Bump nginx-controller from 1.3.1 to 1.11.2

João Alexandre Cunharequested to merge
bump-nginx-controller-to-1-11-2 into master

What does this MR do?

Bump nginx-controller from 1.3.1 to 1.11.2

Our controller image is many versions behind. This should help us to
mitigate security risks, bugs, as well as facilitate the upgrade of the
chart version.

Changelog: changed

We're also adding a migration path for users which disable the NGINX RBAC and need to still keep using v1.3.1 until they update their RBAC rules. To support this migration we will:

  • Default to 1.11.2, but fallback to 1.3.1 if users have nginx-ingress.rbac.create=false or the geo nginx has it false.
  • Add a conditional nginx-controller.controller.image.disableFallback to allow users which manage their own RBAC to migrate to the new 1.11.2.
  • Deprecate the old image fallback for removal in chart 8.8. I.e., in 8.8 all the chart configurations will default to 1.11.2.

Related issues

Closes Update NGINX Ingress Controller image to v1.11.2 (#5095 - closed)

Required changes that should go along with this MR

Test scenarios

  • GitLab-qa against non-FIPS deployment.
  • GitLab-qa against FIPS deployment.
  • GitLab-qa against Operator.
  • Validate for GEO that the use-forwarded-headers flag config is still up-to-date.

Author checklist

For general guidance, please follow our Contributing guide.

Required

For anything in this list which will not be completed, please provide a reason in the MR discussion.

  • Merge Request Title and Description are up to date, accurate, and descriptive.
  • MR targeting the appropriate branch.
  • MR has a green pipeline.
  • Documentation created/updated.
  • Tests added/updated, and test plan for scenarios not covered by automated tests.
  • Equivalent MR/issue for omnibus-gitlab opened.

Reviewers checklist

Edited by João Alexandre Cunha

Merge request reports