 +218,8 @@ func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool, hasA } } - if streamLogFormat, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "stream-log-format", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.MainStreamLogFormat = streamLogFormat - } + if streamLogFormat, exists := GetMapKeyAsStringSlice(cfgm.Data, "stream-log-format", cfgm, "\n"); exists { + cfgParams.MainStreamLogFormat = streamLogFormat } if streamLogFormatEscaping, exists := cfgm.Data["stream-log-format-escaping"]; exists { @@ -281,36 +261,20 @@ func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool, hasA cfgParams.ProxyMaxTempFileSize = proxyMaxTempFileSize } - if mainMainSnippets, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "main-snippets", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.MainMainSnippets = mainMainSnippets - } + if mainMainSnippets, exists := GetMapKeyAsStringSlice(cfgm.Data, "main-snippets", cfgm, "\n"); exists { + cfgParams.MainMainSnippets = mainMainSnippets } - if mainHTTPSnippets, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "http-snippets", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.MainHTTPSnippets = mainHTTPSnippets - } + if mainHTTPSnippets, exists := GetMapKeyAsStringSlice(cfgm.Data, "http-snippets", cfgm, "\n"); exists { + cfgParams.MainHTTPSnippets = mainHTTPSnippets } - if locationSnippets, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "location-snippets", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.LocationSnippets = locationSnippets - } + if locationSnippets, exists := GetMapKeyAsStringSlice(cfgm.Data, "location-snippets", cfgm, "\n"); exists { + cfgParams.LocationSnippets = locationSnippets } - if serverSnippets, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "server-snippets", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.ServerSnippets = serverSnippets - } + if serverSnippets, exists := GetMapKeyAsStringSlice(cfgm.Data, "server-snippets", cfgm, "\n"); exists { + cfgParams.ServerSnippets = serverSnippets } if _, exists, err := GetMapKeyAsInt(cfgm.Data, "worker-processes", cfgm); exists { @@ -373,23 +337,15 @@ func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool, hasA cfgParams.VirtualServerTemplate = &virtualServerTemplate } - if mainStreamSnippets, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "stream-snippets", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.MainStreamSnippets = mainStreamSnippets - } + if mainStreamSnippets, exists := GetMapKeyAsStringSlice(cfgm.Data, "stream-snippets", cfgm, "\n"); exists { + cfgParams.MainStreamSnippets = mainStreamSnippets } - if resolverAddresses, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "resolver-addresses", cfgm, ","); exists { - if err != nil { - glog.Error(err) + if resolverAddresses, exists := GetMapKeyAsStringSlice(cfgm.Data, "resolver-addresses", cfgm, ","); exists { + if nginxPlus { + cfgParams.ResolverAddresses = resolverAddresses } else { - if nginxPlus { - cfgParams.ResolverAddresses = resolverAddresses - } else { - glog.Warning("ConfigMap key 'resolver-addresses' requires NGINX Plus") - } + glog.Warning("ConfigMap key 'resolver-addresses' requires NGINX Plus") } } @@ -521,12 +477,8 @@ func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool, hasA } if hasAppProtectDos { - if appProtectDosLogFormat, exists, err := GetMapKeyAsStringSlice(cfgm.Data, "app-protect-dos-log-format", cfgm, "\n"); exists { - if err != nil { - glog.Error(err) - } else { - cfgParams.MainAppProtectDosLogFormat = appProtectDosLogFormat - } + if appProtectDosLogFormat, exists := GetMapKeyAsStringSlice(cfgm.Data, "app-protect-dos-log-format", cfgm, "\n"); exists { + cfgParams.MainAppProtectDosLogFormat = appProtectDosLogFormat } if appProtectDosLogFormatEscaping, exists := cfgm.Data["app-protect-dos-log-format-escaping"]; exists { diff --git a/internal/configs/configurator.go b/internal/configs/configurator.go index 93514286f6..237f199004 100644 --- a/internal/configs/configurator.go +++ b/internal/configs/configurator.go @@ -255,11 +255,11 @@ func (cnf *Configurator) deleteIngressMetricsLabels(key string) { func (cnf *Configurator) AddOrUpdateIngress(ingEx *IngressEx) (Warnings, error) { warnings, err := cnf.addOrUpdateIngress(ingEx) if err != nil { - return warnings, fmt.Errorf("Error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) + return warnings, fmt.Errorf("error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) } if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return warnings, fmt.Errorf("Error reloading NGINX for %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) + return warnings, fmt.Errorf("error reloading NGINX for %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) } return warnings, nil @@ -287,7 +287,7 @@ func (cnf *Configurator) addOrUpdateIngress(ingEx *IngressEx) (Warnings, error) name := objectMetaToFileName(&ingEx.Ingress.ObjectMeta) content, err := cnf.templateExecutor.ExecuteIngressConfigTemplate(&nginxCfg) if err != nil { - return warnings, fmt.Errorf("Error generating Ingress Config %v: %w", name, err) + return warnings, fmt.Errorf("error generating Ingress Config %v: %w", name, err) } cnf.nginxManager.CreateConfig(name, content) @@ -302,11 +302,11 @@ func (cnf *Configurator) addOrUpdateIngress(ingEx *IngressEx) (Warnings, error) func (cnf *Configurator) AddOrUpdateMergeableIngress(mergeableIngs *MergeableIngresses) (Warnings, error) { warnings, err := cnf.addOrUpdateMergeableIngress(mergeableIngs) if err != nil { - return warnings, fmt.Errorf("Error when adding or updating ingress %v/%v: %w", mergeableIngs.Master.Ingress.Namespace, mergeableIngs.Master.Ingress.Name, err) + return warnings, fmt.Errorf("error when adding or updating ingress %v/%v: %w", mergeableIngs.Master.Ingress.Namespace, mergeableIngs.Master.Ingress.Name, err) } if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return warnings, fmt.Errorf("Error reloading NGINX for %v/%v: %w", mergeableIngs.Master.Ingress.Namespace, mergeableIngs.Master.Ingress.Name, err) + return warnings, fmt.Errorf("error reloading NGINX for %v/%v: %w", mergeableIngs.Master.Ingress.Namespace, mergeableIngs.Master.Ingress.Name, err) } return warnings, nil @@ -341,7 +341,7 @@ func (cnf *Configurator) addOrUpdateMergeableIngress(mergeableIngs *MergeableIng name := objectMetaToFileName(&mergeableIngs.Master.Ingress.ObjectMeta) content, err := cnf.templateExecutor.ExecuteIngressConfigTemplate(&nginxCfg) if err != nil { - return warnings, fmt.Errorf("Error generating Ingress Config %v: %w", name, err) + return warnings, fmt.Errorf("error generating Ingress Config %v: %w", name, err) } cnf.nginxManager.CreateConfig(name, content) @@ -441,11 +441,11 @@ func (cnf *Configurator) deleteVirtualServerMetricsLabels(key string) { func (cnf *Configurator) AddOrUpdateVirtualServer(virtualServerEx *VirtualServerEx) (Warnings, error) { warnings, err := cnf.addOrUpdateVirtualServer(virtualServerEx) if err != nil { - return warnings, fmt.Errorf("Error adding or updating VirtualServer %v/%v: %w", virtualServerEx.VirtualServer.Namespace, virtualServerEx.VirtualServer.Name, err) + return warnings, fmt.Errorf("error adding or updating VirtualServer %v/%v: %w", virtualServerEx.VirtualServer.Namespace, virtualServerEx.VirtualServer.Name, err) } if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return warnings, fmt.Errorf("Error reloading NGINX for VirtualServer %v/%v: %w", virtualServerEx.VirtualServer.Namespace, virtualServerEx.VirtualServer.Name, err) + return warnings, fmt.Errorf("error reloading NGINX for VirtualServer %v/%v: %w", virtualServerEx.VirtualServer.Namespace, virtualServerEx.VirtualServer.Name, err) } return warnings, nil @@ -473,7 +473,7 @@ func (cnf *Configurator) addOrUpdateVirtualServer(virtualServerEx *VirtualServer vsCfg, warnings := vsc.GenerateVirtualServerConfig(virtualServerEx, apResources, dosResources) content, err := cnf.templateExecutorV2.ExecuteVirtualServerTemplate(&vsCfg) if err != nil { - return warnings, fmt.Errorf("Error generating VirtualServer config: %v: %w", name, err) + return warnings, fmt.Errorf("error generating VirtualServer config: %v: %w", name, err) } cnf.nginxManager.CreateConfig(name, content) @@ -498,7 +498,7 @@ func (cnf *Configurator) AddOrUpdateVirtualServers(virtualServerExes []*VirtualS } if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return allWarnings, fmt.Errorf("Error when reloading NGINX when updating Policy: %w", err) + return allWarnings, fmt.Errorf("error when reloading NGINX when updating Policy: %w", err) } return allWarnings, nil @@ -630,7 +630,7 @@ func (cnf *Configurator) updateTLSPassthroughHostsConfig() error { content, err := cnf.templateExecutorV2.ExecuteTLSPassthroughHostsTemplate(cfg) if err != nil { - return fmt.Errorf("Error generating config for TLS Passthrough Unix Sockets map: %w", err) + return fmt.Errorf("error generating config for TLS Passthrough Unix Sockets map: %w", err) } cnf.nginxManager.CreateTLSPassthroughHostsConfig(content) @@ -673,7 +673,7 @@ func (cnf *Configurator) AddOrUpdateResources(resources ExtendedResources) (Warn for _, ingEx := range resources.IngressExes { warnings, err := cnf.addOrUpdateIngress(ingEx) if err != nil { - return nil, fmt.Errorf("Error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) + return nil, fmt.Errorf("error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) } allWarnings.Add(warnings) } @@ -681,7 +681,7 @@ func (cnf *Configurator) AddOrUpdateResources(resources ExtendedResources) (Warn for _, m := range resources.MergeableIngresses { warnings, err := cnf.addOrUpdateMergeableIngress(m) if err != nil { - return nil, fmt.Errorf("Error adding or updating mergeableIngress %v/%v: %w", m.Master.Ingress.Namespace, m.Master.Ingress.Name, err) + return nil, fmt.Errorf("error adding or updating mergeableIngress %v/%v: %w", m.Master.Ingress.Namespace, m.Master.Ingress.Name, err) } allWarnings.Add(warnings) } @@ -689,7 +689,7 @@ func (cnf *Configurator) AddOrUpdateResources(resources ExtendedResources) (Warn for _, vsEx := range resources.VirtualServerExes { warnings, err := cnf.addOrUpdateVirtualServer(vsEx) if err != nil { - return nil, fmt.Errorf("Error adding or updating VirtualServer %v/%v: %w", vsEx.VirtualServer.Namespace, vsEx.VirtualServer.Name, err) + return nil, fmt.Errorf("error adding or updating VirtualServer %v/%v: %w", vsEx.VirtualServer.Namespace, vsEx.VirtualServer.Name, err) } allWarnings.Add(warnings) } @@ -703,7 +703,7 @@ func (cnf *Configurator) AddOrUpdateResources(resources ExtendedResources) (Warn } if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return nil, fmt.Errorf("Error when reloading NGINX when updating resources: %w", err) + return nil, fmt.Errorf("error when reloading NGINX when updating resources: %w", err) } return allWarnings, nil } @@ -723,7 +723,7 @@ func (cnf *Configurator) AddOrUpdateSpecialTLSSecrets(secret *api_v1.Secret, sec } if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return fmt.Errorf("Error when reloading NGINX when updating the special Secrets: %w", err) + return fmt.Errorf("error when reloading NGINX when updating the special Secrets: %w", err) } return nil @@ -762,7 +762,7 @@ func (cnf *Configurator) DeleteIngress(key string) error { } if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return fmt.Errorf("Error when removing ingress %v: %w", key, err) + return fmt.Errorf("error when removing ingress %v: %w", key, err) } return nil @@ -779,7 +779,7 @@ func (cnf *Configurator) DeleteVirtualServer(key string) error { } if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return fmt.Errorf("Error when removing VirtualServer %v: %w", key, err) + return fmt.Errorf("error when removing VirtualServer %v: %w", key, err) } return nil @@ -793,12 +793,12 @@ func (cnf *Configurator) DeleteTransportServer(key string) error { err := cnf.deleteTransportServer(key) if err != nil { - return fmt.Errorf("Error when removing TransportServer %v: %w", key, err) + return fmt.Errorf("error when removing TransportServer %v: %w", key, err) } err = cnf.reload(nginx.ReloadForOtherUpdate) if err != nil { - return fmt.Errorf("Error when removing TransportServer %v: %w", key, err) + return fmt.Errorf("error when removing TransportServer %v: %w", key, err) } return nil @@ -826,7 +826,7 @@ func (cnf *Configurator) UpdateEndpoints(ingExes []*IngressEx) error { // It is safe to ignore warnings here as no new warnings should appear when updating Endpoints for Ingresses _, err := cnf.addOrUpdateIngress(ingEx) if err != nil { - return fmt.Errorf("Error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) + return fmt.Errorf("error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) } if cnf.isPlus { @@ -844,7 +844,7 @@ func (cnf *Configurator) UpdateEndpoints(ingExes []*IngressEx) error { } if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil { - return fmt.Errorf("Error reloading NGINX when updating endpoints: %w", err) + return fmt.Errorf("error reloading NGINX when updating endpoints: %w", err) } return nil @@ -858,7 +858,7 @@ func (cnf *Configurator) UpdateEndpointsMergeableIngress(mergeableIngresses []*M // It is safe to ignore warnings here as no new warnings should appear when updating Endpoints for Ingresses _, err := cnf.addOrUpdateMergeableIngress(mergeableIngresses[i]) if err != nil { - return fmt.Errorf("Error adding or updating mergeableIngress %v/%v: %w", mergeableIngresses[i].Master.Ingress.Namespace, mergeableIngresses[i].Master.Ingress.Name, err) + return fmt.Errorf("error adding or updating mergeableIngress %v/%v: %w", mergeableIngresses[i].Master.Ingress.Namespace, mergeableIngresses[i].Master.Ingress.Name, err) } if cnf.isPlus { @@ -878,7 +878,7 @@ func (cnf *Configurator) UpdateEndpointsMergeableIngress(mergeableIngresses []*M } if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil { - return fmt.Errorf("Error reloading NGINX when updating endpoints for %v: %w", mergeableIngresses, err) + return fmt.Errorf("error reloading NGINX when updating endpoints for %v: %w", mergeableIngresses, err) } return nil @@ -892,7 +892,7 @@ func (cnf *Configurator) UpdateEndpointsForVirtualServers(virtualServerExes []*V // It is safe to ignore warnings here as no new warnings should appear when updating Endpoints for VirtualServers _, err := cnf.addOrUpdateVirtualServer(vs) if err != nil { - return fmt.Errorf("Error adding or updating VirtualServer %v/%v: %w", vs.VirtualServer.Namespace, vs.VirtualServer.Name, err) + return fmt.Errorf("error adding or updating VirtualServer %v/%v: %w", vs.VirtualServer.Namespace, vs.VirtualServer.Name, err) } if cnf.isPlus { @@ -910,7 +910,7 @@ func (cnf *Configurator) UpdateEndpointsForVirtualServers(virtualServerExes []*V } if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil { - return fmt.Errorf("Error reloading NGINX when updating endpoints: %w", err) + return fmt.Errorf("error reloading NGINX when updating endpoints: %w", err) } return nil @@ -925,7 +925,7 @@ func (cnf *Configurator) updatePlusEndpointsForVirtualServer(virtualServerEx *Vi err := cnf.updateServersInPlus(upstream.Name, endpoints, serverCfg) if err != nil { - return fmt.Errorf("Couldn't update the endpoints for %v: %w", upstream.Name, err) + return fmt.Errorf("couldn't update the endpoints for %v: %w", upstream.Name, err) } } @@ -973,7 +973,7 @@ func (cnf *Configurator) updatePlusEndpointsForTransportServer(transportServerEx err := cnf.updateStreamServersInPlus(name, endpoints) if err != nil { - return fmt.Errorf("Couldn't update the endpoints for %v: %w", u.Name, err) + return fmt.Errorf("couldn't update the endpoints for %v: %w", u.Name, err) } } @@ -999,7 +999,7 @@ func (cnf *Configurator) updatePlusEndpoints(ingEx *IngressEx) error { name := getNameForUpstream(ingEx.Ingress, emptyHost, ingEx.Ingress.Spec.DefaultBackend) err := cnf.updateServersInPlus(name, endps, cfg) if err != nil { - return fmt.Errorf("Couldn't update the endpoints for %v: %w", name, err) + return fmt.Errorf("couldn't update the endpoints for %v: %w", name, err) } } } @@ -1021,7 +1021,7 @@ func (cnf *Configurator) updatePlusEndpoints(ingEx *IngressEx) error { name := getNameForUpstream(ingEx.Ingress, rule.Host, &path.Backend) err := cnf.updateServersInPlus(name, endps, cfg) if err != nil { - return fmt.Errorf("Couldn't update the endpoints for %v: %w", name, err) + return fmt.Errorf("couldn't update the endpoints for %v: %w", name, err) } } } @@ -1156,19 +1156,19 @@ func (cnf *Configurator) UpdateTransportServers(updatedTSExes []*TransportServer for _, tsEx := range updatedTSExes { _, err := cnf.addOrUpdateTransportServer(tsEx) if err != nil { - return fmt.Errorf("Error adding or updating TransportServer %v/%v: %w", tsEx.TransportServer.Namespace, tsEx.TransportServer.Name, err) + return fmt.Errorf("error adding or updating TransportServer %v/%v: %w", tsEx.TransportServer.Namespace, tsEx.TransportServer.Name, err) } } for _, key := range deletedKeys { err := cnf.deleteTransportServer(key) if err != nil { - return fmt.Errorf("Error when removing TransportServer %v: %w", key, err) + return fmt.Errorf("error when removing TransportServer %v: %w", key, err) } } if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return fmt.Errorf("Error when updating TransportServers: %w", err) + return fmt.Errorf("error when updating TransportServers: %w", err) } return nil @@ -1379,12 +1379,12 @@ type ResourceOperation func(resource *v1beta1.DosProtectedResource, ingExes []*I func (cnf *Configurator) AddOrUpdateAppProtectResource(resource *unstructured.Unstructured, ingExes []*IngressEx, mergeableIngresses []*MergeableIngresses, vsExes []*VirtualServerEx) (Warnings, error) { warnings, err := cnf.addOrUpdateIngressesAndVirtualServers(ingExes, mergeableIngresses, vsExes) if err != nil { - return warnings, fmt.Errorf("Error when updating %v %v/%v: %w", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err) + return warnings, fmt.Errorf("error when updating %v %v/%v: %w", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err) } err = cnf.reload(nginx.ReloadForOtherUpdate) if err != nil { - return warnings, fmt.Errorf("Error when reloading NGINX when updating %v %v/%v: %w", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err) + return warnings, fmt.Errorf("error when reloading NGINX when updating %v %v/%v: %w", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err) } return warnings, nil @@ -1411,7 +1411,7 @@ func (cnf *Configurator) addOrUpdateIngressesAndVirtualServers(ingExes []*Ingres for _, ingEx := range ingExes { warnings, err := cnf.addOrUpdateIngress(ingEx) if err != nil { - return allWarnings, fmt.Errorf("Error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) + return allWarnings, fmt.Errorf("error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err) } allWarnings.Add(warnings) } @@ -1419,7 +1419,7 @@ func (cnf *Configurator) addOrUpdateIngressesAndVirtualServers(ingExes []*Ingres for _, m := range mergeableIngresses { warnings, err := cnf.addOrUpdateMergeableIngress(m) if err != nil { - return allWarnings, fmt.Errorf("Error adding or updating mergeableIngress %v/%v: %w", m.Master.Ingress.Namespace, m.Master.Ingress.Name, err) + return allWarnings, fmt.Errorf("error adding or updating mergeableIngress %v/%v: %w", m.Master.Ingress.Namespace, m.Master.Ingress.Name, err) } allWarnings.Add(warnings) } @@ -1427,7 +1427,7 @@ func (cnf *Configurator) addOrUpdateIngressesAndVirtualServers(ingExes []*Ingres for _, vs := range vsExes { warnings, err := cnf.addOrUpdateVirtualServer(vs) if err != nil { - return allWarnings, fmt.Errorf("Error adding or updating VirtualServer %v/%v: %w", vs.VirtualServer.Namespace, vs.VirtualServer.Name, err) + return allWarnings, fmt.Errorf("error adding or updating VirtualServer %v/%v: %w", vs.VirtualServer.Namespace, vs.VirtualServer.Name, err) } allWarnings.Add(warnings) } @@ -1503,11 +1503,11 @@ func (cnf *Configurator) AddInternalRouteConfig() error { mainCfg := GenerateNginxMainConfig(cnf.staticCfgParams, cnf.cfgParams) mainCfgContent, err := cnf.templateExecutor.ExecuteMainConfigTemplate(mainCfg) if err != nil { - return fmt.Errorf("Error when writing main Config: %w", err) + return fmt.Errorf("error when writing main Config: %w", err) } cnf.nginxManager.CreateMainConfig(mainCfgContent) if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil { - return fmt.Errorf("Error when reloading nginx: %w", err) + return fmt.Errorf("error when reloading nginx: %w", err) } return nil } diff --git a/internal/configs/ingress.go b/internal/configs/ingress.go index 303f2e5040..f92700ed88 100644 --- a/internal/configs/ingress.go +++ b/internal/configs/ingress.go @@ -156,6 +156,7 @@ func generateNginxCfg(ingEx *IngressEx, apResources *AppProtectResources, dosRes AppProtectEnable: cfgParams.AppProtectEnable, AppProtectLogEnable: cfgParams.AppProtectLogEnable, SpiffeCerts: cfgParams.SpiffeServerCerts, + DisableIPV6: staticParams.DisableIPV6, } warnings := addSSLConfig(&server, ingEx.Ingress, rule.Host, ingEx.Ingress.Spec.TLS, ingEx.SecretRefs, isWildcardEnabled) diff --git a/internal/configs/ingress_test.go b/internal/configs/ingress_test.go index 1e3aab9eb0..0da7f9ac25 100644 --- a/internal/configs/ingress_test.go +++ b/internal/configs/ingress_test.go @@ -152,6 +152,25 @@ func TestGenerateNginxCfgWithWildcardTLSSecret(t *testing.T) { } } +func TestGenerateNginxCfgWithIPV6Disabled(t *testing.T) { + t.Parallel() + cafeIngressEx := createCafeIngressEx() + isPlus := false + configParams := NewDefaultConfigParams(isPlus) + + expected := createExpectedConfigForCafeIngressEx(isPlus) + expected.Servers[0].DisableIPV6 = true + + result, warnings := generateNginxCfg(&cafeIngressEx, nil, nil, false, configParams, isPlus, false, &StaticConfigParams{DisableIPV6: true}, false) + + if !cmp.Equal(expected, result) { + t.Errorf("generateNginxCfg() returned unexpected result (-want +got):\n%s", cmp.Diff(expected, result)) + } + if len(warnings) != 0 { + t.Errorf("generateNginxCfg() returned warnings: %v", warnings) + } +} + func TestPathOrDefaultReturnDefault(t *testing.T) { t.Parallel() path := "" diff --git a/internal/configs/parsing_helpers.go b/internal/configs/parsing_helpers.go index 6ce4f44aae..831c30f034 100644 --- a/internal/configs/parsing_helpers.go +++ b/internal/configs/parsing_helpers.go @@ -79,13 +79,12 @@ func GetMapKeyAsUint64(m map[string]string, key string, context apiObject, nonZe } // GetMapKeyAsStringSlice tries to find and parse a key in the map as string slice splitting it on delimiter. -func GetMapKeyAsStringSlice(m map[string]string, key string, _ apiObject, delimiter string) ([]string, bool, error) { +func GetMapKeyAsStringSlice(m map[string]string, key string, _ apiObject, delimiter string) ([]string, bool) { if str, exists := m[key]; exists { slice := strings.Split(str, delimiter) - return slice, exists, nil + return slice, exists } - - return nil, false, nil + return nil, false } // ParseLBMethod parses method and matches it to a corresponding load balancing method in NGINX. An error is returned if method is not valid. @@ -105,7 +104,7 @@ func ParseLBMethod(method string) (string, error) { return method, nil } - return "", fmt.Errorf("Invalid load balancing method: %q", method) + return "", fmt.Errorf("invalid load balancing method: %q", method) } var nginxLBValidInput = map[string]bool{ @@ -147,7 +146,7 @@ func ParseLBMethodForPlus(method string) (string, error) { return method, nil } - return "", fmt.Errorf("Invalid load balancing method: %q", method) + return "", fmt.Errorf("invalid load balancing method: %q", method) } func validateHashLBMethod(method string) (string, error) { @@ -222,7 +221,7 @@ func ParseOffset(s string) (string, error) { if offsetRegexp.MatchString(s) { return s, nil } - return "", errors.New("Invalid offset string") + return "", errors.New("invalid offset string") } // SizeFmt http://nginx.org/en/docs/syntax.html @@ -237,7 +236,7 @@ func ParseSize(s string) (string, error) { if sizeRegexp.MatchString(s) { return s, nil } - return "", errors.New("Invalid size string") + return "", errors.New("invalid size string") } // https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers @@ -250,7 +249,7 @@ func ParseProxyBuffersSpec(s string) (string, error) { if proxyBuffersRegexp.MatchString(s) { return s, nil } - return "", errors.New("Invalid proxy buffers string") + return "", errors.New("invalid proxy buffers string") } // ParsePortList ensures that the string is a comma-separated list of port numbers @@ -269,11 +268,11 @@ func ParsePortList(s string) ([]int, error) { func parsePort(value string) (int, error) { port, err := strconv.ParseInt(value, 10, 16) if err != nil { - return 0, fmt.Errorf("Unable to parse port as integer: %w", err) + return 0, fmt.Errorf("unable to parse port as integer: %w", err) } if port <= 0 { - return 0, fmt.Errorf("Port number should be greater than zero: %q", port) + return 0, fmt.Errorf("port number should be greater than zero: %q", port) } return int(port), nil diff --git a/internal/configs/parsing_helpers_test.go b/internal/configs/parsing_helpers_test.go index e406208686..ac5cdd78f9 100644 --- a/internal/configs/parsing_helpers_test.go +++ b/internal/configs/parsing_helpers_test.go @@ -229,10 +229,7 @@ func TestGetMapKeyAsStringSlice(t *testing.T) { "key": "1.String,2.String,3.String", } - slice, exists, err := GetMapKeyAsStringSlice(configMap.Data, "key", &configMap, ",") - if err != nil { - t.Errorf("Unexpected error: %v", err) - } + slice, exists := GetMapKeyAsStringSlice(configMap.Data, "key", &configMap, ",") if !exists { t.Errorf("The key 'key' must exist in the configMap") } @@ -253,10 +250,7 @@ func TestGetMapKeyAsStringSliceMultilineSnippets(t *testing.T) { }`, } - slice, exists, err := GetMapKeyAsStringSlice(configMap.Data, "server-snippets", &configMap, "\n") - if err != nil { - t.Errorf("Unexpected error: %v", err) - } + slice, exists := GetMapKeyAsStringSlice(configMap.Data, "server-snippets", &configMap, "\n") if !exists { t.Errorf("The key 'server-snippets' must exist in the configMap") } @@ -272,7 +266,7 @@ func TestGetMapKeyAsStringSliceNotFound(t *testing.T) { configMap := configMap configMap.Data = map[string]string{} - _, exists, _ := GetMapKeyAsStringSlice(configMap.Data, "key", &configMap, ",") + _, exists := GetMapKeyAsStringSlice(configMap.Data, "key", &configMap, ",") if exists { t.Errorf("The key 'key' must not exist in the configMap") } diff --git a/internal/configs/transportserver.go b/internal/configs/transportserver.go index 5d12f5f8b8..b1db784a38 100644 --- a/internal/configs/transportserver.go +++ b/internal/configs/transportserver.go @@ -147,7 +147,7 @@ func generateTransportServerHealthCheck(upstreamName string, generatedUpstreamNa if u.HealthCheck == nil || !u.HealthCheck.Enabled { return nil, nil } - hc = generateTransportServerHealthCheckWithDefaults(u) + hc = generateTransportServerHealthCheckWithDefaults() hc.Enabled = u.HealthCheck.Enabled hc.Interval = generateTimeWithDefault(u.HealthCheck.Interval, hc.Interval) @@ -176,7 +176,7 @@ func generateTransportServerHealthCheck(upstreamName string, generatedUpstreamNa return hc, match } -func generateTransportServerHealthCheckWithDefaults(up conf_v1alpha1.Upstream) *version2.StreamHealthCheck { +func generateTransportServerHealthCheckWithDefaults() *version2.StreamHealthCheck { return &version2.StreamHealthCheck{ Enabled: false, Timeout: "5s", diff --git a/internal/configs/version1/config.go b/internal/configs/version1/config.go index fb7bfdd6d6..1f3496e82f 100644 --- a/internal/configs/version1/config.go +++ b/internal/configs/version1/config.go @@ -15,7 +15,6 @@ type IngressNginxConfig struct { Keepalive string Ingress Ingress SpiffeClientCerts bool - DisableIPV6 bool } // Ingress holds information about an Ingress resource. diff --git a/internal/configs/version1/nginx.ingress.tmpl b/internal/configs/version1/nginx.ingress.tmpl index 77772c06f2..db32bfb496 100644 --- a/internal/configs/version1/nginx.ingress.tmpl +++ b/internal/configs/version1/nginx.ingress.tmpl @@ -96,7 +96,7 @@ server { {{range $location := $server.Locations}} location {{$location.Path}} { - set $service "{{$location.ServiceName}}"; + set $service "{{$location.ServiceName}}"; {{with $location.MinionIngress}} # location for minion {{$location.MinionIngress.Namespace}}/{{$location.MinionIngress.Name}} set $resource_name "{{$location.MinionIngress.Name}}"; diff --git a/internal/configs/version2/nginx-plus.virtualserver.tmpl b/internal/configs/version2/nginx-plus.virtualserver.tmpl index 5349454303..a6ddb6de98 100644 --- a/internal/configs/version2/nginx-plus.virtualserver.tmpl +++ b/internal/configs/version2/nginx-plus.virtualserver.tmpl @@ -481,14 +481,33 @@ server { proxy_set_header Connection $vs_connection_header; proxy_pass_request_headers {{ if $l.ProxyPassRequestHeaders }}on{{ else }}off{{ end }}; {{ end }} + + {{- $custom_headers := $l.ProxySetHeaders | headerListToCIMap }} + + {{- if not ($custom_headers | hasCIKey "X-Real-IP") }} {{ $proxyOrGRPC }}_set_header X-Real-IP $remote_addr; + {{- end }} + + {{- if not ($custom_headers | hasCIKey "X-Forwarded-For") }} {{ $proxyOrGRPC }}_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + {{- end }} + + {{- if not ($custom_headers | hasCIKey "X-Forwarded-Host") }} {{ $proxyOrGRPC }}_set_header X-Forwarded-Host $host; + {{- end }} + + {{- if not ($custom_headers | hasCIKey "X-Forwarded-Port") }} {{ $proxyOrGRPC }}_set_header X-Forwarded-Port $server_port; + {{- end }} + + {{- if not ($custom_headers | hasCIKey "X-Forwarded-Proto") }} {{ $proxyOrGRPC }}_set_header X-Forwarded-Proto {{ with $s.TLSRedirect }}{{ .BasedOn }}{{ else }}$scheme{{ end }}; - {{ range $h := $l.ProxySetHeaders }} + {{- end }} + + {{- range $h := $l.ProxySetHeaders }} {{ $proxyOrGRPC }}_set_header {{ $h.Name }} "{{ $h.Value }}"; - {{ end }} + {{- end }} + {{ range $h := $l.ProxyHideHeaders }} {{ $proxyOrGRPC }}_hide_header {{ $h }}; {{ end }} diff --git a/internal/configs/version2/nginx.transportserver.tmpl b/internal/configs/version2/nginx.transportserver.tmpl index c725967157..8643615371 100644 --- a/internal/configs/version2/nginx.transportserver.tmpl +++ b/internal/configs/version2/nginx.transportserver.tmpl @@ -47,4 +47,4 @@ server { proxy_next_upstream_timeout {{ $s.ProxyNextUpstreamTimeout }}; proxy_next_upstream_tries {{ $s.ProxyNextUpstreamTries }}; {{ end }} -} \ No newline at end of file +} diff --git a/internal/configs/version2/nginx.virtualserver.tmpl b/internal/configs/version2/nginx.virtualserver.tmpl index b5c9a8b1c5..09576e965b 100644 --- a/internal/configs/version2/nginx.virtualserver.tmpl +++ b/internal/configs/version2/nginx.virtualserver.tmpl @@ -318,14 +318,33 @@ server { proxy_set_header Connection $vs_connection_header; proxy_pass_request_headers {{ if $l.ProxyPassRequestHeaders }}on{{ else }}off{{ end }}; {{ end }} + + {{- $custom_headers := $l.ProxySetHeaders | headerListToCIMap }} + + {{- if not ($custom_headers | hasCIKey "X-Real-IP") }} {{ $proxyOrGRPC }}_set_header X-Real-IP $remote_addr; + {{- end }} + + {{- if not ($custom_headers | hasCIKey "X-Forwarded-For") }} {{ $proxyOrGRPC }}_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + {{- end }} + + {{- if not ($custom_headers | hasCIKey "X-Forwarded-Host") }} {{ $proxyOrGRPC }}_set_header X-Forwarded-Host $host; + {{- end }} + + {{- if not ($custom_headers | hasCIKey "X-Forwarded-Port") }} {{ $proxyOrGRPC }}_set_header X-Forwarded-Port $server_port; + {{- end }} + + {{- if not ($custom_headers | hasCIKey "X-Forwarded-Proto") }} {{ $proxyOrGRPC }}_set_header X-Forwarded-Proto {{ with $s.TLSRedirect }}{{ .BasedOn }}{{ else }}$scheme{{ end }}; - {{ range $h := $l.ProxySetHeaders }} + {{- end }} + + {{- range $h := $l.ProxySetHeaders }} {{ $proxyOrGRPC }}_set_header {{ $h.Name }} "{{ $h.Value }}"; - {{ end }} + {{- end }} + {{ range $h := $l.ProxyHideHeaders }} {{ $proxyOrGRPC }}_hide_header {{ $h }}; {{ end }} diff --git a/internal/configs/version2/template_executor.go b/internal/configs/version2/template_executor.go index ea5d0af13a..f395118e09 100644 --- a/internal/configs/version2/template_executor.go +++ b/internal/configs/version2/template_executor.go @@ -24,7 +24,7 @@ type TemplateExecutor struct { func NewTemplateExecutor(virtualServerTemplatePath string, transportServerTemplatePath string) (*TemplateExecutor, error) { // template names must be the base name of the template file https://golang.org/pkg/text/template/#Template.ParseFiles - vsTemplate, err := template.New(path.Base(virtualServerTemplatePath)).ParseFiles(virtualServerTemplatePath) + vsTemplate, err := template.New(path.Base(virtualServerTemplatePath)).Funcs(helperFunctions).ParseFiles(virtualServerTemplatePath) if err != nil { return nil, err } diff --git a/internal/configs/version2/template_helper.go b/internal/configs/version2/template_helper.go new file mode 100644 index 0000000000..35c31a4f71 --- /dev/null +++ b/internal/configs/version2/template_helper.go @@ -0,0 +1,26 @@ +package version2 + +import ( + "strings" + "text/template" +) + +func headerListToCIMap(headers []Header) map[string]string { + ret := make(map[string]string) + + for _, header := range headers { + ret[strings.ToLower(header.Name)] = header.Value + } + + return ret +} + +func hasCIKey(key string, d map[string]string) bool { + _, ok := d[strings.ToLower(key)] + return ok +} + +var helperFunctions = template.FuncMap{ + "headerListToCIMap": headerListToCIMap, + "hasCIKey": hasCIKey, +} diff --git a/internal/externaldns/controller.go b/internal/externaldns/controller.go index 8522e03a64..db3732cd31 100644 --- a/internal/externaldns/controller.go +++ b/internal/externaldns/controller.go @@ -28,15 +28,20 @@ const ( // ExtDNSController represents ExternalDNS controller. type ExtDNSController struct { - vsLister []listersV1.VirtualServerLister - sync SyncFn - ctx context.Context - mustSync []cache.InformerSynced - queue workqueue.RateLimitingInterface - sharedInformerFactory []k8s_nginx_informers.SharedInformerFactory - recorder record.EventRecorder - client k8s_nginx.Interface - extdnslister []extdnslisters.DNSEndpointLister + sync SyncFn + ctx context.Context + mustSync []cache.InformerSynced + queue workqueue.RateLimitingInterface + recorder record.EventRecorder + client k8s_nginx.Interface + informerGroup map[string]*namespacedInformer + resync time.Duration +} + +type namespacedInformer struct { + vsLister listersV1.VirtualServerLister + sharedInformerFactory k8s_nginx_informers.SharedInformerFactory + extdnslister extdnslisters.DNSEndpointLister } // ExtDNSOpts represents config required for building the External DNS Controller. @@ -50,45 +55,44 @@ type ExtDNSOpts struct { // NewController takes external dns config and return a new External DNS Controller. func NewController(opts *ExtDNSOpts) *ExtDNSController { - var sharedInformerFactory []k8s_nginx_informers.SharedInformerFactory - for _, ns := range opts.namespace { - sif := k8s_nginx_informers.NewSharedInformerFactoryWithOptions(opts.client, opts.resyncPeriod, k8s_nginx_informers.WithNamespace(ns)) - sharedInformerFactory = append(sharedInformerFactory, sif) + ig := make(map[string]*namespacedInformer) + c := &ExtDNSController{ + ctx: opts.context, + queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName), + informerGroup: ig, + recorder: opts.eventRecorder, + client: opts.client, + resync: opts.resyncPeriod, } - c := &ExtDNSController{ - ctx: opts.context, - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName), - sharedInformerFactory: sharedInformerFactory, - recorder: opts.eventRecorder, - client: opts.client, + for _, ns := range opts.namespace { + c.newNamespacedInformer(ns) } - c.register() + + c.sync = SyncFnFor(c.recorder, c.client, c.informerGroup) return c } -func (c *ExtDNSController) register() workqueue.Interface { - for _, sif := range c.sharedInformerFactory { - c.vsLister = append(c.vsLister, sif.K8s().V1().VirtualServers().Lister()) - c.extdnslister = append(c.extdnslister, sif.Externaldns().V1().DNSEndpoints().Lister()) - - sif.K8s().V1().VirtualServers().Informer().AddEventHandler( - &QueuingEventHandler{ - Queue: c.queue, - }, - ) - - sif.Externaldns().V1().DNSEndpoints().Informer().AddEventHandler(&BlockingEventHandler{ - WorkFunc: externalDNSHandler(c.queue), - }) - - c.mustSync = append(c.mustSync, - sif.K8s().V1().VirtualServers().Informer().HasSynced, - sif.Externaldns().V1().DNSEndpoints().Informer().HasSynced, - ) - } - c.sync = SyncFnFor(c.recorder, c.client, c.extdnslister) - return c.queue +func (c *ExtDNSController) newNamespacedInformer(ns string) { + nsi := namespacedInformer{sharedInformerFactory: k8s_nginx_informers.NewSharedInformerFactoryWithOptions(c.client, c.resync, k8s_nginx_informers.WithNamespace(ns))} + nsi.vsLister = nsi.sharedInformerFactory.K8s().V1().VirtualServers().Lister() + nsi.extdnslister = nsi.sharedInformerFactory.Externaldns().V1().DNSEndpoints().Lister() + + nsi.sharedInformerFactory.K8s().V1().VirtualServers().Informer().AddEventHandler( + &QueuingEventHandler{ + Queue: c.queue, + }, + ) + + nsi.sharedInformerFactory.Externaldns().V1().DNSEndpoints().Informer().AddEventHandler(&BlockingEventHandler{ + WorkFunc: externalDNSHandler(c.queue), + }) + + c.mustSync = append(c.mustSync, + nsi.sharedInformerFactory.K8s().V1().VirtualServers().Informer().HasSynced, + nsi.sharedInformerFactory.Externaldns().V1().DNSEndpoints().Informer().HasSynced, + ) + c.informerGroup[ns] = &nsi } // Run sets up the event handlers for types we are interested in, as well @@ -101,8 +105,8 @@ func (c *ExtDNSController) Run(stopCh <-chan struct{}) { glog.Infof("Starting external-dns control loop") - for _, sif := range c.sharedInformerFactory { - go sif.Start(c.ctx.Done()) + for _, ig := range c.informerGroup { + go ig.sharedInformerFactory.Start(c.ctx.Done()) } // wait for all informer caches to be synced @@ -154,12 +158,9 @@ func (c *ExtDNSController) processItem(ctx context.Context, key string) error { return err } var vs *conf_v1.VirtualServer - for _, vl := range c.vsLister { - vs, err = vl.VirtualServers(namespace).Get(name) - if err == nil { - break - } - } + nsi := getNamespacedInformer(namespace, c.informerGroup) + vs, err = nsi.vsLister.VirtualServers(namespace).Get(name) + if err != nil { return err } @@ -209,3 +210,21 @@ func BuildOpts( resyncPeriod: resync, } } + +func getNamespacedInformer(ns string, ig map[string]*namespacedInformer) *namespacedInformer { + var nsi *namespacedInformer + var isGlobalNs bool + var exists bool + + nsi, isGlobalNs = ig[""] + + if !isGlobalNs { + // get the correct namespaced informers + nsi, exists = ig[ns] + if !exists { + // we are not watching this namespace + return nil + } + } + return nsi +} diff --git a/internal/externaldns/sync.go b/internal/externaldns/sync.go index debaf6a6c1..cc607cb661 100644 --- a/internal/externaldns/sync.go +++ b/internal/externaldns/sync.go @@ -36,7 +36,7 @@ var vsGVK = vsapi.SchemeGroupVersion.WithKind("VirtualServer") type SyncFn func(context.Context, *vsapi.VirtualServer) error // SyncFnFor knows how to reconcile VirtualServer DNSEndpoint object. -func SyncFnFor(rec record.EventRecorder, client clientset.Interface, extdnsLister []extdnslisters.DNSEndpointLister) SyncFn { +func SyncFnFor(rec record.EventRecorder, client clientset.Interface, ig map[string]*namespacedInformer) SyncFn { return func(ctx context.Context, vs *vsapi.VirtualServer) error { // Do nothing if ExternalDNS is not present (nil) in VS or is not enabled. if !vs.Spec.ExternalDNS.Enable { @@ -56,7 +56,9 @@ func SyncFnFor(rec record.EventRecorder, client clientset.Interface, extdnsListe return err } - newDNSEndpoint, updateDNSEndpoint, err := buildDNSEndpoint(extdnsLister, vs, targets, recordType) + nsi := getNamespacedInformer(vs.Namespace, ig) + + newDNSEndpoint, updateDNSEndpoint, err := buildDNSEndpoint(nsi.extdnslister, vs, targets, recordType) if err != nil { glog.Errorf("error message here %s", err) rec.Eventf(vs, corev1.EventTypeWarning, reasonBadConfig, "Incorrect DNSEndpoint config for VirtualServer resource: %s", err) @@ -136,17 +138,14 @@ func getValidTargets(endpoints []vsapi.ExternalEndpoint) (extdnsapi.Targets, str return targets, recordType, err } -func buildDNSEndpoint(extdnsLister []extdnslisters.DNSEndpointLister, vs *vsapi.VirtualServer, targets extdnsapi.Targets, recordType string) (*extdnsapi.DNSEndpoint, *extdnsapi.DNSEndpoint, error) { +func buildDNSEndpoint(extdnsLister extdnslisters.DNSEndpointLister, vs *vsapi.VirtualServer, targets extdnsapi.Targets, recordType string) (*extdnsapi.DNSEndpoint, *extdnsapi.DNSEndpoint, error) { var updateDNSEndpoint *extdnsapi.DNSEndpoint var newDNSEndpoint *extdnsapi.DNSEndpoint var existingDNSEndpoint *extdnsapi.DNSEndpoint var err error - for _, el := range extdnsLister { - existingDNSEndpoint, err = el.DNSEndpoints(vs.Namespace).Get(vs.ObjectMeta.Name) - if err == nil { - break - } - } + + existingDNSEndpoint, err = extdnsLister.DNSEndpoints(vs.Namespace).Get(vs.ObjectMeta.Name) + if !apierrors.IsNotFound(err) && err != nil { return nil, nil, err } diff --git a/internal/externaldns/sync_test.go b/internal/externaldns/sync_test.go index 58ca613a24..812e4a2e66 100644 --- a/internal/externaldns/sync_test.go +++ b/internal/externaldns/sync_test.go @@ -276,8 +276,10 @@ func TestSync_ReturnsErrorOnFailure(t *testing.T) { for _, tc := range tt { t.Run(tc.name, func(t *testing.T) { rec := EventRecorder{} - eplister := []extdnsclient.DNSEndpointLister{DNSEPLister{}} - fn := SyncFnFor(rec, nil, eplister) + ig := make(map[string]*namespacedInformer) + nsi := namespacedInformer{extdnslister: DNSEPLister{}} + ig[""] = &nsi + fn := SyncFnFor(rec, nil, ig) err := fn(context.TODO(), tc.input) if err == nil { t.Error("want error, got nil") diff --git a/internal/k8s/appprotectdos/app_protect_dos_configuration.go b/internal/k8s/appprotectdos/app_protect_dos_configuration.go index f6aecfe1df..f01a671a97 100644 --- a/internal/k8s/appprotectdos/app_protect_dos_configuration.go +++ b/internal/k8s/appprotectdos/app_protect_dos_configuration.go @@ -114,11 +114,14 @@ func (ci *Configuration) AddOrUpdatePolicy(policyObj *unstructured.Unstructured) resNsName := appprotectcommon.GetNsName(policyObj) policy, err := createAppProtectDosPolicyEx(policyObj) ci.dosPolicies[resNsName] = policy + op := AddOrUpdate if err != nil { - changes = append(changes, Change{Op: Delete, Resource: policy}) + op = Delete problems = append(problems, Problem{Object: policyObj, Reason: "Rejected", Message: err.Error()}) } + changes = append(changes, Change{Op: op, Resource: policy}) + protectedResources := ci.GetDosProtectedThatReferencedDosPolicy(resNsName) for _, p := range protectedResources { proChanges, proProblems := ci.AddOrUpdateDosProtectedResource(p) @@ -134,11 +137,14 @@ func (ci *Configuration) AddOrUpdateLogConf(logConfObj *unstructured.Unstructure resNsName := appprotectcommon.GetNsName(logConfObj) logConf, err := createAppProtectDosLogConfEx(logConfObj) ci.dosLogConfs[resNsName] = logConf + op := AddOrUpdate if err != nil { - changes = append(changes, Change{Op: Delete, Resource: logConf}) + op = Delete problems = append(problems, Problem{Object: logConfObj, Reason: "Rejected", Message: err.Error()}) } + changes = append(changes, Change{Op: op, Resource: logConf}) + protectedResources := ci.GetDosProtectedThatReferencedDosLogConf(resNsName) for _, p := range protectedResources { proChanges, proProblems := ci.AddOrUpdateDosProtectedResource(p) @@ -357,7 +363,7 @@ func createAppProtectDosPolicyEx(policyObj *unstructured.Unstructured) (*DosPoli } func createAppProtectDosLogConfEx(dosLogConfObj *unstructured.Unstructured) (*DosLogConfEx, error) { - err := validation.ValidateAppProtectDosLogConf(dosLogConfObj) + warning, err := validation.ValidateAppProtectDosLogConf(dosLogConfObj) if err != nil { return &DosLogConfEx{ Obj: dosLogConfObj, @@ -365,6 +371,13 @@ func createAppProtectDosLogConfEx(dosLogConfObj *unstructured.Unstructured) (*Do ErrorMsg: fmt.Sprintf("failed to store ApDosLogconf: %v", err), }, err } + if warning != "" { + return &DosLogConfEx{ + Obj: dosLogConfObj, + IsValid: true, + ErrorMsg: warning, + }, nil + } return &DosLogConfEx{ Obj: dosLogConfObj, IsValid: true, diff --git a/internal/k8s/appprotectdos/app_protect_dos_configuration_test.go b/internal/k8s/appprotectdos/app_protect_dos_configuration_test.go index 23eb9df4ea..8b66934763 100644 --- a/internal/k8s/appprotectdos/app_protect_dos_configuration_test.go +++ b/internal/k8s/appprotectdos/app_protect_dos_configuration_test.go @@ -70,8 +70,7 @@ func TestCreateAppProtectDosLogConfEx(t *testing.T) { logConf: &unstructured.Unstructured{ Object: map[string]interface{}{ "spec": map[string]interface{}{ - "content": map[string]interface{}{}, - "filter": map[string]interface{}{}, + "filter": map[string]interface{}{}, }, }, }, @@ -86,10 +85,26 @@ func TestCreateAppProtectDosLogConfEx(t *testing.T) { logConf: &unstructured.Unstructured{ Object: map[string]interface{}{ "spec": map[string]interface{}{ - "content": map[string]interface{}{}, + "content": map[string]interface{}{ + "format": "splunk", + }, + "filter": map[string]interface{}{}, }, }, }, + expectedLogConfEx: &DosLogConfEx{ + IsValid: true, + ErrorMsg: "the Content field is not supported, defaulting to splunk format.", + }, + wantErr: false, + msg: "Valid DosLogConf with warning", + }, + { + logConf: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "spec": map[string]interface{}{}, + }, + }, expectedLogConfEx: &DosLogConfEx{ IsValid: false, ErrorMsg: "failed to store ApDosLogconf: error validating App Protect Dos Log Configuration : required field map[] not found", @@ -211,6 +226,11 @@ func TestAddOrUpdateDosPolicy(t *testing.T) { }, }, } + + basicPolicyResource := &DosPolicyEx{ + Obj: basicTestPolicy, + IsValid: true, + } invalidTestPolicy := &unstructured.Unstructured{ Object: map[string]interface{}{ "metadata": map[string]interface{}{ @@ -245,6 +265,10 @@ func TestAddOrUpdateDosPolicy(t *testing.T) { { policy: basicTestPolicy, expectedChanges: []Change{ + { + Resource: basicPolicyResource, + Op: AddOrUpdate, + }, { Resource: &DosProtectedResourceEx{ Obj: basicResource, @@ -298,20 +322,21 @@ func TestAddOrUpdateDosLogConf(t *testing.T) { "name": "testlogconf", }, "spec": map[string]interface{}{ - "content": map[string]interface{}{}, - "filter": map[string]interface{}{}, + "filter": map[string]interface{}{}, }, }, } + validLogConfResource := &DosLogConfEx{ + Obj: validLogConf, + IsValid: true, + } invalidLogConf := &unstructured.Unstructured{ Object: map[string]interface{}{ "metadata": map[string]interface{}{ "namespace": "testing", "name": "invalid-logconf", }, - "spec": map[string]interface{}{ - "content": map[string]interface{}{}, - }, + "spec": map[string]interface{}{}, }, } basicResource := &v1beta1.DosProtectedResource{ @@ -345,6 +370,10 @@ func TestAddOrUpdateDosLogConf(t *testing.T) { { logconf: validLogConf, expectedChanges: []Change{ + { + Resource: validLogConfResource, + Op: AddOrUpdate, + }, { Resource: &DosProtectedResourceEx{ Obj: basicResource, diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go index 75e2eec488..4b34be3057 100644 --- a/internal/k8s/controller.go +++ b/internal/k8s/controller.go @@ -105,30 +105,12 @@ type LoadBalancerController struct { dynClient dynamic.Interface restConfig *rest.Config cacheSyncs []cache.InformerSynced - sharedInformerFactory []informers.SharedInformerFactory - confSharedInformerFactory []k8s_nginx_informers.SharedInformerFactory - secretInformerFactory []informers.SharedInformerFactory + namespacedInformers map[string]*namespacedInformer configMapController cache.Controller - dynInformerFactory []dynamicinformer.DynamicSharedInformerFactory globalConfigurationController cache.Controller ingressLinkInformer cache.SharedIndexInformer - ingressLister []storeToIngressLister - svcLister []cache.Store - endpointLister []storeToEndpointLister configMapLister storeToConfigMapLister - podLister []indexerToPodLister - secretLister []cache.Store - virtualServerLister []cache.Store - virtualServerRouteLister []cache.Store - appProtectPolicyLister []cache.Store - appProtectLogConfLister []cache.Store - appProtectDosPolicyLister []cache.Store - appProtectDosLogConfLister []cache.Store - appProtectDosProtectedLister []cache.Store globalConfigurationLister cache.Store - appProtectUserSigLister []cache.Store - transportServerLister []cache.Store - policyLister []cache.Store ingressLinkLister cache.Store syncQueue *taskQueue ctx context.Context @@ -150,6 +132,7 @@ type LoadBalancerController struct { leaderElectionLockName string resync time.Duration namespaceList []string + secretNamespaceList []string controllerNamespace string wildcardTLSSecret string areCustomResourcesEnabled bool @@ -184,6 +167,7 @@ type NewLoadBalancerControllerInput struct { RestConfig *rest.Config ResyncPeriod time.Duration Namespace []string + SecretNamespace []string NginxConfigurator *configs.Configurator DefaultServerSecret string AppProtectEnabled bool @@ -234,6 +218,7 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc leaderElectionLockName: input.LeaderElectionLockName, resync: input.ResyncPeriod, namespaceList: input.Namespace, + secretNamespaceList: input.SecretNamespace, controllerNamespace: input.ControllerNamespace, wildcardTLSSecret: input.WildcardTLSSecret, areCustomResourcesEnabled: input.AreCustomResourcesEnabled, @@ -274,45 +259,12 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc glog.V(3).Infof("Nginx Ingress Controller has class: %v", input.IngressClass) + lbc.namespacedInformers = make(map[string]*namespacedInformer) for _, ns := range lbc.namespaceList { - lbc.sharedInformerFactory = append(lbc.sharedInformerFactory, informers.NewSharedInformerFactoryWithOptions(lbc.client, input.ResyncPeriod, informers.WithNamespace(ns))) + lbc.newNamespacedInformer(ns) } - // create handlers for resources we care about - lbc.addIngressHandler(createIngressHandlers(lbc)) - lbc.addServiceHandler(createServiceHandlers(lbc)) - lbc.addEndpointHandler(createEndpointHandlers(lbc)) - lbc.addPodHandler() - - secretsTweakListOptionsFunc := func(options *meta_v1.ListOptions) { - // Filter for helm release secrets. - helmSecretSelector := fields.OneTermNotEqualSelector(typeKeyword, helmReleaseType) - baseSelector, err := fields.ParseSelector(options.FieldSelector) - - if err != nil { - options.FieldSelector = helmSecretSelector.String() - } else { - options.FieldSelector = fields.AndSelectors(baseSelector, helmSecretSelector).String() - } - } - - // Creating a separate informer for secrets. - for _, ns := range lbc.namespaceList { - lbc.secretInformerFactory = append(lbc.secretInformerFactory, informers.NewSharedInformerFactoryWithOptions(lbc.client, input.ResyncPeriod, informers.WithNamespace(ns), informers.WithTweakListOptions(secretsTweakListOptionsFunc))) - } - - lbc.addSecretHandler(createSecretHandlers(lbc)) - if lbc.areCustomResourcesEnabled { - for _, ns := range lbc.namespaceList { - lbc.confSharedInformerFactory = append(lbc.confSharedInformerFactory, k8s_nginx_informers.NewSharedInformerFactoryWithOptions(lbc.confClient, input.ResyncPeriod, k8s_nginx_informers.WithNamespace(ns))) - } - - lbc.addVirtualServerHandler(createVirtualServerHandlers(lbc)) - lbc.addVirtualServerRouteHandler(createVirtualServerRouteHandlers(lbc)) - lbc.addTransportServerHandler(createTransportServerHandlers(lbc)) - lbc.addPolicyHandler(createPolicyHandlers(lbc)) - if input.GlobalConfiguration != "" { lbc.watchGlobalConfiguration = true ns, name, _ := ParseNamespaceName(input.GlobalConfiguration) @@ -320,23 +272,6 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc } } - if lbc.appProtectEnabled || lbc.appProtectDosEnabled { - for _, ns := range lbc.namespaceList { - lbc.dynInformerFactory = append(lbc.dynInformerFactory, dynamicinformer.NewFilteredDynamicSharedInformerFactory(lbc.dynClient, 0, ns, nil)) - } - if lbc.appProtectEnabled { - lbc.addAppProtectPolicyHandler(createAppProtectPolicyHandlers(lbc)) - lbc.addAppProtectLogConfHandler(createAppProtectLogConfHandlers(lbc)) - lbc.addAppProtectUserSigHandler(createAppProtectUserSigHandlers(lbc)) - } - - if lbc.appProtectDosEnabled { - lbc.addAppProtectDosPolicyHandler(createAppProtectDosPolicyHandlers(lbc)) - lbc.addAppProtectDosLogConfHandler(createAppProtectDosLogConfHandlers(lbc)) - lbc.addAppProtectDosProtectedResourceHandler(createAppProtectDosProtectedResourceHandlers(lbc)) - } - } - if input.ConfigMaps != "" { nginxConfigMapsNS, nginxConfigMapsName, err := ParseNamespaceName(input.ConfigMaps) if err != nil { @@ -357,17 +292,13 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc } lbc.statusUpdater = &statusUpdater{ - client: input.KubeClient, - namespace: input.ControllerNamespace, - externalServiceName: input.ExternalServiceName, - ingressLister: lbc.ingressLister, - virtualServerLister: lbc.virtualServerLister, - virtualServerRouteLister: lbc.virtualServerRouteLister, - transportServerLister: lbc.transportServerLister, - policyLister: lbc.policyLister, - keyFunc: keyFunc, - confClient: input.ConfClient, - hasCorrectIngressClass: lbc.HasCorrectIngressClass, + client: input.KubeClient, + namespace: input.ControllerNamespace, + externalServiceName: input.ExternalServiceName, + namespacedInformers: lbc.namespacedInformers, + keyFunc: keyFunc, + confClient: input.ConfClient, + hasCorrectIngressClass: lbc.HasCorrectIngressClass, } lbc.configuration = NewConfiguration( @@ -393,6 +324,99 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc return lbc } +type namespacedInformer struct { + // namespace string + sharedInformerFactory informers.SharedInformerFactory + confSharedInformerFactory k8s_nginx_informers.SharedInformerFactory + secretInformerFactory informers.SharedInformerFactory + dynInformerFactory dynamicinformer.DynamicSharedInformerFactory + ingressLister storeToIngressLister + svcLister cache.Store + endpointLister storeToEndpointLister + podLister indexerToPodLister + secretLister cache.Store + virtualServerLister cache.Store + virtualServerRouteLister cache.Store + appProtectPolicyLister cache.Store + appProtectLogConfLister cache.Store + appProtectDosPolicyLister cache.Store + appProtectDosLogConfLister cache.Store + appProtectDosProtectedLister cache.Store + appProtectUserSigLister cache.Store + transportServerLister cache.Store + policyLister cache.Store + isSecretsEnabledNamespace bool + areCustomResourcesEnabled bool + appProtectEnabled bool + appProtectDosEnabled bool + stopCh <-chan struct{} +} + +func (lbc *LoadBalancerController) newNamespacedInformer(ns string) { + nsi := &namespacedInformer{} + nsi.sharedInformerFactory = informers.NewSharedInformerFactoryWithOptions(lbc.client, lbc.resync, informers.WithNamespace(ns)) + + // create handlers for resources we care about + lbc.addIngressHandler(createIngressHandlers(lbc), nsi) + lbc.addServiceHandler(createServiceHandlers(lbc), nsi) + lbc.addEndpointHandler(createEndpointHandlers(lbc), nsi) + lbc.addPodHandler(nsi) + + secretsTweakListOptionsFunc := func(options *meta_v1.ListOptions) { + // Filter for helm release secrets. + helmSecretSelector := fields.OneTermNotEqualSelector(typeKeyword, helmReleaseType) + baseSelector, err := fields.ParseSelector(options.FieldSelector) + + if err != nil { + options.FieldSelector = helmSecretSelector.String() + } else { + options.FieldSelector = fields.AndSelectors(baseSelector, helmSecretSelector).String() + } + } + + // Check if secrets informer should be created for this namespace + for _, v := range lbc.secretNamespaceList { + if v == ns { + nsi.isSecretsEnabledNamespace = true + nsi.secretInformerFactory = informers.NewSharedInformerFactoryWithOptions(lbc.client, lbc.resync, informers.WithNamespace(ns), informers.WithTweakListOptions(secretsTweakListOptionsFunc)) + lbc.addSecretHandler(createSecretHandlers(lbc), nsi) + break + } + } + + if lbc.areCustomResourcesEnabled { + nsi.areCustomResourcesEnabled = true + nsi.confSharedInformerFactory = k8s_nginx_informers.NewSharedInformerFactoryWithOptions(lbc.confClient, lbc.resync, k8s_nginx_informers.WithNamespace(ns)) + + lbc.addVirtualServerHandler(createVirtualServerHandlers(lbc), nsi) + lbc.addVirtualServerRouteHandler(createVirtualServerRouteHandlers(lbc), nsi) + lbc.addTransportServerHandler(createTransportServerHandlers(lbc), nsi) + lbc.addPolicyHandler(createPolicyHandlers(lbc), nsi) + + } + + if lbc.appProtectEnabled || lbc.appProtectDosEnabled { + for _, ns := range lbc.namespaceList { + nsi.dynInformerFactory = dynamicinformer.NewFilteredDynamicSharedInformerFactory(lbc.dynClient, 0, ns, nil) + } + if lbc.appProtectEnabled { + nsi.appProtectEnabled = true + lbc.addAppProtectPolicyHandler(createAppProtectPolicyHandlers(lbc), nsi) + lbc.addAppProtectLogConfHandler(createAppProtectLogConfHandlers(lbc), nsi) + lbc.addAppProtectUserSigHandler(createAppProtectUserSigHandlers(lbc), nsi) + } + + if lbc.appProtectDosEnabled { + nsi.appProtectDosEnabled = true + lbc.addAppProtectDosPolicyHandler(createAppProtectDosPolicyHandlers(lbc), nsi) + lbc.addAppProtectDosLogConfHandler(createAppProtectDosLogConfHandlers(lbc), nsi) + lbc.addAppProtectDosProtectedResourceHandler(createAppProtectDosProtectedResourceHandlers(lbc), nsi) + } + } + + lbc.namespacedInformers[ns] = nsi +} + // addLeaderHandler adds the handler for leader election to the controller func (lbc *LoadBalancerController) addLeaderHandler(leaderHandler leaderelection.LeaderCallbacks) { var err error @@ -408,115 +432,95 @@ func (lbc *LoadBalancerController) AddSyncQueue(item interface{}) { } // addAppProtectPolicyHandler creates dynamic informers for custom appprotect policy resource -func (lbc *LoadBalancerController) addAppProtectPolicyHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, dif := range lbc.dynInformerFactory { - informer := dif.ForResource(appprotect.PolicyGVR).Informer() - informer.AddEventHandler(handlers) - lbc.appProtectPolicyLister = append(lbc.appProtectPolicyLister, informer.GetStore()) +func (lbc *LoadBalancerController) addAppProtectPolicyHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.dynInformerFactory.ForResource(appprotect.PolicyGVR).Informer() + informer.AddEventHandler(handlers) + nsi.appProtectPolicyLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addAppProtectLogConfHandler creates dynamic informer for custom appprotect logging config resource -func (lbc *LoadBalancerController) addAppProtectLogConfHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, dif := range lbc.dynInformerFactory { - informer := dif.ForResource(appprotect.LogConfGVR).Informer() - informer.AddEventHandler(handlers) - lbc.appProtectLogConfLister = append(lbc.appProtectLogConfLister, informer.GetStore()) +func (lbc *LoadBalancerController) addAppProtectLogConfHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.dynInformerFactory.ForResource(appprotect.LogConfGVR).Informer() + informer.AddEventHandler(handlers) + nsi.appProtectLogConfLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addAppProtectUserSigHandler creates dynamic informer for custom appprotect user defined signature resource -func (lbc *LoadBalancerController) addAppProtectUserSigHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, dif := range lbc.dynInformerFactory { - informer := dif.ForResource(appprotect.UserSigGVR).Informer() - informer.AddEventHandler(handlers) - lbc.appProtectUserSigLister = append(lbc.appProtectUserSigLister, informer.GetStore()) +func (lbc *LoadBalancerController) addAppProtectUserSigHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.dynInformerFactory.ForResource(appprotect.UserSigGVR).Informer() + informer.AddEventHandler(handlers) + nsi.appProtectUserSigLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addAppProtectDosPolicyHandler creates dynamic informers for custom appprotectdos policy resource -func (lbc *LoadBalancerController) addAppProtectDosPolicyHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, dif := range lbc.dynInformerFactory { - informer := dif.ForResource(appprotectdos.DosPolicyGVR).Informer() - informer.AddEventHandler(handlers) - lbc.appProtectDosPolicyLister = append(lbc.appProtectDosPolicyLister, informer.GetStore()) +func (lbc *LoadBalancerController) addAppProtectDosPolicyHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.dynInformerFactory.ForResource(appprotectdos.DosPolicyGVR).Informer() + informer.AddEventHandler(handlers) + nsi.appProtectDosPolicyLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addAppProtectDosLogConfHandler creates dynamic informer for custom appprotectdos logging config resource -func (lbc *LoadBalancerController) addAppProtectDosLogConfHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, dif := range lbc.dynInformerFactory { - informer := dif.ForResource(appprotectdos.DosLogConfGVR).Informer() - informer.AddEventHandler(handlers) - lbc.appProtectDosLogConfLister = append(lbc.appProtectDosLogConfLister, informer.GetStore()) +func (lbc *LoadBalancerController) addAppProtectDosLogConfHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.dynInformerFactory.ForResource(appprotectdos.DosLogConfGVR).Informer() + informer.AddEventHandler(handlers) + nsi.appProtectDosLogConfLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addAppProtectDosLogConfHandler creates dynamic informers for custom appprotectdos logging config resource -func (lbc *LoadBalancerController) addAppProtectDosProtectedResourceHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, cif := range lbc.confSharedInformerFactory { - informer := cif.Appprotectdos().V1beta1().DosProtectedResources().Informer() - informer.AddEventHandler(handlers) - lbc.appProtectDosProtectedLister = append(lbc.appProtectDosProtectedLister, informer.GetStore()) +func (lbc *LoadBalancerController) addAppProtectDosProtectedResourceHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.confSharedInformerFactory.Appprotectdos().V1beta1().DosProtectedResources().Informer() + informer.AddEventHandler(handlers) + nsi.appProtectDosProtectedLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addSecretHandler adds the handler for secrets to the controller -func (lbc *LoadBalancerController) addSecretHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, sif := range lbc.secretInformerFactory { - informer := sif.Core().V1().Secrets().Informer() - informer.AddEventHandler(handlers) - lbc.secretLister = append(lbc.secretLister, informer.GetStore()) +func (lbc *LoadBalancerController) addSecretHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.secretInformerFactory.Core().V1().Secrets().Informer() + informer.AddEventHandler(handlers) + nsi.secretLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addServiceHandler adds the handler for services to the controller -func (lbc *LoadBalancerController) addServiceHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, sif := range lbc.sharedInformerFactory { - informer := sif.Core().V1().Services().Informer() - informer.AddEventHandler(handlers) - lbc.svcLister = append(lbc.svcLister, informer.GetStore()) +func (lbc *LoadBalancerController) addServiceHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.sharedInformerFactory.Core().V1().Services().Informer() + informer.AddEventHandler(handlers) + nsi.svcLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addIngressHandler adds the handler for ingresses to the controller -func (lbc *LoadBalancerController) addIngressHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, sif := range lbc.sharedInformerFactory { - informer := sif.Networking().V1().Ingresses().Informer() - informer.AddEventHandler(handlers) - lbc.ingressLister = append(lbc.ingressLister, storeToIngressLister{Store: informer.GetStore()}) +func (lbc *LoadBalancerController) addIngressHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.sharedInformerFactory.Networking().V1().Ingresses().Informer() + informer.AddEventHandler(handlers) + nsi.ingressLister = storeToIngressLister{Store: informer.GetStore()} - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addEndpointHandler adds the handler for endpoints to the controller -func (lbc *LoadBalancerController) addEndpointHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, sif := range lbc.sharedInformerFactory { - informer := sif.Core().V1().Endpoints().Informer() - informer.AddEventHandler(handlers) - var el storeToEndpointLister - el.Store = informer.GetStore() - lbc.endpointLister = append(lbc.endpointLister, el) +func (lbc *LoadBalancerController) addEndpointHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.sharedInformerFactory.Core().V1().Endpoints().Informer() + informer.AddEventHandler(handlers) + var el storeToEndpointLister + el.Store = informer.GetStore() + nsi.endpointLister = el - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } // addConfigMapHandler adds the handler for config maps to the controller @@ -534,43 +538,35 @@ func (lbc *LoadBalancerController) addConfigMapHandler(handlers cache.ResourceEv lbc.cacheSyncs = append(lbc.cacheSyncs, lbc.configMapController.HasSynced) } -func (lbc *LoadBalancerController) addPodHandler() { - for _, sif := range lbc.sharedInformerFactory { - informer := sif.Core().V1().Pods().Informer() - lbc.podLister = append(lbc.podLister, indexerToPodLister{Indexer: informer.GetIndexer()}) +func (lbc *LoadBalancerController) addPodHandler(nsi *namespacedInformer) { + informer := nsi.sharedInformerFactory.Core().V1().Pods().Informer() + nsi.podLister = indexerToPodLister{Indexer: informer.GetIndexer()} - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } -func (lbc *LoadBalancerController) addVirtualServerHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, cif := range lbc.confSharedInformerFactory { - informer := cif.K8s().V1().VirtualServers().Informer() - informer.AddEventHandler(handlers) - lbc.virtualServerLister = append(lbc.virtualServerLister, informer.GetStore()) +func (lbc *LoadBalancerController) addVirtualServerHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.confSharedInformerFactory.K8s().V1().VirtualServers().Informer() + informer.AddEventHandler(handlers) + nsi.virtualServerLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } -func (lbc *LoadBalancerController) addVirtualServerRouteHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, cif := range lbc.confSharedInformerFactory { - informer := cif.K8s().V1().VirtualServerRoutes().Informer() - informer.AddEventHandler(handlers) - lbc.virtualServerRouteLister = append(lbc.virtualServerRouteLister, informer.GetStore()) +func (lbc *LoadBalancerController) addVirtualServerRouteHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.confSharedInformerFactory.K8s().V1().VirtualServerRoutes().Informer() + informer.AddEventHandler(handlers) + nsi.virtualServerRouteLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } -func (lbc *LoadBalancerController) addPolicyHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, cif := range lbc.confSharedInformerFactory { - informer := cif.K8s().V1().Policies().Informer() - informer.AddEventHandler(handlers) - lbc.policyLister = append(lbc.policyLister, informer.GetStore()) +func (lbc *LoadBalancerController) addPolicyHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.confSharedInformerFactory.K8s().V1().Policies().Informer() + informer.AddEventHandler(handlers) + nsi.policyLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } func (lbc *LoadBalancerController) addGlobalConfigurationHandler(handlers cache.ResourceEventHandlerFuncs, namespace string, name string) { @@ -587,14 +583,12 @@ func (lbc *LoadBalancerController) addGlobalConfigurationHandler(handlers cache. lbc.cacheSyncs = append(lbc.cacheSyncs, lbc.globalConfigurationController.HasSynced) } -func (lbc *LoadBalancerController) addTransportServerHandler(handlers cache.ResourceEventHandlerFuncs) { - for _, cif := range lbc.confSharedInformerFactory { - informer := cif.K8s().V1alpha1().TransportServers().Informer() - informer.AddEventHandler(handlers) - lbc.transportServerLister = append(lbc.transportServerLister, informer.GetStore()) +func (lbc *LoadBalancerController) addTransportServerHandler(handlers cache.ResourceEventHandlerFuncs, nsi *namespacedInformer) { + informer := nsi.confSharedInformerFactory.K8s().V1alpha1().TransportServers().Informer() + informer.AddEventHandler(handlers) + nsi.transportServerLister = informer.GetStore() - lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) - } + lbc.cacheSyncs = append(lbc.cacheSyncs, informer.HasSynced) } func (lbc *LoadBalancerController) addIngressLinkHandler(handlers cache.ResourceEventHandlerFuncs, name string) { @@ -633,33 +627,21 @@ func (lbc *LoadBalancerController) Run() { go lbc.leaderElector.Run(lbc.ctx) } - for _, sif := range lbc.sharedInformerFactory { - go sif.Start(lbc.ctx.Done()) - } - - for _, secif := range lbc.secretInformerFactory { - go secif.Start(lbc.ctx.Done()) + for _, nif := range lbc.namespacedInformers { + nif.stopCh = lbc.ctx.Done() + nif.start() } if lbc.watchNginxConfigMaps { go lbc.configMapController.Run(lbc.ctx.Done()) } - if lbc.areCustomResourcesEnabled { - for _, cif := range lbc.confSharedInformerFactory { - go cif.Start(lbc.ctx.Done()) - } - } + if lbc.watchGlobalConfiguration { go lbc.globalConfigurationController.Run(lbc.ctx.Done()) } if lbc.watchIngressLink { go lbc.ingressLinkInformer.Run(lbc.ctx.Done()) } - if lbc.appProtectEnabled || lbc.appProtectDosEnabled { - for _, dif := range lbc.dynInformerFactory { - go dif.Start(lbc.ctx.Done()) - } - } glog.V(3).Infof("Waiting for %d caches to sync", len(lbc.cacheSyncs)) @@ -675,13 +657,46 @@ func (lbc *LoadBalancerController) Run() { <-lbc.ctx.Done() } -// Stop shutdowns the load balancer controller +// Stop shutsdown the load balancer controller func (lbc *LoadBalancerController) Stop() { lbc.cancel() - lbc.syncQueue.Shutdown() } +func (nsi *namespacedInformer) start() { + go nsi.sharedInformerFactory.Start(nsi.stopCh) + + if nsi.isSecretsEnabledNamespace { + go nsi.secretInformerFactory.Start(nsi.stopCh) + } + + if nsi.areCustomResourcesEnabled { + go nsi.confSharedInformerFactory.Start(nsi.stopCh) + } + + if nsi.appProtectEnabled || nsi.appProtectDosEnabled { + go nsi.dynInformerFactory.Start(nsi.stopCh) + } +} + +func (lbc *LoadBalancerController) getNamespacedInformer(ns string) *namespacedInformer { + var nsi *namespacedInformer + var isGlobalNs bool + var exists bool + + nsi, isGlobalNs = lbc.namespacedInformers[""] + + if !isGlobalNs { + // get the correct namespaced informers + nsi, exists = lbc.namespacedInformers[ns] + if !exists { + // we are not watching this namespace + return nil + } + } + return nsi +} + func (lbc *LoadBalancerController) syncEndpoints(task task) { key := task.Key var obj interface{} @@ -689,12 +704,8 @@ func (lbc *LoadBalancerController) syncEndpoints(task task) { var err error glog.V(3).Infof("Syncing endpoints %v", key) - for _, el := range lbc.endpointLister { - obj, endpExists, err = el.GetByKey(key) - if endpExists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, endpExists, err = lbc.getNamespacedInformer(ns).endpointLister.GetByKey(key) if err != nil { lbc.syncQueue.Requeue(task, err) @@ -854,8 +865,11 @@ func (lbc *LoadBalancerController) updateAllConfigs() { // As a result, the IC will generate configuration for that resource assuming that the Secret is missing and // it will report warnings. (See https://github.com/nginxinc/kubernetes-ingress/issues/1448 ) func (lbc *LoadBalancerController) preSyncSecrets() { - for _, sl := range lbc.secretLister { - objects := sl.List() + for _, ni := range lbc.namespacedInformers { + if !ni.isSecretsEnabledNamespace { + break + } + objects := ni.secretLister.List() glog.V(3).Infof("PreSync %d Secrets", len(objects)) for _, obj := range objects { @@ -1007,12 +1021,8 @@ func (lbc *LoadBalancerController) syncPolicy(task task) { var polExists bool var err error - for _, pl := range lbc.policyLister { - obj, polExists, err = pl.GetByKey(key) - if polExists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, polExists, err = lbc.getNamespacedInformer(ns).policyLister.GetByKey(key) if err != nil { lbc.syncQueue.Requeue(task, err) @@ -1070,12 +1080,8 @@ func (lbc *LoadBalancerController) syncTransportServer(task task) { var tsExists bool var err error - for _, tl := range lbc.transportServerLister { - obj, tsExists, err = tl.GetByKey(key) - if tsExists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, tsExists, err = lbc.getNamespacedInformer(ns).transportServerLister.GetByKey(key) if err != nil { lbc.syncQueue.Requeue(task, err) @@ -1153,12 +1159,8 @@ func (lbc *LoadBalancerController) syncVirtualServer(task task) { var vsExists bool var err error - for _, vl := range lbc.virtualServerLister { - obj, vsExists, err = vl.GetByKey(key) - if vsExists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, vsExists, err = lbc.getNamespacedInformer(ns).virtualServerLister.GetByKey(key) if err != nil { lbc.syncQueue.Requeue(task, err) @@ -1266,12 +1268,8 @@ func (lbc *LoadBalancerController) processChanges(changes []ResourceChange) { var vsExists bool var err error - for _, vl := range lbc.virtualServerLister { - _, vsExists, err = vl.GetByKey(key) - if vsExists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + _, vsExists, err = lbc.getNamespacedInformer(ns).virtualServerLister.GetByKey(key) if err != nil { glog.Errorf("Error when getting VirtualServer for %v: %v", key, err) @@ -1293,12 +1291,8 @@ func (lbc *LoadBalancerController) processChanges(changes []ResourceChange) { var ingExists bool var err error - for _, il := range lbc.ingressLister { - _, ingExists, err = il.GetByKeySafe(key) - if ingExists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + _, ingExists, err = lbc.getNamespacedInformer(ns).ingressLister.GetByKeySafe(key) if err != nil { glog.Errorf("Error when getting Ingress for %v: %v", key, err) @@ -1319,12 +1313,8 @@ func (lbc *LoadBalancerController) processChanges(changes []ResourceChange) { var tsExists bool var err error - for _, tl := range lbc.transportServerLister { - _, tsExists, err = tl.GetByKey(key) - if tsExists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + _, tsExists, err = lbc.getNamespacedInformer(ns).transportServerLister.GetByKey(key) if err != nil { glog.Errorf("Error when getting TransportServer for %v: %v", key, err) @@ -1506,6 +1496,19 @@ func (lbc *LoadBalancerController) processAppProtectDosChanges(changes []appprot lbc.updateResourcesStatusAndEvents(resources, warnings, err) msg := fmt.Sprintf("Configuration for %s/%s was added or updated", impl.Obj.Namespace, impl.Obj.Name) lbc.recorder.Event(impl.Obj, api_v1.EventTypeNormal, "AddedOrUpdated", msg) + case *appprotectdos.DosPolicyEx: + msg := "Configuration was added or updated" + lbc.recorder.Event(impl.Obj, api_v1.EventTypeNormal, "AddedOrUpdated", msg) + case *appprotectdos.DosLogConfEx: + eventType := api_v1.EventTypeNormal + eventTitle := "AddedOrUpdated" + msg := "Configuration was added or updated" + if impl.ErrorMsg != "" { + msg += fmt.Sprintf(" ; with warning(s): %s", impl.ErrorMsg) + eventTitle = "AddedOrUpdatedWithWarning" + eventType = api_v1.EventTypeWarning + } + lbc.recorder.Event(impl.Obj, eventType, eventTitle, msg) } } else if c.Op == appprotectdos.Delete { switch impl := c.Resource.(type) { @@ -1900,12 +1903,8 @@ func (lbc *LoadBalancerController) syncVirtualServerRoute(task task) { var exists bool var err error - for _, vrl := range lbc.virtualServerRouteLister { - obj, exists, err = vrl.GetByKey(key) - if exists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, exists, err = lbc.getNamespacedInformer(ns).virtualServerRouteLister.GetByKey(key) if err != nil { lbc.syncQueue.Requeue(task, err) @@ -1936,12 +1935,9 @@ func (lbc *LoadBalancerController) syncIngress(task task) { var ingExists bool var err error - for _, il := range lbc.ingressLister { - ing, ingExists, err = il.GetByKeySafe(key) - if ingExists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + ing, ingExists, err = lbc.getNamespacedInformer(ns).ingressLister.GetByKeySafe(key) + if err != nil { lbc.syncQueue.Requeue(task, err) return @@ -1994,12 +1990,8 @@ func (lbc *LoadBalancerController) syncService(task task) { var exists bool var err error - for _, sl := range lbc.svcLister { - obj, exists, err = sl.GetByKey(key) - if exists { - break - } - } + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, exists, err = lbc.getNamespacedInformer(ns).svcLister.GetByKey(key) if err != nil { lbc.syncQueue.Requeue(task, err) @@ -2100,20 +2092,15 @@ func (lbc *LoadBalancerController) syncSecret(task task) { var secrExists bool var err error - for _, sl := range lbc.secretLister { - obj, secrExists, err = sl.GetByKey(key) - if secrExists { - break - } - } + namespace, name, err := ParseNamespaceName(key) if err != nil { - lbc.syncQueue.Requeue(task, err) + glog.Warningf("Secret key %v is invalid: %v", key, err) return } + obj, secrExists, err = lbc.getNamespacedInformer(namespace).secretLister.GetByKey(key) - namespace, name, err := ParseNamespaceName(key) if err != nil { - glog.Warningf("Secret key %v is invalid: %v", key, err) + lbc.syncQueue.Requeue(task, err) return } @@ -2245,8 +2232,8 @@ func getStatusFromEventTitle(eventTitle string) string { func (lbc *LoadBalancerController) updateVirtualServersStatusFromEvents() error { var allErrs []error - for _, vl := range lbc.virtualServerLister { - for _, obj := range vl.List() { + for _, nsi := range lbc.namespacedInformers { + for _, obj := range nsi.virtualServerLister.List() { vs := obj.(*conf_v1.VirtualServer) if !lbc.HasCorrectIngressClass(vs) { @@ -2289,8 +2276,8 @@ func (lbc *LoadBalancerController) updateVirtualServersStatusFromEvents() error func (lbc *LoadBalancerController) updateVirtualServerRoutesStatusFromEvents() error { var allErrs []error - for _, vsrl := range lbc.virtualServerRouteLister { - for _, obj := range vsrl.List() { + for _, nsi := range lbc.namespacedInformers { + for _, obj := range nsi.virtualServerRouteLister.List() { vsr := obj.(*conf_v1.VirtualServerRoute) if !lbc.HasCorrectIngressClass(vsr) { @@ -2333,8 +2320,8 @@ func (lbc *LoadBalancerController) updateVirtualServerRoutesStatusFromEvents() e func (lbc *LoadBalancerController) updatePoliciesStatus() error { var allErrs []error - for _, pl := range lbc.policyLister { - for _, obj := range pl.List() { + for _, nsi := range lbc.namespacedInformers { + for _, obj := range nsi.policyLister.List() { pol := obj.(*conf_v1.Policy) err := validation.ValidatePolicy(pol, lbc.isNginxPlus, lbc.enableOIDC, lbc.appProtectEnabled) @@ -2363,8 +2350,8 @@ func (lbc *LoadBalancerController) updatePoliciesStatus() error { func (lbc *LoadBalancerController) updateTransportServersStatusFromEvents() error { var allErrs []error - for _, tl := range lbc.transportServerLister { - for _, obj := range tl.List() { + for _, nsi := range lbc.namespacedInformers { + for _, obj := range nsi.transportServerLister.List() { ts := obj.(*conf_v1alpha1.TransportServer) events, err := lbc.client.CoreV1().Events(ts.Namespace).List(context.TODO(), @@ -2609,19 +2596,19 @@ func (lbc *LoadBalancerController) createIngressEx(ing *networking.Ingress, vali func (lbc *LoadBalancerController) getAppProtectLogConfAndDst(ing *networking.Ingress) ([]configs.AppProtectLog, error) { var apLogs []configs.AppProtectLog if _, exists := ing.Annotations[configs.AppProtectLogConfDstAnnotation]; !exists { - return apLogs, fmt.Errorf("Error: %v requires %v in %v", configs.AppProtectLogConfAnnotation, configs.AppProtectLogConfDstAnnotation, ing.Name) + return apLogs, fmt.Errorf("error: %v requires %v in %v", configs.AppProtectLogConfAnnotation, configs.AppProtectLogConfDstAnnotation, ing.Name) } logDsts := strings.Split(ing.Annotations[configs.AppProtectLogConfDstAnnotation], ",") logConfNsNs := appprotectcommon.ParseResourceReferenceAnnotationList(ing.Namespace, ing.Annotations[configs.AppProtectLogConfAnnotation]) if len(logDsts) != len(logConfNsNs) { - return apLogs, fmt.Errorf("Error Validating App Protect Destination and Config for Ingress %v: LogConf and LogDestination must have equal number of items", ing.Name) + return apLogs, fmt.Errorf("error Validating App Protect Destination and Config for Ingress %v: LogConf and LogDestination must have equal number of items", ing.Name) } for i, logConfNsN := range logConfNsNs { logConf, err := lbc.appProtectConfiguration.GetAppResource(appprotect.LogConfGVK.Kind, logConfNsN) if err != nil { - return apLogs, fmt.Errorf("Error retrieving App Protect Log Config for Ingress %v: %w", ing.Name, err) + return apLogs, fmt.Errorf("error retrieving App Protect Log Config for Ingress %v: %w", ing.Name, err) } apLogs = append(apLogs, configs.AppProtectLog{ LogConf: logConf, @@ -2637,7 +2624,7 @@ func (lbc *LoadBalancerController) getAppProtectPolicy(ing *networking.Ingress) apPolicy, err = lbc.appProtectConfiguration.GetAppResource(appprotect.PolicyGVK.Kind, polNsN) if err != nil { - return nil, fmt.Errorf("Error retrieving App Protect Policy for Ingress %v: %w", ing.Name, err) + return nil, fmt.Errorf("error retrieving App Protect Policy for Ingress %v: %w", ing.Name, err) } return apPolicy, nil @@ -2903,8 +2890,8 @@ func createPolicyMap(policies []*conf_v1.Policy) map[string]*conf_v1.Policy { func (lbc *LoadBalancerController) getAllPolicies() []*conf_v1.Policy { var policies []*conf_v1.Policy - for _, pl := range lbc.policyLister { - for _, obj := range pl.List() { + for _, nsi := range lbc.namespacedInformers { + for _, obj := range nsi.policyLister.List() { pol := obj.(*conf_v1.Policy) err := validation.ValidatePolicy(pol, lbc.isNginxPlus, lbc.enableOIDC, lbc.appProtectEnabled) @@ -2936,19 +2923,15 @@ func (lbc *LoadBalancerController) getPolicies(policies []conf_v1.PolicyReferenc var exists bool var err error - for _, pl := range lbc.policyLister { - policyObj, exists, err = pl.GetByKey(policyKey) - if exists { - break - } - } + policyObj, exists, err = lbc.getNamespacedInformer(polNamespace).policyLister.GetByKey(policyKey) + if err != nil { - errors = append(errors, fmt.Errorf("Failed to get policy %s: %w", policyKey, err)) + errors = append(errors, fmt.Errorf("failed to get policy %s: %w", policyKey, err)) continue } if !exists { - errors = append(errors, fmt.Errorf("Policy %s doesn't exist", policyKey)) + errors = append(errors, fmt.Errorf("policy %s doesn't exist", policyKey)) continue } @@ -2961,7 +2944,7 @@ func (lbc *LoadBalancerController) getPolicies(policies []conf_v1.PolicyReferenc err = validation.ValidatePolicy(policy, lbc.isNginxPlus, lbc.enableOIDC, lbc.appProtectEnabled) if err != nil { - errors = append(errors, fmt.Errorf("Policy %s is invalid: %w", policyKey, err)) + errors = append(errors, fmt.Errorf("policy %s is invalid: %w", policyKey, err)) continue } @@ -3238,7 +3221,7 @@ func (lbc *LoadBalancerController) createTransportServerEx(transportServer *conf func (lbc *LoadBalancerController) getEndpointsForUpstream(namespace string, upstreamService string, upstreamPort uint16) (endps []podEndpoint, isExternal bool, err error) { svc, err := lbc.getServiceForUpstream(namespace, upstreamService, upstreamPort) if err != nil { - return nil, false, fmt.Errorf("Error getting service %v: %w", upstreamService, err) + return nil, false, fmt.Errorf("error getting service %v: %w", upstreamService, err) } backend := &networking.IngressBackend{ @@ -3252,7 +3235,7 @@ func (lbc *LoadBalancerController) getEndpointsForUpstream(namespace string, ups endps, isExternal, err = lbc.getEndpointsForIngressBackend(backend, svc) if err != nil { - return nil, false, fmt.Errorf("Error retrieving endpoints for the service %v: %w", upstreamService, err) + return nil, false, fmt.Errorf("error retrieving endpoints for the service %v: %w", upstreamService, err) } return endps, isExternal, err @@ -3261,7 +3244,7 @@ func (lbc *LoadBalancerController) getEndpointsForUpstream(namespace string, ups func (lbc *LoadBalancerController) getEndpointsForSubselector(namespace string, upstream conf_v1.Upstream) (endps []podEndpoint, err error) { svc, err := lbc.getServiceForUpstream(namespace, upstream.Service, upstream.Port) if err != nil { - return nil, fmt.Errorf("Error getting service %v: %w", upstream.Service, err) + return nil, fmt.Errorf("error getting service %v: %w", upstream.Service, err) } var targetPort int32 @@ -3270,19 +3253,19 @@ func (lbc *LoadBalancerController) getEndpointsForSubselector(namespace string, if port.Port == int32(upstream.Port) { targetPort, err = lbc.getTargetPort(port, svc) if err != nil { - return nil, fmt.Errorf("Error determining target port for port %v in service %v: %w", upstream.Port, svc.Name, err) + return nil, fmt.Errorf("error determining target port for port %v in service %v: %w", upstream.Port, svc.Name, err) } break } } if targetPort == 0 { - return nil, fmt.Errorf("No port %v in service %s", upstream.Port, svc.Name) + return nil, fmt.Errorf("no port %v in service %s", upstream.Port, svc.Name) } endps, err = lbc.getEndpointsForServiceWithSubselector(targetPort, upstream.Subselector, svc) if err != nil { - return nil, fmt.Errorf("Error retrieving endpoints for the service %v: %w", upstream.Service, err) + return nil, fmt.Errorf("error retrieving endpoints for the service %v: %w", upstream.Service, err) } return endps, err @@ -3290,23 +3273,15 @@ func (lbc *LoadBalancerController) getEndpointsForSubselector(namespace string, func (lbc *LoadBalancerController) getEndpointsForServiceWithSubselector(targetPort int32, subselector map[string]string, svc *api_v1.Service) (endps []podEndpoint, err error) { var pods []*api_v1.Pod - for _, pl := range lbc.podLister { - pods, err = pl.ListByNamespace(svc.Namespace, labels.Merge(svc.Spec.Selector, subselector).AsSelector()) - if len(pods) > 0 { - break - } - } + nsi := lbc.getNamespacedInformer(svc.Namespace) + pods, err = nsi.podLister.ListByNamespace(svc.Namespace, labels.Merge(svc.Spec.Selector, subselector).AsSelector()) + if err != nil { - return nil, fmt.Errorf("Error getting pods in namespace %v that match the selector %v: %w", svc.Namespace, labels.Merge(svc.Spec.Selector, subselector), err) + return nil, fmt.Errorf("error getting pods in namespace %v that match the selector %v: %w", svc.Namespace, labels.Merge(svc.Spec.Selector, subselector), err) } var svcEps api_v1.Endpoints - for _, el := range lbc.endpointLister { - svcEps, err = el.GetServiceEndpoints(svc) - if err == nil { - break - } - } + svcEps, err = nsi.endpointLister.GetServiceEndpoints(svc) if err != nil { glog.V(3).Infof("Error getting endpoints for service %s from the cache: %v", svc.Name, err) return nil, err @@ -3366,12 +3341,9 @@ func (lbc *LoadBalancerController) getHealthChecksForIngressBackend(backend *net return nil } var pods []*api_v1.Pod - for _, pl := range lbc.podLister { - pods, err = pl.ListByNamespace(svc.Namespace, labels.Set(svc.Spec.Selector).AsSelector()) - if len(pods) > 0 { - break - } - } + nsi := lbc.getNamespacedInformer(svc.Namespace) + pods, err = nsi.podLister.ListByNamespace(svc.Namespace, labels.Set(svc.Spec.Selector).AsSelector()) + if err != nil { glog.V(3).Infof("Error fetching pods for namespace %v: %v", svc.Namespace, err) return nil @@ -3423,16 +3395,12 @@ func (lbc *LoadBalancerController) getExternalEndpointsForIngressBackend(backend func (lbc *LoadBalancerController) getEndpointsForIngressBackend(backend *networking.IngressBackend, svc *api_v1.Service) (result []podEndpoint, isExternal bool, err error) { var endps api_v1.Endpoints - for _, el := range lbc.endpointLister { - endps, err = el.GetServiceEndpoints(svc) - if err == nil { - break - } - } + endps, err = lbc.getNamespacedInformer(svc.Namespace).endpointLister.GetServiceEndpoints(svc) + if err != nil { if svc.Spec.Type == api_v1.ServiceTypeExternalName { if !lbc.isNginxPlus { - return nil, false, fmt.Errorf("Type ExternalName Services feature is only available in NGINX Plus") + return nil, false, fmt.Errorf("type ExternalName Services feature is only available in NGINX Plus") } result = lbc.getExternalEndpointsForIngressBackend(backend, svc) return result, true, nil @@ -3457,14 +3425,14 @@ func (lbc *LoadBalancerController) getEndpointsForPort(endps api_v1.Endpoints, b if (backendPort.Name == "" && port.Port == backendPort.Number) || port.Name == backendPort.Name { targetPort, err = lbc.getTargetPort(port, svc) if err != nil { - return nil, fmt.Errorf("Error determining target port for port %v in Ingress: %w", backendPort, err) + return nil, fmt.Errorf("error determining target port for port %v in Ingress: %w", backendPort, err) } break } } if targetPort == 0 { - return nil, fmt.Errorf("No port %v in service %s", backendPort, svc.Name) + return nil, fmt.Errorf("no port %v in service %s", backendPort, svc.Name) } for _, subset := range endps.Subsets { @@ -3489,19 +3457,16 @@ func (lbc *LoadBalancerController) getEndpointsForPort(endps api_v1.Endpoints, b } } - return nil, fmt.Errorf("No endpoints for target port %v in service %s", targetPort, svc.Name) + return nil, fmt.Errorf("no endpoints for target port %v in service %s", targetPort, svc.Name) } func (lbc *LoadBalancerController) getPodOwnerTypeAndNameFromAddress(ns, name string) (parentType, parentName string) { var obj interface{} var exists bool var err error - for _, pl := range lbc.podLister { - obj, exists, err = pl.GetByKey(fmt.Sprintf("%s/%s", ns, name)) - if exists { - break - } - } + + obj, exists, err = lbc.getNamespacedInformer(ns).podLister.GetByKey(fmt.Sprintf("%s/%s", ns, name)) + if err != nil { glog.Warningf("could not get pod by key %s/%s: %v", ns, name, err) return "", "" @@ -3549,25 +3514,21 @@ func (lbc *LoadBalancerController) getTargetPort(svcPort api_v1.ServicePort, svc var pods []*api_v1.Pod var err error - for _, pl := range lbc.podLister { - pods, err = pl.ListByNamespace(svc.Namespace, labels.Set(svc.Spec.Selector).AsSelector()) - if len(pods) > 0 { - break - } - } + pods, err = lbc.getNamespacedInformer(svc.Namespace).podLister.ListByNamespace(svc.Namespace, labels.Set(svc.Spec.Selector).AsSelector()) + if err != nil { - return 0, fmt.Errorf("Error getting pod information: %w", err) + return 0, fmt.Errorf("error getting pod information: %w", err) } if len(pods) == 0 { - return 0, fmt.Errorf("No pods of service %s", svc.Name) + return 0, fmt.Errorf("no pods of service %s", svc.Name) } pod := pods[0] portNum, err := findPort(pod, svcPort) if err != nil { - return 0, fmt.Errorf("Error finding named port %v in pod %s: %w", svcPort, pod.Name, err) + return 0, fmt.Errorf("error finding named port %v in pod %s: %w", svcPort, pod.Name, err) } return portNum, nil @@ -3590,12 +3551,9 @@ func (lbc *LoadBalancerController) getServiceForIngressBackend(backend *networki var svcObj interface{} var svcExists bool var err error - for _, sl := range lbc.svcLister { - svcObj, svcExists, err = sl.GetByKey(svcKey) - if svcExists { - break - } - } + + svcObj, svcExists, err = lbc.getNamespacedInformer(namespace).svcLister.GetByKey(svcKey) + if err != nil { return nil, err } @@ -3668,12 +3626,10 @@ func (lbc *LoadBalancerController) syncAppProtectPolicy(task task) { var obj interface{} var polExists bool var err error - for _, apl := range lbc.appProtectPolicyLister { - obj, polExists, err = apl.GetByKey(key) - if polExists { - break - } - } + + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, polExists, err = lbc.getNamespacedInformer(ns).appProtectPolicyLister.GetByKey(key) + if err != nil { lbc.syncQueue.Requeue(task, err) return @@ -3702,12 +3658,10 @@ func (lbc *LoadBalancerController) syncAppProtectLogConf(task task) { var obj interface{} var confExists bool var err error - for _, apl := range lbc.appProtectLogConfLister { - obj, confExists, err = apl.GetByKey(key) - if confExists { - break - } - } + + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, confExists, err = lbc.getNamespacedInformer(ns).appProtectLogConfLister.GetByKey(key) + if err != nil { lbc.syncQueue.Requeue(task, err) return @@ -3736,12 +3690,10 @@ func (lbc *LoadBalancerController) syncAppProtectUserSig(task task) { var obj interface{} var sigExists bool var err error - for _, apl := range lbc.appProtectUserSigLister { - obj, sigExists, err = apl.GetByKey(key) - if sigExists { - break - } - } + + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, sigExists, err = lbc.getNamespacedInformer(ns).appProtectUserSigLister.GetByKey(key) + if err != nil { lbc.syncQueue.Requeue(task, err) return @@ -3770,12 +3722,10 @@ func (lbc *LoadBalancerController) syncAppProtectDosPolicy(task task) { var obj interface{} var polExists bool var err error - for _, apl := range lbc.appProtectDosPolicyLister { - obj, polExists, err = apl.GetByKey(key) - if polExists { - break - } - } + + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, polExists, err = lbc.getNamespacedInformer(ns).appProtectDosPolicyLister.GetByKey(key) + if err != nil { lbc.syncQueue.Requeue(task, err) return @@ -3802,12 +3752,10 @@ func (lbc *LoadBalancerController) syncAppProtectDosLogConf(task task) { var obj interface{} var confExists bool var err error - for _, apl := range lbc.appProtectDosLogConfLister { - obj, confExists, err = apl.GetByKey(key) - if confExists { - break - } - } + + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, confExists, err = lbc.getNamespacedInformer(ns).appProtectDosLogConfLister.GetByKey(key) + if err != nil { lbc.syncQueue.Requeue(task, err) return @@ -3834,12 +3782,10 @@ func (lbc *LoadBalancerController) syncDosProtectedResource(task task) { var obj interface{} var confExists bool var err error - for _, apl := range lbc.appProtectDosProtectedLister { - obj, confExists, err = apl.GetByKey(key) - if confExists { - break - } - } + + ns, _, _ := cache.SplitMetaNamespaceKey(key) + obj, confExists, err = lbc.getNamespacedInformer(ns).appProtectDosProtectedLister.GetByKey(key) + if err != nil { lbc.syncQueue.Requeue(task, err) return diff --git a/internal/k8s/controller_test.go b/internal/k8s/controller_test.go index c13a289c7e..37c9ae02c2 100644 --- a/internal/k8s/controller_test.go +++ b/internal/k8s/controller_test.go @@ -19,7 +19,6 @@ import ( conf_v1 "github.com/nginxinc/kubernetes-ingress/pkg/apis/configuration/v1" conf_v1alpha1 "github.com/nginxinc/kubernetes-ingress/pkg/apis/configuration/v1alpha1" api_v1 "k8s.io/api/core/v1" - v1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -221,43 +220,43 @@ func TestIngressClassForCustomResources(t *testing.T) { func TestComparePorts(t *testing.T) { scenarios := []struct { - sp v1.ServicePort - cp v1.ContainerPort + sp api_v1.ServicePort + cp api_v1.ContainerPort expected bool }{ { // match TargetPort.strval and Protocol - v1.ServicePort{ + api_v1.ServicePort{ TargetPort: intstr.FromString("name"), - Protocol: v1.ProtocolTCP, + Protocol: api_v1.ProtocolTCP, }, - v1.ContainerPort{ + api_v1.ContainerPort{ Name: "name", - Protocol: v1.ProtocolTCP, + Protocol: api_v1.ProtocolTCP, ContainerPort: 80, }, true, }, { // don't match Name and Protocol - v1.ServicePort{ + api_v1.ServicePort{ Name: "name", - Protocol: v1.ProtocolTCP, + Protocol: api_v1.ProtocolTCP, }, - v1.ContainerPort{ + api_v1.ContainerPort{ Name: "name", - Protocol: v1.ProtocolTCP, + Protocol: api_v1.ProtocolTCP, ContainerPort: 80, }, false, }, { // TargetPort intval mismatch, don't match by TargetPort.Name - v1.ServicePort{ + api_v1.ServicePort{ Name: "name", TargetPort: intstr.FromInt(80), }, - v1.ContainerPort{ + api_v1.ContainerPort{ Name: "name", ContainerPort: 81, }, @@ -265,23 +264,23 @@ func TestComparePorts(t *testing.T) { }, { // match by TargetPort intval - v1.ServicePort{ + api_v1.ServicePort{ TargetPort: intstr.IntOrString{ IntVal: 80, }, }, - v1.ContainerPort{ + api_v1.ContainerPort{ ContainerPort: 80, }, true, }, { // Fall back on ServicePort.Port if TargetPort is empty - v1.ServicePort{ + api_v1.ServicePort{ Name: "name", Port: 80, }, - v1.ContainerPort{ + api_v1.ContainerPort{ Name: "name", ContainerPort: 80, }, @@ -289,18 +288,18 @@ func TestComparePorts(t *testing.T) { }, { // TargetPort intval mismatch - v1.ServicePort{ + api_v1.ServicePort{ TargetPort: intstr.FromInt(80), }, - v1.ContainerPort{ + api_v1.ContainerPort{ ContainerPort: 81, }, false, }, { // don't match empty ports - v1.ServicePort{}, - v1.ContainerPort{}, + api_v1.ServicePort{}, + api_v1.ContainerPort{}, false, }, } @@ -313,14 +312,14 @@ func TestComparePorts(t *testing.T) { } func TestFindProbeForPods(t *testing.T) { - pods := []*v1.Pod{ + pods := []*api_v1.Pod{ { - Spec: v1.PodSpec{ - Containers: []v1.Container{ + Spec: api_v1.PodSpec{ + Containers: []api_v1.Container{ { - ReadinessProbe: &v1.Probe{ - ProbeHandler: v1.ProbeHandler{ - HTTPGet: &v1.HTTPGetAction{ + ReadinessProbe: &api_v1.Probe{ + ProbeHandler: api_v1.ProbeHandler{ + HTTPGet: &api_v1.HTTPGetAction{ Path: "/", Host: "asdf.com", Port: intstr.IntOrString{ @@ -330,11 +329,11 @@ func TestFindProbeForPods(t *testing.T) { }, PeriodSeconds: 42, }, - Ports: []v1.ContainerPort{ + Ports: []api_v1.ContainerPort{ { Name: "name", ContainerPort: 80, - Protocol: v1.ProtocolTCP, + Protocol: api_v1.ProtocolTCP, HostIP: "1.2.3.4", }, }, @@ -343,7 +342,7 @@ func TestFindProbeForPods(t *testing.T) { }, }, } - svcPort := v1.ServicePort{ + svcPort := api_v1.ServicePort{ TargetPort: intstr.FromInt(80), } probe := findProbeForPods(pods, &svcPort) @@ -351,25 +350,25 @@ func TestFindProbeForPods(t *testing.T) { t.Errorf("ServicePort.TargetPort as int match failed: %+v", probe) } - svcPort = v1.ServicePort{ + svcPort = api_v1.ServicePort{ TargetPort: intstr.FromString("name"), - Protocol: v1.ProtocolTCP, + Protocol: api_v1.ProtocolTCP, } probe = findProbeForPods(pods, &svcPort) if probe == nil || probe.PeriodSeconds != 42 { t.Errorf("ServicePort.TargetPort as string failed: %+v", probe) } - svcPort = v1.ServicePort{ + svcPort = api_v1.ServicePort{ TargetPort: intstr.FromInt(80), - Protocol: v1.ProtocolTCP, + Protocol: api_v1.ProtocolTCP, } probe = findProbeForPods(pods, &svcPort) if probe == nil || probe.PeriodSeconds != 42 { t.Errorf("ServicePort.TargetPort as int failed: %+v", probe) } - svcPort = v1.ServicePort{ + svcPort = api_v1.ServicePort{ Port: 80, } probe = findProbeForPods(pods, &svcPort) @@ -377,7 +376,7 @@ func TestFindProbeForPods(t *testing.T) { t.Errorf("ServicePort.Port should match if TargetPort is not set: %+v", probe) } - svcPort = v1.ServicePort{ + svcPort = api_v1.ServicePort{ TargetPort: intstr.FromString("wrong_name"), } probe = findProbeForPods(pods, &svcPort) @@ -385,7 +384,7 @@ func TestFindProbeForPods(t *testing.T) { t.Errorf("ServicePort.TargetPort should not have matched string: %+v", probe) } - svcPort = v1.ServicePort{ + svcPort = api_v1.ServicePort{ TargetPort: intstr.FromInt(22), } probe = findProbeForPods(pods, &svcPort) @@ -393,7 +392,7 @@ func TestFindProbeForPods(t *testing.T) { t.Errorf("ServicePort.TargetPort should not have matched int: %+v", probe) } - svcPort = v1.ServicePort{ + svcPort = api_v1.ServicePort{ Port: 22, } probe = findProbeForPods(pods, &svcPort) @@ -411,14 +410,14 @@ func TestGetServicePortForIngressPort(t *testing.T) { configurator: cnf, metricsCollector: collectors.NewControllerFakeCollector(), } - svc := v1.Service{ + svc := api_v1.Service{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: meta_v1.ObjectMeta{ Name: "coffee-svc", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{ + Spec: api_v1.ServiceSpec{ + Ports: []api_v1.ServicePort{ { Name: "foo", Port: 80, @@ -426,7 +425,7 @@ func TestGetServicePortForIngressPort(t *testing.T) { }, }, }, - Status: v1.ServiceStatus{}, + Status: api_v1.ServiceStatus{}, } backendPort := networking.ServiceBackendPort{ Name: "foo", @@ -476,7 +475,7 @@ func TestGetEndpointsBySubselectedPods(t *testing.T) { tests := []struct { desc string targetPort int32 - svcEps v1.Endpoints + svcEps api_v1.Endpoints expectedEps []podEndpoint }{ { @@ -499,7 +498,7 @@ func TestGetEndpointsBySubselectedPods(t *testing.T) { }, } - pods := []*v1.Pod{ + pods := []*api_v1.Pod{ { ObjectMeta: meta_v1.ObjectMeta{ OwnerReferences: []meta_v1.OwnerReference{ @@ -510,22 +509,22 @@ func TestGetEndpointsBySubselectedPods(t *testing.T) { }, }, }, - Status: v1.PodStatus{ + Status: api_v1.PodStatus{ PodIP: "1.2.3.4", }, }, } - svcEps := v1.Endpoints{ - Subsets: []v1.EndpointSubset{ + svcEps := api_v1.Endpoints{ + Subsets: []api_v1.EndpointSubset{ { - Addresses: []v1.EndpointAddress{ + Addresses: []api_v1.EndpointAddress{ { IP: "1.2.3.4", Hostname: "asdf.com", }, }, - Ports: []v1.EndpointPort{ + Ports: []api_v1.EndpointPort{ { Port: 80, }, @@ -654,12 +653,12 @@ func TestGetPolicies(t *testing.T) { }, } - var pl []cache.Store - pl = append(pl, policyLister) + nsi := make(map[string]*namespacedInformer) + nsi[""] = &namespacedInformer{policyLister: policyLister} lbc := LoadBalancerController{ - isNginxPlus: true, - policyLister: pl, + isNginxPlus: true, + namespacedInformers: nsi, } policyRefs := []conf_v1.PolicyReference{ @@ -687,9 +686,9 @@ func TestGetPolicies(t *testing.T) { expectedPolicies := []*conf_v1.Policy{validPolicy} expectedErrors := []error{ - errors.New("Policy default/invalid-policy is invalid: spec: Invalid value: \"\": must specify exactly one of: `accessControl`, `rateLimit`, `ingressMTLS`, `egressMTLS`, `basicAuth`, `jwt`, `oidc`, `waf`"), - errors.New("Policy nginx-ingress/valid-policy doesn't exist"), - errors.New("Failed to get policy nginx-ingress/some-policy: GetByKey error"), + errors.New("policy default/invalid-policy is invalid: spec: Invalid value: \"\": must specify exactly one of: `accessControl`, `rateLimit`, `ingressMTLS`, `egressMTLS`, `basicAuth`, `jwt`, `oidc`, `waf`"), + errors.New("policy nginx-ingress/valid-policy doesn't exist"), + errors.New("failed to get policy nginx-ingress/some-policy: GetByKey error"), errors.New("referenced policy default/valid-policy-ingress-class has incorrect ingress class: test-class (controller ingress class: )"), } @@ -762,37 +761,37 @@ func TestGetPodOwnerTypeAndName(t *testing.T) { desc string expType string expName string - pod *v1.Pod + pod *api_v1.Pod }{ { desc: "deployment", expType: "deployment", expName: "deploy-name", - pod: &v1.Pod{ObjectMeta: createTestObjMeta("Deployment", "deploy-name", true)}, + pod: &api_v1.Pod{ObjectMeta: createTestObjMeta("Deployment", "deploy-name", true)}, }, { desc: "stateful set", expType: "statefulset", expName: "statefulset-name", - pod: &v1.Pod{ObjectMeta: createTestObjMeta("StatefulSet", "statefulset-name", true)}, + pod: &api_v1.Pod{ObjectMeta: createTestObjMeta("StatefulSet", "statefulset-name", true)}, }, { desc: "daemon set", expType: "daemonset", expName: "daemonset-name", - pod: &v1.Pod{ObjectMeta: createTestObjMeta("DaemonSet", "daemonset-name", true)}, + pod: &api_v1.Pod{ObjectMeta: createTestObjMeta("DaemonSet", "daemonset-name", true)}, }, { desc: "replica set with no pod hash", expType: "deployment", expName: "replicaset-name", - pod: &v1.Pod{ObjectMeta: createTestObjMeta("ReplicaSet", "replicaset-name", false)}, + pod: &api_v1.Pod{ObjectMeta: createTestObjMeta("ReplicaSet", "replicaset-name", false)}, }, { desc: "replica set with pod hash", expType: "deployment", expName: "replicaset-name", - pod: &v1.Pod{ + pod: &api_v1.Pod{ ObjectMeta: createTestObjMeta("ReplicaSet", "replicaset-name-67c6f7c5fd", true), }, }, @@ -800,7 +799,7 @@ func TestGetPodOwnerTypeAndName(t *testing.T) { desc: "nil controller should use default values", expType: "deployment", expName: "deploy-name", - pod: &v1.Pod{ + pod: &api_v1.Pod{ ObjectMeta: meta_v1.ObjectMeta{ OwnerReferences: []meta_v1.OwnerReference{ { @@ -1156,14 +1155,14 @@ func errorComparer(e1, e2 error) bool { func TestAddJWTSecrets(t *testing.T) { invalidErr := errors.New("invalid") - validJWKSecret := &v1.Secret{ + validJWKSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "valid-jwk-secret", Namespace: "default", }, Type: secrets.SecretTypeJWK, } - invalidJWKSecret := &v1.Secret{ + invalidJWKSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid-jwk-secret", Namespace: "default", @@ -1280,14 +1279,14 @@ func TestAddJWTSecrets(t *testing.T) { func TestAddBasicSecrets(t *testing.T) { invalidErr := errors.New("invalid") - validBasicSecret := &v1.Secret{ + validBasicSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "valid-basic-auth-secret", Namespace: "default", }, Type: secrets.SecretTypeJWK, } - invalidBasicSecret := &v1.Secret{ + invalidBasicSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid-basic-auth-secret", Namespace: "default", @@ -1404,14 +1403,14 @@ func TestAddBasicSecrets(t *testing.T) { func TestAddIngressMTLSSecret(t *testing.T) { invalidErr := errors.New("invalid") - validSecret := &v1.Secret{ + validSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "valid-ingress-mtls-secret", Namespace: "default", }, Type: secrets.SecretTypeCA, } - invalidSecret := &v1.Secret{ + invalidSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid-ingress-mtls-secret", Namespace: "default", @@ -1526,28 +1525,28 @@ func TestAddIngressMTLSSecret(t *testing.T) { func TestAddEgressMTLSSecrets(t *testing.T) { invalidErr := errors.New("invalid") - validMTLSSecret := &v1.Secret{ + validMTLSSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "valid-egress-mtls-secret", Namespace: "default", }, Type: api_v1.SecretTypeTLS, } - validTrustedSecret := &v1.Secret{ + validTrustedSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "valid-egress-trusted-secret", Namespace: "default", }, Type: secrets.SecretTypeCA, } - invalidMTLSSecret := &v1.Secret{ + invalidMTLSSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid-egress-mtls-secret", Namespace: "default", }, Type: api_v1.SecretTypeTLS, } - invalidTrustedSecret := &v1.Secret{ + invalidTrustedSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid-egress-trusted-secret", Namespace: "default", @@ -1743,7 +1742,7 @@ func TestAddEgressMTLSSecrets(t *testing.T) { func TestAddOidcSecret(t *testing.T) { invalidErr := errors.New("invalid") - validSecret := &v1.Secret{ + validSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "valid-oidc-secret", Namespace: "default", @@ -1753,7 +1752,7 @@ func TestAddOidcSecret(t *testing.T) { }, Type: secrets.SecretTypeOIDC, } - invalidSecret := &v1.Secret{ + invalidSecret := &api_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid-oidc-secret", Namespace: "default", @@ -2298,13 +2297,13 @@ func TestPreSyncSecrets(t *testing.T) { } }, } - var sl []cache.Store - sl = append(sl, secretLister) + nsi := make(map[string]*namespacedInformer) + nsi[""] = &namespacedInformer{secretLister: secretLister, isSecretsEnabledNamespace: true} lbc := LoadBalancerController{ - isNginxPlus: true, - secretStore: secrets.NewEmptyFakeSecretsStore(), - secretLister: sl, + isNginxPlus: true, + secretStore: secrets.NewEmptyFakeSecretsStore(), + namespacedInformers: nsi, } lbc.preSyncSecrets() diff --git a/internal/k8s/handlers.go b/internal/k8s/handlers.go index e520acf4b3..5cb40e271a 100644 --- a/internal/k8s/handlers.go +++ b/internal/k8s/handlers.go @@ -539,7 +539,7 @@ func areResourcesDifferent(oldresource, resource *unstructured.Unstructured) (bo return false, err } if !found { - return false, fmt.Errorf("Error, spec has unexpected format") + return false, fmt.Errorf("spec has unexpected format") } eq := reflect.DeepEqual(oldSpec, spec) if eq { diff --git a/internal/k8s/handlers_test.go b/internal/k8s/handlers_test.go index e2b880e706..eaed6eb2bc 100644 --- a/internal/k8s/handlers_test.go +++ b/internal/k8s/handlers_test.go @@ -204,7 +204,7 @@ func TestAreResourcesDifferent(t *testing.T) { Object: map[string]interface{}{}, }, expected: false, - expectErr: errors.New(`Error, spec has unexpected format`), + expectErr: errors.New(`spec has unexpected format`), msg: "new resource with missing spec", }, { diff --git a/internal/k8s/spiffe.go b/internal/k8s/spiffe.go index cdcb439d7e..30254a2445 100644 --- a/internal/k8s/spiffe.go +++ b/internal/k8s/spiffe.go @@ -77,7 +77,6 @@ func (sc *SpiffeCertFetcher) Start(ctx context.Context, onStart func()) error { case <-stopCh: return sc.client.Close() default: - break } time.Sleep(duration) } diff --git a/internal/k8s/status.go b/internal/k8s/status.go index a8ab81c508..78b9a67235 100644 --- a/internal/k8s/status.go +++ b/internal/k8s/status.go @@ -10,7 +10,6 @@ import ( "github.com/golang/glog" conf_v1 "github.com/nginxinc/kubernetes-ingress/pkg/apis/configuration/v1" - v1 "github.com/nginxinc/kubernetes-ingress/pkg/apis/configuration/v1" conf_v1alpha1 "github.com/nginxinc/kubernetes-ingress/pkg/apis/configuration/v1alpha1" k8s_nginx "github.com/nginxinc/kubernetes-ingress/pkg/client/clientset/versioned" api_v1 "k8s.io/api/core/v1" @@ -35,15 +34,11 @@ type statusUpdater struct { externalServicePorts string bigIPAddress string bigIPPorts string - externalEndpoints []v1.ExternalEndpoint + externalEndpoints []conf_v1.ExternalEndpoint status []api_v1.LoadBalancerIngress statusInitialized bool keyFunc func(obj interface{}) (string, error) - ingressLister []storeToIngressLister - virtualServerLister []cache.Store - virtualServerRouteLister []cache.Store - transportServerLister []cache.Store - policyLister []cache.Store + namespacedInformers map[string]*namespacedInformer confClient k8s_nginx.Interface hasCorrectIngressClass func(interface{}) bool } @@ -112,6 +107,24 @@ func (su *statusUpdater) UpdateIngressStatus(ing networking.Ingress) error { return su.updateIngressWithStatus(ing, su.status) } +func (su *statusUpdater) getNamespacedInformer(ns string) *namespacedInformer { + var nsi *namespacedInformer + var isGlobalNs bool + var exists bool + + nsi, isGlobalNs = su.namespacedInformers[""] + + if !isGlobalNs { + // get the correct namespaced informers + nsi, exists = su.namespacedInformers[ns] + if !exists { + // we are not watching this namespace + return nil + } + } + return nsi +} + // updateIngressWithStatus sets the provided status on the selected Ingress. func (su *statusUpdater) updateIngressWithStatus(ing networking.Ingress, status []api_v1.LoadBalancerIngress) error { // Get an up-to-date Ingress from the Store @@ -121,14 +134,11 @@ func (su *statusUpdater) updateIngressWithStatus(ing networking.Ingress, status return err } + ns, _, _ := cache.SplitMetaNamespaceKey(key) var ingCopy *networking.Ingress var exists bool - for _, il := range su.ingressLister { - ingCopy, exists, err = il.GetByKeySafe(key) - if exists { - break - } - } + ingCopy, exists, err = su.getNamespacedInformer(ns).ingressLister.GetByKeySafe(key) + if err != nil { glog.V(3).Infof("error getting ing from Store by key: %v", err) return err @@ -416,12 +426,9 @@ func (su *statusUpdater) UpdateTransportServerStatus(ts *conf_v1alpha1.Transport var tsLatest interface{} var exists bool var err error - for _, tl := range su.transportServerLister { - tsLatest, exists, err = tl.Get(ts) - if exists { - break - } - } + + tsLatest, exists, err = su.getNamespacedInformer(ts.Namespace).transportServerLister.Get(ts) + if err != nil { glog.V(3).Infof("error getting TransportServer from Store: %v", err) return err @@ -467,12 +474,9 @@ func (su *statusUpdater) UpdateVirtualServerStatus(vs *conf_v1.VirtualServer, st var vsLatest interface{} var exists bool var err error - for _, vl := range su.virtualServerLister { - vsLatest, exists, err = vl.Get(vs) - if exists { - break - } - } + + vsLatest, exists, err = su.getNamespacedInformer(vs.Namespace).virtualServerLister.Get(vs) + if err != nil { glog.V(3).Infof("error getting VirtualServer from Store: %v", err) return err @@ -522,7 +526,7 @@ func hasVsrStatusChanged(vsr *conf_v1.VirtualServerRoute, state string, reason s } // UpdateVirtualServerRouteStatusWithReferencedBy updates the status of a VirtualServerRoute, including the referencedBy field. -func (su *statusUpdater) UpdateVirtualServerRouteStatusWithReferencedBy(vsr *conf_v1.VirtualServerRoute, state string, reason string, message string, referencedBy []*v1.VirtualServer) error { +func (su *statusUpdater) UpdateVirtualServerRouteStatusWithReferencedBy(vsr *conf_v1.VirtualServerRoute, state string, reason string, message string, referencedBy []*conf_v1.VirtualServer) error { var referencedByString string if len(referencedBy) != 0 { vs := referencedBy[0] @@ -533,12 +537,9 @@ func (su *statusUpdater) UpdateVirtualServerRouteStatusWithReferencedBy(vsr *con var vsrLatest interface{} var exists bool var err error - for _, vl := range su.virtualServerRouteLister { - vsrLatest, exists, err = vl.Get(vsr) - if exists { - break - } - } + + vsrLatest, exists, err = su.getNamespacedInformer(vsr.Namespace).virtualServerRouteLister.Get(vsr) + if err != nil { glog.V(3).Infof("error getting VirtualServerRoute from Store: %v", err) return err @@ -576,12 +577,9 @@ func (su *statusUpdater) UpdateVirtualServerRouteStatus(vsr *conf_v1.VirtualServ var vsrLatest interface{} var exists bool var err error - for _, vl := range su.virtualServerRouteLister { - vsrLatest, exists, err = vl.Get(vsr) - if exists { - break - } - } + + vsrLatest, exists, err = su.getNamespacedInformer(vsr.Namespace).virtualServerRouteLister.Get(vsr) + if err != nil { glog.V(3).Infof("error getting VirtualServerRoute from Store: %v", err) return err @@ -615,12 +613,9 @@ func (su *statusUpdater) updateVirtualServerExternalEndpoints(vs *conf_v1.Virtua var vsLatest interface{} var exists bool var err error - for _, vl := range su.virtualServerLister { - vsLatest, exists, err = vl.Get(vs) - if exists { - break - } - } + + vsLatest, exists, err = su.getNamespacedInformer(vs.Namespace).virtualServerLister.Get(vs) + if err != nil { glog.V(3).Infof("error getting VirtualServer from Store: %v", err) return err @@ -646,12 +641,9 @@ func (su *statusUpdater) updateVirtualServerRouteExternalEndpoints(vsr *conf_v1. var vsrLatest interface{} var exists bool var err error - for _, vl := range su.virtualServerRouteLister { - vsrLatest, exists, err = vl.Get(vsr) - if exists { - break - } - } + + vsrLatest, exists, err = su.getNamespacedInformer(vsr.Namespace).virtualServerRouteLister.Get(vsr) + if err != nil { glog.V(3).Infof("error getting VirtualServerRoute from Store: %v", err) return err @@ -687,22 +679,19 @@ func (su *statusUpdater) generateExternalEndpointsFromStatus(status []api_v1.Loa return externalEndpoints } -func hasPolicyStatusChanged(pol *v1.Policy, state string, reason string, message string) bool { +func hasPolicyStatusChanged(pol *conf_v1.Policy, state string, reason string, message string) bool { return pol.Status.State != state || pol.Status.Reason != reason || pol.Status.Message != message } // UpdatePolicyStatus updates the status of a Policy. -func (su *statusUpdater) UpdatePolicyStatus(pol *v1.Policy, state string, reason string, message string) error { +func (su *statusUpdater) UpdatePolicyStatus(pol *conf_v1.Policy, state string, reason string, message string) error { // Get an up-to-date Policy from the Store var polLatest interface{} var exists bool var err error - for _, vl := range su.policyLister { - polLatest, exists, err = vl.Get(pol) - if exists { - break - } - } + + polLatest, exists, err = su.getNamespacedInformer(pol.Namespace).policyLister.Get(pol) + if err != nil { glog.V(3).Infof("error getting policy from Store: %v", err) return err @@ -717,7 +706,7 @@ func (su *statusUpdater) UpdatePolicyStatus(pol *v1.Policy, state string, reason return nil } - polCopy := polLatest.(*v1.Policy) + polCopy := polLatest.(*conf_v1.Policy) if !hasPolicyStatusChanged(polCopy, state, reason, message) { return nil @@ -736,7 +725,7 @@ func (su *statusUpdater) UpdatePolicyStatus(pol *v1.Policy, state string, reason return nil } -func (su *statusUpdater) retryUpdatePolicyStatus(polCopy *v1.Policy) error { +func (su *statusUpdater) retryUpdatePolicyStatus(polCopy *conf_v1.Policy) error { pol, err := su.confClient.K8sV1().Policies(polCopy.Namespace).Get(context.TODO(), polCopy.Name, metav1.GetOptions{}) if err != nil { return err diff --git a/internal/k8s/status_test.go b/internal/k8s/status_test.go index 141597ed0c..43572f680d 100644 --- a/internal/k8s/status_test.go +++ b/internal/k8s/status_test.go @@ -44,11 +44,12 @@ func TestUpdateTransportServerStatus(t *testing.T) { if err != nil { t.Errorf("Error adding TransportServer to the transportserver lister: %v", err) } - tsl := []cache.Store{tsLister} + nsi := make(map[string]*namespacedInformer) + nsi["default"] = &namespacedInformer{transportServerLister: tsLister} su := statusUpdater{ - transportServerLister: tsl, - confClient: fakeClient, - keyFunc: cache.DeletionHandlingMetaNamespaceKeyFunc, + namespacedInformers: nsi, + confClient: fakeClient, + keyFunc: cache.DeletionHandlingMetaNamespaceKeyFunc, } err = su.UpdateTransportServerStatus(ts, "after status", "after reason", "after message") @@ -104,11 +105,12 @@ func TestUpdateTransportServerStatusIgnoreNoChange(t *testing.T) { if err != nil { t.Errorf("Error adding TransportServer to the transportserver lister: %v", err) } - tsl := []cache.Store{tsLister} + nsi := make(map[string]*namespacedInformer) + nsi["default"] = &namespacedInformer{transportServerLister: tsLister} su := statusUpdater{ - transportServerLister: tsl, - confClient: fakeClient, - keyFunc: cache.DeletionHandlingMetaNamespaceKeyFunc, + namespacedInformers: nsi, + confClient: fakeClient, + keyFunc: cache.DeletionHandlingMetaNamespaceKeyFunc, } err = su.UpdateTransportServerStatus(ts, "same status", "same reason", "same message") @@ -158,12 +160,13 @@ func TestUpdateTransportServerStatusMissingTransportServer(t *testing.T) { nil, ) - tsl := []cache.Store{tsLister} + nsi := make(map[string]*namespacedInformer) + nsi[""] = &namespacedInformer{transportServerLister: tsLister} su := statusUpdater{ - transportServerLister: tsl, - confClient: fakeClient, - keyFunc: cache.DeletionHandlingMetaNamespaceKeyFunc, + namespacedInformers: nsi, + confClient: fakeClient, + keyFunc: cache.DeletionHandlingMetaNamespaceKeyFunc, externalEndpoints: []conf_v1.ExternalEndpoint{ { IP: "123.123.123.123", @@ -214,14 +217,15 @@ func TestStatusUpdateWithExternalStatusAndExternalService(t *testing.T) { t.Errorf("Error adding Ingress to the ingress lister: %v", err) } - isl := []storeToIngressLister{ingLister} + nsi := make(map[string]*namespacedInformer) + nsi[""] = &namespacedInformer{ingressLister: ingLister} su := statusUpdater{ client: fakeClient, namespace: "namespace", externalServiceName: "service-name", externalStatusAddress: "123.123.123.123", - ingressLister: isl, + namespacedInformers: nsi, keyFunc: cache.DeletionHandlingMetaNamespaceKeyFunc, } err = su.ClearIngressStatus(ing) @@ -319,13 +323,14 @@ func TestStatusUpdateWithExternalStatusAndIngressLink(t *testing.T) { t.Errorf("Error adding Ingress to the ingress lister: %v", err) } - isl := []storeToIngressLister{ingLister} + nsi := make(map[string]*namespacedInformer) + nsi[""] = &namespacedInformer{ingressLister: ingLister} su := statusUpdater{ client: fakeClient, namespace: "namespace", externalStatusAddress: "", - ingressLister: isl, + namespacedInformers: nsi, keyFunc: cache.DeletionHandlingMetaNamespaceKeyFunc, } diff --git a/internal/k8s/task_queue.go b/internal/k8s/task_queue.go index 5a77f4e718..021b415ed4 100644 --- a/internal/k8s/task_queue.go +++ b/internal/k8s/task_queue.go @@ -173,10 +173,10 @@ func newTask(key string, obj interface{}) (task, error) { } else if objectKind == appprotectdos.DosLogConfGVK.Kind { k = appProtectDosLogConf } else { - return task{}, fmt.Errorf("Unknown unstructured kind: %v", objectKind) + return task{}, fmt.Errorf("unknown unstructured kind: %v", objectKind) } default: - return task{}, fmt.Errorf("Unknown type: %v", t) + return task{}, fmt.Errorf("unknown type: %v", t) } return task{k, key}, nil diff --git a/internal/k8s/validation.go b/internal/k8s/validation.go index 4d51fce423..f5f6a5fb8e 100644 --- a/internal/k8s/validation.go +++ b/internal/k8s/validation.go @@ -72,18 +72,15 @@ const ( const ( commaDelimiter = "," annotationValueFmt = `([^"$\\]|\\[^$])*` - pathFmt = `/[^\s{};\\]*` jwtTokenValueFmt = "\\$" + annotationValueFmt ) const ( annotationValueFmtErrMsg = `a valid annotation value must have all '"' escaped and must not contain any '$' or end with an unescaped '\'` - pathErrMsg = "must start with / and must not include any whitespace character, `{`, `}` or `;`" jwtTokenValueFmtErrMsg = `a valid annotation value must start with '$', have all '"' escaped, and must not contain any '$' or end with an unescaped '\'` ) var ( - pathRegexp = regexp.MustCompile("^" + pathFmt + "$") validAnnotationValueRegex = regexp.MustCompile("^" + annotationValueFmt + "$") validJWTTokenAnnotationValueRegex = regexp.MustCompile("^" + jwtTokenValueFmt + "$") ) @@ -875,6 +872,13 @@ func validateBackend(backend *networking.IngressBackend, fieldPath *field.Path) return allErrs } +const ( + pathFmt = `/[^\s;]*` + pathErrMsg = "must start with / and must not include any whitespace character or `;`" +) + +var pathRegexp = regexp.MustCompile("^" + pathFmt + "$") + func validatePath(path string, fieldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} @@ -887,6 +891,80 @@ func validatePath(path string, fieldPath *field.Path) field.ErrorList { return append(allErrs, field.Invalid(fieldPath, path, msg)) } + allErrs = append(allErrs, validateRegexPath(path, fieldPath)...) + allErrs = append(allErrs, validateCurlyBraces(path, fieldPath)...) + allErrs = append(allErrs, validateIllegalKeywords(path, fieldPath)...) + + return allErrs +} + +func validateRegexPath(path string, fieldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if _, err := regexp.Compile(path); err != nil { + return append(allErrs, field.Invalid(fieldPath, path, fmt.Sprintf("must be a valid regular expression: %v", err))) + } + + if err := ValidateEscapedString(path, "*.jpg", "^/images/image_*.png$"); err != nil { + return append(allErrs, field.Invalid(fieldPath, path, err.Error())) + } + + return allErrs +} + +const ( + curlyBracesFmt = `\{(.*?)\}` + alphabetFmt = `[A-Za-z]` + curlyBracesMsg = `must not include curly braces containing alphabetical characters` +) + +var ( + curlyBracesFmtRegexp = regexp.MustCompile(curlyBracesFmt) + alphabetFmtRegexp = regexp.MustCompile(alphabetFmt) +) + +func validateCurlyBraces(path string, fieldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + bracesContents := curlyBracesFmtRegexp.FindAllStringSubmatch(path, -1) + for _, v := range bracesContents { + if alphabetFmtRegexp.MatchString(v[1]) { + return append(allErrs, field.Invalid(fieldPath, path, curlyBracesMsg)) + } + } + return allErrs +} + +const ( + escapedStringsFmt = `([^"\\]|\\.)*` + escapedStringsErrMsg = `must have all '"' (double quotes) escaped and must not end with an unescaped '\' (backslash)` +) + +var escapedStringsFmtRegexp = regexp.MustCompile("^" + escapedStringsFmt + "$") + +// ValidateEscapedString validates an escaped string. +func ValidateEscapedString(body string, examples ...string) error { + if !escapedStringsFmtRegexp.MatchString(body) { + msg := validation.RegexError(escapedStringsErrMsg, escapedStringsFmt, examples...) + return fmt.Errorf(msg) + } + return nil +} + +const ( + illegalKeywordFmt = `/etc/|/root|/var|\\n|\\r` + illegalKeywordErrMsg = `must not contain invalid paths` +) + +var illegalKeywordFmtRegexp = regexp.MustCompile("^" + illegalKeywordFmt + "$") + +func validateIllegalKeywords(path string, fieldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if illegalKeywordFmtRegexp.MatchString(path) { + return append(allErrs, field.Invalid(fieldPath, path, illegalKeywordErrMsg)) + } + return allErrs } diff --git a/internal/k8s/validation_test.go b/internal/k8s/validation_test.go index 68d83d65ef..1a383e028f 100644 --- a/internal/k8s/validation_test.go +++ b/internal/k8s/validation_test.go @@ -167,7 +167,7 @@ func TestValidateNginxIngressAnnotations(t *testing.T) { appProtectDosEnabled: false, internalRoutesEnabled: false, expectedErrors: []string{ - `annotations.nginx.org/lb-method: Invalid value: "invalid_method": Invalid load balancing method: "invalid_method"`, + `annotations.nginx.org/lb-method: Invalid value: "invalid_method": invalid load balancing method: "invalid_method"`, `annotations.nginx.org/mergeable-ingress-type: Invalid value: "invalid": must be one of: 'master' or 'minion'`, }, msg: "invalid multiple annotations messages in alphabetical order", @@ -248,7 +248,7 @@ func TestValidateNginxIngressAnnotations(t *testing.T) { appProtectDosEnabled: false, internalRoutesEnabled: false, expectedErrors: []string{ - `annotations.nginx.org/lb-method: Invalid value: "least_time header": Invalid load balancing method: "least_time header"`, + `annotations.nginx.org/lb-method: Invalid value: "least_time header": invalid load balancing method: "least_time header"`, }, msg: "invalid nginx.org/lb-method annotation, nginx plus only", }, @@ -262,7 +262,7 @@ func TestValidateNginxIngressAnnotations(t *testing.T) { appProtectDosEnabled: false, internalRoutesEnabled: false, expectedErrors: []string{ - `annotations.nginx.org/lb-method: Invalid value: "least_time header;": Invalid load balancing method: "least_time header;"`, + `annotations.nginx.org/lb-method: Invalid value: "least_time header;": invalid load balancing method: "least_time header;"`, }, msg: "invalid nginx.org/lb-method annotation", }, @@ -276,7 +276,7 @@ func TestValidateNginxIngressAnnotations(t *testing.T) { appProtectDosEnabled: false, internalRoutesEnabled: false, expectedErrors: []string{ - `annotations.nginx.org/lb-method: Invalid value: "{least_time header}": Invalid load balancing method: "{least_time header}"`, + `annotations.nginx.org/lb-method: Invalid value: "{least_time header}": invalid load balancing method: "{least_time header}"`, }, msg: "invalid nginx.org/lb-method annotation", }, @@ -290,7 +290,7 @@ func TestValidateNginxIngressAnnotations(t *testing.T) { appProtectDosEnabled: false, internalRoutesEnabled: false, expectedErrors: []string{ - `annotations.nginx.org/lb-method: Invalid value: "$least_time header": Invalid load balancing method: "$least_time header"`, + `annotations.nginx.org/lb-method: Invalid value: "$least_time header": invalid load balancing method: "$least_time header"`, }, msg: "invalid nginx.org/lb-method annotation", }, @@ -304,7 +304,7 @@ func TestValidateNginxIngressAnnotations(t *testing.T) { appProtectDosEnabled: false, internalRoutesEnabled: false, expectedErrors: []string{ - `annotations.nginx.org/lb-method: Invalid value: "invalid_method": Invalid load balancing method: "invalid_method"`, + `annotations.nginx.org/lb-method: Invalid value: "invalid_method": invalid load balancing method: "invalid_method"`, }, msg: "invalid nginx.org/lb-method annotation", }, @@ -3335,3 +3335,166 @@ func TestGetSpecServices(t *testing.T) { } } } + +func TestValidateRegexPath(t *testing.T) { + t.Parallel() + tests := []struct { + regexPath string + msg string + }{ + { + regexPath: "/foo.*\\.jpg", + msg: "case sensitive regexp", + }, + { + regexPath: "/Bar.*\\.jpg", + msg: "case insensitive regexp", + }, + { + regexPath: `/f\"oo.*\\.jpg`, + msg: "regexp with escaped double quotes", + }, + { + regexPath: "/[0-9a-z]{4}[0-9]+", + msg: "regexp with curly braces", + }, + } + + for _, test := range tests { + allErrs := validateRegexPath(test.regexPath, field.NewPath("path")) + if len(allErrs) != 0 { + t.Errorf("validateRegexPath(%v) returned errors for valid input for the case of %v", test.regexPath, test.msg) + } + } +} + +func TestValidateRegexPathFails(t *testing.T) { + t.Parallel() + tests := []struct { + regexPath string + msg string + }{ + { + regexPath: "[{", + msg: "invalid regexp", + }, + { + regexPath: `/foo"`, + msg: "unescaped double quotes", + }, + { + regexPath: `"`, + msg: "empty regex", + }, + { + regexPath: `/foo\`, + msg: "ending in backslash", + }, + } + + for _, test := range tests { + allErrs := validateRegexPath(test.regexPath, field.NewPath("path")) + if len(allErrs) == 0 { + t.Errorf("validateRegexPath(%v) returned no errors for invalid input for the case of %v", test.regexPath, test.msg) + } + } +} + +func TestValidatePath(t *testing.T) { + t.Parallel() + + validPaths := []string{ + "/", + "/path", + "/a-1/_A/", + "/[A-Za-z]{6}/[a-z]{1,2}", + "/[0-9a-z]{4}[0-9]", + "/foo.*\\.jpg", + "/Bar.*\\.jpg", + `/f\"oo.*\\.jpg`, + "/[0-9a-z]{4}[0-9]+", + "/[a-z]{1,2}", + "/[A-Z]{6}", + "/[A-Z]{6}/[a-z]{1,2}", + "/path", + "/abc}{abc", + } + + for _, path := range validPaths { + allErrs := validatePath(path, field.NewPath("path")) + if len(allErrs) > 0 { + t.Errorf("validatePath(%q) returned errors %v for valid input", path, allErrs) + } + } + + invalidPaths := []string{ + "", + " /", + "/ ", + "/abc;", + `/path\`, + `/path\n`, + `/var/run/secrets`, + "/{autoindex on; root /var/run/secrets;}location /tea", + "/{root}", + } + + for _, path := range invalidPaths { + allErrs := validatePath(path, field.NewPath("path")) + if len(allErrs) == 0 { + t.Errorf("validatePath(%q) returned no errors for invalid input", path) + } + } +} + +func TestValidateCurlyBraces(t *testing.T) { + t.Parallel() + + validPaths := []string{ + "/[a-z]{1,2}", + "/[A-Z]{6}", + "/[A-Z]{6}/[a-z]{1,2}", + "/path", + "/abc}{abc", + } + + for _, path := range validPaths { + allErrs := validateCurlyBraces(path, field.NewPath("path")) + if len(allErrs) > 0 { + t.Errorf("validatePath(%q) returned errors %v for valid input", path, allErrs) + } + } + + invalidPaths := []string{ + "/[A-Z]{a}", + "/{abc}abc", + "/abc{a1}", + } + + for _, path := range invalidPaths { + allErrs := validateCurlyBraces(path, field.NewPath("path")) + if len(allErrs) == 0 { + t.Errorf("validateCurlyBraces(%q) returned no errors for invalid input", path) + } + } +} + +func TestValidateIllegalKeywords(t *testing.T) { + t.Parallel() + + invalidPaths := []string{ + "/root", + "/etc/nginx/secrets", + "/etc/passwd", + "/var/run/secrets", + `\n`, + `\r`, + } + + for _, path := range invalidPaths { + allErrs := validateIllegalKeywords(path, field.NewPath("path")) + if len(allErrs) == 0 { + t.Errorf("validateCurlyBraces(%q) returned no errors for invalid input", path) + } + } +} diff --git a/internal/nginx/manager.go b/internal/nginx/manager.go index 93949f20fd..561a7c2f75 100644 --- a/internal/nginx/manager.go +++ b/internal/nginx/manager.go @@ -1,6 +1,7 @@ package nginx import ( + "context" "fmt" "net/http" "os" @@ -235,7 +236,7 @@ func (lm *LocalManager) CreateDHParam(content string) (string, error) { err := createFileAndWrite(lm.dhparamFilename, []byte(content)) if err != nil { - return lm.dhparamFilename, fmt.Errorf("Failed to write dhparam file from %v: %w", lm.dhparamFilename, err) + return lm.dhparamFilename, fmt.Errorf("failed to write dhparam file from %v: %w", lm.dhparamFilename, err) } return lm.dhparamFilename, nil @@ -362,7 +363,7 @@ func (lm *LocalManager) SetPlusClients(plusClient *client.NginxClient, plusConfi // UpdateServersInPlus updates NGINX Plus servers of the given upstream. func (lm *LocalManager) UpdateServersInPlus(upstream string, servers []string, config ServerConfig) error { - err := verifyConfigVersion(lm.plusConfigVersionCheckClient, lm.configVersion) + err := verifyConfigVersion(lm.plusConfigVersionCheckClient, lm.configVersion, lm.verifyClient.timeout) if err != nil { return fmt.Errorf("error verifying config version: %w", err) } @@ -393,7 +394,7 @@ func (lm *LocalManager) UpdateServersInPlus(upstream string, servers []string, c // UpdateStreamServersInPlus updates NGINX Plus stream servers of the given upstream. func (lm *LocalManager) UpdateStreamServersInPlus(upstream string, servers []string) error { - err := verifyConfigVersion(lm.plusConfigVersionCheckClient, lm.configVersion) + err := verifyConfigVersion(lm.plusConfigVersionCheckClient, lm.configVersion, lm.verifyClient.timeout) if err != nil { return fmt.Errorf("error verifying config version: %w", err) } @@ -423,7 +424,7 @@ func (lm *LocalManager) CreateOpenTracingTracerConfig(content string) error { glog.V(3).Infof("Writing OpenTracing tracer config file to %v", jsonFileForOpenTracingTracer) err := createFileAndWrite(jsonFileForOpenTracingTracer, []byte(content)) if err != nil { - return fmt.Errorf("Failed to write config file: %w", err) + return fmt.Errorf("failed to write config file: %w", err) } return nil @@ -432,8 +433,11 @@ func (lm *LocalManager) CreateOpenTracingTracerConfig(content string) error { // verifyConfigVersion is used to check if the worker process that the API client is connected // to is using the latest version of nginx config. This way we avoid making changes on // a worker processes that is being shut down. -func verifyConfigVersion(httpClient *http.Client, configVersion int) error { - req, err := http.NewRequest("GET", "http://nginx-plus-api/configVersionCheck", nil) +func verifyConfigVersion(httpClient *http.Client, configVersion int, timeout time.Duration) error { + ctx := context.Background() + reqContext, cancel := context.WithTimeout(ctx, timeout) + defer cancel() + req, err := http.NewRequestWithContext(reqContext, "GET", "http://nginx-plus-api/configVersionCheck", nil) if err != nil { return fmt.Errorf("error creating request: %w", err) } diff --git a/internal/nginx/utils.go b/internal/nginx/utils.go index 6cc70c742a..682db8ca15 100644 --- a/internal/nginx/utils.go +++ b/internal/nginx/utils.go @@ -22,12 +22,12 @@ func shellOut(cmd string) (err error) { err = command.Start() if err != nil { - return fmt.Errorf("Failed to execute %v, err: %w", cmd, err) + return fmt.Errorf("failed to execute %v, err: %w", cmd, err) } err = command.Wait() if err != nil { - return fmt.Errorf("Command %v stdout: %q\nstderr: %q\nfinished with error: %w", cmd, + return fmt.Errorf("command %v stdout: %q\nstderr: %q\nfinished with error: %w", cmd, stdout.String(), stderr.String(), err) } return nil @@ -36,14 +36,14 @@ func shellOut(cmd string) (err error) { func createFileAndWrite(name string, b []byte) error { w, err := os.Create(name) if err != nil { - return fmt.Errorf("Failed to open %v: %w", name, err) + return fmt.Errorf("failed to open %v: %w", name, err) } defer w.Close() _, err = w.Write(b) if err != nil { - return fmt.Errorf("Failed to write to %v: %w", name, err) + return fmt.Errorf("failed to write to %v: %w", name, err) } return nil diff --git a/internal/nginx/verify.go b/internal/nginx/verify.go index cdb9142a05..ffb2d60838 100644 --- a/internal/nginx/verify.go +++ b/internal/nginx/verify.go @@ -37,7 +37,15 @@ func newVerifyClient(timeout time.Duration) *verifyClient { // GetConfigVersion get version number that we put in the nginx config to verify that we're using // the correct config. func (c *verifyClient) GetConfigVersion() (int, error) { - resp, err := c.client.Get("http://config-version/configVersion") + ctx := context.Background() + reqContext, cancel := context.WithTimeout(ctx, c.timeout) + defer cancel() + req, err := http.NewRequestWithContext(reqContext, "GET", "http://config-version/configVersion", nil) + if err != nil { + return 0, fmt.Errorf("error creating request: %w", err) + } + + resp, err := c.client.Do(req) if err != nil { return 0, fmt.Errorf("error getting client: %w", err) } diff --git a/netlify.toml b/netlify.toml index 4299c409f4..5b07abb0b9 100644 --- a/netlify.toml +++ b/netlify.toml @@ -43,5 +43,3 @@ from = "*" to = "/nginx-ingress-controller/404.html" status = 404 - - diff --git a/perf-tests/requirements.txt b/perf-tests/requirements.txt index 37afa615e3..a8228452cf 100644 --- a/perf-tests/requirements.txt +++ b/perf-tests/requirements.txt @@ -1,10 +1,10 @@ +certifi==2022.9.24 +cffi==1.15.1 +kubernetes==25.3.0 +locust==2.13.0 +pytest==7.2.0 +pytest-html==3.2.0 +pytest-repeat==0.9.1 PyYAML==6.0 requests==2.28.1 -kubernetes==24.2.0 -pytest==7.1.3 -cffi==1.15.1 -certifi==2022.9.14 urllib3==1.26.12 -pytest-html==3.1.1 -pytest-repeat==0.9.1 -locust==2.12.1 \ No newline at end of file diff --git a/pkg/apis/configuration/validation/virtualserver_test.go b/pkg/apis/configuration/validation/virtualserver_test.go index de16fef91a..2280e48935 100644 --- a/pkg/apis/configuration/validation/virtualserver_test.go +++ b/pkg/apis/configuration/validation/virtualserver_test.go @@ -1465,6 +1465,10 @@ func TestValidateRegexPath(t *testing.T) { regexPath: `~ ^/f\"oo.*\\.jpg`, msg: "regexp with escaped double quotes", }, + { + regexPath: "~ [0-9a-z]{4}[0-9]+", + msg: "regexp with curly braces", + }, } for _, test := range tests { @@ -1526,6 +1530,8 @@ func TestValidateRoutePath(t *testing.T) { invalidPaths := []string{ "", "invalid", + // regex without preceding "~*" modifier + "^/foo.*\\.jpg", } for _, path := range invalidPaths { diff --git a/pkg/apis/dos/validation/dos.go b/pkg/apis/dos/validation/dos.go index 55cb97555e..853d25b842 100644 --- a/pkg/apis/dos/validation/dos.go +++ b/pkg/apis/dos/validation/dos.go @@ -19,7 +19,6 @@ var appProtectDosPolicyRequiredFields = [][]string{ } var appProtectDosLogConfRequiredFields = [][]string{ - {"spec", "content"}, {"spec", "filter"}, } @@ -90,15 +89,28 @@ func validateResourceReference(ref string) error { return nil } +// checkAppProtectDosLogConfContentField check conetent field doesnt appear in dos log +func checkAppProtectDosLogConfContentField(obj *unstructured.Unstructured) string { + _, found, err := unstructured.NestedMap(obj.Object, "spec", "content") + if err == nil && found { + unstructured.RemoveNestedField(obj.Object, "spec", "content") + msg := "the Content field is not supported, defaulting to splunk format." + return msg + } + + return "" +} + // ValidateAppProtectDosLogConf validates LogConfiguration resource -func ValidateAppProtectDosLogConf(logConf *unstructured.Unstructured) error { +func ValidateAppProtectDosLogConf(logConf *unstructured.Unstructured) (string, error) { lcName := logConf.GetName() err := validation2.ValidateRequiredFields(logConf, appProtectDosLogConfRequiredFields) if err != nil { - return fmt.Errorf("error validating App Protect Dos Log Configuration %v: %w", lcName, err) + return "", fmt.Errorf("error validating App Protect Dos Log Configuration %v: %w", lcName, err) } + warning := checkAppProtectDosLogConfContentField(logConf) - return nil + return warning, nil } var ( @@ -161,7 +173,7 @@ func validateAppProtectDosMonitor(apDosMonitor v1beta1.ApDosMonitor) error { allErrs = append(allErrs, validation2.ValidateParameter(apDosMonitor.Protocol, validMonitorProtocol, fieldPath)...) err := allErrs.ToAggregate() if err != nil { - return fmt.Errorf("app Protect Dos Monitor Protocol must be: %v", err) + return fmt.Errorf("app Protect Dos Monitor Protocol must be: %w", err) } } diff --git a/pkg/apis/dos/validation/dos_test.go b/pkg/apis/dos/validation/dos_test.go index 11081f7633..fdb92c2661 100644 --- a/pkg/apis/dos/validation/dos_test.go +++ b/pkg/apis/dos/validation/dos_test.go @@ -240,66 +240,91 @@ func TestValidateAppProtectDosAccessLogDest(t *testing.T) { func TestValidateAppProtectDosLogConf(t *testing.T) { t.Parallel() tests := []struct { - logConf *unstructured.Unstructured - expectErr bool - msg string + logConf *unstructured.Unstructured + expectErr bool + expectWarn bool + msg string }{ { logConf: &unstructured.Unstructured{ Object: map[string]interface{}{ "spec": map[string]interface{}{ - "content": map[string]interface{}{}, - "filter": map[string]interface{}{}, + "filter": map[string]interface{}{}, }, }, }, - expectErr: false, - msg: "valid log conf", + expectErr: false, + expectWarn: false, + msg: "valid log conf", }, { logConf: &unstructured.Unstructured{ Object: map[string]interface{}{ - "spec": map[string]interface{}{ + "spec": map[string]interface{}{}, + }, + }, + expectErr: true, + expectWarn: false, + msg: "invalid log conf with no filter field", + }, + { + logConf: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "something": map[string]interface{}{ "filter": map[string]interface{}{}, }, }, }, - expectErr: true, - msg: "invalid log conf with no content field", + expectErr: true, + expectWarn: false, + msg: "invalid log conf with no spec field", }, { logConf: &unstructured.Unstructured{ Object: map[string]interface{}{ "spec": map[string]interface{}{ - "content": map[string]interface{}{}, + "content": map[string]interface{}{ + "format": "user-defined", + }, + "filter": map[string]interface{}{}, }, }, }, - expectErr: true, - msg: "invalid log conf with no filter field", + expectErr: false, + expectWarn: true, + msg: "Support only splunk format", }, { logConf: &unstructured.Unstructured{ Object: map[string]interface{}{ - "something": map[string]interface{}{ - "content": map[string]interface{}{}, - "filter": map[string]interface{}{}, + "spec": map[string]interface{}{ + "filter": map[string]interface{}{}, + "content": map[string]interface{}{ + "format": "user-defined", + }, }, }, }, - expectErr: true, - msg: "invalid log conf with no spec field", + expectErr: false, + expectWarn: true, + msg: "valid log conf with warning filter field", }, } for _, test := range tests { - err := ValidateAppProtectDosLogConf(test.logConf) + warn, err := ValidateAppProtectDosLogConf(test.logConf) if test.expectErr && err == nil { t.Errorf("validateAppProtectDosLogConf() returned no error for the case of %s", test.msg) } if !test.expectErr && err != nil { t.Errorf("validateAppProtectDosLogConf() returned unexpected error %v for the case of %s", err, test.msg) } + if test.expectWarn && warn == "" { + t.Errorf("validateAppProtectDosLogConf() returned no warning for the case of %s", test.msg) + } + if !test.expectWarn && warn != "" { + t.Errorf("validateAppProtectDosLogConf() returned unexpected warning: %s, for the case of %s", warn, test.msg) + } } } diff --git a/pyproject.toml b/pyproject.toml index 0008b64cff..ef12127657 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -17,6 +17,8 @@ pythonpath = [ ".", "tests/suite", "tests/suite/grpc", + "tests/suite/fixtures", + "tests/suite/utils", ] addopts = "--tb=native -ra --disable-warnings -x -l --profile -v" log_cli = true diff --git a/tests/.gitignore b/tests/.gitignore index 501e291663..e3a489170b 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -20,4 +20,4 @@ __pycache__/ *.prof # json artifacts -json_files/* \ No newline at end of file +json_files/* diff --git a/tests/conftest.py b/tests/conftest.py index a8d6d69947..5a23efad51 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -16,7 +16,7 @@ NS_COUNT, NUM_REPLICAS, ) -from suite.resources_utils import get_first_pod_name +from suite.utils.resources_utils import get_first_pod_name def pytest_addoption(parser) -> None: @@ -111,7 +111,7 @@ def pytest_addoption(parser) -> None: # import fixtures into pytest global namespace -pytest_plugins = ["suite.fixtures", "suite.ic_fixtures", "suite.custom_resource_fixtures"] +pytest_plugins = ["suite.fixtures.fixtures", "suite.fixtures.ic_fixtures", "suite.fixtures.custom_resource_fixtures"] def pytest_collection_modifyitems(config, items) -> None: diff --git a/tests/data/access-control/policies/access-control-policy-allow.yaml b/tests/data/access-control/policies/access-control-policy-allow.yaml index def8538f6d..0183b0a0a9 100644 --- a/tests/data/access-control/policies/access-control-policy-allow.yaml +++ b/tests/data/access-control/policies/access-control-policy-allow.yaml @@ -1,8 +1,8 @@ apiVersion: k8s.nginx.org/v1 -kind: Policy +kind: Policy metadata: - name: allow-policy + name: allow-policy spec: accessControl: allow: - - 10.0.0.1 \ No newline at end of file + - 10.0.0.1 diff --git a/tests/data/access-control/policies/access-control-policy-deny.yaml b/tests/data/access-control/policies/access-control-policy-deny.yaml index 227e0640e2..e433f31983 100644 --- a/tests/data/access-control/policies/access-control-policy-deny.yaml +++ b/tests/data/access-control/policies/access-control-policy-deny.yaml @@ -1,8 +1,8 @@ apiVersion: k8s.nginx.org/v1 -kind: Policy +kind: Policy metadata: name: deny-policy spec: accessControl: deny: - - 10.0.0.1 \ No newline at end of file + - 10.0.0.1 diff --git a/tests/data/access-control/policies/access-control-policy-invalid.yaml b/tests/data/access-control/policies/access-control-policy-invalid.yaml index 714985b477..47f3f5fc69 100644 --- a/tests/data/access-control/policies/access-control-policy-invalid.yaml +++ b/tests/data/access-control/policies/access-control-policy-invalid.yaml @@ -1,8 +1,8 @@ apiVersion: k8s.nginx.org/v1 -kind: Policy +kind: Policy metadata: - name: invalid-policy + name: invalid-policy spec: accessControl: deny: - - 192.168.0.0/255 \ No newline at end of file + - 192.168.0.0/255 diff --git a/tests/data/access-control/route-subroute/virtual-server-allow-route.yaml b/tests/data/access-control/route-subroute/virtual-server-allow-route.yaml index 1442a1bc98..f8df41f33b 100644 --- a/tests/data/access-control/route-subroute/virtual-server-allow-route.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-allow-route.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/access-control/route-subroute/virtual-server-deny-route.yaml b/tests/data/access-control/route-subroute/virtual-server-deny-route.yaml index f1594c32e6..9b2fe45794 100644 --- a/tests/data/access-control/route-subroute/virtual-server-deny-route.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-deny-route.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/access-control/route-subroute/virtual-server-invalid-route.yaml b/tests/data/access-control/route-subroute/virtual-server-invalid-route.yaml index 2cd584e4cc..7d47d7864a 100644 --- a/tests/data/access-control/route-subroute/virtual-server-invalid-route.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-invalid-route.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/access-control/route-subroute/virtual-server-override-route.yaml b/tests/data/access-control/route-subroute/virtual-server-override-route.yaml index 491f209bf2..28d1fc1a39 100644 --- a/tests/data/access-control/route-subroute/virtual-server-override-route.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-override-route.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/access-control/route-subroute/virtual-server-override-spec-route.yaml b/tests/data/access-control/route-subroute/virtual-server-override-spec-route.yaml index d6cc158f7d..01952ade78 100644 --- a/tests/data/access-control/route-subroute/virtual-server-override-spec-route.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-override-spec-route.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/access-control/route-subroute/virtual-server-route-allow-subroute.yaml b/tests/data/access-control/route-subroute/virtual-server-route-allow-subroute.yaml index 37188f6a83..2a1c96ff6e 100644 --- a/tests/data/access-control/route-subroute/virtual-server-route-allow-subroute.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-route-allow-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/access-control/route-subroute/virtual-server-route-deny-subroute.yaml b/tests/data/access-control/route-subroute/virtual-server-route-deny-subroute.yaml index 6b51d1d22c..e50fe40e21 100644 --- a/tests/data/access-control/route-subroute/virtual-server-route-deny-subroute.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-route-deny-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/access-control/route-subroute/virtual-server-route-invalid-subroute.yaml b/tests/data/access-control/route-subroute/virtual-server-route-invalid-subroute.yaml index 61d77912f2..7e545ab111 100644 --- a/tests/data/access-control/route-subroute/virtual-server-route-invalid-subroute.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-route-invalid-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/access-control/route-subroute/virtual-server-route-override-subroute.yaml b/tests/data/access-control/route-subroute/virtual-server-route-override-subroute.yaml index ad26821612..68dfaa360e 100644 --- a/tests/data/access-control/route-subroute/virtual-server-route-override-subroute.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-route-override-subroute.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/access-control/route-subroute/virtual-server-vsr-route-override.yaml b/tests/data/access-control/route-subroute/virtual-server-vsr-route-override.yaml index ac261605a4..18feeb9b62 100644 --- a/tests/data/access-control/route-subroute/virtual-server-vsr-route-override.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-vsr-route-override.yaml @@ -10,4 +10,4 @@ spec: - name: deny-policy route: backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/access-control/route-subroute/virtual-server-vsr-spec-override.yaml b/tests/data/access-control/route-subroute/virtual-server-vsr-spec-override.yaml index 352c73e212..e257bdc77b 100644 --- a/tests/data/access-control/route-subroute/virtual-server-vsr-spec-override.yaml +++ b/tests/data/access-control/route-subroute/virtual-server-vsr-spec-override.yaml @@ -10,4 +10,4 @@ spec: - path: "/backends" route: backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/access-control/spec/virtual-server-allow.yaml b/tests/data/access-control/spec/virtual-server-allow.yaml index 0b5acd7968..c514a13f84 100644 --- a/tests/data/access-control/spec/virtual-server-allow.yaml +++ b/tests/data/access-control/spec/virtual-server-allow.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/access-control/spec/virtual-server-deny.yaml b/tests/data/access-control/spec/virtual-server-deny.yaml index 235764e56d..1ac52756bb 100644 --- a/tests/data/access-control/spec/virtual-server-deny.yaml +++ b/tests/data/access-control/spec/virtual-server-deny.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/access-control/spec/virtual-server-invalid.yaml b/tests/data/access-control/spec/virtual-server-invalid.yaml index fd34324f87..578bd1b867 100644 --- a/tests/data/access-control/spec/virtual-server-invalid.yaml +++ b/tests/data/access-control/spec/virtual-server-invalid.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/access-control/spec/virtual-server-override.yaml b/tests/data/access-control/spec/virtual-server-override.yaml index c7da605887..5b6243d843 100644 --- a/tests/data/access-control/spec/virtual-server-override.yaml +++ b/tests/data/access-control/spec/virtual-server-override.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/access-control/standard/virtual-server.yaml b/tests/data/access-control/standard/virtual-server.yaml index 177bc6cd1f..5062d0079d 100644 --- a/tests/data/access-control/standard/virtual-server.yaml +++ b/tests/data/access-control/standard/virtual-server.