v3.5.0

What's Changed

🚀 Features

• Export Telemetry data to XCDF by @shaun-nx & @jjngx in #4896, #5095, #5147, #5155, #5170, #5176, #5217, #5245, #5237, #5256, #5167 & #5261
• Add NIM Security Dashboard integration for App Protect WAF security violations by @oseoin in #5179 & #5051
• Weight changes Dynamic Reload by @j1m-ryan in #5212
• Add use-cluster-ip annotation for ingress resources by @j1m-ryan in #4862
• Add annotations for controlling request rate limiting by @dbaumgarten in #4660
• Allow securityContext and podSecurityContext to be configurable via helm parameters by @vepatel in #5084
• Update default values for keepalive-requests and keepalive-timeout by @AlexFenlon in #5083
• Update zone size for transportserver resource by @AlexFenlon in #5199

🐛 Bug Fixes

• Move set above rewrite to fix uninitialized variable by @AlexFenlon in #5211
• Initialize stopCh channel for ExternalDNS by @shaun-nx in #5175
• Ensure backup server is removed from upstreams when the Backup Service is deleted by @shaun-nx in #5053

📦 Helm Chart

• Refactor volumes and volumeMounts to common helpers by @oseoin in #5159
• Move common pod label definitions to helpers by @oseoin in #5179
• Agent management and helm configuration by @oseoin in #5188

🧪 Tests

• Update vs backup service tests with retries by @shaun-nx in #4797
• Add ingress rate-limit automation tests by @vepatel in #4919
• Add reload and req./resp. perf tests for ing and vs by @vepatel in #5048
• check pod status before getting logs by @vepatel in #5165
• update external-dns version by @vepatel in #5166
• add metrics logic to perf tests by @vepatel in #5224

🔨 Maintenance

• Fix AWS registry by @lucacome in #4825
• Add trigger for GCP Marketplace repo by @lucacome in #4829
• Report User Agent for Alpine and UBI by @lucacome in #4845
• Update UBI string for new images by @lucacome in #4893
• Update search for base image by @lucacome in #4912
• Add annotations to index and manifest by @lucacome in #5014
• Bump Go version to 1.22.1 by @jjngx in #5208

📝 Documentation

• Rewrite NGINX App Protect WAF Integration Section by @ADubhlaoich in #4726
• Fix and update links in VirtualServer port tutorial by @ADubhlaoich in #4792
• Update docs to include CRD upgrade by @vepatel in #4851
• Update to UBI9 by @oseoin in #4854
• Add rate-limit example by @vepatel in #4907
• Add alpine fips image options to installation docs by @pdabelf5 in #4962
• Fix minor documentation issues based on drift and feedback by @ADubhlaoich in #5011
• Add community page for NIC by @oseoin in #5038
• Fixed validation for VSR exact & regex subroutes by @jo-carter in #4744
• Add missing entries to the documentation catalog. by @Jcahilltorre in #5146
• Added few tips for TCP/UDP Load Balancing by @ssrahul96 in #5117
• Update docs for aplogconf by @vepatel in #5251
• Add support for apLogBundle in WAF policy by @oseoin in #5259
• Documentation on what Telemetry Data is collected + how to opt-in/opt-out by @shaun-nx in #5253

⬆️ Dependencies

97 changes

• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #4779
• Bump the go group with 3 updates by @dependabot in #4803
• Bump golang.org/x/crypto from 0.15.0 to 0.17.0 by @dependabot in #4817
• Bump the actions group with 5 updates by @dependabot in #4815
• Bump the python group in /tests with 4 updates by @dependabot in #4777
• Bump the go group with 3 updates by @dependabot in #4846
• Bump the actions group with 6 updates by @dependabot in #4861
• Bump the docker-images group in /build with 1 update by @dependabot in #4780
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #4840
• Bump the python group in /tests with 2 updates by @dependabot in #4848
• Bump the actions group with 1 update by @dependabot in #4868
• Bump the go group with 2 updates by @dependabot in #4873
• Bump the actions group with 4 updates by @dependabot in #4881
• Bump the go group with 1 update by @dependabot in #4905
• Bump the python group in /tests with 2 updates by @dependabot in #4875
• Bump the actions group with 1 update by @dependabot in #4910
• Bump the go group with 1 update by @dependabot in #4909
• Bump opentracing/nginx-opentracing from 426c2ff to 2e0268d in /build by @dependabot in #4927
• Bump nginx from a59278f to a59278f in /build by @dependabot in #4926
• Bump golang from 4db4aac to fd78f2f in /build by @dependabot in #4928
• Bump the go group with 1 update by @dependabot in #4924
• Bump the python group in /tests with 3 updates by @dependabot in #4923
• Bump the docker-images group in /build with 1 update by @dependabot in #4925
• Bump the actions group with 1 update by @dependabot in #4929
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #4930
• Bump the go group with 5 updates by @dependabot in #4939
• Bump redhat/ubi8 from 1fdb97f to fc88b13 in /build by @dependabot in #4943
• Bump the actions group with 1 update by @dependabot in #4950
• Bump the go group with 1 update by @dependabot in #4949
• Bump the actions group with 2 updates by @dependabot in #4956
• update pytest-html to 4.1.1 by @pdabelf5 in #4959
• Bump the python group in /tests with 2 updates by @dependabot in #4960
• Bump the go group with 1 update by @dependabot in #4971
• Bump the actions group with 2 updates by @dependabot in #4972
• Bump golang from fd78f2f to 51a7800 in /build by @dependabot in #4984
• Bump the actions group with 1 update by @dependabot in #4988
• Bump nginxcontrib/nginx from 4059aff to 4a3e891 in /build by @dependabot in #4992
• Bump redhat/ubi9 from fc300be to 1fafb09 in /build by @dependabot in #4993
• Bump redhat/ubi9-minimal from a340f4b to 582e18f in /build by @dependabot in #4994
• Bump the actions group with 4 updates by @dependabot in #4995
• Bump the python group in /tests with 4 updates by @dependabot in #5000
• Bump the actions group with 1 update by @dependabot in #5001
• Bump the docker-images group in /build with 1 update by @dependabot in #5002
• Bump nginx from a59278f to d12e6f7 in /build by @dependabot in #5003
• Bump golang from 51a7800 to a6a7f1f in /build by @dependabot in #5004
• Bump opentracing/nginx-opentracing from 2e0268d to 2e0268d in /build by @dependabot in #5005
• Bump nginx from d12e6f7 to 5b7ff23 in /build by @dependabot in #5012
• Bump nginx from 5b7ff23 to 156d75f in /build by @dependabot in #5019
• Bump the go group with 1 update by @dependabot in #5022
• Bump the actions group with 5 updates by @dependabot in #5023
• Bump the go group with 1 update by @dependabot in #5034
• Bump nginx from 156d75f to 156d75f in /build by @dependabot in #5028
• Bump redhat/ubi8 from fc88b13 to 23d8dfd in /build by @dependabot in #5029
• Bump the python group in /tests with 7 updates by @dependabot in #5035
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #5037
• Bump the actions group with 6 updates by @dependabot in #5045
• Bump the go group with 1 update by @dependabot in #5055
• Bump the docker-images group in /build with 1 update by @dependabot in #5047
• Bump the actions group with 1 update by @dependabot in #5062
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #5075
• Bump nginx from 156d75f to f2802c2 in /build by @dependabot in #5072
• Bump redhat/ubi8 from 23d8dfd to 627867e in /build by @dependabot in #5073
• Bump opentracing/nginx-opentracing from 2e0268d to 2217e9f in /build by @dependabot in #5074
• Bump the actions group with 4 updates by @dependabot in #5094
• Bump nginx from f2802c2 to f2802c2 in /build by @dependabot in #5087
• Bump the docker-images group in /build with 1 update by @dependabot in #5086
• Bump the go group with 2 updates by @dependabot in #5098
• Bump nginx from db56449 to c84cfc4 in /build by @dependabot in #5106
• Bump opentracing/nginx-opentracing from 2217e9f to 6cdb493 in /build by @dependabot in #5105
• Bump the go group with 5 updates by @dependabot in #5108
• Bump the go group with 2 updates by @dependabot in #5125
• Collect count of VirtualServer, VirtualServerRoute and TransportServer resources by @shaun-nx in #5095
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #5130
• Bump the go group with 1 update by @dependabot in #5132
• Bump redhat/ubi8 from 627867e to bce7e9f in /build by @dependabot in #5148
• Bump cryptography from 42.0.2 to 42.0.4 in /tests by @dependabot in #5152
• Bump the actions group with 8 updates by @dependabot in #5181
• Bump the actions group with 4 updates by @dependabot in #5202
• Bump the go group with 6 updates by @dependabot in #5207
• Bump the docker-images group in /build with 1 update by @dependabot in #5206
• Bump the python group in /tests with 10 updates by @dependabot in #5195
• Add telemetry-exporter dependency & update otel library to latest by @shaun-nx in #5210
• Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot in #5218
• Bump nginx from 6a2f8b2 to 6a2f8b2 in /build by @dependabot in #5240
• Bump the python group in /tests with 9 updates by @dependabot in #5233
• Bump the go group with 3 updates by @dependabot in #5234
• Bump the actions group with 4 updates by @dependabot in #5238
• Bump the docker-images group in /build with 1 update by @dependabot in #5239
• Bump the actions group with 4 updates by @dependabot in #5249
• Bump nginx from 6a2f8b2 to 6a2f8b2 in /build by @dependabot in #5244
• Bump opentracing/nginx-opentracing from 2c40c39 to 435e34d in /build by @dependabot in #5243
• Bump the go group with 4 updates by @dependabot in #5267
• Bump nginx from 6a2f8b2 to 02d8d94 in /build by @dependabot in #5264
• Bump opentracing/nginx-opentracing from 435e34d to 435e34d in /build by @dependabot in #5265
• Bump golang from fc5e584 to 0466223 in /build by @dependabot in #5266
• Bump the python group in /tests with 2 updates by @dependabot in #5263
• Bump the go group with 2 updates by @dependabot in #5272

Other Changes

58 changes

• automate kindest/node versions by @j1m-ryan in #4798
• Add the ability to have Nginx version checks in templates by @oseoin in #4831
• move pod label update to goroutine with retries by @oseoin in #4835
• load test matrix from json file by @pdabelf5 in #4795
• patch base images on container build by @pdabelf5 in #4869
• add immutable binaries to update images workflow by @pdabelf5 in #4879
• ensure latest tag is used for GIT_TAG by @pdabelf5 in #4878
• Put configuration of ldflags closer to top of makefile by @shaun-nx in #4880
• add final job to consolidate the smoke test result by @pdabelf5 in #4885
• add alpine-fips-waf image by @pdabelf5 in #4897
• add alpine-plus-nap-waf-fips to NAP smoke test by @pdabelf5 in #4913
• pin alpine 3.17 to a sha hash by @pdabelf5 in #4918
• Build test image and re-use in Smoke tests by @pdabelf5 in #4946
• Improve formatting of load balance method and ssl_certificate_key in configs by @j1m-ryan in #4958
• remove un-used release draft steps by @pdabelf5 in #4954
• Split version update script by @pdabelf5 in #4961
• switch to using static file for version by @pdabelf5 in #4973
• build test image on the forked workflow by @pdabelf5 in #4990
• Add load to test runner container build for fork flows by @oseoin in #4997
• Build base images for OSS by @oseoin in #4999
• Add missing platforms in base image build by @oseoin in #5017
• trim image sha256 from release update workflow by @pdabelf5 in #5018
• Issue 4837: chore: Rename main_test.go to flags_test.go by @mrajagopal in #5015
• allow waf users to build without dos repo access by @pdabelf5 in #5041
• pin actions to specific commit sha by @pdabelf5 in #5026
• adjust base image concurrency group by @pdabelf5 in #5054
• NAP images agent install by @oseoin in #5051
• change build-test-image workflow concurrency by @pdabelf5 in #5058
• add alpine fips images to all-images make target by @pdabelf5 in #5070
• allow each image to have its own cache by @pdabelf5 in #5080
• add rebuild docker github cache workflow by @pdabelf5 in #5092
• remove architectures not supported in official nginx images by @pdabelf5 in #5102
• bump nginx 1.25.4 sha256 by @pdabelf5 in #5111
• update to nginx 1.25.4 for alpine & opentracing by @pdabelf5 in #5119
• allow ci flow to be called from Actions tab by @pdabelf5 in #5103
• use pre-built base images by @pdabelf5 in #5061
• refactor child process configuration by @oseoin in #5124
• add release marketplace flags by @pdabelf5 in #5129
• treat forked_workflow as a string in ci.yml by @pdabelf5 in #5131
• extract the first image tag to pass to Trivy by @pdabelf5 in #5153
• run gofumpt & goimports by @pdabelf5 in #5162
• Disable line-length check for md files by @danielnginx in #5172
• Ignore lint errors about package comments by @pdabelf5 in #5178
• address gosec lint issues by @pdabelf5 in #5183
• Update telemetry data types from int to int64 by @shaun-nx in #5185
• address further lint issues by @pdabelf5 in #5186
• refactor base image generation on main CI flow by @pdabelf5 in #5187
• nap modules base image by @pdabelf5 in #5197
• adjust forked workflow logic for push events by @pdabelf5 in #5222
• Update collector to use common data types from telemetry-exporter by @shaun-nx in #5198
• ExternalDNS controller should handle errors registering the EventHandler by @pdabelf5 in #5190
• fix for building images in fork workflow by @pdabelf5 in #5225
• copy templates when using pre-built images by @pdabelf5 in #5231
• Revert "ExternalDNS controller should handle errors registering the EventHandler" by @pdabelf5 in #5236
• make md5 logic centralised by @pdabelf5 in #5248
• os patch ubi9 image by @pdabelf5 in #5252
• allow to choose previous nic/chart version (#5276) by @pdabelf5 in #5277
• remove gcr marketplace publish step by @pdabelf5 in #5310

New Contributors

• @dbaumgarten made their first contribution in #4660
• @jo-carter made their first contribution in #4744
• @AlexFenlon made their first contribution in #5083
• @ssrahul96 made their first contribution in #5117

Full Changelog: v3.4.3...v3.5.0

Upgrade

• For NGINX, use the v3.5.0 images from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
• For NGINX Plus, use the v3.5.0 images from the F5 Container registry, the AWS Marketplace, the GCP Marketplace or build your own image using the v3.5.0 source code.
• For Helm, use version 1.2.0 of the chart.

Resources

• Documentation -- https://docs.nginx.com/nginx-ingress-controller/
• Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.0/examples
• Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.0/charts/nginx-ingress
• Operator -- https://github.com/nginxinc/nginx-ingress-helm-operator