Skip to content

Add OIDC timeout customization to ConfigMap #8495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Nov 6, 2025
Merged

Add OIDC timeout customization to ConfigMap #8495

merged 15 commits into from
Nov 6, 2025

Conversation

@AlexFenlon
Copy link
Contributor

@AlexFenlon AlexFenlon commented Nov 5, 2025
edited
Loading

Proposed changes

  • Add an options for users to change timeout values for OIDC
  • Fix a bug when PKCE was enabled for two or more virtual servers resulting in a duplicate keyval_zone log. The fix was to separate the pkce_supplements.conf intho the respective templates which was required for this change regardless.
Warning  AddedOrUpdatedWithError    20s   nginx-ingress-controller  Configuration for default/webapp was added or updated ; but was not applied: error when reloading NGINX when updating Policy: nginx reload failed: command /usr/sbin/nginx -s reload -e stderr stdout: ""
stderr: "2025/11/04 14:02:41 [emerg] 44#44: duplicate zone \"oidc_pkce\" in /etc/nginx/oidc/oidc_pkce_supplements.conf:5\n"

eg.
ConfigMap

...
data:
  zone-sync: "true"
  resolver-addresses: kube-dns.kube-system.svc.cluster.local
  resolver-valid: 5s
  oidc-pkce-timeout: 2m
  oidc-id-tokens-timeout: 2h
  oidc-access-tokens-timeout: 30m
  oidc-refresh-tokens-timeout: 1h
  oidc-sids-timeout: 120s

nginx.conf

    keyval_zone zone=oidc_pkce:128K        timeout=2m sync;
    keyval_zone zone=oidc_id_tokens:1M     timeout=2h sync;
    keyval_zone zone=oidc_access_tokens:1M timeout=30m sync;
    keyval_zone zone=refresh_tokens:1M     timeout=1h sync;
    keyval_zone zone=oidc_sids:1M          timeout=120s sync;
    include oidc/oidc_common.conf;

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@github-actions github-actions bot added enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code labels Nov 5, 2025
@AlexFenlon AlexFenlon linked an issue Nov 5, 2025 that may be closed by this pull request
OIDC pkce timeout #8213
Closed
@AlexFenlon AlexFenlon self-assigned this Nov 5, 2025
@codecov
Copy link

codecov bot commented Nov 5, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.58%. Comparing base (b90ad21) to head (1a29b69).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #8495      +/-   ##
==========================================
+ Coverage   53.41%   53.58%   +0.17%     
==========================================
  Files          91       91              
  Lines       18191    18250      +59     
==========================================
+ Hits         9717     9780      +63     
+ Misses       7962     7960       -2     
+ Partials      512      510       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 5, 2025
edited
Loading

Package Report

gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx, 1.29.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-module-njs, 1.29.1+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-module-otel, 1.29.1+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-agent, 3.3.2~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx, 1.29.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-module-njs, 1.29.1+0.9.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-module-otel, 1.29.1+0.1.2-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-agent, 3.3.2~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-agent, 3.3.2~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus, 35-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-njs, 35+0.9.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-otel, 35+0.1.2-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-fips-check, 35+0.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-agent, 3.3.2~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-appprotect, 35+5.527.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect, 35+5.527.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect-attack-signatures, 2025.10.29-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect-threat-campaigns, 2025.11.03-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-agent, 2.44.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-appprotect, 35+5.527.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect-module-plus, 35+5.527.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect-plugin, 6.23.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-agent, 2.44.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-appprotectdos, 35+4.7.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect-dos, 35+4.7.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-appprotect, 35+5.527.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect, 35+5.527.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect-attack-signatures, 2025.10.29-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect-threat-campaigns, 2025.11.03-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-plus-module-appprotectdos, 35+4.7.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, app-protect-dos, 35+4.7.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590, nginx-agent, 2.44.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx, 1.29.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-module-njs, 1.29.1.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-module-otel, 1.29.1.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-agent, 3.3.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx, 1.29.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-module-njs, 1.29.1.0.9.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-module-otel, 1.29.1.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-agent, 3.3.2, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-plus, 35-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-plus-module-njs, 35.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-plus-module-otel, 35.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-plus-module-fips-check, 35.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-agent, 3.3.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-plus, 35-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-plus-module-njs, 35.0.9.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-plus-module-otel, 35.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-plus-module-fips-check, 35.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine, nginx-agent, 3.3.2, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus, 35-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-njs, 35.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-otel, 35.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-fips-check, 35.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-agent, 3.3.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus, 35-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-njs, 35.0.9.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-otel, 35.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-fips-check, 35.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-agent, 3.3.2, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus, 35-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-njs, 35.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-otel, 35.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-fips-check, 35.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-agent, 2.44.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-appprotect, 35.5.527.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, app-protect, 35.5.527.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, app-protect-attack-signatures, 2025.10.29-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, app-protect-threat-campaigns, 2025.11.03-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus, 35-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-njs, 35.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-otel, 35.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-fips-check, 35.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-agent, 2.44.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, nginx-plus-module-appprotect, 35.5.527.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, app-protect-module-plus, 35.5.527.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-alpine-fips, app-protect-plugin, 6.23.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx, 1.29.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-module-njs, 1.29.1+0.9.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-module-otel, 1.29.1+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-agent, 3.3.2-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx, 1.29.1-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-module-njs, 1.29.1+0.9.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-module-otel, 1.29.1+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-agent, 3.3.2-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-agent, 3.3.2-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus, 35-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-agent, 3.3.2-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-agent, 2.44.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-appprotect, 35+5.527.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect, 35+5.527.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect-attack-signatures, 2025.10.29-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect-threat-campaigns, 2025.11.03-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-agent, 2.44.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-appprotect, 35+5.527.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect-module-plus, 35+5.527.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect-plugin, 6.23.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus, 35-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus-module-njs, 35+0.9.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus-module-otel, 35+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus-module-fips-check, 35+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-agent, 2.44.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus-module-appprotect, 35+5.527.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, app-protect, 35+5.527.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, app-protect-attack-signatures, 2025.10.29-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, app-protect-threat-campaigns, 2025.11.03-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus, 35-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus-module-njs, 35+0.9.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus-module-otel, 35+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus-module-fips-check, 35+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-agent, 2.44.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, nginx-plus-module-appprotect, 35+5.527.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, app-protect-module-plus, 35+5.527.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi8, app-protect-plugin, 6.23.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-appprotectdos, 35+4.7.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect-dos, 35+4.7.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-appprotect, 35+5.527.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-plus-module-appprotectdos, 35+4.7.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, nginx-agent, 2.44.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect, 35+5.527.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect-attack-signatures, 2025.10.29-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect-threat-campaigns, 2025.11.03-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-f1dc63f935f8d6a8a85c376e08fbb590-ubi, app-protect-dos, 35+4.7.3-1.el9.ngx, x86_64

