feat: updated ingress_nginx helm chart to v4.11.5 (#2011)

(cherry picked from commit 4d81a61)

Author: Ani1357

chart/chart-index/Chart.yaml

@@ -30,7 +30,7 @@ dependencies:
     version: 1.16.2
     repository: https://helm.goharbor.io
   - name: ingress-nginx
-    version: 4.11.2
+    version: 4.11.5
     repository: https://kubernetes.github.io/ingress-nginx
   - name: jaeger-operator
     version: 2.46.0

charts/ingress-nginx/CHANGELOG.md

@@ -1,9 +1,9 @@
 annotations:
   artifacthub.io/changes: |
-    - Update Ingress-Nginx version controller-v1.11.2
+    - Update Ingress-Nginx version controller-v1.11.5
   artifacthub.io/prerelease: "false"
 apiVersion: v2
-appVersion: 1.11.2
+appVersion: 1.11.5
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
   load balancer
 home: https://github.com/kubernetes/ingress-nginx
@@ -15,11 +15,9 @@ kubeVersion: '>=1.21.0-0'
 maintainers:
 - name: cpanato
 - name: Gacko
-- name: puerco
-- name: rikatz
 - name: strongjz
 - name: tao12345666333
 name: ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
-version: 4.11.2
+version: 4.11.5

charts/ingress-nginx/Chart.yaml

@@ -1,10 +1,4 @@
 # See the OWNERS docs: https://www.kubernetes.dev/docs/guide/owners
 
-approvers:
-- ingress-nginx-helm-maintainers
-
-reviewers:
-- ingress-nginx-helm-reviewers
-
 labels:
 - area/helm

charts/ingress-nginx/OWNERS

@@ -2,7 +2,7 @@
 
 [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
 
-![Version: 4.11.2](https://img.shields.io/badge/Version-4.11.2-informational?style=flat-square) ![AppVersion: 1.11.2](https://img.shields.io/badge/AppVersion-1.11.2-informational?style=flat-square)
+![Version: 4.11.5](https://img.shields.io/badge/Version-4.11.5-informational?style=flat-square) ![AppVersion: 1.11.5](https://img.shields.io/badge/AppVersion-1.11.5-informational?style=flat-square)
 
 To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
 
@@ -229,6 +229,24 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
 
 As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
 
+### Pod Security Admission
+
+You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
+
+Example:
+
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx
+  labels:
+    kubernetes.io/metadata.name: ingress-nginx
+    name: ingress-nginx
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/enforce-version: v1.31
+```
+
 ## Values
 
 | Key | Type | Default | Description |
@@ -253,11 +271,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.admissionWebhooks.namespaceSelector | object | `{}` |  |
 | controller.admissionWebhooks.objectSelector | object | `{}` |  |
 | controller.admissionWebhooks.patch.enabled | bool | `true` |  |
-| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3"` |  |
+| controller.admissionWebhooks.patch.image.digest | string | `"sha256:e8825994b7a2c7497375a9b945f386506ca6a3eda80b89b74ef2db743f66a5ea"` |  |
 | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` |  |
 | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` |  |
-| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.3"` |  |
+| controller.admissionWebhooks.patch.image.tag | string | `"v1.5.2"` |  |
 | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
 | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
 | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
@@ -325,16 +343,16 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
 | controller.image.allowPrivilegeEscalation | bool | `false` |  |
 | controller.image.chroot | bool | `false` |  |
-| controller.image.digest | string | `"sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce"` |  |
-| controller.image.digestChroot | string | `"sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8"` |  |
+| controller.image.digest | string | `"sha256:a1cbad75b0a7098bf9325132794dddf9eef917e8a7fe246749a4cea7ff6f01eb"` |  |
+| controller.image.digestChroot | string | `"sha256:ec9df3eb6b06563a079ee46045da94cbf750f7dbb16fdbcb9e3265b551ed72ad"` |  |
 | controller.image.image | string | `"ingress-nginx/controller"` |  |
 | controller.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.image.readOnlyRootFilesystem | bool | `false` |  |
 | controller.image.registry | string | `"registry.k8s.io"` |  |
 | controller.image.runAsNonRoot | bool | `true` |  |
 | controller.image.runAsUser | int | `101` |  |
 | controller.image.seccompProfile.type | string | `"RuntimeDefault"` |  |
-| controller.image.tag | string | `"v1.11.2"` |  |
+| controller.image.tag | string | `"v1.11.5"` |  |
 | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
 | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
 | controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
@@ -366,7 +384,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.livenessProbe.periodSeconds | int | `10` |  |
 | controller.livenessProbe.successThreshold | int | `1` |  |
 | controller.livenessProbe.timeoutSeconds | int | `1` |  |
-| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases |
+| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ |
 | controller.metrics.enabled | bool | `false` |  |
 | controller.metrics.port | int | `10254` |  |
 | controller.metrics.portName | string | `"metrics"` |  |
@@ -380,7 +398,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.metrics.service.servicePort | int | `10254` |  |
 | controller.metrics.service.type | string | `"ClusterIP"` |  |
 | controller.metrics.serviceMonitor.additionalLabels | object | `{}` |  |
-| controller.metrics.serviceMonitor.annotations | object | `{}` |  |
+| controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. |
 | controller.metrics.serviceMonitor.enabled | bool | `false` |  |
 | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` |  |
 | controller.metrics.serviceMonitor.namespace | string | `""` |  |
@@ -515,7 +533,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | defaultBackend.livenessProbe.periodSeconds | int | `10` |  |
 | defaultBackend.livenessProbe.successThreshold | int | `1` |  |
 | defaultBackend.livenessProbe.timeoutSeconds | int | `5` |  |
-| defaultBackend.minAvailable | int | `1` |  |
+| defaultBackend.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. |
 | defaultBackend.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # |
 | defaultBackend.name | string | `"defaultbackend"` |  |
 | defaultBackend.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |

charts/ingress-nginx/README.md

@@ -226,4 +226,22 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
 
 As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
 
+### Pod Security Admission
+
+You can use Pod Security Admission by applying labels to the `ingress-nginx` namespace as instructed by the [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels).
+
+Example:
+
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx
+  labels:
+    kubernetes.io/metadata.name: ingress-nginx
+    name: ingress-nginx
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/enforce-version: v1.31
+```
+
 {{ template "chart.valuesSection" . }}

charts/ingress-nginx/README.md.gotmpl

@@ -5,7 +5,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku
 ### 4.1.2
 
 * [8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed
-* [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter
+* [8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePrefix Helm chart parameter
 * [8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart
 
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.1.0...helm-chart-4.1.2

charts/ingress-nginx/changelog/.gitkeep

@@ -2,8 +2,8 @@
 
 This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 
-### {{  .NewHelmChartVersion }}
-{{ with .HelmUpdates }}
-{{ range . }}* {{ . }}
-{{ end }}{{ end }}
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-{{ .PreviousHelmChartVersion }}...helm-chart-{{ .NewHelmChartVersion }}
+### 4.11.3
+
+* Update Ingress-Nginx version controller-v1.11.3
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.2...helm-chart-4.11.3

charts/ingress-nginx/changelog/Changelog-4.5.2.md

@@ -0,0 +1,10 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.11.4
+
+* CI: Fix chart testing. (#12259)
+* Update Ingress-Nginx version controller-v1.11.4
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.3...helm-chart-4.11.4

charts/ingress-nginx/changelog/Changelog-4.6.0.md

@@ -0,0 +1,9 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.11.5
+
+* Update Ingress-Nginx version controller-v1.11.5
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.11.4...helm-chart-4.11.5

charts/ingress-nginx/changelog/Changelog-4.6.1.md

@@ -6,7 +6,7 @@ This file documents all notable changes to [ingress-nginx](https://github.com/ku
 
 * helm: Fix opentelemetry module installation for daemonset (#9792)
 * Update charts/* to keep project name display aligned (#9931)
-* HPA: Use capabilites & align manifests. (#9521)
+* HPA: Use capabilities & align manifests. (#9521)
 * PodDisruptionBudget spec logic update (#9904)
 * add option for annotations in PodDisruptionBudget (#9843)
 * Update Ingress-Nginx version controller-v1.8.0

charts/ingress-nginx/changelog/helm-chart-4.1.2.md

@@ -1,10 +1,12 @@
 controller:
-  kind: DaemonSet
   image:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
-    enabled: false
+
   service:
     type: ClusterIP
+
+  admissionWebhooks:
+    certManager:
+      enabled: true

charts/ingress-nginx/changelog.md.gotmpl renamed to charts/ingress-nginx/changelog/helm-chart-4.11.3.md

@@ -0,0 +1,11 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  addHeaders:
+    X-Frame-Options: deny

charts/ingress-nginx/changelog/helm-chart-4.11.4.md

@@ -0,0 +1,11 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  proxySetHeaders:
+    X-Forwarded-Proto: https

charts/ingress-nginx/changelog/helm-chart-4.11.5.md

@@ -3,10 +3,9 @@ controller:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  config:
-    use-proxy-protocol: "true"
-  allowSnippetAnnotations: false
-  admissionWebhooks:
-    enabled: false
+
   service:
     type: ClusterIP
+
+  config:
+    use-proxy-protocol: "true"

charts/ingress-nginx/changelog/helm-chart-4.7.0.md

@@ -0,0 +1,30 @@
+controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
+
+  service:
+    type: ClusterIP
+
+  kind: DaemonSet
+
+  extraModules:
+  - name: opentelemetry
+    image:
+      registry: registry.k8s.io
+      image: ingress-nginx/opentelemetry-1.25.3
+      tag: v20240813-b933310d
+      digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
+      distroless: true
+    containerSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 65532
+      runAsGroup: 65532
+      allowPrivilegeEscalation: false
+      seccompProfile:
+        type: RuntimeDefault
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true

charts/ingress-nginx/ci/deamonset-default-values.yaml renamed to charts/ingress-nginx/ci/admission-webhooks-cert-manager-values.yaml

@@ -1,10 +1,13 @@
 controller:
-  kind: DaemonSet
   image:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
-  admissionWebhooks:
-    enabled: true
+
   service:
     type: ClusterIP
+
+  kind: DaemonSet
+
+  metrics:
+    enabled: true

charts/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml

@@ -3,7 +3,11 @@ controller:
     repository: ingress-controller/controller
     tag: 1.0.0-dev
     digest: null
+
   service:
     type: ClusterIP
+
+  kind: DaemonSet
+
   opentelemetry:
     enabled: true