testing precommit

Author: mohamadaldawamnah

config/crd/bases/k8s.nginx.org_transportservers.yaml

@@ -160,7 +160,7 @@ spec:
                       description: Sets the number of unsuccessful attempts to communicate
                         with the server that should happen in the duration set by
                         the failTimeout parameter to consider the server unavailable.
-                        The default 1.
+                        The default is 1.
                       type: string
                     healthCheck:
                       description: 'The health check configuration for the Upstream.

config/crd/bases/k8s.nginx.org_virtualserverroutes.yaml

@@ -842,7 +842,7 @@ spec:
                     backup:
                       description: 'The name of the backup service of type ExternalName.
                         This will be used when the primary servers are unavailable.
-                        Note: The parameter cannot be used along with the random ,
+                        Note: The parameter cannot be used along with the random,
                         hash or ip_hash load balancing methods.'
                       type: string
                     backupPort:
@@ -1139,7 +1139,7 @@ spec:
                         been recovered or became available or when the server becomes
                         available after a period of time it was considered unavailable.
                         By default, the slow start is disabled. Note: The parameter
-                        cannot be used along with the random , hash or ip_hash load
+                        cannot be used along with the random, hash or ip_hash load
                         balancing methods and will be ignored.'
                       type: string
                     subselector:

config/crd/bases/k8s.nginx.org_virtualservers.yaml

@@ -1004,7 +1004,7 @@ spec:
                         type: string
                       code:
                         description: 'The status code of a redirect. The allowed values
-                          are: 301 , 302 , 307 , 308. The default is 301.'
+                          are: 301, 302, 307 or 308. The default is 301.'
                         type: integer
                       enable:
                         description: Enables a TLS redirect for a VirtualServer. The
@@ -1031,7 +1031,7 @@ spec:
                     backup:
                       description: 'The name of the backup service of type ExternalName.
                         This will be used when the primary servers are unavailable.
-                        Note: The parameter cannot be used along with the random ,
+                        Note: The parameter cannot be used along with the random,
                         hash or ip_hash load balancing methods.'
                       type: string
                     backupPort:
@@ -1328,7 +1328,7 @@ spec:
                         been recovered or became available or when the server becomes
                         available after a period of time it was considered unavailable.
                         By default, the slow start is disabled. Note: The parameter
-                        cannot be used along with the random , hash or ip_hash load
+                        cannot be used along with the random, hash or ip_hash load
                         balancing methods and will be ignored.'
                       type: string
                     subselector:

deploy/crds.yaml

@@ -814,7 +814,7 @@ spec:
                       description: Sets the number of unsuccessful attempts to communicate
                         with the server that should happen in the duration set by
                         the failTimeout parameter to consider the server unavailable.
-                        The default 1.
+                        The default is 1.
                       type: string
                     healthCheck:
                       description: 'The health check configuration for the Upstream.
@@ -1775,7 +1775,7 @@ spec:
                     backup:
                       description: 'The name of the backup service of type ExternalName.
                         This will be used when the primary servers are unavailable.
-                        Note: The parameter cannot be used along with the random ,
+                        Note: The parameter cannot be used along with the random,
                         hash or ip_hash load balancing methods.'
                       type: string
                     backupPort:
@@ -2072,7 +2072,7 @@ spec:
                         been recovered or became available or when the server becomes
                         available after a period of time it was considered unavailable.
                         By default, the slow start is disabled. Note: The parameter
-                        cannot be used along with the random , hash or ip_hash load
+                        cannot be used along with the random, hash or ip_hash load
                         balancing methods and will be ignored.'
                       type: string
                     subselector:
@@ -3161,7 +3161,7 @@ spec:
                         type: string
                       code:
                         description: 'The status code of a redirect. The allowed values
-                          are: 301 , 302 , 307 , 308. The default is 301.'
+                          are: 301, 302, 307 or 308. The default is 301.'
                         type: integer
                       enable:
                         description: Enables a TLS redirect for a VirtualServer. The
@@ -3188,7 +3188,7 @@ spec:
                     backup:
                       description: 'The name of the backup service of type ExternalName.
                         This will be used when the primary servers are unavailable.
-                        Note: The parameter cannot be used along with the random ,
+                        Note: The parameter cannot be used along with the random,
                         hash or ip_hash load balancing methods.'
                       type: string
                     backupPort:
@@ -3485,7 +3485,7 @@ spec:
                         been recovered or became available or when the server becomes
                         available after a period of time it was considered unavailable.
                         By default, the slow start is disabled. Note: The parameter
-                        cannot be used along with the random , hash or ip_hash load
+                        cannot be used along with the random, hash or ip_hash load
                         balancing methods and will be ignored.'
                       type: string
                     subselector:

docs/crd/k8s.nginx.org_policies.md

@@ -47,6 +47,8 @@ The `.spec` object supports the following fields:
 | `jwt.keyCache` | `string` | Enables in-memory caching of JWKS (JSON Web Key Sets) that are obtained from the jwksURI and sets a valid time for expiration. |
 | `jwt.realm` | `string` | The realm of the JWT. |
 | `jwt.secret` | `string` | The name of the Kubernetes secret that stores the Htpasswd configuration. It must be in the same namespace as the Policy resource. The secret must be of the type nginx.org/htpasswd, and the config must be stored in the secret under the key htpasswd, otherwise the secret will be rejected as invalid. |
+| `jwt.sniEnabled` | `boolean` | Enables SNI (Server Name Indication) for the JWT policy. This is useful when the remote server requires SNI to serve the correct certificate. |
+| `jwt.sniName` | `string` | The SNI name to use when connecting to the remote server. If not set, the hostname from the ``jwksURI`` will be used. |
 | `jwt.token` | `string` | The token specifies a variable that contains the JSON Web Token. By default the JWT is passed in the Authorization header as a Bearer Token. JWT may be also passed as a cookie or a part of a query string, for example: $cookie_auth_token. Accepted variables are $http_, $arg_, $cookie_. |
 | `oidc` | `object` | The OpenID Connect policy configures NGINX to authenticate client requests by validating a JWT token against an OAuth2/OIDC token provider, such as Auth0 or Keycloak. |
 | `oidc.accessTokenEnable` | `boolean` | Option of whether Bearer token is used to authorize NGINX to access protected backend. |

docs/crd/k8s.nginx.org_transportservers.md

@@ -38,7 +38,7 @@ The `.spec` object supports the following fields:
 | `upstreams` | `array` | A list of upstreams. |
 | `upstreams[].backup` | `string` | The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods. |
 | `upstreams[].backupPort` | `integer` | The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range 1..65535. |
-| `upstreams[].failTimeout` | `string` | Sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the failTimeout parameter to consider the server unavailable. The default 1. |
+| `upstreams[].failTimeout` | `string` | Sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the failTimeout parameter to consider the server unavailable. The default is 1. |
 | `upstreams[].healthCheck` | `object` | The health check configuration for the Upstream. Note: this feature is supported only in NGINX Plus. |
 | `upstreams[].healthCheck.enable` | `boolean` | Enables a health check for an upstream server. The default is false. |
 | `upstreams[].healthCheck.fails` | `integer` | The number of consecutive failed health checks of a particular upstream server after which this server will be considered unhealthy. The default is 1. |

docs/crd/k8s.nginx.org_virtualserverroutes.md

@@ -161,7 +161,7 @@ The `.spec` object supports the following fields:
 | `subroutes[].splits[].action.return.type` | `string` | The MIME type of the response. The default is text/plain. |
 | `subroutes[].splits[].weight` | `integer` | The weight of an action. Must fall into the range 0..100. The sum of the weights of all splits must be equal to 100. |
 | `upstreams` | `array` | A list of upstreams. |
-| `upstreams[].backup` | `string` | The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random , hash or ip_hash load balancing methods. |
+| `upstreams[].backup` | `string` | The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods. |
 | `upstreams[].backupPort` | `integer` | The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range 1..65535. |
 | `upstreams[].buffer-size` | `string` | Sets the size of the buffer used for reading the first part of a response received from the upstream server. The default is set in the proxy-buffer-size ConfigMap key. |
 | `upstreams[].buffering` | `boolean` | Enables buffering of responses from the upstream server. The default is set in the proxy-buffering ConfigMap key. |
@@ -218,7 +218,7 @@ The `.spec` object supports the following fields:
 | `upstreams[].sessionCookie.path` | `string` | The path for which the cookie is set. |
 | `upstreams[].sessionCookie.samesite` | `string` | Adds the SameSite attribute to the cookie. The allowed values are: strict, lax, none |
 | `upstreams[].sessionCookie.secure` | `boolean` | Adds the Secure attribute to the cookie. |
-| `upstreams[].slow-start` | `string` | The slow start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available or when the server becomes available after a period of time it was considered unavailable. By default, the slow start is disabled. Note: The parameter cannot be used along with the random , hash or ip_hash load balancing methods and will be ignored. |
+| `upstreams[].slow-start` | `string` | The slow start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available or when the server becomes available after a period of time it was considered unavailable. By default, the slow start is disabled. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods and will be ignored. |
 | `upstreams[].subselector` | `object` | Selects the pods within the service using label keys and values. By default, all pods of the service are selected. Note: the specified labels are expected to be present in the pods when they are created. If the pod labels are updated, NGINX Ingress Controller will not see that change until the number of the pods is changed. |
 | `upstreams[].tls` | `object` | The TLS configuration for the Upstream. |
 | `upstreams[].tls.enable` | `boolean` | Enables HTTPS for requests to upstream servers. The default is False , meaning that HTTP will be used. Note: by default, NGINX will not verify the upstream server certificate. To enable the verification, configure an EgressMTLS Policy. |

docs/crd/k8s.nginx.org_virtualservers.md

@@ -192,11 +192,11 @@ The `.spec` object supports the following fields:
 | `tls.cert-manager.usages` | `string` | This field allows you to configure spec.usages field for the Certificate to be generated. Pass a string with comma-separated values i.e. key agreement,digital signature, server auth. An exhaustive list of supported key usages can be found in the the cert-manager api documentation. |
 | `tls.redirect` | `object` | The redirect configuration of the TLS for a VirtualServer. |
 | `tls.redirect.basedOn` | `string` | The attribute of a request that NGINX will evaluate to send a redirect. The allowed values are scheme (the scheme of the request) or x-forwarded-proto (the X-Forwarded-Proto header of the request). The default is scheme. |
-| `tls.redirect.code` | `integer` | The status code of a redirect. The allowed values are: 301 , 302 , 307 , 308. The default is 301. |
+| `tls.redirect.code` | `integer` | The status code of a redirect. The allowed values are: 301, 302, 307 or 308. The default is 301. |
 | `tls.redirect.enable` | `boolean` | Enables a TLS redirect for a VirtualServer. The default is False. |
 | `tls.secret` | `string` | The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the VirtualServer. The secret must be of the type kubernetes.io/tls and contain keys named tls.crt and tls.key that contain the certificate and private key as described here. If the secret doesn’t exist or is invalid, NGINX will break any attempt to establish a TLS connection to the host of the VirtualServer. If the secret is not specified but wildcard TLS secret is configured, NGINX will use the wildcard secret for TLS termination. |
 | `upstreams` | `array` | A list of upstreams. |
-| `upstreams[].backup` | `string` | The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random , hash or ip_hash load balancing methods. |
+| `upstreams[].backup` | `string` | The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods. |
 | `upstreams[].backupPort` | `integer` | The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range 1..65535. |
 | `upstreams[].buffer-size` | `string` | Sets the size of the buffer used for reading the first part of a response received from the upstream server. The default is set in the proxy-buffer-size ConfigMap key. |
 | `upstreams[].buffering` | `boolean` | Enables buffering of responses from the upstream server. The default is set in the proxy-buffering ConfigMap key. |
@@ -253,7 +253,7 @@ The `.spec` object supports the following fields:
 | `upstreams[].sessionCookie.path` | `string` | The path for which the cookie is set. |
 | `upstreams[].sessionCookie.samesite` | `string` | Adds the SameSite attribute to the cookie. The allowed values are: strict, lax, none |
 | `upstreams[].sessionCookie.secure` | `boolean` | Adds the Secure attribute to the cookie. |
-| `upstreams[].slow-start` | `string` | The slow start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available or when the server becomes available after a period of time it was considered unavailable. By default, the slow start is disabled. Note: The parameter cannot be used along with the random , hash or ip_hash load balancing methods and will be ignored. |
+| `upstreams[].slow-start` | `string` | The slow start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available or when the server becomes available after a period of time it was considered unavailable. By default, the slow start is disabled. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods and will be ignored. |
 | `upstreams[].subselector` | `object` | Selects the pods within the service using label keys and values. By default, all pods of the service are selected. Note: the specified labels are expected to be present in the pods when they are created. If the pod labels are updated, NGINX Ingress Controller will not see that change until the number of the pods is changed. |
 | `upstreams[].tls` | `object` | The TLS configuration for the Upstream. |
 | `upstreams[].tls.enable` | `boolean` | Enables HTTPS for requests to upstream servers. The default is False , meaning that HTTP will be used. Note: by default, NGINX will not verify the upstream server certificate. To enable the verification, configure an EgressMTLS Policy. |