Metrics: Fix namespace in nginx_ingress_controller_ssl_expire_time_seconds.
#10274
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
k8s-ci-robot
added
cncf-cla: no
✅ Deploy Preview for kubernetes-ingress-nginx canceled.
|
|
Welcome @alexey-gavrilov-flant! |
|
Hi @alexey-gavrilov-flant. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
k8s-ci-robot
added
the
needs-rebase
k8s-ci-robot
removed
the
needs-rebase
|
@strongjz Could you please see my changes and advance ci to the next step? |
|
@rikatz Could you please see my changes and advance ci to the next step? |
k8s-ci-robot
added
the
needs-rebase
|
/check-required-labels |
|
/auto-cc |
k8s-ci-robot
removed
the
needs-rebase
|
/auto-cc |
|
Hi, Very few readers can completely understand the current state and the change proposed in this PR. If you think its worth it, then you can post screenshots of current view and the screenshots of view after changed code. It will help make the PR clear to readers. |
|
Sorry for the delay, got requested for review just now. Your change looks good so far, I'd like to try it locally and come back later. /assign |
Gacko
changed the title
nginx_ingress_controller_ssl_expire_time_seconds.
k8s-ci-robot
added
priority/backlog
sathieu
reviewed
Sep 17, 2024
k8s-ci-robot
removed
the
lgtm
|
Thank you for reviewing @sathieu! /lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alexey-gavrilov-flant, Gacko The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Gacko
changed the title
nginx_ingress_controller_ssl_expire_time_seconds.nginx_ingress_controller_ssl_expire_time_seconds.
|
With this understanding (the namespace was already defined for the metric but never set) we can safely cherry-pick this change to |
|
/cherry-pick release-1.10 |
|
/cherry-pick release-1.11 |
|
@Gacko: once the present PR merges, I will cherry-pick it on top of release-1.10 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@Gacko: once the present PR merges, I will cherry-pick it on top of release-1.11 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/kind bug |
Gacko
removed
the
kind/feature
|
/unhold |
k8s-ci-robot
removed
the
do-not-merge/hold
|
@Gacko: new pull request created: #11985 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@Gacko: new pull request created: #11986 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
juev
added a commit
to deckhouse/deckhouse
that referenced
this pull request
Mar 17, 2025
Signed-off-by: Evsyukov Denis <[email protected]> # Conflicts: # modules/150-user-authn/images/dex/patches/0005-gitlab-refresh-context.patch # modules/150-user-authn/images/dex/patches/0006-static-user-groups.patch # modules/150-user-authn/images/dex/patches/001-go-mod.patch # modules/150-user-authn/images/dex/patches/002-bytes-and-string-certificates.patch # modules/150-user-authn/images/dex/patches/003-client-filters.patch # modules/150-user-authn/images/dex/patches/003-gitlab-refresh-context.patch # modules/150-user-authn/images/dex/patches/004-fix-offline-session-updates.patch # modules/150-user-authn/images/dex/patches/004-static-user-groups.patch # modules/150-user-authn/images/dex/patches/005-gitlab-refresh-context.patch # modules/150-user-authn/images/dex/patches/006-static-user-groups.patch # modules/150-user-authn/images/dex/patches/README.md # modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/001-go-mod.patch # modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/002-fix-kube_pod_tolerations-deduplicate.patch # modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/README.md # modules/500-openvpn/images/ovpn-admin/patches/001-go-mod.patch # modules/500-openvpn/images/ovpn-admin/patches/001-go_mod.patch # modules/500-openvpn/images/ovpn-admin/patches/go_mod.patch diff --git c/modules/015-admission-policy-engine/images/gatekeeper/patches/README.md i/modules/015-admission-policy-engine/images/gatekeeper/patches/README.md index 8fb3293486..5815ee3f28 100644 --- c/modules/015-admission-policy-engine/images/gatekeeper/patches/README.md +++ i/modules/015-admission-policy-engine/images/gatekeeper/patches/README.md @@ -1,4 +1,4 @@ ## Patches -### Go mod +### 001-go-mod.patch This patch updates dependencies' versions to meet security concerns. diff --git c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.28/README.md i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.28/README.md index c7a54deabd..6994d01068 100644 --- c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.28/README.md +++ i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.28/README.md @@ -12,3 +12,7 @@ Ability to create LoadBalancer with type `none`. LoadBalancer with this type wil ## 003-dont-delete-ingress-sg-rules-elb.patch We shouldn't delete Ingress SG rule, if it allows access from configured "ElbSecurityGroup", so that we won't disrupt access to Nodes from other ELBs. + +## 004-bump-deps.patch + +Update dependencies diff --git c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.29/README.md i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.29/README.md index c7a54deabd..6994d01068 100644 --- c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.29/README.md +++ i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.29/README.md @@ -12,3 +12,7 @@ Ability to create LoadBalancer with type `none`. LoadBalancer with this type wil ## 003-dont-delete-ingress-sg-rules-elb.patch We shouldn't delete Ingress SG rule, if it allows access from configured "ElbSecurityGroup", so that we won't disrupt access to Nodes from other ELBs. + +## 004-bump-deps.patch + +Update dependencies diff --git c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.30/README.md i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.30/README.md index c7a54deabd..6994d01068 100644 --- c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.30/README.md +++ i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.30/README.md @@ -12,3 +12,7 @@ Ability to create LoadBalancer with type `none`. LoadBalancer with this type wil ## 003-dont-delete-ingress-sg-rules-elb.patch We shouldn't delete Ingress SG rule, if it allows access from configured "ElbSecurityGroup", so that we won't disrupt access to Nodes from other ELBs. + +## 004-bump-deps.patch + +Update dependencies diff --git c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.31/README.md i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.31/README.md index c7a54deabd..6994d01068 100644 --- c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.31/README.md +++ i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.31/README.md @@ -12,3 +12,7 @@ Ability to create LoadBalancer with type `none`. LoadBalancer with this type wil ## 003-dont-delete-ingress-sg-rules-elb.patch We shouldn't delete Ingress SG rule, if it allows access from configured "ElbSecurityGroup", so that we won't disrupt access to Nodes from other ELBs. + +## 004-bump-deps.patch + +Update dependencies diff --git c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.32/README.md i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.32/README.md index c7a54deabd..6994d01068 100644 --- c/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.32/README.md +++ i/modules/030-cloud-provider-aws/images/cloud-controller-manager/patches/1.32/README.md @@ -12,3 +12,7 @@ Ability to create LoadBalancer with type `none`. LoadBalancer with this type wil ## 003-dont-delete-ingress-sg-rules-elb.patch We shouldn't delete Ingress SG rule, if it allows access from configured "ElbSecurityGroup", so that we won't disrupt access to Nodes from other ELBs. + +## 004-bump-deps.patch + +Update dependencies diff --git c/modules/030-cloud-provider-aws/images/ebs-csi-plugin/patches/v1.34.0/README.md i/modules/030-cloud-provider-aws/images/ebs-csi-plugin/patches/v1.34.0/README.md new file mode 100644 index 0000000000..6a495afd8c --- /dev/null +++ i/modules/030-cloud-provider-aws/images/ebs-csi-plugin/patches/v1.34.0/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-bump-deps.patch + +Update dependencies diff --git