Merge tag 'controller-v1.3.0' into main

# Conflicts: # .github/workflows/ci.yaml # .github/workflows/depreview.yaml # .github/workflows/docs.yaml # .github/workflows/helm.yaml # Makefile # TAG # charts/ingress-nginx/CHANGELOG.md # charts/ingress-nginx/Chart.yaml # charts/ingress-nginx/values.yaml # images/nginx/rootfs/Dockerfile
wallarm · Jul 12, 2022 · e1ed107 · e1ed107
2 parents baec267 + e222b74
commit e1ed107
Show file tree

Hide file tree

Showing 119 changed files with 2,886 additions and 1,382 deletions.
diff --git a/.codecov.yml b/.codecov.yml
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -8,14 +8,14 @@ assignees: ''
 ---
 
 <!--
+With the situation in place today, we think (and decided) that it's time to temporarily pause accepting new features and focus on fixing and stabilizing Ingress NGINX. We understand that some people may need to merge a trivial new feature. Still, we are asking the community to understand that maintaining the project at this pace is becoming hard for the project maintainers. We understand that you waited too long with your PR in the queue, and we are sorry! But it's hard for us as well to keep the project stable.
 
-Welcome to ingress-nginx!  For a smooth feature request process, try to
-answer the following questions. Don't worry if they're not all applicable; just
-try to include what you can :-)
+More details are available here https://youtu.be/UBt4N82ymOE and here   https://kubernetes.slack.com/archives/CANQGM8BA/p1656020331133589. 
+The announcement in the dev mailing list is here https://groups.google.com/a/kubernetes.io/g/dev/c/rxtrKvT_Q8E
+
+Thank you,
+Ingress-Nginx maintainer
 
-If you need to include code snippets or logs, please put them in fenced code
-blocks.  If they're super-long, please use the details tag like
-<details><summary>super-long log</summary> lots of stuff </details>
 
 -->
 
@@ -30,4 +30,4 @@ blocks.  If they're super-long, please use the details tag like
 <!-- 
 /kind documentation
 /remove-kind feature
--->
+-->
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,3 +5,7 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+        interval: "weekly"
diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml
@@ -0,0 +1,70 @@
+name: Performance Test
+on: 
+  workflow_dispatch:
+    inputs:
+      logLevel:
+        description: 'Log level'     
+        required: true
+        default: 'warning'
+      tags:
+        description: 'K6 Load Test'  
+
+permissions:
+  contents: read
+
+jobs:
+  k6_test_run:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Install K6
+        run: |
+          wget https://github.com/grafana/k6/releases/download/v0.38.2/k6-v0.38.2-linux-amd64.tar.gz
+          tar -xvf k6-v0.38.2-linux-amd64.tar.gz k6-v0.38.2-linux-amd64/k6
+          mv k6-v0.38.2-linux-amd64/k6 .
+          ./k6
+
+      - name: Make dev-env
+        run: |
+          mkdir $HOME/.kube
+          make dev-env
+          podName=`kubectl -n ingress-nginx get po | grep -i controller | awk '{print $1}'`
+          if [[ -z ${podName} ]] ; then 
+            sleep 5
+          fi
+          kubectl wait pod -n ingress-nginx --for condition=Ready $podName
+          kubectl get all -A
+
+      - name: Deploy workload
+        run: |
+          kubectl create deploy k6 --image kennethreitz/httpbin --port 80 && \
+            kubectl expose deploy k6 --port 80 && \
+            kubectl create ing k6 --class nginx \
+            --rule test.ingress-nginx-controller.ga/*=k6:80
+          podName=`kubectl get po | grep -i k6 | awk '{print $1}'`
+          if [[ -z ${podName} ]] ; then 
+            sleep 5
+          fi
+          kubectl wait pod --for condition=Ready $podName
+          kubectl get all,secrets,ing
+
+      - name: Tune OS
+        run : |
+          sudo sysctl -A 2>/dev/null | egrep -i "local_port_range|tw_reuse|tcp_timestamps"
+          sudo sh -c "ulimit"
+          sudo sysctl -w net.ipv4.ip_local_port_range="1024 65535"
+          sudo sysctl -w net.ipv4.tcp_tw_reuse=1
+          sudo sysctl -w net.ipv4.tcp_timestamps=1
+          sudo sh -c "ulimit "
+
+      - name: Run smoke test
+        run: |
+          vmstat -at 5 | tee vmstat_report &
+          #./k6 login cloud -t $K6_TOKEN
+          #./k6 run -o cloud ./smoketest.js
+          ./k6 run test/k6/smoketest.js
+          pkill vmstat
+          cat vmstat_report
diff --git a/.github/workflows/release.txt b/.github/workflows/release.txt
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -0,0 +1,62 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '20 11 * * 5'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge. (Upcoming feature)
+      id-token: write
+      # Needs for private repositories.
+      contents: read
+      actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # v1.1.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results. 
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless 
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # v2.1.14
+        with:
+          sarif_file: results.sarif
diff --git a/Changelog.md b/Changelog.md
@@ -1,5 +1,59 @@
 # Changelog
 
+### 1.3.0
+
+Image: 
+- registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5
+- registry.k8s.io/ingress-nginx/controller-chroot:v1.3.0@sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191
+
+_IMPORTANT CHANGES:_ 
+* This release removes support for Kubernetes v1.19.0
+* This release adds support for Kubernetes v1.24.0
+* Starting with this release, we will need permissions on the `coordination.k8s.io/leases` resource for leaderelection lock
+
+_KNOWN ISSUES:_
+* This release reports a false positive on go-restful library that will be fixed with Kubernetes v1.25 release - Issue #8745
+
+_Changes:_
+- "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0"
+- "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name"
+- "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1"
+- "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16"
+- "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process"
+- "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix"
+- "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check"
+- "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16"
+- "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0"
+- "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process"
+- "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable"
+- "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15"
+- "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2"
+- "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format"
+- "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API"
+- "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide"
+- "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs"
+- "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14"
+- "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0"
+- "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5"
+- "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement"
+- "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver"
+- "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step"
+- "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha"
+- "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path"
+- "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases"
+- "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds"
+- "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps"
+- "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)"
+- "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard"
+- "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0"
+- "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2"
+- "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos"
+- "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it"
+- "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0"
+- "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0"
+- "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3"
+- "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1"
+
 ### 1.2.1
 
 Image: