Merge branch 'main' into new-flag

.github/workflows/ci.yml

@@ -436,9 +436,14 @@ jobs:
         matrix:
           image: [debian-plus, alpine-plus, opentracing-plus]
           platforms: ["linux/arm64, linux/amd64"]
+          target: [goreleaser]
           include:
             - image: ubi-plus
               platforms: "linux/arm64, linux/amd64, linux/s390x"
+              target: goreleaser
+            - image: debian-plus
+              platforms: "linux/arm64, linux/amd64"
+              target: aws
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v3
@@ -463,6 +468,13 @@ jobs:
           username: _json_key
           password: ${{ secrets.GCR_JSON_KEY }}
         if: github.event_name != 'pull_request'
+      - name: Login to ECR
+        uses: docker/login-action@v1
+        with:
+          registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com
+          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        if: startsWith(github.ref, 'refs/tags/')
 
       - name: Docker meta
         id: meta
@@ -471,8 +483,9 @@ jobs:
           images: |
             ${{ startsWith(github.ref, 'refs/tags/') && 'gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress' || '' }}
             ${{ startsWith(github.ref, 'refs/heads/release') && 'gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic/nginx-plus-ingress' || '' }}
+            ${{ startsWith(github.ref, 'refs/tags/') && contains(matrix.target, 'aws') && '709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress' || '' }}
             gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
-          flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }},onlatest=true
+          flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true
           tags: |
             type=edge
             type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
@@ -503,7 +516,7 @@ jobs:
           context: '.'
           cache-from: type=gha,scope=${{ matrix.image }}
           cache-to: type=gha,scope=${{ matrix.image }},mode=max
-          target: goreleaser
+          target: ${{ matrix.target }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           platforms: ${{ github.event_name != 'pull_request' && matrix.platforms || '' }}
@@ -522,7 +535,7 @@ jobs:
           file: build/Dockerfile
           context: '.'
           cache-from: type=gha,scope=${{ matrix.image }}
-          target: goreleaser
+          target: ${{ matrix.target }}
           tags: docker.io/${{ matrix.image }}:${{ steps.meta.outputs.version }}
           load: true
           build-args: |

cmd/nginx-ingress/main.go

@@ -131,7 +131,7 @@ var (
 	leaderElectionLockName = flag.String("leader-election-lock-name", "nginx-ingress-leader-election",
 		`Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. Requires -enable-leader-election.`)
 
-	nginxStatusAllowCIDRs = flag.String("nginx-status-allow-cidrs", "127.0.0.1", `Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas.`)
+	nginxStatusAllowCIDRs = flag.String("nginx-status-allow-cidrs", "127.0.0.1,::1", `Add IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas.`)
 
 	nginxStatusPort = flag.Int("nginx-status-port", 8080,
 		"Set the port where the NGINX stub_status or the NGINX Plus API is exposed. [1024 - 65535]")

deployments/helm-chart/README.md

@@ -192,7 +192,7 @@ Parameter | Description | Default
 `controller.healthStatusURI` | Sets the URI of health status location in the default server. Requires `controller.healthStatus`. | "/nginx-health"
 `controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true
 `controller.nginxStatus.port` | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. | 8080
-`controller.nginxStatus.allowCidrs` | Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1
+`controller.nginxStatus.allowCidrs` | Add IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1,::1
 `controller.priorityClassName` | The PriorityClass of the Ingress controller pods. | None
 `controller.service.create` | Creates a service to expose the Ingress controller pods. | true
 `controller.service.type` | The type of service to create for the Ingress controller. | LoadBalancer

docs/content/configuration/global-configuration/command-line-arguments.md

@@ -209,9 +209,9 @@ Default `true`.
 
 ### -nginx-status-allow-cidrs `<string>`
 
-Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API.
+Add IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API.
 