c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.28/README.md i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.28/README.md index f15cb70ffe..aa1178f0aa 100644 --- c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.28/README.md +++ i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.28/README.md @@ -1,4 +1,4 @@ -### options.patch +### 001-options.patch This patch add NodeController options to main context object CloudControllerManager from package "k8s.io/cloud-provider/options" witch return flag "node controller". diff --git c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.29/README.md i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.29/README.md index f15cb70ffe..aa1178f0aa 100644 --- c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.29/README.md +++ i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.29/README.md @@ -1,4 +1,4 @@ -### options.patch +### 001-options.patch This patch add NodeController options to main context object CloudControllerManager from package "k8s.io/cloud-provider/options" witch return flag "node controller". diff --git c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.30/README.md i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.30/README.md index f15cb70ffe..aa1178f0aa 100644 --- c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.30/README.md +++ i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.30/README.md @@ -1,4 +1,4 @@ -### options.patch +### 001-options.patch This patch add NodeController options to main context object CloudControllerManager from package "k8s.io/cloud-provider/options" witch return flag "node controller". diff --git c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.31/README.md i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.31/README.md index f15cb70ffe..aa1178f0aa 100644 --- c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.31/README.md +++ i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.31/README.md @@ -1,4 +1,4 @@ -### options.patch +### 001-options.patch This patch add NodeController options to main context object CloudControllerManager from package "k8s.io/cloud-provider/options" witch return flag "node controller". diff --git c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.32/README.md i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.32/README.md index f15cb70ffe..970b9e844e 100644 --- c/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.32/README.md +++ i/modules/030-cloud-provider-azure/images/cloud-controller-manager/patches/1.32/README.md @@ -1,7 +1,3 @@ -### options.patch +### 001-options.patch This patch add NodeController options to main context object CloudControllerManager from package "k8s.io/cloud-provider/options" witch return flag "node controller". - -### 002-bump-deps.patch - -Fixes CVEs (bumps go mod) diff --git c/modules/030-cloud-provider-gcp/images/cloud-controller-manager/patches/ccm-v28.10.0/README.md i/modules/030-cloud-provider-gcp/images/cloud-controller-manager/patches/ccm-v28.10.0/README.md new file mode 100644 index 0000000000..18d6d247bc --- /dev/null +++ i/modules/030-cloud-provider-gcp/images/cloud-controller-manager/patches/ccm-v28.10.0/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-fix-cve.patch + +Update dependencies diff --git c/modules/030-cloud-provider-gcp/images/cloud-controller-manager/patches/ccm-v29.5.1/README.md i/modules/030-cloud-provider-gcp/images/cloud-controller-manager/patches/ccm-v29.5.1/README.md new file mode 100644 index 0000000000..18d6d247bc --- /dev/null +++ i/modules/030-cloud-provider-gcp/images/cloud-controller-manager/patches/ccm-v29.5.1/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-fix-cve.patch + +Update dependencies diff --git c/modules/030-cloud-provider-gcp/images/cloud-controller-manager/patches/ccm-v30.1.4/README.md i/modules/030-cloud-provider-gcp/images/cloud-controller-manager/patches/ccm-v30.1.4/README.md new file mode 100644 index 0000000000..18d6d247bc --- /dev/null +++ i/modules/030-cloud-provider-gcp/images/cloud-controller-manager/patches/ccm-v30.1.4/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-fix-cve.patch + +Update dependencies diff --git c/modules/030-cloud-provider-gcp/images/pd-csi-plugin/patches/v1.12.13/README.md i/modules/030-cloud-provider-gcp/images/pd-csi-plugin/patches/v1.12.13/README.md new file mode 100644 index 0000000000..18d6d247bc --- /dev/null +++ i/modules/030-cloud-provider-gcp/images/pd-csi-plugin/patches/v1.12.13/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-fix-cve.patch + +Update dependencies diff --git c/modules/030-cloud-provider-gcp/images/pd-csi-plugin/patches/v1.15.4/README.md i/modules/030-cloud-provider-gcp/images/pd-csi-plugin/patches/v1.15.4/README.md new file mode 100644 index 0000000000..18d6d247bc --- /dev/null +++ i/modules/030-cloud-provider-gcp/images/pd-csi-plugin/patches/v1.15.4/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-fix-cve.patch + +Update dependencies diff --git c/modules/031-ceph-csi/images/cephcsi/patches/go_mod.patch i/modules/031-ceph-csi/images/cephcsi/patches/001-go_mod.patch similarity index 100% rename from modules/031-ceph-csi/images/cephcsi/patches/go_mod.patch rename to modules/031-ceph-csi/images/cephcsi/patches/001-go_mod.patch diff --git c/modules/031-ceph-csi/images/cephcsi/patches/README.md i/modules/031-ceph-csi/images/cephcsi/patches/README.md index 6260f1b625..263baad779 100644 --- c/modules/031-ceph-csi/images/cephcsi/patches/README.md +++ i/modules/031-ceph-csi/images/cephcsi/patches/README.md @@ -1,6 +1,6 @@ ## Patches -### Go mod +### 001-go_mod.patch To create this patch run commands: @@ -16,6 +16,6 @@ go get k8s.io/[email protected] #replase all in k8s.io v0.24.4 -> v0.24.17 go mod tidy -git diff > patches/go_mod.patch -#git apply patches/go_mod.patch +git diff > patches/001-go_mod.patch +#git apply patches/001-go_mod.patch ``` diff --git c/modules/031-local-path-provisioner/images/local-path-provisioner/patches/README.md i/modules/031-local-path-provisioner/images/local-path-provisioner/patches/README.md index 6ed4a2ea96..305abd3085 100644 --- c/modules/031-local-path-provisioner/images/local-path-provisioner/patches/README.md +++ i/modules/031-local-path-provisioner/images/local-path-provisioner/patches/README.md @@ -1,6 +1,10 @@ ## Patches -### Fix DirectoryOrCreate +### 001-go-mod.patch + +Update dependencies + +### 002-fix-directory-or-create.patch Use `type: Directory` instead of `type: DirectoryOrCreate` for created PVs to avoid the situations when initial storage is broken and unmounted. diff --git c/modules/040-control-plane-manager/images/etcd/patches/README.md i/modules/040-control-plane-manager/images/etcd/patches/README.md new file mode 100644 index 0000000000..8cc491644f --- /dev/null +++ i/modules/040-control-plane-manager/images/etcd/patches/README.md @@ -0,0 +1,9 @@ +## Patches + +### 001-go-mod.patch + +Update dependencies + +### 002-etcdctl-snapshot-pipe.patch + +feature: support for piping snapshot to stdout \ No newline at end of file diff --git c/modules/040-node-manager/images/capi-controller-manager/patches/README.MD i/modules/040-node-manager/images/capi-controller-manager/patches/README.MD index 16fc2379ad..1b60d06349 100644 --- c/modules/040-node-manager/images/capi-controller-manager/patches/README.MD +++ i/modules/040-node-manager/images/capi-controller-manager/patches/README.MD @@ -1,5 +1,5 @@ ## Patches -### Fix go.mod +### 001-go-mod.patch Bump libraries versions to resolve CVE diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/go_mod.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/001-go_mod.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.28/go_mod.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.28/001-go_mod.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/kruise-ads.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/002-kruise-ads.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.28/kruise-ads.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.28/002-kruise-ads.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/scale-from-zero.