feat: Support NIC version 2.4.0 (#38)

* Update chart for NIC v2.4.0

* Update manifests based on latest NIC version

Author: ciarams87

config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml

@@ -36,6 +36,7 @@ metadata:
               "enableExternalDNS": false,
               "enableLatencyMetrics": false,
               "enableOIDC": false,
+              "includeYear": false,
               "enablePreviewPolicies": false,
               "enableSnippets": false,
               "enableTLSPassthrough": false,
@@ -49,8 +50,10 @@ metadata:
               "image": {
                 "pullPolicy": "IfNotPresent",
                 "repository": "nginx/nginx-ingress",
-                "tag": "2.3.0-ubi"
+                "tag": "2.4.0-ubi"
               },
+              "lifecycle": {},
+              "customConfigMap": "",
               "ingressClass": "nginx",
               "initContainers": [],
               "kind": "deployment",
@@ -123,6 +126,7 @@ metadata:
               "scheme": "http",
               "secret": ""
             },
+            "disableIPV6": false,
             "rbac": {
               "create": true
             }
@@ -302,7 +306,7 @@ spec:
                 - --metrics-bind-address=127.0.0.1:8080
                 - --leader-elect
                 - --leader-election-id=nginx-ingress-operator
-                image: nginx/nginx-ingress-operator:1.0.0
+                image: nginx/nginx-ingress-operator:1.1.0
                 livenessProbe:
                   httpGet:
                     path: /healthz

config/rbac/role.yaml

@@ -168,6 +168,14 @@ rules:
   - watch
   - update
   - create
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
 # Comment out this scc block before running the bundle command if running in a non-OpenShift environment
 - apiGroups:
   - security.openshift.io
@@ -192,6 +200,16 @@ rules:
   - create
   - patch
   - list
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - create
 - apiGroups:
   - networking.k8s.io
   resources:

config/samples/charts_v1alpha1_nginxingress.yaml

@@ -24,6 +24,7 @@ spec:
     enableCustomResources: true
     enableLatencyMetrics: false
     enableOIDC: false
+    includeYear: false
     enablePreviewPolicies: false
     enableSnippets: false
     enableTLSPassthrough: false
@@ -37,7 +38,9 @@ spec:
     image:
       pullPolicy: IfNotPresent
       repository: nginx/nginx-ingress
-      tag: 2.3.0-ubi
+      tag: 2.4.0-ubi
+    lifecycle: {}
+    customConfigMap: ""
     ingressClass: nginx
     initContainers: []
     kind: deployment
@@ -105,5 +108,6 @@ spec:
     port: 9113
     scheme: http
     secret: ""
+  disableIPV6: false
   rbac:
     create: true

helm-charts/nginx-ingress/Chart.yaml

@@ -1,16 +1,17 @@
-apiVersion: v1
-appVersion: 2.3.0
+apiVersion: v2
+name: nginx-ingress
+version: 0.15.0
+appVersion: 2.4.0
+kubeVersion: ">= 1.19.0-0"
+type: application
 description: NGINX Ingress Controller
+icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.4.0/deployments/helm-chart/chart-icon.png
 home: https://github.com/nginxinc/kubernetes-ingress
-icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.2.0/deployments/helm-chart/chart-icon.png
+sources:
+  - https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.0/deployments/helm-chart
 keywords:
-- ingress
-- nginx
-kubeVersion: '>= 1.19.0-0'
+  - ingress
+  - nginx
 maintainers:
-- email: [email protected]
-  name: nginxinc
-name: nginx-ingress
-sources:
-- https://github.com/nginxinc/kubernetes-ingress/tree/v2.2.0/deployments/helm-chart
-version: 0.14.0
+  - name: nginxinc
+    email: [email protected]

helm-charts/nginx-ingress/README.md

@@ -23,7 +23,7 @@ This step is required if you're installing the chart using its sources. Addition
 
 1. Clone the Ingress Controller repo:
     ```console
-    $ git clone https://github.com/nginxinc/kubernetes-ingress --branch v2.3.0
+    $ git clone https://github.com/nginxinc/kubernetes-ingress --branch v2.4.0
     ```
     **Note**: If you want to use the experimental repository (`edge`), remove the `--branch` flag and value.
 
@@ -155,16 +155,19 @@ Parameter | Description | Default
 `controller.hostNetwork` | Enables the Ingress Controller pods to use the host's network namespace. | false
 `controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false
 `controller.logLevel` | The log level of the Ingress Controller. | 1
+`controller.image.digest ` | The image digest of the Ingress Controller. | None
 `controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress
-`controller.image.tag` | The tag of the Ingress Controller image. | 2.3.0
+`controller.image.tag` | The tag of the Ingress Controller image. | 2.4.0
 `controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent
+`controller.lifecycle` | The lifecycle of the Ingress Controller pods. | {}
+`controller.customConfigMap` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | ""
 `controller.config.name` | The name of the ConfigMap used by the Ingress Controller. | Autogenerated
 `controller.config.annotations` | The annotations of the Ingress Controller configmap. | {}
 `controller.config.entries` | The entries of the ConfigMap for customizing NGINX configuration. See [ConfigMap resource docs](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) for the list of supported ConfigMap keys. | {}
 `controller.customPorts` | A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports. | []
-`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used. **Note:** It is recommended that you specify your own certificate. | A pre-generated self-signed certificate.
-`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** If not specified, a pre-generated key is used. It is recommended that you specify your own key. | A pre-generated key.
-`controller.defaultTLS.secret` | The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `<namespace>/<name>`. Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. | None
+`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server.  **Note:** By default, a pre-generated self-signed certificate is used. It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | A pre-generated self-signed certificate.
+`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** By default, a pre-generated key is used. It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.  | A pre-generated key.
+`controller.defaultTLS.secret` | The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `<namespace>/<name>`. Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. **Note:** Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | None
 `controller.wildcardTLS.cert` | The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None
 `controller.wildcardTLS.key` | The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None
 `controller.wildcardTLS.secret` | The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. The value must follow the following format: `<namespace>/<name>`. Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters. | None
@@ -181,7 +184,7 @@ Parameter | Description | Default
 `controller.replicaCount` | The number of replicas of the Ingress Controller deployment. | 1
 `controller.ingressClass` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx
 `controller.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass`. | false
-`controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress Controller watches all namespaces. | ""
+`controller.watchNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. | ""
 `controller.enableCustomResources` | Enable the custom resources. | true
 `controller.enablePreviewPolicies` | Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use `controller.enableOIDC` instead. | false
 `controller.enableOIDC` | Enable OIDC policies. | false
@@ -217,6 +220,11 @@ Parameter | Description | Default
 `controller.service.httpsPort.targetPort` | The target port of the HTTPS port of the Ingress Controller service. | 443
 `controller.serviceAccount.name` | The name of the service account of the Ingress Controller pods. Used for RBAC. | Autogenerated
 `controller.serviceAccount.imagePullSecretName` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. | ""
+`controller.serviceMonitor.name` | The name of the serviceMonitor. | Autogenerated
+`controller.serviceMonitor.create` | Create a ServiceMonitor custom resource. | false
+`controller.serviceMonitor.labels` | Kubernetes object labels to attach to the serviceMonitor object. | ""
+`controller.serviceMonitor.selectorMatchLabels` | A set of labels to allow the selection of endpoints for the ServiceMonitor. | ""
+`controller.serviceMonitor.endpoints` | A list of endpoints allowed as part of this ServiceMonitor. | ""
 `controller.reportIngressStatus.enable` | Updates the address field in the status of Ingress resources with an external address of the Ingress Controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService`, `controller.reportIngressStatus.ingressLink` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence over the others. | true
 `controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress Controller is exposed externally. The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. The default is autogenerated and enabled when `controller.service.create` is set to `true` and `controller.service.type` is set to `LoadBalancer`. | Autogenerated
 `controller.reportIngressStatus.ingressLink` | Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. | ""
@@ -225,17 +233,19 @@ Parameter | Description | Default
 `controller.reportIngressStatus.annotations` | The annotations of the leader election configmap. | {}
 `controller.pod.annotations` | The annotations of the Ingress Controller pod. | {}
 `controller.pod.extraLabels` | The additional extra labels of the Ingress Controller pod. | {}
-`controller.appprotect.enable` | Enables the App Protect module in the Ingress Controller. | false
+`controller.appprotect.enable` | Enables the App Protect WAF module in the Ingress Controller. | false
 `controller.appprotectdos.enable` | Enables the App Protect DoS module in the Ingress Controller. | false
 `controller.appprotectdos.debug` | Enable debugging for App Protect DoS. | false
 `controller.appprotectdos.maxDaemons` | Max number of ADMD instances. | 1
 `controller.appprotectdos.maxWorkers` | Max number of nginx processes to support. | Number of CPU cores in the machine
 `controller.appprotectdos.memory` | RAM memory size to consume in MB. | 50% of free RAM in the container or 80MB, the smaller
 `controller.readyStatus.enable` | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | true
 `controller.readyStatus.port` | The HTTP port for the readiness endpoint. | 8081
+`controller.readyStatus.initialDelaySeconds` | The number of seconds after the Ingress Controller pod has started before readiness probes are initiated. | 0
 `controller.enableLatencyMetrics` | Enable collection of latency metrics for upstreams. Requires `prometheus.create`. | false
 `controller.minReadySeconds` | Specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) | 0
 `controller.strategy` | Specifies the strategy used to replace old Pods by new ones. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | {}
+`controller.disableIPV6` | Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. | false
 `rbac.create` | Configures RBAC. | true
 `prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false
 `prometheus.port` | Configures the port to scrape the metrics. | 9113

helm-charts/nginx-ingress/crds/appprotectdos.f5.com_apdoslogconfs.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.0
+    controller-gen.kubebuilder.io/version: v0.9.2
   creationTimestamp: null
   name: apdoslogconfs.appprotectdos.f5.com
 spec:
@@ -38,13 +38,11 @@ spec:
                         - splunk
                         - arcsight
                         - user-defined
-                      default: splunk
                       type: string
                     format_string:
                       type: string
                     max_message_size:
                       pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
-                      default: 5k
                       type: string
                   type: object
                 filter:

helm-charts/nginx-ingress/crds/appprotectdos.f5.com_apdospolicy.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.0
+    controller-gen.kubebuilder.io/version: v0.9.2
   creationTimestamp: null
   name: apdospolicies.appprotectdos.f5.com
 spec:

helm-charts/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: dosprotectedresources.appprotectdos.f5.com
 spec:
@@ -79,9 +79,3 @@ spec:
                   type: string
       served: true
       storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

helm-charts/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: dnsendpoints.externaldns.nginx.org
 spec:
@@ -29,11 +29,13 @@ spec:
             metadata:
               type: object
             spec:
+              description: DNSEndpointSpec holds information about endpoints.
               type: object
               properties:
                 endpoints:
                   type: array
                   items:
+                    description: Endpoint describes DNS Endpoint.
                     type: object
                     properties:
                       dnsName:
@@ -48,6 +50,7 @@ spec:
                         description: ProviderSpecific stores provider specific config
                         type: array
                         items:
+                          description: ProviderSpecificProperty represents provider specific config property.
                           type: object
                           properties:
                             name:
@@ -69,6 +72,7 @@ spec:
                         items:
                           type: string
             status:
+              description: DNSEndpointStatus represents generation observed by the external dns controller.
               type: object
               properties:
                 observedGeneration:
@@ -79,9 +83,3 @@ spec:
       storage: true
       subresources:
         status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

helm-charts/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: globalconfigurations.k8s.nginx.org
 spec:
@@ -48,9 +48,3 @@ spec:
                         type: string
       served: true
       storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []