feat(ingress-nginx): bump to v1.12.0

README.md

@@ -38,9 +38,9 @@ The reference architecture used to deploy the Fury Kubernetes Ingress Module is
 Kubernetes Fury Ingress provides the following packages:
 
 | Package                                       | Version    | Description                                                                                                                   |
-| --------------------------------------------- |------------| ----------------------------------------------------------------------------------------------------------------------------- |
-| [nginx](katalog/nginx)                        | `v1.11.3`  | The NGINX Ingress Controller for Kubernetes provides delivery services for Kubernetes applications.                           |
-| [dual-nginx](katalog/dual-nginx)              | `v1.11.3`  | It deploys two identical NGINX ingress controllers but with two different scopes: public/external and private/internal.       |
+| --------------------------------------------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------- |
+| [nginx](katalog/nginx)                        | `v1.12.0`  | The NGINX Ingress Controller for Kubernetes provides delivery services for Kubernetes applications.                           |
+| [dual-nginx](katalog/dual-nginx)              | `v1.12.0`  | It deploys two identical NGINX ingress controllers but with two different scopes: public/external and private/internal.       |
 | [cert-manager](katalog/cert-manager)          | `v1.16.1`  | cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. |
 | [external-dns](katalog/external-dns)          | `v0.15.0`  | external-dns allows you to manage DNS records natively from Kubernetes.                                                       |
 | [forecastle](katalog/forecastle)              | `v1.0.145` | Forecastle gives you access to a control panel where you can see your ingresses and access them on Kubernetes.                |
@@ -70,7 +70,7 @@ Check the [compatibility matrix][compatibility-matrix] for additional informatio
 | Tool                        | Version    | Description                                                                                                                                                    |
 | --------------------------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | [furyctl][furyctl-repo]     | `>=0.25.0` | The recommended tool to download and manage KFD modules and their packages. To learn more about `furyctl` read the [official documentation][furyctl-repo].     |
-| [kustomize][kustomize-repo] | `>=3.10.0` | Packages are customized using `kustomize`. To learn how to create your customization layer with `kustomize`, please refer to the [repository][kustomize-repo]. |
+| [kustomize][kustomize-repo] | `>=5.6.0`  | Packages are customized using `kustomize`. To learn how to create your customization layer with `kustomize`, please refer to the [repository][kustomize-repo]. |
 
 ### Single vs Dual Controller
 
@@ -257,7 +257,7 @@ If you don't have infra nodes and you don't want to run ingress-controllers on a
 
 #### Applications directory with Forecastle
 
-Forecastle list all the annotated ingress (applications) that exists in your cluster with an icon grouped by namesapce, in a nice web UI. It lets you search, personalize the header for the landing page (title and colors), it lets you list custom ingress and add more details to each entry.
+Forecastle list all the annotated ingress (applications) that exists in your cluster with an icon grouped by namespace, in a nice web UI. It lets you search, personalize the header for the landing page (title and colors), it lets you list custom ingress and add more details to each entry.
 
 Use Forecastle as your cluster entry point to discover the running applications easily.
 
@@ -314,7 +314,6 @@ Add the following annotations to your ingresses to be discovered by Forecastle:
 <!-- Links -->
 
 [furyctl-repo]: https://github.com/sighupio/furyctl
-[sighup-page]: https://sighup.io
 [kfd-repo]: https://github.com/sighupio/fury-distribution
 [kustomize-repo]: https://github.com/kubernetes-sigs/kustomize
 [kfd-docs]: https://docs.kubernetesfury.com/docs/distribution/

docs/releases/unreleased.md

@@ -0,0 +1,68 @@
+# Kubernetes Fury Ingress Core Module Release TBD
+
+Welcome to the latest release of `Ingress` module of [`Kubernetes Fury Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP.
+
+This release updates several packages to the latest versions available for new features, bug fixes and improved security, it also introduces compatibility with Kubernetes 1.32.
+
+## Component versions 🚢
+
+| Component          | Supported Version                                                                        | Previous Version |
+| ------------------ | ---------------------------------------------------------------------------------------- | :--------------: |
+| `aws-cert-manager` | N.A.                                                                                     |   `No update`    |
+| `aws-external-dns` | N.A.                                                                                     |   `No update`    |
+| `cert-manager`     | [`v1.16.1`](https://github.com/jetstack/cert-manager/releases/tag/v1.16.1)               |     `1.16.1`     |
+| `external-dns`     | [`v0.15.0`](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0)        |     `0.15.0`     |
+| `forecastle`       | [`v1.0.145`](https://github.com/stakater/Forecastle/releases/tag/v1.0.145)               |    `1.0.145`     |
+| `nginx`            | [`v1.12.0`](https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.0) |     `1.11.3`     |
+
+> Please refer the individual release notes to get a more detailed information on each release.
+
+## Breaking changes 💔
+
+## Ingress NGINX Controller
+
+Upstream Ingress NGINX Controller has introduced some breaking changes in version 1.12.0 included in this version of the ingress module. We recommend reading [upstream's changelog](https://github.com/kubernetes/ingress-nginx/blob/main/changelog/controller-1.12.0.md). Here's a list of changes that could possibly impact you as a user of the module:
+
+- Remove `global-rate-limit` feature. This removes the following configuration options:
+
+  - `global-rate-limit-memcached-host`
+  - `global-rate-limit-memcached-port`
+  - `global-rate-limit-memcached-connect-timeout`
+  - `global-rate-limit-memcached-max-idle-timeout`
+  - `global-rate-limit-memcached-pool-size`
+  - `global-rate-limit-status-code`
+
+  It also removes the following annotations:
+
+  - `global-rate-limit`
+  - `global-rate-limit-window`
+  - `global-rate-limit-key`
+  - `global-rate-limit-ignored-cidrs`
+
+- Remove 3rd party lua plugin support. This removes the following configuration options:
+
+  - `plugins`
+
+  It also removes support for user provided Lua plugins in the `/etc/nginx/lua/plugins` directory.
+
+## Upgrade Guide 🦮
+
+> ⚠️ **WARNING**
+>
+> There are some (possibly) breaking changes, read the Breaking changes section above before continuing.
+<!-- spacer -->
+
+> ℹ️ **INFO**
+>
+> This update guide is for users of the module and not of the Distribution or users still on furyctl legacy.
+> If you are a KFD user, the update is performed automatically by furyctl.
+
+### Process
+
+To upgrade this core module from `v3.0.1` to `vTBD`, you need to download this new version and apply the instructions below.
+
+```bash
+kustomize build <your-project-path> | kubectl apply -f - --server-side
+```
+
+For the Terraform modules, run `terraform init -upgrade`, then apply the new version.

katalog/dual-nginx/README.md

@@ -6,13 +6,13 @@ Ingress NGINX is an Ingress Controller for [NGINX][nginx-page] webserver and rev
 
 ## Requirements
 
-- Kubernetes >= `1.25.0`
-- Kustomize >= `v3`
+- Kubernetes >= `1.28.0`
+- Kustomize >= `v5.6.0`
 - [`cert-manager`](../cert-manager)
 
 ## Image repository and tag
 
-- Ingress NGINX image: `k8s.gcr.io/ingress-nginx/controller:v1.11.3`
+- Ingress NGINX image: `k8s.gcr.io/ingress-nginx/controller:v1.12.0`
 - Ingress NGINX repo: [https://github.com/kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx)
 
 ## Configuration
@@ -67,7 +67,7 @@ Your are now ready to expose your applications using Kubernetes `Ingress` object
 
 This is probably NOT what you want, standard Fury clusters have at least 1 `infra` node (nodes that are dedicated to run Fury infrastructural components, like Prometheus, elasticsearch, and the ingress controllers).
 