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/annotations/configmap-with-keys.yaml b/tests/data/annotations/configmap-with-keys.yaml index d40edd3698..d6aa14b435 100644 --- a/tests/data/annotations/configmap-with-keys.yaml +++ b/tests/data/annotations/configmap-with-keys.yaml @@ -7,4 +7,4 @@ data: proxy-send-timeout: "33s" hsts: "True" hsts-behind-proxy: "True" - upstream-zone-size: "100k" \ No newline at end of file + upstream-zone-size: "100k" diff --git a/tests/data/annotations/standard/annotations-ingress-snippets.yaml b/tests/data/annotations/standard/annotations-ingress-snippets.yaml index 1589bd724a..0e58e21806 100644 --- a/tests/data/annotations/standard/annotations-ingress-snippets.yaml +++ b/tests/data/annotations/standard/annotations-ingress-snippets.yaml @@ -17,4 +17,3 @@ spec: name: backend2-svc port: number: 80 - diff --git a/tests/data/ap-waf-grpc/grpc-block-saygoodbye.yaml b/tests/data/ap-waf-grpc/grpc-block-saygoodbye.yaml index 852a7f4c24..9fa62daadd 100644 --- a/tests/data/ap-waf-grpc/grpc-block-saygoodbye.yaml +++ b/tests/data/ap-waf-grpc/grpc-block-saygoodbye.yaml @@ -8,7 +8,7 @@ spec: violations: - name: VIOL_GRPC_METHOD block: true - alarm: true + alarm: true applicationLanguage: utf-8 bot-defense: settings: @@ -26,7 +26,7 @@ spec: idl-files: - isBase64: true fileName: autheid.proto - contents: Ly8gVGhlIGdyZWV0aW5nIHNlcnZpY2UgZGVmaW5pdGlvbi4KCnN5bnRheCA9ICJwcm90bzMiOwoKcGFja2FnZSBoZWxsb3dvcmxkOwoKc2VydmljZSBHcmVldGVyIHsKICAvLyBTZW5kcyBhIGdyZWV0aW5nCiAgcnBjIFNheUhlbGxvIChIZWxsb1JlcXVlc3QpIHJldHVybnMgKEhlbGxvUmVwbHkpIHt9Cn0KCi8vIFRoZSByZXF1ZXN0IG1lc3NhZ2UgY29udGFpbmluZyB0aGUgdXNlcidzIG5hbWUuCm1lc3NhZ2UgSGVsbG9SZXF1ZXN0IHsKICBzdHJpbmcgbmFtZSA9IDE7Cn0KCi8vIFRoZSByZXNwb25zZSBtZXNzYWdlIGNvbnRhaW5pbmcgdGhlIGdyZWV0aW5ncwptZXNzYWdlIEhlbGxvUmVwbHkgewogIHN0cmluZyBtZXNzYWdlID0gMTsKfQo= + contents: Ly8gVGhlIGdyZWV0aW5nIHNlcnZpY2UgZGVmaW5pdGlvbi4KCnN5bnRheCA9ICJwcm90bzMiOwoKcGFja2FnZSBoZWxsb3dvcmxkOwoKc2VydmljZSBHcmVldGVyIHsKICAvLyBTZW5kcyBhIGdyZWV0aW5nCiAgcnBjIFNheUhlbGxvIChIZWxsb1JlcXVlc3QpIHJldHVybnMgKEhlbGxvUmVwbHkpIHt9Cn0KCi8vIFRoZSByZXF1ZXN0IG1lc3NhZ2UgY29udGFpbmluZyB0aGUgdXNlcidzIG5hbWUuCm1lc3NhZ2UgSGVsbG9SZXF1ZXN0IHsKICBzdHJpbmcgbmFtZSA9IDE7Cn0KCi8vIFRoZSByZXNwb25zZSBtZXNzYWdlIGNvbnRhaW5pbmcgdGhlIGdyZWV0aW5ncwptZXNzYWdlIEhlbGxvUmVwbHkgewogIHN0cmluZyBtZXNzYWdlID0gMTsKfQo= name: valid_string_encoding_policy template: name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/ap-waf-grpc/grpc-block-sayhello.yaml b/tests/data/ap-waf-grpc/grpc-block-sayhello.yaml index 35ff38480b..94931a7491 100644 --- a/tests/data/ap-waf-grpc/grpc-block-sayhello.yaml +++ b/tests/data/ap-waf-grpc/grpc-block-sayhello.yaml @@ -8,7 +8,7 @@ spec: violations: - name: VIOL_GRPC_METHOD block: true - alarm: true + alarm: true applicationLanguage: utf-8 bot-defense: settings: @@ -26,7 +26,7 @@ spec: idl-files: - isBase64: true fileName: autheid.proto - contents: Ly8gVGhlIGdyZWV0aW5nIHNlcnZpY2UgZGVmaW5pdGlvbi4KCnN5bnRheCA9ICJwcm90bzMiOwoKcGFja2FnZSBoZWxsb3dvcmxkOwoKc2VydmljZSBHcmVldGVyIHsKICAvLyBTZW5kcyBhIGdyZWV0aW5nCiAgcnBjIFNheUdvb2RieWUgKEhlbGxvUmVxdWVzdCkgcmV0dXJucyAoSGVsbG9SZXBseSkge30KfQoKLy8gVGhlIHJlcXVlc3QgbWVzc2FnZSBjb250YWluaW5nIHRoZSB1c2VyJ3MgbmFtZS4KbWVzc2FnZSBIZWxsb1JlcXVlc3QgewogIHN0cmluZyBuYW1lID0gMTsKfQoKLy8gVGhlIHJlc3BvbnNlIG1lc3NhZ2UgY29udGFpbmluZyB0aGUgZ3JlZXRpbmdzCm1lc3NhZ2UgSGVsbG9SZXBseSB7CiAgc3RyaW5nIG1lc3NhZ2UgPSAxOwp9Cg== + contents: Ly8gVGhlIGdyZWV0aW5nIHNlcnZpY2UgZGVmaW5pdGlvbi4KCnN5bnRheCA9ICJwcm90bzMiOwoKcGFja2FnZSBoZWxsb3dvcmxkOwoKc2VydmljZSBHcmVldGVyIHsKICAvLyBTZW5kcyBhIGdyZWV0aW5nCiAgcnBjIFNheUdvb2RieWUgKEhlbGxvUmVxdWVzdCkgcmV0dXJucyAoSGVsbG9SZXBseSkge30KfQoKLy8gVGhlIHJlcXVlc3QgbWVzc2FnZSBjb250YWluaW5nIHRoZSB1c2VyJ3MgbmFtZS4KbWVzc2FnZSBIZWxsb1JlcXVlc3QgewogIHN0cmluZyBuYW1lID0gMTsKfQoKLy8gVGhlIHJlc3BvbnNlIG1lc3NhZ2UgY29udGFpbmluZyB0aGUgZ3JlZXRpbmdzCm1lc3NhZ2UgSGVsbG9SZXBseSB7CiAgc3RyaW5nIG1lc3NhZ2UgPSAxOwp9Cg== name: valid_string_encoding_policy template: name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/ap-waf-grpc/nginx-config.yaml b/tests/data/ap-waf-grpc/nginx-config.yaml index 746232549d..424a63e01f 100644 --- a/tests/data/ap-waf-grpc/nginx-config.yaml +++ b/tests/data/ap-waf-grpc/nginx-config.yaml @@ -4,4 +4,4 @@ metadata: name: nginx-config namespace: nginx-ingress data: - http2: "true" \ No newline at end of file + http2: "true" diff --git a/tests/data/ap-waf-grpc/tls-secret.yaml b/tests/data/ap-waf-grpc/tls-secret.yaml index 0c9ecd6f75..762f03e7b8 100644 --- a/tests/data/ap-waf-grpc/tls-secret.yaml +++ b/tests/data/ap-waf-grpc/tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURzakNDQXBvQ0NRREdqUVE5L3hnejZqQU5CZ2txaGtpRzl3MEJBUXNGQURDQm1qRUxNQWtHQTFVRUJoTUMKU1VVeERUQUxCZ05WQkFnTUJFTnZjbXN4RFRBTEJnTlZCQWNNQkVOdmNtc3hFekFSQmdOVkJBb01DazVIU1U1WQpMQ0JKYm1NeERqQU1CZ05WQkFzTUJVNUhTVTVZTVNNd0lRWURWUVFEREJwMmFYSjBkV0ZzTFhObGNuWmxjaTVsCmVHRnRjR3hsTG1OdmJURWpNQ0VHQ1NxR1NJYjNEUUVKQVJZVWEzVmlaWEp1WlhSbGMwQnVaMmx1ZUM1amIyMHcKSGhjTk1qRXhNVEkxTVRrek5qUXdXaGNOTWpNeE1ESTJNVGt6TmpRd1dqQ0JtakVMTUFrR0ExVUVCaE1DU1VVeApEVEFMQmdOVkJBZ01CRU52Y21zeERUQUxCZ05WQkFjTUJFTnZjbXN4RXpBUkJnTlZCQW9NQ2s1SFNVNVlMQ0JKCmJtTXhEakFNQmdOVkJBc01CVTVIU1U1WU1TTXdJUVlEVlFRRERCcDJhWEowZFdGc0xYTmxjblpsY2k1bGVHRnQKY0d4bExtTnZiVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVhM1ZpWlhKdVpYUmxjMEJ1WjJsdWVDNWpiMjB3Z2dFaQpNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNoYnlha0tlbzZzR2Q0eFBva3dQaHpjMGcvCnNiNXZpZnNnbHJvc2IyUjhjaGJtQlJRV1lGZlNzbldidWtkejB2RFVaWHhlY1hOZUdKVFc0WWdOOUZUSERnQXcKNjhxNWFBS3RiY1d2ejlDVEd0RkthdW5GcE1GU21pcWU5VHFQM1JaVkJGa1gwWFkzYTFWbmlQNDFxV2wxdnVKQgpMM2JwKzlzNVVadnMraER4UFFuMG5xSFJCQ0t2VDNUZWpHbnJPelprQ2ljUGhSS0hhNnExNlhiNGhGd2E4RXB2CmhYMFZkWVNDNFMzL2xSNThkNFJxL0lJSmUyZlhpZTJwcFF5UUpsNTJ6SGZvUnVFK3VvM3NsMmREdDF6dC96Yk0Ka2M3bmZiYzJqZFVoT0FONGhOOEowS0NvWEI4U3FwcjcxNXlKdklJc3ZSRC9RRFNyd1BQeXh2N1VnMTZoQWdNQgpBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUY3SFg5OUY5Q2FsMEplZzJScktSS3lxTXBrWGNKWjhEd2RJCkdmMm9UL2I5OGdmRWxhbFgxMHBQc2lHQ2NVOFJjRW9wdzJ6bHdUNXNSTDVXWVVyN3FnS1RKOXR0cm9rRUhPL0IKYUdORWsveFpNZ1JkOFpVL1NTOGdsQ0tjUGdOekI4TmVhQmV2U3lhT0NJYndjMWZSalF0YlVjYkp3N3JWUlp6cApaU1JJZWVPVVV2ZVg1RDZaNGQyN2RGd1pKU1B3TkV3eVlnZERKQWxhelMwMnJOZDZRUktwTFViNUJSUlB4aVYvCmtvNGUxK1h0V3FvVFpWMi9IbDZRWnB6MzdyMjZXQ0dxbUpHYnJzM0JmRkwxUFkvTEFqY1NZOVRrNU9kdU80SXcKM09PN3p5UTV3eDhuc3V4SHlQOUJUMFh3aU5hMzU1RXpwd3V6N1hyTzI0ZElNYjVsZWRnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ2hieWFrS2VvNnNHZDQKeFBva3dQaHpjMGcvc2I1dmlmc2dscm9zYjJSOGNoYm1CUlFXWUZmU3NuV2J1a2R6MHZEVVpYeGVjWE5lR0pUVwo0WWdOOUZUSERnQXc2OHE1YUFLdGJjV3Z6OUNUR3RGS2F1bkZwTUZTbWlxZTlUcVAzUlpWQkZrWDBYWTNhMVZuCmlQNDFxV2wxdnVKQkwzYnArOXM1VVp2cytoRHhQUW4wbnFIUkJDS3ZUM1Rlakduck96WmtDaWNQaFJLSGE2cTEKNlhiNGhGd2E4RXB2aFgwVmRZU0M0UzMvbFI1OGQ0UnEvSUlKZTJmWGllMnBwUXlRSmw1MnpIZm9SdUUrdW8zcwpsMmREdDF6dC96Yk1rYzduZmJjMmpkVWhPQU40aE44SjBLQ29YQjhTcXByNzE1eUp2SUlzdlJEL1FEU3J3UFB5Cnh2N1VnMTZoQWdNQkFBRUNnZ0VBWm5KWlBWajBNaVo4bzZHdGRPR1pTZnJnNExyMXRXY0ZIVnRKN3FVS1NnZEYKRE5nd05Uc1N3TDFMOFhXM25vTkJIaWtCVWhZQk5yZTJ6TjczTHBQZHNTenJaaUJjMkdodk9vd3RKak5sazlVeQorRno4MmRhQ2NOOHhLUXRMREwwclRPeWpkWUFSMjMyY0IwWml2TDgwRStyOVBveldsQXFteHF0Sm5vdmJjSnRmCmpBK3RkTTcvTTJ0ckJqRmJXKzlwTERoS3orVkw2TUc0b1BGYmtVcTJ3bVFYRE0vQ1hKZnE5WXVMTmhVODFsbEwKYzZwN0trckNwU3M1QWRHWitwU1IxNWlSRWUwblRMT1JkVWFFdWRkVm0xQllmZWVhcVVia0VPUk1WTm5oSG1ORwpTV25KdEhDanNpUitDWmdBYktOT3ZkQ3IrekN5ZHdZUyt4RWxpSXE1T1FLQmdRRFVtM0p2WHhEbDloY2g5TUg1CkY4Y2lVS2NuVnJHZ1lHRXU5ZTlaOG5JeFVEUWlkQVlJSkI3WEZSL1RlY3RubzFjQjd3cVlWcHpvenNZaC9RNkcKYTVMeXA3cnc1NkFwek1qV0IxOGtzbTJHUmloK1VleEtiMVVNYWlpeEFrRjZ4cWVjSTFxUVN1T0hQTFlrRjNUWgpOcCtvRkhYUHBFMlE0cVNtVVl0ZHJOdWpZd0tCZ1FEQ1lmUjFGNHpjbkpnTWZJVGpaOVEzd1JmaW9YalVFak9ICjZLT2d2bUppRDFsdG5rT3JSNTlKMXIvdTU3cU4zbGlNakdGT2pod25qaUIrWk5BcDZRenN0bkhVV09yUHduQXYKUjJXNUoyRW9oSGgxaTJhWUg4SkNTRVpocmZBSXZIbEIvQ29XaUFiZzkvR0lpNG9oNFB0NEljOTJLemNaK0RVeQpBbzltV1Uxdkt3S0JnUUNnKy9OeWtURmlieXlrOFlmTzdVcERtWDU0TXhUY3N4M2pTU1dybmdFSmhnbHo3UmFFCkk1V1dsdEE2ZVFhanV2S3U3Q25Cb0JPLzFKSUNPbk05SlVkbnBjblBrQk9la3dtZnhvVXNiRTZ5VlgxajZQUmEKaUdLRnUveUR5NGw1UmVLMFA3RGJnVmszbGFqMU95Mm5LODFJbi9WMC9Kd2ZFUDVMVVlPTnNzMjhzUUtCZ1FDRQp3NWJPS3VtZy9LdTFTNDhRS3loOWREczJKWWQ3Z1hzRXh0YUx3YjA4c0xNcDljRE9TYnI0R2Q4NTg3Z3RrY0gxCkxTU0JIUHNKNFQ4OFZPc0ExUlpvenl2c0YxYzUwOW4vME1vZnJrL2o5cWEzMGlDZW9vSng5eDlyTS93UVczcU8Kb1FhMklPNWgxYmQ0eGFYeEFkTi85OGZWTkNzTVo4VWRoVFlnZDdvMXhRS0JnQ1Fjdmw1Yy9ZY3NHRUd1YU02Mwp1NzNaNm9ha05mNkpEZ2lzdjZ2c3dHMHdLbFRQNGgwKzNTSmdmL2dnTGVMNVBxdm5pemxZbEJSQUd3KzQwYVFGCmZnZnZBOWVlaVFZdVdiRDV0RlpUTDZKcFBnd01PSlVQUFBIU0JianJSTGpoMzk5dlBBdlhqekNPT25ad01LcXcKTDBIZWF1M1J6a0ZkRDllNTk3c3U3MG90Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ2hieWFrS2VvNnNHZDQKeFBva3dQaHpjMGcvc2I1dmlmc2dscm9zYjJSOGNoYm1CUlFXWUZmU3NuV2J1a2R6MHZEVVpYeGVjWE5lR0pUVwo0WWdOOUZUSERnQXc2OHE1YUFLdGJjV3Z6OUNUR3RGS2F1bkZwTUZTbWlxZTlUcVAzUlpWQkZrWDBYWTNhMVZuCmlQNDFxV2wxdnVKQkwzYnArOXM1VVp2cytoRHhQUW4wbnFIUkJDS3ZUM1Rlakduck96WmtDaWNQaFJLSGE2cTEKNlhiNGhGd2E4RXB2aFgwVmRZU0M0UzMvbFI1OGQ0UnEvSUlKZTJmWGllMnBwUXlRSmw1MnpIZm9SdUUrdW8zcwpsMmREdDF6dC96Yk1rYzduZmJjMmpkVWhPQU40aE44SjBLQ29YQjhTcXByNzE1eUp2SUlzdlJEL1FEU3J3UFB5Cnh2N1VnMTZoQWdNQkFBRUNnZ0VBWm5KWlBWajBNaVo4bzZHdGRPR1pTZnJnNExyMXRXY0ZIVnRKN3FVS1NnZEYKRE5nd05Uc1N3TDFMOFhXM25vTkJIaWtCVWhZQk5yZTJ6TjczTHBQZHNTenJaaUJjMkdodk9vd3RKak5sazlVeQorRno4MmRhQ2NOOHhLUXRMREwwclRPeWpkWUFSMjMyY0IwWml2TDgwRStyOVBveldsQXFteHF0Sm5vdmJjSnRmCmpBK3RkTTcvTTJ0ckJqRmJXKzlwTERoS3orVkw2TUc0b1BGYmtVcTJ3bVFYRE0vQ1hKZnE5WXVMTmhVODFsbEwKYzZwN0trckNwU3M1QWRHWitwU1IxNWlSRWUwblRMT1JkVWFFdWRkVm0xQllmZWVhcVVia0VPUk1WTm5oSG1ORwpTV25KdEhDanNpUitDWmdBYktOT3ZkQ3IrekN5ZHdZUyt4RWxpSXE1T1FLQmdRRFVtM0p2WHhEbDloY2g5TUg1CkY4Y2lVS2NuVnJHZ1lHRXU5ZTlaOG5JeFVEUWlkQVlJSkI3WEZSL1RlY3RubzFjQjd3cVlWcHpvenNZaC9RNkcKYTVMeXA3cnc1NkFwek1qV0IxOGtzbTJHUmloK1VleEtiMVVNYWlpeEFrRjZ4cWVjSTFxUVN1T0hQTFlrRjNUWgpOcCtvRkhYUHBFMlE0cVNtVVl0ZHJOdWpZd0tCZ1FEQ1lmUjFGNHpjbkpnTWZJVGpaOVEzd1JmaW9YalVFak9ICjZLT2d2bUppRDFsdG5rT3JSNTlKMXIvdTU3cU4zbGlNakdGT2pod25qaUIrWk5BcDZRenN0bkhVV09yUHduQXYKUjJXNUoyRW9oSGgxaTJhWUg4SkNTRVpocmZBSXZIbEIvQ29XaUFiZzkvR0lpNG9oNFB0NEljOTJLemNaK0RVeQpBbzltV1Uxdkt3S0JnUUNnKy9OeWtURmlieXlrOFlmTzdVcERtWDU0TXhUY3N4M2pTU1dybmdFSmhnbHo3UmFFCkk1V1dsdEE2ZVFhanV2S3U3Q25Cb0JPLzFKSUNPbk05SlVkbnBjblBrQk9la3dtZnhvVXNiRTZ5VlgxajZQUmEKaUdLRnUveUR5NGw1UmVLMFA3RGJnVmszbGFqMU95Mm5LODFJbi9WMC9Kd2ZFUDVMVVlPTnNzMjhzUUtCZ1FDRQp3NWJPS3VtZy9LdTFTNDhRS3loOWREczJKWWQ3Z1hzRXh0YUx3YjA4c0xNcDljRE9TYnI0R2Q4NTg3Z3RrY0gxCkxTU0JIUHNKNFQ4OFZPc0ExUlpvenl2c0YxYzUwOW4vME1vZnJrL2o5cWEzMGlDZW9vSng5eDlyTS93UVczcU8Kb1FhMklPNWgxYmQ0eGFYeEFkTi85OGZWTkNzTVo4VWRoVFlnZDdvMXhRS0JnQ1Fjdmw1Yy9ZY3NHRUd1YU02Mwp1NzNaNm9ha05mNkpEZ2lzdjZ2c3dHMHdLbFRQNGgwKzNTSmdmL2dnTGVMNVBxdm5pemxZbEJSQUd3KzQwYVFGCmZnZnZBOWVlaVFZdVdiRDV0RlpUTDZKcFBnd01PSlVQUFBIU0JianJSTGpoMzk5dlBBdlhqekNPT25ad01LcXcKTDBIZWF1M1J6a0ZkRDllNTk3c3U3MG90Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K diff --git a/tests/data/ap-waf/dataguard-alarm-uds.yaml b/tests/data/ap-waf/dataguard-alarm-uds.yaml index 991a805e9f..a3af8d4c4e 100644 --- a/tests/data/ap-waf/dataguard-alarm-uds.yaml +++ b/tests/data/ap-waf/dataguard-alarm-uds.yaml @@ -1,16 +1,16 @@ apiVersion: appprotect.f5.com/v1beta1 kind: APPolicy -metadata: +metadata: name: dataguard-alarm-uds spec: policy: signature-requirements: - tag: Ingress - signature-sets: + signature-sets: - name: kic_sigs block: true - signatureSet: - filter: + signatureSet: + filter: tagValue: Ingress tagFilter: eq applicationLanguage: utf-8 @@ -28,7 +28,7 @@ spec: lastSsnDigitsToExpose: 4 maskData: true usSocialSecurityNumbers: true - enforcementMode: blocking + enforcementMode: blocking name: dataguard-alarm - template: + template: name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/ap-waf/logconf-esc.yaml b/tests/data/ap-waf/logconf-esc.yaml index c4a8aa210c..e3f422fe16 100644 --- a/tests/data/ap-waf/logconf-esc.yaml +++ b/tests/data/ap-waf/logconf-esc.yaml @@ -13,7 +13,7 @@ spec: to: '\"' list_prefix: "[" list_delimiter: "," - list_suffix: "]" - + list_suffix: "]" + filter: request_type: all diff --git a/tests/data/ap-waf/policies/waf-default.yaml b/tests/data/ap-waf/policies/waf-default.yaml index 5e2863eae8..93fedb7301 100644 --- a/tests/data/ap-waf/policies/waf-default.yaml +++ b/tests/data/ap-waf/policies/waf-default.yaml @@ -5,4 +5,3 @@ metadata: spec: waf: enable: true - diff --git a/tests/data/ap-waf/standard/virtual-server.yaml b/tests/data/ap-waf/standard/virtual-server.yaml index 177bc6cd1f..5062d0079d 100644 --- a/tests/data/ap-waf/standard/virtual-server.yaml +++ b/tests/data/ap-waf/standard/virtual-server.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/ap-waf/syslog-1.yaml b/tests/data/ap-waf/syslog2.yaml similarity index 84% rename from tests/data/ap-waf/syslog-1.yaml rename to tests/data/ap-waf/syslog2.yaml index 94ca7ff606..8939d36bba 100644 --- a/tests/data/ap-waf/syslog-1.yaml +++ b/tests/data/ap-waf/syslog2.yaml @@ -1,19 +1,19 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: syslog-1 + name: syslog2 spec: replicas: 1 selector: matchLabels: - app: syslog-1 + app: syslog2 template: metadata: labels: - app: syslog-1 + app: syslog2 spec: containers: - - name: syslog + - name: syslog2 image: balabit/syslog-ng:3.38.1 ports: - containerPort: 514 @@ -30,11 +30,11 @@ spec: apiVersion: v1 kind: Service metadata: - name: syslog-svc-1 + name: syslog2-svc spec: ports: - port: 514 targetPort: 514 protocol: TCP selector: - app: syslog-1 + app: syslog2 diff --git a/tests/data/ap-waf/virtual-server-route-waf-subroute.yaml b/tests/data/ap-waf/virtual-server-route-waf-subroute.yaml index 4fe3fe0734..0d559c1122 100644 --- a/tests/data/ap-waf/virtual-server-route-waf-subroute.yaml +++ b/tests/data/ap-waf/virtual-server-route-waf-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/ap-waf/virtual-server-waf-route.yaml b/tests/data/ap-waf/virtual-server-waf-route.yaml index cf39a4c43f..086769151a 100644 --- a/tests/data/ap-waf/virtual-server-waf-route.yaml +++ b/tests/data/ap-waf/virtual-server-waf-route.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/ap-waf/virtual-server-waf-spec.yaml b/tests/data/ap-waf/virtual-server-waf-spec.yaml index 8425d361c8..cab6d84d17 100644 --- a/tests/data/ap-waf/virtual-server-waf-spec.yaml +++ b/tests/data/ap-waf/virtual-server-waf-spec.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/appprotect/appprotect-secret.yaml b/tests/data/appprotect/appprotect-secret.yaml index c6c15f2d3c..b3ca4740e9 100644 --- a/tests/data/appprotect/appprotect-secret.yaml +++ b/tests/data/appprotect/appprotect-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJakNDQWdvQ0NRQ0pqcjBWaG5mTFpEQU5CZ2txaGtpRzl3MEJBUXNGQURCVE1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhGakFVQmdOVkJBY01EVk5oYmlCR2NtRnVZMmx6WTI4eEh6QWRCZ05WQkFNTQpGbUZ3Y0hCeWIzUmxZM1F1WlhoaGJYQnNaUzVqYjIwd0hoY05NakV3TmpBeU1ERTFOVEkxV2hjTk16RXdOVE14Ck1ERTFOVEkxV2pCVE1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTBFeEZqQVVCZ05WQkFjTURWTmgKYmlCR2NtRnVZMmx6WTI4eEh6QWRCZ05WQkFNTUZtRndjSEJ5YjNSbFkzUXVaWGhoYlhCc1pTNWpiMjB3Z2dFaQpNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURsc2dHc3pXcDNwRllyY0NNZlpTSDBsYnZ5Cnk5MWJJYjhLQ3JhUG5vUTBGdjZneFNmWGtlTVI3dHRHRVI2TTZJdGVKR3hsQTNDS3pESUFPWEtjMHFvTER0Z2YKSUdEQmdWa3dIbGZSa1pld1dIdW51MVU3UmxqTVpvMGVsQUQ0YzVtVDVIV1EvRDF5YmJIR2dCQ2JLR0tZQlM1LwpISXdlb05zZVJpREY3SVpVRUxyak8rdUVHMHA0TnJublAvN1V4aGwrZEd1VXN2ZkdiZERzTnBrYUpzcDlyRDZMCjNrRVJvdkpveDJaV0Q2alkxdisyeGpqTVlCaTFlV2xTQkFHSWZzYVgyUmhXRFM0V0lSS2xBY2txSmgxMkJPTGkKMU12SnJtSEdRVXVCK3lRakc0KzdUdkhPQ1U3OVZHYkRwdnRBd280d2dMV1RNWmRzNG1UNTJoVGFXUXlGQWdNQgpBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQU1EUmlxSzJtbGtLSTdKbFVZRjFHRzNveForZmpaUkdPU2s5CkJnWTNieXBUREQwU2QwVHJDUlZPN1ZXS3JhaU5uK2tDQkgwTEFsRHo0QWZ1QTJTRzhVZzJSVVpXcjhwSVBxRGkKdXhmZEl2SjFaTW9oRjlzWnhPL3d1K0tlbVg5M0hzTHlyMlNwQkx5YllYYlRKOFQ4WVp4L2FEZWpBOG44N2g5UAoxNUV4TTV0NFlZZ1h6NkdSRHJvRDVWbkVRbGRna29YbVk1WlQyT3hlb0JWM0FDcVNrOFZIdCswd05TTnd1dEVZCnRzSVQzY25VK0lpWFR3MHNpWTdaMnpscEFyYXYybjFLT2JkZjhkU1BvdFNGbjhFa045OEdoT1RWNG84QitudUQKMTJlb3pOM2VtMm5IakdWbzZiaDI0RnhNa0NGZ1RoVUhtU0RwaGFETVdjQkFmb015RDYwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGxzZ0dzeldwM3BGWXIKY0NNZlpTSDBsYnZ5eTkxYkliOEtDcmFQbm9RMEZ2Nmd4U2ZYa2VNUjd0dEdFUjZNNkl0ZUpHeGxBM0NLekRJQQpPWEtjMHFvTER0Z2ZJR0RCZ1Zrd0hsZlJrWmV3V0h1bnUxVTdSbGpNWm8wZWxBRDRjNW1UNUhXUS9EMXliYkhHCmdCQ2JLR0tZQlM1L0hJd2VvTnNlUmlERjdJWlVFTHJqTyt1RUcwcDROcm5uUC83VXhobCtkR3VVc3ZmR2JkRHMKTnBrYUpzcDlyRDZMM2tFUm92Sm94MlpXRDZqWTF2KzJ4ampNWUJpMWVXbFNCQUdJZnNhWDJSaFdEUzRXSVJLbApBY2txSmgxMkJPTGkxTXZKcm1IR1FVdUIreVFqRzQrN1R2SE9DVTc5VkdiRHB2dEF3bzR3Z0xXVE1aZHM0bVQ1CjJoVGFXUXlGQWdNQkFBRUNnZ0VBUE1VaXNsQkttY3JOellKR21Kak9LZ0t2amlZbnMyT3pRbm5oSVJCRVUrKzkKZ0ZXSkcveUtBZ1dhMStmUm1HQXg5ejlWdWtmMXI1TWtxM0NIaFR3ckp1L1BlRFM5eEpSdlAwN1gxeWRZNVp3VApZeVlwLzV1MkJLWWhNZlRnYU50VXg0OExGOGZVamdDOXB4SGMwdUFWYmJqNU8wSVhSRWMwa2NibUJ0ZDBGcXN5Ckh4NjUwYldiSS9WUDVmWWE3ejh2OW5WcmZFMlFkaWczWnVvZUcrZTNWOHY2dXljVmFzZ1pPb2Z1OC9XQXZwSlEKUWdXQW1LNVJqR2sxZkdWMHF5NGY0S0RnK1R4cUV0QWN6bnZMN1V4UmNrT3NiQlpYUWtEM1BOUG43OW1aT016RApxbnhWcTFoOURRVDY5a1pVd3pkUEpZLytRaWc4VDNwUmMwQ0ZoQURNZ1FLQmdRRDN3YkZiRHROQ1VNc0IxUTRvCktuYTNCYzdLT0tiUHVuN0dxbDhFZWhXUllyZm1WdXhYWTNSSTZLMXhFZlMzcjNiRmlCYlZFWi9ybFFrM2kzK3UKaHVtOXRCRHFoZHVpZGEyVU5LRnZ2ZXR3OUdSMkJaNFVXTVpSUDFucCtJY0hqQVRaYXIvRG5hZk9tazhQSzZ6bAo0V3MvdXlONzFXSCthOUVPUWpNMURuVzJwUUtCZ1FEdFZubFNBMWFUdHF4UXZ1aWJ6eVUrYzR3eEswQVo0SHlqCklEc01TbGtFeVpWRXplKzc2YWtTMlpKQVZIRlZPOURXZ0wvTWFBcXdWNHJubnFPYjZ3NERianM2cEU3Wkl2TnkKcGU3R2cvdER0dnZETWZNODlpYmxCUElIbEwyTWU5VjJIWWlVRlRaSHZqaGFlOVRrTXVuMHVPakVQbjE4WlIzbgpnT1FlMFdQNFlRS0JnQWpUeHR6bXIxSTZqTEVaQlRNYktEV25LRkgrS0x0WCtySmJXWjFRT0RxQTJPcUZDRkNvCnczamhpV1J3N2xZcEUwTkFjUWZRWS9GQjB4MCtoQ01VdlhrNzFDcDI4SGRlVi92aTBDbXFDNXh2cUxDbnpKVVAKQUtuZVp2YTJHeUdDdEoyR2R5U2lGbHQvRmZnRloxaWRhblBQMkJqT1pucHBIdjZ5RHg4QnorSGRBb0dBTkFPKwpwUDI4VExVOVFKa0dhNWRUWjBOMWx4VU9nRjFWazM2dDBqeTlFN0tHTjBVVzVFMEtVK3BCQmo0N2RGMmVvRlFwCk5NZ2NoNWM0QnhrYWJFSndtTW5neXpKVllYc3FkWmJ1SksycU5LWDJ1VW5LTURNV1JSejNXamY3N3J6NUJHRG0Kbk9XbE5zWDJuY1lEMjF0Wk1Od1JqMmpPb2FPYmtUQUxUc0cvTWlFQ2dZRUF5aGFEVFh5RnNicEF3bU5yejRuawpoVjVDREVSdnp6MW5NRHp6bTdselhEQkpKZit3Q1VmUnhmY2pSRlV2RWV1cmJ5d2RncForeHBHSkhheE1Pd1FlCk5Bd2RvSjFtbDhHVGozRjYrTUpnZU5CdTgza09abXpXSzQ2MW54NGJhUmplVlBMWTN2WFgvZmVMNi92UnNjQmMKWnpaWkthTVI1REhtU3cwZ3MwSFN1VWc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGxzZ0dzeldwM3BGWXIKY0NNZlpTSDBsYnZ5eTkxYkliOEtDcmFQbm9RMEZ2Nmd4U2ZYa2VNUjd0dEdFUjZNNkl0ZUpHeGxBM0NLekRJQQpPWEtjMHFvTER0Z2ZJR0RCZ1Zrd0hsZlJrWmV3V0h1bnUxVTdSbGpNWm8wZWxBRDRjNW1UNUhXUS9EMXliYkhHCmdCQ2JLR0tZQlM1L0hJd2VvTnNlUmlERjdJWlVFTHJqTyt1RUcwcDROcm5uUC83VXhobCtkR3VVc3ZmR2JkRHMKTnBrYUpzcDlyRDZMM2tFUm92Sm94MlpXRDZqWTF2KzJ4ampNWUJpMWVXbFNCQUdJZnNhWDJSaFdEUzRXSVJLbApBY2txSmgxMkJPTGkxTXZKcm1IR1FVdUIreVFqRzQrN1R2SE9DVTc5VkdiRHB2dEF3bzR3Z0xXVE1aZHM0bVQ1CjJoVGFXUXlGQWdNQkFBRUNnZ0VBUE1VaXNsQkttY3JOellKR21Kak9LZ0t2amlZbnMyT3pRbm5oSVJCRVUrKzkKZ0ZXSkcveUtBZ1dhMStmUm1HQXg5ejlWdWtmMXI1TWtxM0NIaFR3ckp1L1BlRFM5eEpSdlAwN1gxeWRZNVp3VApZeVlwLzV1MkJLWWhNZlRnYU50VXg0OExGOGZVamdDOXB4SGMwdUFWYmJqNU8wSVhSRWMwa2NibUJ0ZDBGcXN5Ckh4NjUwYldiSS9WUDVmWWE3ejh2OW5WcmZFMlFkaWczWnVvZUcrZTNWOHY2dXljVmFzZ1pPb2Z1OC9XQXZwSlEKUWdXQW1LNVJqR2sxZkdWMHF5NGY0S0RnK1R4cUV0QWN6bnZMN1V4UmNrT3NiQlpYUWtEM1BOUG43OW1aT016RApxbnhWcTFoOURRVDY5a1pVd3pkUEpZLytRaWc4VDNwUmMwQ0ZoQURNZ1FLQmdRRDN3YkZiRHROQ1VNc0IxUTRvCktuYTNCYzdLT0tiUHVuN0dxbDhFZWhXUllyZm1WdXhYWTNSSTZLMXhFZlMzcjNiRmlCYlZFWi9ybFFrM2kzK3UKaHVtOXRCRHFoZHVpZGEyVU5LRnZ2ZXR3OUdSMkJaNFVXTVpSUDFucCtJY0hqQVRaYXIvRG5hZk9tazhQSzZ6bAo0V3MvdXlONzFXSCthOUVPUWpNMURuVzJwUUtCZ1FEdFZubFNBMWFUdHF4UXZ1aWJ6eVUrYzR3eEswQVo0SHlqCklEc01TbGtFeVpWRXplKzc2YWtTMlpKQVZIRlZPOURXZ0wvTWFBcXdWNHJubnFPYjZ3NERianM2cEU3Wkl2TnkKcGU3R2cvdER0dnZETWZNODlpYmxCUElIbEwyTWU5VjJIWWlVRlRaSHZqaGFlOVRrTXVuMHVPakVQbjE4WlIzbgpnT1FlMFdQNFlRS0JnQWpUeHR6bXIxSTZqTEVaQlRNYktEV25LRkgrS0x0WCtySmJXWjFRT0RxQTJPcUZDRkNvCnczamhpV1J3N2xZcEUwTkFjUWZRWS9GQjB4MCtoQ01VdlhrNzFDcDI4SGRlVi92aTBDbXFDNXh2cUxDbnpKVVAKQUtuZVp2YTJHeUdDdEoyR2R5U2lGbHQvRmZnRloxaWRhblBQMkJqT1pucHBIdjZ5RHg4QnorSGRBb0dBTkFPKwpwUDI4VExVOVFKa0dhNWRUWjBOMWx4VU9nRjFWazM2dDBqeTlFN0tHTjBVVzVFMEtVK3BCQmo0N2RGMmVvRlFwCk5NZ2NoNWM0QnhrYWJFSndtTW5neXpKVllYc3FkWmJ1SksycU5LWDJ1VW5LTURNV1JSejNXamY3N3J6NUJHRG0Kbk9XbE5zWDJuY1lEMjF0Wk1Od1JqMmpPb2FPYmtUQUxUc0cvTWlFQ2dZRUF5aGFEVFh5RnNicEF3bU5yejRuawpoVjVDREVSdnp6MW5NRHp6bTdselhEQkpKZit3Q1VmUnhmY2pSRlV2RWV1cmJ5d2RncForeHBHSkhheE1Pd1FlCk5Bd2RvSjFtbDhHVGozRjYrTUpnZU5CdTgza09abXpXSzQ2MW54NGJhUmplVlBMWTN2WFgvZmVMNi92UnNjQmMKWnpaWkthTVI1REhtU3cwZ3MwSFN1VWc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K diff --git a/tests/data/appprotect/csrf.yaml b/tests/data/appprotect/csrf.yaml index 0658ed0399..914d8b001e 100644 --- a/tests/data/appprotect/csrf.yaml +++ b/tests/data/appprotect/csrf.yaml @@ -21,4 +21,4 @@ spec: url: "*" - enforcementAction: verify-origin method: POST - url: "/backend2" \ No newline at end of file + url: "/backend2" diff --git a/tests/data/appprotect/dataguard-alarm-uds.yaml b/tests/data/appprotect/dataguard-alarm-uds.yaml index a15d399854..ac6ff75a0a 100644 --- a/tests/data/appprotect/dataguard-alarm-uds.yaml +++ b/tests/data/appprotect/dataguard-alarm-uds.yaml @@ -1,16 +1,16 @@ apiVersion: appprotect.f5.com/v1beta1 kind: APPolicy -metadata: +metadata: name: dataguard-alarm spec: policy: signature-requirements: - tag: Ingress - signature-sets: + signature-sets: - name: kic_sigs block: true - signatureSet: - filter: + signatureSet: + filter: tagValue: Ingress tagFilter: eq applicationLanguage: utf-8 @@ -28,7 +28,7 @@ spec: lastSsnDigitsToExpose: 4 maskData: true usSocialSecurityNumbers: true - enforcementMode: blocking + enforcementMode: blocking name: dataguard-alarm - template: + template: name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/appprotect/dataguard-alarm.yaml b/tests/data/appprotect/dataguard-alarm.yaml index cbc87f7d15..2b91e048f9 100644 --- a/tests/data/appprotect/dataguard-alarm.yaml +++ b/tests/data/appprotect/dataguard-alarm.yaml @@ -1,6 +1,6 @@ apiVersion: appprotect.f5.com/v1beta1 kind: APPolicy -metadata: +metadata: name: dataguard-alarm spec: policy: @@ -19,7 +19,7 @@ spec: lastSsnDigitsToExpose: 4 maskData: true usSocialSecurityNumbers: true - enforcementMode: blocking + enforcementMode: blocking name: dataguard-alarm - template: + template: name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/appprotect/file-block.yaml b/tests/data/appprotect/file-block.yaml index 2ea5d1bfed..0a0794f01d 100644 --- a/tests/data/appprotect/file-block.yaml +++ b/tests/data/appprotect/file-block.yaml @@ -1,6 +1,6 @@ apiVersion: appprotect.f5.com/v1beta1 kind: APPolicy -metadata: +metadata: name: file-block spec: policy: diff --git a/tests/data/appprotect/grpc/grpc-block-saygoodbye.yaml b/tests/data/appprotect/grpc/grpc-block-saygoodbye.yaml index 852a7f4c24..9fa62daadd 100644 --- a/tests/data/appprotect/grpc/grpc-block-saygoodbye.yaml +++ b/tests/data/appprotect/grpc/grpc-block-saygoodbye.yaml @@ -8,7 +8,7 @@ spec: violations: - name: VIOL_GRPC_METHOD block: true - alarm: true + alarm: true applicationLanguage: utf-8 bot-defense: settings: @@ -26,7 +26,7 @@ spec: idl-files: - isBase64: true fileName: autheid.proto - contents: Ly8gVGhlIGdyZWV0aW5nIHNlcnZpY2UgZGVmaW5pdGlvbi4KCnN5bnRheCA9ICJwcm90bzMiOwoKcGFja2FnZSBoZWxsb3dvcmxkOwoKc2VydmljZSBHcmVldGVyIHsKICAvLyBTZW5kcyBhIGdyZWV0aW5nCiAgcnBjIFNheUhlbGxvIChIZWxsb1JlcXVlc3QpIHJldHVybnMgKEhlbGxvUmVwbHkpIHt9Cn0KCi8vIFRoZSByZXF1ZXN0IG1lc3NhZ2UgY29udGFpbmluZyB0aGUgdXNlcidzIG5hbWUuCm1lc3NhZ2UgSGVsbG9SZXF1ZXN0IHsKICBzdHJpbmcgbmFtZSA9IDE7Cn0KCi8vIFRoZSByZXNwb25zZSBtZXNzYWdlIGNvbnRhaW5pbmcgdGhlIGdyZWV0aW5ncwptZXNzYWdlIEhlbGxvUmVwbHkgewogIHN0cmluZyBtZXNzYWdlID0gMTsKfQo= + contents: Ly8gVGhlIGdyZWV0aW5nIHNlcnZpY2UgZGVmaW5pdGlvbi4KCnN5bnRheCA9ICJwcm90bzMiOwoKcGFja2FnZSBoZWxsb3dvcmxkOwoKc2VydmljZSBHcmVldGVyIHsKICAvLyBTZW5kcyBhIGdyZWV0aW5nCiAgcnBjIFNheUhlbGxvIChIZWxsb1JlcXVlc3QpIHJldHVybnMgKEhlbGxvUmVwbHkpIHt9Cn0KCi8vIFRoZSByZXF1ZXN0IG1lc3NhZ2UgY29udGFpbmluZyB0aGUgdXNlcidzIG5hbWUuCm1lc3NhZ2UgSGVsbG9SZXF1ZXN0IHsKICBzdHJpbmcgbmFtZSA9IDE7Cn0KCi8vIFRoZSByZXNwb25zZSBtZXNzYWdlIGNvbnRhaW5pbmcgdGhlIGdyZWV0aW5ncwptZXNzYWdlIEhlbGxvUmVwbHkgewogIHN0cmluZyBtZXNzYWdlID0gMTsKfQo= name: valid_string_encoding_policy template: name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/appprotect/grpc/grpc-block-sayhello.yaml b/tests/data/appprotect/grpc/grpc-block-sayhello.yaml index c5833d5afe..3c84cdf69c 100644 --- a/tests/data/appprotect/grpc/grpc-block-sayhello.yaml +++ b/tests/data/appprotect/grpc/grpc-block-sayhello.yaml @@ -8,7 +8,7 @@ spec: violations: - name: VIOL_GRPC_METHOD block: True - alarm: True + alarm: True applicationLanguage: utf-8 bot-defense: settings: @@ -26,7 +26,7 @@ spec: idl-files: - isBase64: true fileName: autheid.proto - contents: Ly8gVGhlIGdyZWV0aW5nIHNlcnZpY2UgZGVmaW5pdGlvbi4KCnN5bnRheCA9ICJwcm90bzMiOwoKcGFja2FnZSBoZWxsb3dvcmxkOwoKc2VydmljZSBHcmVldGVyIHsKICAvLyBTZW5kcyBhIGdyZWV0aW5nCiAgcnBjIFNheUdvb2RieWUgKEhlbGxvUmVxdWVzdCkgcmV0dXJucyAoSGVsbG9SZXBseSkge30KfQoKLy8gVGhlIHJlcXVlc3QgbWVzc2FnZSBjb250YWluaW5nIHRoZSB1c2VyJ3MgbmFtZS4KbWVzc2FnZSBIZWxsb1JlcXVlc3QgewogIHN0cmluZyBuYW1lID0gMTsKfQoKLy8gVGhlIHJlc3BvbnNlIG1lc3NhZ2UgY29udGFpbmluZyB0aGUgZ3JlZXRpbmdzCm1lc3NhZ2UgSGVsbG9SZXBseSB7CiAgc3RyaW5nIG1lc3NhZ2UgPSAxOwp9Cg== + contents: Ly8gVGhlIGdyZWV0aW5nIHNlcnZpY2UgZGVmaW5pdGlvbi4KCnN5bnRheCA9ICJwcm90bzMiOwoKcGFja2FnZSBoZWxsb3dvcmxkOwoKc2VydmljZSBHcmVldGVyIHsKICAvLyBTZW5kcyBhIGdyZWV0aW5nCiAgcnBjIFNheUdvb2RieWUgKEhlbGxvUmVxdWVzdCkgcmV0dXJucyAoSGVsbG9SZXBseSkge30KfQoKLy8gVGhlIHJlcXVlc3QgbWVzc2FnZSBjb250YWluaW5nIHRoZSB1c2VyJ3MgbmFtZS4KbWVzc2FnZSBIZWxsb1JlcXVlc3QgewogIHN0cmluZyBuYW1lID0gMTsKfQoKLy8gVGhlIHJlc3BvbnNlIG1lc3NhZ2UgY29udGFpbmluZyB0aGUgZ3JlZXRpbmdzCm1lc3NhZ2UgSGVsbG9SZXBseSB7CiAgc3RyaW5nIG1lc3NhZ2UgPSAxOwp9Cg== name: valid_string_encoding_policy template: name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/appprotect/logconf.yaml b/tests/data/appprotect/logconf.yaml index 9798405ecd..021ad92d7a 100644 --- a/tests/data/appprotect/logconf.yaml +++ b/tests/data/appprotect/logconf.yaml @@ -1,11 +1,11 @@ apiVersion: appprotect.f5.com/v1beta1 kind: APLogConf -metadata: +metadata: name: logconf spec: - content: + content: format: default max_message_size: 64k max_request_size: any - filter: + filter: request_types: all diff --git a/tests/data/appprotect/malformed-block.yaml b/tests/data/appprotect/malformed-block.yaml index 078f17cd80..7dd03aeff4 100644 --- a/tests/data/appprotect/malformed-block.yaml +++ b/tests/data/appprotect/malformed-block.yaml @@ -1,6 +1,6 @@ apiVersion: appprotect.f5.com/v1beta1 kind: APPolicy -metadata: +metadata: name: malformed-block spec: policy: @@ -23,5 +23,3 @@ spec: - name: VIOL_XML_MALFORMED alarm: true block: true - - diff --git a/tests/data/auth-basic-auth-mergeable/credentials/auth-basic-auth-master-credentials.txt b/tests/data/auth-basic-auth-mergeable/credentials/auth-basic-auth-master-credentials.txt index ed3b07faeb..ae3cdf5b88 100644 --- a/tests/data/auth-basic-auth-mergeable/credentials/auth-basic-auth-master-credentials.txt +++ b/tests/data/auth-basic-auth-mergeable/credentials/auth-basic-auth-master-credentials.txt @@ -1 +1 @@ -foo:bar \ No newline at end of file +foo:bar diff --git a/tests/data/auth-basic-auth-mergeable/credentials/auth-basic-auth-minion-credentials.txt b/tests/data/auth-basic-auth-mergeable/credentials/auth-basic-auth-minion-credentials.txt index 25735fbfdf..41b3445673 100644 --- a/tests/data/auth-basic-auth-mergeable/credentials/auth-basic-auth-minion-credentials.txt +++ b/tests/data/auth-basic-auth-mergeable/credentials/auth-basic-auth-minion-credentials.txt @@ -1 +1 @@ -qux:quux \ No newline at end of file +qux:quux diff --git a/tests/data/auth-basic-policy/credentials.txt b/tests/data/auth-basic-policy/credentials.txt index ed3b07faeb..ae3cdf5b88 100644 --- a/tests/data/auth-basic-policy/credentials.txt +++ b/tests/data/auth-basic-policy/credentials.txt @@ -1 +1 @@ -foo:bar \ No newline at end of file +foo:bar diff --git a/tests/data/auth-basic-policy/credentials2.txt b/tests/data/auth-basic-policy/credentials2.txt index 25735fbfdf..41b3445673 100644 --- a/tests/data/auth-basic-policy/credentials2.txt +++ b/tests/data/auth-basic-policy/credentials2.txt @@ -1 +1 @@ -qux:quux \ No newline at end of file +qux:quux diff --git a/tests/data/auth-basic-policy/invalid-credentials-no-pwd.txt b/tests/data/auth-basic-policy/invalid-credentials-no-pwd.txt index 09ab8a9ca1..0152a79652 100644 --- a/tests/data/auth-basic-policy/invalid-credentials-no-pwd.txt +++ b/tests/data/auth-basic-policy/invalid-credentials-no-pwd.txt @@ -1 +1 @@ -foo: \ No newline at end of file +foo: diff --git a/tests/data/auth-basic-policy/invalid-credentials-no-user.txt b/tests/data/auth-basic-policy/invalid-credentials-no-user.txt index b6abbfff05..08af89cb57 100644 --- a/tests/data/auth-basic-policy/invalid-credentials-no-user.txt +++ b/tests/data/auth-basic-policy/invalid-credentials-no-user.txt @@ -1 +1 @@ -:bar \ No newline at end of file +:bar diff --git a/tests/data/auth-basic-policy/invalid-credentials-pwd.txt b/tests/data/auth-basic-policy/invalid-credentials-pwd.txt index de6b54626a..055758bdc3 100644 --- a/tests/data/auth-basic-policy/invalid-credentials-pwd.txt +++ b/tests/data/auth-basic-policy/invalid-credentials-pwd.txt @@ -1 +1 @@ -foo:baz \ No newline at end of file +foo:baz diff --git a/tests/data/auth-basic-policy/invalid-credentials-user.txt b/tests/data/auth-basic-policy/invalid-credentials-user.txt index 14bab6d037..55bb41f5a7 100644 --- a/tests/data/auth-basic-policy/invalid-credentials-user.txt +++ b/tests/data/auth-basic-policy/invalid-credentials-user.txt @@ -1 +1 @@ -foobar:bar \ No newline at end of file +foobar:bar diff --git a/tests/data/auth-basic-policy/invalid-credentials.txt b/tests/data/auth-basic-policy/invalid-credentials.txt index f6ea049518..323fae03f4 100644 --- a/tests/data/auth-basic-policy/invalid-credentials.txt +++ b/tests/data/auth-basic-policy/invalid-credentials.txt @@ -1 +1 @@ -foobar \ No newline at end of file +foobar diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-override-route.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-override-route.yaml index ec137749b7..22d055d1d6 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-override-route.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-override-route.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-override-spec-route-1.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-override-spec-route-1.yaml index 09d9338187..f663903d37 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-override-spec-route-1.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-override-spec-route-1.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-override-spec-route-2.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-override-spec-route-2.yaml index 4ff4a584d4..4745b30f26 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-override-spec-route-2.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-override-spec-route-2.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-invalid-subroute-secret.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-invalid-subroute-secret.yaml index 91fbbb36a2..51cb740ff3 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-invalid-subroute-secret.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-invalid-subroute-secret.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-invalid-subroute.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-invalid-subroute.yaml index 0929d9de51..8282b3e4c5 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-invalid-subroute.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-invalid-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-override-subroute.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-override-subroute.yaml index 29f28d6bfc..f2db4901b7 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-override-subroute.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-override-subroute.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-valid-subroute-multi.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-valid-subroute-multi.yaml index ef406e5050..567f08a193 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-valid-subroute-multi.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-valid-subroute-multi.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-valid-subroute.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-valid-subroute.yaml index 73e06a61a4..1e6e40e3bc 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-route-valid-subroute.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-route-valid-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-vsr-route-override.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-vsr-route-override.yaml index f84987413a..34959d3d22 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-vsr-route-override.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-vsr-route-override.yaml @@ -10,4 +10,4 @@ spec: - name: auth-basic-policy-valid route: backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/auth-basic-policy/route-subroute/virtual-server-vsr-spec-override.yaml b/tests/data/auth-basic-policy/route-subroute/virtual-server-vsr-spec-override.yaml index 8b15168a12..2e7e12d39d 100644 --- a/tests/data/auth-basic-policy/route-subroute/virtual-server-vsr-spec-override.yaml +++ b/tests/data/auth-basic-policy/route-subroute/virtual-server-vsr-spec-override.yaml @@ -10,4 +10,4 @@ spec: - path: "/backends" route: backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/auth-basic-policy/secret/htpasswd-secret-valid.yaml b/tests/data/auth-basic-policy/secret/htpasswd-secret-valid.yaml index 0b99ef082f..262ceb9f36 100644 --- a/tests/data/auth-basic-policy/secret/htpasswd-secret-valid.yaml +++ b/tests/data/auth-basic-policy/secret/htpasswd-secret-valid.yaml @@ -9,4 +9,3 @@ stringData: qux:$apr1$st218vzc$A3H7I83N9vLmczj73Byi3/ # bar # quux - diff --git a/tests/data/auth-basic-policy/spec/virtual-server-policy-multi-1.yaml b/tests/data/auth-basic-policy/spec/virtual-server-policy-multi-1.yaml index ec99289fce..cca1921470 100644 --- a/tests/data/auth-basic-policy/spec/virtual-server-policy-multi-1.yaml +++ b/tests/data/auth-basic-policy/spec/virtual-server-policy-multi-1.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/auth-basic-policy/spec/virtual-server-policy-multi-2.yaml b/tests/data/auth-basic-policy/spec/virtual-server-policy-multi-2.yaml index d4c07dac15..b2ad7b8a11 100644 --- a/tests/data/auth-basic-policy/spec/virtual-server-policy-multi-2.yaml +++ b/tests/data/auth-basic-policy/spec/virtual-server-policy-multi-2.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/auth-basic-policy/spec/virtual-server-policy-single-invalid-pol.yaml b/tests/data/auth-basic-policy/spec/virtual-server-policy-single-invalid-pol.yaml index 6e133632cd..1652e55775 100644 --- a/tests/data/auth-basic-policy/spec/virtual-server-policy-single-invalid-pol.yaml +++ b/tests/data/auth-basic-policy/spec/virtual-server-policy-single-invalid-pol.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/auth-basic-policy/spec/virtual-server-policy-single-invalid-secret.yaml b/tests/data/auth-basic-policy/spec/virtual-server-policy-single-invalid-secret.yaml index 1393b111d2..a755cf07ea 100644 --- a/tests/data/auth-basic-policy/spec/virtual-server-policy-single-invalid-secret.yaml +++ b/tests/data/auth-basic-policy/spec/virtual-server-policy-single-invalid-secret.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/auth-basic-policy/spec/virtual-server-policy-single.yaml b/tests/data/auth-basic-policy/spec/virtual-server-policy-single.yaml index 45f8baf08e..d19d7f4b1d 100644 --- a/tests/data/auth-basic-policy/spec/virtual-server-policy-single.yaml +++ b/tests/data/auth-basic-policy/spec/virtual-server-policy-single.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/auth-basic-secrets/credentials/credentials.txt b/tests/data/auth-basic-secrets/credentials/credentials.txt index ed3b07faeb..ae3cdf5b88 100644 --- a/tests/data/auth-basic-secrets/credentials/credentials.txt +++ b/tests/data/auth-basic-secrets/credentials/credentials.txt @@ -1 +1 @@ -foo:bar \ No newline at end of file +foo:bar diff --git a/tests/data/common/app/grpc/app.yaml b/tests/data/common/app/grpc/app.yaml index 484063bf6a..06a66871a6 100644 --- a/tests/data/common/app/grpc/app.yaml +++ b/tests/data/common/app/grpc/app.yaml @@ -29,4 +29,4 @@ spec: protocol: TCP name: grpc selector: - app: greeter \ No newline at end of file + app: greeter diff --git a/tests/data/common/app/secure/app.yaml b/tests/data/common/app/secure/app.yaml index cb69d395ac..b1b1f48930 100644 --- a/tests/data/common/app/secure/app.yaml +++ b/tests/data/common/app/secure/app.yaml @@ -106,4 +106,4 @@ data: kind: Secret metadata: name: app-tls-secret -type: Opaque \ No newline at end of file +type: Opaque diff --git a/tests/data/common/configmap-with-grpc.yaml b/tests/data/common/configmap-with-grpc.yaml index 746232549d..424a63e01f 100644 --- a/tests/data/common/configmap-with-grpc.yaml +++ b/tests/data/common/configmap-with-grpc.yaml @@ -4,4 +4,4 @@ metadata: name: nginx-config namespace: nginx-ingress data: - http2: "true" \ No newline at end of file + http2: "true" diff --git a/tests/data/common/ns.yaml b/tests/data/common/ns.yaml index bdce2f88e5..24e1141cbd 100644 --- a/tests/data/common/ns.yaml +++ b/tests/data/common/ns.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: new-name-here \ No newline at end of file + name: new-name-here diff --git a/tests/data/common/service/loadbalancer-with-additional-ports.yaml b/tests/data/common/service/loadbalancer-with-additional-ports.yaml index a38b3b882d..669b50b2a1 100644 --- a/tests/data/common/service/loadbalancer-with-additional-ports.yaml +++ b/tests/data/common/service/loadbalancer-with-additional-ports.yaml @@ -24,4 +24,4 @@ spec: protocol: TCP name: exporter selector: - app: nginx-ingress \ No newline at end of file + app: nginx-ingress diff --git a/tests/data/common/service/nodeport-with-additional-ports.yaml b/tests/data/common/service/nodeport-with-additional-ports.yaml index 212b585dba..92918b2617 100644 --- a/tests/data/common/service/nodeport-with-additional-ports.yaml +++ b/tests/data/common/service/nodeport-with-additional-ports.yaml @@ -4,7 +4,7 @@ metadata: name: nginx-ingress namespace: nginx-ingress spec: - type: NodePort + type: NodePort ports: - port: 80 targetPort: 80 @@ -31,4 +31,4 @@ spec: protocol: UDP name: udp-server selector: - app: nginx-ingress \ No newline at end of file + app: nginx-ingress diff --git a/tests/data/custom-annotations/mergeable/nginx-config.yaml b/tests/data/custom-annotations/mergeable/nginx-config.yaml index e7a0e103f4..b819ba9c7c 100644 --- a/tests/data/custom-annotations/mergeable/nginx-config.yaml +++ b/tests/data/custom-annotations/mergeable/nginx-config.yaml @@ -24,4 +24,4 @@ data: {{end}} {{end}} } {{end}} - } {{end}} \ No newline at end of file + } {{end}} diff --git a/tests/data/custom-annotations/standard/nginx-config.yaml b/tests/data/custom-annotations/standard/nginx-config.yaml index 2240ae9005..e82ea4ae2a 100644 --- a/tests/data/custom-annotations/standard/nginx-config.yaml +++ b/tests/data/custom-annotations/standard/nginx-config.yaml @@ -14,4 +14,4 @@ data: {{end}} {{with $value := index $.Ingress.Annotations "custom.nginx.org/feature-b"}} # Print the value assigned to the annotation: {{$value}} - {{end}} \ No newline at end of file + {{end}} diff --git a/tests/data/default-server/new-tls-secret.yaml b/tests/data/default-server/new-tls-secret.yaml index 6b914eb548..63278f8626 100644 --- a/tests/data/default-server/new-tls-secret.yaml +++ b/tests/data/default-server/new-tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyakNDQXNLZ0F3SUJBZ0lKQU9BV0U3RWVwbmhyTUEwR0NTcUdTSWIzRFFFQkJRVUFNRkV4Q3pBSkJnTlYKQkFZVEFrZENNUmN3RlFZRFZRUUlFdzVEWVcxaWNtbGtaMlZ6YUdseVpURU9NQXdHQTFVRUNoTUZibWRwYm5neApHVEFYQmdOVkJBTVRFR05oWm1VdVpYaGhiWEJzWlM1amIyMHdIaGNOTVRjd056TXhNVEUxTmpVNFdoY05NVGd3Ck56TXhNVEUxTmpVNFdqQlJNUXN3Q1FZRFZRUUdFd0pIUWpFWE1CVUdBMVVFQ0JNT1EyRnRZbkpwWkdkbGMyaHAKY21VeERqQU1CZ05WQkFvVEJXNW5hVzU0TVJrd0Z3WURWUVFERXhCallXWmxMbVY0WVcxd2JHVXVZMjl0TUlJQgpJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBODB0ZUlBTmM2M0dVQnU4U2hsZkh5OE1TCkVkdVE0am1CVm5BRzZ3TTZ5ZHdlbzhNS1MvZDFWSi9qWmRSMytnTVJMU0Y5d0xYU0hTaVBiK0VaOWcxc0RSUDgKWGhxaEhBcyszdnUva0Z5K1ZLYTdneWZwTGJGTkNsOS9vRStKZUxReWh3S2JwS1lrODg0ZDhKaGlhVFJvR05BRgp1S2RFTVRKc2ZHdTVOWGxYdkZxZ0lieWw3d3BCWGF6WXBjZUFoZUQ3azFMTlBNdnpaZ3llcWw0dk9qUDg4ck9vCkJ6Tm1seGdvODQ2VW5SN0c0L3NuZ0RFdVpPZXdYSWZlRVhXZDU1VTVzaFFtZWN6aExiaUducFZUNG9PWGhPWk8KYkd6ejNrY1RJOFlxOVc4eCswVkovaWZKQ0VYVitETzFEUXI2MEZDVTloSnQ3N2kwZ2NGWE9MNk5IYUVyVndJRApBUUFCbzRHME1JR3hNQjBHQTFVZERnUVdCQlJwSkg5b3RWYUtTM3dYV1IwdEZkK0hoQjRUYVRDQmdRWURWUjBqCkJIb3dlSUFVYVNSL2FMVldpa3Q4RjFrZExSWGZoNFFlRTJtaFZhUlRNRkV4Q3pBSkJnTlZCQVlUQWtkQ01SY3cKRlFZRFZRUUlFdzVEWVcxaWNtbGtaMlZ6YUdseVpURU9NQXdHQTFVRUNoTUZibWRwYm5neEdUQVhCZ05WQkFNVApFR05oWm1VdVpYaGhiWEJzWlM1amIyMkNDUURnRmhPeEhxWjRhekFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHClNJYjNEUUVCQlFVQUE0SUJBUUNsdEdaVE5SMFVVdVJqRVQxa1ZDdzB0QXY0YkswdFdUVDNoUVJkbmNkYjZRVGQKQkRUMEFPbjVTL1pSSytVZmJ2cllnSCsyRlZjZVE0Mzc1V2pNWGl4SUJ1QnprZlJMc01EMmZnMmlVc205NXcvUApZUFpmYW9vZjlMTVQ2V3BKYkl5N2VjWHpKZGN3aWJucnRkelc3VHljSE16ODlaZTEvR2xXRHQzZmp4YVlRTDhxCnRyWUFMWVFGU1NqZ2drdGRKeWkzRXdlem9jekV0dGFjSFYrb0xGT3F1c3EvMG83UDFabFJicXdHM3BqWUVHbUcKU3N3cVEzd25YMXpzamtBRFg2bkFCYkdaZHFaMWVZZVlIL0RTQm42ZFNGWjJaZEFRcWxIdTBJSE14aVdIa2poYwpoc1FwbUxNUFg4RTZ4SG5oT1dtbWRJVnAzbUlSdEEyQnhmYzROUWlQCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBODB0ZUlBTmM2M0dVQnU4U2hsZkh5OE1TRWR1UTRqbUJWbkFHNndNNnlkd2VvOE1LClMvZDFWSi9qWmRSMytnTVJMU0Y5d0xYU0hTaVBiK0VaOWcxc0RSUDhYaHFoSEFzKzN2dS9rRnkrVkthN2d5ZnAKTGJGTkNsOS9vRStKZUxReWh3S2JwS1lrODg0ZDhKaGlhVFJvR05BRnVLZEVNVEpzZkd1NU5YbFh2RnFnSWJ5bAo3d3BCWGF6WXBjZUFoZUQ3azFMTlBNdnpaZ3llcWw0dk9qUDg4ck9vQnpObWx4Z284NDZVblI3RzQvc25nREV1ClpPZXdYSWZlRVhXZDU1VTVzaFFtZWN6aExiaUducFZUNG9PWGhPWk9iR3p6M2tjVEk4WXE5Vzh4KzBWSi9pZkoKQ0VYVitETzFEUXI2MEZDVTloSnQ3N2kwZ2NGWE9MNk5IYUVyVndJREFRQUJBb0lCQUhEeGxBaVloeEpsNzZvbwpZaGtydHZ6STJpS2dJMnBoOThFQTBMVlpFbm1UVGtZSHpVZm00UGtnSUppdFFlVTJkMHJVT1dTMUE0MjF2cURaCmh3dkt2MVp5NkwxbTcxUHRoSXBQcEdhSUozTjAwNmZYWjFCbTlyVFNFSldEVnZaSjhRcnNFd1VrZkJNU3BLT0UKbW1yc2dVYkRpMlJsZ2lxMGxkaE15ZlloRnJIQkdNYy9yWmh6ZkZucHNPSzhzRlArTTUvSVhkUjYyS21TemFrdgpLcE55TDZ5dmFUWTZ5dGwwRTd3NE1VREtGZ28wczhIdHdNdHdtWXE5aUFpdVhnOUhnOFp0VExIVnREWDlBVGRJCjliZVB0TUFDdWdEd3daZ2ppMEdTd2h0dkdmZFhleE1OaUhFWGVVaWpVMUVMWVFVWGZ3TUF0Y3hQbGF1dTZUU1YKNGZhc1lJRUNnWUVBL1pIbDBkdFgyQ25IZGJjdWExZ2xVMHo1RHZXTVMyVHFSaHNTM3JsaEZNeFJ6cGlkTHVLaApzS2xiblQyOElZNDRaUFBic1U4QVUvK0E5QWVPZmx6dG5xZ3RFemphVW4wTzJ2c2NLUUpNWXY3N0lzcStrV3BtCjZBNVIxSDdGbzk4SGRxSmRnZ3pSenVZeDRkOTYrWTk3SUJRV0psSVZ2MW56R1RGVWNPYVhlNzhDZ1lFQTlhQkMKb0hIdDRKTVlxRHJBZ1BIVnRpaWhoWDJpT3RsamxMUy9pVXVhenBSaUVhajdsZGZoTURGVG9xNkZId0ZCelErVwpCV09TNTlBQ1lYaVZKTS9nRHJRaVNWQ3QyRTFMa2dYTmVMQWJYaUJZSXcwNlQ4eDhsSmRTZzdid01OTU93SDBzClpMOUdLbm9zSWdqaS9MMDZaUndsOFBCU1hWVUF3VU9yV2RaakZta0NnWUI1bVRHZ3haTUdzbUpZYlJQeG5qK28KQnMyWkF0L1lkL2h3emlMcWMvTytTWTBoaWNZMjZhK29URThHeE1nblAxQ0QrUDF0dGZqdVR5VEQ0YXZQcFRpKwpVTi9zeStMR2svby93UlBzQnBJakZ5dlByM0pid2E2L3NiNUVMTmNTa3EyOWtuZE5HbUN5MjJrb2JFZEl6aW01ClpHaUt6K3BsN1BqTEtBRGFjM3BKZVFLQmdDRGlVY2sxTjRtblo5ZXQ5ZlBOYkxVMGYxdGwxSUJZZGxLRVdGaEQKUFBpSE9SSHdNNjU5OW5JRFNKVXhGRFZ3YjZUS2YyVTlUWCtuZzRvVklMS0srZzQ5NDVFNU1lMFJmQnFTbUUyZQpGaXZsM0tia3NIZmFncHRLSHd2dlEvemxaTVkwZStzSkNKWExRWGxWQXo2ZS91Qm1nbFhkZHNsMEJlUFo4V2pYCm9QQnhBb0dCQUlHQW1Oek1xNi8yS0NOQ3VmWkVDZGJ5NEMwVnVwTTJ4aHZkSmJ6Z2F0cFVxZ2d6LytzQlNBNVcKTzlXd21uQmFZdFBUcHZWdXFXUU9mYmF0RERmMlJab2lOUnBlMGQwdE9GeVFrZEh3UUVDdCtFYTZIMWpRYkh2MwoxVnFGeTBDbDFxYmZRektibzdaMmh4NnlXbElBaUJ6Yy8yeWt3cEhZbzdiMFo4K3ltOUtiCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBODB0ZUlBTmM2M0dVQnU4U2hsZkh5OE1TRWR1UTRqbUJWbkFHNndNNnlkd2VvOE1LClMvZDFWSi9qWmRSMytnTVJMU0Y5d0xYU0hTaVBiK0VaOWcxc0RSUDhYaHFoSEFzKzN2dS9rRnkrVkthN2d5ZnAKTGJGTkNsOS9vRStKZUxReWh3S2JwS1lrODg0ZDhKaGlhVFJvR05BRnVLZEVNVEpzZkd1NU5YbFh2RnFnSWJ5bAo3d3BCWGF6WXBjZUFoZUQ3azFMTlBNdnpaZ3llcWw0dk9qUDg4ck9vQnpObWx4Z284NDZVblI3RzQvc25nREV1ClpPZXdYSWZlRVhXZDU1VTVzaFFtZWN6aExiaUducFZUNG9PWGhPWk9iR3p6M2tjVEk4WXE5Vzh4KzBWSi9pZkoKQ0VYVitETzFEUXI2MEZDVTloSnQ3N2kwZ2NGWE9MNk5IYUVyVndJREFRQUJBb0lCQUhEeGxBaVloeEpsNzZvbwpZaGtydHZ6STJpS2dJMnBoOThFQTBMVlpFbm1UVGtZSHpVZm00UGtnSUppdFFlVTJkMHJVT1dTMUE0MjF2cURaCmh3dkt2MVp5NkwxbTcxUHRoSXBQcEdhSUozTjAwNmZYWjFCbTlyVFNFSldEVnZaSjhRcnNFd1VrZkJNU3BLT0UKbW1yc2dVYkRpMlJsZ2lxMGxkaE15ZlloRnJIQkdNYy9yWmh6ZkZucHNPSzhzRlArTTUvSVhkUjYyS21TemFrdgpLcE55TDZ5dmFUWTZ5dGwwRTd3NE1VREtGZ28wczhIdHdNdHdtWXE5aUFpdVhnOUhnOFp0VExIVnREWDlBVGRJCjliZVB0TUFDdWdEd3daZ2ppMEdTd2h0dkdmZFhleE1OaUhFWGVVaWpVMUVMWVFVWGZ3TUF0Y3hQbGF1dTZUU1YKNGZhc1lJRUNnWUVBL1pIbDBkdFgyQ25IZGJjdWExZ2xVMHo1RHZXTVMyVHFSaHNTM3JsaEZNeFJ6cGlkTHVLaApzS2xiblQyOElZNDRaUFBic1U4QVUvK0E5QWVPZmx6dG5xZ3RFemphVW4wTzJ2c2NLUUpNWXY3N0lzcStrV3BtCjZBNVIxSDdGbzk4SGRxSmRnZ3pSenVZeDRkOTYrWTk3SUJRV0psSVZ2MW56R1RGVWNPYVhlNzhDZ1lFQTlhQkMKb0hIdDRKTVlxRHJBZ1BIVnRpaWhoWDJpT3RsamxMUy9pVXVhenBSaUVhajdsZGZoTURGVG9xNkZId0ZCelErVwpCV09TNTlBQ1lYaVZKTS9nRHJRaVNWQ3QyRTFMa2dYTmVMQWJYaUJZSXcwNlQ4eDhsSmRTZzdid01OTU93SDBzClpMOUdLbm9zSWdqaS9MMDZaUndsOFBCU1hWVUF3VU9yV2RaakZta0NnWUI1bVRHZ3haTUdzbUpZYlJQeG5qK28KQnMyWkF0L1lkL2h3emlMcWMvTytTWTBoaWNZMjZhK29URThHeE1nblAxQ0QrUDF0dGZqdVR5VEQ0YXZQcFRpKwpVTi9zeStMR2svby93UlBzQnBJakZ5dlByM0pid2E2L3NiNUVMTmNTa3EyOWtuZE5HbUN5MjJrb2JFZEl6aW01ClpHaUt6K3BsN1BqTEtBRGFjM3BKZVFLQmdDRGlVY2sxTjRtblo5ZXQ5ZlBOYkxVMGYxdGwxSUJZZGxLRVdGaEQKUFBpSE9SSHdNNjU5OW5JRFNKVXhGRFZ3YjZUS2YyVTlUWCtuZzRvVklMS0srZzQ5NDVFNU1lMFJmQnFTbUUyZQpGaXZsM0tia3NIZmFncHRLSHd2dlEvemxaTVkwZStzSkNKWExRWGxWQXo2ZS91Qm1nbFhkZHNsMEJlUFo4V2pYCm9QQnhBb0dCQUlHQW1Oek1xNi8yS0NOQ3VmWkVDZGJ5NEMwVnVwTTJ4aHZkSmJ6Z2F0cFVxZ2d6LytzQlNBNVcKTzlXd21uQmFZdFBUcHZWdXFXUU9mYmF0RERmMlJab2lOUnBlMGQwdE9GeVFrZEh3UUVDdCtFYTZIMWpRYkh2MwoxVnFGeTBDbDFxYmZRektibzdaMmh4NnlXbElBaUJ6Yy8yeWt3cEhZbzdiMFo4K3ltOUtiCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/dos/bad_clients_xff.sh b/tests/data/dos/bad_clients_xff.sh index c3fc83848f..7789fb4fcd 100755 --- a/tests/data/dos/bad_clients_xff.sh +++ b/tests/data/dos/bad_clients_xff.sh @@ -26,4 +26,4 @@ while true; do ${IP_AND_PORT}${URI} killall ab -done \ No newline at end of file +done diff --git a/tests/data/dos/dos-logconf.yaml b/tests/data/dos/dos-logconf.yaml index 885a524647..688f3ea786 100644 --- a/tests/data/dos/dos-logconf.yaml +++ b/tests/data/dos/dos-logconf.yaml @@ -3,9 +3,6 @@ kind: APDosLogConf metadata: name: doslogconf spec: - content: - format: splunk - max_message_size: 64k filter: traffic-mitigation-stats: all bad-actors: top 10 diff --git a/tests/data/dos/good_clients_xff.sh b/tests/data/dos/good_clients_xff.sh index f3a9b84aae..782c42504a 100755 --- a/tests/data/dos/good_clients_xff.sh +++ b/tests/data/dos/good_clients_xff.sh @@ -25,4 +25,4 @@ while true; do killall curl sleep 0.2 -done \ No newline at end of file +done diff --git a/tests/data/externalname-services/externalname-svc.yaml b/tests/data/externalname-services/externalname-svc.yaml index 5901eaeba7..2c63c23d36 100644 --- a/tests/data/externalname-services/externalname-svc.yaml +++ b/tests/data/externalname-services/externalname-svc.yaml @@ -4,4 +4,4 @@ metadata: name: externalname-service spec: type: ExternalName - externalName: external-backend-svc.external-ns.svc.cluster.local \ No newline at end of file + externalName: external-backend-svc.external-ns.svc.cluster.local diff --git a/tests/data/externalname-services/nginx-config.yaml b/tests/data/externalname-services/nginx-config.yaml index 5a68ee3f55..81959c03c2 100644 --- a/tests/data/externalname-services/nginx-config.yaml +++ b/tests/data/externalname-services/nginx-config.yaml @@ -3,4 +3,4 @@ apiVersion: v1 metadata: name: nginx-config data: - resolver-addresses: "kube-dns.kube-system.svc.cluster.local" \ No newline at end of file + resolver-addresses: "kube-dns.kube-system.svc.cluster.local" diff --git a/tests/data/filter-secrets/filtered-secret-1.yaml b/tests/data/filter-secrets/filtered-secret-1.yaml index 5df6c0121f..b70af65e20 100644 --- a/tests/data/filter-secrets/filtered-secret-1.yaml +++ b/tests/data/filter-secrets/filtered-secret-1.yaml @@ -3,4 +3,4 @@ kind: Secret metadata: name: filtered-secret-1 namespace: filtered-ns-1 -type: helm.sh/release.v1 \ No newline at end of file +type: helm.sh/release.v1 diff --git a/tests/data/filter-secrets/filtered-secret-2.yaml b/tests/data/filter-secrets/filtered-secret-2.yaml index 53cead7f67..3442fd099c 100644 --- a/tests/data/filter-secrets/filtered-secret-2.yaml +++ b/tests/data/filter-secrets/filtered-secret-2.yaml @@ -3,4 +3,4 @@ kind: Secret metadata: name: filtered-secret-2 namespace: filtered-ns-2 -type: helm.sh/release.v1 \ No newline at end of file +type: helm.sh/release.v1 diff --git a/tests/data/filter-secrets/nginx-ingress-secret.yaml b/tests/data/filter-secrets/nginx-ingress-secret.yaml index 29ac67d193..9695db867e 100644 --- a/tests/data/filter-secrets/nginx-ingress-secret.yaml +++ b/tests/data/filter-secrets/nginx-ingress-secret.yaml @@ -3,4 +3,4 @@ kind: Secret metadata: name: nginx-ingress-secret namespace: nginx-ingress -type: helm.sh/release.v1 \ No newline at end of file +type: helm.sh/release.v1 diff --git a/tests/data/ingress-mtls/client-auth/invalid/client-cert.pem b/tests/data/ingress-mtls/client-auth/invalid/client-cert.pem index 6e2239008b..a70d8f17a2 100644 --- a/tests/data/ingress-mtls/client-auth/invalid/client-cert.pem +++ b/tests/data/ingress-mtls/client-auth/invalid/client-cert.pem @@ -12,4 +12,4 @@ UqGZbUWUmKs3idMvQKokCPuJX0UE91diz4nKPmhpTbTxfnQ8IsKzhUCmZtY5/eTq lB/2FHKPGpjGnUcuBC28Erew3xk8dL554XI++oAxjrnQbNQBu0/LXCbsvdf3IAJA 7KxFbP5Ky66BVEZTnRl6ZAFOfQ/x5TisvmKpKGnWQwIDAQABMA0GCSqGSIb3DQEB swgtas ------END CERTIFICATE----- \ No newline at end of file +-----END CERTIFICATE----- diff --git a/tests/data/ingress-mtls/client-auth/valid/client-cert.pem b/tests/data/ingress-mtls/client-auth/valid/client-cert.pem index 4826b82796..5dc0dd90ea 100644 --- a/tests/data/ingress-mtls/client-auth/valid/client-cert.pem +++ b/tests/data/ingress-mtls/client-auth/valid/client-cert.pem @@ -17,4 +17,4 @@ iGLcTo3NG4IU6bMTFoDR9qkTte4cD9mexyFhEPDU5/uj02+kxU0IpGLhniXrRXbh I8iSAW6F2x1/pQcQSgsIkvef5t1RYOAapj/y9PLOE4dv7QMhgQpaKu0ASM9IeHz8 uNSxlAvZeoQvJrFKGVLZlmM7SHC2p5rpJkMfjecpr6yHVGkkTnLXwOB2EFtcL0K+ Sp83Sm5XIgP5KeC9F4H5JWI5vPQIYCPj ------END CERTIFICATE----- \ No newline at end of file +-----END CERTIFICATE----- diff --git a/tests/data/ingress-mtls/policies/ingress-mtls-invalid.yaml b/tests/data/ingress-mtls/policies/ingress-mtls-invalid.yaml index 90d07379ac..660587abac 100644 --- a/tests/data/ingress-mtls/policies/ingress-mtls-invalid.yaml +++ b/tests/data/ingress-mtls/policies/ingress-mtls-invalid.yaml @@ -6,4 +6,4 @@ spec: ingress_MTLS: # invalid/mis-spelled yaml keys clientCertSecret_: ingress-mtls-secret verifyadClient: "on" - verifyDeaerpth: 1 \ No newline at end of file + verifyDeaerpth: 1 diff --git a/tests/data/ingress-mtls/route-subroute/virtual-server-mtls.yaml b/tests/data/ingress-mtls/route-subroute/virtual-server-mtls.yaml index 3795beba77..2a8a89aff3 100644 --- a/tests/data/ingress-mtls/route-subroute/virtual-server-mtls.yaml +++ b/tests/data/ingress-mtls/route-subroute/virtual-server-mtls.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/ingress-mtls/route-subroute/virtual-server-route-mtls.yaml b/tests/data/ingress-mtls/route-subroute/virtual-server-route-mtls.yaml index 23e6856a13..e85f8bb9b1 100644 --- a/tests/data/ingress-mtls/route-subroute/virtual-server-route-mtls.yaml +++ b/tests/data/ingress-mtls/route-subroute/virtual-server-route-mtls.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/ingress-mtls/route-subroute/virtual-server-vsr.yaml b/tests/data/ingress-mtls/route-subroute/virtual-server-vsr.yaml index d381ab1a5a..81b134f9b9 100644 --- a/tests/data/ingress-mtls/route-subroute/virtual-server-vsr.yaml +++ b/tests/data/ingress-mtls/route-subroute/virtual-server-vsr.yaml @@ -10,4 +10,4 @@ spec: - path: "/backends" route: backends # implicit namespace - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/ingress-mtls/secret/ingress-mtls-secret.yaml b/tests/data/ingress-mtls/secret/ingress-mtls-secret.yaml index 9c069e6b79..418bb5e937 100644 --- a/tests/data/ingress-mtls/secret/ingress-mtls-secret.yaml +++ b/tests/data/ingress-mtls/secret/ingress-mtls-secret.yaml @@ -4,4 +4,4 @@ metadata: apiVersion: v1 type: nginx.org/ca data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQvVENDQXVXZ0F3SUJBZ0lVSzdhbU14OFlLWG1BVG51SkZETDlWS2ZUR2ZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZMHhDekFKQmdOVkJBWVRBbFZUTVFzd0NRWURWUVFJREFKRFFURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeQpZVzVqYVhOamJ6RU9NQXdHQTFVRUNnd0ZUa2RKVGxneEREQUtCZ05WQkFzTUEwdEpRekVXTUJRR0ExVUVBd3dOCmEybGpMbTVuYVc1NExtTnZiVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVhM1ZpWlhKdVpYUmxjMEJ1WjJsdWVDNWoKYjIwd0hoY05NakF3T1RFNE1qQXlOVEkyV2hjTk16QXdPVEUyTWpBeU5USTJXakNCalRFTE1Ba0dBMVVFQmhNQwpWVk14Q3pBSkJnTlZCQWdNQWtOQk1SWXdGQVlEVlFRSERBMVRZVzRnUm5KaGJtTnBjMk52TVE0d0RBWURWUVFLCkRBVk9SMGxPV0RFTU1Bb0dBMVVFQ3d3RFMwbERNUll3RkFZRFZRUUREQTFyYVdNdWJtZHBibmd1WTI5dE1TTXcKSVFZSktvWklodmNOQVFrQkZoUnJkV0psY201bGRHVnpRRzVuYVc1NExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTgpBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmFINVRzaTZzaUFsU085dEJnYmY3VVRwcWowMUhRTlQ2UjhtQy9pCjhLYXFaSW9XSUdvN2xhTW9xTDYydTc4ay9WOHM2Z0FJaU1DSzBjekFvTFhNSnlJQkxQeTg4Yzdtc2xwZXgxTkEKVmRtMkVTVkN6bVlERE1TT3FpVmszWmpYeC9URmo2QzhNRFhhRkZUWFg1dWdtbWdscnFCWlh0OVI5VVBwVTJMNwo1bEZ0NlJ2R3VGczgvbVZORVR5c1A0SFhCWlh2ZE9mdG1YWUkvK01hOW5CMzIzNjdmcTI0L0RKZ2YvK2xRbUsxCkJLR3poSTZSc1pSSmdWOXdpK1VuZTBYNjlaS2lLOFdXU3lZS252YnRrcHZuTDA2dGNJaXJZNi80UzZ4Sm1HRVQKZEJUNmVxc0NoSUpQUStWSEp5dTROdnV6WmVCUXpGdmMwNytnUGZkVWZra1FXODhDQXdFQUFhTlRNRkV3SFFZRApWUjBPQkJZRUZKUGdhcnFYa00rdEJ0djVhdndTUWhUQmpTU2VNQjhHQTFVZEl3UVlNQmFBRkpQZ2FycVhrTSt0CkJ0djVhdndTUWhUQmpTU2VNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUIKQUl3WXpoY0s4OWtRL0xGWjZFRHgrQWp2bnJTVSs1cmdwQkgrRjVTNUUyY3pXOE5rNXhySnl0Y0ZUbUtlKzZScwpENHlxeTZSVVFEeWNYaDlPelBjbzgzYTBoeFlCZ1M5MWtJa25wYWF4dndLRDJleWc3UGNnK1lkS1FhZFlMcUY0CmI3cWVtc1FVVkpOWHdkZS9VanRBejlEOTh4dngwM2hQY2Qwb2dzUUhWZ21BZVpFd2l3UzFmTy9WNUE4dTl3MEkKcHlJRTVReXlHcHNpS2dpalpiMmhrS05RVHVJcEhiVnFydVA4eEV6TlFnamhkdS9uUW5OYy9lRUltVUlrQkFUVQpiSHdQc2xwYzVhdVV1TXJxR3lEQ0p2QUJpV3J2SmE3Yi9XcmtDT3FUWVhtR2NGM0w1ZU9FeTBhYkp0M2NNcSs5CnJLTUNVQWlkNG0yNEthWnc3OUk2anNBPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \ No newline at end of file + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQvVENDQXVXZ0F3SUJBZ0lVSzdhbU14OFlLWG1BVG51SkZETDlWS2ZUR2ZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZMHhDekFKQmdOVkJBWVRBbFZUTVFzd0NRWURWUVFJREFKRFFURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeQpZVzVqYVhOamJ6RU9NQXdHQTFVRUNnd0ZUa2RKVGxneEREQUtCZ05WQkFzTUEwdEpRekVXTUJRR0ExVUVBd3dOCmEybGpMbTVuYVc1NExtTnZiVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVhM1ZpWlhKdVpYUmxjMEJ1WjJsdWVDNWoKYjIwd0hoY05NakF3T1RFNE1qQXlOVEkyV2hjTk16QXdPVEUyTWpBeU5USTJXakNCalRFTE1Ba0dBMVVFQmhNQwpWVk14Q3pBSkJnTlZCQWdNQWtOQk1SWXdGQVlEVlFRSERBMVRZVzRnUm5KaGJtTnBjMk52TVE0d0RBWURWUVFLCkRBVk9SMGxPV0RFTU1Bb0dBMVVFQ3d3RFMwbERNUll3RkFZRFZRUUREQTFyYVdNdWJtZHBibmd1WTI5dE1TTXcKSVFZSktvWklodmNOQVFrQkZoUnJkV0psY201bGRHVnpRRzVuYVc1NExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTgpBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmFINVRzaTZzaUFsU085dEJnYmY3VVRwcWowMUhRTlQ2UjhtQy9pCjhLYXFaSW9XSUdvN2xhTW9xTDYydTc4ay9WOHM2Z0FJaU1DSzBjekFvTFhNSnlJQkxQeTg4Yzdtc2xwZXgxTkEKVmRtMkVTVkN6bVlERE1TT3FpVmszWmpYeC9URmo2QzhNRFhhRkZUWFg1dWdtbWdscnFCWlh0OVI5VVBwVTJMNwo1bEZ0NlJ2R3VGczgvbVZORVR5c1A0SFhCWlh2ZE9mdG1YWUkvK01hOW5CMzIzNjdmcTI0L0RKZ2YvK2xRbUsxCkJLR3poSTZSc1pSSmdWOXdpK1VuZTBYNjlaS2lLOFdXU3lZS252YnRrcHZuTDA2dGNJaXJZNi80UzZ4Sm1HRVQKZEJUNmVxc0NoSUpQUStWSEp5dTROdnV6WmVCUXpGdmMwNytnUGZkVWZra1FXODhDQXdFQUFhTlRNRkV3SFFZRApWUjBPQkJZRUZKUGdhcnFYa00rdEJ0djVhdndTUWhUQmpTU2VNQjhHQTFVZEl3UVlNQmFBRkpQZ2FycVhrTSt0CkJ0djVhdndTUWhUQmpTU2VNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUIKQUl3WXpoY0s4OWtRL0xGWjZFRHgrQWp2bnJTVSs1cmdwQkgrRjVTNUUyY3pXOE5rNXhySnl0Y0ZUbUtlKzZScwpENHlxeTZSVVFEeWNYaDlPelBjbzgzYTBoeFlCZ1M5MWtJa25wYWF4dndLRDJleWc3UGNnK1lkS1FhZFlMcUY0CmI3cWVtc1FVVkpOWHdkZS9VanRBejlEOTh4dngwM2hQY2Qwb2dzUUhWZ21BZVpFd2l3UzFmTy9WNUE4dTl3MEkKcHlJRTVReXlHcHNpS2dpalpiMmhrS05RVHVJcEhiVnFydVA4eEV6TlFnamhkdS9uUW5OYy9lRUltVUlrQkFUVQpiSHdQc2xwYzVhdVV1TXJxR3lEQ0p2QUJpV3J2SmE3Yi9XcmtDT3FUWVhtR2NGM0w1ZU9FeTBhYkp0M2NNcSs5CnJLTUNVQWlkNG0yNEthWnc3OUk2anNBPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== diff --git a/tests/data/ingress-mtls/secret/tls-secret.yaml b/tests/data/ingress-mtls/secret/tls-secret.yaml index c6074bc3e3..94ae7202ea 100644 --- a/tests/data/ingress-mtls/secret/tls-secret.yaml +++ b/tests/data/ingress-mtls/secret/tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN4akNDQWE0Q0NRREZadlNlYVF3b3dEQU5CZ2txaGtpRzl3MEJBUXNGQURBbE1TTXdJUVlEVlFRRERCcDIKYVhKMGRXRnNMWE5sY25abGNpNWxlR0Z0Y0d4bExtTnZiVEFlRncweU1UQTBNVFl4TkRNeU5EZGFGdzB6TVRBMApNVFF4TkRNeU5EZGFNQ1V4SXpBaEJnTlZCQU1NR25acGNuUjFZV3d0YzJWeWRtVnlMbVY0WVcxd2JHVXVZMjl0Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBcUROMmRjamdRaWd2UmpGODFSbWcKck9kNEdHbzhUdEx6WmU2RDVLUXdEYjFneXhHVEI5TUNEM0trMHg1YW8zUjRHSnFJSkdjL1hHbVQvQzdlZzc0agprYUVIOHFtbFdUREU3Vm0zcDhuc053aGtMYXBReGtXbHVsMDFjSlBrcmpRNEN4QW1VZ0w2L0FPUWhjSEtlUUsxCmhjUEJSOFJKbkJTNDlJb0lEOEpFdXhVeFp4TW1MMFRBSlhBQzNVNW50dXVPTGtYaGhsNVNhSnQzRkhUUjR1WXIKMHZpYndNbTBKMmkwUitkanZzYnRwT0FFbW5ZN2xjc3cyMU1rY1o4UkZSRVhiOHlsRVo2UUNIOEdFcEF0Nkh0OApWMUJBblpuZFJXWlNhUWRlOEd0WUUydFk1ZFVZMkdFemNTT014VHRueWEzc3puWEJOV0k1WjluV1RtMFQ2SERrCmN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBeDZ0TThObmRXVlhBdlBEWWw4VUg0ZHlqZEg3S3YKMnhueCtRRXR6eDd2VEV0aVBEd04wbmFkTWZSbjRTZjl0U0huTmZSZUhWcXNxZVVRNklGbUdrdERDR0ZCUWtscQp4V1p0aTUzd2c3blJxZncrWnltOW1nWDEyUTdpaGM3Y3d1cUVBSzRWYWVVNXZIcEhvcktFSjBYTkFFM1M2N0d0CmlpdWk4VTIxdHkraUNBd3ZnTUZiSnI2bEEwdlM0VUY0cTl4aTNHZ1JHSFdDdjlsNTFZY2JRSWVnVXQxVXVUNlUKNTRaZ0lBSGJJUENzQ2Z5NTkreEc3Q1VQOUwvb09Vc1IzZWxYVTJES2F4MFJCT29PalJXY3QyVGZlQWx0V0hTOApBNnJ6SUl0VThTK2w1dWNiZVhiVzh0djBRUE5vMU1UMEVvN0lDQ0tqSkZuVlA2eGNtWFV1dkRoVgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcUROMmRjamdRaWd2UmpGODFSbWdyT2Q0R0dvOFR0THpaZTZENUtRd0RiMWd5eEdUCkI5TUNEM0trMHg1YW8zUjRHSnFJSkdjL1hHbVQvQzdlZzc0amthRUg4cW1sV1RERTdWbTNwOG5zTndoa0xhcFEKeGtXbHVsMDFjSlBrcmpRNEN4QW1VZ0w2L0FPUWhjSEtlUUsxaGNQQlI4UkpuQlM0OUlvSUQ4SkV1eFV4WnhNbQpMMFRBSlhBQzNVNW50dXVPTGtYaGhsNVNhSnQzRkhUUjR1WXIwdmlid01tMEoyaTBSK2RqdnNidHBPQUVtblk3Cmxjc3cyMU1rY1o4UkZSRVhiOHlsRVo2UUNIOEdFcEF0Nkh0OFYxQkFuWm5kUldaU2FRZGU4R3RZRTJ0WTVkVVkKMkdFemNTT014VHRueWEzc3puWEJOV0k1WjluV1RtMFQ2SERrY3dJREFRQUJBb0lCQUNtTFJIZ0ZISGJhckFwLwpVS0RseW96S1F4eHNxT2FqTGVFQVQyMWFyRS9JZGE3U2NXbGVVY1QxQVFid0dWMEQrR0hEVVZzRWNWN202TmxCCnprM2wyYTB2ZytJSXlzRkR6Vy8rVitGR2UyU0FXeFg0V2lrT3JNZGlIRC9wRjNON2pGZ1hMZy9Wa3A1S1Z4amkKYTVzRjgwWE51dUI1OStCb01lS2NjUzlMUVdTZmliUFUzSDlidm8vWXZRem41ZTc1Y2pVcFA3V2FmY2Y4UzZVKwo0VkJwaC9mQmtCL2lOQk9rOHdZWTJMWkJaTkNaTmVsMy9kVldzNEJwdjY5ODNRU3BLVTdUam9OQ2N4eU9ReFZpCnI0YW9mbmRTQ2ZVN3d1L05oczZGOWQxYmVJVHhmR3RpWTFWYURlQ3BVZGZId0dCSGNjRGlEK1V3UklPZzJQN2YKY0ZSTzZERUNnWUVBM1RqZFZlTU4yZ0tUQVB5aHlETm5IdzEyL0RRRmd5MWc0aExQZmNCUEtxdjBZendhaU9IVQpSZXUyS3dBdWVKeEF1T09vSWVTZjFYYzdUSTZLUlBRVEc1SVNJa294NHVwSHBFeVZXN0JIeWlENmpYa0R5MTh6CmQ0MGRWc1JlMkZXd0pFOTNubkFIVWdvTk11dWdaaE8wa2x0M0EybGViR1JuY1N4TUg3NW94SHNDZ1lFQXdxVEEKY2JRcDVuRnhyL0hsMkVyTVU3SHZ5eG83UnNsVHE3VmNhWE1IT1EzdzZZL2NRampWRnJZMjFzeXpjOWtBblRzQgphbkJsMkE5aUdBdWZaTGlYNmM0dk5KK1dNM093L1lyZHlUTVB5elFBZjhWZUdPMlR0by85UWN3bi9Oa3JwVDJsCktDeERYek55bTlBLzFHNTUva29CVHBTc3ptd3paTFh5TjM1S2lta0NnWUJId0JISnNZTGttc0VqS00wd0tidmcKam5WeEIwNWlaVzF1NWJyMmhsRW0vZTZkNFBpYVBPU2thUGNFcTJKbkxBYXg4T1N2V1grZHRMWSs5bHhTVVBlQgprYmJmK0VDRjRJYXIrMHJXR2k2dW1GT3JYdnlrRVpTWHllVWlKejY3Mjg3dGQvak1Jbm05V2hVOTFyNkhYUXpNCkMyNW1aTjZET1cxemYzS1JPU2l4MFFLQmdHQmJwMW1pMDB0ZHhlWlFYblRoTXA0TWJLV2phc3owUmhPdlNQeDcKRVl4Uk5uNnAxV1NETmhwMFFsbThKT3FvOXdEZmdTZnNWTDdOZnNaZ21wd0dOazVzNERtdzkyNnBTMmw1SWFyRgpPSUJrVWdydTdsSnc2cnRxTlBvcDAzSDlJUHBBdGs1WSsxRlo2dGJ3RldsWTk5UEhWelpMcS9EVTUreG5sbTJhCmU5UmhBb0dCQU1STlFzYk00OGNVTlNQRnh1Y3ZnY3QySFVjRkoweXl1Z3V0cnhvUmZXUEtzWnZwZjA5NnlBS1UKMURLbXdpRStOS0F0S2VHVjlqdHNIZWdocVp5MHkzbkIzc0pkNlZxdnoxSFNGQzNCNStodGMraG4xdU4wOTlDRwpVSElXNnM3ZGI0eW1ULzFCaEJDd1RCYkIxRTQ0Y2FYQzdUa0xmVlJFSjRWbXBkUEpTcFh4Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcUROMmRjamdRaWd2UmpGODFSbWdyT2Q0R0dvOFR0THpaZTZENUtRd0RiMWd5eEdUCkI5TUNEM0trMHg1YW8zUjRHSnFJSkdjL1hHbVQvQzdlZzc0amthRUg4cW1sV1RERTdWbTNwOG5zTndoa0xhcFEKeGtXbHVsMDFjSlBrcmpRNEN4QW1VZ0w2L0FPUWhjSEtlUUsxaGNQQlI4UkpuQlM0OUlvSUQ4SkV1eFV4WnhNbQpMMFRBSlhBQzNVNW50dXVPTGtYaGhsNVNhSnQzRkhUUjR1WXIwdmlid01tMEoyaTBSK2RqdnNidHBPQUVtblk3Cmxjc3cyMU1rY1o4UkZSRVhiOHlsRVo2UUNIOEdFcEF0Nkh0OFYxQkFuWm5kUldaU2FRZGU4R3RZRTJ0WTVkVVkKMkdFemNTT014VHRueWEzc3puWEJOV0k1WjluV1RtMFQ2SERrY3dJREFRQUJBb0lCQUNtTFJIZ0ZISGJhckFwLwpVS0RseW96S1F4eHNxT2FqTGVFQVQyMWFyRS9JZGE3U2NXbGVVY1QxQVFid0dWMEQrR0hEVVZzRWNWN202TmxCCnprM2wyYTB2ZytJSXlzRkR6Vy8rVitGR2UyU0FXeFg0V2lrT3JNZGlIRC9wRjNON2pGZ1hMZy9Wa3A1S1Z4amkKYTVzRjgwWE51dUI1OStCb01lS2NjUzlMUVdTZmliUFUzSDlidm8vWXZRem41ZTc1Y2pVcFA3V2FmY2Y4UzZVKwo0VkJwaC9mQmtCL2lOQk9rOHdZWTJMWkJaTkNaTmVsMy9kVldzNEJwdjY5ODNRU3BLVTdUam9OQ2N4eU9ReFZpCnI0YW9mbmRTQ2ZVN3d1L05oczZGOWQxYmVJVHhmR3RpWTFWYURlQ3BVZGZId0dCSGNjRGlEK1V3UklPZzJQN2YKY0ZSTzZERUNnWUVBM1RqZFZlTU4yZ0tUQVB5aHlETm5IdzEyL0RRRmd5MWc0aExQZmNCUEtxdjBZendhaU9IVQpSZXUyS3dBdWVKeEF1T09vSWVTZjFYYzdUSTZLUlBRVEc1SVNJa294NHVwSHBFeVZXN0JIeWlENmpYa0R5MTh6CmQ0MGRWc1JlMkZXd0pFOTNubkFIVWdvTk11dWdaaE8wa2x0M0EybGViR1JuY1N4TUg3NW94SHNDZ1lFQXdxVEEKY2JRcDVuRnhyL0hsMkVyTVU3SHZ5eG83UnNsVHE3VmNhWE1IT1EzdzZZL2NRampWRnJZMjFzeXpjOWtBblRzQgphbkJsMkE5aUdBdWZaTGlYNmM0dk5KK1dNM093L1lyZHlUTVB5elFBZjhWZUdPMlR0by85UWN3bi9Oa3JwVDJsCktDeERYek55bTlBLzFHNTUva29CVHBTc3ptd3paTFh5TjM1S2lta0NnWUJId0JISnNZTGttc0VqS00wd0tidmcKam5WeEIwNWlaVzF1NWJyMmhsRW0vZTZkNFBpYVBPU2thUGNFcTJKbkxBYXg4T1N2V1grZHRMWSs5bHhTVVBlQgprYmJmK0VDRjRJYXIrMHJXR2k2dW1GT3JYdnlrRVpTWHllVWlKejY3Mjg3dGQvak1Jbm05V2hVOTFyNkhYUXpNCkMyNW1aTjZET1cxemYzS1JPU2l4MFFLQmdHQmJwMW1pMDB0ZHhlWlFYblRoTXA0TWJLV2phc3owUmhPdlNQeDcKRVl4Uk5uNnAxV1NETmhwMFFsbThKT3FvOXdEZmdTZnNWTDdOZnNaZ21wd0dOazVzNERtdzkyNnBTMmw1SWFyRgpPSUJrVWdydTdsSnc2cnRxTlBvcDAzSDlJUHBBdGs1WSsxRlo2dGJ3RldsWTk5UEhWelpMcS9EVTUreG5sbTJhCmU5UmhBb0dCQU1STlFzYk00OGNVTlNQRnh1Y3ZnY3QySFVjRkoweXl1Z3V0cnhvUmZXUEtzWnZwZjA5NnlBS1UKMURLbXdpRStOS0F0S2VHVjlqdHNIZWdocVp5MHkzbkIzc0pkNlZxdnoxSFNGQzNCNStodGMraG4xdU4wOTlDRwpVSElXNnM3ZGI0eW1ULzFCaEJDd1RCYkIxRTQ0Y2FYQzdUa0xmVlJFSjRWbXBkUEpTcFh4Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/ingress-mtls/spec/virtual-server-mtls.yaml b/tests/data/ingress-mtls/spec/virtual-server-mtls.yaml index e2cf14ab30..960de19b29 100644 --- a/tests/data/ingress-mtls/spec/virtual-server-mtls.yaml +++ b/tests/data/ingress-mtls/spec/virtual-server-mtls.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/ingress-mtls/standard/virtual-server.yaml b/tests/data/ingress-mtls/standard/virtual-server.yaml index 3ab3de35cf..9ac63fba13 100644 --- a/tests/data/ingress-mtls/standard/virtual-server.yaml +++ b/tests/data/ingress-mtls/standard/virtual-server.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/jwt-auth-mergeable/jwt-master-secret-updated.yaml b/tests/data/jwt-auth-mergeable/jwt-master-secret-updated.yaml index aaa4f9496e..bc1674961e 100644 --- a/tests/data/jwt-auth-mergeable/jwt-master-secret-updated.yaml +++ b/tests/data/jwt-auth-mergeable/jwt-master-secret-updated.yaml @@ -4,4 +4,4 @@ metadata: name: jwt-master-jwk type: nginx.org/jwk data: - jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJZWGRsYzI5dFpXcDNkQSIsCiAgICAgICAgImt0eSI6Im9jdCIsCiAgICAgICAgImtpZCI6IjAwMDEiCiAgICB9XQp9 \ No newline at end of file + jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJZWGRsYzI5dFpXcDNkQSIsCiAgICAgICAgImt0eSI6Im9jdCIsCiAgICAgICAgImtpZCI6IjAwMDEiCiAgICB9XQp9 diff --git a/tests/data/jwt-auth-mergeable/jwt-master-secret.yaml b/tests/data/jwt-auth-mergeable/jwt-master-secret.yaml index 45576d4eb5..f238c02fc4 100644 --- a/tests/data/jwt-auth-mergeable/jwt-master-secret.yaml +++ b/tests/data/jwt-auth-mergeable/jwt-master-secret.yaml @@ -4,4 +4,4 @@ metadata: type: nginx.org/jwk apiVersion: v1 data: - jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJabUZ1ZEdGemRHbGphbmQwIiwKICAgICAgICAia3R5Ijoib2N0IiwKICAgICAgICAia2lkIjoiMDAwMSIKICAgIH1dCn0K \ No newline at end of file + jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJabUZ1ZEdGemRHbGphbmQwIiwKICAgICAgICAia3R5Ijoib2N0IiwKICAgICAgICAia2lkIjoiMDAwMSIKICAgIH1dCn0K diff --git a/tests/data/jwt-auth-mergeable/jwt-minion-secret-updated.yaml b/tests/data/jwt-auth-mergeable/jwt-minion-secret-updated.yaml index 670e3f7c00..b8723bcc3f 100644 --- a/tests/data/jwt-auth-mergeable/jwt-minion-secret-updated.yaml +++ b/tests/data/jwt-auth-mergeable/jwt-minion-secret-updated.yaml @@ -4,4 +4,4 @@ metadata: apiVersion: v1 type: nginx.org/jwk data: - jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJabUZ1ZEdGemRHbGphbmQwIiwKICAgICAgICAia3R5Ijoib2N0IiwKICAgICAgICAia2lkIjoiMDAwMSIKICAgIH1dCn0K \ No newline at end of file + jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJabUZ1ZEdGemRHbGphbmQwIiwKICAgICAgICAia3R5Ijoib2N0IiwKICAgICAgICAia2lkIjoiMDAwMSIKICAgIH1dCn0K diff --git a/tests/data/jwt-auth-mergeable/jwt-minion-secret.yaml b/tests/data/jwt-auth-mergeable/jwt-minion-secret.yaml index a16b932945..b3c3452e36 100644 --- a/tests/data/jwt-auth-mergeable/jwt-minion-secret.yaml +++ b/tests/data/jwt-auth-mergeable/jwt-minion-secret.yaml @@ -4,4 +4,4 @@ metadata: name: jwt-minion-jwk type: nginx.org/jwk data: - jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJZWGRsYzI5dFpXcDNkQSIsCiAgICAgICAgImt0eSI6Im9jdCIsCiAgICAgICAgImtpZCI6IjAwMDEiCiAgICB9XQp9 \ No newline at end of file + jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJZWGRsYzI5dFpXcDNkQSIsCiAgICAgICAgImt0eSI6Im9jdCIsCiAgICAgICAgImtpZCI6IjAwMDEiCiAgICB9XQp9 diff --git a/tests/data/jwt-auth-mergeable/tokens/jwt-auth-master-token.jwt b/tests/data/jwt-auth-mergeable/tokens/jwt-auth-master-token.jwt index c2cd066112..eacb21aa8d 100644 --- a/tests/data/jwt-auth-mergeable/tokens/jwt-auth-master-token.jwt +++ b/tests/data/jwt-auth-mergeable/tokens/jwt-auth-master-token.jwt @@ -1 +1 @@ -eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ.eyJuYW1lIjoiUXVvdGF0aW9uIFN5c3RlbSIsInN1YiI6InF1b3RlcyIsImlzcyI6Ik15IEFQSSBHYXRld2F5In0.ggVOHYnVFB8GVPE-VOIo3jD71gTkLffAY0hQOGXPL2I \ No newline at end of file +eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ.eyJuYW1lIjoiUXVvdGF0aW9uIFN5c3RlbSIsInN1YiI6InF1b3RlcyIsImlzcyI6Ik15IEFQSSBHYXRld2F5In0.ggVOHYnVFB8GVPE-VOIo3jD71gTkLffAY0hQOGXPL2I diff --git a/tests/data/jwt-auth-mergeable/tokens/jwt-auth-minion-token.jwt b/tests/data/jwt-auth-mergeable/tokens/jwt-auth-minion-token.jwt index 7b542ed848..e021410f04 100644 --- a/tests/data/jwt-auth-mergeable/tokens/jwt-auth-minion-token.jwt +++ b/tests/data/jwt-auth-mergeable/tokens/jwt-auth-minion-token.jwt @@ -1 +1 @@ -eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ.eyJuYW1lIjoiUXVvdGF0aW9uIFN5c3RlbSIsInN1YiI6InF1b3RlcyIsImlzcyI6Ik15IEFQSSBHYXRld2F5In0.E4Onuo44Qjz1rSNEKLqMFGCAesui2ELx3C79Aa0_XpY \ No newline at end of file +eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ.eyJuYW1lIjoiUXVvdGF0aW9uIFN5c3RlbSIsInN1YiI6InF1b3RlcyIsImlzcyI6Ik15IEFQSSBHYXRld2F5In0.E4Onuo44Qjz1rSNEKLqMFGCAesui2ELx3C79Aa0_XpY diff --git a/tests/data/jwt-policy/invalid-token.jwt b/tests/data/jwt-policy/invalid-token.jwt index a7efa809c6..153eae4327 100644 --- a/tests/data/jwt-policy/invalid-token.jwt +++ b/tests/data/jwt-policy/invalid-token.jwt @@ -1 +1 @@ -eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ..ggVOHYnVFB8GVPE-VOIo3jD71gTkLffAY0hQOGXPL2IhjjhhHHHhhhhhkhYGIUGHiladth \ No newline at end of file +eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ..ggVOHYnVFB8GVPE-VOIo3jD71gTkLffAY0hQOGXPL2IhjjhhHHHhhhhhkhYGIUGHiladth diff --git a/tests/data/jwt-policy/policies/jwt-policy-invalid-secret.yaml b/tests/data/jwt-policy/policies/jwt-policy-invalid-secret.yaml index 669bacded9..f2ebcb6b59 100644 --- a/tests/data/jwt-policy/policies/jwt-policy-invalid-secret.yaml +++ b/tests/data/jwt-policy/policies/jwt-policy-invalid-secret.yaml @@ -6,4 +6,4 @@ spec: jwt: realm: MyProductAPI secret: jwk-secret-invalid - token: $http_token \ No newline at end of file + token: $http_token diff --git a/tests/data/jwt-policy/policies/jwt-policy-invalid.yaml b/tests/data/jwt-policy/policies/jwt-policy-invalid.yaml index 4c907e4e8a..8e81b4d788 100644 --- a/tests/data/jwt-policy/policies/jwt-policy-invalid.yaml +++ b/tests/data/jwt-policy/policies/jwt-policy-invalid.yaml @@ -6,4 +6,4 @@ spec: jwt: realm: MyProductAPI secret: jwk-secret-valid - token: $$http_token \ No newline at end of file + token: $$http_token diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-override-route.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-override-route.yaml index ff90d3d9cb..3d61882493 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-override-route.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-override-route.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-override-spec-route-1.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-override-spec-route-1.yaml index fc50230447..5595d9fba8 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-override-spec-route-1.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-override-spec-route-1.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-override-spec-route-2.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-override-spec-route-2.yaml index 0eb02ac843..a07c0dd03f 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-override-spec-route-2.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-override-spec-route-2.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-route-invalid-subroute-secret.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-route-invalid-subroute-secret.yaml index 08bc9332d9..326e1d8b2e 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-route-invalid-subroute-secret.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-route-invalid-subroute-secret.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-route-invalid-subroute.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-route-invalid-subroute.yaml index bd87908942..6386c1ec46 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-route-invalid-subroute.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-route-invalid-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-route-override-subroute.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-route-override-subroute.yaml index 7c25af85f4..4e7ca16bd9 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-route-override-subroute.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-route-override-subroute.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-route-valid-subroute-multi.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-route-valid-subroute-multi.yaml index 42026b3d25..5a0e4b692a 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-route-valid-subroute-multi.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-route-valid-subroute-multi.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-route-valid-subroute.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-route-valid-subroute.yaml index cc3fb44a46..6b4cbb5ada 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-route-valid-subroute.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-route-valid-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-vsr-route-override.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-vsr-route-override.yaml index 29a28455dd..e7810830f9 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-vsr-route-override.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-vsr-route-override.yaml @@ -10,4 +10,4 @@ spec: - name: jwt-policy-valid route: backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/jwt-policy/route-subroute/virtual-server-vsr-spec-override.yaml b/tests/data/jwt-policy/route-subroute/virtual-server-vsr-spec-override.yaml index 04cc9a72de..e15522bcb1 100644 --- a/tests/data/jwt-policy/route-subroute/virtual-server-vsr-spec-override.yaml +++ b/tests/data/jwt-policy/route-subroute/virtual-server-vsr-spec-override.yaml @@ -10,4 +10,4 @@ spec: - path: "/backends" route: backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/jwt-policy/spec/virtual-server-policy-multi-1.yaml b/tests/data/jwt-policy/spec/virtual-server-policy-multi-1.yaml index 60063ee97a..1301600355 100644 --- a/tests/data/jwt-policy/spec/virtual-server-policy-multi-1.yaml +++ b/tests/data/jwt-policy/spec/virtual-server-policy-multi-1.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/jwt-policy/spec/virtual-server-policy-multi-2.yaml b/tests/data/jwt-policy/spec/virtual-server-policy-multi-2.yaml index 691f7e9a8f..b5b8b10fe5 100644 --- a/tests/data/jwt-policy/spec/virtual-server-policy-multi-2.yaml +++ b/tests/data/jwt-policy/spec/virtual-server-policy-multi-2.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/jwt-policy/spec/virtual-server-policy-single-invalid-pol.yaml b/tests/data/jwt-policy/spec/virtual-server-policy-single-invalid-pol.yaml index 4558b632ca..6351e6b230 100644 --- a/tests/data/jwt-policy/spec/virtual-server-policy-single-invalid-pol.yaml +++ b/tests/data/jwt-policy/spec/virtual-server-policy-single-invalid-pol.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/jwt-policy/spec/virtual-server-policy-single-invalid-secret.yaml b/tests/data/jwt-policy/spec/virtual-server-policy-single-invalid-secret.yaml index c44fc32755..1b1fb07969 100644 --- a/tests/data/jwt-policy/spec/virtual-server-policy-single-invalid-secret.yaml +++ b/tests/data/jwt-policy/spec/virtual-server-policy-single-invalid-secret.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/jwt-policy/spec/virtual-server-policy-single.yaml b/tests/data/jwt-policy/spec/virtual-server-policy-single.yaml index c88537e03c..f45335ec7f 100644 --- a/tests/data/jwt-policy/spec/virtual-server-policy-single.yaml +++ b/tests/data/jwt-policy/spec/virtual-server-policy-single.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/jwt-policy/token.jwt b/tests/data/jwt-policy/token.jwt index c2cd066112..eacb21aa8d 100644 --- a/tests/data/jwt-policy/token.jwt +++ b/tests/data/jwt-policy/token.jwt @@ -1 +1 @@ -eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ.eyJuYW1lIjoiUXVvdGF0aW9uIFN5c3RlbSIsInN1YiI6InF1b3RlcyIsImlzcyI6Ik15IEFQSSBHYXRld2F5In0.ggVOHYnVFB8GVPE-VOIo3jD71gTkLffAY0hQOGXPL2I \ No newline at end of file +eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ.eyJuYW1lIjoiUXVvdGF0aW9uIFN5c3RlbSIsInN1YiI6InF1b3RlcyIsImlzcyI6Ik15IEFQSSBHYXRld2F5In0.ggVOHYnVFB8GVPE-VOIo3jD71gTkLffAY0hQOGXPL2I diff --git a/tests/data/jwt-secrets/jwt-secret-invalid.yaml b/tests/data/jwt-secrets/jwt-secret-invalid.yaml index a1912e6797..5c494447e2 100644 --- a/tests/data/jwt-secrets/jwt-secret-invalid.yaml +++ b/tests/data/jwt-secrets/jwt-secret-invalid.yaml @@ -4,4 +4,4 @@ metadata: apiVersion: v1 type: nginx.org/jwk data: - invalid-jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJabUZ1ZEdGemRHbGphbmQwIiwKICAgICAgICAia3R5Ijoib2N0IiwKICAgICAgICAia2lkIjoiMDAwMSIKICAgIH1dCn0K \ No newline at end of file + invalid-jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJabUZ1ZEdGemRHbGphbmQwIiwKICAgICAgICAia3R5Ijoib2N0IiwKICAgICAgICAia2lkIjoiMDAwMSIKICAgIH1dCn0K diff --git a/tests/data/jwt-secrets/jwt-secret-updated.yaml b/tests/data/jwt-secrets/jwt-secret-updated.yaml index 762542b81b..498631a129 100644 --- a/tests/data/jwt-secrets/jwt-secret-updated.yaml +++ b/tests/data/jwt-secrets/jwt-secret-updated.yaml @@ -4,4 +4,4 @@ metadata: name: jwt-secrets-key type: nginx.org/jwk data: - jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJZWGRsYzI5dFpXcDNkQSIsCiAgICAgICAgImt0eSI6Im9jdCIsCiAgICAgICAgImtpZCI6IjAwMDEiCiAgICB9XQp9 \ No newline at end of file + jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJZWGRsYzI5dFpXcDNkQSIsCiAgICAgICAgImt0eSI6Im9jdCIsCiAgICAgICAgImtpZCI6IjAwMDEiCiAgICB9XQp9 diff --git a/tests/data/jwt-secrets/jwt-secret.yaml b/tests/data/jwt-secrets/jwt-secret.yaml index 125063e019..86730ac5aa 100644 --- a/tests/data/jwt-secrets/jwt-secret.yaml +++ b/tests/data/jwt-secrets/jwt-secret.yaml @@ -4,4 +4,4 @@ metadata: apiVersion: v1 type: nginx.org/jwk data: - jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJabUZ1ZEdGemRHbGphbmQwIiwKICAgICAgICAia3R5Ijoib2N0IiwKICAgICAgICAia2lkIjoiMDAwMSIKICAgIH1dCn0K \ No newline at end of file + jwk: eyJrZXlzIjoKICAgIFt7CiAgICAgICAgImsiOiJabUZ1ZEdGemRHbGphbmQwIiwKICAgICAgICAia3R5Ijoib2N0IiwKICAgICAgICAia2lkIjoiMDAwMSIKICAgIH1dCn0K diff --git a/tests/data/jwt-secrets/tokens/jwt-secrets-token.jwt b/tests/data/jwt-secrets/tokens/jwt-secrets-token.jwt index c2cd066112..eacb21aa8d 100644 --- a/tests/data/jwt-secrets/tokens/jwt-secrets-token.jwt +++ b/tests/data/jwt-secrets/tokens/jwt-secrets-token.jwt @@ -1 +1 @@ -eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ.eyJuYW1lIjoiUXVvdGF0aW9uIFN5c3RlbSIsInN1YiI6InF1b3RlcyIsImlzcyI6Ik15IEFQSSBHYXRld2F5In0.ggVOHYnVFB8GVPE-VOIo3jD71gTkLffAY0hQOGXPL2I \ No newline at end of file +eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ.eyJuYW1lIjoiUXVvdGF0aW9uIFN5c3RlbSIsInN1YiI6InF1b3RlcyIsImlzcyI6Ik15IEFQSSBHYXRld2F5In0.ggVOHYnVFB8GVPE-VOIo3jD71gTkLffAY0hQOGXPL2I diff --git a/tests/data/policy-ingress-class/virtual-server-policy.yaml b/tests/data/policy-ingress-class/virtual-server-policy.yaml index 9c61ce197f..90c3a19d63 100644 --- a/tests/data/policy-ingress-class/virtual-server-policy.yaml +++ b/tests/data/policy-ingress-class/virtual-server-policy.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/policy-ingress-class/virtual-server.yaml b/tests/data/policy-ingress-class/virtual-server.yaml index 182ae31b30..e13be980c9 100644 --- a/tests/data/policy-ingress-class/virtual-server.yaml +++ b/tests/data/policy-ingress-class/virtual-server.yaml @@ -18,4 +18,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/prometheus/transport-server/global-configuration.yaml b/tests/data/prometheus/transport-server/global-configuration.yaml index 434f885421..aa167f265c 100644 --- a/tests/data/prometheus/transport-server/global-configuration.yaml +++ b/tests/data/prometheus/transport-server/global-configuration.yaml @@ -1,5 +1,5 @@ apiVersion: k8s.nginx.org/v1alpha1 -kind: GlobalConfiguration +kind: GlobalConfiguration metadata: name: nginx-configuration spec: diff --git a/tests/data/prometheus/transport-server/passthrough.yaml b/tests/data/prometheus/transport-server/passthrough.yaml index 467c71a9d4..3d1c77b18d 100644 --- a/tests/data/prometheus/transport-server/passthrough.yaml +++ b/tests/data/prometheus/transport-server/passthrough.yaml @@ -12,4 +12,4 @@ spec: service: secure-app port: 8443 action: - pass: secure-app \ No newline at end of file + pass: secure-app diff --git a/tests/data/rate-limit/route-subroute/virtual-server-override-route.yaml b/tests/data/rate-limit/route-subroute/virtual-server-override-route.yaml index 3b9eca1cae..a70764fd7d 100644 --- a/tests/data/rate-limit/route-subroute/virtual-server-override-route.yaml +++ b/tests/data/rate-limit/route-subroute/virtual-server-override-route.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/rate-limit/route-subroute/virtual-server-override-spec-route.yaml b/tests/data/rate-limit/route-subroute/virtual-server-override-spec-route.yaml index 78971da348..a2dbb0e72f 100644 --- a/tests/data/rate-limit/route-subroute/virtual-server-override-spec-route.yaml +++ b/tests/data/rate-limit/route-subroute/virtual-server-override-spec-route.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/rate-limit/route-subroute/virtual-server-route-invalid-subroute.yaml b/tests/data/rate-limit/route-subroute/virtual-server-route-invalid-subroute.yaml index e81ccc68ac..d3ac78e653 100644 --- a/tests/data/rate-limit/route-subroute/virtual-server-route-invalid-subroute.yaml +++ b/tests/data/rate-limit/route-subroute/virtual-server-route-invalid-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/rate-limit/route-subroute/virtual-server-route-override-subroute.yaml b/tests/data/rate-limit/route-subroute/virtual-server-route-override-subroute.yaml index 867310299c..9924f8494f 100644 --- a/tests/data/rate-limit/route-subroute/virtual-server-route-override-subroute.yaml +++ b/tests/data/rate-limit/route-subroute/virtual-server-route-override-subroute.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/rate-limit/route-subroute/virtual-server-route-pri-subroute.yaml b/tests/data/rate-limit/route-subroute/virtual-server-route-pri-subroute.yaml index 6a4bed1877..92604bda50 100644 --- a/tests/data/rate-limit/route-subroute/virtual-server-route-pri-subroute.yaml +++ b/tests/data/rate-limit/route-subroute/virtual-server-route-pri-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/rate-limit/route-subroute/virtual-server-route-sec-subroute.yaml b/tests/data/rate-limit/route-subroute/virtual-server-route-sec-subroute.yaml index 93a693ad66..cb6b05792a 100644 --- a/tests/data/rate-limit/route-subroute/virtual-server-route-sec-subroute.yaml +++ b/tests/data/rate-limit/route-subroute/virtual-server-route-sec-subroute.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/rate-limit/route-subroute/virtual-server-vsr-route-override.yaml b/tests/data/rate-limit/route-subroute/virtual-server-vsr-route-override.yaml index 35d1a6bea0..d7a337c68a 100644 --- a/tests/data/rate-limit/route-subroute/virtual-server-vsr-route-override.yaml +++ b/tests/data/rate-limit/route-subroute/virtual-server-vsr-route-override.yaml @@ -10,4 +10,4 @@ spec: - name: rate-limit-primary route: backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/rate-limit/route-subroute/virtual-server-vsr-spec-override.yaml b/tests/data/rate-limit/route-subroute/virtual-server-vsr-spec-override.yaml index 78e802105f..e7f1ab864a 100644 --- a/tests/data/rate-limit/route-subroute/virtual-server-vsr-spec-override.yaml +++ b/tests/data/rate-limit/route-subroute/virtual-server-vsr-spec-override.yaml @@ -10,4 +10,4 @@ spec: - path: "/backends" route: backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/rate-limit/spec/virtual-server-invalid.yaml b/tests/data/rate-limit/spec/virtual-server-invalid.yaml index 34001bb4b4..ef68502d8d 100644 --- a/tests/data/rate-limit/spec/virtual-server-invalid.yaml +++ b/tests/data/rate-limit/spec/virtual-server-invalid.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/rate-limit/spec/virtual-server-override.yaml b/tests/data/rate-limit/spec/virtual-server-override.yaml index e1c9bbe082..6860267712 100644 --- a/tests/data/rate-limit/spec/virtual-server-override.yaml +++ b/tests/data/rate-limit/spec/virtual-server-override.yaml @@ -20,4 +20,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/rate-limit/spec/virtual-server-primary.yaml b/tests/data/rate-limit/spec/virtual-server-primary.yaml index 3772b6d0ed..60167d41e5 100644 --- a/tests/data/rate-limit/spec/virtual-server-primary.yaml +++ b/tests/data/rate-limit/spec/virtual-server-primary.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/rate-limit/spec/virtual-server-secondary.yaml b/tests/data/rate-limit/spec/virtual-server-secondary.yaml index ab2c6893a3..8ec27f245a 100644 --- a/tests/data/rate-limit/spec/virtual-server-secondary.yaml +++ b/tests/data/rate-limit/spec/virtual-server-secondary.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/rate-limit/standard/virtual-server.yaml b/tests/data/rate-limit/standard/virtual-server.yaml index 177bc6cd1f..5062d0079d 100644 --- a/tests/data/rate-limit/standard/virtual-server.yaml +++ b/tests/data/rate-limit/standard/virtual-server.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/rewrites/hello.yaml b/tests/data/rewrites/hello.yaml index efe44af4b0..025bb800a1 100644 --- a/tests/data/rewrites/hello.yaml +++ b/tests/data/rewrites/hello.yaml @@ -29,4 +29,4 @@ spec: protocol: TCP name: http selector: - app: hello \ No newline at end of file + app: hello diff --git a/tests/data/rewrites/virtual-server-parent.yaml b/tests/data/rewrites/virtual-server-parent.yaml index 9f14fb971b..87d244ea8c 100644 --- a/tests/data/rewrites/virtual-server-parent.yaml +++ b/tests/data/rewrites/virtual-server-parent.yaml @@ -14,4 +14,4 @@ spec: - path: ~ /regex1/?(.*) route: regex-1 - path: ~ /regex2/?(.*) - route: regex-2 \ No newline at end of file + route: regex-2 diff --git a/tests/data/rewrites/virtual-server-rewrite.yaml b/tests/data/rewrites/virtual-server-rewrite.yaml index ea274c19f7..bfe82ac867 100644 --- a/tests/data/rewrites/virtual-server-rewrite.yaml +++ b/tests/data/rewrites/virtual-server-rewrite.yaml @@ -41,4 +41,4 @@ spec: action: proxy: upstream: hello - rewritePath: /$1 \ No newline at end of file + rewritePath: /$1 diff --git a/tests/data/rewrites/virtual-server-route-prefixes.yaml b/tests/data/rewrites/virtual-server-route-prefixes.yaml index b545a73619..6099b785bd 100644 --- a/tests/data/rewrites/virtual-server-route-prefixes.yaml +++ b/tests/data/rewrites/virtual-server-route-prefixes.yaml @@ -31,4 +31,4 @@ spec: action: proxy: upstream: hello - rewritePath: / \ No newline at end of file + rewritePath: / diff --git a/tests/data/rewrites/virtual-server-route-regex1.yaml b/tests/data/rewrites/virtual-server-route-regex1.yaml index 975f361f20..ad74c2b391 100644 --- a/tests/data/rewrites/virtual-server-route-regex1.yaml +++ b/tests/data/rewrites/virtual-server-route-regex1.yaml @@ -13,4 +13,4 @@ spec: action: proxy: upstream: hello - rewritePath: /$1 \ No newline at end of file + rewritePath: /$1 diff --git a/tests/data/rewrites/virtual-server-route-regex2.yaml b/tests/data/rewrites/virtual-server-route-regex2.yaml index 239402e0eb..65fd6960de 100644 --- a/tests/data/rewrites/virtual-server-route-regex2.yaml +++ b/tests/data/rewrites/virtual-server-route-regex2.yaml @@ -13,4 +13,4 @@ spec: action: proxy: upstream: hello - rewritePath: /$1 \ No newline at end of file + rewritePath: /$1 diff --git a/tests/data/smoke/smoke-secret.yaml b/tests/data/smoke/smoke-secret.yaml index e9069a229a..cd482ed99a 100644 --- a/tests/data/smoke/smoke-secret.yaml +++ b/tests/data/smoke/smoke-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhZQ0NRREFPRjl0THNhWFdqQU5CZ2txaGtpRzl3MEJBUXNGQURCYU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MApaREViTUJrR0ExVUVBd3dTWTJGbVpTNWxlR0Z0Y0d4bExtTnZiU0FnTUI0WERURTRNRGt4TWpFMk1UVXpOVm9YCkRUSXpNRGt4TVRFMk1UVXpOVm93V0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ01Ba05CTVNFd0h3WUQKVlFRS0RCaEpiblJsY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEdUQVhCZ05WQkFNTUVHTmhabVV1WlhoaApiWEJzWlM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcDZLbjdzeTgxCnAwanVKL2N5ayt2Q0FtbHNmanRGTTJtdVpOSzBLdGVjcUcyZmpXUWI1NXhRMVlGQTJYT1N3SEFZdlNkd0kyaloKcnVXOHFYWENMMnJiNENaQ0Z4d3BWRUNyY3hkam0zdGVWaVJYVnNZSW1tSkhQUFN5UWdwaW9iczl4N0RsTGM2SQpCQTBaalVPeWwwUHFHOVNKZXhNVjczV0lJYTVyRFZTRjJyNGtTa2JBajREY2o3TFhlRmxWWEgySTVYd1hDcHRDCm42N0pDZzQyZitrOHdnemNSVnA4WFprWldaVmp3cTlSVUtEWG1GQjJZeU4xWEVXZFowZXdSdUtZVUpsc202OTIKc2tPcktRajB2a29QbjQxRUUvK1RhVkVwcUxUUm9VWTNyemc3RGtkemZkQml6Rk8yZHNQTkZ4MkNXMGpYa05MdgpLbzI1Q1pyT2hYQUhBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLSEZDY3lPalp2b0hzd1VCTWRMClJkSEliMzgzcFdGeW5acS9MdVVvdnNWQTU4QjBDZzdCRWZ5NXZXVlZycTVSSWt2NGxaODFOMjl4MjFkMUpINnIKalNuUXgrRFhDTy9USkVWNWxTQ1VwSUd6RVVZYVVQZ1J5anNNL05VZENKOHVIVmhaSitTNkZBK0NuT0Q5cm4yaQpaQmVQQ0k1ckh3RVh3bm5sOHl3aWozdnZRNXpISXV5QmdsV3IvUXl1aTlmalBwd1dVdlVtNG52NVNNRzl6Q1Y3ClBwdXd2dWF0cWpPMTIwOEJqZkUvY1pISWc4SHc5bXZXOXg5QytJUU1JTURFN2IvZzZPY0s3TEdUTHdsRnh2QTgKN1dqRWVxdW5heUlwaE1oS1JYVmYxTjM0OWVOOThFejM4Zk9USFRQYmRKakZBL1BjQytHeW1lK2lHdDVPUWRGaAp5UkU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcWVpcCs3TXZOYWRJN2lmM01wUHJ3Z0pwYkg0N1JUTnBybVRTdENyWG5LaHRuNDFrCkcrZWNVTldCUU5semtzQndHTDBuY0NObzJhN2x2S2wxd2k5cTIrQW1RaGNjS1ZSQXEzTVhZNXQ3WGxZa1YxYkcKQ0pwaVJ6ejBza0lLWXFHN1BjZXc1UzNPaUFRTkdZMURzcGRENmh2VWlYc1RGZTkxaUNHdWF3MVVoZHErSkVwRwp3SStBM0kreTEzaFpWVng5aU9WOEZ3cWJRcCt1eVFvT05uL3BQTUlNM0VWYWZGMlpHVm1WWThLdlVWQ2cxNWhRCmRtTWpkVnhGbldkSHNFYmltRkNaYkp1dmRySkRxeWtJOUw1S0Q1K05SQlAvazJsUkthaTAwYUZHTjY4NE93NUgKYzMzUVlzeFR0bmJEelJjZGdsdEkxNURTN3lxTnVRbWF6b1Z3QndJREFRQUJBb0lCQVFDUFNkU1luUXRTUHlxbApGZlZGcFRPc29PWVJoZjhzSStpYkZ4SU91UmF1V2VoaEp4ZG01Uk9ScEF6bUNMeUw1VmhqdEptZTIyM2dMcncyCk45OUVqVUtiL1ZPbVp1RHNCYzZvQ0Y2UU5SNThkejhjbk9SVGV3Y290c0pSMXBuMWhobG5SNUhxSkpCSmFzazEKWkVuVVFmY1hackw5NGxvOUpIM0UrVXFqbzFGRnM4eHhFOHdvUEJxalpzVjdwUlVaZ0MzTGh4bndMU0V4eUZvNApjeGI5U09HNU9tQUpvelN0Rm9RMkdKT2VzOHJKNXFmZHZ5dGdnOXhiTGFRTC94MGtwUTYyQm9GTUJEZHFPZVBXCktmUDV6WjYvMDcvdnBqNDh5QTFRMzJQem9idWJzQkxkM0tjbjMyamZtMUU3cHJ0V2wrSmVPRmlPem5CUUZKYk4KNHFQVlJ6NWhBb0dCQU50V3l4aE5DU0x1NFArWGdLeWNrbGpKNkY1NjY4Zk5qNUN6Z0ZScUowOXpuMFRsc05ybwpGVExaY3hEcW5SM0hQWU00MkpFUmgySi9xREZaeW5SUW8zY2czb2VpdlVkQlZHWTgrRkkxVzBxZHViL0w5K3l1CmVkT1pUUTVYbUdHcDZyNmpleHltY0ppbS9Pc0IzWm5ZT3BPcmxEN1NQbUJ2ek5MazRNRjZneGJYQW9HQkFNWk8KMHA2SGJCbWNQMHRqRlhmY0tFNzdJbUxtMHNBRzR1SG9VeDBlUGovMnFyblRuT0JCTkU0TXZnRHVUSnp5K2NhVQprOFJxbWRIQ2JIelRlNmZ6WXEvOWl0OHNaNzdLVk4xcWtiSWN1YytSVHhBOW5OaDFUanNSbmU3NFowajFGQ0xrCmhIY3FIMHJpN1BZU0tIVEU4RnZGQ3haWWRidUI4NENtWmlodnhicFJBb0dBSWJqcWFNWVBUWXVrbENkYTVTNzkKWVNGSjFKelplMUtqYS8vdER3MXpGY2dWQ0thMzFqQXdjaXowZi9sU1JxM0hTMUdHR21lemhQVlRpcUxmZVpxYwpSMGlLYmhnYk9jVlZrSkozSzB5QXlLd1BUdW14S0haNnpJbVpTMGMwYW0rUlk5WUdxNVQ3WXJ6cHpjZnZwaU9VCmZmZTNSeUZUN2NmQ21mb09oREN0enVrQ2dZQjMwb0xDMVJMRk9ycW40M3ZDUzUxemM1em9ZNDR1QnpzcHd3WU4KVHd2UC9FeFdNZjNWSnJEakJDSCtULzZzeXNlUGJKRUltbHpNK0l3eXRGcEFOZmlJWEV0LzQ4WGY2ME54OGdXTQp1SHl4Wlp4L05LdER3MFY4dlgxUE9ucTJBNWVpS2ErOGpSQVJZS0pMWU5kZkR1d29seHZHNmJaaGtQaS80RXRUCjNZMThzUUtCZ0h0S2JrKzdsTkpWZXN3WEU1Y1VHNkVEVXNEZS8yVWE3ZlhwN0ZjanFCRW9hcDFMU3crNlRYcDAKWmdybUtFOEFSek00NytFSkhVdmlpcS9udXBFMTVnMGtKVzNzeWhwVTl6WkxPN2x0QjBLSWtPOVpSY21Vam84UQpjcExsSE1BcWJMSjhXWUdKQ2toaVd4eWFsNmhZVHlXWTRjVmtDMHh0VGwvaFVFOUllTktvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcWVpcCs3TXZOYWRJN2lmM01wUHJ3Z0pwYkg0N1JUTnBybVRTdENyWG5LaHRuNDFrCkcrZWNVTldCUU5semtzQndHTDBuY0NObzJhN2x2S2wxd2k5cTIrQW1RaGNjS1ZSQXEzTVhZNXQ3WGxZa1YxYkcKQ0pwaVJ6ejBza0lLWXFHN1BjZXc1UzNPaUFRTkdZMURzcGRENmh2VWlYc1RGZTkxaUNHdWF3MVVoZHErSkVwRwp3SStBM0kreTEzaFpWVng5aU9WOEZ3cWJRcCt1eVFvT05uL3BQTUlNM0VWYWZGMlpHVm1WWThLdlVWQ2cxNWhRCmRtTWpkVnhGbldkSHNFYmltRkNaYkp1dmRySkRxeWtJOUw1S0Q1K05SQlAvazJsUkthaTAwYUZHTjY4NE93NUgKYzMzUVlzeFR0bmJEelJjZGdsdEkxNURTN3lxTnVRbWF6b1Z3QndJREFRQUJBb0lCQVFDUFNkU1luUXRTUHlxbApGZlZGcFRPc29PWVJoZjhzSStpYkZ4SU91UmF1V2VoaEp4ZG01Uk9ScEF6bUNMeUw1VmhqdEptZTIyM2dMcncyCk45OUVqVUtiL1ZPbVp1RHNCYzZvQ0Y2UU5SNThkejhjbk9SVGV3Y290c0pSMXBuMWhobG5SNUhxSkpCSmFzazEKWkVuVVFmY1hackw5NGxvOUpIM0UrVXFqbzFGRnM4eHhFOHdvUEJxalpzVjdwUlVaZ0MzTGh4bndMU0V4eUZvNApjeGI5U09HNU9tQUpvelN0Rm9RMkdKT2VzOHJKNXFmZHZ5dGdnOXhiTGFRTC94MGtwUTYyQm9GTUJEZHFPZVBXCktmUDV6WjYvMDcvdnBqNDh5QTFRMzJQem9idWJzQkxkM0tjbjMyamZtMUU3cHJ0V2wrSmVPRmlPem5CUUZKYk4KNHFQVlJ6NWhBb0dCQU50V3l4aE5DU0x1NFArWGdLeWNrbGpKNkY1NjY4Zk5qNUN6Z0ZScUowOXpuMFRsc05ybwpGVExaY3hEcW5SM0hQWU00MkpFUmgySi9xREZaeW5SUW8zY2czb2VpdlVkQlZHWTgrRkkxVzBxZHViL0w5K3l1CmVkT1pUUTVYbUdHcDZyNmpleHltY0ppbS9Pc0IzWm5ZT3BPcmxEN1NQbUJ2ek5MazRNRjZneGJYQW9HQkFNWk8KMHA2SGJCbWNQMHRqRlhmY0tFNzdJbUxtMHNBRzR1SG9VeDBlUGovMnFyblRuT0JCTkU0TXZnRHVUSnp5K2NhVQprOFJxbWRIQ2JIelRlNmZ6WXEvOWl0OHNaNzdLVk4xcWtiSWN1YytSVHhBOW5OaDFUanNSbmU3NFowajFGQ0xrCmhIY3FIMHJpN1BZU0tIVEU4RnZGQ3haWWRidUI4NENtWmlodnhicFJBb0dBSWJqcWFNWVBUWXVrbENkYTVTNzkKWVNGSjFKelplMUtqYS8vdER3MXpGY2dWQ0thMzFqQXdjaXowZi9sU1JxM0hTMUdHR21lemhQVlRpcUxmZVpxYwpSMGlLYmhnYk9jVlZrSkozSzB5QXlLd1BUdW14S0haNnpJbVpTMGMwYW0rUlk5WUdxNVQ3WXJ6cHpjZnZwaU9VCmZmZTNSeUZUN2NmQ21mb09oREN0enVrQ2dZQjMwb0xDMVJMRk9ycW40M3ZDUzUxemM1em9ZNDR1QnpzcHd3WU4KVHd2UC9FeFdNZjNWSnJEakJDSCtULzZzeXNlUGJKRUltbHpNK0l3eXRGcEFOZmlJWEV0LzQ4WGY2ME54OGdXTQp1SHl4Wlp4L05LdER3MFY4dlgxUE9ucTJBNWVpS2ErOGpSQVJZS0pMWU5kZkR1d29seHZHNmJaaGtQaS80RXRUCjNZMThzUUtCZ0h0S2JrKzdsTkpWZXN3WEU1Y1VHNkVEVXNEZS8yVWE3ZlhwN0ZjanFCRW9hcDFMU3crNlRYcDAKWmdybUtFOEFSek00NytFSkhVdmlpcS9udXBFMTVnMGtKVzNzeWhwVTl6WkxPN2x0QjBLSWtPOVpSY21Vam84UQpjcExsSE1BcWJMSjhXWUdKQ2toaVd4eWFsNmhZVHlXWTRjVmtDMHh0VGwvaFVFOUllTktvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/startup/virtual-server-routes/route.yaml b/tests/data/startup/virtual-server-routes/route.yaml index 004c5b36ea..5aee531e6a 100644 --- a/tests/data/startup/virtual-server-routes/route.yaml +++ b/tests/data/startup/virtual-server-routes/route.yaml @@ -8,4 +8,4 @@ spec: - path: "/route" action: return: - body: "Hello World\n" \ No newline at end of file + body: "Hello World\n" diff --git a/tests/data/startup/virtual-server-routes/virtual-server.yaml b/tests/data/startup/virtual-server-routes/virtual-server.yaml index b9ac1bfce9..09c2d05935 100644 --- a/tests/data/startup/virtual-server-routes/virtual-server.yaml +++ b/tests/data/startup/virtual-server-routes/virtual-server.yaml @@ -4,4 +4,4 @@ metadata: name: virtual-server spec: host: example.com - routes: \ No newline at end of file + routes: diff --git a/tests/data/tls/new-tls-secret.yaml b/tests/data/tls/new-tls-secret.yaml index 08403da833..42313aa24a 100644 --- a/tests/data/tls/new-tls-secret.yaml +++ b/tests/data/tls/new-tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyakNDQXNLZ0F3SUJBZ0lKQU9BV0U3RWVwbmhyTUEwR0NTcUdTSWIzRFFFQkJRVUFNRkV4Q3pBSkJnTlYKQkFZVEFrZENNUmN3RlFZRFZRUUlFdzVEWVcxaWNtbGtaMlZ6YUdseVpURU9NQXdHQTFVRUNoTUZibWRwYm5neApHVEFYQmdOVkJBTVRFR05oWm1VdVpYaGhiWEJzWlM1amIyMHdIaGNOTVRjd056TXhNVEUxTmpVNFdoY05NVGd3Ck56TXhNVEUxTmpVNFdqQlJNUXN3Q1FZRFZRUUdFd0pIUWpFWE1CVUdBMVVFQ0JNT1EyRnRZbkpwWkdkbGMyaHAKY21VeERqQU1CZ05WQkFvVEJXNW5hVzU0TVJrd0Z3WURWUVFERXhCallXWmxMbVY0WVcxd2JHVXVZMjl0TUlJQgpJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBODB0ZUlBTmM2M0dVQnU4U2hsZkh5OE1TCkVkdVE0am1CVm5BRzZ3TTZ5ZHdlbzhNS1MvZDFWSi9qWmRSMytnTVJMU0Y5d0xYU0hTaVBiK0VaOWcxc0RSUDgKWGhxaEhBcyszdnUva0Z5K1ZLYTdneWZwTGJGTkNsOS9vRStKZUxReWh3S2JwS1lrODg0ZDhKaGlhVFJvR05BRgp1S2RFTVRKc2ZHdTVOWGxYdkZxZ0lieWw3d3BCWGF6WXBjZUFoZUQ3azFMTlBNdnpaZ3llcWw0dk9qUDg4ck9vCkJ6Tm1seGdvODQ2VW5SN0c0L3NuZ0RFdVpPZXdYSWZlRVhXZDU1VTVzaFFtZWN6aExiaUducFZUNG9PWGhPWk8KYkd6ejNrY1RJOFlxOVc4eCswVkovaWZKQ0VYVitETzFEUXI2MEZDVTloSnQ3N2kwZ2NGWE9MNk5IYUVyVndJRApBUUFCbzRHME1JR3hNQjBHQTFVZERnUVdCQlJwSkg5b3RWYUtTM3dYV1IwdEZkK0hoQjRUYVRDQmdRWURWUjBqCkJIb3dlSUFVYVNSL2FMVldpa3Q4RjFrZExSWGZoNFFlRTJtaFZhUlRNRkV4Q3pBSkJnTlZCQVlUQWtkQ01SY3cKRlFZRFZRUUlFdzVEWVcxaWNtbGtaMlZ6YUdseVpURU9NQXdHQTFVRUNoTUZibWRwYm5neEdUQVhCZ05WQkFNVApFR05oWm1VdVpYaGhiWEJzWlM1amIyMkNDUURnRmhPeEhxWjRhekFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHClNJYjNEUUVCQlFVQUE0SUJBUUNsdEdaVE5SMFVVdVJqRVQxa1ZDdzB0QXY0YkswdFdUVDNoUVJkbmNkYjZRVGQKQkRUMEFPbjVTL1pSSytVZmJ2cllnSCsyRlZjZVE0Mzc1V2pNWGl4SUJ1QnprZlJMc01EMmZnMmlVc205NXcvUApZUFpmYW9vZjlMTVQ2V3BKYkl5N2VjWHpKZGN3aWJucnRkelc3VHljSE16ODlaZTEvR2xXRHQzZmp4YVlRTDhxCnRyWUFMWVFGU1NqZ2drdGRKeWkzRXdlem9jekV0dGFjSFYrb0xGT3F1c3EvMG83UDFabFJicXdHM3BqWUVHbUcKU3N3cVEzd25YMXpzamtBRFg2bkFCYkdaZHFaMWVZZVlIL0RTQm42ZFNGWjJaZEFRcWxIdTBJSE14aVdIa2poYwpoc1FwbUxNUFg4RTZ4SG5oT1dtbWRJVnAzbUlSdEEyQnhmYzROUWlQCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBODB0ZUlBTmM2M0dVQnU4U2hsZkh5OE1TRWR1UTRqbUJWbkFHNndNNnlkd2VvOE1LClMvZDFWSi9qWmRSMytnTVJMU0Y5d0xYU0hTaVBiK0VaOWcxc0RSUDhYaHFoSEFzKzN2dS9rRnkrVkthN2d5ZnAKTGJGTkNsOS9vRStKZUxReWh3S2JwS1lrODg0ZDhKaGlhVFJvR05BRnVLZEVNVEpzZkd1NU5YbFh2RnFnSWJ5bAo3d3BCWGF6WXBjZUFoZUQ3azFMTlBNdnpaZ3llcWw0dk9qUDg4ck9vQnpObWx4Z284NDZVblI3RzQvc25nREV1ClpPZXdYSWZlRVhXZDU1VTVzaFFtZWN6aExiaUducFZUNG9PWGhPWk9iR3p6M2tjVEk4WXE5Vzh4KzBWSi9pZkoKQ0VYVitETzFEUXI2MEZDVTloSnQ3N2kwZ2NGWE9MNk5IYUVyVndJREFRQUJBb0lCQUhEeGxBaVloeEpsNzZvbwpZaGtydHZ6STJpS2dJMnBoOThFQTBMVlpFbm1UVGtZSHpVZm00UGtnSUppdFFlVTJkMHJVT1dTMUE0MjF2cURaCmh3dkt2MVp5NkwxbTcxUHRoSXBQcEdhSUozTjAwNmZYWjFCbTlyVFNFSldEVnZaSjhRcnNFd1VrZkJNU3BLT0UKbW1yc2dVYkRpMlJsZ2lxMGxkaE15ZlloRnJIQkdNYy9yWmh6ZkZucHNPSzhzRlArTTUvSVhkUjYyS21TemFrdgpLcE55TDZ5dmFUWTZ5dGwwRTd3NE1VREtGZ28wczhIdHdNdHdtWXE5aUFpdVhnOUhnOFp0VExIVnREWDlBVGRJCjliZVB0TUFDdWdEd3daZ2ppMEdTd2h0dkdmZFhleE1OaUhFWGVVaWpVMUVMWVFVWGZ3TUF0Y3hQbGF1dTZUU1YKNGZhc1lJRUNnWUVBL1pIbDBkdFgyQ25IZGJjdWExZ2xVMHo1RHZXTVMyVHFSaHNTM3JsaEZNeFJ6cGlkTHVLaApzS2xiblQyOElZNDRaUFBic1U4QVUvK0E5QWVPZmx6dG5xZ3RFemphVW4wTzJ2c2NLUUpNWXY3N0lzcStrV3BtCjZBNVIxSDdGbzk4SGRxSmRnZ3pSenVZeDRkOTYrWTk3SUJRV0psSVZ2MW56R1RGVWNPYVhlNzhDZ1lFQTlhQkMKb0hIdDRKTVlxRHJBZ1BIVnRpaWhoWDJpT3RsamxMUy9pVXVhenBSaUVhajdsZGZoTURGVG9xNkZId0ZCelErVwpCV09TNTlBQ1lYaVZKTS9nRHJRaVNWQ3QyRTFMa2dYTmVMQWJYaUJZSXcwNlQ4eDhsSmRTZzdid01OTU93SDBzClpMOUdLbm9zSWdqaS9MMDZaUndsOFBCU1hWVUF3VU9yV2RaakZta0NnWUI1bVRHZ3haTUdzbUpZYlJQeG5qK28KQnMyWkF0L1lkL2h3emlMcWMvTytTWTBoaWNZMjZhK29URThHeE1nblAxQ0QrUDF0dGZqdVR5VEQ0YXZQcFRpKwpVTi9zeStMR2svby93UlBzQnBJakZ5dlByM0pid2E2L3NiNUVMTmNTa3EyOWtuZE5HbUN5MjJrb2JFZEl6aW01ClpHaUt6K3BsN1BqTEtBRGFjM3BKZVFLQmdDRGlVY2sxTjRtblo5ZXQ5ZlBOYkxVMGYxdGwxSUJZZGxLRVdGaEQKUFBpSE9SSHdNNjU5OW5JRFNKVXhGRFZ3YjZUS2YyVTlUWCtuZzRvVklMS0srZzQ5NDVFNU1lMFJmQnFTbUUyZQpGaXZsM0tia3NIZmFncHRLSHd2dlEvemxaTVkwZStzSkNKWExRWGxWQXo2ZS91Qm1nbFhkZHNsMEJlUFo4V2pYCm9QQnhBb0dCQUlHQW1Oek1xNi8yS0NOQ3VmWkVDZGJ5NEMwVnVwTTJ4aHZkSmJ6Z2F0cFVxZ2d6LytzQlNBNVcKTzlXd21uQmFZdFBUcHZWdXFXUU9mYmF0RERmMlJab2lOUnBlMGQwdE9GeVFrZEh3UUVDdCtFYTZIMWpRYkh2MwoxVnFGeTBDbDFxYmZRektibzdaMmh4NnlXbElBaUJ6Yy8yeWt3cEhZbzdiMFo4K3ltOUtiCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBODB0ZUlBTmM2M0dVQnU4U2hsZkh5OE1TRWR1UTRqbUJWbkFHNndNNnlkd2VvOE1LClMvZDFWSi9qWmRSMytnTVJMU0Y5d0xYU0hTaVBiK0VaOWcxc0RSUDhYaHFoSEFzKzN2dS9rRnkrVkthN2d5ZnAKTGJGTkNsOS9vRStKZUxReWh3S2JwS1lrODg0ZDhKaGlhVFJvR05BRnVLZEVNVEpzZkd1NU5YbFh2RnFnSWJ5bAo3d3BCWGF6WXBjZUFoZUQ3azFMTlBNdnpaZ3llcWw0dk9qUDg4ck9vQnpObWx4Z284NDZVblI3RzQvc25nREV1ClpPZXdYSWZlRVhXZDU1VTVzaFFtZWN6aExiaUducFZUNG9PWGhPWk9iR3p6M2tjVEk4WXE5Vzh4KzBWSi9pZkoKQ0VYVitETzFEUXI2MEZDVTloSnQ3N2kwZ2NGWE9MNk5IYUVyVndJREFRQUJBb0lCQUhEeGxBaVloeEpsNzZvbwpZaGtydHZ6STJpS2dJMnBoOThFQTBMVlpFbm1UVGtZSHpVZm00UGtnSUppdFFlVTJkMHJVT1dTMUE0MjF2cURaCmh3dkt2MVp5NkwxbTcxUHRoSXBQcEdhSUozTjAwNmZYWjFCbTlyVFNFSldEVnZaSjhRcnNFd1VrZkJNU3BLT0UKbW1yc2dVYkRpMlJsZ2lxMGxkaE15ZlloRnJIQkdNYy9yWmh6ZkZucHNPSzhzRlArTTUvSVhkUjYyS21TemFrdgpLcE55TDZ5dmFUWTZ5dGwwRTd3NE1VREtGZ28wczhIdHdNdHdtWXE5aUFpdVhnOUhnOFp0VExIVnREWDlBVGRJCjliZVB0TUFDdWdEd3daZ2ppMEdTd2h0dkdmZFhleE1OaUhFWGVVaWpVMUVMWVFVWGZ3TUF0Y3hQbGF1dTZUU1YKNGZhc1lJRUNnWUVBL1pIbDBkdFgyQ25IZGJjdWExZ2xVMHo1RHZXTVMyVHFSaHNTM3JsaEZNeFJ6cGlkTHVLaApzS2xiblQyOElZNDRaUFBic1U4QVUvK0E5QWVPZmx6dG5xZ3RFemphVW4wTzJ2c2NLUUpNWXY3N0lzcStrV3BtCjZBNVIxSDdGbzk4SGRxSmRnZ3pSenVZeDRkOTYrWTk3SUJRV0psSVZ2MW56R1RGVWNPYVhlNzhDZ1lFQTlhQkMKb0hIdDRKTVlxRHJBZ1BIVnRpaWhoWDJpT3RsamxMUy9pVXVhenBSaUVhajdsZGZoTURGVG9xNkZId0ZCelErVwpCV09TNTlBQ1lYaVZKTS9nRHJRaVNWQ3QyRTFMa2dYTmVMQWJYaUJZSXcwNlQ4eDhsSmRTZzdid01OTU93SDBzClpMOUdLbm9zSWdqaS9MMDZaUndsOFBCU1hWVUF3VU9yV2RaakZta0NnWUI1bVRHZ3haTUdzbUpZYlJQeG5qK28KQnMyWkF0L1lkL2h3emlMcWMvTytTWTBoaWNZMjZhK29URThHeE1nblAxQ0QrUDF0dGZqdVR5VEQ0YXZQcFRpKwpVTi9zeStMR2svby93UlBzQnBJakZ5dlByM0pid2E2L3NiNUVMTmNTa3EyOWtuZE5HbUN5MjJrb2JFZEl6aW01ClpHaUt6K3BsN1BqTEtBRGFjM3BKZVFLQmdDRGlVY2sxTjRtblo5ZXQ5ZlBOYkxVMGYxdGwxSUJZZGxLRVdGaEQKUFBpSE9SSHdNNjU5OW5JRFNKVXhGRFZ3YjZUS2YyVTlUWCtuZzRvVklMS0srZzQ5NDVFNU1lMFJmQnFTbUUyZQpGaXZsM0tia3NIZmFncHRLSHd2dlEvemxaTVkwZStzSkNKWExRWGxWQXo2ZS91Qm1nbFhkZHNsMEJlUFo4V2pYCm9QQnhBb0dCQUlHQW1Oek1xNi8yS0NOQ3VmWkVDZGJ5NEMwVnVwTTJ4aHZkSmJ6Z2F0cFVxZ2d6LytzQlNBNVcKTzlXd21uQmFZdFBUcHZWdXFXUU9mYmF0RERmMlJab2lOUnBlMGQwdE9GeVFrZEh3UUVDdCtFYTZIMWpRYkh2MwoxVnFGeTBDbDFxYmZRektibzdaMmh4NnlXbElBaUJ6Yy8yeWt3cEhZbzdiMFo4K3ltOUtiCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/tls/tls-secret.yaml b/tests/data/tls/tls-secret.yaml index d933b5315b..8bc4c22d8b 100644 --- a/tests/data/tls/tls-secret.yaml +++ b/tests/data/tls/tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9jbHdCelprYmlhTUEwR0NTcUdTSWIzRFFFQkJRVUFNRmd4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFaE1COEdBMVVFQ2hNWVNXNTBaWEp1WlhRZ1YybGtaMmwwY3lCUQpkSGtnVEhSa01Sa3dGd1lEVlFRREV4QmpZV1psTG1WNFlXMXdiR1V1WTI5dE1CNFhEVEUzTURnek1URXdNVGN5Ck1Gb1hEVEU0TURnek1URXdNVGN5TUZvd1dERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1TRXcKSHdZRFZRUUtFeGhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXhHVEFYQmdOVkJBTVRFR05oWm1VdQpaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzdIT0xJCm5oZjE1aUcxOE16RXBzN0lvZmxHQmovMi9NVjA0OWtBS0hrTnZOem1XaXRXWDV2QU1yRkF5THY0dXBIWDI5b0IKa3l6YUhlYyt2TlFibEh1bStINUtkUWZXWHFXNkJ6UnVhMzBreEkrcG91cnhpNy9jaDJORS92djBhRGtvaTJ0RAovOUI2aHAyVkoxWXFJdm9hQ2wwSmFYWDd0WEc4SGU1S1BSZzBYMm1Mblcwa29tay9ZVGRPbS9xOVRjUDRnUmhrCms3bUhJMDlSME5vNUhTbURydmVBWFEyY3lGWVJQVUNjWkNPd0h6UUdVUVB1UU0wNVArWUNnVlNRcElKWFV0b0kKbGdEMHhZZUw4UU1rZjZ0TWpYcXpTVVRhQlhzNkRKU2x1YWN1aHpkV212UnFPUVNNYlVpZ3dVUEZCRDVLRUFIcwozM0hHeVZ5dkI4cVlrYUczQWdNQkFBR2pnYnd3Z2Jrd0hRWURWUjBPQkJZRUZOdTQvMTdpSituRGxPMkoyVisvCitqM2x5SzVZTUlHSkJnTlZIU01FZ1lFd2Y0QVUyN2ovWHVJbjZjT1U3WW5aWDcvNlBlWElybGloWEtSYU1GZ3gKQ3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVoTUI4R0ExVUVDaE1ZU1c1MFpYSnVaWFFnVjJsawpaMmwwY3lCUWRIa2dUSFJrTVJrd0Z3WURWUVFERXhCallXWmxMbVY0WVcxd2JHVXVZMjl0Z2drQTV5WEFITm1SCnVKb3dEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRVUZBQU9DQVFFQUtGUHJBcXA3a3lzTDVGNnMKWFhWdXZkZzAyc0srUlpzb2F3QWVxbHlSRmpJeUlQL2VTajBhQjQwQmNOcWFyRHhwNjhBd1pZNG4yQk9EVmo5WgphOFlvV1YyOFpwamloaThxNnBPSElOa0MrOXpCY1hsZ2lvVUZBTERCcXFPTXFUZkw1cjNGejNUTGN1clozajhuCnUzL2hRVHNXZG5TZENWbmN0aXhaUHJ5cnhJSFlWSERiVHF4ZWdTQUN6WkU1MHMwdlRpMFJkNUkrcVdubVpIUloKL0hLNVZnNWlNS2E1clBPRTFaT2M3L2VnVjZ6R2p4THJiNEdlQ2JyTjBBb01tazNpL2d2K2kzL0N6aTlXOVhNNApwa2hQSjJUcEtMSjVaOHgxUVhjUW5Dem5yOEdtL2FuVzV4b3lDdWhjZzlXMlVSYzRKVTZ1UXh0WU9tczYrc0RxCjBBN1Y3UT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXh6aXlKNFg5ZVlodGZETXhLYk95S0g1UmdZLzl2ekZkT1BaQUNoNURiemM1bG9yClZsK2J3REt4UU1pNytMcVIxOXZhQVpNczJoM25QcnpVRzVSN3B2aCtTblVIMWw2bHVnYzBibXQ5Sk1TUHFhTHEKOFl1LzNJZGpSUDc3OUdnNUtJdHJRLy9RZW9hZGxTZFdLaUw2R2dwZENXbDErN1Z4dkIzdVNqMFlORjlwaTUxdApKS0pwUDJFM1RwdjZ2VTNEK0lFWVpKTzVoeU5QVWREYU9SMHBnNjczZ0YwTm5NaFdFVDFBbkdRanNCODBCbEVECjdrRE5PVC9tQW9GVWtLU0NWMUxhQ0pZQTlNV0hpL0VESkgrclRJMTZzMGxFMmdWN09neVVwYm1uTG9jM1ZwcjAKYWprRWpHMUlvTUZEeFFRK1NoQUI3Tjl4eHNsY3J3ZkttSkdodHdJREFRQUJBb0lCQUVuZHpXbUZmOUFEV2F1Sgp0RXl0elZSSEhURVhwb2pLb09qVVNnWlY4L1FJYXV4RkRIYThwNi9vVXpGUURXVFR3bCtFMnp0ajdvRHM3UzFIClBqVGxHU3VCVGRuMitYRVhURFYwUXE2VW9JS3pWa09SblU1ZDdSQVNJbzVLV3d6UldEODVTczg5WGdBQXhKVHQKUW9hLzZCdi9tMXJyMXpmWEdWODZNYWY5Rm1FVjI5bmpCcHZ3cUpzOFlUaFU5VE5BRUdnbkxBWGFJYTJZSUJTSgozcVhJd1RrdFBHUUZyZUowdnBiOVlaTkRxWk0rMmI1K3BBVEVXclpyeTQxTlpvdzhNUnVOYnoxVU5sWXkyazZKCjlXclUxUDVYM2l3dEZmcXA3TzREakNOMFR2Y1Y1Nm5QczJoYldDeHp4RmxFalJwNW5KQ3Bsdi9yNCt4eHJVRWQKd0NjU0x3RUNnWUVBOGVDUGM2S2JpSXVFUWxwVjcxTXRQMjdBZzhkMzN5aWZKajAvQ3R3RlF6dlhWcHZCSHFRagphUE1ZaEswZ3o0MzFHMGtqVUpTeUU2STJYVWhFU3gxZUw2TU5sVS9xc29Uc0JaZEV3N0cvMFRhdW1TQUJWemZPCkIvckdtbEZkZitxWVpiR3pIdGtvbVJWb1JqVWtPcGRJL3RnL1ZlSmJ3K1RIS2dYS01NU2V5cjhDZ1lFQXhnbTkKWXN5dVZVUGlEdDhuL1JXeEJwZ1Zqazk0M3BFOVFjK2FVK0VPcGROK2NNQjkvaGJiWUpMZEZ2WUUwd2s1cEQ1SQpibktscjZycndEVUJKNWY2TXM0L3gyS3JISjlCQ3VNT3JyTEVTVm42ZG9NdDhWdEtpQkVLTVFuSnIzYmM4UDV3CnpvVmNhRGl1dCtISjcySG83cG5QQTFhaS9QV1ZwM2pZUTlCSXZ3a0NnWUJRNzkzUXlmYlZxQ25uc2liVFlMZmgKWkFRVGxLbXVDUC9JWWZJNGhndFV4aTkya2NQN3B0MGFmMDRUQjRQVk1DRjJzZkNaUkVpYWZVdEh4Nmppb2I4awpuYUVyOTRRSG5LY0Y3K3BZdWFBQU9CWVFzejcvbW5MZEJMTjBiQW1uaGk3Y3lLdXhoT1VxNUpqeDlWSmNNTWVDClQ0WlNETjY4SEUvdzVlTVVrcGE0TFFLQmdGM0piUXhtUE1XYW9XdERtYytNdjBxTktlQThtTlJtMmlqWnBZL0YKek1jUnN4YTR3ckpicHNkRXBqbmlod1Jlb1JLOGdGYjJLcXRYK2RBTUNpRHpJNFYrRWN4ZVdRVDBFcnlTTFhqawpwbnJLaHdnck5jM1EyeW8zVDZsTHBsMVhvR2p0UndVM09UME9Zd2dvZ1JiQ09xc000bklGVEtrWnNTY2YzdU8yCnQwenBBb0dCQU5Fc1V4Yit6UHpKbEgwL2hOTlhteisvNGx4aXlJb1ZQQXgzaEtBemtjOGtkZzhoS25XWkZhK0YKTjZMOXZjTDhNbnRjNHpmVDdDanNxWGJ2cGUzRUFOeGk4TWRSZzd1Z093L2NiZWdLVklZY3hTdXdRKzYrNUZYOApKRzlhbGxzdXovTk40b2RpMzRvblpEVmRZcURnY2xaZnZucXZKMHZWSzc1VXhQZ3F3aUJQCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXh6aXlKNFg5ZVlodGZETXhLYk95S0g1UmdZLzl2ekZkT1BaQUNoNURiemM1bG9yClZsK2J3REt4UU1pNytMcVIxOXZhQVpNczJoM25QcnpVRzVSN3B2aCtTblVIMWw2bHVnYzBibXQ5Sk1TUHFhTHEKOFl1LzNJZGpSUDc3OUdnNUtJdHJRLy9RZW9hZGxTZFdLaUw2R2dwZENXbDErN1Z4dkIzdVNqMFlORjlwaTUxdApKS0pwUDJFM1RwdjZ2VTNEK0lFWVpKTzVoeU5QVWREYU9SMHBnNjczZ0YwTm5NaFdFVDFBbkdRanNCODBCbEVECjdrRE5PVC9tQW9GVWtLU0NWMUxhQ0pZQTlNV0hpL0VESkgrclRJMTZzMGxFMmdWN09neVVwYm1uTG9jM1ZwcjAKYWprRWpHMUlvTUZEeFFRK1NoQUI3Tjl4eHNsY3J3ZkttSkdodHdJREFRQUJBb0lCQUVuZHpXbUZmOUFEV2F1Sgp0RXl0elZSSEhURVhwb2pLb09qVVNnWlY4L1FJYXV4RkRIYThwNi9vVXpGUURXVFR3bCtFMnp0ajdvRHM3UzFIClBqVGxHU3VCVGRuMitYRVhURFYwUXE2VW9JS3pWa09SblU1ZDdSQVNJbzVLV3d6UldEODVTczg5WGdBQXhKVHQKUW9hLzZCdi9tMXJyMXpmWEdWODZNYWY5Rm1FVjI5bmpCcHZ3cUpzOFlUaFU5VE5BRUdnbkxBWGFJYTJZSUJTSgozcVhJd1RrdFBHUUZyZUowdnBiOVlaTkRxWk0rMmI1K3BBVEVXclpyeTQxTlpvdzhNUnVOYnoxVU5sWXkyazZKCjlXclUxUDVYM2l3dEZmcXA3TzREakNOMFR2Y1Y1Nm5QczJoYldDeHp4RmxFalJwNW5KQ3Bsdi9yNCt4eHJVRWQKd0NjU0x3RUNnWUVBOGVDUGM2S2JpSXVFUWxwVjcxTXRQMjdBZzhkMzN5aWZKajAvQ3R3RlF6dlhWcHZCSHFRagphUE1ZaEswZ3o0MzFHMGtqVUpTeUU2STJYVWhFU3gxZUw2TU5sVS9xc29Uc0JaZEV3N0cvMFRhdW1TQUJWemZPCkIvckdtbEZkZitxWVpiR3pIdGtvbVJWb1JqVWtPcGRJL3RnL1ZlSmJ3K1RIS2dYS01NU2V5cjhDZ1lFQXhnbTkKWXN5dVZVUGlEdDhuL1JXeEJwZ1Zqazk0M3BFOVFjK2FVK0VPcGROK2NNQjkvaGJiWUpMZEZ2WUUwd2s1cEQ1SQpibktscjZycndEVUJKNWY2TXM0L3gyS3JISjlCQ3VNT3JyTEVTVm42ZG9NdDhWdEtpQkVLTVFuSnIzYmM4UDV3CnpvVmNhRGl1dCtISjcySG83cG5QQTFhaS9QV1ZwM2pZUTlCSXZ3a0NnWUJRNzkzUXlmYlZxQ25uc2liVFlMZmgKWkFRVGxLbXVDUC9JWWZJNGhndFV4aTkya2NQN3B0MGFmMDRUQjRQVk1DRjJzZkNaUkVpYWZVdEh4Nmppb2I4awpuYUVyOTRRSG5LY0Y3K3BZdWFBQU9CWVFzejcvbW5MZEJMTjBiQW1uaGk3Y3lLdXhoT1VxNUpqeDlWSmNNTWVDClQ0WlNETjY4SEUvdzVlTVVrcGE0TFFLQmdGM0piUXhtUE1XYW9XdERtYytNdjBxTktlQThtTlJtMmlqWnBZL0YKek1jUnN4YTR3ckpicHNkRXBqbmlod1Jlb1JLOGdGYjJLcXRYK2RBTUNpRHpJNFYrRWN4ZVdRVDBFcnlTTFhqawpwbnJLaHdnck5jM1EyeW8zVDZsTHBsMVhvR2p0UndVM09UME9Zd2dvZ1JiQ09xc000bklGVEtrWnNTY2YzdU8yCnQwenBBb0dCQU5Fc1V4Yit6UHpKbEgwL2hOTlhteisvNGx4aXlJb1ZQQXgzaEtBemtjOGtkZzhoS25XWkZhK0YKTjZMOXZjTDhNbnRjNHpmVDdDanNxWGJ2cGUzRUFOeGk4TWRSZzd1Z093L2NiZWdLVklZY3hTdXdRKzYrNUZYOApKRzlhbGxzdXovTk40b2RpMzRvblpEVmRZcURnY2xaZnZucXZKMHZWSzc1VXhQZ3F3aUJQCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/transport-server-externalname/externalname-svc.yaml b/tests/data/transport-server-externalname/externalname-svc.yaml index c78d8f6b0b..c73f0addc3 100644 --- a/tests/data/transport-server-externalname/externalname-svc.yaml +++ b/tests/data/transport-server-externalname/externalname-svc.yaml @@ -4,4 +4,4 @@ metadata: name: externalname-service spec: type: ExternalName - externalName: core-dns-external-backend-svc.external-ns.svc.cluster.local \ No newline at end of file + externalName: core-dns-external-backend-svc.external-ns.svc.cluster.local diff --git a/tests/data/transport-server-externalname/nginx-config.yaml b/tests/data/transport-server-externalname/nginx-config.yaml index 5a68ee3f55..81959c03c2 100644 --- a/tests/data/transport-server-externalname/nginx-config.yaml +++ b/tests/data/transport-server-externalname/nginx-config.yaml @@ -3,4 +3,4 @@ apiVersion: v1 metadata: name: nginx-config data: - resolver-addresses: "kube-dns.kube-system.svc.cluster.local" \ No newline at end of file + resolver-addresses: "kube-dns.kube-system.svc.cluster.local" diff --git a/tests/data/transport-server-externalname/standard/global-configuration.yaml b/tests/data/transport-server-externalname/standard/global-configuration.yaml index 63a5213668..18b6c3928c 100644 --- a/tests/data/transport-server-externalname/standard/global-configuration.yaml +++ b/tests/data/transport-server-externalname/standard/global-configuration.yaml @@ -1,5 +1,5 @@ apiVersion: k8s.nginx.org/v1alpha1 -kind: GlobalConfiguration +kind: GlobalConfiguration metadata: name: nginx-configuration spec: diff --git a/tests/data/transport-server-status/standard/global-configuration.yaml b/tests/data/transport-server-status/standard/global-configuration.yaml index 63a5213668..18b6c3928c 100644 --- a/tests/data/transport-server-status/standard/global-configuration.yaml +++ b/tests/data/transport-server-status/standard/global-configuration.yaml @@ -1,5 +1,5 @@ apiVersion: k8s.nginx.org/v1alpha1 -kind: GlobalConfiguration +kind: GlobalConfiguration metadata: name: nginx-configuration spec: diff --git a/tests/data/transport-server-tcp-load-balance/standard/global-configuration.yaml b/tests/data/transport-server-tcp-load-balance/standard/global-configuration.yaml index ee3e679fa8..5052feab95 100644 --- a/tests/data/transport-server-tcp-load-balance/standard/global-configuration.yaml +++ b/tests/data/transport-server-tcp-load-balance/standard/global-configuration.yaml @@ -1,5 +1,5 @@ apiVersion: k8s.nginx.org/v1alpha1 -kind: GlobalConfiguration +kind: GlobalConfiguration metadata: name: nginx-configuration spec: diff --git a/tests/data/transport-server-tls-passthrough/nginx-config.yaml b/tests/data/transport-server-tls-passthrough/nginx-config.yaml index 7378c6c45a..cba1b15e5e 100644 --- a/tests/data/transport-server-tls-passthrough/nginx-config.yaml +++ b/tests/data/transport-server-tls-passthrough/nginx-config.yaml @@ -5,4 +5,4 @@ metadata: data: proxy-protocol: "True" real-ip-header: "proxy_protocol" - set-real-ip-from: "0.0.0.0/0" \ No newline at end of file + set-real-ip-from: "0.0.0.0/0" diff --git a/tests/data/transport-server-tls-passthrough/standard/secure-app.yaml b/tests/data/transport-server-tls-passthrough/standard/secure-app.yaml index 00ea5bc51c..0ec3adbc5f 100644 --- a/tests/data/transport-server-tls-passthrough/standard/secure-app.yaml +++ b/tests/data/transport-server-tls-passthrough/standard/secure-app.yaml @@ -72,4 +72,4 @@ metadata: name: app-tls-secret data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ3Q0NRQ3EzQWxhdnJiaWpqQU5CZ2txaGtpRzl3MEJBUXNGQURCTU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhGakFVQmdOVkJBY01EVk5oYmlCR2NtRnVZMmx6WTI4eEdEQVdCZ05WQkFNTQpEMkZ3Y0M1bGVHRnRjR3hsTG1OdmJUQWVGdzB5TURBek1qTXlNekl3TkROYUZ3MHlNekF6TWpNeU16SXdORE5hCk1Fd3hDekFKQmdOVkJBWVRBbFZUTVFzd0NRWURWUVFJREFKRFFURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWoKYVhOamJ6RVlNQllHQTFVRUF3d1BZWEJ3TG1WNFlXMXdiR1V1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRgpBQU9DQVE4QU1JSUJDZ0tDQVFFQTJCRXhZR1JPRkhoN2VPMVlxeCtWRHMzRzMrVEhyTEZULzdEUFFEQlkza3pDCi9oZlprWCt3OW1NNkQ1RU9uK2lpVlNhUWlQMm1aNFA3N29pR0dmd3JrNjJ0eEQ5cHphODM5NC9aSjF5Q0dXZ1QKK2NWUEVZbkxjQktzSTRMcktJZ21oWVIwUjNzWWRjR1JkSXJWUFZlNUVUQlk1Z1U0RGhhMDZOUEIraitmK0krWgphWGIvMlRBekJhNHozMWpIQzg2amVQeTFMdklGazFiY3I2cSsxRGR5eklxcWxkRDYvU3Q4Q2t3cDlOaDFCUGFhCktZZ1ZVd010UVBib2s1cFFmbVMrdDg4NHdSM0dTTEU4VkxRbzgyYnJhNUR3emhIamlzOTlJRGhzbUt0U3lWOXMKaWNJbXp5dHBnSXlhTS9zWEhRQU9KbVFJblFteWgyekd1WFhTQ0lkRGtRSURBUUFCTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQ0tsVkhOZ1k5VHZLaW9Xb0tvdllCdnNRMmYrcmFOOEJwdWNDcnRvRm15NUczcGIzU2lPTndaCkF2cnhtSm4vR3lsa3JKTHBpQVA1eUNBNGI2Y2lYMnRGa3pQRmhJVFZKRTVBeDlpaEF2WWZwTUFSdWVqM29HN2UKd0xwQk1iUnlGbHJYV29NWUVBMGxsV0JueHRQQXZYS2Y4SVZGYTRSSDhzV1JJSDB4M2hFdjVtQ3VUZjJTRTg0QwpiNnNjS3Z3MW9CQU5VWGxXRVZVYTFmei9rWWZBa1lrdHZyV2JUcTZTWGxodXRJYWY4WEYzSUMrL2x1b3gzZThMCjBBcEFQVE5sZ0JwOTkvcXMrOG9PMWthSmQ1TmV6TnlJeXhSdUtJMzlDWkxuQm9OYmkzdlFYY1NzRCtYU2lYT0cKcEVnTjNtci8xRms4OVZMSENhTnkyKzBqMjZ0eWpiclcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRFlFVEZnWkU0VWVIdDQKN1Zpckg1VU96Y2JmNU1lc3NWUC9zTTlBTUZqZVRNTCtGOW1SZjdEMll6b1BrUTZmNktKVkpwQ0kvYVpuZy92dQppSVlaL0N1VHJhM0VQMm5OcnpmM2o5a25YSUlaYUJQNXhVOFJpY3R3RXF3amd1c29pQ2FGaEhSSGV4aDF3WkYwCml0VTlWN2tSTUZqbUJUZ09GclRvMDhINlA1LzRqNWxwZHYvWk1ETUZyalBmV01jTHpxTjQvTFV1OGdXVFZ0eXYKcXI3VU4zTE1pcXFWMFByOUszd0tUQ24wMkhVRTlwb3BpQlZUQXkxQTl1aVRtbEIrWkw2M3p6akJIY1pJc1R4VQp0Q2p6WnV0cmtQRE9FZU9LejMwZ09HeVlxMUxKWDJ5SndpYlBLMm1Bakpveit4Y2RBQTRtWkFpZENiS0hiTWE1CmRkSUloME9SQWdNQkFBRUNnZ0VCQUxYaW16ODZrT1A0bkhBcTFPYVEyb2l3dndhQTczbTNlUytZSm84eFk4NFcKcmxyNXRzUWR5dGxPcEhTd05yQjBSQnNNTU1XeFNPQ0JJWlltUlVVZ200cGd2Uk9rRWl2OG9VOThQMkE4SnFTKwprWHBFRjVCNi84K2pXRmM0Z1Q4SWhlMEZtR0VJQllvelhYL08wejBsV0h4WXg2MHluWUoycU9vS1FKT3A5YjlsCmpiUVBkaC9mN2ErRWF0RzZNUFlrNG5xSEY3a0FzcmNsRXo2SGUvaEx6NmRkSTJ1N2RMRjB6QlN0QjM5WDFRZysKZ1JzTittOXg1S1FVTXYxMktvajdLc2hEelozOG5hSjd5bDgycGhBV1lGZzBOZHlzRlBRbmt0WmlNSUxOblFjNwpOeUt0cHNQaUxIRE9ha05hdEZLU2lOaUJrUk1lY1ZUMlJNMzMzUG54bFVFQ2dZRUEvYTY5MEEralU4VFJNbVZyCk4vRnlYWkxYa1c5b2NxVjBRbTA0TDMrSExybFNCTlRWSzk2U1pVT203VjViTzIxNmd4S2dJK3IwYm5kdE5GTUQKLzFncDhsdlJNcUlIeGZTeUo4SHpsSzViT0lnaUpxRGhzK3BKWTZmLytIVzZ1QkZyN3NGS3lxbVlIQlA0SC9BdApsT3lLeEVjMHFXazFlT2tCMWNNSGx0WDRwemtDZ1lFQTJncDhDVDVYWjNMSWRQN2M1SHpDS1YwczBYS1hGNmYyCkxzclhPVlZaTmJCN1NIS1NsOTBIU2VWVGx3czdqSnNxcC9yWFY2aHF0eUdEaTg4aTFZekthcEF6dXl3b0U3TnEKMUJpd2ZYSURQeTlPNUdGNXFYNXFUeENzSWNIcmo2Z21XMEZVQWhoS1lQcDRxd1JMdzFMZkJsd3U1VmhuN3I3ego0SkZBTEFpdlp4a0NnWUJicnpuKzVvZjdFSmtqQTdDYWlYTHlDczVLUzkrTi8rcGl6NktNMkNSOWFKRVNHZkhwClp3bTErNXRyRXIwYVgxajE0bGRxWTlKdjBrM3ZxVWs2a2h5bThUUk1mbThjeG5GVkdTMzF3SVpMaWpmOWlndkkKd0paQnBFaEkvaE83enVBWmJGYWhwR1hMVUJSUFJyalNxQ01IQ1UwcEpWTWtIZUtCNVhqcXRPNm5VUUtCZ0NJUAp6VHlzYm44TW9XQVZpSEJ4Uk91dFVKa1BxNmJZYUU3N0JSQkIwd1BlSkFRM1VjdERqaVh2RzFYWFBXQkR4VEFrCnNZdFNGZ214eEprTXJNWnJqaHVEbDNFLy9xckZOb1VYcmtxS2l4Tk4wcWMreXdDOWJPSVpHcXJUWG5jOHIzRkcKRFZlZWI5QWlrTU0ya3BkYTFOaHJnaS8xMVphb1lmVE0vQmRrNi9IUkFvR0JBSnFzTmFZYzE2clVzYzAzUEwybApXUGNzRnZxZGI3SEJyakVSRkhFdzQ0Vkt2MVlxK0ZWYnNNN1FTQVZ1V1llcGxGQUpDYzcrSEt1YjRsa1hRM1RkCndSajJLK2pOUzJtUXp1Y2hOQnlBZ1hXVnYveHhMZEE3NnpuWmJYdjl5cXhnTVVjTVZwZGRuSkxVZm9QVVZ1dTcKS0tlVVU3TTNIblRKUStrcldtbUxraUlSCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRFlFVEZnWkU0VWVIdDQKN1Zpckg1VU96Y2JmNU1lc3NWUC9zTTlBTUZqZVRNTCtGOW1SZjdEMll6b1BrUTZmNktKVkpwQ0kvYVpuZy92dQppSVlaL0N1VHJhM0VQMm5OcnpmM2o5a25YSUlaYUJQNXhVOFJpY3R3RXF3amd1c29pQ2FGaEhSSGV4aDF3WkYwCml0VTlWN2tSTUZqbUJUZ09GclRvMDhINlA1LzRqNWxwZHYvWk1ETUZyalBmV01jTHpxTjQvTFV1OGdXVFZ0eXYKcXI3VU4zTE1pcXFWMFByOUszd0tUQ24wMkhVRTlwb3BpQlZUQXkxQTl1aVRtbEIrWkw2M3p6akJIY1pJc1R4VQp0Q2p6WnV0cmtQRE9FZU9LejMwZ09HeVlxMUxKWDJ5SndpYlBLMm1Bakpveit4Y2RBQTRtWkFpZENiS0hiTWE1CmRkSUloME9SQWdNQkFBRUNnZ0VCQUxYaW16ODZrT1A0bkhBcTFPYVEyb2l3dndhQTczbTNlUytZSm84eFk4NFcKcmxyNXRzUWR5dGxPcEhTd05yQjBSQnNNTU1XeFNPQ0JJWlltUlVVZ200cGd2Uk9rRWl2OG9VOThQMkE4SnFTKwprWHBFRjVCNi84K2pXRmM0Z1Q4SWhlMEZtR0VJQllvelhYL08wejBsV0h4WXg2MHluWUoycU9vS1FKT3A5YjlsCmpiUVBkaC9mN2ErRWF0RzZNUFlrNG5xSEY3a0FzcmNsRXo2SGUvaEx6NmRkSTJ1N2RMRjB6QlN0QjM5WDFRZysKZ1JzTittOXg1S1FVTXYxMktvajdLc2hEelozOG5hSjd5bDgycGhBV1lGZzBOZHlzRlBRbmt0WmlNSUxOblFjNwpOeUt0cHNQaUxIRE9ha05hdEZLU2lOaUJrUk1lY1ZUMlJNMzMzUG54bFVFQ2dZRUEvYTY5MEEralU4VFJNbVZyCk4vRnlYWkxYa1c5b2NxVjBRbTA0TDMrSExybFNCTlRWSzk2U1pVT203VjViTzIxNmd4S2dJK3IwYm5kdE5GTUQKLzFncDhsdlJNcUlIeGZTeUo4SHpsSzViT0lnaUpxRGhzK3BKWTZmLytIVzZ1QkZyN3NGS3lxbVlIQlA0SC9BdApsT3lLeEVjMHFXazFlT2tCMWNNSGx0WDRwemtDZ1lFQTJncDhDVDVYWjNMSWRQN2M1SHpDS1YwczBYS1hGNmYyCkxzclhPVlZaTmJCN1NIS1NsOTBIU2VWVGx3czdqSnNxcC9yWFY2aHF0eUdEaTg4aTFZekthcEF6dXl3b0U3TnEKMUJpd2ZYSURQeTlPNUdGNXFYNXFUeENzSWNIcmo2Z21XMEZVQWhoS1lQcDRxd1JMdzFMZkJsd3U1VmhuN3I3ego0SkZBTEFpdlp4a0NnWUJicnpuKzVvZjdFSmtqQTdDYWlYTHlDczVLUzkrTi8rcGl6NktNMkNSOWFKRVNHZkhwClp3bTErNXRyRXIwYVgxajE0bGRxWTlKdjBrM3ZxVWs2a2h5bThUUk1mbThjeG5GVkdTMzF3SVpMaWpmOWlndkkKd0paQnBFaEkvaE83enVBWmJGYWhwR1hMVUJSUFJyalNxQ01IQ1UwcEpWTWtIZUtCNVhqcXRPNm5VUUtCZ0NJUAp6VHlzYm44TW9XQVZpSEJ4Uk91dFVKa1BxNmJZYUU3N0JSQkIwd1BlSkFRM1VjdERqaVh2RzFYWFBXQkR4VEFrCnNZdFNGZ214eEprTXJNWnJqaHVEbDNFLy9xckZOb1VYcmtxS2l4Tk4wcWMreXdDOWJPSVpHcXJUWG5jOHIzRkcKRFZlZWI5QWlrTU0ya3BkYTFOaHJnaS8xMVphb1lmVE0vQmRrNi9IUkFvR0JBSnFzTmFZYzE2clVzYzAzUEwybApXUGNzRnZxZGI3SEJyakVSRkhFdzQ0Vkt2MVlxK0ZWYnNNN1FTQVZ1V1llcGxGQUpDYzcrSEt1YjRsa1hRM1RkCndSajJLK2pOUzJtUXp1Y2hOQnlBZ1hXVnYveHhMZEE3NnpuWmJYdjl5cXhnTVVjTVZwZGRuSkxVZm9QVVZ1dTcKS0tlVVU3TTNIblRKUStrcldtbUxraUlSCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K diff --git a/tests/data/transport-server-tls-passthrough/standard/transport-server.yaml b/tests/data/transport-server-tls-passthrough/standard/transport-server.yaml index 0e3e3ffa03..868ee78e80 100644 --- a/tests/data/transport-server-tls-passthrough/standard/transport-server.yaml +++ b/tests/data/transport-server-tls-passthrough/standard/transport-server.yaml @@ -12,4 +12,4 @@ spec: service: secure-app port: 8443 action: - pass: secure-app \ No newline at end of file + pass: secure-app diff --git a/tests/data/transport-server-tls-passthrough/transport-server-same-host.yaml b/tests/data/transport-server-tls-passthrough/transport-server-same-host.yaml index 99177f7490..47f34a4b02 100644 --- a/tests/data/transport-server-tls-passthrough/transport-server-same-host.yaml +++ b/tests/data/transport-server-tls-passthrough/transport-server-same-host.yaml @@ -5,11 +5,11 @@ metadata: spec: listener: name: tls-passthrough - protocol: TLS_PASSTHROUGH + protocol: TLS_PASSTHROUGH host: app.example.com upstreams: - name: secure-app service: secure-app port: 8443 action: - pass: secure-app \ No newline at end of file + pass: secure-app diff --git a/tests/data/transport-server-tls-passthrough/virtual-server-same-host.yaml b/tests/data/transport-server-tls-passthrough/virtual-server-same-host.yaml index 0fb2af66f3..44e3fcd132 100644 --- a/tests/data/transport-server-tls-passthrough/virtual-server-same-host.yaml +++ b/tests/data/transport-server-tls-passthrough/virtual-server-same-host.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/transport-server-udp-load-balance/standard/global-configuration.yaml b/tests/data/transport-server-udp-load-balance/standard/global-configuration.yaml index 0393319e30..0de8f4f66c 100644 --- a/tests/data/transport-server-udp-load-balance/standard/global-configuration.yaml +++ b/tests/data/transport-server-udp-load-balance/standard/global-configuration.yaml @@ -1,5 +1,5 @@ apiVersion: k8s.nginx.org/v1alpha1 -kind: GlobalConfiguration +kind: GlobalConfiguration metadata: name: nginx-configuration spec: diff --git a/tests/data/virtual-server-advanced-routing/standard/virtual-server.yaml b/tests/data/virtual-server-advanced-routing/standard/virtual-server.yaml index e02a47dff7..df086ca179 100644 --- a/tests/data/virtual-server-advanced-routing/standard/virtual-server.yaml +++ b/tests/data/virtual-server-advanced-routing/standard/virtual-server.yaml @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-advanced-routing/virtual-server-argument.yaml b/tests/data/virtual-server-advanced-routing/virtual-server-argument.yaml index 4417e738c4..0dccb93b6c 100644 --- a/tests/data/virtual-server-advanced-routing/virtual-server-argument.yaml +++ b/tests/data/virtual-server-advanced-routing/virtual-server-argument.yaml @@ -8,10 +8,10 @@ spec: - name: backend2 service: backend2-svc port: 80 - - name: backend4-stable + - name: backend4-stable service: backend4-stable-svc port: 80 - - name: backend1-future + - name: backend1-future service: backend1-future-svc port: 80 - name: backend3-deprecated @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-advanced-routing/virtual-server-complex.yaml b/tests/data/virtual-server-advanced-routing/virtual-server-complex.yaml index 3524108903..de3c980aa0 100644 --- a/tests/data/virtual-server-advanced-routing/virtual-server-complex.yaml +++ b/tests/data/virtual-server-advanced-routing/virtual-server-complex.yaml @@ -8,10 +8,10 @@ spec: - name: backend2 service: backend2-svc port: 80 - - name: backend4-stable + - name: backend4-stable service: backend4-stable-svc port: 80 - - name: backend1-future + - name: backend1-future service: backend1-future-svc port: 80 - name: backend3-deprecated @@ -46,4 +46,4 @@ spec: pass: backend4-stable - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-advanced-routing/virtual-server-cookie.yaml b/tests/data/virtual-server-advanced-routing/virtual-server-cookie.yaml index a3bd6526c5..850c113b8a 100644 --- a/tests/data/virtual-server-advanced-routing/virtual-server-cookie.yaml +++ b/tests/data/virtual-server-advanced-routing/virtual-server-cookie.yaml @@ -8,10 +8,10 @@ spec: - name: backend2 service: backend2-svc port: 80 - - name: backend4-stable + - name: backend4-stable service: backend4-stable-svc port: 80 - - name: backend1-future + - name: backend1-future service: backend1-future-svc port: 80 - name: backend3-deprecated @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-advanced-routing/virtual-server-variable.yaml b/tests/data/virtual-server-advanced-routing/virtual-server-variable.yaml index 73c4b2ecfa..23701040d5 100644 --- a/tests/data/virtual-server-advanced-routing/virtual-server-variable.yaml +++ b/tests/data/virtual-server-advanced-routing/virtual-server-variable.yaml @@ -8,10 +8,10 @@ spec: - name: backend2 service: backend2-svc port: 80 - - name: backend4-stable + - name: backend4-stable service: backend4-stable-svc port: 80 - - name: backend1-future + - name: backend1-future service: backend1-future-svc port: 80 - name: backend3-deprecated @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-canned-responses/standard/virtual-server.yaml b/tests/data/virtual-server-canned-responses/standard/virtual-server.yaml index 27e1d69a17..ddb7447c20 100644 --- a/tests/data/virtual-server-canned-responses/standard/virtual-server.yaml +++ b/tests/data/virtual-server-canned-responses/standard/virtual-server.yaml @@ -41,4 +41,4 @@ spec: body: | line1 line2 - line3 \ No newline at end of file + line3 diff --git a/tests/data/virtual-server-canned-responses/virtual-server-invalid-openapi.yaml b/tests/data/virtual-server-canned-responses/virtual-server-invalid-openapi.yaml index 96e80c6c4e..1ee3673167 100644 --- a/tests/data/virtual-server-canned-responses/virtual-server-invalid-openapi.yaml +++ b/tests/data/virtual-server-canned-responses/virtual-server-invalid-openapi.yaml @@ -10,4 +10,4 @@ spec: return: code: "301" type: 100 - body: True \ No newline at end of file + body: True diff --git a/tests/data/virtual-server-canned-responses/virtual-server-invalid.yaml b/tests/data/virtual-server-canned-responses/virtual-server-invalid.yaml index ff251629c2..ae4a25140e 100644 --- a/tests/data/virtual-server-canned-responses/virtual-server-invalid.yaml +++ b/tests/data/virtual-server-canned-responses/virtual-server-invalid.yaml @@ -10,4 +10,4 @@ spec: return: code: 301 type: "anything will do" - body: "Variables must be enclosed in curly brackets: $request_uri" \ No newline at end of file + body: "Variables must be enclosed in curly brackets: $request_uri" diff --git a/tests/data/virtual-server-canned-responses/virtual-server-updated.yaml b/tests/data/virtual-server-canned-responses/virtual-server-updated.yaml index d254d9ceaa..56933e6288 100644 --- a/tests/data/virtual-server-canned-responses/virtual-server-updated.yaml +++ b/tests/data/virtual-server-canned-responses/virtual-server-updated.yaml @@ -16,4 +16,4 @@ spec: return: code: 201 type: "user-type" - body: "line1\\nline2" \ No newline at end of file + body: "line1\\nline2" diff --git a/tests/data/virtual-server-certmanager/tls-secret.yaml b/tests/data/virtual-server-certmanager/tls-secret.yaml index 056e3bd0ad..beb5f0b555 100644 --- a/tests/data/virtual-server-certmanager/tls-secret.yaml +++ b/tests/data/virtual-server-certmanager/tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9jbHdCelprYmlhTUEwR0NTcUdTSWIzRFFFQkJRVUFNRmd4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFaE1COEdBMVVFQ2hNWVNXNTBaWEp1WlhRZ1YybGtaMmwwY3lCUQpkSGtnVEhSa01Sa3dGd1lEVlFRREV4QmpZV1psTG1WNFlXMXdiR1V1WTI5dE1CNFhEVEUzTURnek1URXdNVGN5Ck1Gb1hEVEU0TURnek1URXdNVGN5TUZvd1dERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1TRXcKSHdZRFZRUUtFeGhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXhHVEFYQmdOVkJBTVRFR05oWm1VdQpaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzdIT0xJCm5oZjE1aUcxOE16RXBzN0lvZmxHQmovMi9NVjA0OWtBS0hrTnZOem1XaXRXWDV2QU1yRkF5THY0dXBIWDI5b0IKa3l6YUhlYyt2TlFibEh1bStINUtkUWZXWHFXNkJ6UnVhMzBreEkrcG91cnhpNy9jaDJORS92djBhRGtvaTJ0RAovOUI2aHAyVkoxWXFJdm9hQ2wwSmFYWDd0WEc4SGU1S1BSZzBYMm1Mblcwa29tay9ZVGRPbS9xOVRjUDRnUmhrCms3bUhJMDlSME5vNUhTbURydmVBWFEyY3lGWVJQVUNjWkNPd0h6UUdVUVB1UU0wNVArWUNnVlNRcElKWFV0b0kKbGdEMHhZZUw4UU1rZjZ0TWpYcXpTVVRhQlhzNkRKU2x1YWN1aHpkV212UnFPUVNNYlVpZ3dVUEZCRDVLRUFIcwozM0hHeVZ5dkI4cVlrYUczQWdNQkFBR2pnYnd3Z2Jrd0hRWURWUjBPQkJZRUZOdTQvMTdpSituRGxPMkoyVisvCitqM2x5SzVZTUlHSkJnTlZIU01FZ1lFd2Y0QVUyN2ovWHVJbjZjT1U3WW5aWDcvNlBlWElybGloWEtSYU1GZ3gKQ3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVoTUI4R0ExVUVDaE1ZU1c1MFpYSnVaWFFnVjJsawpaMmwwY3lCUWRIa2dUSFJrTVJrd0Z3WURWUVFERXhCallXWmxMbVY0WVcxd2JHVXVZMjl0Z2drQTV5WEFITm1SCnVKb3dEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRVUZBQU9DQVFFQUtGUHJBcXA3a3lzTDVGNnMKWFhWdXZkZzAyc0srUlpzb2F3QWVxbHlSRmpJeUlQL2VTajBhQjQwQmNOcWFyRHhwNjhBd1pZNG4yQk9EVmo5WgphOFlvV1YyOFpwamloaThxNnBPSElOa0MrOXpCY1hsZ2lvVUZBTERCcXFPTXFUZkw1cjNGejNUTGN1clozajhuCnUzL2hRVHNXZG5TZENWbmN0aXhaUHJ5cnhJSFlWSERiVHF4ZWdTQUN6WkU1MHMwdlRpMFJkNUkrcVdubVpIUloKL0hLNVZnNWlNS2E1clBPRTFaT2M3L2VnVjZ6R2p4THJiNEdlQ2JyTjBBb01tazNpL2d2K2kzL0N6aTlXOVhNNApwa2hQSjJUcEtMSjVaOHgxUVhjUW5Dem5yOEdtL2FuVzV4b3lDdWhjZzlXMlVSYzRKVTZ1UXh0WU9tczYrc0RxCjBBN1Y3UT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXh6aXlKNFg5ZVlodGZETXhLYk95S0g1UmdZLzl2ekZkT1BaQUNoNURiemM1bG9yClZsK2J3REt4UU1pNytMcVIxOXZhQVpNczJoM25QcnpVRzVSN3B2aCtTblVIMWw2bHVnYzBibXQ5Sk1TUHFhTHEKOFl1LzNJZGpSUDc3OUdnNUtJdHJRLy9RZW9hZGxTZFdLaUw2R2dwZENXbDErN1Z4dkIzdVNqMFlORjlwaTUxdApKS0pwUDJFM1RwdjZ2VTNEK0lFWVpKTzVoeU5QVWREYU9SMHBnNjczZ0YwTm5NaFdFVDFBbkdRanNCODBCbEVECjdrRE5PVC9tQW9GVWtLU0NWMUxhQ0pZQTlNV0hpL0VESkgrclRJMTZzMGxFMmdWN09neVVwYm1uTG9jM1ZwcjAKYWprRWpHMUlvTUZEeFFRK1NoQUI3Tjl4eHNsY3J3ZkttSkdodHdJREFRQUJBb0lCQUVuZHpXbUZmOUFEV2F1Sgp0RXl0elZSSEhURVhwb2pLb09qVVNnWlY4L1FJYXV4RkRIYThwNi9vVXpGUURXVFR3bCtFMnp0ajdvRHM3UzFIClBqVGxHU3VCVGRuMitYRVhURFYwUXE2VW9JS3pWa09SblU1ZDdSQVNJbzVLV3d6UldEODVTczg5WGdBQXhKVHQKUW9hLzZCdi9tMXJyMXpmWEdWODZNYWY5Rm1FVjI5bmpCcHZ3cUpzOFlUaFU5VE5BRUdnbkxBWGFJYTJZSUJTSgozcVhJd1RrdFBHUUZyZUowdnBiOVlaTkRxWk0rMmI1K3BBVEVXclpyeTQxTlpvdzhNUnVOYnoxVU5sWXkyazZKCjlXclUxUDVYM2l3dEZmcXA3TzREakNOMFR2Y1Y1Nm5QczJoYldDeHp4RmxFalJwNW5KQ3Bsdi9yNCt4eHJVRWQKd0NjU0x3RUNnWUVBOGVDUGM2S2JpSXVFUWxwVjcxTXRQMjdBZzhkMzN5aWZKajAvQ3R3RlF6dlhWcHZCSHFRagphUE1ZaEswZ3o0MzFHMGtqVUpTeUU2STJYVWhFU3gxZUw2TU5sVS9xc29Uc0JaZEV3N0cvMFRhdW1TQUJWemZPCkIvckdtbEZkZitxWVpiR3pIdGtvbVJWb1JqVWtPcGRJL3RnL1ZlSmJ3K1RIS2dYS01NU2V5cjhDZ1lFQXhnbTkKWXN5dVZVUGlEdDhuL1JXeEJwZ1Zqazk0M3BFOVFjK2FVK0VPcGROK2NNQjkvaGJiWUpMZEZ2WUUwd2s1cEQ1SQpibktscjZycndEVUJKNWY2TXM0L3gyS3JISjlCQ3VNT3JyTEVTVm42ZG9NdDhWdEtpQkVLTVFuSnIzYmM4UDV3CnpvVmNhRGl1dCtISjcySG83cG5QQTFhaS9QV1ZwM2pZUTlCSXZ3a0NnWUJRNzkzUXlmYlZxQ25uc2liVFlMZmgKWkFRVGxLbXVDUC9JWWZJNGhndFV4aTkya2NQN3B0MGFmMDRUQjRQVk1DRjJzZkNaUkVpYWZVdEh4Nmppb2I4awpuYUVyOTRRSG5LY0Y3K3BZdWFBQU9CWVFzejcvbW5MZEJMTjBiQW1uaGk3Y3lLdXhoT1VxNUpqeDlWSmNNTWVDClQ0WlNETjY4SEUvdzVlTVVrcGE0TFFLQmdGM0piUXhtUE1XYW9XdERtYytNdjBxTktlQThtTlJtMmlqWnBZL0YKek1jUnN4YTR3ckpicHNkRXBqbmlod1Jlb1JLOGdGYjJLcXRYK2RBTUNpRHpJNFYrRWN4ZVdRVDBFcnlTTFhqawpwbnJLaHdnck5jM1EyeW8zVDZsTHBsMVhvR2p0UndVM09UME9Zd2dvZ1JiQ09xc000bklGVEtrWnNTY2YzdU8yCnQwenBBb0dCQU5Fc1V4Yit6UHpKbEgwL2hOTlhteisvNGx4aXlJb1ZQQXgzaEtBemtjOGtkZzhoS25XWkZhK0YKTjZMOXZjTDhNbnRjNHpmVDdDanNxWGJ2cGUzRUFOeGk4TWRSZzd1Z093L2NiZWdLVklZY3hTdXdRKzYrNUZYOApKRzlhbGxzdXovTk40b2RpMzRvblpEVmRZcURnY2xaZnZucXZKMHZWSzc1VXhQZ3F3aUJQCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXh6aXlKNFg5ZVlodGZETXhLYk95S0g1UmdZLzl2ekZkT1BaQUNoNURiemM1bG9yClZsK2J3REt4UU1pNytMcVIxOXZhQVpNczJoM25QcnpVRzVSN3B2aCtTblVIMWw2bHVnYzBibXQ5Sk1TUHFhTHEKOFl1LzNJZGpSUDc3OUdnNUtJdHJRLy9RZW9hZGxTZFdLaUw2R2dwZENXbDErN1Z4dkIzdVNqMFlORjlwaTUxdApKS0pwUDJFM1RwdjZ2VTNEK0lFWVpKTzVoeU5QVWREYU9SMHBnNjczZ0YwTm5NaFdFVDFBbkdRanNCODBCbEVECjdrRE5PVC9tQW9GVWtLU0NWMUxhQ0pZQTlNV0hpL0VESkgrclRJMTZzMGxFMmdWN09neVVwYm1uTG9jM1ZwcjAKYWprRWpHMUlvTUZEeFFRK1NoQUI3Tjl4eHNsY3J3ZkttSkdodHdJREFRQUJBb0lCQUVuZHpXbUZmOUFEV2F1Sgp0RXl0elZSSEhURVhwb2pLb09qVVNnWlY4L1FJYXV4RkRIYThwNi9vVXpGUURXVFR3bCtFMnp0ajdvRHM3UzFIClBqVGxHU3VCVGRuMitYRVhURFYwUXE2VW9JS3pWa09SblU1ZDdSQVNJbzVLV3d6UldEODVTczg5WGdBQXhKVHQKUW9hLzZCdi9tMXJyMXpmWEdWODZNYWY5Rm1FVjI5bmpCcHZ3cUpzOFlUaFU5VE5BRUdnbkxBWGFJYTJZSUJTSgozcVhJd1RrdFBHUUZyZUowdnBiOVlaTkRxWk0rMmI1K3BBVEVXclpyeTQxTlpvdzhNUnVOYnoxVU5sWXkyazZKCjlXclUxUDVYM2l3dEZmcXA3TzREakNOMFR2Y1Y1Nm5QczJoYldDeHp4RmxFalJwNW5KQ3Bsdi9yNCt4eHJVRWQKd0NjU0x3RUNnWUVBOGVDUGM2S2JpSXVFUWxwVjcxTXRQMjdBZzhkMzN5aWZKajAvQ3R3RlF6dlhWcHZCSHFRagphUE1ZaEswZ3o0MzFHMGtqVUpTeUU2STJYVWhFU3gxZUw2TU5sVS9xc29Uc0JaZEV3N0cvMFRhdW1TQUJWemZPCkIvckdtbEZkZitxWVpiR3pIdGtvbVJWb1JqVWtPcGRJL3RnL1ZlSmJ3K1RIS2dYS01NU2V5cjhDZ1lFQXhnbTkKWXN5dVZVUGlEdDhuL1JXeEJwZ1Zqazk0M3BFOVFjK2FVK0VPcGROK2NNQjkvaGJiWUpMZEZ2WUUwd2s1cEQ1SQpibktscjZycndEVUJKNWY2TXM0L3gyS3JISjlCQ3VNT3JyTEVTVm42ZG9NdDhWdEtpQkVLTVFuSnIzYmM4UDV3CnpvVmNhRGl1dCtISjcySG83cG5QQTFhaS9QV1ZwM2pZUTlCSXZ3a0NnWUJRNzkzUXlmYlZxQ25uc2liVFlMZmgKWkFRVGxLbXVDUC9JWWZJNGhndFV4aTkya2NQN3B0MGFmMDRUQjRQVk1DRjJzZkNaUkVpYWZVdEh4Nmppb2I4awpuYUVyOTRRSG5LY0Y3K3BZdWFBQU9CWVFzejcvbW5MZEJMTjBiQW1uaGk3Y3lLdXhoT1VxNUpqeDlWSmNNTWVDClQ0WlNETjY4SEUvdzVlTVVrcGE0TFFLQmdGM0piUXhtUE1XYW9XdERtYytNdjBxTktlQThtTlJtMmlqWnBZL0YKek1jUnN4YTR3ckpicHNkRXBqbmlod1Jlb1JLOGdGYjJLcXRYK2RBTUNpRHpJNFYrRWN4ZVdRVDBFcnlTTFhqawpwbnJLaHdnck5jM1EyeW8zVDZsTHBsMVhvR2p0UndVM09UME9Zd2dvZ1JiQ09xc000bklGVEtrWnNTY2YzdU8yCnQwenBBb0dCQU5Fc1V4Yit6UHpKbEgwL2hOTlhteisvNGx4aXlJb1ZQQXgzaEtBemtjOGtkZzhoS25XWkZhK0YKTjZMOXZjTDhNbnRjNHpmVDdDanNxWGJ2cGUzRUFOeGk4TWRSZzd1Z093L2NiZWdLVklZY3hTdXdRKzYrNUZYOApKRzlhbGxzdXovTk40b2RpMzRvblpEVmRZcURnY2xaZnZucXZKMHZWSzc1VXhQZ3F3aUJQCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/virtual-server-configmap-keys/configmap-global-variables.yaml b/tests/data/virtual-server-configmap-keys/configmap-global-variables.yaml index d8485f062f..051e1f9211 100644 --- a/tests/data/virtual-server-configmap-keys/configmap-global-variables.yaml +++ b/tests/data/virtual-server-configmap-keys/configmap-global-variables.yaml @@ -5,4 +5,4 @@ metadata: namespace: nginx-ingress data: variables-hash-bucket-size: "124" - variables-hash-max-size: "0" \ No newline at end of file + variables-hash-max-size: "0" diff --git a/tests/data/virtual-server-configmap-keys/configmap-no-validation-keys-invalid.yaml b/tests/data/virtual-server-configmap-keys/configmap-no-validation-keys-invalid.yaml index 2b3df18d6e..eaf54b5615 100644 --- a/tests/data/virtual-server-configmap-keys/configmap-no-validation-keys-invalid.yaml +++ b/tests/data/virtual-server-configmap-keys/configmap-no-validation-keys-invalid.yaml @@ -16,4 +16,4 @@ data: server-snippets: "something invalid" fail-timeout: "something invalid" proxy-send-timeout: "something invalid" - upstream-zone-size: "something invalid" \ No newline at end of file + upstream-zone-size: "something invalid" diff --git a/tests/data/virtual-server-configmap-keys/configmap-no-validation-keys.yaml b/tests/data/virtual-server-configmap-keys/configmap-no-validation-keys.yaml index 8b3ff98702..95f259b54e 100644 --- a/tests/data/virtual-server-configmap-keys/configmap-no-validation-keys.yaml +++ b/tests/data/virtual-server-configmap-keys/configmap-no-validation-keys.yaml @@ -16,4 +16,4 @@ data: server-snippets: "# server-snippet is here;" fail-timeout: "20" proxy-send-timeout: "33" - upstream-zone-size: "100k" \ No newline at end of file + upstream-zone-size: "100k" diff --git a/tests/data/virtual-server-configmap-keys/configmap-ssl-keys-invalid.yaml b/tests/data/virtual-server-configmap-keys/configmap-ssl-keys-invalid.yaml index 3b26fc0663..6417d1b508 100644 --- a/tests/data/virtual-server-configmap-keys/configmap-ssl-keys-invalid.yaml +++ b/tests/data/virtual-server-configmap-keys/configmap-ssl-keys-invalid.yaml @@ -5,4 +5,4 @@ metadata: namespace: nginx-ingress data: proxy-protocol: "invalid" - http2: "invalid" \ No newline at end of file + http2: "invalid" diff --git a/tests/data/virtual-server-configmap-keys/configmap-ssl-keys.yaml b/tests/data/virtual-server-configmap-keys/configmap-ssl-keys.yaml index d16f1764ce..52941dd03a 100644 --- a/tests/data/virtual-server-configmap-keys/configmap-ssl-keys.yaml +++ b/tests/data/virtual-server-configmap-keys/configmap-ssl-keys.yaml @@ -5,4 +5,4 @@ metadata: namespace: nginx-ingress data: proxy-protocol: "true" - http2: "true" \ No newline at end of file + http2: "true" diff --git a/tests/data/virtual-server-configmap-keys/configmap-validation-keys-invalid-oss.yaml b/tests/data/virtual-server-configmap-keys/configmap-validation-keys-invalid-oss.yaml index 1dd44ff187..07bb4586bd 100644 --- a/tests/data/virtual-server-configmap-keys/configmap-validation-keys-invalid-oss.yaml +++ b/tests/data/virtual-server-configmap-keys/configmap-validation-keys-invalid-oss.yaml @@ -10,4 +10,4 @@ data: lb-method: "least_time header inflight" # plus only max-fails: "invalid" keepalive: "invalid" - proxy-protocol: "invalid proxy" \ No newline at end of file + proxy-protocol: "invalid proxy" diff --git a/tests/data/virtual-server-configmap-keys/configmap-validation-keys-invalid.yaml b/tests/data/virtual-server-configmap-keys/configmap-validation-keys-invalid.yaml index 7ae39d5512..5b4554d4d5 100644 --- a/tests/data/virtual-server-configmap-keys/configmap-validation-keys-invalid.yaml +++ b/tests/data/virtual-server-configmap-keys/configmap-validation-keys-invalid.yaml @@ -12,4 +12,4 @@ data: keepalive: "invalid" proxy-protocol: "invalid proxy" variables-hash-bucket-size: "0" - variables-hash-max-size: "-1024" \ No newline at end of file + variables-hash-max-size: "-1024" diff --git a/tests/data/virtual-server-configmap-keys/configmap-validation-keys-oss.yaml b/tests/data/virtual-server-configmap-keys/configmap-validation-keys-oss.yaml index 3bd59c97bf..219f96119a 100644 --- a/tests/data/virtual-server-configmap-keys/configmap-validation-keys-oss.yaml +++ b/tests/data/virtual-server-configmap-keys/configmap-validation-keys-oss.yaml @@ -11,4 +11,4 @@ data: max-fails: "3" keepalive: "32" proxy-protocol: "true" - upstream-zone-size: "0" # special value \ No newline at end of file + upstream-zone-size: "0" # special value diff --git a/tests/data/virtual-server-configmap-keys/configmap-validation-keys.yaml b/tests/data/virtual-server-configmap-keys/configmap-validation-keys.yaml index 75f99f24c8..7ad28dd66f 100644 --- a/tests/data/virtual-server-configmap-keys/configmap-validation-keys.yaml +++ b/tests/data/virtual-server-configmap-keys/configmap-validation-keys.yaml @@ -13,4 +13,4 @@ data: proxy-protocol: "true" upstream-zone-size: "0" # special value variables-hash-bucket-size: "512" - variables-hash-max-size: "2048" \ No newline at end of file + variables-hash-max-size: "2048" diff --git a/tests/data/virtual-server-configmap-keys/standard/virtual-server.yaml b/tests/data/virtual-server-configmap-keys/standard/virtual-server.yaml index 5c06ecd7dd..898fe276e4 100644 --- a/tests/data/virtual-server-configmap-keys/standard/virtual-server.yaml +++ b/tests/data/virtual-server-configmap-keys/standard/virtual-server.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-dos/dos-logconf.yaml b/tests/data/virtual-server-dos/dos-logconf.yaml index 885a524647..688f3ea786 100644 --- a/tests/data/virtual-server-dos/dos-logconf.yaml +++ b/tests/data/virtual-server-dos/dos-logconf.yaml @@ -3,9 +3,6 @@ kind: APDosLogConf metadata: name: doslogconf spec: - content: - format: splunk - max_message_size: 64k filter: traffic-mitigation-stats: all bad-actors: top 10 diff --git a/tests/data/virtual-server-dynamic-configuration/standard/virtual-server.yaml b/tests/data/virtual-server-dynamic-configuration/standard/virtual-server.yaml index e471a6ccd5..04b5ed101c 100644 --- a/tests/data/virtual-server-dynamic-configuration/standard/virtual-server.yaml +++ b/tests/data/virtual-server-dynamic-configuration/standard/virtual-server.yaml @@ -22,4 +22,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-error-pages/standard/virtual-server.yaml b/tests/data/virtual-server-error-pages/standard/virtual-server.yaml index dc622fc951..c26865444a 100644 --- a/tests/data/virtual-server-error-pages/standard/virtual-server.yaml +++ b/tests/data/virtual-server-error-pages/standard/virtual-server.yaml @@ -32,4 +32,4 @@ spec: - name: x-debug-original-status value: ${upstream_status} action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-error-pages/virtual-server-invalid-openapi.yaml b/tests/data/virtual-server-error-pages/virtual-server-invalid-openapi.yaml index bd070eefb7..2c5967dde9 100644 --- a/tests/data/virtual-server-error-pages/virtual-server-invalid-openapi.yaml +++ b/tests/data/virtual-server-error-pages/virtual-server-invalid-openapi.yaml @@ -31,4 +31,4 @@ spec: - name: True value: False action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-error-pages/virtual-server-invalid.yaml b/tests/data/virtual-server-error-pages/virtual-server-invalid.yaml index 177615f52e..429c585323 100644 --- a/tests/data/virtual-server-error-pages/virtual-server-invalid.yaml +++ b/tests/data/virtual-server-error-pages/virtual-server-invalid.yaml @@ -32,4 +32,4 @@ spec: - name: x-debug-original-status value: ${schema} action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-error-pages/virtual-server-matches.yaml b/tests/data/virtual-server-error-pages/virtual-server-matches.yaml index f9bac75974..c502f43aa2 100644 --- a/tests/data/virtual-server-error-pages/virtual-server-matches.yaml +++ b/tests/data/virtual-server-error-pages/virtual-server-matches.yaml @@ -49,4 +49,4 @@ spec: - name: x-debug-original-status value: ${upstream_status} action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-error-pages/virtual-server-splits.yaml b/tests/data/virtual-server-error-pages/virtual-server-splits.yaml index 2c1c5bf7d8..1de15531c5 100644 --- a/tests/data/virtual-server-error-pages/virtual-server-splits.yaml +++ b/tests/data/virtual-server-error-pages/virtual-server-splits.yaml @@ -40,4 +40,4 @@ spec: - name: x-debug-original-status value: ${upstream_status} action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-error-pages/virtual-server-updated.yaml b/tests/data/virtual-server-error-pages/virtual-server-updated.yaml index 804f572a8d..0617d85ce7 100644 --- a/tests/data/virtual-server-error-pages/virtual-server-updated.yaml +++ b/tests/data/virtual-server-error-pages/virtual-server-updated.yaml @@ -26,4 +26,4 @@ spec: body: | Hello World! action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-externalname/externalname-svc.yaml b/tests/data/virtual-server-externalname/externalname-svc.yaml index 5901eaeba7..2c63c23d36 100644 --- a/tests/data/virtual-server-externalname/externalname-svc.yaml +++ b/tests/data/virtual-server-externalname/externalname-svc.yaml @@ -4,4 +4,4 @@ metadata: name: externalname-service spec: type: ExternalName - externalName: external-backend-svc.external-ns.svc.cluster.local \ No newline at end of file + externalName: external-backend-svc.external-ns.svc.cluster.local diff --git a/tests/data/virtual-server-externalname/nginx-config.yaml b/tests/data/virtual-server-externalname/nginx-config.yaml index 5a68ee3f55..81959c03c2 100644 --- a/tests/data/virtual-server-externalname/nginx-config.yaml +++ b/tests/data/virtual-server-externalname/nginx-config.yaml @@ -3,4 +3,4 @@ apiVersion: v1 metadata: name: nginx-config data: - resolver-addresses: "kube-dns.kube-system.svc.cluster.local" \ No newline at end of file + resolver-addresses: "kube-dns.kube-system.svc.cluster.local" diff --git a/tests/data/virtual-server-externalname/standard/virtual-server.yaml b/tests/data/virtual-server-externalname/standard/virtual-server.yaml index 7c6f2c8d3d..0982bb2100 100644 --- a/tests/data/virtual-server-externalname/standard/virtual-server.yaml +++ b/tests/data/virtual-server-externalname/standard/virtual-server.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-focused-canary/standard/virtual-server.yaml b/tests/data/virtual-server-focused-canary/standard/virtual-server.yaml index 6be261272a..9d08652385 100644 --- a/tests/data/virtual-server-focused-canary/standard/virtual-server.yaml +++ b/tests/data/virtual-server-focused-canary/standard/virtual-server.yaml @@ -28,4 +28,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-grpc-mixed/nginx-config.yaml b/tests/data/virtual-server-grpc-mixed/nginx-config.yaml index 746232549d..424a63e01f 100644 --- a/tests/data/virtual-server-grpc-mixed/nginx-config.yaml +++ b/tests/data/virtual-server-grpc-mixed/nginx-config.yaml @@ -4,4 +4,4 @@ metadata: name: nginx-config namespace: nginx-ingress data: - http2: "true" \ No newline at end of file + http2: "true" diff --git a/tests/data/virtual-server-grpc-mixed/tls-secret.yaml b/tests/data/virtual-server-grpc-mixed/tls-secret.yaml index 58492c3ad7..072d5d146d 100644 --- a/tests/data/virtual-server-grpc-mixed/tls-secret.yaml +++ b/tests/data/virtual-server-grpc-mixed/tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURwRENDQW93Q0NRRDhoTVNKOXdGN0JUQU5CZ2txaGtpRzl3MEJBUXNGQURDQmt6RUxNQWtHQTFVRUJoTUMKU1VVeERUQUxCZ05WQkFnTUJFTnZjbXN4RFRBTEJnTlZCQWNNQkVOdmNtc3hEakFNQmdOVkJBb01CVTVIU1U1WQpNUXd3Q2dZRFZRUUxEQU5MU1VNeEl6QWhCZ05WQkFNTUduWnBjblIxWVd3dGMyVnlkbVZ5TG1WNFlXMXdiR1V1ClkyOXRNU013SVFZSktvWklodmNOQVFrQkZoUnJkV0psY201bGRHVnpRRzVuYVc1NExtTnZiVEFlRncweU1URXcKTWpZeE5EVXhNRGxhRncweU1URXhNalV4TkRVeE1EbGFNSUdUTVFzd0NRWURWUVFHRXdKSlJURU5NQXNHQTFVRQpDQXdFUTI5eWF6RU5NQXNHQTFVRUJ3d0VRMjl5YXpFT01Bd0dBMVVFQ2d3RlRrZEpUbGd4RERBS0JnTlZCQXNNCkEwdEpRekVqTUNFR0ExVUVBd3dhZG1seWRIVmhiQzF6WlhKMlpYSXVaWGhoYlhCc1pTNWpiMjB4SXpBaEJna3EKaGtpRzl3MEJDUUVXRkd0MVltVnlibVYwWlhOQWJtZHBibmd1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRgpBQU9DQVE4QU1JSUJDZ0tDQVFFQXZFTW9zQW40aHJ4bEpiVUtGUXBpUG1PbUlnbVZpd0lxUlh1a2FYUzFoWHVMClpXalZIb0phZ3k2Qlp0TmtZTXVxT1hkSGJHVjVrSnBOMmVxWVl0SnJQSXBNT0JEWEwveEYzTXhMMnB2eFZOVFAKZzZNUXdESDdaZGI2TUlGMlB2T2dRaU1TUlhxb3pEVmkvTW5XWTYwR2pUK01sUXNPeGVMRWRuWUN2RTQ2VEphcQpDSVM0eXRDZ0tCMzU5MnhLU1hoZHc0cGdsWHpoMmlqYnhYaEZkUGN0elZUTlRFbHJuVUI3MGt6S3RtcDFzM2l1CnpXMXlRN2I3OFZ6YVhqMnZ6T2Y3THhyUXNGSEtFL0VlNDRkYkc3dEJkUUpPcCtrS21IcVRvYXYrdHMwU0h4ZTYKRk0wbW5YQTBJbW9FdWVyWitncFFsTUFYSGtma0hRckRlNVMrMkpwZVpRSURBUUFCTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQmFQWVkwYlprT3ZhL1BBVHpSaHBRUkRKV0ljQlFra0F3UXgyWkh4ek9lcU9pVWxucDdxRFR3Cm9ybUdYaEt1ZFhWUGZJSjVGcXVSZS83UEtGVXFDQUJNTFNUb294c2U4dGVIclJMY0paZUNMekJVNUovaDI2eDYKQjlFb0NQcU54L1Vya1VRVDRYVW9ET0tFK01pVEw4bktmVVowbkN4KzJFRkxKbjk0SkdlODN4N3lHL0dTTFhzcgpXMnRBaDR0NzFLUzgwQjhEb29Pa1lmREQxcm9JdklrQmRDM2EzRzZwWUNEamJIT2FPcXQ4cWhZZUFlMjdvQ0J6CmQzd1k3RW9yL3d6UHM0YldPMWE0QXl4LzBsZnphVUp3ak9pT3dGNXlBbC9uOGxCQVJENElneFBCRnpsNXUyelAKdDA1ZEpSQUdsK1ljZkNoQ0QxT3ppT3FYKytJS3crMGUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRQzhReWl3Q2ZpR3ZHVWwKdFFvVkNtSStZNllpQ1pXTEFpcEZlNlJwZExXRmU0dGxhTlVlZ2xxRExvRm0wMlJneTZvNWQwZHNaWG1RbWszWgo2cGhpMG1zOGlrdzRFTmN2L0VYY3pFdmFtL0ZVMU0rRG94REFNZnRsMXZvd2dYWSs4NkJDSXhKRmVxak1OV0w4CnlkWmpyUWFOUDR5VkN3N0Y0c1IyZGdLOFRqcE1scW9JaExqSzBLQW9IZm4zYkVwSmVGM0RpbUNWZk9IYUtOdkYKZUVWMDl5M05WTTFNU1d1ZFFIdlNUTXEyYW5XemVLN05iWEpEdHZ2eFhOcGVQYS9NNS9zdkd0Q3dVY29UOFI3agpoMXNidTBGMUFrNm42UXFZZXBPaHEvNjJ6UklmRjdvVXpTYWRjRFFpYWdTNTZ0bjZDbENVd0JjZVIrUWRDc043CmxMN1ltbDVsQWdNQkFBRUNnZ0VCQUs5RnUyREJ0NjhCUVE0dEVianJGUEpPNWdJMGVCU1dMSExLSFJUTlFwNkcKbWc0TTNyWHIySWJmU2p4SVBPRGRYSnJwMFFZN0owV1lVemk1NzZ1NWlYc3dxcXRjQ211emEvdVgvRnNINmxQMwpXVWVPRG05UldXUEVGT1FKOCtQQ0FBYnpEZlMvc04yR0txVjg2R3VlVUVZNnp4Q0gzZllnSEpiSllkeWMzQ3dtClZFbFBwSmFDUlBxMkJ1ZVEwc3U2UHVGcUtNdTlBYnY2SDNzSUNZdU9SekhGRXFHN1dBOWNlUkNBUVBpb0VOUmQKWXR6dS91dlZDK3dHSks2WDl5QjVmMGoyN0xIdEdoWVVWZlhmcHdOSFhaR3UrOWw2TUlqRlc3dVdmOW1QMWU4agp5c2FRV2dpM21jMUpsclkxRjFxSHFVajlxd1FpZW9rZnN0cno2OUlTTXpVQ2dZRUEzMzFKZklQYjU0SFF0TTA3Ckp4dkgwZ1Fsd0Y0YWZkL3p1M3NsTEUzNUhIWmFiK2tXcVp3YzhJcy9qcXFxVFNrVmlMMkJmNCtuSkgwM21abjAKd0Qxb29ReU5pcnZ4aUtiWHZYZGRNeGh1TzNRZEE2TGd2c3luaTZKM3U4Y3JPOGpWL1RZWVBWR2kybGxwWjIxOQowTUc3VmhFSkVZZG45ZUxnUWtZS0hvck1YRU1DZ1lFQTE2WUZhdk1LOFoxVTJGSnF5d1pVWnR4Tkc2M2IzY2xsClBZbXZqRUFMc0NBY0hoQVJ0WkhWVnJ3ck9TNDlNU3RYYUg3U25vbmV3dSs4MkRDMkhnQXpFQmlNWnVoOWp1Y3IKeEJJWThSM2xVS1lZTFJjQnJ3SDBFT1JZdUYxaFVXdjZvU3cyajArVWJnaTJXY3B1ZzhZQVJzOTF2S1BGSy81ZQpPckdUVHRwZ2hEY0NnWUVBbU1VcythZXRKN2l1Y1JrbGlWdE5JWHZpVG5oRlJheFVFT0ZpRE1JVU9tZVE5SlR4Ci8ra09RMFA4bzBwNGRaeFM4eEVQdDZIOEVFNWtObVJ1VVFicFFjV3g3NWIveVhpN1d2R0FUUkF6TWdMeVhtejEKa3BlVkpEZGYvNFZyUVVmTk4zVEY1d3lwOVBaUHZmcXptWU1FeXhXRURHNXlHendHTG1kd1BXYUZ3YjhDZ1lCdgpQcVhzMWhQL01EcGtuWitadkZvdDlkZVJQODc4U3JoL1ZsZkk4Z0VWaW5yMnh6TmJoeStXM3RzdFZEMGM4RTdYCkNSVjkwNEdtN2lWdElUUFJwaWl4VlBpWTNiWm4wYmt5SEdQaGZwcWRVQkdJc1NXZE1sVEZvZ1ppbFVsdXgxVXoKYjZ0MW9vZmZlMzhXTXVkdjh1U1JvdFFKekRJYXo4MnNXWTYwVHRNYllRS0JnUUN0UHpZYTRMWElkL1FEald0WAppTTRYL2hhTGlacUsxLzVYanZ0dlNEN2VwTG50L1dYaTFlTnliNjloN1E5TnJCc21iaGVzK1pmZlcxb1RFTmdzCklEZjNWdVFiZEVETFI5cEpXM085N3ludStuY3d6WGNzZklOc1R3dzlCR0RsZERUa2Rmd1dkbEZvRXhUYXV2YU4KYTV1QTZwOHZlYUlRZ1E5UWNwQzFQMkdXVnc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRQzhReWl3Q2ZpR3ZHVWwKdFFvVkNtSStZNllpQ1pXTEFpcEZlNlJwZExXRmU0dGxhTlVlZ2xxRExvRm0wMlJneTZvNWQwZHNaWG1RbWszWgo2cGhpMG1zOGlrdzRFTmN2L0VYY3pFdmFtL0ZVMU0rRG94REFNZnRsMXZvd2dYWSs4NkJDSXhKRmVxak1OV0w4CnlkWmpyUWFOUDR5VkN3N0Y0c1IyZGdLOFRqcE1scW9JaExqSzBLQW9IZm4zYkVwSmVGM0RpbUNWZk9IYUtOdkYKZUVWMDl5M05WTTFNU1d1ZFFIdlNUTXEyYW5XemVLN05iWEpEdHZ2eFhOcGVQYS9NNS9zdkd0Q3dVY29UOFI3agpoMXNidTBGMUFrNm42UXFZZXBPaHEvNjJ6UklmRjdvVXpTYWRjRFFpYWdTNTZ0bjZDbENVd0JjZVIrUWRDc043CmxMN1ltbDVsQWdNQkFBRUNnZ0VCQUs5RnUyREJ0NjhCUVE0dEVianJGUEpPNWdJMGVCU1dMSExLSFJUTlFwNkcKbWc0TTNyWHIySWJmU2p4SVBPRGRYSnJwMFFZN0owV1lVemk1NzZ1NWlYc3dxcXRjQ211emEvdVgvRnNINmxQMwpXVWVPRG05UldXUEVGT1FKOCtQQ0FBYnpEZlMvc04yR0txVjg2R3VlVUVZNnp4Q0gzZllnSEpiSllkeWMzQ3dtClZFbFBwSmFDUlBxMkJ1ZVEwc3U2UHVGcUtNdTlBYnY2SDNzSUNZdU9SekhGRXFHN1dBOWNlUkNBUVBpb0VOUmQKWXR6dS91dlZDK3dHSks2WDl5QjVmMGoyN0xIdEdoWVVWZlhmcHdOSFhaR3UrOWw2TUlqRlc3dVdmOW1QMWU4agp5c2FRV2dpM21jMUpsclkxRjFxSHFVajlxd1FpZW9rZnN0cno2OUlTTXpVQ2dZRUEzMzFKZklQYjU0SFF0TTA3Ckp4dkgwZ1Fsd0Y0YWZkL3p1M3NsTEUzNUhIWmFiK2tXcVp3YzhJcy9qcXFxVFNrVmlMMkJmNCtuSkgwM21abjAKd0Qxb29ReU5pcnZ4aUtiWHZYZGRNeGh1TzNRZEE2TGd2c3luaTZKM3U4Y3JPOGpWL1RZWVBWR2kybGxwWjIxOQowTUc3VmhFSkVZZG45ZUxnUWtZS0hvck1YRU1DZ1lFQTE2WUZhdk1LOFoxVTJGSnF5d1pVWnR4Tkc2M2IzY2xsClBZbXZqRUFMc0NBY0hoQVJ0WkhWVnJ3ck9TNDlNU3RYYUg3U25vbmV3dSs4MkRDMkhnQXpFQmlNWnVoOWp1Y3IKeEJJWThSM2xVS1lZTFJjQnJ3SDBFT1JZdUYxaFVXdjZvU3cyajArVWJnaTJXY3B1ZzhZQVJzOTF2S1BGSy81ZQpPckdUVHRwZ2hEY0NnWUVBbU1VcythZXRKN2l1Y1JrbGlWdE5JWHZpVG5oRlJheFVFT0ZpRE1JVU9tZVE5SlR4Ci8ra09RMFA4bzBwNGRaeFM4eEVQdDZIOEVFNWtObVJ1VVFicFFjV3g3NWIveVhpN1d2R0FUUkF6TWdMeVhtejEKa3BlVkpEZGYvNFZyUVVmTk4zVEY1d3lwOVBaUHZmcXptWU1FeXhXRURHNXlHendHTG1kd1BXYUZ3YjhDZ1lCdgpQcVhzMWhQL01EcGtuWitadkZvdDlkZVJQODc4U3JoL1ZsZkk4Z0VWaW5yMnh6TmJoeStXM3RzdFZEMGM4RTdYCkNSVjkwNEdtN2lWdElUUFJwaWl4VlBpWTNiWm4wYmt5SEdQaGZwcWRVQkdJc1NXZE1sVEZvZ1ppbFVsdXgxVXoKYjZ0MW9vZmZlMzhXTXVkdjh1U1JvdFFKekRJYXo4MnNXWTYwVHRNYllRS0JnUUN0UHpZYTRMWElkL1FEald0WAppTTRYL2hhTGlacUsxLzVYanZ0dlNEN2VwTG50L1dYaTFlTnliNjloN1E5TnJCc21iaGVzK1pmZlcxb1RFTmdzCklEZjNWdVFiZEVETFI5cEpXM085N3ludStuY3d6WGNzZklOc1R3dzlCR0RsZERUa2Rmd1dkbEZvRXhUYXV2YU4KYTV1QTZwOHZlYUlRZ1E5UWNwQzFQMkdXVnc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/virtual-server-grpc/tls-secret.yaml b/tests/data/virtual-server-grpc/tls-secret.yaml index 0c9ecd6f75..762f03e7b8 100644 --- a/tests/data/virtual-server-grpc/tls-secret.yaml +++ b/tests/data/virtual-server-grpc/tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURzakNDQXBvQ0NRREdqUVE5L3hnejZqQU5CZ2txaGtpRzl3MEJBUXNGQURDQm1qRUxNQWtHQTFVRUJoTUMKU1VVeERUQUxCZ05WQkFnTUJFTnZjbXN4RFRBTEJnTlZCQWNNQkVOdmNtc3hFekFSQmdOVkJBb01DazVIU1U1WQpMQ0JKYm1NeERqQU1CZ05WQkFzTUJVNUhTVTVZTVNNd0lRWURWUVFEREJwMmFYSjBkV0ZzTFhObGNuWmxjaTVsCmVHRnRjR3hsTG1OdmJURWpNQ0VHQ1NxR1NJYjNEUUVKQVJZVWEzVmlaWEp1WlhSbGMwQnVaMmx1ZUM1amIyMHcKSGhjTk1qRXhNVEkxTVRrek5qUXdXaGNOTWpNeE1ESTJNVGt6TmpRd1dqQ0JtakVMTUFrR0ExVUVCaE1DU1VVeApEVEFMQmdOVkJBZ01CRU52Y21zeERUQUxCZ05WQkFjTUJFTnZjbXN4RXpBUkJnTlZCQW9NQ2s1SFNVNVlMQ0JKCmJtTXhEakFNQmdOVkJBc01CVTVIU1U1WU1TTXdJUVlEVlFRRERCcDJhWEowZFdGc0xYTmxjblpsY2k1bGVHRnQKY0d4bExtTnZiVEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVhM1ZpWlhKdVpYUmxjMEJ1WjJsdWVDNWpiMjB3Z2dFaQpNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNoYnlha0tlbzZzR2Q0eFBva3dQaHpjMGcvCnNiNXZpZnNnbHJvc2IyUjhjaGJtQlJRV1lGZlNzbldidWtkejB2RFVaWHhlY1hOZUdKVFc0WWdOOUZUSERnQXcKNjhxNWFBS3RiY1d2ejlDVEd0RkthdW5GcE1GU21pcWU5VHFQM1JaVkJGa1gwWFkzYTFWbmlQNDFxV2wxdnVKQgpMM2JwKzlzNVVadnMraER4UFFuMG5xSFJCQ0t2VDNUZWpHbnJPelprQ2ljUGhSS0hhNnExNlhiNGhGd2E4RXB2CmhYMFZkWVNDNFMzL2xSNThkNFJxL0lJSmUyZlhpZTJwcFF5UUpsNTJ6SGZvUnVFK3VvM3NsMmREdDF6dC96Yk0Ka2M3bmZiYzJqZFVoT0FONGhOOEowS0NvWEI4U3FwcjcxNXlKdklJc3ZSRC9RRFNyd1BQeXh2N1VnMTZoQWdNQgpBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUY3SFg5OUY5Q2FsMEplZzJScktSS3lxTXBrWGNKWjhEd2RJCkdmMm9UL2I5OGdmRWxhbFgxMHBQc2lHQ2NVOFJjRW9wdzJ6bHdUNXNSTDVXWVVyN3FnS1RKOXR0cm9rRUhPL0IKYUdORWsveFpNZ1JkOFpVL1NTOGdsQ0tjUGdOekI4TmVhQmV2U3lhT0NJYndjMWZSalF0YlVjYkp3N3JWUlp6cApaU1JJZWVPVVV2ZVg1RDZaNGQyN2RGd1pKU1B3TkV3eVlnZERKQWxhelMwMnJOZDZRUktwTFViNUJSUlB4aVYvCmtvNGUxK1h0V3FvVFpWMi9IbDZRWnB6MzdyMjZXQ0dxbUpHYnJzM0JmRkwxUFkvTEFqY1NZOVRrNU9kdU80SXcKM09PN3p5UTV3eDhuc3V4SHlQOUJUMFh3aU5hMzU1RXpwd3V6N1hyTzI0ZElNYjVsZWRnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ2hieWFrS2VvNnNHZDQKeFBva3dQaHpjMGcvc2I1dmlmc2dscm9zYjJSOGNoYm1CUlFXWUZmU3NuV2J1a2R6MHZEVVpYeGVjWE5lR0pUVwo0WWdOOUZUSERnQXc2OHE1YUFLdGJjV3Z6OUNUR3RGS2F1bkZwTUZTbWlxZTlUcVAzUlpWQkZrWDBYWTNhMVZuCmlQNDFxV2wxdnVKQkwzYnArOXM1VVp2cytoRHhQUW4wbnFIUkJDS3ZUM1Rlakduck96WmtDaWNQaFJLSGE2cTEKNlhiNGhGd2E4RXB2aFgwVmRZU0M0UzMvbFI1OGQ0UnEvSUlKZTJmWGllMnBwUXlRSmw1MnpIZm9SdUUrdW8zcwpsMmREdDF6dC96Yk1rYzduZmJjMmpkVWhPQU40aE44SjBLQ29YQjhTcXByNzE1eUp2SUlzdlJEL1FEU3J3UFB5Cnh2N1VnMTZoQWdNQkFBRUNnZ0VBWm5KWlBWajBNaVo4bzZHdGRPR1pTZnJnNExyMXRXY0ZIVnRKN3FVS1NnZEYKRE5nd05Uc1N3TDFMOFhXM25vTkJIaWtCVWhZQk5yZTJ6TjczTHBQZHNTenJaaUJjMkdodk9vd3RKak5sazlVeQorRno4MmRhQ2NOOHhLUXRMREwwclRPeWpkWUFSMjMyY0IwWml2TDgwRStyOVBveldsQXFteHF0Sm5vdmJjSnRmCmpBK3RkTTcvTTJ0ckJqRmJXKzlwTERoS3orVkw2TUc0b1BGYmtVcTJ3bVFYRE0vQ1hKZnE5WXVMTmhVODFsbEwKYzZwN0trckNwU3M1QWRHWitwU1IxNWlSRWUwblRMT1JkVWFFdWRkVm0xQllmZWVhcVVia0VPUk1WTm5oSG1ORwpTV25KdEhDanNpUitDWmdBYktOT3ZkQ3IrekN5ZHdZUyt4RWxpSXE1T1FLQmdRRFVtM0p2WHhEbDloY2g5TUg1CkY4Y2lVS2NuVnJHZ1lHRXU5ZTlaOG5JeFVEUWlkQVlJSkI3WEZSL1RlY3RubzFjQjd3cVlWcHpvenNZaC9RNkcKYTVMeXA3cnc1NkFwek1qV0IxOGtzbTJHUmloK1VleEtiMVVNYWlpeEFrRjZ4cWVjSTFxUVN1T0hQTFlrRjNUWgpOcCtvRkhYUHBFMlE0cVNtVVl0ZHJOdWpZd0tCZ1FEQ1lmUjFGNHpjbkpnTWZJVGpaOVEzd1JmaW9YalVFak9ICjZLT2d2bUppRDFsdG5rT3JSNTlKMXIvdTU3cU4zbGlNakdGT2pod25qaUIrWk5BcDZRenN0bkhVV09yUHduQXYKUjJXNUoyRW9oSGgxaTJhWUg4SkNTRVpocmZBSXZIbEIvQ29XaUFiZzkvR0lpNG9oNFB0NEljOTJLemNaK0RVeQpBbzltV1Uxdkt3S0JnUUNnKy9OeWtURmlieXlrOFlmTzdVcERtWDU0TXhUY3N4M2pTU1dybmdFSmhnbHo3UmFFCkk1V1dsdEE2ZVFhanV2S3U3Q25Cb0JPLzFKSUNPbk05SlVkbnBjblBrQk9la3dtZnhvVXNiRTZ5VlgxajZQUmEKaUdLRnUveUR5NGw1UmVLMFA3RGJnVmszbGFqMU95Mm5LODFJbi9WMC9Kd2ZFUDVMVVlPTnNzMjhzUUtCZ1FDRQp3NWJPS3VtZy9LdTFTNDhRS3loOWREczJKWWQ3Z1hzRXh0YUx3YjA4c0xNcDljRE9TYnI0R2Q4NTg3Z3RrY0gxCkxTU0JIUHNKNFQ4OFZPc0ExUlpvenl2c0YxYzUwOW4vME1vZnJrL2o5cWEzMGlDZW9vSng5eDlyTS93UVczcU8Kb1FhMklPNWgxYmQ0eGFYeEFkTi85OGZWTkNzTVo4VWRoVFlnZDdvMXhRS0JnQ1Fjdmw1Yy9ZY3NHRUd1YU02Mwp1NzNaNm9ha05mNkpEZ2lzdjZ2c3dHMHdLbFRQNGgwKzNTSmdmL2dnTGVMNVBxdm5pemxZbEJSQUd3KzQwYVFGCmZnZnZBOWVlaVFZdVdiRDV0RlpUTDZKcFBnd01PSlVQUFBIU0JianJSTGpoMzk5dlBBdlhqekNPT25ad01LcXcKTDBIZWF1M1J6a0ZkRDllNTk3c3U3MG90Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ2hieWFrS2VvNnNHZDQKeFBva3dQaHpjMGcvc2I1dmlmc2dscm9zYjJSOGNoYm1CUlFXWUZmU3NuV2J1a2R6MHZEVVpYeGVjWE5lR0pUVwo0WWdOOUZUSERnQXc2OHE1YUFLdGJjV3Z6OUNUR3RGS2F1bkZwTUZTbWlxZTlUcVAzUlpWQkZrWDBYWTNhMVZuCmlQNDFxV2wxdnVKQkwzYnArOXM1VVp2cytoRHhQUW4wbnFIUkJDS3ZUM1Rlakduck96WmtDaWNQaFJLSGE2cTEKNlhiNGhGd2E4RXB2aFgwVmRZU0M0UzMvbFI1OGQ0UnEvSUlKZTJmWGllMnBwUXlRSmw1MnpIZm9SdUUrdW8zcwpsMmREdDF6dC96Yk1rYzduZmJjMmpkVWhPQU40aE44SjBLQ29YQjhTcXByNzE1eUp2SUlzdlJEL1FEU3J3UFB5Cnh2N1VnMTZoQWdNQkFBRUNnZ0VBWm5KWlBWajBNaVo4bzZHdGRPR1pTZnJnNExyMXRXY0ZIVnRKN3FVS1NnZEYKRE5nd05Uc1N3TDFMOFhXM25vTkJIaWtCVWhZQk5yZTJ6TjczTHBQZHNTenJaaUJjMkdodk9vd3RKak5sazlVeQorRno4MmRhQ2NOOHhLUXRMREwwclRPeWpkWUFSMjMyY0IwWml2TDgwRStyOVBveldsQXFteHF0Sm5vdmJjSnRmCmpBK3RkTTcvTTJ0ckJqRmJXKzlwTERoS3orVkw2TUc0b1BGYmtVcTJ3bVFYRE0vQ1hKZnE5WXVMTmhVODFsbEwKYzZwN0trckNwU3M1QWRHWitwU1IxNWlSRWUwblRMT1JkVWFFdWRkVm0xQllmZWVhcVVia0VPUk1WTm5oSG1ORwpTV25KdEhDanNpUitDWmdBYktOT3ZkQ3IrekN5ZHdZUyt4RWxpSXE1T1FLQmdRRFVtM0p2WHhEbDloY2g5TUg1CkY4Y2lVS2NuVnJHZ1lHRXU5ZTlaOG5JeFVEUWlkQVlJSkI3WEZSL1RlY3RubzFjQjd3cVlWcHpvenNZaC9RNkcKYTVMeXA3cnc1NkFwek1qV0IxOGtzbTJHUmloK1VleEtiMVVNYWlpeEFrRjZ4cWVjSTFxUVN1T0hQTFlrRjNUWgpOcCtvRkhYUHBFMlE0cVNtVVl0ZHJOdWpZd0tCZ1FEQ1lmUjFGNHpjbkpnTWZJVGpaOVEzd1JmaW9YalVFak9ICjZLT2d2bUppRDFsdG5rT3JSNTlKMXIvdTU3cU4zbGlNakdGT2pod25qaUIrWk5BcDZRenN0bkhVV09yUHduQXYKUjJXNUoyRW9oSGgxaTJhWUg4SkNTRVpocmZBSXZIbEIvQ29XaUFiZzkvR0lpNG9oNFB0NEljOTJLemNaK0RVeQpBbzltV1Uxdkt3S0JnUUNnKy9OeWtURmlieXlrOFlmTzdVcERtWDU0TXhUY3N4M2pTU1dybmdFSmhnbHo3UmFFCkk1V1dsdEE2ZVFhanV2S3U3Q25Cb0JPLzFKSUNPbk05SlVkbnBjblBrQk9la3dtZnhvVXNiRTZ5VlgxajZQUmEKaUdLRnUveUR5NGw1UmVLMFA3RGJnVmszbGFqMU95Mm5LODFJbi9WMC9Kd2ZFUDVMVVlPTnNzMjhzUUtCZ1FDRQp3NWJPS3VtZy9LdTFTNDhRS3loOWREczJKWWQ3Z1hzRXh0YUx3YjA4c0xNcDljRE9TYnI0R2Q4NTg3Z3RrY0gxCkxTU0JIUHNKNFQ4OFZPc0ExUlpvenl2c0YxYzUwOW4vME1vZnJrL2o5cWEzMGlDZW9vSng5eDlyTS93UVczcU8Kb1FhMklPNWgxYmQ0eGFYeEFkTi85OGZWTkNzTVo4VWRoVFlnZDdvMXhRS0JnQ1Fjdmw1Yy9ZY3NHRUd1YU02Mwp1NzNaNm9ha05mNkpEZ2lzdjZ2c3dHMHdLbFRQNGgwKzNTSmdmL2dnTGVMNVBxdm5pemxZbEJSQUd3KzQwYVFGCmZnZnZBOWVlaVFZdVdiRDV0RlpUTDZKcFBnd01PSlVQUFBIU0JianJSTGpoMzk5dlBBdlhqekNPT25ad01LcXcKTDBIZWF1M1J6a0ZkRDllNTk3c3U3MG90Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K