@AlexFenlon
Copy link
Contributor Author

AlexFenlon commented Nov 5, 2025
edited
Loading

Based on the discussion internally, we have decided to leave the sync flag hardcoded in the keyval_zone configuration.

While this change makes sense on the surface, changing the sync flag based on if the zone-sync flag is enabled, doing so could introduce breaking changes for users relying on the old method (snippets) as well as cause inconsistancies with upgrading.

Previous examples, such as rate-limiting, there was a workaround we did which was appending _sync to the zone name when zone-sync was enabled though the ConfigMap. This is a good approach but for this it doesn't seem the right approch for this case for backwards compatability reasons.

@AlexFenlon AlexFenlon marked this pull request as ready for review November 5, 2025 16:02
@AlexFenlon AlexFenlon requested a review from a team as a code owner November 5, 2025 16:02
Copilot AI review requested due to automatic review settings November 5, 2025 16:02
Copilot AI reviewed Nov 5, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds customizable timeout configuration for OIDC authentication parameters and fixes a duplicate zone definition bug that occurred when PKCE was enabled for multiple virtual servers.

  • Adds five new ConfigMap parameters for OIDC timeout customization (PKCE, ID tokens, access tokens, refresh tokens, and SIDs)
  • Moves keyval_zone definitions from static configuration files into the main template with configurable timeout values
  • Replaces the include oidc/oidc_pkce_supplements.conf directive with inline keyval declarations to prevent duplicate zone errors

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
internal/configs/version2/templates_test.go Updates test expectation to match new inline keyval directive
internal/configs/version2/nginx-plus.virtualserver.tmpl Replaces PKCE supplements include with inline keyval declaration
internal/configs/version2/snapshots/templates_test.snap Updates test snapshots to reflect template changes
internal/configs/version1/nginx-plus.tmpl Adds configurable keyval_zone definitions with timeout parameters
internal/configs/version1/config.go Introduces OIDCConfig struct to replace boolean OIDC flag
internal/configs/oidc/oidc_pkce_supplements.conf Removes file that caused duplicate zone definitions
internal/configs/oidc/oidc_common.conf Removes hardcoded keyval_zone definitions (moved to template)
internal/configs/configmaps_test.go Adds comprehensive test coverage for OIDC timeout parsing
internal/configs/configmaps.go Implements parsing logic for OIDC timeout ConfigMap parameters
internal/configs/config_params.go Adds OIDC struct to ConfigParams with default timeout values

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

javorszky
javorszky previously approved these changes Nov 5, 2025
View reviewed changes
pdabelf5
pdabelf5 requested changes Nov 5, 2025
View reviewed changes
Copy link
Collaborator

@pdabelf5 pdabelf5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get some tests that show the values outside the defaults

@AlexFenlon
Update OIDC timeout test, add errors timeout test, add VirtualServer …
61190da 
…test that checks OIDC timeout nginx conf values
@AlexFenlon AlexFenlon merged commit 6725ed6 into main Nov 6, 2025
94 checks passed
@AlexFenlon AlexFenlon deleted the enhancement/oidc-pkce-timeout branch November 6, 2025 16:55
This was referenced Nov 6, 2025
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vepatel vepatel vepatel approved these changes

@pdabelf5 pdabelf5 pdabelf5 approved these changes

@javorszky javorszky javorszky left review comments

Assignees

@AlexFenlon AlexFenlon

Labels

enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OIDC pkce timeout

5 participants

@AlexFenlon @javorszky @vepatel @pdabelf5