Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Ingress Nginx Chart #319

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update Ingress Nginx Chart #319

wants to merge 1 commit into from

Conversation

ronardcaktus
Copy link
Member

Some people at Wiz wrote a great post about this: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

Ingress Nginx version update (and other packages)

Ingress Nginx

> helm -n ingress-nginx list 
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
ingress-nginx   ingress-nginx   10              2025-03-26 10:57:17.291342 -0400 EDT    deployed        ingress-nginx-4.11.5    1.11.5

Cert Manager

> helm -n cert-manager list
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
cert-manager    cert-manager    9               2025-03-26 10:58:38.865938 -0400 EDT    deployed        cert-manager-v1.17.1    v1.17.1

New Relic

> helm -n newrelic list    
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
newrelic-bundle newrelic        9               2025-03-26 10:59:56.140238 -0400 EDT    deployed        nri-bundle-5.0.117

Ensure the admission webhook endpoint is not exposed externally

> kubectl get svc -n ...-production
NAME           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
app            ClusterIP   [IP Num here]    <none>        8000/TCP   4y218d
beat-service   ClusterIP   None            <none>        <none>     4y218d
redis          ClusterIP   [IP Num here]    <none>        6379/TCP   4y218d

 > kubectl get svc -n ...-staging   
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
app            ClusterIP   [IP Num here]    <none>        8000/TCP   4y218d
beat-service   ClusterIP   None             <none>        <none>     4y218d
redis          ClusterIP   [IP Num here]     <none>        6379/TCP   4y218d

Traffic Stops svc is of type ClusterIP. ClusterIP services are only accessible from within the cluster, you cannot directly curl it from outside. More on that here.

Closes:

@ronardcaktus
Update ingress nginx, cert manager, and new relic chart version

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode
ada4d3c
@copelco
Copy link
Member

copelco commented Mar 26, 2025

Task linked: CU-868d7jm29 Forward Justice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ronardcaktus @copelco