Skip to content

Bug/8742 multiple regex paths vsr#9621

Open
javorszky wants to merge 22 commits intomainfrom
bug/8742-multiple-regex-paths-vsr
Open

Bug/8742 multiple regex paths vsr#9621
javorszky wants to merge 22 commits intomainfrom
bug/8742-multiple-regex-paths-vsr

Conversation

@javorszky
Copy link
Copy Markdown
Contributor

@javorszky javorszky commented Apr 14, 2026

Proposed changes

Currently when a VS refers to a regex path and a VSR, that VSR can only ever contain that one route that matches exactly the VS definition.

The work in this PR is to allow a VS to have multiple regex routes that refer to the same VSR. That VSR then should have the same number of routes that also match. This would allow the following situations:

# virtual-server.yaml
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: cafe
  namespace: default
spec:
  host: cafe.example.com
  tls:
    secret: cafe-tls-secret
  upstreams:
    - name: static
      service: static-svc
      port: 80
  routes:
    # Non-regex: handled directly by the VS
    - path: /static
      action:
        pass: static

    # 3 regex routes all referencing the same "api" VSR
    - path: ~/api/v1
      route: default/api
    - path: ~/api/v2
      route: default/api
    - path: ~/api/v3
      route: default/api

    # 2 regex routes referencing the "images" VSR
    - path: "~*/images/jpg"
      route: default/images
    - path: "~*/images/png"
      route: default/images
---
# api-virtual-server-route.yaml
apiVersion: k8s.nginx.org/v1
kind: VirtualServerRoute
metadata:
  name: api
  namespace: default
spec:
  host: cafe.example.com
  upstreams:
    - name: api-v1
      service: api-v1-svc
      port: 8080
    - name: api-v2
      service: api-v2-svc
      port: 8080
    - name: api-v3
      service: api-v3-svc
      port: 8080
  subroutes:
    - path: ~/api/v1
      action:
        pass: api-v1
    - path: ~/api/v2
      action:
        pass: api-v2
    - path: ~/api/v3
      action:
        pass: api-v3
---
# images-virtual-server-route.yaml
apiVersion: k8s.nginx.org/v1
kind: VirtualServerRoute
metadata:
  name: images
  namespace: default
spec:
  host: cafe.example.com
  upstreams:
    - name: images-jpg
      service: images-jpg-svc
      port: 8080
    - name: images-png
      service: images-png-svc
      port: 8080
  subroutes:
    - path: "~*/images/jpg"
      action:
        pass: images-jpg
    - path: "~*/images/png"
      action:
        pass: images-png

The checks that should happen:

  • all paths are normalised first (so that ~* /api and *~/api are not treated differently)
  • then the VS regex routes are collected by VSR reference, and those VS route bundles are validated against the relevant VSR
    • all VS routes need to exist in the VSR (so VS is not referencing something that doesn't exist in the VSR)
    • all VSR routes need to exist in the VS (so VSR doesn't have an entry that VS wouldn't be forwarding)
  • non-regex paths are processed as previous

And then there are a bunch of changes that allow the above:

  • change the function signature to allow sending batch routes rather than a single one
  • change code because of that signature change
  • add some additional utility code for normalisation and deduplication

This is still very much a draft PR, I want to have conversations whether the approach is good, whether the assumptions are sound, and whether things could live in better places.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

javorszky and others added 4 commits April 14, 2026 10:33
@javorszky
validation: add NormalizePath helper and PathModifier constants
43f639f 
Add exported PathModifier* constants for the four NGINX location
modifiers (=, ^~, ~, ~*) and an exported NormalizePath function that
strips optional whitespace between a modifier and its URI, so that
'~ /api' and '~/api' compare equal.

Add unexported pathModifierOf helper that returns the modifier string
for a given path, used by the updated subroute validation logic.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@javorszky
validation: support multiple regex VS paths in VSR subroute validation
47f380a 
Change ValidateVirtualServerRouteForVirtualServer to accept vsPaths
[]string instead of a single vsPath string. This allows a single VSR
to be referenced by more than one VS regex route.

The new validateVirtualServerRouteSubroutes logic handles four cases:
- Standalone (len==0): no path constraint, duplicate-path check only
- Exact (=): still requires exactly one subroute matching the VS path
- Regex (~, ~*): bidirectional set-equality between VS paths and VSR
  subroutes, with spacing-duplicate detection
- Prefix (/,^~): existing HasPrefix logic, now normalized

Update all callers to pass []string; standalone ValidateVirtualServerRoute
passes nil (unchanged standalone behaviour).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@javorszky
k8s: refactor buildVirtualServerRoutes for multi-regex VSR support
c489c32 
Refactor buildVirtualServerRoutes into an orchestrator that runs two
passes over the VS route list:

Pass 1 (collectRegexVSRPaths): scan all VS routes for regex paths
referencing named VSRs, grouping normalized paths by VSR key. Spacing-
duplicate paths are warned upfront in detectSpacingDuplicateRegexPaths.
Non-regex VSRs are processed as before in buildNonRegexVSRs.

rejectMixedTypeVSRs removes any VSR referenced by both regex and non-
regex routes from both sets.

Pass 2 (validateAndBuildRegexVSRs): call
ValidateVirtualServerRouteForVirtualServer once per unique regex VSR,
passing the full set of collected VS paths. Only VSRs that pass
validation are included in the output.

deduplicateVSRs ensures a VSR appearing in multiple regex routes is
still included only once.

Update the two non-regex call sites to wrap r.Path in []string{}.

Add TestBuildVirtualServerRoutesMultipleRegex covering: two matching
regex routes, spacing-duplicate warning, orphaned subroute rejection,
uncovered VS path rejection, and mixed-type rejection.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@javorszky
configs: add routing test for VSR with multiple regex subroutes
115c8f7 
Add TestGenerateVirtualServerConfigForVSRWithMultipleRegexSubroutes
to verify that GenerateVirtualServerConfig produces a separate nginx
location block for each regex subroute when a single VSR is referenced
by multiple VS regex routes.

Checks that paths are correctly formatted by generatePath (~/api/v1
becomes ~ "/api/v1") and that each location is tagged IsVSR=true
with the correct VSRName and VSRNamespace.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions bot added bug An issue reporting a potential bug go Pull requests that update Go code labels Apr 14, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 14, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 95.97990% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 55.61%. Comparing base (8b477a5) to head (4cd0692).
⚠️ Report is 9 commits behind head on main.

Files with missing lines Patch % Lines
internal/k8s/configuration.go 95.09% 3 Missing and 2 partials ⚠️
pkg/apis/configuration/validation/virtualserver.go 96.90% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #9621      +/-   ##
==========================================
+ Coverage   55.28%   55.61%   +0.33%     
==========================================
  Files          99       99              
  Lines       19749    19915     +166     
==========================================
+ Hits        10918    11076     +158     
- Misses       8224     8230       +6     
- Partials      607      609       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 14, 2026
edited
Loading

Package Report

Details gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx, 1.29.8-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-module-njs, 1.29.8+0.9.6-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-module-otel, 1.29.8+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-agent, 3.9.0~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx, 1.29.8-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-module-njs, 1.29.8+0.9.6-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-module-otel, 1.29.8+0.1.2-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-agent, 3.9.0~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-agent, 3.9.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus, 36-4~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-njs, 36+0.9.6-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-otel, 36+0.1.2-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-fips-check, 36+0.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-agent, 3.9.0~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-appprotect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect-attack-signatures, 2026.04.15-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect-threat-campaigns, 2026.04.14-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-agent, 2.46.1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-appprotect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect-module-plus, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect-plugin, 6.28.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-agent, 2.46.1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-appprotectdos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect-dos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-appprotect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect-attack-signatures, 2026.04.15-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect-threat-campaigns, 2026.04.14-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-plus-module-appprotectdos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, app-protect-dos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64, nginx-agent, 2.46.1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx, 1.29.8-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-module-njs, 1.29.8.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-module-otel, 1.29.8.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-agent, 3.9.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx, 1.29.8-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-module-njs, 1.29.8.0.9.6-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-module-otel, 1.29.8.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-agent, 3.9.0, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-plus, 36-r4, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-plus-module-njs, 36.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-agent, 3.9.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-plus, 36-r4, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-plus-module-njs, 36.0.9.6-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-plus-module-otel, 36.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-plus-module-fips-check, 36.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine, nginx-agent, 3.9.0, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus, 36-r4, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-njs, 36.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-agent, 3.9.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus, 36-r4, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-njs, 36.0.9.6-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-agent, 3.9.0, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus, 36-r4, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-njs, 36.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-agent, 2.46.1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-appprotect, 36.5.607.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, app-protect, 36.5.607.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, app-protect-attack-signatures, 2026.04.15-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, app-protect-threat-campaigns, 2026.04.14-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus, 36-r4, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-njs, 36.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-agent, 2.46.1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, nginx-plus-module-appprotect, 36.5.607.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, app-protect-module-plus, 36.5.607.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-alpine-fips, app-protect-plugin, 6.28.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx, 1.29.8-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-module-njs, 1.29.8+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-module-otel, 1.29.8+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-agent, 3.9.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx, 1.29.8-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-module-njs, 1.29.8+0.9.6-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-module-otel, 1.29.8+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-agent, 3.9.0-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-agent, 3.9.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus, 36-4.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-agent, 3.9.0-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-appprotect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect-attack-signatures, 2026.04.15-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect-threat-campaigns, 2026.04.14-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-appprotect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect-module-plus, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect-plugin, 6.28.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus, 36-4.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus-module-njs, 36+0.9.6-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus-module-otel, 36+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus-module-fips-check, 36+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus-module-appprotect, 36+5.607.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, app-protect, 36+5.607.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, app-protect-attack-signatures, 2026.04.15-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, app-protect-threat-campaigns, 2026.04.14-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus, 36-4.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus-module-njs, 36+0.9.6-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus-module-otel, 36+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus-module-fips-check, 36+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, nginx-plus-module-appprotect, 36+5.607.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, app-protect-module-plus, 36+5.607.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi8, app-protect-plugin, 6.28.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-appprotectdos, 36+4.8.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect-dos, 36+4.8.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-appprotect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-plus-module-appprotectdos, 36+4.8.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect-attack-signatures, 2026.04.15-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect-threat-campaigns, 2026.04.14-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e7728dcbc6227f1367fbe44ede14fe64-ubi, app-protect-dos, 36+4.8.3-1.el9.ngx, x86_64

javorszky and others added 4 commits April 14, 2026 12:52
@javorszky
validation: reduce cyclomatic complexity of validateVirtualServerRout…
71aa8eb 
…eSubroutes

Extract four independent validation branches into separate methods:
- validateSubroutesStandalone (complexity 4)
- validateSubroutesExact (complexity 3)
- validateSubroutesRegex (complexity 13)
- validateSubroutesPrefix (complexity 6)

The orchestrator is now a simple dispatcher (complexity 7).
All functions are under the 15-complexity lint limit.
No behaviour change; all existing tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@javorszky
Merge branch 'main' into bug/8742-multiple-regex-paths-vsr
bcca64f
@javorszky
Fix a go format issue
6fcfc71
@javorszky
Add comments to exported consts
102b715
@javorszky javorszky marked this pull request as ready for review April 16, 2026 08:39
@javorszky javorszky requested a review from a team as a code owner April 16, 2026 08:39
Copilot AI review requested due to automatic review settings April 16, 2026 08:39
Copilot AI reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends VirtualServer ↔ VirtualServerRoute (VSR) validation and routing so that multiple regex routes in a single VirtualServer can reference the same VSR, and the VSR’s spec.subroutes must match that collected set of regex paths (after normalization).

Changes:

  • Update VSR validation to accept multiple VS route paths and enforce bidirectional set equality for regex path references.
  • Add path normalization utilities and new validation/test coverage for multi-regex VSR usage.
  • Refactor buildVirtualServerRoutes() to group regex VS routes by VSR, validate them in a second pass, and warn on spacing-equivalent regex paths.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
pkg/apis/configuration/validation/virtualserver.go Adds path normalization + refactors VSR subroute validation to support multiple VS regex paths per VSR.
pkg/apis/configuration/validation/virtualserver_test.go Updates existing tests for the new validator signature and adds multi-regex validation cases.
internal/k8s/configuration.go Refactors VSR collection/validation into regex vs non-regex passes; adds normalization warnings and helper utilities.
internal/k8s/configuration_test.go Adds integration-style tests for buildVirtualServerRoutes() behavior with multi-regex VSR references.
internal/configs/virtualserver_routing_test.go Verifies generated nginx locations for a VSR referenced by multiple regex VS routes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pkg/apis/configuration/validation/virtualserver.go Outdated
Comment thread pkg/apis/configuration/validation/virtualserver.go Outdated
Comment thread pkg/apis/configuration/validation/virtualserver.go Outdated
Comment thread internal/k8s/configuration.go Outdated
Comment thread internal/k8s/configuration.go
@javorszky javorszky requested a review from Copilot April 16, 2026 15:21
Copilot AI reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends VirtualServerRoute (VSR) handling so a single VSR can be referenced by multiple regex VirtualServer (VS) routes, with validation enforcing a bidirectional set match between VS regex paths and VSR subroutes (after path normalization).

Changes:

  • Updated VSR validation APIs to accept a batch of VS route paths (vsPaths) and added path normalization helpers for NGINX location modifiers.
  • Added a two-pass VS route build flow: collect/dedupe regex VS→VSR references, validate regex VSRs against the full set of VS paths, and reject mixed regex/non-regex references.
  • Expanded unit tests to cover normalization, multi-regex references, and config generation for multiple regex subroutes.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
pkg/apis/configuration/validation/virtualserver.go Adds path normalization + modifier helpers and updates VSR subroute validation to support multi-regex vsPaths.
pkg/apis/configuration/validation/virtualserver_test.go Updates/expands validator tests to cover multi-path validation and normalization edge cases.
internal/k8s/configuration.go Implements collection/deduping of regex VS route paths per VSR and pass-2 validation/build for regex-referenced VSRs.
internal/k8s/configuration_test.go Adds integration-style tests for multi-regex VSR behavior and updates expected warning paths.
internal/configs/virtualserver_routing_test.go Adds config-generation test ensuring multiple regex subroutes produce multiple NGINX regex locations.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pkg/apis/configuration/validation/virtualserver.go
Comment thread internal/k8s/configuration.go Outdated
@github-actions github-actions bot added the python Pull requests that update Python code label Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

bug An issue reporting a potential bug go Pull requests that update Go code python Pull requests that update Python code

Projects

NGINX Ingress Controller
Status: Todo ☑

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@javorszky