charts,salt: Bump NGINX Ingress chart to v4.7.1

Bump the NGINX Ingress chart to v4.7.1 and also bump the Ingress
Controller image to v1.8.1

Upgrade NGINX Ingress chart using:
```
rm -rf charts/ingress-nginx
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm fetch -d charts --untar ingress-nginx/ingress-nginx
```

Re-render NGINX Ingress salt states using:
```
./doit.sh codegen:chart_ingress-nginx
```

CHANGELOG.md

@@ -10,6 +10,12 @@
 - Bump Calico version to [3.26.1](https://github.com/projectcalico/calico/releases/tag/v3.26.1)
   (PR[#4090](https://github.com/scality/metalk8s/pull/4090))
 
+- Bump ingress-nginx chart version to
+  [4.7.1](https://github.com/kubernetes/ingress-nginx/releases/tag/helm-chart-4.7.1)
+  The controller image has been bumped accordingly to
+  [v1.8.1](https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.8.1)
+  (PR[#4093](https://github.com/scality/metalk8s/pull/4093))
+
 ## Release 125.0.6 (In development)
 
 

buildchain/buildchain/versions.py

@@ -176,8 +176,8 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
     ),
     Image(
         name="nginx-ingress-controller",
-        version="v1.6.4",
-        digest="sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f",
+        version="v1.8.1",
+        digest="sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd",
     ),
     Image(
         name="nginx-ingress-defaultbackend-amd64",

charts/ingress-nginx/Chart.yaml

@@ -1,13 +1,12 @@
 annotations:
   artifacthub.io/changes: |
-    - "add lint on chart before release (#9570)"
-    - "ci: remove setup-helm step (#9404)"
-    - "feat(helm): Optionally use cert-manager instead admission patch (#9279)"
-    - "run helm release on main only and when the chart/value changes only (#9290)"
-    - "Update Ingress-Nginx version controller-v1.6.4"
+    - "Added a doc line to the missing helm value service.internal.loadBalancerIP (#9406)"
+    - "feat(helm): Add loadBalancerClass (#9562)"
+    - "added helmshowvalues example (#10019)"
+    - "Update Ingress-Nginx version controller-v1.8.1"
   artifacthub.io/prerelease: "false"
 apiVersion: v2
-appVersion: 1.6.4
+appVersion: 1.8.1
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
   load balancer
 home: https://github.com/kubernetes/ingress-nginx
@@ -23,4 +22,4 @@ maintainers:
 name: ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
-version: 4.5.2
+version: 4.7.1

charts/ingress-nginx/README.md.gotmpl

@@ -7,10 +7,7 @@ To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.c
 
 This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 
-## Prerequisites
-
-- Chart version 3.x.x: Kubernetes v1.16+
-- Chart version 4.x.x and above: Kubernetes v1.19+
+{{ template "chart.requirementsSection" . }}
 
 ## Get Repo Info
 
@@ -51,10 +48,6 @@ helm upgrade [RELEASE_NAME] [CHART] --install
 
 _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
 
-### Upgrading With Zero Downtime in Production
-
-By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
-
 ### Migrating from stable/nginx-ingress
 
 There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
@@ -65,7 +58,6 @@ There are two main ways to migrate a release from `stable/nginx-ingress` to `ing
     1. Redirect your DNS traffic from the old controller to the new controller
     1. Log traffic from both controllers during this changeover
     1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
-    1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
 
 Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
 
@@ -84,22 +76,22 @@ else it would make it impossible to evacuate a node. See [gh issue #7127](https:
 
 ### Prometheus Metrics
 
-The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
+The Ingress-Nginx Controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
 
 You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
 Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
 
 ### ingress-nginx nginx\_status page/stats server
 
-Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller:
+Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in Ingress-Nginx Controller:
 
 - In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
 - In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
   You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server
 
 ### ExternalDNS Service Configuration
 
-Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service:
+Add an [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) annotation to the LoadBalancer service:
 
 ```yaml
 controller:
@@ -125,19 +117,6 @@ controller:
       service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
 ```
 
-### AWS route53-mapper
-
-To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label:
-
-```yaml
-controller:
-  service:
-    labels:
-      dns: "route53"
-    annotations:
-      domainName: "kubernetes-example.com"
-```
-
 ### Additional Internal Load Balancer
 
 This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
@@ -161,8 +140,10 @@ controller:
     internal:
       enabled: true
       annotations:
-        # Create internal ELB
-        service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+        # Create internal NLB
+        service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
+        # Create internal ELB(Deprecated)
+        # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
         # Any other annotation can be declared here.
 ```
 
@@ -205,13 +186,15 @@ controller:
         # Any other annotation can be declared here.
 ```
 
+The load balancer annotations of more cloud service providers can be found: [Internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer).
+
 An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
 
 Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
 
 ### Ingress Admission Webhooks
 
-With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
+With nginx-ingress-controller version 0.25+, the Ingress-Nginx Controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
 **This feature is enabled by default since 0.31.0.**
 
 With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
@@ -220,14 +203,14 @@ With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fi
 A validating and configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
 
 1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
-2. The ingress nginx controller pod is configured to use a TLS proxy container, which will load that certificate.
+2. The Ingress-Nginx Controller pod is configured to use a TLS proxy container, which will load that certificate.
 3. Validating and Mutating webhook configurations are created in the cluster.
 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
 
 #### Alternatives
 It should be possible to use [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) if a more complete solution is required.
 
-You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enable` value to true.
+You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `controller.admissionWebhooks.certManager.enabled` value to true.
 
 Please ensure that cert-manager is correctly installed and configured.
 
@@ -243,8 +226,4 @@ Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13
 
 As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
 
-{{ template "chart.requirementsSection" . }}
-
 {{ template "chart.valuesSection" . }}
-
-{{ template "helm-docs.versionFooter" . }}

charts/ingress-nginx/changelog/Changelog-4.6.0.md

@@ -0,0 +1,24 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.5.3
+
+* docs(helm): fix value key in readme for enabling certManager (#9640)
+* Upgrade alpine 3.17.2
+* Upgrade golang 1.20
+* Drop testing/support for Kubernetes 1.23
+* docs(helm): fix value key in readme for enabling certManager (#9640)
+* Update Ingress-Nginx version controller-v1.7.0
+* feat: OpenTelemetry module integration (#9062)
+* canary-weight-total annotation ignored in rule backends (#9729)
+* fix controller psp's volume config (#9740)
+* Fix several Helm YAML issues with extraModules and extraInitContainers (#9709)
+* Chart: Drop `controller.headers`, rework DH param secret. (#9659)
+* Deployment/DaemonSet: Label pods using `ingress-nginx.labels`. (#9732)
+* HPA: autoscaling/v2beta1 deprecated, bump apiVersion to v2 for defaultBackend (#9731)
+* Fix incorrect annotation name in upstream hashing configuration (#9617)
+
+* Update Ingress-Nginx version controller-v1.7.0
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.5.2...helm-chart-4.6.0

charts/ingress-nginx/changelog/Changelog-4.6.1.md

@@ -0,0 +1,11 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.6.1
+
+* [helm] Support custom port configuration for internal service (#9846)
+* Adding resource type to default HPA configuration to resolve issues with Terraform helm chart usage (#9803)
+* Update Ingress-Nginx version controller-v1.7.1
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.6.0...helm-chart-4.6.1

charts/ingress-nginx/changelog/Changelog-4.7.0.md

@@ -0,0 +1,14 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.7.0
+
+* helm: Fix opentelemetry module installation for daemonset (#9792)
+* Update charts/* to keep project name display aligned (#9931)
+* HPA: Use capabilites & align manifests. (#9521)
+* PodDisruptionBudget spec logic update (#9904)
+* add option for annotations in PodDisruptionBudget (#9843)
+* Update Ingress-Nginx version controller-v1.8.0
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.6.1...helm-chart-4.7.0

charts/ingress-nginx/changelog/Changelog-4.7.1.md

@@ -0,0 +1,12 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.7.1
+
+* Added a doc line to the missing helm value service.internal.loadBalancerIP (#9406)
+* feat(helm): Add loadBalancerClass (#9562)
+* added helmshowvalues example (#10019)
+* Update Ingress-Nginx version controller-v1.8.1
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.7.0...helm-chart-4.7.1

charts/ingress-nginx/ci/deployment-internal-lb-values.yaml

@@ -11,3 +11,9 @@ controller:
       enabled: true
       annotations:
         service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+      ports:
+        http: 443
+        https: 80
+      targetPorts:
+        http: 443
+        https: 80

charts/ingress-nginx/templates/NOTES.txt

@@ -71,10 +71,3 @@ If TLS is enabled for the Ingress, a Secret containing the certificate and key m
     tls.crt: <base64 encoded cert>
     tls.key: <base64 encoded key>
   type: kubernetes.io/tls
-
-{{- if .Values.controller.headers }}
-#################################################################################
-######   WARNING: `controller.headers` has been deprecated!                 #####
-######            It has been renamed to `controller.proxySetHeaders`.      #####
-#################################################################################
-{{- end }}

charts/ingress-nginx/templates/_helpers.tpl

@@ -201,8 +201,12 @@ Extra modules.
 
 - name: {{ .name }}
   image: {{ .image }}
+  {{- if .distroless | default false }}
+  command: ['/init_module']
+  {{- else }}
   command: ['sh', '-c', '/usr/local/bin/init_module.sh']
-  {{- if (.containerSecurityContext) }}
+  {{- end }}
+  {{- if .containerSecurityContext }}
   securityContext: {{ .containerSecurityContext | toYaml | nindent 4 }}
   {{- end }}
   volumeMounts:

charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml

@@ -1,4 +1,4 @@
-{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}}
+{{- if .Values.controller.proxySetHeaders -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -10,10 +10,5 @@ metadata:
     {{- end }}
   name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
   namespace: {{ .Release.Namespace }}
-data:
-{{- if .Values.controller.proxySetHeaders }}
-{{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
-{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
-{{ toYaml .Values.controller.headers | indent 2 }}
-{{- end }}
+data: {{ toYaml .Values.controller.proxySetHeaders | nindent 2 }}
 {{- end }}

charts/ingress-nginx/templates/controller-configmap.yaml

@@ -17,13 +17,12 @@ data:
 {{- if .Values.controller.addHeaders }}
   add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
 {{- end }}
-{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
+{{- if .Values.controller.proxySetHeaders }}
   proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
 {{- end }}
 {{- if .Values.dhParam }}
-  ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }}
+  ssl-dh-param: {{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }}
 {{- end }}
 {{- range $key, $value := .Values.controller.config }}
-    {{- $key | nindent 2 }}: {{ $value | quote }}
+  {{- $key | nindent 2 }}: {{ $value | quote }}
 {{- end }}
-