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/003-scale-from-zero.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.28/scale-from-zero.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.28/003-scale-from-zero.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/README.md i/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/README.md index 43fb9b68d5..ea6a423297 100644 --- c/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/README.md +++ i/modules/040-node-manager/images/cluster-autoscaler/patches/1.28/README.md @@ -1,6 +1,6 @@ ## Patches -### Go mod +### 001-go_mod.patch To create this patch run commands: @@ -17,7 +17,14 @@ go get k8s.io/[email protected] go get k8s.io/[email protected] #replase all in k8s.io v0.28.0 -> v0.28.15 go mod tidy -git diff > patches/go_mod.patch -#git apply patches/go_mod.patch +git diff > patches/001-go_mod.patch +#git apply patches/001-go_mod.patch ``` +### 002-kruise-ads.patch + +TODO: add description + +### 003-scale-from-zero.patch + +TODO: add description diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/go_mod.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/001-go_mod.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.29/go_mod.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.29/001-go_mod.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/kruise-ads.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/002-kruise-ads.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.29/kruise-ads.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.29/002-kruise-ads.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/scale-from-zero.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/003-scale-from-zero.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.29/scale-from-zero.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.29/003-scale-from-zero.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/README.md i/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/README.md index 7710945910..703777d601 100644 --- c/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/README.md +++ i/modules/040-node-manager/images/cluster-autoscaler/patches/1.29/README.md @@ -1,6 +1,6 @@ ## Patches -### Go mod +### 001-go_mod.patch To create this patch run commands: @@ -16,7 +16,14 @@ go get k8s.io/[email protected] go get k8s.io/[email protected] #replase all in k8s.io v0.29.6 -> v0.29.12 go mod tidy -git diff > patches/go_mod.patch -#git apply patches/go_mod.patch +git diff > patches/001-go_mod.patch +#git apply patches/001-go_mod.patch ``` +### 002-kruise-ads.patch + +TODO: add description + +### 003-scale-from-zero.patch + +TODO: add description diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/go_mod.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/001-go_mod.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.30/go_mod.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.30/001-go_mod.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/kruise-ads.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/002-kruise-ads.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.30/kruise-ads.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.30/002-kruise-ads.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/scale-from-zero.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/003-scale-from-zero.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.30/scale-from-zero.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.30/003-scale-from-zero.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/README.md i/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/README.md index 84ea5ddaae..b2464f8d8b 100644 --- c/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/README.md +++ i/modules/040-node-manager/images/cluster-autoscaler/patches/1.30/README.md @@ -1,6 +1,6 @@ ## Patches -### Go mod +### 001-go_mod.patch To create this patch run commands: @@ -19,7 +19,14 @@ cd apis go get golang.org/x/[email protected] cd .. go mod tidy -git diff > patches/go_mod.patch -#git apply patches/go_mod.patch +git diff > patches/001-go_mod.patch +#git apply patches/001-go_mod.patch ``` +### 002-kruise-ads.patch + +TODO: add description + +### 003-scale-from-zero.patch + +TODO: add description diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/go_mod.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/001-go_mod.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.31/go_mod.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.31/001-go_mod.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/kruise-ads.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/002-kruise-ads.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.31/kruise-ads.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.31/002-kruise-ads.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/scale-from-zero.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/003-scale-from-zero.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.31/scale-from-zero.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.31/003-scale-from-zero.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/README.md i/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/README.md index 84ea5ddaae..b2464f8d8b 100644 --- c/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/README.md +++ i/modules/040-node-manager/images/cluster-autoscaler/patches/1.31/README.md @@ -1,6 +1,6 @@ ## Patches -### Go mod +### 001-go_mod.patch To create this patch run commands: @@ -19,7 +19,14 @@ cd apis go get golang.org/x/[email protected] cd .. go mod tidy -git diff > patches/go_mod.patch -#git apply patches/go_mod.patch +git diff > patches/001-go_mod.patch +#git apply patches/001-go_mod.patch ``` +### 002-kruise-ads.patch + +TODO: add description + +### 003-scale-from-zero.patch + +TODO: add description diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/go_mod.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/001-go_mod.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.32/go_mod.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.32/001-go_mod.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/kruise-ads.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/002-kruise-ads.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.32/kruise-ads.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.32/002-kruise-ads.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/scale-from-zero.patch i/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/003-scale-from-zero.patch similarity index 100% rename from modules/040-node-manager/images/cluster-autoscaler/patches/1.32/scale-from-zero.patch rename to modules/040-node-manager/images/cluster-autoscaler/patches/1.32/003-scale-from-zero.patch diff --git c/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/README.md i/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/README.md index 84ea5ddaae..b2464f8d8b 100644 --- c/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/README.md +++ i/modules/040-node-manager/images/cluster-autoscaler/patches/1.32/README.md @@ -1,6 +1,6 @@ ## Patches -### Go mod +### 001-go_mod.patch To create this patch run commands: @@ -19,7 +19,14 @@ cd apis go get golang.org/x/[email protected] cd .. go mod tidy -git diff > patches/go_mod.patch -#git apply patches/go_mod.patch +git diff > patches/001-go_mod.patch +#git apply patches/001-go_mod.patch ``` +### 002-kruise-ads.patch + +TODO: add description + +### 003-scale-from-zero.patch + +TODO: add description diff --git c/modules/040-terraform-manager/images/terraform-manager-aws/patches/gomod_update.patch i/modules/040-terraform-manager/images/terraform-manager-aws/patches/001-gomod_update.patch similarity index 100% rename from modules/040-terraform-manager/images/terraform-manager-aws/patches/gomod_update.patch rename to modules/040-terraform-manager/images/terraform-manager-aws/patches/001-gomod_update.patch diff --git c/modules/040-terraform-manager/images/terraform-manager-aws/patches/README.md