diff --git a/tests/data/virtual-server-redirects/standard/virtual-server.yaml b/tests/data/virtual-server-redirects/standard/virtual-server.yaml index a3659a403a..844b3b7de8 100644 --- a/tests/data/virtual-server-redirects/standard/virtual-server.yaml +++ b/tests/data/virtual-server-redirects/standard/virtual-server.yaml @@ -13,4 +13,4 @@ spec: - path: "/default-redirect" action: redirect: - url: "${scheme}://${host}${request_uri}?arg=${http_x_forwarded_proto}" \ No newline at end of file + url: "${scheme}://${host}${request_uri}?arg=${http_x_forwarded_proto}" diff --git a/tests/data/virtual-server-redirects/virtual-server-invalid-openapi.yaml b/tests/data/virtual-server-redirects/virtual-server-invalid-openapi.yaml index c22827d901..09b7a0c5ac 100644 --- a/tests/data/virtual-server-redirects/virtual-server-invalid-openapi.yaml +++ b/tests/data/virtual-server-redirects/virtual-server-invalid-openapi.yaml @@ -14,4 +14,4 @@ spec: action: redirect: code: "code" - url: 100 \ No newline at end of file + url: 100 diff --git a/tests/data/virtual-server-redirects/virtual-server-invalid.yaml b/tests/data/virtual-server-redirects/virtual-server-invalid.yaml index 8381a44311..89f35a896b 100644 --- a/tests/data/virtual-server-redirects/virtual-server-invalid.yaml +++ b/tests/data/virtual-server-redirects/virtual-server-invalid.yaml @@ -14,4 +14,4 @@ spec: action: redirect: code: 204 - url: "${nginx_version}" \ No newline at end of file + url: "${nginx_version}" diff --git a/tests/data/virtual-server-redirects/virtual-server-updated.yaml b/tests/data/virtual-server-redirects/virtual-server-updated.yaml index be4ce18c24..8da22490f7 100644 --- a/tests/data/virtual-server-redirects/virtual-server-updated.yaml +++ b/tests/data/virtual-server-redirects/virtual-server-updated.yaml @@ -13,4 +13,4 @@ spec: action: redirect: code: 302 - url: "http://demo.nginx.com" \ No newline at end of file + url: "http://demo.nginx.com" diff --git a/tests/data/virtual-server-route-advanced-routing/standard/virtual-server.yaml b/tests/data/virtual-server-route-advanced-routing/standard/virtual-server.yaml index 2c29a011d0..b6162714c5 100644 --- a/tests/data/virtual-server-route-advanced-routing/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-advanced-routing/standard/virtual-server.yaml @@ -6,4 +6,4 @@ spec: host: virtual-server-route.example.com routes: - path: "/backends" - route: backends-namespace/backends \ No newline at end of file + route: backends-namespace/backends diff --git a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-argument.yaml b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-argument.yaml index a135022fbd..08aadffa5d 100644 --- a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-argument.yaml +++ b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-argument.yaml @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backends/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-complex.yaml b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-complex.yaml index 08dc12ddbf..154ccf9131 100644 --- a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-complex.yaml +++ b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-complex.yaml @@ -46,4 +46,4 @@ spec: pass: backend4-stable - path: "/backends/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-cookie.yaml b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-cookie.yaml index af53cb5074..cc2e327c61 100644 --- a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-cookie.yaml +++ b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-cookie.yaml @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backends/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-header.yaml b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-header.yaml index b5b6bd6bb1..73120cb58f 100644 --- a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-header.yaml +++ b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-header.yaml @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backends/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-variable.yaml b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-variable.yaml index 940f8455d4..31fb37f5ed 100644 --- a/tests/data/virtual-server-route-advanced-routing/virtual-server-route-variable.yaml +++ b/tests/data/virtual-server-route-advanced-routing/virtual-server-route-variable.yaml @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backends/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-canned-responses/route-multiple-invalid-openapi.yaml b/tests/data/virtual-server-route-canned-responses/route-multiple-invalid-openapi.yaml index d849703407..d082827d73 100644 --- a/tests/data/virtual-server-route-canned-responses/route-multiple-invalid-openapi.yaml +++ b/tests/data/virtual-server-route-canned-responses/route-multiple-invalid-openapi.yaml @@ -10,4 +10,4 @@ spec: return: code: "301" type: 100 - body: True \ No newline at end of file + body: True diff --git a/tests/data/virtual-server-route-canned-responses/route-multiple-invalid.yaml b/tests/data/virtual-server-route-canned-responses/route-multiple-invalid.yaml index 766c32794f..8880866a36 100644 --- a/tests/data/virtual-server-route-canned-responses/route-multiple-invalid.yaml +++ b/tests/data/virtual-server-route-canned-responses/route-multiple-invalid.yaml @@ -10,4 +10,4 @@ spec: return: code: 301 type: "anything will do" - body: "Variables must be inclosed in curly brackets: $request_uri" \ No newline at end of file + body: "Variables must be inclosed in curly brackets: $request_uri" diff --git a/tests/data/virtual-server-route-canned-responses/route-multiple-updated.yaml b/tests/data/virtual-server-route-canned-responses/route-multiple-updated.yaml index 39c058098f..829d9d8d38 100644 --- a/tests/data/virtual-server-route-canned-responses/route-multiple-updated.yaml +++ b/tests/data/virtual-server-route-canned-responses/route-multiple-updated.yaml @@ -16,4 +16,4 @@ spec: return: code: 201 type: "user-type" - body: "line1\\nline2" \ No newline at end of file + body: "line1\\nline2" diff --git a/tests/data/virtual-server-route-canned-responses/route-multiple.yaml b/tests/data/virtual-server-route-canned-responses/route-multiple.yaml index 3b009d7a02..f59c34e63e 100644 --- a/tests/data/virtual-server-route-canned-responses/route-multiple.yaml +++ b/tests/data/virtual-server-route-canned-responses/route-multiple.yaml @@ -41,4 +41,4 @@ spec: body: | line1 line2 - line3 \ No newline at end of file + line3 diff --git a/tests/data/virtual-server-route-canned-responses/route-single.yaml b/tests/data/virtual-server-route-canned-responses/route-single.yaml index 8ff5da5df2..3148ca6153 100644 --- a/tests/data/virtual-server-route-canned-responses/route-single.yaml +++ b/tests/data/virtual-server-route-canned-responses/route-single.yaml @@ -34,4 +34,4 @@ spec: \"args\": \"${args}\", \"time_iso8601\": \"${time_iso8601}\", \"connections_reading\": \"${connections_reading}\" - }' \ No newline at end of file + }' diff --git a/tests/data/virtual-server-route-canned-responses/standard/virtual-server.yaml b/tests/data/virtual-server-route-canned-responses/standard/virtual-server.yaml index b58e4b8402..306cd169de 100644 --- a/tests/data/virtual-server-route-canned-responses/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-canned-responses/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends" route: backends - path: "/backend2" - route: backend2 \ No newline at end of file + route: backend2 diff --git a/tests/data/virtual-server-route-dynamic-configuration/route-multiple.yaml b/tests/data/virtual-server-route-dynamic-configuration/route-multiple.yaml index b79cd66759..7acc7bbbf4 100644 --- a/tests/data/virtual-server-route-dynamic-configuration/route-multiple.yaml +++ b/tests/data/virtual-server-route-dynamic-configuration/route-multiple.yaml @@ -22,4 +22,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-dynamic-configuration/route-single.yaml b/tests/data/virtual-server-route-dynamic-configuration/route-single.yaml index 5e8e9773c2..96012275eb 100644 --- a/tests/data/virtual-server-route-dynamic-configuration/route-single.yaml +++ b/tests/data/virtual-server-route-dynamic-configuration/route-single.yaml @@ -16,4 +16,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-dynamic-configuration/standard/virtual-server.yaml b/tests/data/virtual-server-route-dynamic-configuration/standard/virtual-server.yaml index 1aa53f07df..3991285dbb 100644 --- a/tests/data/virtual-server-route-dynamic-configuration/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-dynamic-configuration/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends" route: backends-namespace/backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-error-pages/route-multiple-invalid-openapi.yaml b/tests/data/virtual-server-route-error-pages/route-multiple-invalid-openapi.yaml index d81086197d..e665b6522a 100644 --- a/tests/data/virtual-server-route-error-pages/route-multiple-invalid-openapi.yaml +++ b/tests/data/virtual-server-route-error-pages/route-multiple-invalid-openapi.yaml @@ -31,4 +31,4 @@ spec: - name: True value: False action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-error-pages/route-multiple-invalid.yaml b/tests/data/virtual-server-route-error-pages/route-multiple-invalid.yaml index 9866aae68f..a6f661ce2d 100644 --- a/tests/data/virtual-server-route-error-pages/route-multiple-invalid.yaml +++ b/tests/data/virtual-server-route-error-pages/route-multiple-invalid.yaml @@ -32,4 +32,4 @@ spec: - name: x-debug-original-status value: ${schema} action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-error-pages/route-multiple-matches.yaml b/tests/data/virtual-server-route-error-pages/route-multiple-matches.yaml index b659f5887d..e42272f842 100644 --- a/tests/data/virtual-server-route-error-pages/route-multiple-matches.yaml +++ b/tests/data/virtual-server-route-error-pages/route-multiple-matches.yaml @@ -49,4 +49,4 @@ spec: - name: x-debug-original-status value: ${upstream_status} action: - pass: backend3-deprecated \ No newline at end of file + pass: backend3-deprecated diff --git a/tests/data/virtual-server-route-error-pages/route-multiple-splits.yaml b/tests/data/virtual-server-route-error-pages/route-multiple-splits.yaml index 62e0f2a917..54bdca311e 100644 --- a/tests/data/virtual-server-route-error-pages/route-multiple-splits.yaml +++ b/tests/data/virtual-server-route-error-pages/route-multiple-splits.yaml @@ -40,4 +40,4 @@ spec: - name: x-debug-original-status value: ${upstream_status} action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-error-pages/route-multiple-updated.yaml b/tests/data/virtual-server-route-error-pages/route-multiple-updated.yaml index fec87d9072..2353f07d32 100644 --- a/tests/data/virtual-server-route-error-pages/route-multiple-updated.yaml +++ b/tests/data/virtual-server-route-error-pages/route-multiple-updated.yaml @@ -26,4 +26,4 @@ spec: body: | Hello World! action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-error-pages/route-multiple.yaml b/tests/data/virtual-server-route-error-pages/route-multiple.yaml index 4da8b4d7ed..f7bc3b79fa 100644 --- a/tests/data/virtual-server-route-error-pages/route-multiple.yaml +++ b/tests/data/virtual-server-route-error-pages/route-multiple.yaml @@ -32,4 +32,4 @@ spec: - name: x-debug-original-status value: ${upstream_status} action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-error-pages/route-single-invalid.yaml b/tests/data/virtual-server-route-error-pages/route-single-invalid.yaml index 32494ec93e..4e51bcb5d8 100644 --- a/tests/data/virtual-server-route-error-pages/route-single-invalid.yaml +++ b/tests/data/virtual-server-route-error-pages/route-single-invalid.yaml @@ -16,4 +16,4 @@ spec: code: 307 url: action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-error-pages/route-single.yaml b/tests/data/virtual-server-route-error-pages/route-single.yaml index f18b2cc1d1..40ecdc8aa6 100644 --- a/tests/data/virtual-server-route-error-pages/route-single.yaml +++ b/tests/data/virtual-server-route-error-pages/route-single.yaml @@ -16,4 +16,4 @@ spec: code: 307 url: ${scheme}://virtual-server.example.com/error.html action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-error-pages/standard/virtual-server-updated.yaml b/tests/data/virtual-server-route-error-pages/standard/virtual-server-updated.yaml index d3660bbd73..ba0c3930b0 100644 --- a/tests/data/virtual-server-route-error-pages/standard/virtual-server-updated.yaml +++ b/tests/data/virtual-server-route-error-pages/standard/virtual-server-updated.yaml @@ -13,4 +13,4 @@ spec: code: 402 body: Hello World! - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-error-pages/standard/virtual-server.yaml b/tests/data/virtual-server-route-error-pages/standard/virtual-server.yaml index 179878752a..f56b65d83d 100644 --- a/tests/data/virtual-server-route-error-pages/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-error-pages/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends" route: backends # implicit namespace - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-externalname/externalname-svc.yaml b/tests/data/virtual-server-route-externalname/externalname-svc.yaml index 5901eaeba7..2c63c23d36 100644 --- a/tests/data/virtual-server-route-externalname/externalname-svc.yaml +++ b/tests/data/virtual-server-route-externalname/externalname-svc.yaml @@ -4,4 +4,4 @@ metadata: name: externalname-service spec: type: ExternalName - externalName: external-backend-svc.external-ns.svc.cluster.local \ No newline at end of file + externalName: external-backend-svc.external-ns.svc.cluster.local diff --git a/tests/data/virtual-server-route-externalname/nginx-config.yaml b/tests/data/virtual-server-route-externalname/nginx-config.yaml index 5a68ee3f55..81959c03c2 100644 --- a/tests/data/virtual-server-route-externalname/nginx-config.yaml +++ b/tests/data/virtual-server-route-externalname/nginx-config.yaml @@ -3,4 +3,4 @@ apiVersion: v1 metadata: name: nginx-config data: - resolver-addresses: "kube-dns.kube-system.svc.cluster.local" \ No newline at end of file + resolver-addresses: "kube-dns.kube-system.svc.cluster.local" diff --git a/tests/data/virtual-server-route-externalname/route-single.yaml b/tests/data/virtual-server-route-externalname/route-single.yaml index 85fb3dfc60..78df411b57 100644 --- a/tests/data/virtual-server-route-externalname/route-single.yaml +++ b/tests/data/virtual-server-route-externalname/route-single.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/external-backend" action: - pass: ext-backend \ No newline at end of file + pass: ext-backend diff --git a/tests/data/virtual-server-route-externalname/standard/virtual-server.yaml b/tests/data/virtual-server-route-externalname/standard/virtual-server.yaml index ade7557405..ae0ca0a86b 100644 --- a/tests/data/virtual-server-route-externalname/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-externalname/standard/virtual-server.yaml @@ -6,4 +6,4 @@ spec: host: virtual-server-route.example.com routes: - path: "/external-backend" - route: route-namespace/externalname-route \ No newline at end of file + route: route-namespace/externalname-route diff --git a/tests/data/virtual-server-route-focused-canary/standard/virtual-server.yaml b/tests/data/virtual-server-route-focused-canary/standard/virtual-server.yaml index 2c29a011d0..b6162714c5 100644 --- a/tests/data/virtual-server-route-focused-canary/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-focused-canary/standard/virtual-server.yaml @@ -6,4 +6,4 @@ spec: host: virtual-server-route.example.com routes: - path: "/backends" - route: backends-namespace/backends \ No newline at end of file + route: backends-namespace/backends diff --git a/tests/data/virtual-server-route-focused-canary/virtual-server-route.yaml b/tests/data/virtual-server-route-focused-canary/virtual-server-route.yaml index 6199a8e832..e84e98cac0 100644 --- a/tests/data/virtual-server-route-focused-canary/virtual-server-route.yaml +++ b/tests/data/virtual-server-route-focused-canary/virtual-server-route.yaml @@ -25,4 +25,4 @@ spec: action: pass: backend2 action: - pass: backend1 \ No newline at end of file + pass: backend1 diff --git a/tests/data/virtual-server-route-grpc/nginx-config.yaml b/tests/data/virtual-server-route-grpc/nginx-config.yaml index 746232549d..424a63e01f 100644 --- a/tests/data/virtual-server-route-grpc/nginx-config.yaml +++ b/tests/data/virtual-server-route-grpc/nginx-config.yaml @@ -4,4 +4,4 @@ metadata: name: nginx-config namespace: nginx-ingress data: - http2: "true" \ No newline at end of file + http2: "true" diff --git a/tests/data/virtual-server-route-grpc/route-single.yaml b/tests/data/virtual-server-route-grpc/route-single.yaml index ea7c105e0a..a8008101a5 100644 --- a/tests/data/virtual-server-route-grpc/route-single.yaml +++ b/tests/data/virtual-server-route-grpc/route-single.yaml @@ -13,4 +13,3 @@ spec: - path: /helloworld.Greeter action: pass: grpc2 - diff --git a/tests/data/virtual-server-route-grpc/tls-secret.yaml b/tests/data/virtual-server-route-grpc/tls-secret.yaml index efb99f5b31..f3f78bf112 100644 --- a/tests/data/virtual-server-route-grpc/tls-secret.yaml +++ b/tests/data/virtual-server-route-grpc/tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURwRENDQW93Q0NRRDhoTVNKOXdGN0JUQU5CZ2txaGtpRzl3MEJBUXNGQURDQmt6RUxNQWtHQTFVRUJoTUMKU1VVeERUQUxCZ05WQkFnTUJFTnZjbXN4RFRBTEJnTlZCQWNNQkVOdmNtc3hEakFNQmdOVkJBb01CVTVIU1U1WQpNUXd3Q2dZRFZRUUxEQU5MU1VNeEl6QWhCZ05WQkFNTUduWnBjblIxWVd3dGMyVnlkbVZ5TG1WNFlXMXdiR1V1ClkyOXRNU013SVFZSktvWklodmNOQVFrQkZoUnJkV0psY201bGRHVnpRRzVuYVc1NExtTnZiVEFlRncweU1URXcKTWpZeE5EVXhNRGxhRncweU1URXhNalV4TkRVeE1EbGFNSUdUTVFzd0NRWURWUVFHRXdKSlJURU5NQXNHQTFVRQpDQXdFUTI5eWF6RU5NQXNHQTFVRUJ3d0VRMjl5YXpFT01Bd0dBMVVFQ2d3RlRrZEpUbGd4RERBS0JnTlZCQXNNCkEwdEpRekVqTUNFR0ExVUVBd3dhZG1seWRIVmhiQzF6WlhKMlpYSXVaWGhoYlhCc1pTNWpiMjB4SXpBaEJna3EKaGtpRzl3MEJDUUVXRkd0MVltVnlibVYwWlhOQWJtZHBibmd1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRgpBQU9DQVE4QU1JSUJDZ0tDQVFFQXZFTW9zQW40aHJ4bEpiVUtGUXBpUG1PbUlnbVZpd0lxUlh1a2FYUzFoWHVMClpXalZIb0phZ3k2Qlp0TmtZTXVxT1hkSGJHVjVrSnBOMmVxWVl0SnJQSXBNT0JEWEwveEYzTXhMMnB2eFZOVFAKZzZNUXdESDdaZGI2TUlGMlB2T2dRaU1TUlhxb3pEVmkvTW5XWTYwR2pUK01sUXNPeGVMRWRuWUN2RTQ2VEphcQpDSVM0eXRDZ0tCMzU5MnhLU1hoZHc0cGdsWHpoMmlqYnhYaEZkUGN0elZUTlRFbHJuVUI3MGt6S3RtcDFzM2l1CnpXMXlRN2I3OFZ6YVhqMnZ6T2Y3THhyUXNGSEtFL0VlNDRkYkc3dEJkUUpPcCtrS21IcVRvYXYrdHMwU0h4ZTYKRk0wbW5YQTBJbW9FdWVyWitncFFsTUFYSGtma0hRckRlNVMrMkpwZVpRSURBUUFCTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQmFQWVkwYlprT3ZhL1BBVHpSaHBRUkRKV0ljQlFra0F3UXgyWkh4ek9lcU9pVWxucDdxRFR3Cm9ybUdYaEt1ZFhWUGZJSjVGcXVSZS83UEtGVXFDQUJNTFNUb294c2U4dGVIclJMY0paZUNMekJVNUovaDI2eDYKQjlFb0NQcU54L1Vya1VRVDRYVW9ET0tFK01pVEw4bktmVVowbkN4KzJFRkxKbjk0SkdlODN4N3lHL0dTTFhzcgpXMnRBaDR0NzFLUzgwQjhEb29Pa1lmREQxcm9JdklrQmRDM2EzRzZwWUNEamJIT2FPcXQ4cWhZZUFlMjdvQ0J6CmQzd1k3RW9yL3d6UHM0YldPMWE0QXl4LzBsZnphVUp3ak9pT3dGNXlBbC9uOGxCQVJENElneFBCRnpsNXUyelAKdDA1ZEpSQUdsK1ljZkNoQ0QxT3ppT3FYKytJS3crMGUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRQzhReWl3Q2ZpR3ZHVWwKdFFvVkNtSStZNllpQ1pXTEFpcEZlNlJwZExXRmU0dGxhTlVlZ2xxRExvRm0wMlJneTZvNWQwZHNaWG1RbWszWgo2cGhpMG1zOGlrdzRFTmN2L0VYY3pFdmFtL0ZVMU0rRG94REFNZnRsMXZvd2dYWSs4NkJDSXhKRmVxak1OV0w4CnlkWmpyUWFOUDR5VkN3N0Y0c1IyZGdLOFRqcE1scW9JaExqSzBLQW9IZm4zYkVwSmVGM0RpbUNWZk9IYUtOdkYKZUVWMDl5M05WTTFNU1d1ZFFIdlNUTXEyYW5XemVLN05iWEpEdHZ2eFhOcGVQYS9NNS9zdkd0Q3dVY29UOFI3agpoMXNidTBGMUFrNm42UXFZZXBPaHEvNjJ6UklmRjdvVXpTYWRjRFFpYWdTNTZ0bjZDbENVd0JjZVIrUWRDc043CmxMN1ltbDVsQWdNQkFBRUNnZ0VCQUs5RnUyREJ0NjhCUVE0dEVianJGUEpPNWdJMGVCU1dMSExLSFJUTlFwNkcKbWc0TTNyWHIySWJmU2p4SVBPRGRYSnJwMFFZN0owV1lVemk1NzZ1NWlYc3dxcXRjQ211emEvdVgvRnNINmxQMwpXVWVPRG05UldXUEVGT1FKOCtQQ0FBYnpEZlMvc04yR0txVjg2R3VlVUVZNnp4Q0gzZllnSEpiSllkeWMzQ3dtClZFbFBwSmFDUlBxMkJ1ZVEwc3U2UHVGcUtNdTlBYnY2SDNzSUNZdU9SekhGRXFHN1dBOWNlUkNBUVBpb0VOUmQKWXR6dS91dlZDK3dHSks2WDl5QjVmMGoyN0xIdEdoWVVWZlhmcHdOSFhaR3UrOWw2TUlqRlc3dVdmOW1QMWU4agp5c2FRV2dpM21jMUpsclkxRjFxSHFVajlxd1FpZW9rZnN0cno2OUlTTXpVQ2dZRUEzMzFKZklQYjU0SFF0TTA3Ckp4dkgwZ1Fsd0Y0YWZkL3p1M3NsTEUzNUhIWmFiK2tXcVp3YzhJcy9qcXFxVFNrVmlMMkJmNCtuSkgwM21abjAKd0Qxb29ReU5pcnZ4aUtiWHZYZGRNeGh1TzNRZEE2TGd2c3luaTZKM3U4Y3JPOGpWL1RZWVBWR2kybGxwWjIxOQowTUc3VmhFSkVZZG45ZUxnUWtZS0hvck1YRU1DZ1lFQTE2WUZhdk1LOFoxVTJGSnF5d1pVWnR4Tkc2M2IzY2xsClBZbXZqRUFMc0NBY0hoQVJ0WkhWVnJ3ck9TNDlNU3RYYUg3U25vbmV3dSs4MkRDMkhnQXpFQmlNWnVoOWp1Y3IKeEJJWThSM2xVS1lZTFJjQnJ3SDBFT1JZdUYxaFVXdjZvU3cyajArVWJnaTJXY3B1ZzhZQVJzOTF2S1BGSy81ZQpPckdUVHRwZ2hEY0NnWUVBbU1VcythZXRKN2l1Y1JrbGlWdE5JWHZpVG5oRlJheFVFT0ZpRE1JVU9tZVE5SlR4Ci8ra09RMFA4bzBwNGRaeFM4eEVQdDZIOEVFNWtObVJ1VVFicFFjV3g3NWIveVhpN1d2R0FUUkF6TWdMeVhtejEKa3BlVkpEZGYvNFZyUVVmTk4zVEY1d3lwOVBaUHZmcXptWU1FeXhXRURHNXlHendHTG1kd1BXYUZ3YjhDZ1lCdgpQcVhzMWhQL01EcGtuWitadkZvdDlkZVJQODc4U3JoL1ZsZkk4Z0VWaW5yMnh6TmJoeStXM3RzdFZEMGM4RTdYCkNSVjkwNEdtN2lWdElUUFJwaWl4VlBpWTNiWm4wYmt5SEdQaGZwcWRVQkdJc1NXZE1sVEZvZ1ppbFVsdXgxVXoKYjZ0MW9vZmZlMzhXTXVkdjh1U1JvdFFKekRJYXo4MnNXWTYwVHRNYllRS0JnUUN0UHpZYTRMWElkL1FEald0WAppTTRYL2hhTGlacUsxLzVYanZ0dlNEN2VwTG50L1dYaTFlTnliNjloN1E5TnJCc21iaGVzK1pmZlcxb1RFTmdzCklEZjNWdVFiZEVETFI5cEpXM085N3ludStuY3d6WGNzZklOc1R3dzlCR0RsZERUa2Rmd1dkbEZvRXhUYXV2YU4KYTV1QTZwOHZlYUlRZ1E5UWNwQzFQMkdXVnc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRQzhReWl3Q2ZpR3ZHVWwKdFFvVkNtSStZNllpQ1pXTEFpcEZlNlJwZExXRmU0dGxhTlVlZ2xxRExvRm0wMlJneTZvNWQwZHNaWG1RbWszWgo2cGhpMG1zOGlrdzRFTmN2L0VYY3pFdmFtL0ZVMU0rRG94REFNZnRsMXZvd2dYWSs4NkJDSXhKRmVxak1OV0w4CnlkWmpyUWFOUDR5VkN3N0Y0c1IyZGdLOFRqcE1scW9JaExqSzBLQW9IZm4zYkVwSmVGM0RpbUNWZk9IYUtOdkYKZUVWMDl5M05WTTFNU1d1ZFFIdlNUTXEyYW5XemVLN05iWEpEdHZ2eFhOcGVQYS9NNS9zdkd0Q3dVY29UOFI3agpoMXNidTBGMUFrNm42UXFZZXBPaHEvNjJ6UklmRjdvVXpTYWRjRFFpYWdTNTZ0bjZDbENVd0JjZVIrUWRDc043CmxMN1ltbDVsQWdNQkFBRUNnZ0VCQUs5RnUyREJ0NjhCUVE0dEVianJGUEpPNWdJMGVCU1dMSExLSFJUTlFwNkcKbWc0TTNyWHIySWJmU2p4SVBPRGRYSnJwMFFZN0owV1lVemk1NzZ1NWlYc3dxcXRjQ211emEvdVgvRnNINmxQMwpXVWVPRG05UldXUEVGT1FKOCtQQ0FBYnpEZlMvc04yR0txVjg2R3VlVUVZNnp4Q0gzZllnSEpiSllkeWMzQ3dtClZFbFBwSmFDUlBxMkJ1ZVEwc3U2UHVGcUtNdTlBYnY2SDNzSUNZdU9SekhGRXFHN1dBOWNlUkNBUVBpb0VOUmQKWXR6dS91dlZDK3dHSks2WDl5QjVmMGoyN0xIdEdoWVVWZlhmcHdOSFhaR3UrOWw2TUlqRlc3dVdmOW1QMWU4agp5c2FRV2dpM21jMUpsclkxRjFxSHFVajlxd1FpZW9rZnN0cno2OUlTTXpVQ2dZRUEzMzFKZklQYjU0SFF0TTA3Ckp4dkgwZ1Fsd0Y0YWZkL3p1M3NsTEUzNUhIWmFiK2tXcVp3YzhJcy9qcXFxVFNrVmlMMkJmNCtuSkgwM21abjAKd0Qxb29ReU5pcnZ4aUtiWHZYZGRNeGh1TzNRZEE2TGd2c3luaTZKM3U4Y3JPOGpWL1RZWVBWR2kybGxwWjIxOQowTUc3VmhFSkVZZG45ZUxnUWtZS0hvck1YRU1DZ1lFQTE2WUZhdk1LOFoxVTJGSnF5d1pVWnR4Tkc2M2IzY2xsClBZbXZqRUFMc0NBY0hoQVJ0WkhWVnJ3ck9TNDlNU3RYYUg3U25vbmV3dSs4MkRDMkhnQXpFQmlNWnVoOWp1Y3IKeEJJWThSM2xVS1lZTFJjQnJ3SDBFT1JZdUYxaFVXdjZvU3cyajArVWJnaTJXY3B1ZzhZQVJzOTF2S1BGSy81ZQpPckdUVHRwZ2hEY0NnWUVBbU1VcythZXRKN2l1Y1JrbGlWdE5JWHZpVG5oRlJheFVFT0ZpRE1JVU9tZVE5SlR4Ci8ra09RMFA4bzBwNGRaeFM4eEVQdDZIOEVFNWtObVJ1VVFicFFjV3g3NWIveVhpN1d2R0FUUkF6TWdMeVhtejEKa3BlVkpEZGYvNFZyUVVmTk4zVEY1d3lwOVBaUHZmcXptWU1FeXhXRURHNXlHendHTG1kd1BXYUZ3YjhDZ1lCdgpQcVhzMWhQL01EcGtuWitadkZvdDlkZVJQODc4U3JoL1ZsZkk4Z0VWaW5yMnh6TmJoeStXM3RzdFZEMGM4RTdYCkNSVjkwNEdtN2lWdElUUFJwaWl4VlBpWTNiWm4wYmt5SEdQaGZwcWRVQkdJc1NXZE1sVEZvZ1ppbFVsdXgxVXoKYjZ0MW9vZmZlMzhXTXVkdjh1U1JvdFFKekRJYXo4MnNXWTYwVHRNYllRS0JnUUN0UHpZYTRMWElkL1FEald0WAppTTRYL2hhTGlacUsxLzVYanZ0dlNEN2VwTG50L1dYaTFlTnliNjloN1E5TnJCc21iaGVzK1pmZlcxb1RFTmdzCklEZjNWdVFiZEVETFI5cEpXM085N3ludStuY3d6WGNzZklOc1R3dzlCR0RsZERUa2Rmd1dkbEZvRXhUYXV2YU4KYTV1QTZwOHZlYUlRZ1E5UWNwQzFQMkdXVnc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/virtual-server-route-redirects/route-multiple-invalid-openapi.yaml b/tests/data/virtual-server-route-redirects/route-multiple-invalid-openapi.yaml index 6a83a9cee5..377b6317f5 100644 --- a/tests/data/virtual-server-route-redirects/route-multiple-invalid-openapi.yaml +++ b/tests/data/virtual-server-route-redirects/route-multiple-invalid-openapi.yaml @@ -14,4 +14,4 @@ spec: action: redirect: code: "code" - url: 100 \ No newline at end of file + url: 100 diff --git a/tests/data/virtual-server-route-redirects/route-multiple-invalid.yaml b/tests/data/virtual-server-route-redirects/route-multiple-invalid.yaml index f5f1c78cac..2fbd5b7588 100644 --- a/tests/data/virtual-server-route-redirects/route-multiple-invalid.yaml +++ b/tests/data/virtual-server-route-redirects/route-multiple-invalid.yaml @@ -14,4 +14,4 @@ spec: action: redirect: code: 204 - url: "${nginx_version}" \ No newline at end of file + url: "${nginx_version}" diff --git a/tests/data/virtual-server-route-redirects/route-multiple-updated.yaml b/tests/data/virtual-server-route-redirects/route-multiple-updated.yaml index adcdc72577..6490750ed6 100644 --- a/tests/data/virtual-server-route-redirects/route-multiple-updated.yaml +++ b/tests/data/virtual-server-route-redirects/route-multiple-updated.yaml @@ -13,4 +13,4 @@ spec: action: redirect: code: 302 - url: "http://demo.nginx.com" \ No newline at end of file + url: "http://demo.nginx.com" diff --git a/tests/data/virtual-server-route-redirects/route-multiple.yaml b/tests/data/virtual-server-route-redirects/route-multiple.yaml index 1e4298191c..6f4b83ea0f 100644 --- a/tests/data/virtual-server-route-redirects/route-multiple.yaml +++ b/tests/data/virtual-server-route-redirects/route-multiple.yaml @@ -13,4 +13,4 @@ spec: - path: "/backends/default-redirect" action: redirect: - url: "${scheme}://${host}${request_uri}?arg=${http_x_forwarded_proto}" \ No newline at end of file + url: "${scheme}://${host}${request_uri}?arg=${http_x_forwarded_proto}" diff --git a/tests/data/virtual-server-route-redirects/route-single.yaml b/tests/data/virtual-server-route-redirects/route-single.yaml index 18ea6ab775..879eef3557 100644 --- a/tests/data/virtual-server-route-redirects/route-single.yaml +++ b/tests/data/virtual-server-route-redirects/route-single.yaml @@ -9,4 +9,4 @@ spec: action: redirect: code: 307 - url: "http://example.com" \ No newline at end of file + url: "http://example.com" diff --git a/tests/data/virtual-server-route-redirects/standard/virtual-server.yaml b/tests/data/virtual-server-route-redirects/standard/virtual-server.yaml index b58e4b8402..306cd169de 100644 --- a/tests/data/virtual-server-route-redirects/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-redirects/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends" route: backends - path: "/backend2" - route: backend2 \ No newline at end of file + route: backend2 diff --git a/tests/data/virtual-server-route-regexp-location/additional-case/route-exact.yaml b/tests/data/virtual-server-route-regexp-location/additional-case/route-exact.yaml index 5735622ba4..2e0ae50136 100644 --- a/tests/data/virtual-server-route-regexp-location/additional-case/route-exact.yaml +++ b/tests/data/virtual-server-route-regexp-location/additional-case/route-exact.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "=/backends/match" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-regexp-location/additional-case/route-prefix.yaml b/tests/data/virtual-server-route-regexp-location/additional-case/route-prefix.yaml index 4eee7a753f..561352e633 100644 --- a/tests/data/virtual-server-route-regexp-location/additional-case/route-prefix.yaml +++ b/tests/data/virtual-server-route-regexp-location/additional-case/route-prefix.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/backends/match" action: - pass: backend1 \ No newline at end of file + pass: backend1 diff --git a/tests/data/virtual-server-route-regexp-location/additional-case/route-regexp.yaml b/tests/data/virtual-server-route-regexp-location/additional-case/route-regexp.yaml index 46ac6f63ea..7a24374bf1 100644 --- a/tests/data/virtual-server-route-regexp-location/additional-case/route-regexp.yaml +++ b/tests/data/virtual-server-route-regexp-location/additional-case/route-regexp.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "~ /backends/match" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-regexp-location/additional-case/virtual-server-exact-over-all.yaml b/tests/data/virtual-server-route-regexp-location/additional-case/virtual-server-exact-over-all.yaml index 330fcc0217..91b1915c70 100644 --- a/tests/data/virtual-server-route-regexp-location/additional-case/virtual-server-exact-over-all.yaml +++ b/tests/data/virtual-server-route-regexp-location/additional-case/virtual-server-exact-over-all.yaml @@ -10,4 +10,4 @@ spec: - path: "=/backends/match" route: backend2 - path: "~ /backends/match" - route: backend3 \ No newline at end of file + route: backend3 diff --git a/tests/data/virtual-server-route-regexp-location/additional-case/virtual-server-regexp-over-prefix.yaml b/tests/data/virtual-server-route-regexp-location/additional-case/virtual-server-regexp-over-prefix.yaml index bd64ec2e86..09a3a520a7 100644 --- a/tests/data/virtual-server-route-regexp-location/additional-case/virtual-server-regexp-over-prefix.yaml +++ b/tests/data/virtual-server-route-regexp-location/additional-case/virtual-server-regexp-over-prefix.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends/match" route: backend1 - path: "~ /backends/match" - route: backend3 \ No newline at end of file + route: backend3 diff --git a/tests/data/virtual-server-route-regexp-location/route-multiple-invalid-multiple-regexp-subroutes.yaml b/tests/data/virtual-server-route-regexp-location/route-multiple-invalid-multiple-regexp-subroutes.yaml index d613d03646..25de7ea2ec 100644 --- a/tests/data/virtual-server-route-regexp-location/route-multiple-invalid-multiple-regexp-subroutes.yaml +++ b/tests/data/virtual-server-route-regexp-location/route-multiple-invalid-multiple-regexp-subroutes.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "=/backends/exact-match$request" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-regexp-location/route-multiple.yaml b/tests/data/virtual-server-route-regexp-location/route-multiple.yaml index dc620fcac8..8274c16c00 100644 --- a/tests/data/virtual-server-route-regexp-location/route-multiple.yaml +++ b/tests/data/virtual-server-route-regexp-location/route-multiple.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-regexp-location/route-single-case-insensitive.yaml b/tests/data/virtual-server-route-regexp-location/route-single-case-insensitive.yaml index 539b3d908d..ac9d20e461 100644 --- a/tests/data/virtual-server-route-regexp-location/route-single-case-insensitive.yaml +++ b/tests/data/virtual-server-route-regexp-location/route-single-case-insensitive.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "~* /case-inSENsitiVe/match" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-regexp-location/route-single-case-sensitive.yaml b/tests/data/virtual-server-route-regexp-location/route-single-case-sensitive.yaml index 5d6f6d480b..6218c763ce 100644 --- a/tests/data/virtual-server-route-regexp-location/route-single-case-sensitive.yaml +++ b/tests/data/virtual-server-route-regexp-location/route-single-case-sensitive.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "~ /case-SENsitiVe/match" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-regexp-location/route-single-exact.yaml b/tests/data/virtual-server-route-regexp-location/route-single-exact.yaml index dcf2175b90..1cbbfbe629 100644 --- a/tests/data/virtual-server-route-regexp-location/route-single-exact.yaml +++ b/tests/data/virtual-server-route-regexp-location/route-single-exact.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: '=/exact-match$request' action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-regexp-location/route-single.yaml b/tests/data/virtual-server-route-regexp-location/route-single.yaml index 3c5d8aec87..19d0e4b8e3 100644 --- a/tests/data/virtual-server-route-regexp-location/route-single.yaml +++ b/tests/data/virtual-server-route-regexp-location/route-single.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-regexp-location/standard/virtual-server-case-insensitive.yaml b/tests/data/virtual-server-route-regexp-location/standard/virtual-server-case-insensitive.yaml index efaa98d55f..bf3c09beb3 100644 --- a/tests/data/virtual-server-route-regexp-location/standard/virtual-server-case-insensitive.yaml +++ b/tests/data/virtual-server-route-regexp-location/standard/virtual-server-case-insensitive.yaml @@ -8,4 +8,4 @@ spec: - path: "~* /backends/case-inSENsitiVe/match" route: backends-namespace/backends - path: "~* /case-inSENsitiVe/match" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-regexp-location/standard/virtual-server-case-sensitive.yaml b/tests/data/virtual-server-route-regexp-location/standard/virtual-server-case-sensitive.yaml index 974ba29b7a..d2c31aa7d1 100644 --- a/tests/data/virtual-server-route-regexp-location/standard/virtual-server-case-sensitive.yaml +++ b/tests/data/virtual-server-route-regexp-location/standard/virtual-server-case-sensitive.yaml @@ -8,4 +8,4 @@ spec: - path: "~ /backends/case-inSENsitiVe/match" route: backends-namespace/backend1 - path: "~ /case-SENsitiVe/match" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-regexp-location/standard/virtual-server-exact.yaml b/tests/data/virtual-server-route-regexp-location/standard/virtual-server-exact.yaml index 6bd5d1e522..7ece707b44 100644 --- a/tests/data/virtual-server-route-regexp-location/standard/virtual-server-exact.yaml +++ b/tests/data/virtual-server-route-regexp-location/standard/virtual-server-exact.yaml @@ -8,4 +8,4 @@ spec: - path: "=/backends/exact-match$request" route: backends-namespace/backends - path: '=/exact-match$request' - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-regexp-location/standard/virtual-server-invalid-duplicate-routes.yaml b/tests/data/virtual-server-route-regexp-location/standard/virtual-server-invalid-duplicate-routes.yaml index ceeb617d83..29c90110cb 100644 --- a/tests/data/virtual-server-route-regexp-location/standard/virtual-server-invalid-duplicate-routes.yaml +++ b/tests/data/virtual-server-route-regexp-location/standard/virtual-server-invalid-duplicate-routes.yaml @@ -8,4 +8,4 @@ spec: - path: "=/exact-match$request" route: backends-namespace/backends - path: "=/exact-match$request" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-regexp-location/standard/virtual-server.yaml b/tests/data/virtual-server-route-regexp-location/standard/virtual-server.yaml index 1aa53f07df..3991285dbb 100644 --- a/tests/data/virtual-server-route-regexp-location/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-regexp-location/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends" route: backends-namespace/backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-split-traffic/route-multiple.yaml b/tests/data/virtual-server-route-split-traffic/route-multiple.yaml index fda6bdcc46..f41a50217d 100644 --- a/tests/data/virtual-server-route-split-traffic/route-multiple.yaml +++ b/tests/data/virtual-server-route-split-traffic/route-multiple.yaml @@ -22,4 +22,4 @@ spec: pass: backend3 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-split-traffic/route-single.yaml b/tests/data/virtual-server-route-split-traffic/route-single.yaml index 3c5d8aec87..19d0e4b8e3 100644 --- a/tests/data/virtual-server-route-split-traffic/route-single.yaml +++ b/tests/data/virtual-server-route-split-traffic/route-single.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-split-traffic/standard/virtual-server.yaml b/tests/data/virtual-server-route-split-traffic/standard/virtual-server.yaml index 1aa53f07df..3991285dbb 100644 --- a/tests/data/virtual-server-route-split-traffic/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-split-traffic/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends" route: backends-namespace/backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-status/route-multiple-invalid-prefixed-path.yaml b/tests/data/virtual-server-route-status/route-multiple-invalid-prefixed-path.yaml index 28463fe353..fa07537cea 100644 --- a/tests/data/virtual-server-route-status/route-multiple-invalid-prefixed-path.yaml +++ b/tests/data/virtual-server-route-status/route-multiple-invalid-prefixed-path.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: /backends/backend9 action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-status/route-multiple-invalid.yaml b/tests/data/virtual-server-route-status/route-multiple-invalid.yaml index c02d0265ad..683170ab68 100644 --- a/tests/data/virtual-server-route-status/route-multiple-invalid.yaml +++ b/tests/data/virtual-server-route-status/route-multiple-invalid.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: backends/backend3 action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-status/route-multiple.yaml b/tests/data/virtual-server-route-status/route-multiple.yaml index 240c8a5c57..74c624c83a 100644 --- a/tests/data/virtual-server-route-status/route-multiple.yaml +++ b/tests/data/virtual-server-route-status/route-multiple.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: /backends/backend3 action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-status/route-single-invalid-prefixed-path.yaml b/tests/data/virtual-server-route-status/route-single-invalid-prefixed-path.yaml index d095ea70a1..d03dcd6685 100644 --- a/tests/data/virtual-server-route-status/route-single-invalid-prefixed-path.yaml +++ b/tests/data/virtual-server-route-status/route-single-invalid-prefixed-path.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: /backend6 action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-status/route-single-invalid.yaml b/tests/data/virtual-server-route-status/route-single-invalid.yaml index aef0241704..0f568847ac 100644 --- a/tests/data/virtual-server-route-status/route-single-invalid.yaml +++ b/tests/data/virtual-server-route-status/route-single-invalid.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: backend2 action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-status/route-single.yaml b/tests/data/virtual-server-route-status/route-single.yaml index fe7702fa7e..11ff390c3b 100644 --- a/tests/data/virtual-server-route-status/route-single.yaml +++ b/tests/data/virtual-server-route-status/route-single.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: /backend2 action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-status/standard/virtual-server.yaml b/tests/data/virtual-server-route-status/standard/virtual-server.yaml index b98d4cf0a2..308dc27e34 100644 --- a/tests/data/virtual-server-route-status/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-status/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: /backends route: backends-namespace/backends - path: /backend2 - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-status/virtual-server-invalid.yaml b/tests/data/virtual-server-route-status/virtual-server-invalid.yaml index bd47e5ea29..f2a75f2b90 100644 --- a/tests/data/virtual-server-route-status/virtual-server-invalid.yaml +++ b/tests/data/virtual-server-route-status/virtual-server-invalid.yaml @@ -8,4 +8,4 @@ spec: - path: /backend_x route: backends-namespace/backend_x - path: /backend_y - route: backend2-namespace/backend_y \ No newline at end of file + route: backend2-namespace/backend_y diff --git a/tests/data/virtual-server-route-upstream-options/configmap-with-keys.yaml b/tests/data/virtual-server-route-upstream-options/configmap-with-keys.yaml index e00d6029eb..05b55aac74 100644 --- a/tests/data/virtual-server-route-upstream-options/configmap-with-keys.yaml +++ b/tests/data/virtual-server-route-upstream-options/configmap-with-keys.yaml @@ -15,4 +15,4 @@ data: client-max-body-size: "3m" proxy-buffering: "false" proxy-buffer-size: "1k" - proxy-buffers: "8 1k" \ No newline at end of file + proxy-buffers: "8 1k" diff --git a/tests/data/virtual-server-route-upstream-options/plus-route-m-invalid-keys.yaml b/tests/data/virtual-server-route-upstream-options/plus-route-m-invalid-keys.yaml index c5cbde755b..91377f1a19 100644 --- a/tests/data/virtual-server-route-upstream-options/plus-route-m-invalid-keys.yaml +++ b/tests/data/virtual-server-route-upstream-options/plus-route-m-invalid-keys.yaml @@ -65,4 +65,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-upstream-options/plus-route-s-invalid-keys-openapi.yaml b/tests/data/virtual-server-route-upstream-options/plus-route-s-invalid-keys-openapi.yaml index 1859664ef1..b715810854 100644 --- a/tests/data/virtual-server-route-upstream-options/plus-route-s-invalid-keys-openapi.yaml +++ b/tests/data/virtual-server-route-upstream-options/plus-route-s-invalid-keys-openapi.yaml @@ -37,4 +37,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-upstream-options/plus-route-s-invalid-keys.yaml b/tests/data/virtual-server-route-upstream-options/plus-route-s-invalid-keys.yaml index 8ad230d414..8918407296 100644 --- a/tests/data/virtual-server-route-upstream-options/plus-route-s-invalid-keys.yaml +++ b/tests/data/virtual-server-route-upstream-options/plus-route-s-invalid-keys.yaml @@ -35,4 +35,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-upstream-options/route-multiple-invalid-keys.yaml b/tests/data/virtual-server-route-upstream-options/route-multiple-invalid-keys.yaml index cf4a75e384..a148d43fda 100644 --- a/tests/data/virtual-server-route-upstream-options/route-multiple-invalid-keys.yaml +++ b/tests/data/virtual-server-route-upstream-options/route-multiple-invalid-keys.yaml @@ -49,4 +49,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-upstream-options/route-multiple.yaml b/tests/data/virtual-server-route-upstream-options/route-multiple.yaml index dc620fcac8..8274c16c00 100644 --- a/tests/data/virtual-server-route-upstream-options/route-multiple.yaml +++ b/tests/data/virtual-server-route-upstream-options/route-multiple.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-upstream-options/route-single-invalid-keys-openapi.yaml b/tests/data/virtual-server-route-upstream-options/route-single-invalid-keys-openapi.yaml index 15ca147150..46a4f8ddea 100644 --- a/tests/data/virtual-server-route-upstream-options/route-single-invalid-keys-openapi.yaml +++ b/tests/data/virtual-server-route-upstream-options/route-single-invalid-keys-openapi.yaml @@ -29,4 +29,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-upstream-options/route-single-invalid-keys.yaml b/tests/data/virtual-server-route-upstream-options/route-single-invalid-keys.yaml index d4232edcad..c6324a997a 100644 --- a/tests/data/virtual-server-route-upstream-options/route-single-invalid-keys.yaml +++ b/tests/data/virtual-server-route-upstream-options/route-single-invalid-keys.yaml @@ -27,4 +27,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-upstream-options/route-single.yaml b/tests/data/virtual-server-route-upstream-options/route-single.yaml index 3c5d8aec87..19d0e4b8e3 100644 --- a/tests/data/virtual-server-route-upstream-options/route-single.yaml +++ b/tests/data/virtual-server-route-upstream-options/route-single.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-upstream-options/standard/virtual-server.yaml b/tests/data/virtual-server-route-upstream-options/standard/virtual-server.yaml index 1aa53f07df..3991285dbb 100644 --- a/tests/data/virtual-server-route-upstream-options/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-upstream-options/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends" route: backends-namespace/backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route-upstream-tls/route-multiple.yaml b/tests/data/virtual-server-route-upstream-tls/route-multiple.yaml index dc620fcac8..8274c16c00 100644 --- a/tests/data/virtual-server-route-upstream-tls/route-multiple.yaml +++ b/tests/data/virtual-server-route-upstream-tls/route-multiple.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route-upstream-tls/route-single-disable-tls.yaml b/tests/data/virtual-server-route-upstream-tls/route-single-disable-tls.yaml index 3c5d8aec87..19d0e4b8e3 100644 --- a/tests/data/virtual-server-route-upstream-tls/route-single-disable-tls.yaml +++ b/tests/data/virtual-server-route-upstream-tls/route-single-disable-tls.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-upstream-tls/route-single-invalid.yaml b/tests/data/virtual-server-route-upstream-tls/route-single-invalid.yaml index e0a257a163..ea61bccbdf 100644 --- a/tests/data/virtual-server-route-upstream-tls/route-single-invalid.yaml +++ b/tests/data/virtual-server-route-upstream-tls/route-single-invalid.yaml @@ -13,4 +13,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-upstream-tls/route-single.yaml b/tests/data/virtual-server-route-upstream-tls/route-single.yaml index b9822c4b6a..85957829c7 100644 --- a/tests/data/virtual-server-route-upstream-tls/route-single.yaml +++ b/tests/data/virtual-server-route-upstream-tls/route-single.yaml @@ -13,4 +13,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route-upstream-tls/standard/virtual-server.yaml b/tests/data/virtual-server-route-upstream-tls/standard/virtual-server.yaml index 1aa53f07df..3991285dbb 100644 --- a/tests/data/virtual-server-route-upstream-tls/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route-upstream-tls/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends" route: backends-namespace/backends - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-route/route-multiple-updated.yaml b/tests/data/virtual-server-route/route-multiple-updated.yaml index dfa6ede3a1..cdca3dd8b0 100644 --- a/tests/data/virtual-server-route/route-multiple-updated.yaml +++ b/tests/data/virtual-server-route/route-multiple-updated.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backends/updated-backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route/route-multiple.yaml b/tests/data/virtual-server-route/route-multiple.yaml index dc620fcac8..8274c16c00 100644 --- a/tests/data/virtual-server-route/route-multiple.yaml +++ b/tests/data/virtual-server-route/route-multiple.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backends/backend3" action: - pass: backend3 \ No newline at end of file + pass: backend3 diff --git a/tests/data/virtual-server-route/route-orphan.yaml b/tests/data/virtual-server-route/route-orphan.yaml index ec2acb1127..11fc130c34 100644 --- a/tests/data/virtual-server-route/route-orphan.yaml +++ b/tests/data/virtual-server-route/route-orphan.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/alone-backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route/route-single-duplicate-path.yaml b/tests/data/virtual-server-route/route-single-duplicate-path.yaml index 32f48e8b02..f8fd105e12 100644 --- a/tests/data/virtual-server-route/route-single-duplicate-path.yaml +++ b/tests/data/virtual-server-route/route-single-duplicate-path.yaml @@ -14,4 +14,4 @@ spec: pass: backend2 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route/route-single-invalid-host.yaml b/tests/data/virtual-server-route/route-single-invalid-host.yaml index db880061b1..f9dc941266 100644 --- a/tests/data/virtual-server-route/route-single-invalid-host.yaml +++ b/tests/data/virtual-server-route/route-single-invalid-host.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route/route-single-invalid-openapi.yaml b/tests/data/virtual-server-route/route-single-invalid-openapi.yaml index bab3baa056..c256659b83 100644 --- a/tests/data/virtual-server-route/route-single-invalid-openapi.yaml +++ b/tests/data/virtual-server-route/route-single-invalid-openapi.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/backend2" action: - pass: 22 \ No newline at end of file + pass: 22 diff --git a/tests/data/virtual-server-route/route-single.yaml b/tests/data/virtual-server-route/route-single.yaml index 3c5d8aec87..19d0e4b8e3 100644 --- a/tests/data/virtual-server-route/route-single.yaml +++ b/tests/data/virtual-server-route/route-single.yaml @@ -11,4 +11,4 @@ spec: subroutes: - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-route/standard/virtual-server.yaml b/tests/data/virtual-server-route/standard/virtual-server.yaml index 179878752a..f56b65d83d 100644 --- a/tests/data/virtual-server-route/standard/virtual-server.yaml +++ b/tests/data/virtual-server-route/standard/virtual-server.yaml @@ -8,4 +8,4 @@ spec: - path: "/backends" route: backends # implicit namespace - path: "/backend2" - route: backend2-namespace/backend2 \ No newline at end of file + route: backend2-namespace/backend2 diff --git a/tests/data/virtual-server-split-traffic/standard/virtual-server.yaml b/tests/data/virtual-server-split-traffic/standard/virtual-server.yaml index 3ca5c3dc45..cb90e392a2 100644 --- a/tests/data/virtual-server-split-traffic/standard/virtual-server.yaml +++ b/tests/data/virtual-server-split-traffic/standard/virtual-server.yaml @@ -11,7 +11,7 @@ spec: - name: backend1-v1 service: backend1-svc-v1 port: 80 - - name: backend1-v2 + - name: backend1-v2 service: backend1-svc-v2 port: 80 routes: @@ -25,4 +25,4 @@ spec: pass: backend1-v2 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-status/invalid-state.yaml b/tests/data/virtual-server-status/invalid-state.yaml index 8c9c324f41..982b07106c 100644 --- a/tests/data/virtual-server-status/invalid-state.yaml +++ b/tests/data/virtual-server-status/invalid-state.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: backend2 action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-status/standard/virtual-server.yaml b/tests/data/virtual-server-status/standard/virtual-server.yaml index 971bac17b1..4e54c2c7e4 100644 --- a/tests/data/virtual-server-status/standard/virtual-server.yaml +++ b/tests/data/virtual-server-status/standard/virtual-server.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: /backend2 action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-status/warning-state.yaml b/tests/data/virtual-server-status/warning-state.yaml index ad2c076e19..232539def5 100644 --- a/tests/data/virtual-server-status/warning-state.yaml +++ b/tests/data/virtual-server-status/warning-state.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: /backend2 action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-tls-redirect/standard/virtual-server.yaml b/tests/data/virtual-server-tls-redirect/standard/virtual-server.yaml index ca1c1f0d91..84297e46c6 100644 --- a/tests/data/virtual-server-tls-redirect/standard/virtual-server.yaml +++ b/tests/data/virtual-server-tls-redirect/standard/virtual-server.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-tls-redirect/virtual-server-default-redirect.yaml b/tests/data/virtual-server-tls-redirect/virtual-server-default-redirect.yaml index d90ad87231..98619706d0 100644 --- a/tests/data/virtual-server-tls-redirect/virtual-server-default-redirect.yaml +++ b/tests/data/virtual-server-tls-redirect/virtual-server-default-redirect.yaml @@ -23,4 +23,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-tls-redirect/virtual-server-header-redirect.yaml b/tests/data/virtual-server-tls-redirect/virtual-server-header-redirect.yaml index edac3267e4..f2d8469ea3 100644 --- a/tests/data/virtual-server-tls-redirect/virtual-server-header-redirect.yaml +++ b/tests/data/virtual-server-tls-redirect/virtual-server-header-redirect.yaml @@ -23,4 +23,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-tls-redirect/virtual-server-invalid.yaml b/tests/data/virtual-server-tls-redirect/virtual-server-invalid.yaml index 3446a49b72..6d9cbb8651 100644 --- a/tests/data/virtual-server-tls-redirect/virtual-server-invalid.yaml +++ b/tests/data/virtual-server-tls-redirect/virtual-server-invalid.yaml @@ -23,4 +23,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-tls-redirect/virtual-server-no-tls-termination-redirect.yaml b/tests/data/virtual-server-tls-redirect/virtual-server-no-tls-termination-redirect.yaml index 0d37c0acf8..775f751ec2 100644 --- a/tests/data/virtual-server-tls-redirect/virtual-server-no-tls-termination-redirect.yaml +++ b/tests/data/virtual-server-tls-redirect/virtual-server-no-tls-termination-redirect.yaml @@ -23,4 +23,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-tls-redirect/virtual-server-scheme-redirect.yaml b/tests/data/virtual-server-tls-redirect/virtual-server-scheme-redirect.yaml index 5dabc7b284..1e4521e547 100644 --- a/tests/data/virtual-server-tls-redirect/virtual-server-scheme-redirect.yaml +++ b/tests/data/virtual-server-tls-redirect/virtual-server-scheme-redirect.yaml @@ -23,4 +23,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-tls/new-tls-secret.yaml b/tests/data/virtual-server-tls/new-tls-secret.yaml index af88ca5723..b1b9de8abf 100644 --- a/tests/data/virtual-server-tls/new-tls-secret.yaml +++ b/tests/data/virtual-server-tls/new-tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyakNDQXNLZ0F3SUJBZ0lKQU9BV0U3RWVwbmhyTUEwR0NTcUdTSWIzRFFFQkJRVUFNRkV4Q3pBSkJnTlYKQkFZVEFrZENNUmN3RlFZRFZRUUlFdzVEWVcxaWNtbGtaMlZ6YUdseVpURU9NQXdHQTFVRUNoTUZibWRwYm5neApHVEFYQmdOVkJBTVRFR05oWm1VdVpYaGhiWEJzWlM1amIyMHdIaGNOTVRjd056TXhNVEUxTmpVNFdoY05NVGd3Ck56TXhNVEUxTmpVNFdqQlJNUXN3Q1FZRFZRUUdFd0pIUWpFWE1CVUdBMVVFQ0JNT1EyRnRZbkpwWkdkbGMyaHAKY21VeERqQU1CZ05WQkFvVEJXNW5hVzU0TVJrd0Z3WURWUVFERXhCallXWmxMbVY0WVcxd2JHVXVZMjl0TUlJQgpJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBODB0ZUlBTmM2M0dVQnU4U2hsZkh5OE1TCkVkdVE0am1CVm5BRzZ3TTZ5ZHdlbzhNS1MvZDFWSi9qWmRSMytnTVJMU0Y5d0xYU0hTaVBiK0VaOWcxc0RSUDgKWGhxaEhBcyszdnUva0Z5K1ZLYTdneWZwTGJGTkNsOS9vRStKZUxReWh3S2JwS1lrODg0ZDhKaGlhVFJvR05BRgp1S2RFTVRKc2ZHdTVOWGxYdkZxZ0lieWw3d3BCWGF6WXBjZUFoZUQ3azFMTlBNdnpaZ3llcWw0dk9qUDg4ck9vCkJ6Tm1seGdvODQ2VW5SN0c0L3NuZ0RFdVpPZXdYSWZlRVhXZDU1VTVzaFFtZWN6aExiaUducFZUNG9PWGhPWk8KYkd6ejNrY1RJOFlxOVc4eCswVkovaWZKQ0VYVitETzFEUXI2MEZDVTloSnQ3N2kwZ2NGWE9MNk5IYUVyVndJRApBUUFCbzRHME1JR3hNQjBHQTFVZERnUVdCQlJwSkg5b3RWYUtTM3dYV1IwdEZkK0hoQjRUYVRDQmdRWURWUjBqCkJIb3dlSUFVYVNSL2FMVldpa3Q4RjFrZExSWGZoNFFlRTJtaFZhUlRNRkV4Q3pBSkJnTlZCQVlUQWtkQ01SY3cKRlFZRFZRUUlFdzVEWVcxaWNtbGtaMlZ6YUdseVpURU9NQXdHQTFVRUNoTUZibWRwYm5neEdUQVhCZ05WQkFNVApFR05oWm1VdVpYaGhiWEJzWlM1amIyMkNDUURnRmhPeEhxWjRhekFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHClNJYjNEUUVCQlFVQUE0SUJBUUNsdEdaVE5SMFVVdVJqRVQxa1ZDdzB0QXY0YkswdFdUVDNoUVJkbmNkYjZRVGQKQkRUMEFPbjVTL1pSSytVZmJ2cllnSCsyRlZjZVE0Mzc1V2pNWGl4SUJ1QnprZlJMc01EMmZnMmlVc205NXcvUApZUFpmYW9vZjlMTVQ2V3BKYkl5N2VjWHpKZGN3aWJucnRkelc3VHljSE16ODlaZTEvR2xXRHQzZmp4YVlRTDhxCnRyWUFMWVFGU1NqZ2drdGRKeWkzRXdlem9jekV0dGFjSFYrb0xGT3F1c3EvMG83UDFabFJicXdHM3BqWUVHbUcKU3N3cVEzd25YMXpzamtBRFg2bkFCYkdaZHFaMWVZZVlIL0RTQm42ZFNGWjJaZEFRcWxIdTBJSE14aVdIa2poYwpoc1FwbUxNUFg4RTZ4SG5oT1dtbWRJVnAzbUlSdEEyQnhmYzROUWlQCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBODB0ZUlBTmM2M0dVQnU4U2hsZkh5OE1TRWR1UTRqbUJWbkFHNndNNnlkd2VvOE1LClMvZDFWSi9qWmRSMytnTVJMU0Y5d0xYU0hTaVBiK0VaOWcxc0RSUDhYaHFoSEFzKzN2dS9rRnkrVkthN2d5ZnAKTGJGTkNsOS9vRStKZUxReWh3S2JwS1lrODg0ZDhKaGlhVFJvR05BRnVLZEVNVEpzZkd1NU5YbFh2RnFnSWJ5bAo3d3BCWGF6WXBjZUFoZUQ3azFMTlBNdnpaZ3llcWw0dk9qUDg4ck9vQnpObWx4Z284NDZVblI3RzQvc25nREV1ClpPZXdYSWZlRVhXZDU1VTVzaFFtZWN6aExiaUducFZUNG9PWGhPWk9iR3p6M2tjVEk4WXE5Vzh4KzBWSi9pZkoKQ0VYVitETzFEUXI2MEZDVTloSnQ3N2kwZ2NGWE9MNk5IYUVyVndJREFRQUJBb0lCQUhEeGxBaVloeEpsNzZvbwpZaGtydHZ6STJpS2dJMnBoOThFQTBMVlpFbm1UVGtZSHpVZm00UGtnSUppdFFlVTJkMHJVT1dTMUE0MjF2cURaCmh3dkt2MVp5NkwxbTcxUHRoSXBQcEdhSUozTjAwNmZYWjFCbTlyVFNFSldEVnZaSjhRcnNFd1VrZkJNU3BLT0UKbW1yc2dVYkRpMlJsZ2lxMGxkaE15ZlloRnJIQkdNYy9yWmh6ZkZucHNPSzhzRlArTTUvSVhkUjYyS21TemFrdgpLcE55TDZ5dmFUWTZ5dGwwRTd3NE1VREtGZ28wczhIdHdNdHdtWXE5aUFpdVhnOUhnOFp0VExIVnREWDlBVGRJCjliZVB0TUFDdWdEd3daZ2ppMEdTd2h0dkdmZFhleE1OaUhFWGVVaWpVMUVMWVFVWGZ3TUF0Y3hQbGF1dTZUU1YKNGZhc1lJRUNnWUVBL1pIbDBkdFgyQ25IZGJjdWExZ2xVMHo1RHZXTVMyVHFSaHNTM3JsaEZNeFJ6cGlkTHVLaApzS2xiblQyOElZNDRaUFBic1U4QVUvK0E5QWVPZmx6dG5xZ3RFemphVW4wTzJ2c2NLUUpNWXY3N0lzcStrV3BtCjZBNVIxSDdGbzk4SGRxSmRnZ3pSenVZeDRkOTYrWTk3SUJRV0psSVZ2MW56R1RGVWNPYVhlNzhDZ1lFQTlhQkMKb0hIdDRKTVlxRHJBZ1BIVnRpaWhoWDJpT3RsamxMUy9pVXVhenBSaUVhajdsZGZoTURGVG9xNkZId0ZCelErVwpCV09TNTlBQ1lYaVZKTS9nRHJRaVNWQ3QyRTFMa2dYTmVMQWJYaUJZSXcwNlQ4eDhsSmRTZzdid01OTU93SDBzClpMOUdLbm9zSWdqaS9MMDZaUndsOFBCU1hWVUF3VU9yV2RaakZta0NnWUI1bVRHZ3haTUdzbUpZYlJQeG5qK28KQnMyWkF0L1lkL2h3emlMcWMvTytTWTBoaWNZMjZhK29URThHeE1nblAxQ0QrUDF0dGZqdVR5VEQ0YXZQcFRpKwpVTi9zeStMR2svby93UlBzQnBJakZ5dlByM0pid2E2L3NiNUVMTmNTa3EyOWtuZE5HbUN5MjJrb2JFZEl6aW01ClpHaUt6K3BsN1BqTEtBRGFjM3BKZVFLQmdDRGlVY2sxTjRtblo5ZXQ5ZlBOYkxVMGYxdGwxSUJZZGxLRVdGaEQKUFBpSE9SSHdNNjU5OW5JRFNKVXhGRFZ3YjZUS2YyVTlUWCtuZzRvVklMS0srZzQ5NDVFNU1lMFJmQnFTbUUyZQpGaXZsM0tia3NIZmFncHRLSHd2dlEvemxaTVkwZStzSkNKWExRWGxWQXo2ZS91Qm1nbFhkZHNsMEJlUFo4V2pYCm9QQnhBb0dCQUlHQW1Oek1xNi8yS0NOQ3VmWkVDZGJ5NEMwVnVwTTJ4aHZkSmJ6Z2F0cFVxZ2d6LytzQlNBNVcKTzlXd21uQmFZdFBUcHZWdXFXUU9mYmF0RERmMlJab2lOUnBlMGQwdE9GeVFrZEh3UUVDdCtFYTZIMWpRYkh2MwoxVnFGeTBDbDFxYmZRektibzdaMmh4NnlXbElBaUJ6Yy8yeWt3cEhZbzdiMFo4K3ltOUtiCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBODB0ZUlBTmM2M0dVQnU4U2hsZkh5OE1TRWR1UTRqbUJWbkFHNndNNnlkd2VvOE1LClMvZDFWSi9qWmRSMytnTVJMU0Y5d0xYU0hTaVBiK0VaOWcxc0RSUDhYaHFoSEFzKzN2dS9rRnkrVkthN2d5ZnAKTGJGTkNsOS9vRStKZUxReWh3S2JwS1lrODg0ZDhKaGlhVFJvR05BRnVLZEVNVEpzZkd1NU5YbFh2RnFnSWJ5bAo3d3BCWGF6WXBjZUFoZUQ3azFMTlBNdnpaZ3llcWw0dk9qUDg4ck9vQnpObWx4Z284NDZVblI3RzQvc25nREV1ClpPZXdYSWZlRVhXZDU1VTVzaFFtZWN6aExiaUducFZUNG9PWGhPWk9iR3p6M2tjVEk4WXE5Vzh4KzBWSi9pZkoKQ0VYVitETzFEUXI2MEZDVTloSnQ3N2kwZ2NGWE9MNk5IYUVyVndJREFRQUJBb0lCQUhEeGxBaVloeEpsNzZvbwpZaGtydHZ6STJpS2dJMnBoOThFQTBMVlpFbm1UVGtZSHpVZm00UGtnSUppdFFlVTJkMHJVT1dTMUE0MjF2cURaCmh3dkt2MVp5NkwxbTcxUHRoSXBQcEdhSUozTjAwNmZYWjFCbTlyVFNFSldEVnZaSjhRcnNFd1VrZkJNU3BLT0UKbW1yc2dVYkRpMlJsZ2lxMGxkaE15ZlloRnJIQkdNYy9yWmh6ZkZucHNPSzhzRlArTTUvSVhkUjYyS21TemFrdgpLcE55TDZ5dmFUWTZ5dGwwRTd3NE1VREtGZ28wczhIdHdNdHdtWXE5aUFpdVhnOUhnOFp0VExIVnREWDlBVGRJCjliZVB0TUFDdWdEd3daZ2ppMEdTd2h0dkdmZFhleE1OaUhFWGVVaWpVMUVMWVFVWGZ3TUF0Y3hQbGF1dTZUU1YKNGZhc1lJRUNnWUVBL1pIbDBkdFgyQ25IZGJjdWExZ2xVMHo1RHZXTVMyVHFSaHNTM3JsaEZNeFJ6cGlkTHVLaApzS2xiblQyOElZNDRaUFBic1U4QVUvK0E5QWVPZmx6dG5xZ3RFemphVW4wTzJ2c2NLUUpNWXY3N0lzcStrV3BtCjZBNVIxSDdGbzk4SGRxSmRnZ3pSenVZeDRkOTYrWTk3SUJRV0psSVZ2MW56R1RGVWNPYVhlNzhDZ1lFQTlhQkMKb0hIdDRKTVlxRHJBZ1BIVnRpaWhoWDJpT3RsamxMUy9pVXVhenBSaUVhajdsZGZoTURGVG9xNkZId0ZCelErVwpCV09TNTlBQ1lYaVZKTS9nRHJRaVNWQ3QyRTFMa2dYTmVMQWJYaUJZSXcwNlQ4eDhsSmRTZzdid01OTU93SDBzClpMOUdLbm9zSWdqaS9MMDZaUndsOFBCU1hWVUF3VU9yV2RaakZta0NnWUI1bVRHZ3haTUdzbUpZYlJQeG5qK28KQnMyWkF0L1lkL2h3emlMcWMvTytTWTBoaWNZMjZhK29URThHeE1nblAxQ0QrUDF0dGZqdVR5VEQ0YXZQcFRpKwpVTi9zeStMR2svby93UlBzQnBJakZ5dlByM0pid2E2L3NiNUVMTmNTa3EyOWtuZE5HbUN5MjJrb2JFZEl6aW01ClpHaUt6K3BsN1BqTEtBRGFjM3BKZVFLQmdDRGlVY2sxTjRtblo5ZXQ5ZlBOYkxVMGYxdGwxSUJZZGxLRVdGaEQKUFBpSE9SSHdNNjU5OW5JRFNKVXhGRFZ3YjZUS2YyVTlUWCtuZzRvVklMS0srZzQ5NDVFNU1lMFJmQnFTbUUyZQpGaXZsM0tia3NIZmFncHRLSHd2dlEvemxaTVkwZStzSkNKWExRWGxWQXo2ZS91Qm1nbFhkZHNsMEJlUFo4V2pYCm9QQnhBb0dCQUlHQW1Oek1xNi8yS0NOQ3VmWkVDZGJ5NEMwVnVwTTJ4aHZkSmJ6Z2F0cFVxZ2d6LytzQlNBNVcKTzlXd21uQmFZdFBUcHZWdXFXUU9mYmF0RERmMlJab2lOUnBlMGQwdE9GeVFrZEh3UUVDdCtFYTZIMWpRYkh2MwoxVnFGeTBDbDFxYmZRektibzdaMmh4NnlXbElBaUJ6Yy8yeWt3cEhZbzdiMFo4K3ltOUtiCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/virtual-server-tls/standard/virtual-server.yaml b/tests/data/virtual-server-tls/standard/virtual-server.yaml index ca1c1f0d91..84297e46c6 100644 --- a/tests/data/virtual-server-tls/standard/virtual-server.yaml +++ b/tests/data/virtual-server-tls/standard/virtual-server.yaml @@ -19,4 +19,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-tls/tls-secret.yaml b/tests/data/virtual-server-tls/tls-secret.yaml index 904f61bc11..e2352d0fc7 100644 --- a/tests/data/virtual-server-tls/tls-secret.yaml +++ b/tests/data/virtual-server-tls/tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9jbHdCelprYmlhTUEwR0NTcUdTSWIzRFFFQkJRVUFNRmd4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFaE1COEdBMVVFQ2hNWVNXNTBaWEp1WlhRZ1YybGtaMmwwY3lCUQpkSGtnVEhSa01Sa3dGd1lEVlFRREV4QmpZV1psTG1WNFlXMXdiR1V1WTI5dE1CNFhEVEUzTURnek1URXdNVGN5Ck1Gb1hEVEU0TURnek1URXdNVGN5TUZvd1dERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1TRXcKSHdZRFZRUUtFeGhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXhHVEFYQmdOVkJBTVRFR05oWm1VdQpaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzdIT0xJCm5oZjE1aUcxOE16RXBzN0lvZmxHQmovMi9NVjA0OWtBS0hrTnZOem1XaXRXWDV2QU1yRkF5THY0dXBIWDI5b0IKa3l6YUhlYyt2TlFibEh1bStINUtkUWZXWHFXNkJ6UnVhMzBreEkrcG91cnhpNy9jaDJORS92djBhRGtvaTJ0RAovOUI2aHAyVkoxWXFJdm9hQ2wwSmFYWDd0WEc4SGU1S1BSZzBYMm1Mblcwa29tay9ZVGRPbS9xOVRjUDRnUmhrCms3bUhJMDlSME5vNUhTbURydmVBWFEyY3lGWVJQVUNjWkNPd0h6UUdVUVB1UU0wNVArWUNnVlNRcElKWFV0b0kKbGdEMHhZZUw4UU1rZjZ0TWpYcXpTVVRhQlhzNkRKU2x1YWN1aHpkV212UnFPUVNNYlVpZ3dVUEZCRDVLRUFIcwozM0hHeVZ5dkI4cVlrYUczQWdNQkFBR2pnYnd3Z2Jrd0hRWURWUjBPQkJZRUZOdTQvMTdpSituRGxPMkoyVisvCitqM2x5SzVZTUlHSkJnTlZIU01FZ1lFd2Y0QVUyN2ovWHVJbjZjT1U3WW5aWDcvNlBlWElybGloWEtSYU1GZ3gKQ3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVoTUI4R0ExVUVDaE1ZU1c1MFpYSnVaWFFnVjJsawpaMmwwY3lCUWRIa2dUSFJrTVJrd0Z3WURWUVFERXhCallXWmxMbVY0WVcxd2JHVXVZMjl0Z2drQTV5WEFITm1SCnVKb3dEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRVUZBQU9DQVFFQUtGUHJBcXA3a3lzTDVGNnMKWFhWdXZkZzAyc0srUlpzb2F3QWVxbHlSRmpJeUlQL2VTajBhQjQwQmNOcWFyRHhwNjhBd1pZNG4yQk9EVmo5WgphOFlvV1YyOFpwamloaThxNnBPSElOa0MrOXpCY1hsZ2lvVUZBTERCcXFPTXFUZkw1cjNGejNUTGN1clozajhuCnUzL2hRVHNXZG5TZENWbmN0aXhaUHJ5cnhJSFlWSERiVHF4ZWdTQUN6WkU1MHMwdlRpMFJkNUkrcVdubVpIUloKL0hLNVZnNWlNS2E1clBPRTFaT2M3L2VnVjZ6R2p4THJiNEdlQ2JyTjBBb01tazNpL2d2K2kzL0N6aTlXOVhNNApwa2hQSjJUcEtMSjVaOHgxUVhjUW5Dem5yOEdtL2FuVzV4b3lDdWhjZzlXMlVSYzRKVTZ1UXh0WU9tczYrc0RxCjBBN1Y3UT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXh6aXlKNFg5ZVlodGZETXhLYk95S0g1UmdZLzl2ekZkT1BaQUNoNURiemM1bG9yClZsK2J3REt4UU1pNytMcVIxOXZhQVpNczJoM25QcnpVRzVSN3B2aCtTblVIMWw2bHVnYzBibXQ5Sk1TUHFhTHEKOFl1LzNJZGpSUDc3OUdnNUtJdHJRLy9RZW9hZGxTZFdLaUw2R2dwZENXbDErN1Z4dkIzdVNqMFlORjlwaTUxdApKS0pwUDJFM1RwdjZ2VTNEK0lFWVpKTzVoeU5QVWREYU9SMHBnNjczZ0YwTm5NaFdFVDFBbkdRanNCODBCbEVECjdrRE5PVC9tQW9GVWtLU0NWMUxhQ0pZQTlNV0hpL0VESkgrclRJMTZzMGxFMmdWN09neVVwYm1uTG9jM1ZwcjAKYWprRWpHMUlvTUZEeFFRK1NoQUI3Tjl4eHNsY3J3ZkttSkdodHdJREFRQUJBb0lCQUVuZHpXbUZmOUFEV2F1Sgp0RXl0elZSSEhURVhwb2pLb09qVVNnWlY4L1FJYXV4RkRIYThwNi9vVXpGUURXVFR3bCtFMnp0ajdvRHM3UzFIClBqVGxHU3VCVGRuMitYRVhURFYwUXE2VW9JS3pWa09SblU1ZDdSQVNJbzVLV3d6UldEODVTczg5WGdBQXhKVHQKUW9hLzZCdi9tMXJyMXpmWEdWODZNYWY5Rm1FVjI5bmpCcHZ3cUpzOFlUaFU5VE5BRUdnbkxBWGFJYTJZSUJTSgozcVhJd1RrdFBHUUZyZUowdnBiOVlaTkRxWk0rMmI1K3BBVEVXclpyeTQxTlpvdzhNUnVOYnoxVU5sWXkyazZKCjlXclUxUDVYM2l3dEZmcXA3TzREakNOMFR2Y1Y1Nm5QczJoYldDeHp4RmxFalJwNW5KQ3Bsdi9yNCt4eHJVRWQKd0NjU0x3RUNnWUVBOGVDUGM2S2JpSXVFUWxwVjcxTXRQMjdBZzhkMzN5aWZKajAvQ3R3RlF6dlhWcHZCSHFRagphUE1ZaEswZ3o0MzFHMGtqVUpTeUU2STJYVWhFU3gxZUw2TU5sVS9xc29Uc0JaZEV3N0cvMFRhdW1TQUJWemZPCkIvckdtbEZkZitxWVpiR3pIdGtvbVJWb1JqVWtPcGRJL3RnL1ZlSmJ3K1RIS2dYS01NU2V5cjhDZ1lFQXhnbTkKWXN5dVZVUGlEdDhuL1JXeEJwZ1Zqazk0M3BFOVFjK2FVK0VPcGROK2NNQjkvaGJiWUpMZEZ2WUUwd2s1cEQ1SQpibktscjZycndEVUJKNWY2TXM0L3gyS3JISjlCQ3VNT3JyTEVTVm42ZG9NdDhWdEtpQkVLTVFuSnIzYmM4UDV3CnpvVmNhRGl1dCtISjcySG83cG5QQTFhaS9QV1ZwM2pZUTlCSXZ3a0NnWUJRNzkzUXlmYlZxQ25uc2liVFlMZmgKWkFRVGxLbXVDUC9JWWZJNGhndFV4aTkya2NQN3B0MGFmMDRUQjRQVk1DRjJzZkNaUkVpYWZVdEh4Nmppb2I4awpuYUVyOTRRSG5LY0Y3K3BZdWFBQU9CWVFzejcvbW5MZEJMTjBiQW1uaGk3Y3lLdXhoT1VxNUpqeDlWSmNNTWVDClQ0WlNETjY4SEUvdzVlTVVrcGE0TFFLQmdGM0piUXhtUE1XYW9XdERtYytNdjBxTktlQThtTlJtMmlqWnBZL0YKek1jUnN4YTR3ckpicHNkRXBqbmlod1Jlb1JLOGdGYjJLcXRYK2RBTUNpRHpJNFYrRWN4ZVdRVDBFcnlTTFhqawpwbnJLaHdnck5jM1EyeW8zVDZsTHBsMVhvR2p0UndVM09UME9Zd2dvZ1JiQ09xc000bklGVEtrWnNTY2YzdU8yCnQwenBBb0dCQU5Fc1V4Yit6UHpKbEgwL2hOTlhteisvNGx4aXlJb1ZQQXgzaEtBemtjOGtkZzhoS25XWkZhK0YKTjZMOXZjTDhNbnRjNHpmVDdDanNxWGJ2cGUzRUFOeGk4TWRSZzd1Z093L2NiZWdLVklZY3hTdXdRKzYrNUZYOApKRzlhbGxzdXovTk40b2RpMzRvblpEVmRZcURnY2xaZnZucXZKMHZWSzc1VXhQZ3F3aUJQCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXh6aXlKNFg5ZVlodGZETXhLYk95S0g1UmdZLzl2ekZkT1BaQUNoNURiemM1bG9yClZsK2J3REt4UU1pNytMcVIxOXZhQVpNczJoM25QcnpVRzVSN3B2aCtTblVIMWw2bHVnYzBibXQ5Sk1TUHFhTHEKOFl1LzNJZGpSUDc3OUdnNUtJdHJRLy9RZW9hZGxTZFdLaUw2R2dwZENXbDErN1Z4dkIzdVNqMFlORjlwaTUxdApKS0pwUDJFM1RwdjZ2VTNEK0lFWVpKTzVoeU5QVWREYU9SMHBnNjczZ0YwTm5NaFdFVDFBbkdRanNCODBCbEVECjdrRE5PVC9tQW9GVWtLU0NWMUxhQ0pZQTlNV0hpL0VESkgrclRJMTZzMGxFMmdWN09neVVwYm1uTG9jM1ZwcjAKYWprRWpHMUlvTUZEeFFRK1NoQUI3Tjl4eHNsY3J3ZkttSkdodHdJREFRQUJBb0lCQUVuZHpXbUZmOUFEV2F1Sgp0RXl0elZSSEhURVhwb2pLb09qVVNnWlY4L1FJYXV4RkRIYThwNi9vVXpGUURXVFR3bCtFMnp0ajdvRHM3UzFIClBqVGxHU3VCVGRuMitYRVhURFYwUXE2VW9JS3pWa09SblU1ZDdSQVNJbzVLV3d6UldEODVTczg5WGdBQXhKVHQKUW9hLzZCdi9tMXJyMXpmWEdWODZNYWY5Rm1FVjI5bmpCcHZ3cUpzOFlUaFU5VE5BRUdnbkxBWGFJYTJZSUJTSgozcVhJd1RrdFBHUUZyZUowdnBiOVlaTkRxWk0rMmI1K3BBVEVXclpyeTQxTlpvdzhNUnVOYnoxVU5sWXkyazZKCjlXclUxUDVYM2l3dEZmcXA3TzREakNOMFR2Y1Y1Nm5QczJoYldDeHp4RmxFalJwNW5KQ3Bsdi9yNCt4eHJVRWQKd0NjU0x3RUNnWUVBOGVDUGM2S2JpSXVFUWxwVjcxTXRQMjdBZzhkMzN5aWZKajAvQ3R3RlF6dlhWcHZCSHFRagphUE1ZaEswZ3o0MzFHMGtqVUpTeUU2STJYVWhFU3gxZUw2TU5sVS9xc29Uc0JaZEV3N0cvMFRhdW1TQUJWemZPCkIvckdtbEZkZitxWVpiR3pIdGtvbVJWb1JqVWtPcGRJL3RnL1ZlSmJ3K1RIS2dYS01NU2V5cjhDZ1lFQXhnbTkKWXN5dVZVUGlEdDhuL1JXeEJwZ1Zqazk0M3BFOVFjK2FVK0VPcGROK2NNQjkvaGJiWUpMZEZ2WUUwd2s1cEQ1SQpibktscjZycndEVUJKNWY2TXM0L3gyS3JISjlCQ3VNT3JyTEVTVm42ZG9NdDhWdEtpQkVLTVFuSnIzYmM4UDV3CnpvVmNhRGl1dCtISjcySG83cG5QQTFhaS9QV1ZwM2pZUTlCSXZ3a0NnWUJRNzkzUXlmYlZxQ25uc2liVFlMZmgKWkFRVGxLbXVDUC9JWWZJNGhndFV4aTkya2NQN3B0MGFmMDRUQjRQVk1DRjJzZkNaUkVpYWZVdEh4Nmppb2I4awpuYUVyOTRRSG5LY0Y3K3BZdWFBQU9CWVFzejcvbW5MZEJMTjBiQW1uaGk3Y3lLdXhoT1VxNUpqeDlWSmNNTWVDClQ0WlNETjY4SEUvdzVlTVVrcGE0TFFLQmdGM0piUXhtUE1XYW9XdERtYytNdjBxTktlQThtTlJtMmlqWnBZL0YKek1jUnN4YTR3ckpicHNkRXBqbmlod1Jlb1JLOGdGYjJLcXRYK2RBTUNpRHpJNFYrRWN4ZVdRVDBFcnlTTFhqawpwbnJLaHdnck5jM1EyeW8zVDZsTHBsMVhvR2p0UndVM09UME9Zd2dvZ1JiQ09xc000bklGVEtrWnNTY2YzdU8yCnQwenBBb0dCQU5Fc1V4Yit6UHpKbEgwL2hOTlhteisvNGx4aXlJb1ZQQXgzaEtBemtjOGtkZzhoS25XWkZhK0YKTjZMOXZjTDhNbnRjNHpmVDdDanNxWGJ2cGUzRUFOeGk4TWRSZzd1Z093L2NiZWdLVklZY3hTdXdRKzYrNUZYOApKRzlhbGxzdXovTk40b2RpMzRvblpEVmRZcURnY2xaZnZucXZKMHZWSzc1VXhQZ3F3aUJQCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/virtual-server-upstream-options/configmap-with-keys.yaml b/tests/data/virtual-server-upstream-options/configmap-with-keys.yaml index e00d6029eb..05b55aac74 100644 --- a/tests/data/virtual-server-upstream-options/configmap-with-keys.yaml +++ b/tests/data/virtual-server-upstream-options/configmap-with-keys.yaml @@ -15,4 +15,4 @@ data: client-max-body-size: "3m" proxy-buffering: "false" proxy-buffer-size: "1k" - proxy-buffers: "8 1k" \ No newline at end of file + proxy-buffers: "8 1k" diff --git a/tests/data/virtual-server-upstream-options/plus-virtual-server-with-invalid-keys-openapi.yaml b/tests/data/virtual-server-upstream-options/plus-virtual-server-with-invalid-keys-openapi.yaml index 78528d9609..85bfd52575 100644 --- a/tests/data/virtual-server-upstream-options/plus-virtual-server-with-invalid-keys-openapi.yaml +++ b/tests/data/virtual-server-upstream-options/plus-virtual-server-with-invalid-keys-openapi.yaml @@ -69,4 +69,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-upstream-options/plus-virtual-server-with-invalid-keys.yaml b/tests/data/virtual-server-upstream-options/plus-virtual-server-with-invalid-keys.yaml index 748f4d449f..c65861e0ee 100644 --- a/tests/data/virtual-server-upstream-options/plus-virtual-server-with-invalid-keys.yaml +++ b/tests/data/virtual-server-upstream-options/plus-virtual-server-with-invalid-keys.yaml @@ -68,4 +68,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-upstream-options/standard/virtual-server.yaml b/tests/data/virtual-server-upstream-options/standard/virtual-server.yaml index 177bc6cd1f..5062d0079d 100644 --- a/tests/data/virtual-server-upstream-options/standard/virtual-server.yaml +++ b/tests/data/virtual-server-upstream-options/standard/virtual-server.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-upstream-options/virtual-server-with-invalid-keys-openapi.yaml b/tests/data/virtual-server-upstream-options/virtual-server-with-invalid-keys-openapi.yaml index 0c8247645f..42bd4c18a9 100644 --- a/tests/data/virtual-server-upstream-options/virtual-server-with-invalid-keys-openapi.yaml +++ b/tests/data/virtual-server-upstream-options/virtual-server-with-invalid-keys-openapi.yaml @@ -53,4 +53,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-upstream-options/virtual-server-with-invalid-keys.yaml b/tests/data/virtual-server-upstream-options/virtual-server-with-invalid-keys.yaml index aa5e403f68..5aebb259f8 100644 --- a/tests/data/virtual-server-upstream-options/virtual-server-with-invalid-keys.yaml +++ b/tests/data/virtual-server-upstream-options/virtual-server-with-invalid-keys.yaml @@ -49,4 +49,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-upstream-tls/standard/virtual-server.yaml b/tests/data/virtual-server-upstream-tls/standard/virtual-server.yaml index 4113832401..bdeca38f92 100644 --- a/tests/data/virtual-server-upstream-tls/standard/virtual-server.yaml +++ b/tests/data/virtual-server-upstream-tls/standard/virtual-server.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-upstream-tls/virtual-server-disable-tls.yaml b/tests/data/virtual-server-upstream-tls/virtual-server-disable-tls.yaml index 177bc6cd1f..5062d0079d 100644 --- a/tests/data/virtual-server-upstream-tls/virtual-server-disable-tls.yaml +++ b/tests/data/virtual-server-upstream-tls/virtual-server-disable-tls.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-upstream-tls/virtual-server-invalid.yaml b/tests/data/virtual-server-upstream-tls/virtual-server-invalid.yaml index f589e76a42..ae3e4b38a7 100644 --- a/tests/data/virtual-server-upstream-tls/virtual-server-invalid.yaml +++ b/tests/data/virtual-server-upstream-tls/virtual-server-invalid.yaml @@ -21,4 +21,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-validation/standard/virtual-server.yaml b/tests/data/virtual-server-validation/standard/virtual-server.yaml index d28822fcff..195d3950c9 100644 --- a/tests/data/virtual-server-validation/standard/virtual-server.yaml +++ b/tests/data/virtual-server-validation/standard/virtual-server.yaml @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-validation/virtual-server-invalid-cookie.yaml b/tests/data/virtual-server-validation/virtual-server-invalid-cookie.yaml index 28a7b5ce66..8419d59471 100644 --- a/tests/data/virtual-server-validation/virtual-server-invalid-cookie.yaml +++ b/tests/data/virtual-server-validation/virtual-server-invalid-cookie.yaml @@ -34,4 +34,4 @@ spec: pass: backend4-stable - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-validation/virtual-server-no-default-action.yaml b/tests/data/virtual-server-validation/virtual-server-no-default-action.yaml index e9e292a889..c0aacfe6a8 100644 --- a/tests/data/virtual-server-validation/virtual-server-no-default-action.yaml +++ b/tests/data/virtual-server-validation/virtual-server-no-default-action.yaml @@ -34,4 +34,4 @@ spec: # pass: backend4-stable - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server-wildcard/virtual-server-wildcard.yaml b/tests/data/virtual-server-wildcard/virtual-server-wildcard.yaml index c3dcffdf36..1b613fd934 100644 --- a/tests/data/virtual-server-wildcard/virtual-server-wildcard.yaml +++ b/tests/data/virtual-server-wildcard/virtual-server-wildcard.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server/rbac-without-vs.yaml b/tests/data/virtual-server/rbac-without-vs.yaml index 02871ddea9..9b15199aff 100644 --- a/tests/data/virtual-server/rbac-without-vs.yaml +++ b/tests/data/virtual-server/rbac-without-vs.yaml @@ -67,4 +67,4 @@ rules: verbs: - list - watch - - get \ No newline at end of file + - get diff --git a/tests/data/virtual-server/standard/virtual-server-updated.yaml b/tests/data/virtual-server/standard/virtual-server-updated.yaml index b9ff5e21cb..7a11eec556 100644 --- a/tests/data/virtual-server/standard/virtual-server-updated.yaml +++ b/tests/data/virtual-server/standard/virtual-server-updated.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/updated-backend1" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/virtual-server/standard/virtual-server.yaml b/tests/data/virtual-server/standard/virtual-server.yaml index 177bc6cd1f..5062d0079d 100644 --- a/tests/data/virtual-server/standard/virtual-server.yaml +++ b/tests/data/virtual-server/standard/virtual-server.yaml @@ -17,4 +17,4 @@ spec: pass: backend1 - path: "/backend2" action: - pass: backend2 \ No newline at end of file + pass: backend2 diff --git a/tests/data/watch-secret-namespace/route-multiple.yaml b/tests/data/watch-secret-namespace/route-multiple.yaml new file mode 100644 index 0000000000..8274c16c00 --- /dev/null +++ b/tests/data/watch-secret-namespace/route-multiple.yaml @@ -0,0 +1,20 @@ +apiVersion: k8s.nginx.org/v1 +kind: VirtualServerRoute +metadata: + name: backends +spec: + host: virtual-server-route.example.com + upstreams: + - name: backend1 + service: backend1-svc + port: 80 + - name: backend3 + service: backend3-svc + port: 80 + subroutes: + - path: "/backends/backend1" + action: + pass: backend1 + - path: "/backends/backend3" + action: + pass: backend3 diff --git a/tests/data/watch-secret-namespace/route-single.yaml b/tests/data/watch-secret-namespace/route-single.yaml new file mode 100644 index 0000000000..19d0e4b8e3 --- /dev/null +++ b/tests/data/watch-secret-namespace/route-single.yaml @@ -0,0 +1,14 @@ +apiVersion: k8s.nginx.org/v1 +kind: VirtualServerRoute +metadata: + name: backend2 +spec: + host: virtual-server-route.example.com + upstreams: + - name: backend2 + service: backend2-svc + port: 80 + subroutes: + - path: "/backend2" + action: + pass: backend2 diff --git a/tests/data/watch-secret-namespace/standard/virtual-server.yaml b/tests/data/watch-secret-namespace/standard/virtual-server.yaml new file mode 100644 index 0000000000..a8ae41eac5 --- /dev/null +++ b/tests/data/watch-secret-namespace/standard/virtual-server.yaml @@ -0,0 +1,13 @@ +apiVersion: k8s.nginx.org/v1 +kind: VirtualServer +metadata: + name: virtual-server-route +spec: + host: virtual-server-route.example.com + tls: + secret: virtual-server-tls-secret + routes: + - path: "/backends" + route: backends # implicit namespace + - path: "/backend2" + route: backend2-namespace/backend2 diff --git a/tests/data/watch-secret-namespace/tls-secret.yaml b/tests/data/watch-secret-namespace/tls-secret.yaml new file mode 100644 index 0000000000..e2352d0fc7 --- /dev/null +++ b/tests/data/watch-secret-namespace/tls-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: virtual-server-tls-secret +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9jbHdCelprYmlhTUEwR0NTcUdTSWIzRFFFQkJRVUFNRmd4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFaE1COEdBMVVFQ2hNWVNXNTBaWEp1WlhRZ1YybGtaMmwwY3lCUQpkSGtnVEhSa01Sa3dGd1lEVlFRREV4QmpZV1psTG1WNFlXMXdiR1V1WTI5dE1CNFhEVEUzTURnek1URXdNVGN5Ck1Gb1hEVEU0TURnek1URXdNVGN5TUZvd1dERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1TRXcKSHdZRFZRUUtFeGhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXhHVEFYQmdOVkJBTVRFR05oWm1VdQpaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzdIT0xJCm5oZjE1aUcxOE16RXBzN0lvZmxHQmovMi9NVjA0OWtBS0hrTnZOem1XaXRXWDV2QU1yRkF5THY0dXBIWDI5b0IKa3l6YUhlYyt2TlFibEh1bStINUtkUWZXWHFXNkJ6UnVhMzBreEkrcG91cnhpNy9jaDJORS92djBhRGtvaTJ0RAovOUI2aHAyVkoxWXFJdm9hQ2wwSmFYWDd0WEc4SGU1S1BSZzBYMm1Mblcwa29tay9ZVGRPbS9xOVRjUDRnUmhrCms3bUhJMDlSME5vNUhTbURydmVBWFEyY3lGWVJQVUNjWkNPd0h6UUdVUVB1UU0wNVArWUNnVlNRcElKWFV0b0kKbGdEMHhZZUw4UU1rZjZ0TWpYcXpTVVRhQlhzNkRKU2x1YWN1aHpkV212UnFPUVNNYlVpZ3dVUEZCRDVLRUFIcwozM0hHeVZ5dkI4cVlrYUczQWdNQkFBR2pnYnd3Z2Jrd0hRWURWUjBPQkJZRUZOdTQvMTdpSituRGxPMkoyVisvCitqM2x5SzVZTUlHSkJnTlZIU01FZ1lFd2Y0QVUyN2ovWHVJbjZjT1U3WW5aWDcvNlBlWElybGloWEtSYU1GZ3gKQ3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVoTUI4R0ExVUVDaE1ZU1c1MFpYSnVaWFFnVjJsawpaMmwwY3lCUWRIa2dUSFJrTVJrd0Z3WURWUVFERXhCallXWmxMbVY0WVcxd2JHVXVZMjl0Z2drQTV5WEFITm1SCnVKb3dEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRVUZBQU9DQVFFQUtGUHJBcXA3a3lzTDVGNnMKWFhWdXZkZzAyc0srUlpzb2F3QWVxbHlSRmpJeUlQL2VTajBhQjQwQmNOcWFyRHhwNjhBd1pZNG4yQk9EVmo5WgphOFlvV1YyOFpwamloaThxNnBPSElOa0MrOXpCY1hsZ2lvVUZBTERCcXFPTXFUZkw1cjNGejNUTGN1clozajhuCnUzL2hRVHNXZG5TZENWbmN0aXhaUHJ5cnhJSFlWSERiVHF4ZWdTQUN6WkU1MHMwdlRpMFJkNUkrcVdubVpIUloKL0hLNVZnNWlNS2E1clBPRTFaT2M3L2VnVjZ6R2p4THJiNEdlQ2JyTjBBb01tazNpL2d2K2kzL0N6aTlXOVhNNApwa2hQSjJUcEtMSjVaOHgxUVhjUW5Dem5yOEdtL2FuVzV4b3lDdWhjZzlXMlVSYzRKVTZ1UXh0WU9tczYrc0RxCjBBN1Y3UT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXh6aXlKNFg5ZVlodGZETXhLYk95S0g1UmdZLzl2ekZkT1BaQUNoNURiemM1bG9yClZsK2J3REt4UU1pNytMcVIxOXZhQVpNczJoM25QcnpVRzVSN3B2aCtTblVIMWw2bHVnYzBibXQ5Sk1TUHFhTHEKOFl1LzNJZGpSUDc3OUdnNUtJdHJRLy9RZW9hZGxTZFdLaUw2R2dwZENXbDErN1Z4dkIzdVNqMFlORjlwaTUxdApKS0pwUDJFM1RwdjZ2VTNEK0lFWVpKTzVoeU5QVWREYU9SMHBnNjczZ0YwTm5NaFdFVDFBbkdRanNCODBCbEVECjdrRE5PVC9tQW9GVWtLU0NWMUxhQ0pZQTlNV0hpL0VESkgrclRJMTZzMGxFMmdWN09neVVwYm1uTG9jM1ZwcjAKYWprRWpHMUlvTUZEeFFRK1NoQUI3Tjl4eHNsY3J3ZkttSkdodHdJREFRQUJBb0lCQUVuZHpXbUZmOUFEV2F1Sgp0RXl0elZSSEhURVhwb2pLb09qVVNnWlY4L1FJYXV4RkRIYThwNi9vVXpGUURXVFR3bCtFMnp0ajdvRHM3UzFIClBqVGxHU3VCVGRuMitYRVhURFYwUXE2VW9JS3pWa09SblU1ZDdSQVNJbzVLV3d6UldEODVTczg5WGdBQXhKVHQKUW9hLzZCdi9tMXJyMXpmWEdWODZNYWY5Rm1FVjI5bmpCcHZ3cUpzOFlUaFU5VE5BRUdnbkxBWGFJYTJZSUJTSgozcVhJd1RrdFBHUUZyZUowdnBiOVlaTkRxWk0rMmI1K3BBVEVXclpyeTQxTlpvdzhNUnVOYnoxVU5sWXkyazZKCjlXclUxUDVYM2l3dEZmcXA3TzREakNOMFR2Y1Y1Nm5QczJoYldDeHp4RmxFalJwNW5KQ3Bsdi9yNCt4eHJVRWQKd0NjU0x3RUNnWUVBOGVDUGM2S2JpSXVFUWxwVjcxTXRQMjdBZzhkMzN5aWZKajAvQ3R3RlF6dlhWcHZCSHFRagphUE1ZaEswZ3o0MzFHMGtqVUpTeUU2STJYVWhFU3gxZUw2TU5sVS9xc29Uc0JaZEV3N0cvMFRhdW1TQUJWemZPCkIvckdtbEZkZitxWVpiR3pIdGtvbVJWb1JqVWtPcGRJL3RnL1ZlSmJ3K1RIS2dYS01NU2V5cjhDZ1lFQXhnbTkKWXN5dVZVUGlEdDhuL1JXeEJwZ1Zqazk0M3BFOVFjK2FVK0VPcGROK2NNQjkvaGJiWUpMZEZ2WUUwd2s1cEQ1SQpibktscjZycndEVUJKNWY2TXM0L3gyS3JISjlCQ3VNT3JyTEVTVm42ZG9NdDhWdEtpQkVLTVFuSnIzYmM4UDV3CnpvVmNhRGl1dCtISjcySG83cG5QQTFhaS9QV1ZwM2pZUTlCSXZ3a0NnWUJRNzkzUXlmYlZxQ25uc2liVFlMZmgKWkFRVGxLbXVDUC9JWWZJNGhndFV4aTkya2NQN3B0MGFmMDRUQjRQVk1DRjJzZkNaUkVpYWZVdEh4Nmppb2I4awpuYUVyOTRRSG5LY0Y3K3BZdWFBQU9CWVFzejcvbW5MZEJMTjBiQW1uaGk3Y3lLdXhoT1VxNUpqeDlWSmNNTWVDClQ0WlNETjY4SEUvdzVlTVVrcGE0TFFLQmdGM0piUXhtUE1XYW9XdERtYytNdjBxTktlQThtTlJtMmlqWnBZL0YKek1jUnN4YTR3ckpicHNkRXBqbmlod1Jlb1JLOGdGYjJLcXRYK2RBTUNpRHpJNFYrRWN4ZVdRVDBFcnlTTFhqawpwbnJLaHdnck5jM1EyeW8zVDZsTHBsMVhvR2p0UndVM09UME9Zd2dvZ1JiQ09xc000bklGVEtrWnNTY2YzdU8yCnQwenBBb0dCQU5Fc1V4Yit6UHpKbEgwL2hOTlhteisvNGx4aXlJb1ZQQXgzaEtBemtjOGtkZzhoS25XWkZhK0YKTjZMOXZjTDhNbnRjNHpmVDdDanNxWGJ2cGUzRUFOeGk4TWRSZzd1Z093L2NiZWdLVklZY3hTdXdRKzYrNUZYOApKRzlhbGxzdXovTk40b2RpMzRvblpEVmRZcURnY2xaZnZucXZKMHZWSzc1VXhQZ3F3aUJQCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/wildcard-tls-secret/gb-wildcard-tls-secret.yaml b/tests/data/wildcard-tls-secret/gb-wildcard-tls-secret.yaml index a110f181a4..49c2b6e104 100644 --- a/tests/data/wildcard-tls-secret/gb-wildcard-tls-secret.yaml +++ b/tests/data/wildcard-tls-secret/gb-wildcard-tls-secret.yaml @@ -5,4 +5,4 @@ data: kind: Secret type: kubernetes.io/tls metadata: - name: wildcard-tls-secret \ No newline at end of file + name: wildcard-tls-secret diff --git a/tests/data/wildcard-tls-secret/wildcard-tls-secret.yaml b/tests/data/wildcard-tls-secret/wildcard-tls-secret.yaml index 4d418eaa84..9cdd71eb8c 100644 --- a/tests/data/wildcard-tls-secret/wildcard-tls-secret.yaml +++ b/tests/data/wildcard-tls-secret/wildcard-tls-secret.yaml @@ -5,4 +5,4 @@ metadata: type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURQakNDQWlZQ0NRQ1ZHbFBOQjJ5TWdEQU5CZ2txaGtpRzl3MEJBUXNGQURCaE1Rc3dDUVlEVlFRR0V3SkYKVXpFV01CUUdBMVVFQ0F3TlEyRnVZWEo1U1hOc1lXNWtjekVPTUF3R0ExVUVDZ3dGYm1kcGJuZ3hGREFTQmdOVgpCQXNNQzJWNFlXMXdiR1V1WTI5dE1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweE9UQXlNRFl4Ck1qSXhOREZhRncweU1EQXlNRFl4TWpJeE5ERmFNR0V4Q3pBSkJnTlZCQVlUQWtWVE1SWXdGQVlEVlFRSURBMUQKWVc1aGNubEpjMnhoYm1Sek1RNHdEQVlEVlFRS0RBVnVaMmx1ZURFVU1CSUdBMVVFQ3d3TFpYaGhiWEJzWlM1agpiMjB4RkRBU0JnTlZCQU1NQzJWNFlXMXdiR1V1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXFzbUlXOFo3L3RMUmdsNHhPay9aRU5iMEdOUnlkQ2JVakdTV3p5V0swSEYrLzRiVlI1VmkKZmgvUU15ZjZrN1ZGWGZRSWVNRWhvbkJMMWhlSmFSV1FYL2NQd0tlOW5uTlY3RTdVYndZZ21Nd3MxYmpwMFNpMgpBamtVY2dEc2NpaGo5dE9qOWVWa01xb2QzNFhlelMvVWhWdENJNURiMXpnRmdDL2NtMitWK3VicmJaZ2I4TXZjClZuZEIvR2JhRS9JRVE0S3pTN1JzbFlQS3RnZ3lHVU1zR1VETktCeVlNalVPUytySVUxOE5zMzZvbkZHQi8xZFgKV1R5YnowdkZFV3lTQlhHaUZGZU0xVEJpWnprNEFGeXBRS2lKVHhyS2w2UzVtWXUzdlYybWhLMExjc3c3UWVkZwpDN2hMNlYzNzhoWWtRVXY0dWY1UEd3QXNvUGJ5TkcvcFF3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCCkFRQUNzUm9UTEQycmZ6NCtXQmxWRW5LTkcyUk8zVVZYNldjQ1VZWXltVWJGdnlwS2dKUUtGU3hRcHJNODZueFUKdWY5clZPdENUQXAxRjM5NENTQURYQUd6cFpLd0svZ3RhY3NVY0VBcmZzWlgrbHB2VFVyOUhVR09sYU91ZzBlYwpBUWdOSU1vZEtZTUUwUTJSV3ZFMzgwTHl2YVVwc0pCUTlzYjNYZnphU3FKczh5SlhKNWRPYyt1RnhYdFhvZWt4CkNGYlk2ZzZVUHVRTi9GZGtIbTFaLy9XTjFSQjN1MEdQclF2R1FtYTZuTnp6QktMMW9TT1VlTWt2K3NMV25DZlMKam1IbU11b3pFbHhTS0JpcVJXT1laeG1aa2laOEJRZ2FpUnNWTTR6N2M5emx0ZUNCWnYvTDNSVExibFdoU2U2NAp1eEszcXNHS3h1dzFpcmFVQlJsZHJVN3AKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcXNtSVc4WjcvdExSZ2w0eE9rL1pFTmIwR05SeWRDYlVqR1NXenlXSzBIRisvNGJWClI1VmlmaC9RTXlmNms3VkZYZlFJZU1FaG9uQkwxaGVKYVJXUVgvY1B3S2U5bm5OVjdFN1Vid1lnbU13czFianAKMFNpMkFqa1VjZ0RzY2loajl0T2o5ZVZrTXFvZDM0WGV6Uy9VaFZ0Q0k1RGIxemdGZ0MvY20yK1YrdWJyYlpnYgo4TXZjVm5kQi9HYmFFL0lFUTRLelM3UnNsWVBLdGdneUdVTXNHVUROS0J5WU1qVU9TK3JJVTE4TnMzNm9uRkdCCi8xZFhXVHliejB2RkVXeVNCWEdpRkZlTTFUQmlaems0QUZ5cFFLaUpUeHJLbDZTNW1ZdTN2VjJtaEswTGNzdzcKUWVkZ0M3aEw2VjM3OGhZa1FVdjR1ZjVQR3dBc29QYnlORy9wUXdJREFRQUJBb0lCQUd1eEN0KzhCOElHVTMvZQpQekppMlNBcU90OVJUeDU0d2J3SlRhTXZMQm9HQnl1L2JNdG5vaVNma054QkVGdUZpVWtXTVNWYnV3YS93c0lzCk0wUmxDWlhKcDFBM05YVXRpdmVvT1lJTW5nOWJaOFlZaEsrVCtUanJuejNINFZDV3NYb1p1Q0M4MWZLd25JZXUKMVhBVEFmSlpPaHBOSktMUU8zKzZMbVNBOTFTdXNheHprZGtNdnRSdlVnZHZIQWxjT0NKKzQ4cUlmRTBwc3QwcApmTGJxUnB3NG41RWp3ZnluN3Rja1ZqanRnYzJRekdCZzJIaytXK3U0K1NLN2V1RE80NWZ6UHlVWE5kVVNpWHVmCm94YzBJTW9LQW1NQ2VQRXN1VjUrUG43dVdScmRMNHZnVTRad3FHUXF4K2VidG9PK0NGc0FNSUVqVUZ5OVJ1ODcKemNFUFpBRUNnWUVBMjhaU3VYNTFxRjVZOG9ocEpMcXRMT3d3QWd4aUhSUVd6OCswM2djeU5GdTBrY211bzRvawpUKzJEQitxYTN6RkdvKzNLRno1WlpXcUo4MTRTeWk5U3hQNUlLOGNoQmFGU3grbWFTLzlIeUQxOWc5bDYyTHBtCkl6K0VZNGJIaE51NENCYnRyQzBGcFk2bG1KZDBpRThPZG1KV1VROUphWHlxVmU5K0VsamRlZ0VDZ1lFQXh2QWUKenNWdUdOcDgzV2lNWStjZHBNUy9iWWtjdTVnMXpZZWw4djFKK3p6R2E4T2JiTHBLZnFGS0ZySG5YcXFrY0tNcwpLeWErR0NFSUFTd1VJU3ZsQi9kZHdIYXc4QlFxSVd5KzA2MmhUWHQwSkY4VG02ODA4ZURpdEpRU3R2OGt2RHhyClR2UllkWUVmbGMvT0VlZW5EdTVKMEhoTStlTTJGNkxuVStmYSswTUNnWUFUdVpjUEl2UjRhZzlkcFRTYW9VNk4KcTUwYmNmVVVXd3M1RjVGS0pDY3pYOCt6RGdEb21LdHRxUW1MbWxqUUUySWRzR2ZrOGltZjJwSUxEN1JzQlJkTwpxdXZiVWdINnVXSHVvMTYvMTJlZjV6VHVzb1ErRTJ5N1dTWU9zTGdUaW96WDNRYnozdzZVcjFyWmVTNXlWWFljCjFmS2RUOXZzNWMxNzdRVEpyTVFrQVFLQmdGVUtLakU3aGovTGpocmJhVC8vZU5XSllVZENtR3k4dVNzZHRGdTEKMkowME1xRzRZVVZPTVRBR1pIUmxJa0YrY29MUHpiNjRkZ1E4Z241MXlEa1IyWHJaVEZOTXFZQkhMbWRSWkJWNgpvSHhOckswcmsyYzJzMHcrVk1yYWpWRjZxY3BwalhtWHpBU1c2TmlTbDBWaUlEQ3F2aFVHaCtrK0xrNVdUY3E1ClR3dWZBb0dCQU1JRWRKUXErVXIrS0psY0R2dkxmd2FrS2lLOWxVUFc0a2dqQ0ZIbzRxUWIzWnpjM09zTzE2ZEIKN1VLYldkRXloT0tMbUxHN21IYlJZZm9uZE9UMGV1V3UxTnJJQ2RsaWJoVkFKcUI1WmIwUnViY1cxVGNRMTJKaQp4UENXaS9sb0FQaC9TckdUY3A4S0dPd1lBaFNteW9UdzRYeVFnVW44Nmt2U3UzVUloTVJNCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t \ No newline at end of file + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcXNtSVc4WjcvdExSZ2w0eE9rL1pFTmIwR05SeWRDYlVqR1NXenlXSzBIRisvNGJWClI1VmlmaC9RTXlmNms3VkZYZlFJZU1FaG9uQkwxaGVKYVJXUVgvY1B3S2U5bm5OVjdFN1Vid1lnbU13czFianAKMFNpMkFqa1VjZ0RzY2loajl0T2o5ZVZrTXFvZDM0WGV6Uy9VaFZ0Q0k1RGIxemdGZ0MvY20yK1YrdWJyYlpnYgo4TXZjVm5kQi9HYmFFL0lFUTRLelM3UnNsWVBLdGdneUdVTXNHVUROS0J5WU1qVU9TK3JJVTE4TnMzNm9uRkdCCi8xZFhXVHliejB2RkVXeVNCWEdpRkZlTTFUQmlaems0QUZ5cFFLaUpUeHJLbDZTNW1ZdTN2VjJtaEswTGNzdzcKUWVkZ0M3aEw2VjM3OGhZa1FVdjR1ZjVQR3dBc29QYnlORy9wUXdJREFRQUJBb0lCQUd1eEN0KzhCOElHVTMvZQpQekppMlNBcU90OVJUeDU0d2J3SlRhTXZMQm9HQnl1L2JNdG5vaVNma054QkVGdUZpVWtXTVNWYnV3YS93c0lzCk0wUmxDWlhKcDFBM05YVXRpdmVvT1lJTW5nOWJaOFlZaEsrVCtUanJuejNINFZDV3NYb1p1Q0M4MWZLd25JZXUKMVhBVEFmSlpPaHBOSktMUU8zKzZMbVNBOTFTdXNheHprZGtNdnRSdlVnZHZIQWxjT0NKKzQ4cUlmRTBwc3QwcApmTGJxUnB3NG41RWp3ZnluN3Rja1ZqanRnYzJRekdCZzJIaytXK3U0K1NLN2V1RE80NWZ6UHlVWE5kVVNpWHVmCm94YzBJTW9LQW1NQ2VQRXN1VjUrUG43dVdScmRMNHZnVTRad3FHUXF4K2VidG9PK0NGc0FNSUVqVUZ5OVJ1ODcKemNFUFpBRUNnWUVBMjhaU3VYNTFxRjVZOG9ocEpMcXRMT3d3QWd4aUhSUVd6OCswM2djeU5GdTBrY211bzRvawpUKzJEQitxYTN6RkdvKzNLRno1WlpXcUo4MTRTeWk5U3hQNUlLOGNoQmFGU3grbWFTLzlIeUQxOWc5bDYyTHBtCkl6K0VZNGJIaE51NENCYnRyQzBGcFk2bG1KZDBpRThPZG1KV1VROUphWHlxVmU5K0VsamRlZ0VDZ1lFQXh2QWUKenNWdUdOcDgzV2lNWStjZHBNUy9iWWtjdTVnMXpZZWw4djFKK3p6R2E4T2JiTHBLZnFGS0ZySG5YcXFrY0tNcwpLeWErR0NFSUFTd1VJU3ZsQi9kZHdIYXc4QlFxSVd5KzA2MmhUWHQwSkY4VG02ODA4ZURpdEpRU3R2OGt2RHhyClR2UllkWUVmbGMvT0VlZW5EdTVKMEhoTStlTTJGNkxuVStmYSswTUNnWUFUdVpjUEl2UjRhZzlkcFRTYW9VNk4KcTUwYmNmVVVXd3M1RjVGS0pDY3pYOCt6RGdEb21LdHRxUW1MbWxqUUUySWRzR2ZrOGltZjJwSUxEN1JzQlJkTwpxdXZiVWdINnVXSHVvMTYvMTJlZjV6VHVzb1ErRTJ5N1dTWU9zTGdUaW96WDNRYnozdzZVcjFyWmVTNXlWWFljCjFmS2RUOXZzNWMxNzdRVEpyTVFrQVFLQmdGVUtLakU3aGovTGpocmJhVC8vZU5XSllVZENtR3k4dVNzZHRGdTEKMkowME1xRzRZVVZPTVRBR1pIUmxJa0YrY29MUHpiNjRkZ1E4Z241MXlEa1IyWHJaVEZOTXFZQkhMbWRSWkJWNgpvSHhOckswcmsyYzJzMHcrVk1yYWpWRjZxY3BwalhtWHpBU1c2TmlTbDBWaUlEQ3F2aFVHaCtrK0xrNVdUY3E1ClR3dWZBb0dCQU1JRWRKUXErVXIrS0psY0R2dkxmd2FrS2lLOWxVUFc0a2dqQ0ZIbzRxUWIzWnpjM09zTzE2ZEIKN1VLYldkRXloT0tMbUxHN21IYlJZZm9uZE9UMGV1V3UxTnJJQ2RsaWJoVkFKcUI1WmIwUnViY1cxVGNRMTJKaQp4UENXaS9sb0FQaC9TckdUY3A4S0dPd1lBaFNteW9UdzRYeVFnVW44Nmt2U3UzVUloTVJNCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t diff --git a/tests/docker/Dockerfile b/tests/docker/Dockerfile index 697a9f701d..f64558ed99 100644 --- a/tests/docker/Dockerfile +++ b/tests/docker/Dockerfile @@ -1,8 +1,8 @@ # syntax=docker/dockerfile:1.4 # this is here so we can grab the latest version of kind and have dependabot keep it up to date -FROM kindest/node:v1.25.2 +FROM kindest/node:v1.25.3 -FROM python:3.10 +FROM python:3.11 RUN apt-get update \ && apt-get install -y curl git \ diff --git a/tests/kind/kind-config-template.yaml b/tests/kind/kind-config-template.yaml deleted file mode 100644 index 5beddb49ed..0000000000 --- a/tests/kind/kind-config-template.yaml +++ /dev/null @@ -1,7 +0,0 @@ -kind: Cluster -apiVersion: kind.x-k8s.io/v1alpha4 -networking: - ipFamily: {{.IPFamily}} - apiServerAddress: {{.APIServerAddress}} -nodes: - - role: control-plane diff --git a/tests/requirements.txt b/tests/requirements.txt index e3265d3991..328b12d225 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,16 +1,16 @@ -PyYAML==6.0 -requests==2.28.1 -forcediphttpsadapter==1.0.2 -kubernetes==24.2.0 -pytest==7.1.3 +certifi==2022.9.24 cffi==1.15.1 +flaky==3.7.0 +forcediphttpsadapter==1.0.2 +grpcio==1.50.0 +grpcio-tools==1.50.0 +kubernetes==25.3.0 +mock==4.0.3 +more-itertools==9.0.0 pyOpenSSL==22.1.0 -certifi==2022.9.14 -urllib3==1.26.12 -pytest-html==3.1.1 +pytest==7.2.0 +pytest-html==3.2.0 pytest-profiling==1.7.0 -more-itertools==8.14.0 -mock==4.0.3 -grpcio==1.49.1 -grpcio-tools==1.48.1 -flaky==3.7.0 +PyYAML==6.0 +requests==2.28.1 +urllib3==1.26.12 diff --git a/tests/settings.py b/tests/settings.py index cc53f45673..638071364c 100644 --- a/tests/settings.py +++ b/tests/settings.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """Describe project settings""" import os diff --git a/tests/suite/custom_resource_fixtures.py b/tests/suite/fixtures/custom_resource_fixtures.py similarity index 97% rename from tests/suite/custom_resource_fixtures.py rename to tests/suite/fixtures/custom_resource_fixtures.py index c6ddc96bfa..e00cd1ea29 100644 --- a/tests/suite/custom_resource_fixtures.py +++ b/tests/suite/fixtures/custom_resource_fixtures.py @@ -1,11 +1,10 @@ """Describe project shared pytest fixtures related to setup of custom resources and apps.""" import pytest -import yaml from settings import TEST_DATA -from suite.custom_resources_utils import create_gc_from_yaml, create_ts_from_yaml, delete_gc, delete_ts -from suite.fixtures import PublicEndpoint -from suite.resources_utils import ( +from suite.fixtures.fixtures import PublicEndpoint +from suite.utils.custom_resources_utils import create_gc_from_yaml, create_ts_from_yaml, delete_gc, delete_ts +from suite.utils.resources_utils import ( create_deployment_with_name, create_example_app, create_items_from_yaml, @@ -19,13 +18,13 @@ get_first_pod_name, wait_until_all_pods_are_ready, ) -from suite.vs_vsr_resources_utils import ( +from suite.utils.vs_vsr_resources_utils import ( create_v_s_route_from_yaml, create_virtual_server_from_yaml, delete_v_s_route, delete_virtual_server, ) -from suite.yaml_utils import ( +from suite.utils.yaml_utils import ( get_first_host_from_yaml, get_paths_from_vs_yaml, get_paths_from_vsr_yaml, diff --git a/tests/suite/fixtures.py b/tests/suite/fixtures/fixtures.py similarity index 98% rename from tests/suite/fixtures.py rename to tests/suite/fixtures/fixtures.py index df590dc4cc..00d5b5f480 100644 --- a/tests/suite/fixtures.py +++ b/tests/suite/fixtures/fixtures.py @@ -17,9 +17,9 @@ ) from kubernetes.client.rest import ApiException from settings import ALLOWED_DEPLOYMENT_TYPES, ALLOWED_IC_TYPES, ALLOWED_SERVICE_TYPES, DEPLOYMENTS, TEST_DATA -from suite.custom_resources_utils import create_crd_from_yaml, delete_crd -from suite.kube_config_utils import ensure_context_in_config, get_current_context_name -from suite.resources_utils import ( +from suite.utils.custom_resources_utils import create_crd_from_yaml, delete_crd +from suite.utils.kube_config_utils import ensure_context_in_config, get_current_context_name +from suite.utils.resources_utils import ( cleanup_rbac, configure_rbac, create_configmap_from_yaml, @@ -34,7 +34,7 @@ wait_before_test, wait_for_public_ip, ) -from suite.yaml_utils import get_name_from_yaml +from suite.utils.yaml_utils import get_name_from_yaml class KubeApis: diff --git a/tests/suite/ic_fixtures.py b/tests/suite/fixtures/ic_fixtures.py similarity index 98% rename from tests/suite/ic_fixtures.py rename to tests/suite/fixtures/ic_fixtures.py index 823c2a0414..c6f0e25203 100644 --- a/tests/suite/ic_fixtures.py +++ b/tests/suite/fixtures/ic_fixtures.py @@ -3,11 +3,10 @@ import time import pytest -import yaml from kubernetes.client.rest import ApiException from settings import DEPLOYMENTS, TEST_DATA -from suite.custom_resources_utils import create_crd_from_yaml, delete_crd -from suite.resources_utils import ( +from suite.utils.custom_resources_utils import create_crd_from_yaml, delete_crd +from suite.utils.resources_utils import ( cleanup_rbac, configure_rbac_with_ap, configure_rbac_with_dos, @@ -22,7 +21,7 @@ replace_configmap_from_yaml, wait_until_all_pods_are_ready, ) -from suite.yaml_utils import get_name_from_yaml +from suite.utils.yaml_utils import get_name_from_yaml @pytest.fixture(scope="class") diff --git a/tests/suite/grpc/helloworld_pb2.py b/tests/suite/grpc/helloworld_pb2.py index bb7674f3ff..d4f06bf557 100644 --- a/tests/suite/grpc/helloworld_pb2.py +++ b/tests/suite/grpc/helloworld_pb2.py @@ -2,10 +2,9 @@ # Generated by the protocol buffer compiler. DO NOT EDIT! # source: helloworld.proto """Generated protocol buffer code.""" +from google.protobuf.internal import builder as _builder from google.protobuf import descriptor as _descriptor from google.protobuf import descriptor_pool as _descriptor_pool -from google.protobuf import message as _message -from google.protobuf import reflection as _reflection from google.protobuf import symbol_database as _symbol_database # @@protoc_insertion_point(imports) @@ -16,25 +15,8 @@ DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x10helloworld.proto\x12\nhelloworld\"\x1c\n\x0cHelloRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\"\x1d\n\nHelloReply\x12\x0f\n\x07message\x18\x01 \x01(\t2I\n\x07Greeter\x12>\n\x08SayHello\x12\x18.helloworld.HelloRequest\x1a\x16.helloworld.HelloReply\"\x00\x42g\n\x1bio.grpc.examples.helloworldB\x0fHelloWorldProtoP\x01Z5google.golang.org/grpc/examples/helloworld/helloworldb\x06proto3') - - -_HELLOREQUEST = DESCRIPTOR.message_types_by_name['HelloRequest'] -_HELLOREPLY = DESCRIPTOR.message_types_by_name['HelloReply'] -HelloRequest = _reflection.GeneratedProtocolMessageType('HelloRequest', (_message.Message,), { - 'DESCRIPTOR' : _HELLOREQUEST, - '__module__' : 'helloworld_pb2' - # @@protoc_insertion_point(class_scope:helloworld.HelloRequest) - }) -_sym_db.RegisterMessage(HelloRequest) - -HelloReply = _reflection.GeneratedProtocolMessageType('HelloReply', (_message.Message,), { - 'DESCRIPTOR' : _HELLOREPLY, - '__module__' : 'helloworld_pb2' - # @@protoc_insertion_point(class_scope:helloworld.HelloReply) - }) -_sym_db.RegisterMessage(HelloReply) - -_GREETER = DESCRIPTOR.services_by_name['Greeter'] +_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals()) +_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'helloworld_pb2', globals()) if _descriptor._USE_C_DESCRIPTORS == False: DESCRIPTOR._options = None diff --git a/tests/suite/test_ac_policies.py b/tests/suite/test_ac_policies.py index 011025706b..5376e7e47b 100644 --- a/tests/suite/test_ac_policies.py +++ b/tests/suite/test_ac_policies.py @@ -1,19 +1,16 @@ -import json - import pytest import requests -from kubernetes.client.rest import ApiException from settings import DEPLOYMENTS, TEST_DATA -from suite.custom_resources_utils import read_custom_resource -from suite.policy_resources_utils import create_policy_from_yaml, delete_policy, read_policy -from suite.resources_utils import ( +from suite.utils.custom_resources_utils import read_custom_resource +from suite.utils.policy_resources_utils import create_policy_from_yaml, delete_policy +from suite.utils.resources_utils import ( get_last_reload_time, get_test_file_name, replace_configmap_from_yaml, wait_before_test, write_to_json, ) -from suite.vs_vsr_resources_utils import ( +from suite.utils.vs_vsr_resources_utils import ( create_virtual_server_from_yaml, delete_virtual_server, patch_virtual_server_from_yaml, diff --git a/tests/suite/test_ac_policies_vsr.py b/tests/suite/test_ac_policies_vsr.py index e9caf39231..9e05e7b80d 100644 --- a/tests/suite/test_ac_policies_vsr.py +++ b/tests/suite/test_ac_policies_vsr.py @@ -1,16 +1,10 @@ import pytest import requests -from kubernetes.client.rest import ApiException from settings import DEPLOYMENTS, TEST_DATA -from suite.custom_resources_utils import read_custom_resource -from suite.policy_resources_utils import create_policy_from_yaml, delete_policy, read_policy -from suite.resources_utils import replace_configmap_from_yaml, wait_before_test -from suite.vs_vsr_resources_utils import ( - create_virtual_server_from_yaml, - delete_virtual_server, - patch_v_s_route_from_yaml, - patch_virtual_server_from_yaml, -) +from suite.utils.custom_resources_utils import read_custom_resource +from suite.utils.policy_resources_utils import create_policy_from_yaml, delete_policy +from suite.utils.resources_utils import replace_configmap_from_yaml, wait_before_test +from suite.utils.vs_vsr_resources_utils import patch_v_s_route_from_yaml, patch_virtual_server_from_yaml std_cm_src = f"{DEPLOYMENTS}/common/nginx-config.yaml" test_cm_src = f"{TEST_DATA}/access-control/configmap/nginx-config.yaml" diff --git a/tests/suite/test_annotations.py b/tests/suite/test_annotations.py index 907e24f99d..14fdd4a755 100644 --- a/tests/suite/test_annotations.py +++ b/tests/suite/test_annotations.py @@ -2,9 +2,9 @@ import yaml from kubernetes.client import NetworkingV1Api from settings import DEPLOYMENTS, TEST_DATA -from suite.custom_assertions import assert_event_count_increased -from suite.fixtures import PublicEndpoint -from suite.resources_utils import ( +from suite.fixtures.fixtures import PublicEndpoint +from suite.utils.custom_assertions import assert_event_count_increased +from suite.utils.resources_utils import ( create_example_app, create_items_from_yaml, delete_common_app, @@ -19,7 +19,7 @@ wait_before_test, wait_until_all_pods_are_ready, ) -from suite.yaml_utils import get_first_ingress_host_from_yaml, get_name_from_yaml +from suite.utils.yaml_utils import get_first_ingress_host_from_yaml, get_name_from_yaml def get_event_count(event_text, events_list) -> int: diff --git a/tests/suite/test_app_protect.py b/tests/suite/test_app_protect.py index 9021f24b49..cb7dd7eb65 100644 --- a/tests/suite/test_app_protect.py +++ b/tests/suite/test_app_protect.py @@ -1,15 +1,13 @@ -import json - import pytest import requests -from settings import DEPLOYMENTS, TEST_DATA -from suite.ap_resources_utils import ( +from settings import TEST_DATA +from suite.utils.ap_resources_utils import ( create_ap_logconf_from_yaml, create_ap_policy_from_yaml, delete_ap_logconf, delete_ap_policy, ) -from suite.resources_utils import ( +from suite.utils.resources_utils import ( create_example_app, create_ingress_with_ap_annotations, create_items_from_yaml, @@ -23,7 +21,7 @@ wait_until_all_pods_are_ready, write_to_json, ) -from suite.yaml_utils import get_first_ingress_host_from_yaml +from suite.utils.yaml_utils import get_first_ingress_host_from_yaml ap_policies_under_test = ["dataguard-alarm", "file-block", "malformed-block"] valid_resp_addr = "Server address:" diff --git a/tests/suite/test_app_protect_grpc.py b/tests/suite/test_app_protect_grpc.py index 32b2c48676..d08baaa140 100644 --- a/tests/suite/test_app_protect_grpc.py +++ b/tests/suite/test_app_protect_grpc.py @@ -1,28 +1,27 @@ import grpc import pytest from settings import DEPLOYMENTS, TEST_DATA -from suite.ap_resources_utils import ( +from suite.grpc.helloworld_pb2 import HelloRequest +from suite.grpc.helloworld_pb2_grpc import GreeterStub +from suite.utils.ap_resources_utils import ( create_ap_logconf_from_yaml, create_ap_policy_from_yaml, delete_ap_logconf, delete_ap_policy, ) -from suite.grpc.helloworld_pb2 import HelloRequest -from suite.grpc.helloworld_pb2_grpc import GreeterStub -from suite.resources_utils import ( +from suite.utils.resources_utils import ( create_example_app, create_ingress_with_ap_annotations, create_items_from_yaml, delete_common_app, delete_items_from_yaml, get_file_contents, - get_service_endpoint, replace_configmap_from_yaml, wait_before_test, wait_until_all_pods_are_ready, ) -from suite.ssl_utils import get_certificate -from suite.yaml_utils import get_first_ingress_host_from_yaml +from suite.utils.ssl_utils import get_certificate +from suite.utils.yaml_utils import get_first_ingress_host_from_yaml log_loc = f"/var/log/messages" valid_resp_txt = "Hello" diff --git a/tests/suite/test_app_protect_integration.py b/tests/suite/test_app_protect_integration.py index c76a415fde..215dfd08b9 100644 --- a/tests/suite/test_app_protect_integration.py +++ b/tests/suite/test_app_protect_integration.py @@ -2,7 +2,7 @@ import requests import yaml from settings import DEPLOYMENTS, TEST_DATA -from suite.ap_resources_utils import ( +from suite.utils.ap_resources_utils import ( create_ap_logconf_from_yaml, create_ap_policy_from_yaml, create_ap_usersig_from_yaml, @@ -11,7 +11,7 @@ delete_ap_policy, read_ap_custom_resource, ) -from suite.resources_utils import ( +from suite.utils.resources_utils import ( clear_file_contents, create_example_app, create_ingress, @@ -33,7 +33,7 @@ wait_until_all_pods_are_ready, write_to_json, ) -from suite.yaml_utils import get_first_ingress_host_from_yaml +from suite.utils.yaml_utils import get_first_ingress_host_from_yaml src_ing_yaml = f"{TEST_DATA}/appprotect/appprotect-ingress.yaml" ap_policy = "dataguard-alarm" @@ -340,9 +340,6 @@ def test_ap_multi_sec_logs( syslog_dst = f"syslog-svc.{test_namespace}" syslog2_dst = f"syslog2-svc.{test_namespace}" - syslog_pod = get_pod_name_that_contains(kube_apis.v1, test_namespace, "syslog-") - syslog2_pod = get_pod_name_that_contains(kube_apis.v1, test_namespace, "syslog2") - with open(src_ing_yaml) as f: doc = yaml.safe_load(f) @@ -369,6 +366,8 @@ def test_ap_multi_sec_logs( print("----------------------- Send request ----------------------") response = requests.get(appprotect_setup.req_url + "/