-If your cluster has `infra` nodes you should patch the daemonset adding the `NodeSelector` for the `infra` nodes to the Ingress `DaemonSet`. You can do this usiing the following kustomize patch:
+If your cluster has `infra` nodes you should patch the daemonset adding the `NodeSelector` for the `infra` nodes to the Ingress `DaemonSet`. You can do this using the following kustomize patch:
 
 ```yaml
 ---

katalog/dual-nginx/external/kustomization.yaml

@@ -11,25 +11,25 @@ transformers:
 resources:
   - ../../nginx/bases/controller
 
-commonLabels:
-  app: ingress
-  type: external
+labels:
+  - includeSelectors: true
+    pairs:
+      app: ingress
+      type: external
 
-patchesJson6902:
+patches:
   - target:
       group: apps
       version: v1
       kind: DaemonSet
       name: ingress-nginx-controller
     path: patch/daemonset.yml
   - target:
-      group: ""
       version: v1
       kind: Service
       name: ingress-nginx
     path: patch/service.yml
   - target:
-      group: ""
       version: v1
       kind: ConfigMap
       name: ingress-nginx-controller
@@ -46,21 +46,18 @@ patchesJson6902:
       kind: ValidatingWebhookConfiguration
       name: ingress-nginx-admission
     path: patch/validating-webhook.yml
-
-patches:
-- target:
-    kind: IngressClass
-    name: nginx
-  patch: |-
-    - op: replace
-      path: /metadata/name
-      value: external
-    - op: remove
-      path: /metadata/annotations
-    - op: replace
-      path: "/apiVersion"
-      value: networking.k8s.io/v1
-    - op: replace
-      path: /spec/controller
-      value: k8s.io/external
-
+  - target:
+      kind: IngressClass
+      name: nginx
+    patch: |-
+      - op: replace
+        path: /metadata/name
+        value: external
+      - op: remove
+        path: /metadata/annotations
+      - op: replace
+        path: "/apiVersion"
+        value: networking.k8s.io/v1
+      - op: replace
+        path: /spec/controller
+        value: k8s.io/external

katalog/dual-nginx/external/patch/cm.yml

@@ -2,7 +2,6 @@
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 
-- op: "replace"
+# Remove Helm labels
+- op: "remove"
   path: "/metadata/labels"
-  value:
-    app: ingress-external

katalog/dual-nginx/external/patch/suffix.yml

@@ -9,13 +9,17 @@ metadata:
   name: externalSuffix
 suffix: "-external"
 fieldSpecs:
-- kind: ConfigMap
-  path: metadata/name
-- kind: Service
-  path: metadata/name
-- kind: DaemonSet
-  path: metadata/name
-- kind: Certificate
-  path: metadata/name
-- kind: ValidatingWebhookConfiguration
-  path: metadata/name
+  - kind: ConfigMap
+    path: metadata/name
+  - kind: ConfigMap
+    path: metadata/labels/app
+  - kind: Service
+    path: metadata/name
+  - kind: DaemonSet
+    path: metadata/name
+  - kind: Certificate
+    path: metadata/name
+  - kind: Certificate
+    path: metadata/labels/app
+  - kind: ValidatingWebhookConfiguration
+    path: metadata/name

katalog/dual-nginx/external/patch/tls-cert.yml

@@ -2,10 +2,8 @@
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 
-- op: "replace"
+- op: "remove"
   path: "/metadata/labels"
-  value:
-    app: ingress-external
 
 - op: "replace"
   path: "/spec/secretName"

katalog/dual-nginx/internal/kustomization.yaml

@@ -11,25 +11,25 @@ transformers:
 resources:
   - ../../nginx/bases/controller
 
-commonLabels:
-  app: ingress
-  type: internal
+labels:
+  - includeSelectors: true
+    pairs:
+      app: ingress
+      type: internal
 
-patchesJson6902:
+patches:
   - target:
       group: apps
       version: v1
       kind: DaemonSet
       name: ingress-nginx-controller
     path: patch/daemonset.yml
   - target:
-      group: ""
       version: v1
       kind: Service
       name: ingress-nginx
     path: patch/service.yml
   - target:
-      group: ""
       version: v1
       kind: ConfigMap
       name: ingress-nginx-controller
@@ -46,21 +46,19 @@ patchesJson6902:
       kind: ValidatingWebhookConfiguration
       name: ingress-nginx-admission
     path: patch/validating-webhook.yml
-
-patches:
-- target:
-    kind: IngressClass
-    name: nginx
-    version: v1
-  patch: |-
-    - op: replace
-      path: /metadata/name
-      value: internal
-    - op: remove
-      path: /metadata/annotations
-    - op: replace
-      path: "/apiVersion"
-      value: networking.k8s.io/v1
-    - op: replace
-      path: /spec/controller
-      value: k8s.io/internal
+  - target:
+      kind: IngressClass
+      name: nginx
+      version: v1
+    patch: |-
+      - op: replace
+        path: /metadata/name
+        value: internal
+      - op: remove
+        path: /metadata/annotations
+      - op: replace
+        path: "/apiVersion"
+        value: networking.k8s.io/v1
+      - op: replace
+        path: /spec/controller
+        value: k8s.io/internal

katalog/dual-nginx/internal/patch/cm.yml

@@ -2,7 +2,6 @@
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 
-- op: "replace"
+# Remove Helm labels
+- op: "remove"
   path: "/metadata/labels"
-  value:
-    app: ingress-internal

katalog/dual-nginx/internal/patch/suffix.yml

@@ -9,13 +9,17 @@ metadata:
   name: internalSuffix
 suffix: "-internal"
 fieldSpecs:
-- kind: ConfigMap
-  path: metadata/name
-- kind: Service
-  path: metadata/name
-- kind: DaemonSet
-  path: metadata/name
-- kind: Certificate
-  path: metadata/name
-- kind: ValidatingWebhookConfiguration
-  path: metadata/name
+  - kind: ConfigMap
+    path: metadata/name
+  - kind: ConfigMap
+    path: metadata/labels/app
+  - kind: Service
+    path: metadata/name
+  - kind: DaemonSet
+    path: metadata/name
+  - kind: Certificate
+    path: metadata/name
+  - kind: Certificate
+    path: metadata/labels/app
+  - kind: ValidatingWebhookConfiguration
+    path: metadata/name

katalog/dual-nginx/internal/patch/tls-cert.yml

@@ -2,10 +2,8 @@
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 
-- op: "replace"
+- op: "remove"
   path: "/metadata/labels"
-  value:
-    app: ingress-internal
 
 - op: "replace"
   path: "/spec/secretName"