Update for NIC v2.3.0 (#26)

Author: ciarams87

bundle/manifests/nginx-ingress-operator-nginx-ingress-admin_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -135,3 +135,20 @@ rules:
   - update
   - create
   - delete
+- apiGroups:
+  - externaldns.nginx.org
+  resources:
+  - dnsendpoints
+  verbs:
+  - list
+  - watch
+  - get
+  - update
+  - create
+  - delete
+- apiGroups:
+  - externaldns.nginx.org
+  resources:
+  - dnsendpoints/status
+  verbs:
+  - update

config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml

@@ -33,6 +33,7 @@ metadata:
               },
               "enableCertManager": false,
               "enableCustomResources": true,
+              "enableExternalDNS": false,
               "enableLatencyMetrics": false,
               "enableOIDC": false,
               "enablePreviewPolicies": false,
@@ -48,7 +49,7 @@ metadata:
               "image": {
                 "pullPolicy": "IfNotPresent",
                 "repository": "nginx/nginx-ingress",
-                "tag": "2.2.0-ubi"
+                "tag": "2.3.0-ubi"
               },
               "ingressClass": "nginx",
               "initContainers": [],
@@ -131,7 +132,7 @@ metadata:
     capabilities: Basic Install
     categories: Monitoring, Networking
     certified: "true"
-    containerImage: nginx/nginx-ingress-operator:1.0.0
+    containerImage: nginx/nginx-ingress-operator:1.1.0
     createdAt: placeholder
     description: The NGINX Ingress Operator is a Kubernetes/OpenShift component which
       deploys and manages one or more NGINX/NGINX Plus Ingress Controllers
@@ -407,4 +408,4 @@ spec:
   minKubeVersion: 1.19.0
   provider:
     name: NGINX Inc
-  version: 1.0.0
+  version: 1.1.0

config/rbac/role.yaml

@@ -253,3 +253,20 @@ rules:
   - update
   - create
   - delete
+- apiGroups:
+    - externaldns.nginx.org
+  resources:
+    - dnsendpoints
+  verbs:
+    - list
+    - watch
+    - get
+    - update
+    - create
+    - delete
+- apiGroups:
+  - externaldns.nginx.org
+  resources:
+  - dnsendpoints/status
+  verbs:
+  - update

config/samples/charts_v1alpha1_nginxingress.yaml

@@ -37,7 +37,7 @@ spec:
     image:
       pullPolicy: IfNotPresent
       repository: nginx/nginx-ingress
-      tag: 2.2.0-ubi
+      tag: 2.3.0-ubi
     ingressClass: nginx
     initContainers: []
     kind: deployment

helm-charts/nginx-ingress/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 2.2.0
+appVersion: 2.3.0
 description: NGINX Ingress Controller
 home: https://github.com/nginxinc/kubernetes-ingress
 icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.2.0/deployments/helm-chart/chart-icon.png
@@ -13,4 +13,4 @@ maintainers:
 name: nginx-ingress
 sources:
 - https://github.com/nginxinc/kubernetes-ingress/tree/v2.2.0/deployments/helm-chart
-version: 0.13.0
+version: 0.14.0

helm-charts/nginx-ingress/README.md

@@ -23,7 +23,7 @@ This step is required if you're installing the chart using its sources. Addition
 
 1. Clone the Ingress Controller repo:
     ```console
-    $ git clone https://github.com/nginxinc/kubernetes-ingress --branch v2.2.0
+    $ git clone https://github.com/nginxinc/kubernetes-ingress --branch v2.3.0
     ```
     **Note**: If you want to use the experimental repository (`edge`), remove the `--branch` flag and value.
 
@@ -156,7 +156,7 @@ Parameter | Description | Default
 `controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false
 `controller.logLevel` | The log level of the Ingress Controller. | 1
 `controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress
-`controller.image.tag` | The tag of the Ingress Controller image. | 2.2.0
+`controller.image.tag` | The tag of the Ingress Controller image. | 2.3.0
 `controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent
 `controller.config.name` | The name of the ConfigMap used by the Ingress Controller. | Autogenerated
 `controller.config.annotations` | The annotations of the Ingress Controller configmap. | {}
@@ -172,6 +172,7 @@ Parameter | Description | Default
 `controller.terminationGracePeriodSeconds` | The termination grace period of the Ingress Controller pod. | 30
 `controller.tolerations` | The tolerations of the Ingress Controller pods. | []
 `controller.affinity` | The affinity of the Ingress Controller pods. | {}
+`controller.topologySpreadConstraints` | The topology spread constraints of the Ingress controller pods. | {}
 `controller.volumes` | The volumes of the Ingress Controller pods. | []
 `controller.volumeMounts` | The volumeMounts of the Ingress Controller pods. | []
 `controller.initContainers` | InitContainers for the Ingress Controller pods. | []
@@ -186,6 +187,7 @@ Parameter | Description | Default
 `controller.enableOIDC` | Enable OIDC policies. | false
 `controller.enableTLSPassthrough` | Enable TLS Passthrough on port 443. Requires `controller.enableCustomResources`. | false
 `controller.enableCertManager` | Enable x509 automated certificate management for VirtualServer resources using cert-manager (cert-manager.io). Requires `controller.enableCustomResources`. | false
+`controller.enableExternalDNS` | Enable integration with ExternalDNS for configuring public DNS entries for VirtualServer resources using [ExternalDNS](https://github.com/kubernetes-sigs/external-dns). Requires `controller.enableCustomResources`. | false
 `controller.globalConfiguration.create` | Creates the GlobalConfiguration custom resource. Requires `controller.enableCustomResources`. | false
 `controller.globalConfiguration.spec` | The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller. | {}
 `controller.enableSnippets` | Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. | false
@@ -232,6 +234,8 @@ Parameter | Description | Default
 `controller.readyStatus.enable` | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | true
 `controller.readyStatus.port` | The HTTP port for the readiness endpoint. | 8081
 `controller.enableLatencyMetrics` | Enable collection of latency metrics for upstreams. Requires `prometheus.create`. | false
+`controller.minReadySeconds` | Specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) | 0
+`controller.strategy` | Specifies the strategy used to replace old Pods by new ones. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | {}
 `rbac.create` | Configures RBAC. | true
 `prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false
 `prometheus.port` | Configures the port to scrape the metrics. | 9113

