Merge pull request #103 from wallarm/NODE-4670

Node 4670
wallarm · Sep 5, 2022 · ff84b11 · ff84b11
2 parents 71c1624 + 454cd13
commit ff84b11
Show file tree

Hide file tree

Showing 65 changed files with 1,565 additions and 526 deletions.
diff --git a/.github/ISSUE_TEMPLATE/cve_report.md b/.github/ISSUE_TEMPLATE/cve_report.md
@@ -0,0 +1,20 @@
+---
+name: CVE Finding Report
+about: CVE reporting for ingress-nginx
+title: ''
+labels: kind/bug
+assignees:
+    - strongjz
+    - rikatz
+---
+
+<!-- if you found something that impacts directly ingress-nginx and 
+is not a public CVE yet, please reach out [email protected]" -->
+
+<!-- What scanner and version reported the CVE? -->
+
+<!-- What CVE was reported in the scanner findings? -->
+
+<!-- What versions of the controller did you test with?  -->
+
+<!-- Please provider other details that will help us determine the severity of the issue -->
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -15,8 +15,6 @@ The announcement in the dev mailing list is here https://groups.google.com/a/kub
 
 Thank you,
 Ingress-Nginx maintainer
-
-
 -->
 
 <!-- What do you want to happen? -->

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -9,6 +9,7 @@
 <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
+- [ ] CVE Report (Scanner found CVE and adding report)
 - [ ] Breaking change (fix or feature that would cause existing functionality to change)
 - [ ] Documentation only
 
@@ -30,5 +31,38 @@ fixes #
 - [ ] My change requires a change to the documentation.
 - [ ] I have updated the documentation accordingly.
 - [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide
-- [ ] I have added tests to cover my changes.
+- [ ] I have added unit and/or e2e tests to cover my changes.
 - [ ] All new and existing tests passed.
+- [ ] Added Release Notes.
+
+## Does my pull request need a release note?
+Any user-visible or operator-visible change qualifies for a release note. This could be a:
+
+- CLI change
+- API change
+- UI change
+- configuration schema change
+- behavioral change
+- change in non-functional attributes such as efficiency or availability, availability of a new platform
+- a warning about a deprecation
+- fix of a previous Known Issue
+- fix of a vulnerability (CVE)
+
+No release notes are required for changes to the following:
+
+- Tests
+- Build infrastructure
+- Fixes for unreleased bugs
+
+For more tips on writing good release notes, check out the [Release Notes Handbook](https://github.com/kubernetes/sig-release/tree/master/release-team/role-handbooks/release-notes)
+
+<!--
+If no, just write "NONE" in the release-note block below.
+If yes, a release note is required:
+Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
+
+For more information on release notes see: https://git.k8s.io/community/contributors/guide/release-notes.md
+-->
+```release-note
+PLACE RELEASE NOTES HERE 
+```
diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml
@@ -9,6 +9,9 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: write # for goreleaser/goreleaser-action
+
 jobs:
   release-plugin:
     runs-on: ubuntu-latest
@@ -19,12 +22,12 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0
+        uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.2.0
         with:
-          go-version: 1.18
+          go-version: 1.19.0
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@68acf3b1adf004ac9c2f0a4259e85c5f66e99bef # v3.0.0
+        uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.0.0
         with:
           version: latest
           args: release --rm-dist

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 # v2.1.14
+        uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b # v2.1.14
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml
@@ -75,7 +75,7 @@ jobs:
 
     # This step checks out a copy of your repository.
     - name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533
+      uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b
       with:
         token: ${{ github.token }}
         # Path to SARIF file relative to the root of the repository