-Separate multiple IP/CIDR by commas. (default `127.0.0.1`)
+Separate multiple IP/CIDR by commas. (default `127.0.0.1,::1`)
 &nbsp;
 <a name="cmdoption-nginx-status-port"></a>
 

docs/content/installation/installation-with-helm.md

@@ -195,7 +195,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont
 |``controller.healthStatusURI`` | Sets the URI of health status location in the default server. Requires ``controller.healthStatus``. | "/nginx-health" |
 |``controller.nginxStatus.enable`` | Enable the NGINX stub_status, or the NGINX Plus API. | true |
 |``controller.nginxStatus.port`` | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. | 8080 |
-|``controller.nginxStatus.allowCidrs`` | Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1 |
+|``controller.nginxStatus.allowCidrs`` | Add IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1,::1 |
 |``controller.service.create`` | Creates a service to expose the Ingress controller pods. | true |
 |``controller.service.type`` | The type of service to create for the Ingress controller. | LoadBalancer |
 |``controller.service.externalTrafficPolicy`` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | Local |

docs/content/intro/how-nginx-ingress-controller-works.md

@@ -87,7 +87,7 @@ The numbered list that follows describes each connection with its type in curly
 18. (UDP) An *NGINX worker* sends the HTTP upstream server response latency logs via the Syslog protocol over the UNIX socket `/var/lib/nginx/nginx-syslog.sock` to the *IC*. In turn, the *IC* analyzes and transforms the logs into Prometheus metrics.
 19. (HTTP,HTTPS,TCP,UDP) A *client* sends traffic to and receives traffic from any of the *NGINX workers* on ports 80 and 443 and any additional ports exposed by the [GlobalConfiguration resource](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource).
 20. (HTTP,HTTPS,TCP,UDP) An *NGINX worker* sends traffic to and receives traffic from the *backends*.
-21. (HTTP) *Admin* can connect to the [NGINX stub_status](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html#stub_status) using port 8080 via an *NGINX worker*. **Note**: By default, NGINX only allows connections from `127.0.0.1`.
+21. (HTTP) *Admin* can connect to the [NGINX stub_status](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html#stub_status) using port 8080 via an *NGINX worker*. **Note**: By default, NGINX only allows connections from `localhost`.
 
 ### Differences for NGINX Plus
 

docs/content/logging-and-monitoring/status-page.md

@@ -25,7 +25,7 @@ To access the status:
 1. Open your browser at [http://127.0.0.1:8080/stub_status](http://127.0.0.1:8080/stub_status) to access the status.
 
 If you want to access the stub status externally (without `kubectl port-forward`):
-1. Configure `-nginx-status-allow-cidrs` command-line argument with IPv4 IP/CIDR blocks for which you want to allow access to the status. By default, the access is allowed for `127.0.0.1`.
+1. Configure `-nginx-status-allow-cidrs` command-line argument with IP/CIDR blocks for which you want to allow access to the status. By default, the access is allowed for `127.0.0.1,::1`.
 1. Use the IP/port through which the Ingress Controller pod/pods are available to connect the stub status at the `/stub_status` path.
 
 ## Accessing Live Activity Monitoring Dashboard
@@ -42,7 +42,7 @@ To access the dashboard:
 1. Open your browser at http://127.0.0.1:8080/dashboard.html to access the dashboard.
 
 If you want to access the dashboard externally (without `kubectl port-forward`):
-1. Configure `-nginx-status-allow-cidrs` command-line argument with IPv4 IP/CIDR blocks for which you want to allow access to the dashboard. By default, the access is allowed for `127.0.0.1`.
+1. Configure `-nginx-status-allow-cidrs` command-line argument with IP/CIDR blocks for which you want to allow access to the dashboard. By default, the access is allowed for `127.0.0.1,::1`.
 1. Use the IP/port through which the Ingress Controller pod/pods are available to connect the dashboard at the `/dashboard.html` path.
 