helm-charts/nginx-ingress/crds/appprotect.f5.com_aplogconfs.yaml

@@ -33,6 +33,15 @@ spec:
               properties:
                 content:
                   properties:
+                    escaping_characters:
+                      items:
+                        properties:
+                          from:
+                            type: string
+                          to:
+                            type: string
+                        type: object
+                      type: array
                     format:
                       enum:
                         - splunk
@@ -43,6 +52,12 @@ spec:
                       type: string
                     format_string:
                       type: string
+                    list_delimiter:
+                      type: string
+                    list_prefix:
+                      type: string
+                    list_suffix:
+                      type: string
                     max_message_size:
                       pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
                       type: string

helm-charts/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml

@@ -31,7 +31,7 @@ spec:
             metadata:
               type: object
             spec:
-              description: DosProtectedResourceSpec deines the properties and values a DosProtectedResource can have.
+              description: DosProtectedResourceSpec defines the properties and values a DosProtectedResource can have.
               type: object
               properties:
                 apDosMonitor:

helm-charts/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml

@@ -0,0 +1,87 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  name: dnsendpoints.externaldns.nginx.org
+spec:
+  group: externaldns.nginx.org
+  names:
+    kind: DNSEndpoint
+    listKind: DNSEndpointList
+    plural: dnsendpoints
+    singular: dnsendpoint
+  scope: Namespaced
+  versions:
+    - name: v1
+      schema:
+        openAPIV3Schema:
+          description: DNSEndpoint is the CRD wrapper for Endpoint
+          type: object
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              type: object
+              properties:
+                endpoints:
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      dnsName:
+                        description: The hostname for the DNS record
+                        type: string
+                      labels:
+                        description: Labels stores labels defined for the Endpoint
+                        type: object
+                        additionalProperties:
+                          type: string
+                      providerSpecific:
+                        description: ProviderSpecific stores provider specific config
+                        type: array
+                        items:
+                          type: object
+                          properties:
+                            name:
+                              description: Name of the property
+                              type: string
+                            value:
+                              description: Value of the property
+                              type: string
+                      recordTTL:
+                        description: TTL for the record
+                        type: integer
+                        format: int64
+                      recordType:
+                        description: RecordType type of record, e.g. CNAME, A, SRV, TXT, MX
+                        type: string
+                      targets:
+                        description: The targets the DNS service points to
+                        type: array
+                        items:
+                          type: string
+            status:
+              type: object
+              properties:
+                observedGeneration:
+                  description: The generation observed by by the external-dns controller.
+                  type: integer
+                  format: int64
+      served: true
+      storage: true
+      subresources:
+        status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

helm-charts/nginx-ingress/crds/k8s.nginx.org_policies.yaml

@@ -54,6 +54,14 @@ spec:
                       type: array
                       items:
                         type: string
+                basicAuth:
+                  description: 'BasicAuth holds HTTP Basic authentication configuration policy status: preview'
+                  type: object
+                  properties:
+                    realm:
+                      type: string
+                    secret:
+                      type: string
                 egressMTLS:
                   description: EgressMTLS defines an Egress MTLS policy.
                   type: object
@@ -116,6 +124,8 @@ spec:
                       type: string
                     tokenEndpoint:
                       type: string
+                    zoneSyncLeeway:
+                      type: integer
                 rateLimit:
                   description: RateLimit defines a rate limit policy.
                   type: object
@@ -156,6 +166,18 @@ spec:
                           type: boolean
                         logDest:
                           type: string
+                    securityLogs:
+                      type: array
+                      items:
+                        description: SecurityLog defines the security log of a WAF policy.
+                        type: object
+                        properties:
+                          apLogConf:
+                            type: string
+                          enable:
+                            type: boolean
+                          logDest:
+                            type: string
             status:
               description: PolicyStatus is the status of the policy resource
               type: object