Merge branch 'main' into doc/troubleshooting-update

.github/workflows/build-plus.yml

@@ -15,6 +15,9 @@ on:
       nap_modules:
         required: false
         type: string
+      release-url:
+        required: false
+        type: string
 
 defaults:
   run:
@@ -106,12 +109,7 @@ jobs:
       - name: NAP modules
         id: nap_modules
         run: |
-          modules=""
-          if [[ "${{ inputs.nap_modules }}" == "waf,dos" ]]; then
-            modules="both"
-          else
-            modules="${{ inputs.nap_modules }}"
-          fi
+          [[ "${{ inputs.nap_modules }}" == "waf,dos" ]] && modules="both" || modules="${{ inputs.nap_modules }}"
           echo "modules=${modules}" >> $GITHUB_OUTPUT
         if: ${{ inputs.nap_modules != '' }}
 
@@ -142,6 +140,41 @@ jobs:
             "nginx-repo.key=${{ inputs.nap_modules != '' && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}"
             ${{ inputs.nap_modules != '' && contains(inputs.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }}
 
+      - name: AWS variables
+        id: aws
+        run: |
+          aws_registry=$(echo "${{ steps.meta.outputs.tags }}" | grep -oP "709825985650.dkr.ecr.us-east-1.amazonaws.com/[^[:space:]]+")
+          version=$(echo ${{ steps.meta.outputs.version }} | sed 's/-mktpl//')
+          declare -A nap_mapping=(
+              ["waf"]=_NAP_WAF
+              ["dos"]=_NAP_DOS
+              ["waf,dos"]=_NAP_WAF_DOS
+          )
+          modules=${{ inputs.nap_modules }}
+          [[ -n $modules && ${nap_mapping[$modules]+_} ]] && nap=${nap_mapping[$modules]}
+
+          echo "version=$version" >> $GITHUB_OUTPUT
+          echo "product_code=AWS${nap}_PRODUCT_CODE" >> $GITHUB_OUTPUT
+          echo "registry=${aws_registry}" >> $GITHUB_OUTPUT
+        if: startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws')
+
+      - name: Publish to AWS Marketplace
+        uses: nginxinc/aws-marketplace-publish@9e9f4ae1c545da9fa6adc24b0b10ce50e0d4969c # v0.1.0
+        continue-on-error: true
+        with:
+          version: ${{ steps.aws.outputs.version }}
+          product-id: ${{ secrets[steps.aws.outputs.product_code] }}
+          registry: ${{ steps.aws.outputs.registry }}
+          release-notes: ${{ inputs.release-url }}
+          description: |
+            Best-in-class traffic management solution for services in Amazon EKS.
+            This is the official implementation of NGINX Ingress Controller (based on NGINX Plus) from NGINX.
+          usage-instructions: |
+            This container requires Kubernetes and can be deployed to EKS.
+            Review the installation instructions https://docs.nginx.com/nginx-ingress-controller/installation/ and utilize the deployment resources available https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments
+            Use this image instead of building your own.
+        if: ${{ startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws') }}
+
       - name: Load image for Trivy
         uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
         with:

.github/workflows/ci.yml

@@ -80,16 +80,30 @@ jobs:
         with:
           files: ./coverage.txt
 
-  release:
+  binaries:
+    name: Build Binaries
     runs-on: ubuntu-22.04
     needs: [checks, unit-tests]
-    if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }}
+    outputs:
+      release-url: ${{ steps.release-notes.outputs.release-url }}
     steps:
       - name: Checkout Repository
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Golang Environment
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: go.mod
+
+      - name: Download Syft
+        uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
+        if: startsWith(github.ref, 'refs/tags/')
 
       - name: Create/Update Draft
-        uses: lucacome/draft-release@b79be3ff634f771230b2b6ee9f47308c5793671a # v0.2.0
+        uses: lucacome/draft-release@d13ccde6350706e32f451566ee5cd4bf5a27de3d # v0.2.1
+        id: release-notes
         with:
           minor-label: "enhancement"
           major-label: "change"
@@ -108,25 +122,7 @@ jobs:
             - Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/{{version}}/examples
             - Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/{{version}}/deployments/helm-chart
             - Operator -- https://github.com/nginxinc/nginx-ingress-operator/
-
-  binaries:
-    name: Build Binaries
-    runs-on: ubuntu-22.04
-    needs: [checks, unit-tests]
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          fetch-depth: 0
-
-      - name: Setup Golang Environment
-        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: go.mod
-
-      - name: Download Syft
-        uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
-        if: startsWith(github.ref, 'refs/tags/')
+        if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }}
 
       - name: Build binaries
         uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
@@ -323,7 +319,7 @@ jobs:
 
   build-docker-plus:
     name: Build Docker Plus
-    needs: build-docker
+    needs: [binaries, build-docker]
     strategy:
       fail-fast: false
       matrix:
@@ -339,6 +335,7 @@ jobs:
       platforms: ${{ matrix.platforms }}
       image: ${{ matrix.image }}
       target: ${{ matrix.target }}
+      release-url: ${{ needs.binaries.outputs.release-url }}
     secrets: inherit
 
   build-docker-nap:

