kubernetes
diff --git a/‎.github/ISSUE_TEMPLATE/bug_report.md
Lines changed: 2 additions & 2 deletions b/‎.github/ISSUE_TEMPLATE/bug_report.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/plugin.yaml
Lines changed: 2 additions & 5 deletions b/‎.github/workflows/plugin.yaml
Lines changed: 2 additions & 5 deletions
diff --git a/‎.github/workflows/scorecards.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/scorecards.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/stale.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/stale.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/vulnerability-scans.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/vulnerability-scans.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md
Lines changed: 10 additions & 9 deletions b/‎README.md
Lines changed: 10 additions & 9 deletions
diff --git a/‎changelog/controller-1.9.5.md
Lines changed: 37 additions & 0 deletions b/‎changelog/controller-1.9.5.md
Lines changed: 37 additions & 0 deletions
diff --git a/‎charts/ingress-nginx/Chart.yaml
Lines changed: 7 additions & 3 deletions b/‎charts/ingress-nginx/Chart.yaml
Lines changed: 7 additions & 3 deletions
diff --git a/‎charts/ingress-nginx/README.md
Lines changed: 5 additions & 4 deletions b/‎charts/ingress-nginx/README.md
Lines changed: 5 additions & 4 deletions
@@ -60,7 +60,7 @@ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --vers
 
 - **How was the ingress-nginx-controller installed**:
   - If helm was used then please show output of `helm ls -A | grep -i ingress`
-  - If helm was used then please show output of `helm -n <ingresscontrollernamepspace> get values <helmreleasename>`
+  - If helm was used then please show output of `helm -n <ingresscontrollernamespace> get values <helmreleasename>`
   - If helm was not used, then copy/paste the complete precise command used to install the controller, along with the flags and options used
   - if you have more than one instance of the ingress-nginx-controller installed in the same cluster, please provide details for all the instances
 
@@ -71,7 +71,7 @@ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --vers
   - `kubectl -n <ingresscontrollernamespace> describe svc <ingresscontrollerservicename>`
 
 - **Current state of ingress object, if applicable**:
-  - `kubectl -n <appnnamespace> get all,ing -o wide`
+  - `kubectl -n <appnamespace> get all,ing -o wide`
   - `kubectl -n <appnamespace> describe ing <ingressname>`
   - If applicable, then, your complete and exact curl/grpcurl command (redacted if required) and the reponse to the curl/grpcurl command with the -v flag
 
 
@@ -403,7 +403,7 @@ jobs:
           output: 'trivy-results.sarif'
       - name: Upload Trivy scan results to GitHub Security tab
         if: ${{ steps.filter-images.outputs.nginx-base == 'true' && always() }}
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
 
 
@@ -1,11 +1,8 @@
 name: kubectl plugin
 
 on:
-  push:
-    branches:
-      - "main"
-    tags:
-      - 'v*.*.*\+plugin'
+  release:
+    types: [published]
 
 permissions:
   contents: write # for goreleaser/goreleaser-action
 
@@ -59,6 +59,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37
+        uses: github/codeql-action/upload-sarif@03e7845b7bfcd5e7fb63d1ae8c61b0e791134fab # v2.1.37
         with:
           sarif_file: results.sarif
@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
         with:
           stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
           stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack."
 
@@ -75,7 +75,7 @@ jobs:
 
       # This step checks out a copy of your repository.
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37
+        uses: github/codeql-action/upload-sarif@03e7845b7bfcd5e7fb63d1ae8c61b0e791134fab # v2.1.37
         with:
           token: ${{ github.token }}
           # Path to SARIF file relative to the root of the repository
 
@@ -38,15 +38,16 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but
 
 |  Supported  | Ingress-NGINX version | k8s supported version        | Alpine Version | Nginx Version | Helm Chart Version |
 |:--:|-----------------------|------------------------------|----------------|---------------|------------------------------|
-| 🔄 | **v1.9.4**            | 1.28, 1.27,1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3*                        |
-| 🔄 | **v1.9.3**            | 1.28, 1.27,1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
-| 🔄 | **v1.9.1**            | 1.28, 1.27,1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
-| 🔄 | **v1.9.0**            | 1.28, 1.27,1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*                        |
-| 🔄 | **v1.8.4**            | 1.27,1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
-| 🔄 | **v1.8.2**            | 1.27,1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
-| 🔄 | **v1.8.1**            | 1.27,1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*              |
-| 🔄 | **v1.8.0**            | 1.27,1.26, 1.25, 1.24        | 3.18.0         | 1.21.6        | 4.7.*              |
-| 🔄 | **v1.7.1**            | 1.27,1.26, 1.25, 1.24        | 3.17.2         | 1.21.6        | 4.6.*              |
+| 🔄 | **v1.9.5**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.9.0*                        |
+| 🔄 | **v1.9.4**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3                        |
+| 🔄 | **v1.9.3**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
+| 🔄 | **v1.9.1**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
+| 🔄 | **v1.9.0**            | 1.28, 1.27, 1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*                        |
+| 🔄 | **v1.8.4**            | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
+| 🔄 | **v1.8.2**            | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
+| 🔄 | **v1.8.1**            | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*              |
+| 🔄 | **v1.8.0**            | 1.27, 1.26, 1.25, 1.24        | 3.18.0         | 1.21.6        | 4.7.*              |
+| 🔄 | **v1.7.1**            | 1.27, 1.26, 1.25, 1.24        | 3.17.2         | 1.21.6        | 4.6.*              |
 | 🔄 | **v1.7.0**            | 1.26, 1.25, 1.24             | 3.17.2         | 1.21.6        | 4.6.*              |
 |    | v1.6.4                | 1.26, 1.25, 1.24, 1.23       | 3.17.0         | 1.21.6        | 4.5.*              |
 |    | v1.5.1                | 1.25, 1.24, 1.23             | 3.16.2         | 1.21.6        | 4.4.*              |
 
@@ -0,0 +1,37 @@
+# Changelog
+
+### controller-v1.9.5
+
+Images:
+
+* registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e
+* registry.k8s.io/ingress-nginx/controller-chroot:v1.9.5@sha256:9a8d7b25a846a6461cd044b9aea9cf6cad972bcf2e64d9fd246c0279979aad2d
+
+### All changes:
+
+* update nginx build (#10781)
+* update images from golang upgrade (#10762)
+* fix: remove tcpproxy copy error handling (#10715)
+* Ignore fake certificate for NGINXCertificateExpiry (#10694)
+* Comment NGINXCertificateExpiry alert label matcher (#10692)
+* chart: allow setting allocateLoadBalancerNodePorts (#10693)
+* [release-1.9] feat(helm): add documentation about metric args (#10695)
+* chore(dep): change lua-resty-cookie's repo (#10691)
+* annotation validation - extended URLWithNginxVariableRegex from alphaNumericChars to extendedAlphaNumeric (#10656)
+* fix: adjust unfulfillable validation check for session-cookie-samesite annotation (#10604)
+* fix: Validate x-forwarded-prefix annotation with RegexPathWithCapture (#10603)
+* Increase HSTS max-age to default to one year (#10580)
+* [release-1.9] update nginx base, httpbun, e2e, helm webhook cert gen (#10507)
+* [release-1.9] add upstream patch for CVE-2023-44487 (#10499)
+* fix brotli build issues (#10468)
+* upgrade owasp modsecurity core rule set to v3.3.5 (#10437)
+* Accept backend protocol on any case (#10461)
+* Chart: Rework network policies. (#10438)
+* Rework mage (#10418)
+
+### Dependency updates:
+
+* Bump x/net (#10517)
+* Bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#10436)
+
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.9.4...controller-v1.9.5
@@ -1,9 +1,13 @@
 annotations:
   artifacthub.io/changes: |-
-     - "Update Ingress-Nginx version controller-v1.9.4"
+    - "Add controller.metrics.serviceMonitor.annotations in Helm chart"
+    - "fix(labels): use complete labels variable on default-backend deployment"
+    - "chart: allow setting allocateLoadBalancerNodePorts (#10693)"
+    - "[release-1.9] feat(helm): add documentation about metric args (#10695)"
+    - "Update Ingress-Nginx version controller-v1.9.5"
   artifacthub.io/prerelease: "false"
 apiVersion: v2
-appVersion: 1.9.4
+appVersion: 1.9.5
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
   load balancer
 home: https://github.com/kubernetes/ingress-nginx
@@ -19,4 +23,4 @@ maintainers:
 name: ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
-version: 4.8.4
+version: 4.9.0
@@ -2,7 +2,7 @@
 
 [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
 
-![Version: 4.8.4](https://img.shields.io/badge/Version-4.8.4-informational?style=flat-square) ![AppVersion: 1.9.4](https://img.shields.io/badge/AppVersion-1.9.4-informational?style=flat-square)
+![Version: 4.9.0](https://img.shields.io/badge/Version-4.9.0-informational?style=flat-square) ![AppVersion: 1.9.5](https://img.shields.io/badge/AppVersion-1.9.5-informational?style=flat-square)
 
 To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
 
@@ -317,16 +317,16 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
 | controller.image.allowPrivilegeEscalation | bool | `false` |  |
 | controller.image.chroot | bool | `false` |  |
-| controller.image.digest | string | `"sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3"` |  |
-| controller.image.digestChroot | string | `"sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26"` |  |
+| controller.image.digest | string | `"sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e"` |  |
+| controller.image.digestChroot | string | `"sha256:9a8d7b25a846a6461cd044b9aea9cf6cad972bcf2e64d9fd246c0279979aad2d"` |  |
 | controller.image.image | string | `"ingress-nginx/controller"` |  |
 | controller.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.image.readOnlyRootFilesystem | bool | `false` |  |
 | controller.image.registry | string | `"registry.k8s.io"` |  |
 | controller.image.runAsNonRoot | bool | `true` |  |
 | controller.image.runAsUser | int | `101` |  |
 | controller.image.seccompProfile.type | string | `"RuntimeDefault"` |  |
-| controller.image.tag | string | `"v1.9.4"` |  |
+| controller.image.tag | string | `"v1.9.5"` |  |
 | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
 | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
 | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |
@@ -369,6 +369,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.metrics.service.servicePort | int | `10254` |  |
 | controller.metrics.service.type | string | `"ClusterIP"` |  |
 | controller.metrics.serviceMonitor.additionalLabels | object | `{}` |  |
+| controller.metrics.serviceMonitor.annotations | object | `{}` |  |
 | controller.metrics.serviceMonitor.enabled | bool | `false` |  |
 | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` |  |
 | controller.metrics.serviceMonitor.namespace | string | `""` |  |