 **Note**: The [API](https://nginx.org/en/docs/http/ngx_http_api_module.html), which the dashboard uses to get the metrics, is also accessible: use the `/api` path. Note that the API is configured in the read-only mode.

examples/custom-resources/egress-mtls/secure-app.yaml

@@ -52,6 +52,7 @@ data:
   app.conf: |-
     server {
       listen 8443 ssl;
+      listen [::]:8443 ssl;
 
       server_name secure-app.example.com;
 
@@ -76,4 +77,4 @@ type: Opaque
 data:
   tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVekNDQWpzQ0NRRE5Tc2YvSXpBaEhqQU5CZ2txaGtpRzl3MEJBUXNGQURCbU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhGakFVQmdOVkJBY01EVk5oYmlCR2NtRnVjMmx6WTI4eERqQU1CZ05WQkFvTQpCVTVIU1U1WU1Rd3dDZ1lEVlFRTERBTkxTVU14RkRBU0JnTlZCQU1NQzJWNFlXMXdiR1V1WTI5dE1CNFhEVEl3Ck1URXhNakl4TXpNd05sb1hEVE13TVRFeE1ESXhNek13Tmxvd2NURUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlYKQkFnTUFrTkJNUll3RkFZRFZRUUhEQTFUWVc0Z1JuSmhibk5wYzJOdk1RNHdEQVlEVlFRS0RBVk9SMGxPV0RFTQpNQW9HQTFVRUN3d0RTMGxETVI4d0hRWURWUVFEREJaelpXTjFjbVV0WVhCd0xtVjRZVzF3YkdVdVkyOXRNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF6ekE0aUhqL0xpWWhlR1JVS0Vha2NTa2MKRHpsWE1kMDUwZStBb3VodXFoOHJEandOaUl0RGU5c05keXNSTW0yWEVZUUxtdkJyNFlTN2dhNmpVQzFUTXhnMgpSeHZmckZFQ1RPNGJkU2gvZ0NKNU8wdjhIYTNEbmNXQW9saFJIdVlSSit1V09iQkwxYkxqUTFLM2hST1h2cjJWCkhvbWRpb09ybnEwQmdQdC9hN09rOVhuSDdZcDU0UjhsYm96bGtvNXlSOFdnZzlqeWZ0aDRoQ2x3U0J3RkJxbmcKeHBBNSs0NllLOUhwU0VNa0FXb1Z5eERrR0E1UXZubTBiSjZQSk0xUi9UQkpFeTA1Uy90ZVlIV3oyeTFNb29INAo4TStoZTR6YjFQLy93NjhWUE9oR1pjTWlGUzBGTWNwVGgzdlFLUTBwQS84S3c2TWErUFdEWWplY3Z2Y0oxd0lECkFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJzditJRzNNWVVNbUdMNUdYTXFhM3NiU0RZdFJxaEhRcXkKMmxWaWQ1OXFEVmVOdG50MXdkYVJrSjQ4S2x1SzBkZUJDanpGaVN2elBZMVlHc09qeEJ4R2Qrd0tYcElMVXQ3YwpsMXFIbGRTNktyOU9oaS9XSUFDV3AxbDN1K1luUXJROHIzNkZqaGZ1ODMyQ1EwVTQ3Z3I0Yjc5NVNBeDRzdVVFClUwZ2F4MnNLMHlUSU9YYUk4VjRQWThrSlZHdXpyR2N1bVBLT1lrSTRvSEhBY0JMMERrWUkyZ0hmZ2F1amZYTFgKYU9yQ0Z4QndPMGh3ekhNam1GNlRYT2dTNVVIYzFsbzhwREpNK1J3SmUxVjA2RGlZRFpUUlErM1lxcEZpSHpSbwozZkFENzBhM3U5c0NWYnM0QjEzU2ZXOUk5R3hNOXhpdEJjL1VNME1ad1BHUytaSVEwRkZzCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
   tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBenpBNGlIai9MaVloZUdSVUtFYWtjU2tjRHpsWE1kMDUwZStBb3VodXFoOHJEandOCmlJdERlOXNOZHlzUk1tMlhFWVFMbXZCcjRZUzdnYTZqVUMxVE14ZzJSeHZmckZFQ1RPNGJkU2gvZ0NKNU8wdjgKSGEzRG5jV0FvbGhSSHVZUkordVdPYkJMMWJMalExSzNoUk9YdnIyVkhvbWRpb09ybnEwQmdQdC9hN09rOVhuSAo3WXA1NFI4bGJvemxrbzV5UjhXZ2c5anlmdGg0aENsd1NCd0ZCcW5neHBBNSs0NllLOUhwU0VNa0FXb1Z5eERrCkdBNVF2bm0wYko2UEpNMVIvVEJKRXkwNVMvdGVZSFd6MnkxTW9vSDQ4TStoZTR6YjFQLy93NjhWUE9oR1pjTWkKRlMwRk1jcFRoM3ZRS1EwcEEvOEt3Nk1hK1BXRFlqZWN2dmNKMXdJREFRQUJBb0lCQUFNK1hBUTI4TGZHUFF2bgpkakhUT1V2VU91NDZGWlZnUTBGNElHbHNmaDhIc2VMZEtkRVRiUkVKVXVLa3QvWTBKUU5QTCtkVEVEMU5tS25sCkZBVnpVRFFpa3ViMkZzQlozRkZjQU80S25rUmhSY2laM2U2UkE5ajZlSk1TRXVNSzh3WE8rR0VhMDNVYkFkZlIKK2JHSnB2eURkMHd0RjF4TngyZ0tpVlY5bW5jVEo3RDJtaUZPVTNXR3pUeFlyMVdnVDd6WHVsQnkyQlR6SlEzNQpwcG9hdXQwYlcvVkZDQ1FIc0NRK2tUNlhXbE9vQ2VTWTd5aEhmSzRtMGFCeUNjN1E0dW5CUUZRU24rck1CZUJpCkJxaE9BU0NFQnhYUzhlRUxhOCtCQml3eGo0SmJQa3IzbFlRcTQxbDlMU3FtQTN4dy9ZKzZzK2NCRmdxSGQ5RUgKVmJidTUrRUNnWUVBN2VUeUdXQmxubk9ySzJBMjkrbENYY1RBRHhGdlRoK0hWMlRJTXV3NW9oMlE0MkhCZWkwcgp3L2dTa1FGU1cvK1JaNmpXU2xsWW51ZDNXVkUwRzA3ZkhLaWpZMnBmbFQ3Z3lXYlhoc0NXQmkwRVpOK0JxUUNrCko5UVNaUGZLRXRjamhkTDdtVnBJdEF3ZjM4SHpiNUx0d3pBYTFhTlFjK2h3YVE3eWo2UFhubDhDZ1lFQTN2VUMKcXhURDJ2Y2VkQWZlUGUxQXd1SDRUZ2pVVFJnbU5rMGRPbTBFazlzUnZOelRZemk0bmxNQ1YzMHZiZTVMRWNleQo3VWRJS3pGMUwrQWRpaFFpckcvMHJIQ3N0U21RTHhLWDdhVW5vcVliWHJWNTlYMFVaMndDcFBqZm1DQTNYYmE5CmJ0ZThCRFFCbmp1QjJ6dXVIa21ZY3BSWllNeEdvMjd0aVV2ZlY0a0NnWUJRdFMyVmdtaTNXeEtsUXAwamVsVnoKcm41aUhrNGV1UCtYbks5MjUwR2VTRjJSWnViVzVtQkV1ZkxDa3lvMzMvcWFxbU1aRWpySW5rcVZXTUZPeW5GVApMYnRRelJQa2RGS2F3WE01V2prTG0xWTBTc2VZYUlsSW9lQWp0UlV2VXlIUUV3WWN2czZQbHRWeGVrRjJodWgzCkllall0ZkZqZ1dZeG5rcVloTU53RFFLQmdGTU11UDI1TW10eCthb0c5RVhsQm1hUmZjaXppVUZlYVgxNHBCYUwKWFZVbUdTbGNxSEVoUThQVjc5MWZDRGZPdDYvYnowNkxhdHFNQmJiYnFLVXljdWdBbkFkUHdVV0tRZWNHNmdqZgpxQy94NStnVGVXWjBQUkY1TGxMOVVXeDlNNko0MjM5YVpQSzczSTV3WkNLaHpHNER4QUdLT1BEUnBzNWlGNkU0CjNlemhBb0dBS1lxZ1o4dUtOVGNpZ3A4ekpqSzB4N1RrZmttTVViMTRUYnFZUzJiWVhFTDlwZDM1aU1iclJ1MEYKTGJqOTFlcHVVbE00eG9td2tHM284Qll6OWpOZVhGVnIwQmhvY0E3UjZVL2VRc1FLQ0Fac3VMTThLdGFCN0pRTwpzTFpJRnROZUpMV0lRMUhXZG40KzI3SDIyeGUzMFBVUlpsSnR6b2NrT3hGaVl3UUZ5bzQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
-  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTRENDQWpBQ0NRREtXdnJwd2lJeUNEQU5CZ2txaGtpRzl3MEJBUXNGQURCbU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhGakFVQmdOVkJBY01EVk5oYmlCR2NtRnVjMmx6WTI4eERqQU1CZ05WQkFvTQpCVTVIU1U1WU1Rd3dDZ1lEVlFRTERBTkxTVU14RkRBU0JnTlZCQU1NQzJWNFlXMXdiR1V1WTI5dE1CNFhEVEl3Ck1URXhNakl4TWpnME1sb1hEVE13TVRFeE1ESXhNamcwTWxvd1pqRUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlYKQkFnTUFrTkJNUll3RkFZRFZRUUhEQTFUWVc0Z1JuSmhibk5wYzJOdk1RNHdEQVlEVlFRS0RBVk9SMGxPV0RFTQpNQW9HQTFVRUN3d0RTMGxETVJRd0VnWURWUVFEREF0bGVHRnRjR3hsTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNcmxLTXFySGZNUjRtZ2FMMnpaRzJEWVlmS0NGVm1JTmpsWXVPZUMKRkRUY1JnUUt0dTJZY0N4WllCQUR3SFp4RWY2TklLdFZzTVdMaFNOUy9OYzBCbXRpUU0vSUV4aGxDaURDNlNsOApPTnJJM3c3cUp6TjZJVUVSQjZ0VmxRdDA3cmdNMFYyNlVUWXUwSWt2MVk4dHJmTFlQWmNrekJrb3JRanBjaXVtCnFvUDJCSmY0eXljOUxxcHh0bFdLeGVsa3VuVkw1aWpNRXpwajlnRUUyNlRFSGJzZEViaG9SOGcwT2VIWnFIN2UKbVhDblNJQlIwQS9vL3M2bm9HTlgrRjE5bFk3VGd3NzdqT3VRUTVZc2krN25oTjJsS3ZjQzgxOVJYN29NcGd2dApWNUIzbkkwbUY2QmF6bmplVHM0eVFjcjFTbTNVVFZCd1g5WnV2TDdSYklYa1VtOENBd0VBQVRBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFnbTA0dzZPSVdHajZ0a2E5Y2NjY25ibEYwb1p6ZUVBSXl3anZSNXNEY1BkdkxJZU0KZWVzSnk2ckZINERCbU15Z3BjSXhKR3JTT3pabEYzTE12dzd6SzRzdHFOdG0xSGlwckY4Ynp4ZlRmZlZZbmNnNgpoVktFckh0WjJGWlJqLzJUTUowMWFSRFpTdVZiTDZVSmlva3BVNnh4VDd5eTBkRlprS3JqVVIzNDlnS3hScUp3CkFtMmFzMGJoaTUxRXFLMUdFeDNtNGMwdW4ydk5oNXFQMmh2NmUvUXplNlA5NnZlZk5hU2s5UU1GZnVCMWtTQWsKZkdwa2lMN2JqbWpuaEt3QW1mOGpEV0RabHRCNlM1NlF5MlFqUFI4Sm9PdXNiWXhhcjRjNkVjSXdWSHY2bWRnUAp5WnhXcVFzZ3RTZkZ4K1B3b245SVBLdXEwalFZZ2VaUFN4Uk1MQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTRENDQWpBQ0NRREtXdnJwd2lJeUNEQU5CZ2txaGtpRzl3MEJBUXNGQURCbU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhGakFVQmdOVkJBY01EVk5oYmlCR2NtRnVjMmx6WTI4eERqQU1CZ05WQkFvTQpCVTVIU1U1WU1Rd3dDZ1lEVlFRTERBTkxTVU14RkRBU0JnTlZCQU1NQzJWNFlXMXdiR1V1WTI5dE1CNFhEVEl3Ck1URXhNakl4TWpnME1sb1hEVE13TVRFeE1ESXhNamcwTWxvd1pqRUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlYKQkFnTUFrTkJNUll3RkFZRFZRUUhEQTFUWVc0Z1JuSmhibk5wYzJOdk1RNHdEQVlEVlFRS0RBVk9SMGxPV0RFTQpNQW9HQTFVRUN3d0RTMGxETVJRd0VnWURWUVFEREF0bGVHRnRjR3hsTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNcmxLTXFySGZNUjRtZ2FMMnpaRzJEWVlmS0NGVm1JTmpsWXVPZUMKRkRUY1JnUUt0dTJZY0N4WllCQUR3SFp4RWY2TklLdFZzTVdMaFNOUy9OYzBCbXRpUU0vSUV4aGxDaURDNlNsOApPTnJJM3c3cUp6TjZJVUVSQjZ0VmxRdDA3cmdNMFYyNlVUWXUwSWt2MVk4dHJmTFlQWmNrekJrb3JRanBjaXVtCnFvUDJCSmY0eXljOUxxcHh0bFdLeGVsa3VuVkw1aWpNRXpwajlnRUUyNlRFSGJzZEViaG9SOGcwT2VIWnFIN2UKbVhDblNJQlIwQS9vL3M2bm9HTlgrRjE5bFk3VGd3NzdqT3VRUTVZc2krN25oTjJsS3ZjQzgxOVJYN29NcGd2dApWNUIzbkkwbUY2QmF6bmplVHM0eVFjcjFTbTNVVFZCd1g5WnV2TDdSYklYa1VtOENBd0VBQVRBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFnbTA0dzZPSVdHajZ0a2E5Y2NjY25ibEYwb1p6ZUVBSXl3anZSNXNEY1BkdkxJZU0KZWVzSnk2ckZINERCbU15Z3BjSXhKR3JTT3pabEYzTE12dzd6SzRzdHFOdG0xSGlwckY4Ynp4ZlRmZlZZbmNnNgpoVktFckh0WjJGWlJqLzJUTUowMWFSRFpTdVZiTDZVSmlva3BVNnh4VDd5eTBkRlprS3JqVVIzNDlnS3hScUp3CkFtMmFzMGJoaTUxRXFLMUdFeDNtNGMwdW4ydk5oNXFQMmh2NmUvUXplNlA5NnZlZk5hU2s5UU1GZnVCMWtTQWsKZkdwa2lMN2JqbWpuaEt3QW1mOGpEV0RabHRCNlM1NlF5MlFqUFI4Sm9PdXNiWXhhcjRjNkVjSXdWSHY2bWRnUAp5WnhXcVFzZ3RTZkZ4K1B3b245SVBLdXEwalFZZ2VaUFN4Uk1MQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K

examples/custom-resources/oidc/README.md

@@ -2,6 +2,8 @@
 
 In this example, we deploy a web application, configure load balancing for it via a VirtualServer, and protect the application using an OpenID Connect policy and [Keycloak](https://www.keycloak.org/).
 
+**Note**: The example doesn’t work in clusters with IPv6 networking.
+
 ## Prerequisites
 
 1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller. This example requires that the HTTPS port of the Ingress Controller is `443`.

examples/custom-resources/oidc/nginx-config.yaml

@@ -8,6 +8,7 @@ data:
     resolver <kube-dns-ip> valid=5s;
     server {
         listen 12345;
+        listen [::]:12345;
         zone_sync;
         zone_sync_server nginx-ingress-headless.nginx-ingress.svc.cluster.local:12345 resolve;
     }

examples/custom-resources/oidc/webapp.yaml

@@ -46,6 +46,7 @@ data:
   app.conf: |-
     server {
     listen 8080;
+    listen [::]:8080;
 
     location / {
         default_type text/plain;