docs/content/tutorials/nginx-ingress-linkerd.md

@@ -0,0 +1,155 @@
+---
+title: NGINX Ingress Controller and Linkerd
+description: |
+ Using Linkerd with the F5 NGINX Ingress Controller.
+weight: 1800
+doctypes: ["concept"]
+toc: true
+---
+
+## Overview
+
+This document explains how to integrate NGINX Ingress Controller with Linkerd using Linkerd's sidecar proxy. Linkerd works with both NGINX Ingress Controller open source and NGINX Ingress Controller using NGINX Plus.
+
+---
+
+## Before you Begin
+
+There are two methods provided in this tutorial:
+
+* Adding Linkerd to a new NGINX Ingress Controller Installation
+* Adding Linkerd to an Existing NGINX Ingress Controller Installation
+
+If you are adding Linkerd to an existing installation, these are the requirements:
+
+* A working NGINX Ingress Controller instance.
+* A working [Linkerd installation](https://linkerd.io/2.13/getting-started/).
+
+---
+
+## Integrating Linkerd
+
+Linkerd integrates with NGINX Ingress Controller using its control plane utility through injection.
+
+You can do this through the use of NGINX Ingress Controller's custom resource definitions (CRDs) in a Kubernetes Manifest, or Helm.
+
+---
+
+### During Installation
+**Using Manifests**
+
+When installing NGINX Ingress Controller, you can [create a custom resource](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/#3-create-custom-resources) for Linkerd.
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-ingress
+  namespace: nginx-ingress
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx-ingress
+  template:
+    metadata:
+      annotations:
+        linkerd.io/inject: enabled
+      labels:
+        app: nginx-ingress
+        app.kubernetes.io/name: nginx-ingress
+```
+
+**Using Helm**
+
+Add the following annotation to your Helm deployment:
+
+```yaml
+controller:
+  pod:
+    ## The annotations of the Ingress Controller pod.
+    annotations: { linkerd.io/inject: enabled }
+```
+
+This annotation will instruct `helm` to tell `Linkerd` to automatically inject its sidecar during the installation of NGINX Ingress Controller.
+
+---
+
+### With an Existing Installation
+To integrate Linkerd with an existing NGINX Ingress Controller installation, you will need to inject the `Linkerd` sidecar, using its `linkerd` control plane utility.
+
+**Using Manifests**
+
+If you want to inject into an existing Manifest-based installation, you can run the following:
+
+```bash
+kubectl get deployment -n nginx-ingress nginx-ingress -o yaml | linkerd inject - | kubectl apply -f -
+```
+
+**Using Helm**
+If you want to inject into an existing `Helm` installation, you can run the following:
+
+```bash
+kubectl get deployment -n <name_of_namespace> <name_of_helm_release> -o yaml | linkerd inject - | kubectl apply -f -
+```
+In this example, the `helm` release named `kic01-nginx-ingress-controller` is injected into the `nginx-ingress` namespace:
+
+```bash
+kubectl get deploy -n nginx-ingress kic01-nginx-ingress-controller -o yaml | linkerd inject - | kubectl apply -f -
+```
+
+## Testing the Integration
+
+Once NGINX Ingress Controller has been integrated with Linkerd, we can check the number of pods to confirm that the sidecar has successfully injected.
+
+```bash
+kubectl get pods -n nginx-ingress
+
+NAME                                              READY   STATUS    RESTARTS   AGE
+kic01-nginx-ingress-controller-5f8c9b586d-ng4r8   2/2     Running   0          30m
+```
+
+In the above example, `2/2` displays the number of pods, and confirms the `Linkerd` sidecar has successfully injected into NGINX Ingress Controller.
+
+For additional testing, we can install an example application. In this case, we'll use the `httpbin` image.
+
+```bash
+kubectl create ns httpbin
+curl -sL https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/samples/httpbin/httpbin.yaml
+kubectl apply -f httpbin.yaml
+```
+
+Once `httpbin` has been created and applied, we can inject it into an existing deployment with the following command:
+
+```bash
+kubectl get deployment -n httpbin httpbin -o yaml | linkerd inject - | kubectl apply -f -
+```
+
+Like the main installation, you can check the number of pods to confirm that the application has been successfully injected using the `linkerd` sidecar:
+
+```bash
+kubectl get pods -n httpbin
+NAME                       READY   STATUS    RESTARTS   AGE
+httpbin-66df5bfbc9-ffhdp   2/2     Running   0          67s
+```
+
+We can now start sending traffic to NGINX Ingress Controller, to verify that `Linkerd` is handling the sidecar traffic connections.
+
+```bash
+curl -k https://httpbin.example.com -I
+
+HTTP/1.1 200 OK
+Server: nginx/1.23.4
+Date: Sat, 20 May 2023 00:08:31 GMT
+Content-Type: text/html; charset=utf-8
+Content-Length: 9593
+Connection: keep-alive
+access-control-allow-credentials: true
+access-control-allow-origin: *
+```
+
+You can additionally view the status of NGINX Ingress Controller and Linkerd by using the Viz dashboard provided by Linkerd.
+
+```bash
+linkerd viz dashboard
+```

docs/go.mod

@@ -2,4 +2,4 @@ module github.com/nginxinc/kubernetes-ingress/docs
 
 go 1.19
 
-require github.com/nginxinc/nginx-hugo-theme v0.32.0
+require github.com/nginxinc/nginx-hugo-theme v0.33.0

tests/requirements.txt

@@ -200,9 +200,9 @@ flaky==3.7.0 \
 forcediphttpsadapter==1.0.2 \
     --hash=sha256:f7582b34aaa6ab6b17f69ab1abbfe67097b952ed0682b758b5e01e18fe24433e
     # via -r requirements.txt
-google-auth==2.20.0 \
-    --hash=sha256:030af34138909ccde0fbce611afc178f1d65d32fbff281f25738b1fe1c6f3eaa \
-    --hash=sha256:23b7b0950fcda519bfb6692bf0d5289d2ea49fc143717cc7188458ec620e63fa
+google-auth==2.21.0 \
+    --hash=sha256:b28e8048e57727e7cf0e5bd8e7276b212aef476654a09511354aa82753b45c66 \
+    --hash=sha256:da3f18d074fa0f5a7061d99b9af8cee3aa6189c987af7c1b07d94566b6b11268
     # via
     #   -r requirements.txt
     #   kubernetes