Skip to content

skipper: Update to version v0.22.188 #10160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
k8s-on-aws-manager-app wants to merge 30 commits into
base: dev
Choose a base branch
from
+122 −10
Open

skipper: Update to version v0.22.188 #10160

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
2147ef0
skipper: Update to version v0.22.159
k8s-on-aws-manager-app[bot] Nov 6, 2025
450c0ef
skipper: Update to version v0.22.160
k8s-on-aws-manager-app[bot] Nov 6, 2025
5a19e31
skipper: Update to version v0.22.161
k8s-on-aws-manager-app[bot] Nov 6, 2025
163877b
skipper: Update to version v0.22.162
k8s-on-aws-manager-app[bot] Nov 6, 2025
aff5f90
skipper: Update to version v0.22.163
k8s-on-aws-manager-app[bot] Nov 6, 2025
a939d51
skipper: Update to version v0.22.164
k8s-on-aws-manager-app[bot] Nov 6, 2025
5ad5a99
skipper: Update to version v0.22.165
k8s-on-aws-manager-app[bot] Nov 6, 2025
7f3ac91
skipper: Update to version v0.22.166
k8s-on-aws-manager-app[bot] Nov 7, 2025
ef6bc3c
skipper: Update to version v0.22.167
k8s-on-aws-manager-app[bot] Nov 10, 2025
aa662dc
skipper: Update to version v0.22.168
k8s-on-aws-manager-app[bot] Nov 18, 2025
54fd948
skipper: Update to version v0.22.169
k8s-on-aws-manager-app[bot] Nov 18, 2025
48fc631
skipper: Update to version v0.22.170
k8s-on-aws-manager-app[bot] Nov 20, 2025
a3134ba
skipper: Update to version v0.22.171
k8s-on-aws-manager-app[bot] Dec 3, 2025
8c60bd2
skipper: Update to version v0.22.172
k8s-on-aws-manager-app[bot] Dec 3, 2025
f2f4506
skipper: Update to version v0.22.173
k8s-on-aws-manager-app[bot] Dec 3, 2025
dc1be5d
skipper: Update to version v0.22.174
k8s-on-aws-manager-app[bot] Dec 3, 2025
f4563c7
skipper: Update to version v0.22.175
k8s-on-aws-manager-app[bot] Dec 3, 2025
29c8c1d
skipper: Update to version v0.22.176
k8s-on-aws-manager-app[bot] Dec 3, 2025
8bb6fed
skipper: Update to version v0.22.177
k8s-on-aws-manager-app[bot] Dec 3, 2025
463233e
skipper: Update to version v0.22.178
k8s-on-aws-manager-app[bot] Dec 3, 2025
becaa6f
skipper: Update to version v0.22.179
k8s-on-aws-manager-app[bot] Dec 3, 2025
492aa3e
skipper: Update to version v0.22.180
k8s-on-aws-manager-app[bot] Dec 4, 2025
c1410b2
skipper: Update to version v0.22.181
k8s-on-aws-manager-app[bot] Dec 4, 2025
09ebf0c
skipper: Update to version v0.22.182
k8s-on-aws-manager-app[bot] Dec 4, 2025
be00692
skipper: Update to version v0.22.183
k8s-on-aws-manager-app[bot] Dec 8, 2025
31521bf
skipper: Update to version v0.22.184
k8s-on-aws-manager-app[bot] Dec 8, 2025
efc1953
skipper: Update to version v0.22.185
k8s-on-aws-manager-app[bot] Dec 9, 2025
44a416f
skipper: Update to version v0.22.186
k8s-on-aws-manager-app[bot] Dec 9, 2025
b76f6b3
skipper: Update to version v0.22.187
k8s-on-aws-manager-app[bot] Dec 9, 2025
40b8460
skipper: Update to version v0.22.188
k8s-on-aws-manager-app[bot] Dec 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
126 changes: 119 additions & 7 deletions cluster/manifests/02-skipper-validation-webhook/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,17 +50,55 @@ spec:
- name: ndots
value: "1"
priorityClassName: system-cluster-critical
serviceAccountName: skipper-validation-webhook
containers:
- name: skipper-admission-webhook
image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.142
image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.186
env:
{{ if or (eq .Cluster.ConfigItems.skipper_local_tokeninfo "production") (eq .Cluster.ConfigItems.skipper_local_tokeninfo "bridge") }}
- name: LOCAL_TOKENINFO
value: "true"
{{ end }}
{{ if eq .Cluster.ConfigItems.skipper_local_tokeninfo "bridge" }}
- name: LOCAL_TOKENINFO_SANDBOX
value: "true"
{{ end }}
{{ if or (eq .Cluster.ConfigItems.nlb_switch "pre") (eq .Cluster.ConfigItems.nlb_switch "exec") }}
- name: HTTP_REDIRECT
value: "true"
{{ end }}
{{ if eq .Cluster.ConfigItems.skipper_lua_scripts_enabled "true" }}
- name: LUA_PATH
value: /etc/skipper/lua/?.lua
- name: DATADOME_API_KEY
valueFrom:
secretKeyRef:
name: skipper-ingress
key: datadome-api-key
- name: KASADA_API_KEY
valueFrom:
secretKeyRef:
name: skipper-ingress
key: kasada-api-key
{{ end }}
args:
- skipper
- -support-listener=:9981
- --validation-webhook-enabled=true
- --validation-webhook-address=:9085
- --validation-webhook-cert-file=/etc/tls-certs/skipper-validation-webhook.pem
- --validation-webhook-key-file=/etc/tls-certs/skipper-validation-webhook-key.pem
- "--enable-advanced-validation={{ .Cluster.ConfigItems.enable_advanced_validation }}"
- "-support-listener=:9981"
- "-validation-webhook-enabled=true"
- "-validation-webhook-address=:9085"
- "-validation-webhook-cert-file=/etc/tls-certs/skipper-validation-webhook.pem"
- "-validation-webhook-key-file=/etc/tls-certs/skipper-validation-webhook-key.pem"
- "-enable-profile"
- "-memory-profile-rate=1"
- "-block-profile-rate=10"
- "-mutex-profile-fraction=10"
- "-kubernetes"
- "-kubernetes-in-cluster"
- "-kubernetes-healthcheck=false" # see -inline-routes
- "-kubernetes-path-mode=path-prefix"
- "-enable-kubernetes-endpointslices={{ .Cluster.ConfigItems.skipper_endpointslices_enabled }}"
- "-enable-advanced-validation={{ .Cluster.ConfigItems.enable_advanced_validation }}"
- "-source-poll-timeout=2592000000" # 30d
- "-metrics-flavour=prometheus"
- "-metrics-exp-decay-sample"
- "-enable-prometheus-start-label={{ .Cluster.ConfigItems.skipper_prometheus_start_label_enabled }}"
Expand All @@ -73,6 +111,22 @@ spec:
- "-disable-metrics-compat"
- "-histogram-metric-buckets=.0001,.00025,.0005,.00075,.001,.0025,.005,.0075,.01,.025,.05,.075,.1,.2,.3,.4,.5,.75,1,2,3,4,5,7,10,15,20,30,60,120,300,600"
- "-disabled-filters={{ .Cluster.ConfigItems.skipper_disabled_filters }}"
- "-compress-encodings={{ .Cluster.ConfigItems.skipper_compress_encodings }}"
- "-enable-ratelimits"
{{ if eq .Cluster.ConfigItems.skipper_ingress_redis_swarm_enabled "true" }}
- "-enable-swarm"
- "-swarm-redis-dial-timeout={{ .Cluster.ConfigItems.skipper_redis_dial_timeout }}"
- "-swarm-redis-pool-timeout={{ .Cluster.ConfigItems.skipper_redis_pool_timeout }}"
- "-swarm-redis-read-timeout={{ .Cluster.ConfigItems.skipper_redis_read_timeout }}"
- "-swarm-redis-write-timeout={{ .Cluster.ConfigItems.skipper_redis_write_timeout }}"
- "-cluster-ratelimit-max-group-shards={{ .Cluster.ConfigItems.skipper_cluster_ratelimit_max_group_shards }}"
- "-swarm-redis-min-conns=1"
- "-swarm-redis-max-conns=1"
- "-kubernetes-redis-service-namespace=kube-system"
- "-kubernetes-redis-service-name=skipper-ingress-redis"
- "-kubernetes-redis-service-port=6379"
{{ end }}
- "-lua-sources={{ .Cluster.ConfigItems.skipper_lua_sources }}"
- "-default-filters-dir=/etc/config/default-filters"
- '-default-filters-prepend={{ .Cluster.ConfigItems.skipper_default_filters }}'
- '-default-filters-append={{ .Cluster.ConfigItems.skipper_default_filters_authentication }}'
Expand All @@ -81,6 +135,27 @@ spec:
- '-kubernetes-annotation-filters-append={{ .Cluster.ConfigItems.skipper_kubernetes_annotation_filters_append }}'
- '-kubernetes-east-west-range-annotation-predicates={{ .Cluster.ConfigItems.skipper_kubernetes_east_west_range_annotation_predicates }}'
- '-kubernetes-east-west-range-annotation-filters-append={{ .Cluster.ConfigItems.skipper_kubernetes_east_west_range_annotation_filters_append }}'
- "-oauth2-tokeninfo-url=http://127.0.0.1:9021/oauth2/tokeninfo"
{{ if eq .Cluster.ConfigItems.skipper_oauth2_ui_login "true" }}
- "-enable-oauth2-grant-flow"
- "-oauth2-auth-url={{ .Cluster.ConfigItems.skipper_oauth2_auth_url }}"
- "-oauth2-token-url={{ .Cluster.ConfigItems.skipper_oauth2_token_url }}"
- "-oauth2-secret-file=/etc/skipper/secret/encryption-key"
- "-oauth2-client-id-file=/etc/skipper/hostname-credentials/{host}-grant-credentials-employee-client-id"
- "-oauth2-client-secret-file=/etc/skipper/hostname-credentials/{host}-grant-credentials-employee-client-secret"
- "-credentials-update-interval=1m"
- "-oauth2-token-cookie-name={{ .Cluster.ConfigItems.skipper_oauth2_cookie_name }}"
- "-oauth2-token-cookie-remove-subdomains=0"
- "-oauth2-callback-path={{ .Cluster.ConfigItems.skipper_oauth2_redirect_uri_path }}"
- "-oauth2-grant-tokeninfo-keys={{ .Cluster.ConfigItems.skipper_oauth2_ui_login_tokeninfo_keys }}"
{{ end }}
{{ if eq .Cluster.ConfigItems.skipper_open_policy_agent_enabled "true" }}
- "-enable-open-policy-agent"
- "-open-policy-agent-config-template=/etc/skipper/open-policy-agent/opaconfig.yaml"
- "-open-policy-agent-envoy-metadata=/etc/skipper/open-policy-agent/envoymetadata.json"
- "-enable-open-policy-agent-data-preprocessing-optimization={{ .Cluster.ConfigItems.skipper_open_policy_agent_data_preprocessing_optimization_enabled }}"
- "-enable-open-policy-agent-preloading={{ .Cluster.ConfigItems.skipper_open_policy_agent_preloading_enabled }}"
{{ end }}
lifecycle:
preStop:
sleep:
Expand Down Expand Up @@ -110,6 +185,24 @@ spec:
readOnly: true
- name: filters
mountPath: /etc/config/default-filters
{{ if eq .Cluster.ConfigItems.skipper_lua_scripts_enabled "true" }}
- name: lua
mountPath: /etc/skipper/lua
readOnly: true
{{ end }}
{{ if eq .Cluster.ConfigItems.skipper_oauth2_ui_login "true"}}
- name: hostname-credentials
mountPath: /etc/skipper/hostname-credentials
readOnly: true
- name: encryption-key
mountPath: /etc/skipper/secret
readOnly: true
{{ end }}
{{ if eq .Cluster.ConfigItems.skipper_open_policy_agent_enabled "true" }}
- name: open-policy-agent-config
mountPath: /etc/skipper/open-policy-agent
readOnly: true
{{ end }}
volumes:
- name: tls-certs
secret:
Expand All @@ -118,3 +211,22 @@ spec:
configMap:
name: skipper-default-filters
optional: true
{{ if eq .Cluster.ConfigItems.skipper_lua_scripts_enabled "true" }}
- name: lua
configMap:
name: skipper-ingress-lua
optional: true
{{ end }}
{{ if eq .Cluster.ConfigItems.skipper_oauth2_ui_login "true"}}
- name: hostname-credentials
secret:
secretName: hostname-credentials
- name: encryption-key
secret:
secretName: skipper-ingress
{{ end }}
{{ if eq .Cluster.ConfigItems.skipper_open_policy_agent_enabled "true" }}
- name: open-policy-agent-config
configMap:
name: open-policy-agent-config
{{ end }}
6 changes: 3 additions & 3 deletions cluster/node-pools/master-default/userdata.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,7 @@ write_files:
- mountPath: /etc/kubernetes/admission-controller-kubeconfig
name: admission-controller-kubeconfig
readOnly: true
- image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-157
- image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-158
name: webhook
ports:
- containerPort: 8081
Expand Down Expand Up @@ -412,7 +412,7 @@ write_files:
value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }}
{{ end }}
- name: skipper-proxy
image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.127
image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.188
args:
- skipper
- -access-log-strip-query
Expand Down Expand Up @@ -463,7 +463,7 @@ write_files:
name: ssl-certs-kubernetes
readOnly: true
- name: skipper-metrics
image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.127
image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.188
args:
- skipper
- -access-log-strip-query
Expand Down