diff --git a/Changelog.md b/Changelog.md
@@ -1,5 +1,82 @@
 # Changelog
 
+### 1.3.1
+
+Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases.
+
+https://www.surveymonkey.com/r/ingressngx2022
+
+In v1.3.1 leader elections will be done entirely using the Lease API and no longer using configmaps. 
+v1.3.0 is a safe transition version, using v1.3.0 can automatically complete the merging of election locks, and then you can safely upgrade to v1.3.1.
+
+Also, *important note*, with the Release of Kubernetes v1.25 we are dropping support for the legacy branches, 
+please upgrade to a v1.0.0 and above branch
+
+## Image:
+- registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974
+- registry.k8s.io/ingress-nginx/controller-chroot:v1.3.1@sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1
+
+
+## What's Changed
+
+_IMPORTANT CHANGES:_
+- Update to golang 1.19
+- Started migration for Data and Control Plane splits
+- Upgrade to Alpine 3.16.2
+- New kubectl plugin release workflow
+- New CVE findings template
+
+All other Changes
+- [9006](https://github.com/kubernetes/ingress-nginx/pull/9006) issue:8739 fix doc issue
+- [9003](https://github.com/kubernetes/ingress-nginx/pull/9003) Bump github/codeql-action from 2.1.21 to 2.1.22
+- [9001](https://github.com/kubernetes/ingress-nginx/pull/9001) GitHub Workflows security hardening
+- [8992](https://github.com/kubernetes/ingress-nginx/pull/8992) Bump github.com/opencontainers/runc from 1.1.3 to 1.1.4
+- [8991](https://github.com/kubernetes/ingress-nginx/pull/8991) Bump google.golang.org/grpc from 1.48.0 to 1.49.0
+- [8986](https://github.com/kubernetes/ingress-nginx/pull/8986) Bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0
+- [8984](https://github.com/kubernetes/ingress-nginx/pull/8984) fixed deprecated ginkgo flags
+- [8982](https://github.com/kubernetes/ingress-nginx/pull/8982) Bump github/codeql-action from 2.1.20 to 2.1.21
+- [8981](https://github.com/kubernetes/ingress-nginx/pull/8981) Bump actions/setup-go from 3.2.1 to 3.3.0
+- [8976](https://github.com/kubernetes/ingress-nginx/pull/8976) Update apiserver to 0.25 to remove v2 go-restful
+- [8970](https://github.com/kubernetes/ingress-nginx/pull/8970) bump Golang to 1.19 #8932
+- [8969](https://github.com/kubernetes/ingress-nginx/pull/8969) fix: go-restful CVE #8745
+- [8967](https://github.com/kubernetes/ingress-nginx/pull/8967) updated to testrunnerimage with updated yamale yamllint
+- [8966](https://github.com/kubernetes/ingress-nginx/pull/8966) added note on digitalocean annotations
+- [8960](https://github.com/kubernetes/ingress-nginx/pull/8960) upgrade yamale and yamllint version
+- [8959](https://github.com/kubernetes/ingress-nginx/pull/8959) revert changes to configmap resource permissions
+- [8957](https://github.com/kubernetes/ingress-nginx/pull/8957) Bump github/codeql-action from 2.1.19 to 2.1.20
+- [8956](https://github.com/kubernetes/ingress-nginx/pull/8956) Bump azure/setup-helm from 2.1 to 3.3
+- [8954](https://github.com/kubernetes/ingress-nginx/pull/8954) Bump actions/dependency-review-action from 2.0.4 to 2.1.0
+- [8953](https://github.com/kubernetes/ingress-nginx/pull/8953) Bump aquasecurity/trivy-action from 0.5.1 to 0.7.1
+- [8952](https://github.com/kubernetes/ingress-nginx/pull/8952) Bump securego/gosec from b99b5f7838e43a4104354ad92a6a1774302ee1f9 to 2.13.1
+- [8951](https://github.com/kubernetes/ingress-nginx/pull/8951) Bump geekyeggo/delete-artifact from a6ab43859c960a8b74cbc6291f362c7fb51829ba to 1
+- [8950](https://github.com/kubernetes/ingress-nginx/pull/8950) Bump github/codeql-action from 2.1.18 to 2.1.19
+- [8948](https://github.com/kubernetes/ingress-nginx/pull/8948) updated testrunner and testecho images
+- [8946](https://github.com/kubernetes/ingress-nginx/pull/8946) Clean old code and move helper functions
+- [8944](https://github.com/kubernetes/ingress-nginx/pull/8944) Make keep-alive documentation more explicit for clarity
+- [8939](https://github.com/kubernetes/ingress-nginx/pull/8939) bump baseimage alpine to v3.16.2 for zlib CVE fix
+
+## New Contributors
+* @mtnezm made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8817
+* @tamcore made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8821
+* @guilhem made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8827
+* @lilien1010 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8830
+* @qilongqiu made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8855
+* @dgoffredo made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8848
+* @Volatus made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8859
+* @europ made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8841
+* @mrksngl made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/7892
+* @omichels made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8895
+* @zeeZ made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8881
+* @mjudeikis made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8928
+* @NissesSenap made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8873
+* @anders-swanson made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8665
+* @aslafy-z made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8905
+* @harry1064 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8825
+* @sashashura made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9001
+* @sreelakshminarayananm made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/9006
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.3.0...controller-v1.3.1
+
 ### 1.3.0
 
 Image: 

diff --git a/README.md b/README.md
@@ -7,6 +7,10 @@
 [![GitHub stars](https://img.shields.io/badge/contributions-welcome-orange.svg)](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md)
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fkubernetes%2Fingress-nginx?ref=badge_shield)
 
+Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases.
+
+https://www.surveymonkey.com/r/ingressngx2022
+
 ## Overview
 
 ingress-nginx is an Ingress controller for Kubernetes using [NGINX](https://www.nginx.org/) as a reverse proxy and load balancer.
@@ -31,6 +35,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi
 
 | Ingress-NGINX version | k8s supported version        | Alpine Version | Nginx Version |
 |-----------------------|------------------------------|----------------|---------------|
+| v1.3.1                | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2         | 1.19.10†      |
 | v1.3.0                | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0         | 1.19.10†      |
 | v1.2.1                | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.6         | 1.19.10†      |
 | v1.1.3                | 1.23, 1.22, 1.21, 1.20, 1.19 | 3.14.4         | 1.19.10†      |
@@ -43,12 +48,7 @@ For detailed changes on the `ingress-nginx` helm chart, please check the followi
 | v1.0.2                | 1.22, 1.21, 1.20, 1.19       | 3.14.2         | 1.19.9†       |
 | v1.0.1                | 1.22, 1.21, 1.20, 1.19       | 3.14.2         | 1.19.9†       |
 | v1.0.0                | 1.22, 1.21, 1.20, 1.19       | 3.13.5         | 1.20.1        |
-| v0.51.0               | 1.21, 1.20, 1.19             | 3.14.4         | 1.19.10†       |
-| v0.49.3               | 1.21, 1.20, 1.19             | 3.14.2         | 1.19.9†       |
-| v0.49.2               | 1.21, 1.20, 1.19             | 3.14.2         | 1.19.9†       |
-| v0.49.1               | 1.21, 1.20, 1.19             | 3.14.2         | 1.19.9†       |
-| v0.49.0               | 1.21, 1.20, 1.19             | 3.13.5         | 1.20.1        |
-| v0.48.1               | 1.21, 1.20, 1.19             | 3.13.5         | 1.20.1        |
+
 
 † _This build is [patched against CVE-2021-23017](https://github.com/openresty/openresty/commit/4b5ec7edd78616f544abc194308e0cf4b788725b#diff-42ef841dc27fe0b5aa2d06bd31308bb63a59cdcddcbcddd917248349d22020a3)._
 
@@ -70,7 +70,7 @@ Thanks for taking the time to join our community and start contributing!
 
 - **Support**: Join the [#ingress-nginx-users](https://kubernetes.slack.com/messages/CANQGM8BA/) channel inside the [Kubernetes Slack](http://slack.kubernetes.io/) to ask questions or get support from the maintainers and other users.
 
-  - The [github issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests.
+  - The [GitHub issues](https://github.com/kubernetes/ingress-nginx/issues) in the repository are **exclusively** for bug reports and feature requests.
 
 - **Discuss**: Tweet using the `#IngressNginx` hashtag.
 

diff --git a/RELEASE.md b/RELEASE.md
@@ -173,7 +173,7 @@ Promoting the images basically means that images, that were pushed to staging co
           - Run the below command and save the output to a txt file
 
             ```
-            gh pr list -s merged -L 38 -B main | cut -f1,2 | tee ~/Downloads/prlist.txt
+            gh pr list -R kubernetes/ingress-nginx -s merged -L 38 -B main | cut -f1,2 | tee ~/Downloads/prlist.txt
             ```
             - The -L 38 was used for 2 reasons.
               - Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1. If you see the current/soon-to-be-old changelog, you can look at the most recent PR number that has been accounted for already, and start from after that last accounted for PR.
@@ -222,7 +222,7 @@ Promoting the images basically means that images, that were pushed to staging co
           - If you saved the bash script content above, in a file like `$HOME/bin/prlist_to_changelog.sh`, then you could execute a command like this to get your prlist in a text file called changelog_content.txt;`
 
           ```
-          prlist_to_changelog.sh ~/Downloads/prlist.txt | tee ~/Downloads//changelog_content.txt`
+          prlist_to_changelog.sh ~/Downloads/prlist.txt | tee ~/Downloads//changelog_content.txt
           ```
 
 ### d. Edit the values.yaml and run helm-docs

diff --git a/TAG b/TAG
@@ -1 +1 @@
-4.2.0-1
+4.2.1-1
diff --git a/build/build.sh b/build/build.sh
@@ -49,7 +49,10 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director
 
 echo "Building ${PKG}/cmd/nginx"
 
+pushd /go/src/k8s.io/ingress-nginx
 git config --add safe.directory /go/src/k8s.io/ingress-nginx
+popd
+
 ${GO_BUILD_CMD} \
   -trimpath -ldflags="-buildid= -w -s \
     -X ${PKG}/version.RELEASE=${TAG} \
@@ -74,4 +77,3 @@ ${GO_BUILD_CMD} \
     -X ${PKG}/version.COMMIT=${COMMIT_SHA} \
     -X ${PKG}/version.REPO=${REPO_INFO}" \
   -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown"
-
diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh
@@ -38,7 +38,7 @@ function cleanup {
 }
 trap cleanup EXIT
 
-E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220624-g3348cd71e@sha256:2a34e322b7ff89abdfa0b6202f903bf5618578b699ff609a3ddabac0aae239c8}
+E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20220823-ge19026fe4@sha256:038fc60379b6ce9a0134c2ff9134edccad1f8ecbd9c6ebed9660711d05b0ed95}
 
 DOCKER_OPTS=${DOCKER_OPTS:-}
 DOCKER_IN_DOCKER_ENABLED=${DOCKER_IN_DOCKER_ENABLED:-}

diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: wallarm-ingress
-version: 4.2.1
-appVersion: 4.2.0-1
+version: 4.2.2
+appVersion: 4.2.1-1
 home: https://github.com/wallarm/ingress
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer with Wallarm module
 icon: https://static.wallarm.com/wallarm-logo.svg