i/modules/040-terraform-manager/images/terraform-manager-aws/patches/README.md new file mode 100644 index 0000000000..b29fe33570 --- /dev/null +++ i/modules/040-terraform-manager/images/terraform-manager-aws/patches/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-gomod_update.patch + +Update dependencies diff --git c/modules/040-terraform-manager/images/terraform-manager-gcp/patches/go_mod.patch i/modules/040-terraform-manager/images/terraform-manager-gcp/patches/001-go_mod.patch similarity index 100% rename from modules/040-terraform-manager/images/terraform-manager-gcp/patches/go_mod.patch rename to modules/040-terraform-manager/images/terraform-manager-gcp/patches/001-go_mod.patch diff --git c/modules/040-terraform-manager/images/terraform-manager-gcp/patches/remove_routes_on_deletion.patch i/modules/040-terraform-manager/images/terraform-manager-gcp/patches/002-remove_routes_on_deletion.patch similarity index 100% rename from modules/040-terraform-manager/images/terraform-manager-gcp/patches/remove_routes_on_deletion.patch rename to modules/040-terraform-manager/images/terraform-manager-gcp/patches/002-remove_routes_on_deletion.patch diff --git c/modules/040-terraform-manager/images/terraform-manager-gcp/patches/README.md i/modules/040-terraform-manager/images/terraform-manager-gcp/patches/README.md index 6247d5216d..2a61665823 100644 --- c/modules/040-terraform-manager/images/terraform-manager-gcp/patches/README.md +++ i/modules/040-terraform-manager/images/terraform-manager-gcp/patches/README.md @@ -1,9 +1,10 @@ ## Patches -### remove_routes_on_deletion +### 002-remove_routes_on_deletion.patch + https://github.com/flant/terraform-provider-google/compare/v3.48.0...v3.48.0-flant.1 -### Go mod +### 001-go_mod.patch To create this patch run commands: diff --git c/modules/040-terraform-manager/images/terraform-manager-yandex/patches/bump_packages_version.patch i/modules/040-terraform-manager/images/terraform-manager-yandex/patches/001-bump_packages_version.patch similarity index 100% rename from modules/040-terraform-manager/images/terraform-manager-yandex/patches/bump_packages_version.patch rename to modules/040-terraform-manager/images/terraform-manager-yandex/patches/001-bump_packages_version.patch diff --git c/modules/040-terraform-manager/images/terraform-manager-yandex/patches/readme.md i/modules/040-terraform-manager/images/terraform-manager-yandex/patches/readme.md index 9590fbc2ed..6d3675834a 100644 --- c/modules/040-terraform-manager/images/terraform-manager-yandex/patches/readme.md +++ i/modules/040-terraform-manager/images/terraform-manager-yandex/patches/readme.md @@ -1 +1,5 @@ +# Patches + +## 001-bump_packages_version.patch + bump_packages_version.patch - bump packages version for fix cve diff --git c/modules/101-cert-manager/images/cert-manager-controller/patches/README.md i/modules/101-cert-manager/images/cert-manager-controller/patches/README.md index a111bf8986..13c12d3296 100644 --- c/modules/101-cert-manager/images/cert-manager-controller/patches/README.md +++ i/modules/101-cert-manager/images/cert-manager-controller/patches/README.md @@ -1,10 +1,10 @@ ## Patches -### go-mod.patch +### 001-go-mod.patch Bump libraries versions to fix security errors. -### Certificate owner ref +### 002-certificate_owner_ref.patch Adds `CertificateOwnerRef` flag to Certificate CRD. `CertificateOwnerRef` flag is whether to set the certificate resource as an owner of a secret where the TLS certificate is stored. When this flag is enabled, the secret will be automatically removed when the certificate resource is deleted. https://github.com/cert-manager/cert-manager/pull/5158 diff --git c/modules/110-istio/images/common-v1x19x7/patches/istio-001-apply_go.patch i/modules/110-istio/images/common-v1x19x7/patches/001-istio-apply_go.patch similarity index 100% rename from modules/110-istio/images/common-v1x19x7/patches/istio-001-apply_go.patch rename to modules/110-istio/images/common-v1x19x7/patches/001-istio-apply_go.patch diff --git c/modules/110-istio/images/common-v1x19x7/patches/kiali-001-node.patch i/modules/110-istio/images/common-v1x19x7/patches/001-kiali-node.patch similarity index 100% rename from modules/110-istio/images/common-v1x19x7/patches/kiali-001-node.patch rename to modules/110-istio/images/common-v1x19x7/patches/001-kiali-node.patch diff --git c/modules/110-istio/images/common-v1x19x7/patches/istio-002-go-mod.patch i/modules/110-istio/images/common-v1x19x7/patches/002-istio-go-mod.patch similarity index 100% rename from modules/110-istio/images/common-v1x19x7/patches/istio-002-go-mod.patch rename to modules/110-istio/images/common-v1x19x7/patches/002-istio-go-mod.patch diff --git c/modules/110-istio/images/common-v1x19x7/patches/kiali-002-go-mod.patch i/modules/110-istio/images/common-v1x19x7/patches/002-kiali-go-mod.patch similarity index 100% rename from modules/110-istio/images/common-v1x19x7/patches/kiali-002-go-mod.patch rename to modules/110-istio/images/common-v1x19x7/patches/002-kiali-go-mod.patch diff --git c/modules/110-istio/images/common-v1x19x7/patches/README.md i/modules/110-istio/images/common-v1x19x7/patches/README.md index d545ac79b0..5ac24412be 100644 --- c/modules/110-istio/images/common-v1x19x7/patches/README.md +++ i/modules/110-istio/images/common-v1x19x7/patches/README.md @@ -1,17 +1,17 @@ # Patches -## istio-001-apply_go.patch +## 001-istio-apply_go.patch Fix Istio Operator healt status -## istio-002-gomod_gosum.patch +## 002-istio-go-mod.patch Fix CVE -## kiali-001-node.patch +## 001-kiali-node.patch Update node version for build frontend -## kiali-002-go-mod.patch +## 002-kiali-go-mod.patch Fix CVE diff --git c/modules/110-istio/images/common-v1x21x6/patches/istio-001-apply_go.patch i/modules/110-istio/images/common-v1x21x6/patches/001-istio-apply_go.patch similarity index 100% rename from modules/110-istio/images/common-v1x21x6/patches/istio-001-apply_go.patch rename to modules/110-istio/images/common-v1x21x6/patches/001-istio-apply_go.patch diff --git c/modules/110-istio/images/common-v1x21x6/patches/kiali-001-go-mod.patch i/modules/110-istio/images/common-v1x21x6/patches/001-kiali-go-mod.patch similarity index 100% rename from modules/110-istio/images/common-v1x21x6/patches/kiali-001-go-mod.patch rename to modules/110-istio/images/common-v1x21x6/patches/001-kiali-go-mod.patch diff --git c/modules/110-istio/images/common-v1x21x6/patches/istio-002-gomod_gosum.patch i/modules/110-istio/images/common-v1x21x6/patches/002-istio-gomod_gosum.patch similarity index 100% rename from modules/110-istio/images/common-v1x21x6/patches/istio-002-gomod_gosum.patch rename to modules/110-istio/images/common-v1x21x6/patches/002-istio-gomod_gosum.patch diff --git c/modules/110-istio/images/common-v1x21x6/patches/istio-003-server_fmtText.patch i/modules/110-istio/images/common-v1x21x6/patches/003-istio-server_fmtText.patch similarity index 100% rename from modules/110-istio/images/common-v1x21x6/patches/istio-003-server_fmtText.patch rename to modules/110-istio/images/common-v1x21x6/patches/003-istio-server_fmtText.patch diff --git c/modules/110-istio/images/common-v1x21x6/patches/README.md i/modules/110-istio/images/common-v1x21x6/patches/README.md index 5c6852a9cd..f8f7192230 100644 --- c/modules/110-istio/images/common-v1x21x6/patches/README.md +++ i/modules/110-istio/images/common-v1x21x6/patches/README.md @@ -1,20 +1,20 @@ # Patches -## istio-001-apply_go.patch +## 001-istio-apply_go.patch Fix Istio Operator healt status -## istio-002-gomod_gosum.patch +## 002-istio-gomod_gosum.patch Fix CVE -## istio-003-server_fmtText.patch +## 003-istio-server_fmtText.patch Fix use expfmt library in pilot-agent. This library used for format metrics. > [!WARNING] > **After update istio to version 1.22.X and above need delete this patch!** -## kiali-001-go-mod.patch +## 001-kiali-go-mod.patch Fix CVE diff --git c/modules/150-user-authn/images/dex/patches/001-go-mod.patch i/modules/150-user-authn/images/dex/patches/001-go-mod.patch index c1360a2d48..2afc8c6ebb 100644 --- c/modules/150-user-authn/images/dex/patches/001-go-mod.patch +++ i/modules/150-user-authn/images/dex/patches/001-go-mod.patch @@ -4,15 +4,15 @@ index 8404620f..c2ab1e8c 100644 +++ w/go.mod @@ -1,6 +1,6 @@ module github.com/dexidp/dex - + -go 1.24 +go 1.23 - + require ( cloud.google.com/go/compute/metadata v0.6.0 @@ -111,5 +111,3 @@ require ( ) - + replace github.com/dexidp/dex/api/v2 => ./api/v2 - -tool entgo.io/ent/cmd/ent diff --git c/modules/150-user-authn/images/dex/patches/002-bytes-and-string-certificates.patch i/modules/150-user-authn/images/dex/patches/002-bytes-and-string-certificates.patch new file mode 100644 index 0000000000..e69de29bb2 diff --git c/modules/150-user-authn/images/dex/patches/003-client-filters.patch i/modules/150-user-authn/images/dex/patches/003-client-filters.patch new file mode 100644 index 0000000000..e69de29bb2 diff --git c/modules/150-user-authn/images/dex/patches/003-gitlab-refresh-context.patch i/modules/150-user-authn/images/dex/patches/003-gitlab-refresh-context.patch index eab66dbaff..e69de29bb2 100644 --- c/modules/150-user-authn/images/dex/patches/003-gitlab-refresh-context.patch +++ i/modules/150-user-authn/images/dex/patches/003-gitlab-refresh-context.patch @@ -1,16 +0,0 @@ -diff --git i/connector/gitlab/gitlab.go w/connector/gitlab/gitlab.go -index 7aa44398..43294fb1 100644 ---- i/connector/gitlab/gitlab.go -+++ w/connector/gitlab/gitlab.go -@@ -190,7 +190,10 @@ func (c *gitlabConnector) identity(ctx context.Context, s connector.Scopes, toke - return identity, nil - } - --func (c *gitlabConnector) Refresh(ctx context.Context, s connector.Scopes, ident connector.Identity) (connector.Identity, error) { -+func (c *gitlabConnector) Refresh(_ context.Context, s connector.Scopes, ident connector.Identity) (connector.Identity, error) { -+ ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second) -+ defer cancel() -+ - var data connectorData - if err := json.Unmarshal(ident.ConnectorData, &data); err != nil { - return ident, fmt.Errorf("gitlab: unmarshal connector data: %v", err) diff --git c/modules/150-user-authn/images/dex/patches/004-fix-offline-session-updates.patch i/modules/150-user-authn/images/dex/patches/004-fix-offline-session-updates.patch new file mode 100644 index 0000000000..e69de29bb2 diff --git c/modules/150-user-authn/images/dex/patches/004-static-user-groups.patch i/modules/150-user-authn/images/dex/patches/004-static-user-groups.patch index 6ce1f48d41..e69de29bb2 100644 --- c/modules/150-user-authn/images/dex/patches/004-static-user-groups.patch +++ i/modules/150-user-authn/images/dex/patches/004-static-user-groups.patch @@ -1,160 +0,0 @@ -diff --git i/cmd/dex/config.go w/cmd/dex/config.go -index aa49a181..527d0754 100644 ---- i/cmd/dex/config.go -+++ w/cmd/dex/config.go -@@ -95,11 +95,12 @@ type password storage.Password - - func (p *password) UnmarshalJSON(b []byte) error { - var data struct { -- Email string `json:"email"` -- Username string `json:"username"` -- UserID string `json:"userID"` -- Hash string `json:"hash"` -- HashFromEnv string `json:"hashFromEnv"` -+ Email string `json:"email"` -+ Username string `json:"username"` -+ UserID string `json:"userID"` -+ Hash string `json:"hash"` -+ HashFromEnv string `json:"hashFromEnv"` -+ Groups []string `json:"groups"` - } - if err := json.Unmarshal(b, &data); err != nil { - return err -@@ -108,6 +109,7 @@ func (p *password) UnmarshalJSON(b []byte) error { - Email: data.Email, - Username: data.Username, - UserID: data.UserID, -+ Groups: data.Groups, - }) - if len(data.Hash) == 0 && len(data.HashFromEnv) > 0 { - data.Hash = os.Getenv(data.HashFromEnv) -diff --git i/server/server.go w/server/server.go -index 8c046296..72f68510 100644 ---- i/server/server.go -+++ w/server/server.go -@@ -555,6 +555,7 @@ func (db passwordDB) Login(ctx context.Context, s connector.Scopes, email, passw - Username: p.Username, - Email: p.Email, - EmailVerified: true, -+ Groups: p.Groups, - }, true, nil - } - -@@ -579,6 +580,7 @@ func (db passwordDB) Refresh(ctx context.Context, s connector.Scopes, identity c - // No other fields are expected to be refreshable as email is effectively used - // as an ID and this implementation doesn't deal with groups. - identity.Username = p.Username -+ identity.Groups = p.Groups - - return identity, nil - } -diff --git i/storage/kubernetes/types.go w/storage/kubernetes/types.go -index c126ddc0..38c910b5 100644 ---- i/storage/kubernetes/types.go -+++ w/storage/kubernetes/types.go -@@ -431,9 +431,10 @@ type Password struct { - // This field is IMMUTABLE. Do not change. - Email string `json:"email,omitempty"` - -- Hash []byte `json:"hash,omitempty"` -- Username string `json:"username,omitempty"` -- UserID string `json:"userID,omitempty"` -+ Hash []byte `json:"hash,omitempty"` -+ Username string `json:"username,omitempty"` -+ UserID string `json:"userID,omitempty"` -+ Groups []string `json:"groups,omitempty"` - } - - // PasswordList is a list of Passwords. -@@ -458,6 +459,7 @@ func (cli *client) fromStoragePassword(p storage.Password) Password { - Hash: p.Hash, - Username: p.Username, - UserID: p.UserID, -+ Groups: p.Groups, - } - } - -@@ -467,6 +469,7 @@ func toStoragePassword(p Password) storage.Password { - Hash: p.Hash, - Username: p.Username, - UserID: p.UserID, -+ Groups: p.Groups, - } - } - -diff --git i/storage/sql/crud.go w/storage/sql/crud.go -index a9ca3816..10a737b8 100644 ---- i/storage/sql/crud.go -+++ w/storage/sql/crud.go -@@ -598,13 +598,13 @@ func (c *conn) CreatePassword(ctx context.Context, p storage.Password) error { - p.Email = strings.ToLower(p.Email) - _, err := c.Exec(` - insert into password ( -- email, hash, username, user_id -+ email, hash, username, user_id, groups - ) - values ( -- $1, $2, $3, $4 -+ $1, $2, $3, $4, $5 - ); - `, -- p.Email, p.Hash, p.Username, p.UserID, -+ p.Email, p.Hash, p.Username, p.UserID, encoder(p.Groups), - ) - if err != nil { - if c.alreadyExistsCheck(err) { -@@ -629,10 +629,10 @@ func (c *conn) UpdatePassword(ctx context.Context, email string, updater func(p - _, err = tx.Exec(` - update password - set -- hash = $1, username = $2, user_id = $3 -- where email = $4; -+ hash = $1, username = $2, user_id = $3, groups = $4 -+ where email = $5; - `, -- np.Hash, np.Username, np.UserID, p.Email, -+ np.Hash, np.Username, np.UserID, encoder(p.Groups), p.Email, - ) - if err != nil { - return fmt.Errorf("update password: %v", err) -@@ -648,7 +648,7 @@ func (c *conn) GetPassword(ctx context.Context, email string) (storage.Password, - func getPassword(ctx context.Context, q querier, email string) (p storage.Password, err error) { - return scanPassword(q.QueryRow(` - select -- email, hash, username, user_id -+ email, hash, username, user_id, groups - from password where email = $1; - `, strings.ToLower(email))) - } -@@ -656,7 +656,7 @@ func getPassword(ctx context.Context, q querier, email string) (p storage.Passwo - func (c *conn) ListPasswords(ctx context.Context) ([]storage.Password, error) { - rows, err := c.Query(` - select -- email, hash, username, user_id -+ email, hash, username, user_id, groups - from password; - `) - if err != nil { -@@ -680,7 +680,7 @@ func (c *conn) ListPasswords(ctx context.Context) ([]storage.Password, error) { - - func scanPassword(s scanner) (p storage.Password, err error) { - err = s.Scan( -- &p.Email, &p.Hash, &p.Username, &p.UserID, -+ &p.Email, &p.Hash, &p.Username, &p.UserID, decoder(&p.Groups), - ) - if err != nil { - if err == sql.ErrNoRows { -diff --git i/storage/storage.go w/storage/storage.go -index 574b0a5a..fb93d027 100644 ---- i/storage/storage.go -+++ w/storage/storage.go -@@ -354,6 +354,9 @@ type Password struct { - - // Randomly generated user ID. This is NOT the primary ID of the Password object. - UserID string `json:"userID"` -+ -+ // Groups assigned to the user -+ Groups []string `json:"groups"` - } - - // Connector is an object that contains the metadata about connectors used to login to Dex. diff --git c/modules/150-user-authn/images/dex/patches/005-gitlab-refresh-context.patch i/modules/150-user-authn/images/dex/patches/005-gitlab-refresh-context.patch new file mode 100644 index 0000000000..e69de29bb2 diff --git c/modules/150-user-authn/images/dex/patches/006-static-user-groups.patch i/modules/150-user-authn/images/dex/patches/006-static-user-groups.patch new file mode 100644 index 0000000000..e69de29bb2 diff --git c/modules/150-user-authn/images/dex/patches/README.md i/modules/150-user-authn/images/dex/patches/README.md index 61e9d10acc..7789ba5325 100644 --- c/modules/150-user-authn/images/dex/patches/README.md +++ i/modules/150-user-authn/images/dex/patches/README.md @@ -20,3 +20,15 @@ To avoid this, this patch makes refresh requests to declare and utilize their ow ### 004-static-user-groups.patch Adding group entity to kubernetes authentication. + +### 005-gitlab-refresh-context.patch + +Refresh can be called only one. By propagating a context of the user request, refresh can accidentally canceled. + +To avoid this, this patch makes refresh requests to declare and utilize their own contexts. + +### 006-static-user-groups.patch + +Allows setting groups for the `User` kind. It makes convenient authenticating as user alongside having another IdP. + +This problem is not solved in upstream, and our patch will not be accepted. diff --git c/modules/150-user-authn/images/kubeconfig-generator/patches/deps.patch i/modules/150-user-authn/images/kubeconfig-generator/patches/001-deps.patch similarity index 100% rename from modules/150-user-authn/images/kubeconfig-generator/patches/deps.patch rename to modules/150-user-authn/images/kubeconfig-generator/patches/001-deps.patch diff --git c/modules/150-user-authn/images/kubeconfig-generator/patches/already_logged.patch i/modules/150-user-authn/images/kubeconfig-generator/patches/002-already_logged.patch similarity index 100% rename from modules/150-user-authn/images/kubeconfig-generator/patches/already_logged.patch rename to modules/150-user-authn/images/kubeconfig-generator/patches/002-already_logged.patch diff --git c/modules/150-user-authn/images/kubeconfig-generator/patches/README.md i/modules/150-user-authn/images/kubeconfig-generator/patches/README.md new file mode 100644 index 0000000000..928fc233a1 --- /dev/null +++ i/modules/150-user-authn/images/kubeconfig-generator/patches/README.md @@ -0,0 +1,9 @@ +# Patches + +## 001-deps.patch + +Update dependencies + +## 002-already_logged.patch + +patch diff --git c/modules/200-operator-prometheus/images/prometheus-operator/patches/001_endpointslices.patch i/modules/200-operator-prometheus/images/prometheus-operator/patches/001-endpointslices.patch similarity index 100% rename from modules/200-operator-prometheus/images/prometheus-operator/patches/001_endpointslices.patch rename to modules/200-operator-prometheus/images/prometheus-operator/patches/001-endpointslices.patch diff --git c/modules/200-operator-prometheus/images/prometheus-operator/patches/002_endpointslices_fallback.patch i/modules/200-operator-prometheus/images/prometheus-operator/patches/002-endpointslices_fallback.patch similarity index 100% rename from modules/200-operator-prometheus/images/prometheus-operator/patches/002_endpointslices_fallback.patch rename to modules/200-operator-prometheus/images/prometheus-operator/patches/002-endpointslices_fallback.patch diff --git c/modules/200-operator-prometheus/images/prometheus-operator/patches/003_alertmanager_tls_assets.patch i/modules/200-operator-prometheus/images/prometheus-operator/patches/003-alertmanager_tls_assets.patch similarity index 100% rename from modules/200-operator-prometheus/images/prometheus-operator/patches/003_alertmanager_tls_assets.patch rename to modules/200-operator-prometheus/images/prometheus-operator/patches/003-alertmanager_tls_assets.patch diff --git c/modules/200-operator-prometheus/images/prometheus-operator/patches/004_fix_cve.patch i/modules/200-operator-prometheus/images/prometheus-operator/patches/004-fix_cve.patch similarity index 100% rename from modules/200-operator-prometheus/images/prometheus-operator/patches/004_fix_cve.patch rename to modules/200-operator-prometheus/images/prometheus-operator/patches/004-fix_cve.patch diff --git c/modules/200-operator-prometheus/images/prometheus-operator/patches/README.md i/modules/200-operator-prometheus/images/prometheus-operator/patches/README.md index bc32a6e0ee..0eac3b80b2 100644 --- c/modules/200-operator-prometheus/images/prometheus-operator/patches/README.md +++ i/modules/200-operator-prometheus/images/prometheus-operator/patches/README.md @@ -1,7 +1,7 @@ # Patches +## 001-endpointslices.patch -### 001-endpointslices EndpointSlices support for ServiceMonitor in the prometheus-operator is disabled by default. We enable it by checking EndpointSlice API in a Kubernetes cluster. It's enabled from version 1.21 so it should work always. Also add Alertmanager support via EndpointSlice. @@ -9,8 +9,8 @@ Upstream has 2 issues, why it's not enabled by default: - https://github.com/prometheus-operator/prometheus-operator/pull/5291 - https://github.com/prometheus-operator/prometheus-operator/issues/3862#issuecomment-1068260430 +## 002-endpointslices_fallback.patch -### 002-endpointslices_fallback Client ServiceMonitors could have labels based on `__meta_kubernetes_endpoints_` metric. So, we add labels mapping from `__meta_kubernetes_endpointslice_XXX` to `__meta_kubernetes_endpoints_XXX` and fire an alert for those ServiceMonitors @@ -29,11 +29,11 @@ __meta_kubernetes_endpoint_address_target_kind - __meta_kubernetes_endpointslice __meta_kubernetes_endpoint_address_target_name - __meta_kubernetes_endpointslice_address_target_name ``` -### 003_alertmanager_tls_assets +## 003-alertmanager_tls_assets.patch + Prometheus operator does not save TLS assets for alertmanager Webhook and Email recievers in the secret which mounted in alert manager pod. This patch fix it. - -### 004_fix_cve +## 004-fix_cve.patch Fixes several CVEs. diff --git c/modules/300-prometheus/images/alertmanager/patches/README.md i/modules/300-prometheus/images/alertmanager/patches/README.md new file mode 100644 index 0000000000..18d6d247bc --- /dev/null +++ i/modules/300-prometheus/images/alertmanager/patches/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-fix-cve.patch + +Update dependencies diff --git c/modules/300-prometheus/images/grafana-v10/patches/security.patch i/modules/300-prometheus/images/grafana-v10/patches/001-security.patch similarity index 100% rename from modules/300-prometheus/images/grafana-v10/patches/security.patch rename to modules/300-prometheus/images/grafana-v10/patches/001-security.patch diff --git c/modules/300-prometheus/images/grafana-v10/patches/README.md i/modules/300-prometheus/images/grafana-v10/patches/README.md new file mode 100644 index 0000000000..b88718a2ef --- /dev/null +++ i/modules/300-prometheus/images/grafana-v10/patches/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-security.patch + +Update dependencies diff --git c/modules/300-prometheus/images/memcached/patches/README.md i/modules/300-prometheus/images/memcached/patches/README.md new file mode 100644 index 0000000000..2d27c27690 --- /dev/null +++ i/modules/300-prometheus/images/memcached/patches/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-fix-cve.patch + +Update dependensies diff --git c/modules/300-prometheus/images/mimir/patches/0001-Update-golang.org-x-net-v0.32.0-v0.33.0.patch i/modules/300-prometheus/images/mimir/patches/001-Update-golang.org-x-net-v0.32.0-v0.33.0.patch similarity index 100% rename from modules/300-prometheus/images/mimir/patches/0001-Update-golang.org-x-net-v0.32.0-v0.33.0.patch rename to modules/300-prometheus/images/mimir/patches/001-Update-golang.org-x-net-v0.32.0-v0.33.0.patch diff --git c/modules/300-prometheus/images/mimir/patches/README.md i/modules/300-prometheus/images/mimir/patches/README.md index c667ce4a4c..5aea8376d3 100644 --- c/modules/300-prometheus/images/mimir/patches/README.md +++ i/modules/300-prometheus/images/mimir/patches/README.md @@ -1,5 +1,5 @@ # Patches -## 001-Update-golang.org-x-net-v0.32.0-v.33.0.patch +## 001-Update-golang.org-x-net-v0.32.0-v0.33.0.patch Updates net package to fix CVE-2024-45338 diff --git c/modules/300-prometheus/images/prometheus/patches/sample_limit_annotation.patch i/modules/300-prometheus/images/prometheus/patches/001-sample_limit_annotation.patch similarity index 100% rename from modules/300-prometheus/images/prometheus/patches/sample_limit_annotation.patch rename to modules/300-prometheus/images/prometheus/patches/001-sample_limit_annotation.patch diff --git c/modules/300-prometheus/images/prometheus/patches/successfully_sent_metric.patch i/modules/300-prometheus/images/prometheus/patches/002-successfully_sent_metric.patch similarity index 100% rename from modules/300-prometheus/images/prometheus/patches/successfully_sent_metric.patch rename to modules/300-prometheus/images/prometheus/patches/002-successfully_sent_metric.patch diff --git c/modules/300-prometheus/images/prometheus/patches/fix-cve.patch i/modules/300-prometheus/images/prometheus/patches/003-fix-cve.patch similarity index 100% rename from modules/300-prometheus/images/prometheus/patches/fix-cve.patch rename to modules/300-prometheus/images/prometheus/patches/003-fix-cve.patch diff --git c/modules/300-prometheus/images/prometheus/patches/README.md i/modules/300-prometheus/images/prometheus/patches/README.md index 9390667cd5..126f75867e 100644 --- c/modules/300-prometheus/images/prometheus/patches/README.md +++ i/modules/300-prometheus/images/prometheus/patches/README.md @@ -1,6 +1,6 @@ ## Patches -### Sample limit annotation +### 001-sample_limit_annotation.patch Limit the number of metrics which Prometheus scrapes from a target. @@ -10,7 +10,10 @@ metadata: prometheus.deckhouse.io/sample-limit: "5000" ``` -### Successfully sent metric +### 002-successfully_sent_metric.patch Exports gauge metric with the count of successfully sent alerts. +### 003-fix-cve.patch + +Update dependencies diff --git c/modules/300-prometheus/images/promxy/patches/0001-update-crypto-net-cve.patch i/modules/300-prometheus/images/promxy/patches/001-update-crypto-net-cve.patch similarity index 100% rename from modules/300-prometheus/images/promxy/patches/0001-update-crypto-net-cve.patch rename to modules/300-prometheus/images/promxy/patches/001-update-crypto-net-cve.patch diff --git c/modules/300-prometheus/images/promxy/patches/README.md i/modules/300-prometheus/images/promxy/patches/README.md index 29bc016534..b79367a4e6 100644 --- c/modules/300-prometheus/images/promxy/patches/README.md +++ i/modules/300-prometheus/images/promxy/patches/README.md @@ -1,5 +1,5 @@ # Patches -## 0001 Update crypto/net packages +## 001-update-crypto-net-cve.patch Updates crypto/net packages to fix CVEs in them. diff --git c/modules/300-prometheus/images/trickster/patches/README.md i/modules/300-prometheus/images/trickster/patches/README.md new file mode 100644 index 0000000000..ab29e40894 --- /dev/null +++ i/modules/300-prometheus/images/trickster/patches/README.md @@ -0,0 +1,5 @@ +## Patches + +## 001-fix-cve.patch + +Update dependencies diff --git c/modules/301-prometheus-metrics-adapter/images/k8s-prometheus-adapter/patches/README.md i/modules/301-prometheus-metrics-adapter/images/k8s-prometheus-adapter/patches/README.md new file mode 100644 index 0000000000..18d6d247bc --- /dev/null +++ i/modules/301-prometheus-metrics-adapter/images/k8s-prometheus-adapter/patches/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-fix-cve.patch + +Update dependencies diff --git c/modules/302-vertical-pod-autoscaler/images/vertical-pod-autoscaler/patches/README.md i/modules/302-vertical-pod-autoscaler/images/vertical-pod-autoscaler/patches/README.md new file mode 100644 index 0000000000..a755b8291a --- /dev/null +++ i/modules/302-vertical-pod-autoscaler/images/vertical-pod-autoscaler/patches/README.md @@ -0,0 +1,13 @@ +# Patches + +## 001-go-mod.patch + +Update dependencies + +## 002-openkruise-daemonset-apiversion.patch + +TODO + +## 003-recommender.patch + +TODO diff --git c/modules/303-prometheus-pushgateway/images/pushgateway/patches/001_fix_cve.patch i/modules/303-prometheus-pushgateway/images/pushgateway/patches/001-fix_cve.patch similarity index 100% rename from modules/303-prometheus-pushgateway/images/pushgateway/patches/001_fix_cve.patch rename to modules/303-prometheus-pushgateway/images/pushgateway/patches/001-fix_cve.patch diff --git c/modules/303-prometheus-pushgateway/images/pushgateway/patches/README.md i/modules/303-prometheus-pushgateway/images/pushgateway/patches/README.md index 5c9337ae67..ba9724430c 100644 --- c/modules/303-prometheus-pushgateway/images/pushgateway/patches/README.md +++ i/modules/303-prometheus-pushgateway/images/pushgateway/patches/README.md @@ -1,6 +1,6 @@ # Patches -### 001_fix_cve +## 001-fix_cve.patch Fixes several CVEs. @@ -11,5 +11,3 @@ go get google.golang.org/[email protected] go mod tidy git diff ``` - -` diff --git c/modules/340-extended-monitoring/images/events-exporter/patches/README.md i/modules/340-extended-monitoring/images/events-exporter/patches/README.md new file mode 100644 index 0000000000..18d6d247bc --- /dev/null +++ i/modules/340-extended-monitoring/images/events-exporter/patches/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-fix-cve.patch + +Update dependencies diff --git c/modules/340-monitoring-kubernetes/images/ebpf-exporter/patches/go-mod.patch i/modules/340-monitoring-kubernetes/images/ebpf-exporter/patches/001-go-mod.patch similarity index 100% rename from modules/340-monitoring-kubernetes/images/ebpf-exporter/patches/go-mod.patch rename to modules/340-monitoring-kubernetes/images/ebpf-exporter/patches/001-go-mod.patch diff --git c/modules/340-monitoring-kubernetes/images/ebpf-exporter/patches/README.md i/modules/340-monitoring-kubernetes/images/ebpf-exporter/patches/README.md new file mode 100644 index 0000000000..0b849756e5 --- /dev/null +++ i/modules/340-monitoring-kubernetes/images/ebpf-exporter/patches/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-go-mod.patch + +Update dependencies diff --git c/modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/001-go-mod.patch i/modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/001-go-mod.patch new file mode 100644 index 0000000000..e69de29bb2 diff --git c/modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/002-fix-kube_pod_tolerations-deduplicate.patch i/modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/002-fix-kube_pod_tolerations-deduplicate.patch new file mode 100644 index 0000000000..e69de29bb2 diff --git c/modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/README.md i/modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/README.md new file mode 100644 index 0000000000..c98ef992c5 --- /dev/null +++ i/modules/340-monitoring-kubernetes/images/kube-state-metrics/patches/README.md @@ -0,0 +1,9 @@ +## Patches + +### 001-go-mod.patch + +Fix CVEs + +### 002-fix-kube_pod_tolerations-deduplicate.patch + +Fixes issues related to duplicated [samples](https://github.com/kubernetes/kube-state-metrics/issues/2390). Must be removed after [fix](https://github.com/kubernetes/kube-state-metrics/pull/2559/files) lands into release version. diff --git c/modules/340-monitoring-kubernetes/images/node-exporter/patches/go-mod.patch i/modules/340-monitoring-kubernetes/images/node-exporter/patches/001-go-mod.patch similarity index 100% rename from modules/340-monitoring-kubernetes/images/node-exporter/patches/go-mod.patch rename to modules/340-monitoring-kubernetes/images/node-exporter/patches/001-go-mod.patch diff --git c/modules/340-monitoring-kubernetes/images/node-exporter/patches/README.md i/modules/340-monitoring-kubernetes/images/node-exporter/patches/README.md new file mode 100644 index 0000000000..0b849756e5 --- /dev/null +++ i/modules/340-monitoring-kubernetes/images/node-exporter/patches/README.md @@ -0,0 +1,5 @@ +## Patches + +### 001-go-mod.patch + +Update dependencies diff --git c/modules/400-descheduler/images/descheduler/patches/README.md i/modules/400-descheduler/images/descheduler/patches/README.md index 58ef5ab7c5..98c3dfd124 100644 --- c/modules/400-descheduler/images/descheduler/patches/README.md +++ i/modules/400-descheduler/images/descheduler/patches/README.md @@ -1,9 +1,13 @@ # Patches -## 001-pod-namespace-selector +## 001-go-mod.patch -Adds support of the namespaceSelector in DefaultEvictor plugin. +Update dependencies -## 002-filter-pods-in-deckhouse-namespaces +## 002-filter-pods-in-deckhouse-namespaces.patch This patch removes pods in `d8-` and `kube-system` namespaces from processing. + +## 003-pod-namespace-selector.patch + +Adds support of the namespaceSelector in DefaultEvictor plugin. diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/01-gomod.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/001-gomod.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/01-gomod.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/001-gomod.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/healthcheck.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/002-healthcheck.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/healthcheck.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/002-healthcheck.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/nginx-tmpl.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/003-nginx-tmpl.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/nginx-tmpl.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/003-nginx-tmpl.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/lua-info.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/004-lua-info.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/lua-info.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/004-lua-info.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/makefile.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/005-makefile.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/makefile.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/005-makefile.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/metrics-SetSSLExpireTime.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/006-metrics-SetSSLExpireTime.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/metrics-SetSSLExpireTime.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/006-metrics-SetSSLExpireTime.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/auth-cookie-always.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/007-auth-cookie-always.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/auth-cookie-always.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/007-auth-cookie-always.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/util.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/008-util.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/util.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/008-util.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/fix-cleanup.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/009-fix-cleanup.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/fix-cleanup.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/009-fix-cleanup.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/nginx-build.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/010-nginx-build.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/nginx-build.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/010-nginx-build.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/add-http3.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/011-add-http3.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/add-http3.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/011-add-http3.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/new-metrics.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/012-new-metrics.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/new-metrics.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/012-new-metrics.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/default-backend-fix.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/013-default-backend-fix.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/default-backend-fix.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/013-default-backend-fix.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/balancer-lua.patch i/modules/402-ingress-nginx/images/controller-1-10/patches/014-balancer-lua.patch similarity index 100% rename from modules/402-ingress-nginx/images/controller-1-10/patches/balancer-lua.patch rename to modules/402-ingress-nginx/images/controller-1-10/patches/014-balancer-lua.patch diff --git c/modules/402-ingress-nginx/images/controller-1-10/patches/README.md i/modules/402-ingress-nginx/images/controller-1-10/patches/README.md index d97261d047..7af9635666 100644 --- c/modules/402-ingress-nginx/images/controller-1-10/patches/README.md +++ i/modules/402-ingress-nginx/images/controller-1-10/patches/README.md @@ -1,11 +1,11 @@ ## Patches -### gomod +### 001-gomod.patch Go mod patches for ingress-nginx-controller Collected with -### Healthcheck +### 002-healthcheck.patch After catching SIGTERM, ingress stops responding to the readiness probe. The combination of this patch and the `EndpointSliceTerminatingCondition` feature gate for kube-proxy helps us avoid @@ -15,7 +15,7 @@ Update: for external load balancers it's advisable to get 5xx if a SIGTERM was s Backport of the behavior of the later versions of ingress nginx controller. The `sleep` is needed to gracefully shut down ingress controllers behind a cloud load balancer. -### Nginx TPL +### 003-nginx-tmpl.patch * Enable our metrics collector instead of the default one. * Enable pcre_jit. @@ -26,54 +26,58 @@ The `sleep` is needed to gracefully shut down ingress controllers behind a cloud We do not intend to make a PR to the upstream with these changes, because there are only our custom features. -### Ingress information +### 004-lua-info.patch There are two patches to fix the problem with ingress names in logs and metrics. Unfortunately, the PR was declined in the upstream. https://github.com/kubernetes/ingress-nginx/pull/4367 -### Makefile +### 005-makefile.patch Run the build locally, not inside the container. -### metrics SetSSLExpireTime +### 006-metrics-SetSSLExpireTime.patch Fixes namespace which is given by metric nginx_ingress_controller_ssl_expire_time_seconds. https://github.com/kubernetes/ingress-nginx/pull/10274 -### Always set auth cookie +### 007-auth-cookie-always.patch Without always option toggled, ingress-nginx does not set the cookie in case if backend returns >=400 code, which may lead to dex refresh token invalidation. Annotation `nginx.ingress.kubernetes.io/auth-always-set-cookie` does not work. Anyway, we can't use it, because we need this behavior for all ingresses. https://github.com/kubernetes/ingress-nginx/pull/8213 -### Util patch +### 008-util.patch Adds "-e /dev/null" flags to the "nginx -t" invocations so that "nginx -t" logs aren't got saved to /var/log/nginx/error.log file, preventing fs bloating. -### Fix cleanup +### 009-fix-cleanup.patch Fix tmpDir path for the cleanup procedure. https://github.com/kubernetes/ingress-nginx/pull/10797 -### …
dkostyrev
pushed a commit
to joomcode/ingress-nginx
that referenced
this pull request
May 30, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
now the metric in the namespace label gives the value of where the controller is located but not the ingress itself, which is misleading for an engineer who studies the NGINXCertificateExpiry alert created on the basis of the nginx_ingress_controller_ssl_expire_time_seconds metric.
Types of changes
Which issue/s this PR fixes
The hotfix will improve the NGINXCertificateExpiry alert. After the fix, it will contain information about the space where the ingress was created and the name of the secret, instead of where the ingress controller is, which is more convenient for understanding where to look for a faulty secret with a certificate.
How Has This Been Tested?
build and manually check the values of labels that are passed to Prometheus.
Checklist: