Releases: nginx/kubernetes-ingress
Releases · nginx/kubernetes-ingress
v3.1.0
What's Changed
🚀 Features
- Reseting default TLS settings and making them optional by @jasonwilliams14 in #3302
- feat: Enable keepalive-time for healthchecks in VS and VSR by @ciarams87 in #3451
- Support empty path for ImplementationSpecific pathType by @ciarams87 in #3507
- Use new NSM Spiffe and Cert rotation library by @avahahn in #3482
- feat: Add initial support for SSL termination for TransportServer by @ciarams87 in #3462
- App Policy Bundle by @jjngx in #3560
- Prometheus tls path by @shaun-nx in #3615
- Push edge Helm Chart to OCI registries by @lucacome in #3581
- Use the "runtime default" seccomp profile by @sigv in #3629
- Remove app protect agent by @jjngx in #3646
🐛 Bug Fixes
- Support non-vs created Challenge Ingress by @ciarams87 in #3463
- Move logic for
-enable-leader-electionflag in helm templates by @shaun-nx in #3475 - Add missing OSS internal routes by @chase-kiefer in #3481
- Ensure non-ready endpoints are not added to upstreams by @shaun-nx in #3541
- Update keyCache path for JWKs to avoid conflict with OIDC by @shaun-nx in #3583
- Update proxy cache zone name by @shaun-nx in #3604
- set Content-Length "" for jwks uri and enable test by @vepatel in #3607
- remove unwanted chars from label value by @vepatel in #3660
📦 Helm Chart
- Allow extra args to be provided to the OIDC auth endpoint by @alanwilkie-finocomp in #3034
- Correct values.schema.json nodeSelector by @coolbry95 in #3449
- Fix Helm Chart Schema for priorityClassName by @lucacome in #3448
- Add websocket protocol option to monitor directive by @pasmant in #3442
- Add support for custom environment variables on the Nginx Controller container by @AaronShiels in #3326
- fix: Add OnDelete to allowed strategy values by @ciarams87 in #3519
- fix: controller.topologySpreadConstraints schema by @marcuz in #3527
- add pod disruption budget for ingress controller by @coolbry95 in #3248
- Update schema references to k8s v1.26.1 by @lucacome in #3537
- Update docs in main for Release 3.0.2 (#3547) by @ciarams87 in #3557
- chore: Add new label and metadata to pod by @ciarams87 in #3586
- Rework port binding logic without privileges by @sigv in #3573
- Fix Helm Chart labels and templates. Move version update to labels by @lucacome in #3606
- Configure IC root filesystem as read-only by @sigv in #3548
- feat: Add access token support in the OIDC by @shawnhankim in #3474
- Update nginx.org/ca secret type & crl field to IngressMTLS to support CRL by @shaun-nx in #3632
- Move NAP DoS chart to new repo by @lucacome in #3674
🧪 Tests
- DoS Status by @pasmant in #3379
- Move test containers to separate repo by @lucacome in #3454
- Add tests for jwt jwksuri by @vepatel in #3511
- make changes to req type and parameters by @vepatel in #3528
- Format shell scripts by @lucacome in #3590
- skip jwksuri test by @vepatel in #3612
- Add SBOMs for Docker images by @lucacome in #3627
- fix: Requeue DNSEndpoint request when create fails with already exists error by @ciarams87 in #3637
🔨 Maintenance
- Update workflow for UBI image by @lucacome in #3435
- Update packages for CVEs by @lucacome in #3447
- Fix dependabot for test deps and run checks weekly by @lucacome in #3452
- Fix dependabot for test by @lucacome in #3456
- chore: Output of gofumpt and remove deprecated reference by @ciarams87 in #3464
- Remove sync with internal repo by @lucacome in #3467
- Add missing file to update IC version for release by @haywoodsh in #3438
- Update package for CVE-2022-44617 by @lucacome in #3484
- Sync only once a week by @lucacome in #3494
- Remove tests from Docker update by @lucacome in #3485
- Change flow in CI workflow by @lucacome in #3505
- Only add the test container to cache once by @lucacome in #3518
- Update packages for CVE-2023-0286 by @lucacome in #3536
- Decouple UBI images for Plus and NAP by @lucacome in #3540
- Update labels and issue docs by @lucacome in #3553
- Replace deprecated command with environment file by @jongwooo in #3576
- Add detect-private-key to pre-commit by @lucacome in #3589
- Remove libcap by @lucacome in #3616
- Remove strict permissions for Helm in CI by @lucacome in #3648
- Add workaround for using latest UBI 8 for NAP by @lucacome in #3647
- Add Contributing Guidelines to bot response by @lucacome in #3652
- Don't use blocking status check by @lucacome in #3664
- PRs with docs changes appear in their own sections in changelog by @haywoodsh in #3437
📝 Documentation
- Release 3.0.0 (#3429) by @lucacome in #3434
- Add documentation for the Helm Operator OOM issue by @haywoodsh in #3470
- Correct typo in JWKS documentation by @haywoodsh in #3466
- Document and make public new issue lifecycle by @tomasohaodha in #3465
- clarify deep service insight by @brianehlert in #3453
- Release 3.0.1 by @lucacome in #3483
- Fix helm values to match chart value by @jasonwilliams14 in #3497
- docs: Hugo theme February 23 update by @ADubhlaoich in #3532
- fix: Add missing directory to NGINX App Protect DoS Instructions by @ADubhlaoich in #3605
- feat: Fix instruction link for NGINX Ingress Helm Operator by @ADubhlaoich in #3596
- Update service-insight.md to fix helm parameter typo by @aknot242 in #3654
- Add documentation for read-only root filesystem by @vepatel in #3661
- Add WAF Bundle example by @jjngx in #3656
- Revert "Add WAF Bundle example (#3656)" by @jjngx in #3677
- Release 3.1.0 by @shaun-nx in #3685
⬆️ Dependencies
Details
- Bump docker/metadata-action from 4.1.1 to 4.2.0 by @dependabot in #3425
- Bump urllib3 from 1.26.13 to 1.26.14 in /tests by @dependabot in https://github.com/ngi...
Contributors
lucacome, marcuz, and 21 other contributors
Assets 13
v3.0.2
What's Changed
🐛 Bug Fixes
- fix: Add OnDelete to allowed strategy values by @ciarams87 in #3519
- Ensure non-ready endpoints are not added to upstreams by @shaun-nx in #3541
- fix: controller.topologySpreadConstraints schema by @marcuz in #3527
📝 Documentation
- Release 3.0.2 by @shaun-nx in #3547
- Update Operator docs by @ciarams87 in #3513
- docs: Hugo theme February 23 update (#3532) by @ADubhlaoich in #3533
🔨 Maintenance
⬆️ Dependencies
- Update package for CVE-2022-47629 by @lucacome in #3550
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3526
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.1 to 1.14.2 by @dependabot in #3525
- Bump sigs.k8s.io/controller-tools from 0.11.2 to 0.11.3 by @dependabot in #3524
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.10 to 1.18.12 by @dependabot in #3523
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3506
- Bump sigs.k8s.io/controller-tools from 0.11.1 to 0.11.2 by @dependabot in #3504
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.9 to 1.18.10 by @dependabot in #3490
- Bump google.golang.org/grpc from 1.52.1 to 1.52.3 by @dependabot in #3489
Full Changelog: v3.0.1...v3.0.2
Upgrade
- For NGINX, use the v3.0.2 image from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v3.0.2 image from the F5 Container registry or the AWS Marketplace or build your own image using the v3.0.2 source code.
- For Helm, use version 0.16.2 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.2/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.2/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-operator/
New Contributors
Contributors
lucacome, marcuz, and 5 other contributors
Assets 13
v3.0.1
What's Changed
🐛 Bug Fixes
- Support non-vs created Challenge Ingress by @ciarams87 in #3463
- Add missing OSS internal routes by @chase-kiefer in #3481
- Fix Helm Chart Schema for priorityClassName by @lucacome in #3448
- Correct values.schema.json nodeSelector by @coolbry95 in #3449
📝 Documentation
- clarify deep service insight by @brianehlert in #3453
- Release 3.0.1 by @lucacome #3483
🔨 Maintenance
- Update packages for CVEs by @lucacome in #3447
- Update package for CVE-2022-44617 by @lucacome #3484
⬆️ Dependencies
- Bump k8s.io/client-go from 0.26.0 to 0.26.1 by @dependabot in #3458
- Bump k8s.io/code-generator from 0.26.0 to 0.26.1 by @dependabot in #3461
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.0 to 1.14.1 by @dependabot in #3476
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.8 to 1.18.9 by @dependabot in #3477
- Bump google.golang.org/grpc from 1.52.0 to 1.52.1 by @dependabot in #3478
Full Changelog: v3.0.0...v3.0.1
Upgrade
- For NGINX, use the v3.0.1 image from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v3.0.1 image from the F5 Container registry or the AWS Marketplace or build your own image using the v3.0.1 source code.
- For Helm, use version 0.16.1 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.1/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.1/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-operator/
Contributors
lucacome, brianehlert, and 4 other contributors
Assets 13
v3.0.0
What's Changed
🚀 Features
- Add JSON Schema for Helm Chart by @lucacome in #3113
- add caseSensitiveHttpHeaders to appolicy crd by @galitskiy in #3133
- Add annotations for deployment and daemonset by @jasonwilliams14 in #3143
- Support default client proxy headers to be overwritten in VirtualServer by @centromere in #2735
- feature: Support Dynamic namespaces using Labels by @ciarams87 in #3299
- Deep service insight endpoint by @haywoodsh in #3261
- Add healthcheck for transport server by @jjngx in #3361
- Import JWKS from URL on JWT policy by @haywoodsh in #3347
💣 Breaking Changes
🐛 Bug Fixes
- Remove all IPV6 listeners in ingress resources with -disable-ipv6 command line by @haywoodsh in #3139
- Update script logic for validating tag by @shaun-nx in #3237
- Fix git command to retrieve commit matching the tag by @lucacome in #3239
📝 Documentation
- Merge release 2.4 to
mainby @lucacome in #3128 - Re-order and adjust custom resource headings for installation via manifest by @ADubhlaoich in #3141
- Add OpenSSF Scorecard Github Action and Badge by @lucacome in #3132
- Add controller.dnsPolicy to the helm chart by @wd in #3136
- Fix typo in Action.Proxy.ResponseHeaders by @tomasohaodha in #3157
- feat: October/22 f5-hugo theme bump by @ADubhlaoich in #3182
- Helm Chart: Add annotations to the service account in the Helm chart by @0m1xa in #3065
- fix: fix 2 broken links by @Jcahilltorre in #3211
- Use
nginxcontrib/nginxas base image for UBI by @lucacome in #2845 - Docs for 2.4.1 (#3184) by @ciarams87 in #3194
- Run pre-commit to fix whitespaces/newlines by @lucacome in #3223
- Watch subset of namespaces for secrets by @hafe in #3170
- feat: F5-hugo Theme bump - November by @ADubhlaoich in #3263
- Fix typos and links version by @lucacome in #3264
- add missing controller.config.annotation docs by @coolbry95 in #3285
- Add pytest command line option to skip resource teardown by @vepatel in #3291
- Allow configuration of
map-hash-bucket-sizeandmap-hash-max-sizedirectives by @shaun-nx in #3274 - add horizontalpodautoscaler by @coolbry95 in #3276
- Bump NGINX Plus to R28 by @ciarams87 in #3320
- Release 2.4.2 (#3323) by @ciarams87 in #3331
- Set value of
$remote_addrto client IP when TLSPassthrough and Proxy Protocol are enabled by @shaun-nx in #3341 - NSM OSS integration by @chase-kiefer in #3376
- fix: update github url for app-protect-waf by @Jcahilltorre in #3412
- feat: Fix minor issues, add docs contribution quickstart. by @ADubhlaoich in #3337
- Release 3.0.0 by @jjngx in #3429
🧪 Tests
- Update helloworld grpc generated file by @lucacome in #3220
- Run pre-commit to fix whitespaces/newlines in tests by @lucacome in #3226
- Run pre-commit hooks to fix python test imports by @lucacome in #3221
- Add automated tests for -watch-secret-namespace by @vepatel in #3245
- Move Docker build into reusable workflows, add NAP WAF by @lucacome in #3250
- Tests/flakiness tests ci kind by @vepatel in #3266
- Add more 502 checks for test backends by @vepatel in #3275
- Add retry mechanism for 502s by @vepatel in #3298
- Add hashes to python deps by @lucacome in #3305
- Add comments to requirements.txt by @lucacome in #3382
🔨 Maintenance
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #3134
- Add make target for running staticcheck locally by @jjngx in #3110
- Push NAP DoS image to AWS Marketplace by @lucacome in #3131
- Restore pushing
edgefor Plus images by @lucacome in #3162 - Add CODEOWNERS by @lucacome in #3151
- Run CI for docs changes by @lucacome in #3163
- Update test action by @lucacome in #3189
- Add pre-commit configuration by @lucacome in #2154
- Fix Makefile var overrides (#3224) by @hafe in #3225
- Unwrap error by @lucacome in #3234
- Remove unnecessary arg in generateTransportServerHealthCheckWithDefaults by @lucacome in #3236
- Always print build info, add flags used by @lucacome in #3231
- Remove ineffective break by @lucacome in #3235
- Add context to http calls by @lucacome in #3233
- Refactor watchers - Create separate type for namespaced informers by @ciarams87 in #3238
- Run golangci-lint in pre-commit only for changed files by @lucacome in #3247
- Add linter for GitHub Actions by @lucacome in #3251
- Update packages for CVEs by @lucacome in #3258
- Drop support for k8s < 1.21 by @lucacome in #3252
- Update minimum version in k8s version check by @ciarams87 in #3265
- fix: Pin ubi8 image to unblock nap ubi builds by @ciarams87 in #3267
- Bump GitHub runner to Ubuntu 22.04 by @lucacome in #3273
- Add NAP builds for UBI by @lucacome in #3272
- Remove version check in controller-service.yaml by @lucacome in #3282
- Update Helm Chart JSON Schema by @lucacome in #3283
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3289
- Update Scorecards workflow by @lucacome in #3290
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #3286
- [StepSecurity] Apply security best practices by @step-security-bot in #3292
- Add notifications for Build workflows by @lucacome in #3304
- Add label for Helm Chart by @lucacome in #3284
- Fix for CVE-2022-42898 by @ciarams87 in #3322
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3315
- Fix conditions for Docker build and cache name by @lucacome in #3340
- Restore versioned repo by @lucacome in #3348
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3362
- Add k8s 1.25 to the nightly matrix by @lucacome in #3359
- [pre-com...
Contributors
wd, centromere, and 18 other contributors
Assets 13
v2.4.2
What's Changed
🚀 Features
- Update NGINX Plus version to R28.
- Update NGINX App Protect WAF version to 4.0.
- Update NGINX App Protect DoS version to 3.1.
📝 Documentation
- Docs: fix proxy protocol link by @ciarams87 in #3193
- Fix helm version in docs by @lucacome in #3192
- Fix typo in command line arguments by @lucacome in #3259
- feat: Cherry pick link fix from main branch by @ADubhlaoich in #3269
- Bump NGINX Plus to R28 in r-2.4 by @ciarams87 in #3321
- Release 2.4.2 by @ciarams87 in #3323
- feat: October/22 f5-hugo theme bump by @ADubhlaoich in #3191
- feat: cherry pick F5 theme bump by @ADubhlaoich in #3268
Full Changelog: v2.4.1...v2.4.2
Upgrade
- For NGINX, use the v2.4.2 image from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v2.4.2 image from the F5 Container registry or the AWS Marketplace or build your own image using the v2.4.2 source code.
- For Helm, use version 0.15.2 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.2/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.2/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-helm-operator/
Contributors
lucacome, ADubhlaoich, and ciarams87
Assets 13
v2.4.1
What's Changed
🐛 Bug Fixes
- Chery Pick #3139 #3157 by @haywoodsh in #3180
📝 Documentation
- docs: Release note fix by @ciarams87 in #3126
- Fix small typo in batch reload docs by @aknot242 in #3127
- Release 2.4.1 by @jjngx in #3184
🔨 Maintenance
⬆️ Dependencies
- Update Go dependencies - 2.4 by @lucacome in #3175
- Update packages for CVEs - 2.4 by @lucacome in #3176
- Update NGINX version to 1.23.2 by @jjngx in #3183
Full Changelog: v2.4.0...v2.4.1
Upgrade
- For NGINX, use the v2.4.1 image from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v2.4.1 image from the F5 Container registry or the AWS Marketplace or build your own image using the v2.4.1 source code.
- For Helm, use version 0.15.1 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v2.4.1/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-operator/
Contributors
lucacome, aknot242, and 3 other contributors
Assets 13
v1.12.5
What's Changed
📝 Documentation
🔨 Maintenance
- Update build containers to 1.17 by @lucacome in #2611
- Add CODEOWNERS - 1.12 by @lucacome in #3178
- Release 1.12.5 by @lucacome in #3186
⬆️ Dependencies
Full Changelog: v1.12.4...v1.12.5
Upgrade
- For NGINX, use the v1.12.5 image from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v1.12.5 image from the F5 Container registry or the AWS Marketplace or build your own image using the v1.12.5 source code.
- For Helm, use version 0.10.5 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.5/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.5/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-operator/
Contributors
lucacome
Assets 13
v2.4.0
What's Changed
🚀 Features
- replace glog with forked version to include years by @haywoodsh in #2876
- Add ServiceMonitor to Helm Chart by @araineUnity in #2831
- Feature/flag include year by @shaun-nx in #2884
- feat: Support watching multiple namespaces by @ciarams87 in #2914
- Support new directive for dos: app_protect_dos_arb_fqdn by @pasmant in #2745
- Add support for wildcard hostname in VirutalServer by @shaun-nx in #2939
- Add initialDelaySeconds to helm charts by @aknot242 in #2854
- Accept proxy protocol when TLS passthrough enabled by @haywoodsh in #2993
- Allow to specify image with digest in helm chart by @hafe in #2979
- adding automountServiceAccountToken to helm chart by @jasonwilliams14 in #3031
- Add command line argument to manually disable IPV6 listeners for unsupported clusters by @haywoodsh in #3040
- Feat/ignore helm secrets by @shaun-nx in #3088
- Feat/transport server external name by @jjngx in #3041
🐛 Bug Fixes
- fix: Correct error message on missing path in path validation by @zachomedia in #2971
- do not create configmap is customConfigMap is used by @coolbry95 in #3095
- Fix helm chart issue when set controller.strategy by @wd in #3106
- Optimise path validation by @haywoodsh in #3094
- Update helm rbac template for watch-ns by @vepatel in #3122
📝 Documentation
- Fix the docs for nginxReloadTimeout cli arg by @pleshakov in #2835
- fix spec.policy example to use a map by @TuxInvader in #2843
- Merge
release-2.3tomainby @lucacome in #2844 - fix: fix 2 broken links to NAP and NAP DoS docs by @Jcahilltorre in #2868
- Add missing minReadySeconds & strategy chart values in Helm Installation documentation by @aknot242 in #2853
- NGINX Ingress with Istio Service Mesh document by @jasonwilliams14 in #2768
- Bump f5-theme to v0.22.1 for main by @travisamartin in #2910
- docs: Update release notes with note on CVE by @ciarams87 in #2911
- Remove "new" & redundant text, add "recommended" by @jnewfield in #2938
- fix: update footer for NMS by @Jcahilltorre in #2937
- NGINX Ingress Controller Configuration guide update by @rranghar in #2864
- Make GitHub Checks more readable for CI by @lucacome in #2961
- docs: Reorganise examples by @ciarams87 in #2871
- docs: Fix links in the NAP config doc in main by @ciarams87 in #2983
- Document how the IC reloads NGINX by @pleshakov in #2836
- chore: Batch reloads runtime by @ciarams87 in #2986
- Fix typo in anchor link by @tomasohaodha in #3013
- Add docs for NAP DoS images by @lucacome in #3023
- Add lifecycle for controller container to helm chart by @coolbry95 in #3005
- feat: F5-hugo theme September bump by @Jcahilltorre in #3067
- feat: F5-hugo theme September bump (cherrypick) by @Jcahilltorre in #3071
- Add customConfigMap to helm charts by @coolbry95 in #3003
- Merge branch 'release-2.3' into main by @lucacome in #3084
- Add
helloworld.protoand re-generate files by @lucacome in #3091 - Remove deprecated kubernetes.io/ingress.class from examples by @lucacome in #3029
- chore: Allow omitting the default server secret from Helm installs by @ciarams87 in #3087
- Add
ARCHin Makefile, make Dockerfile more compatible with podman by @lucacome in #3102 - Apdoslogconf will warning case format is not splunk by @pasmant in #2991
- Release 2.4.0 by @shaun-nx in #3109
🧪 Tests
- Allow multiple markers in tests by @lucacome in #2874
- segregate IC and custom resources fixtures by @vepatel in #2908
- tests: Remove unnecessary library from tests by @ciarams87 in #2925
- Add isort and Black by @lucacome in #2929
- Add pod perf checks for multiple namespaces by @vepatel in #2934
- remove repeat test and add wait_and_assert by @vepatel in #2984
- Bump grpcio from 1.47.0 to 1.48.1 in /tests by @dependabot in #3008
- Bump locust from 2.11.1 to 2.12.0 in /perf-tests by @dependabot in #3021
- Bump certifi from 2022.6.15 to 2022.6.15.1 in /tests by @dependabot in #3028
- Bump certifi from 2022.6.15 to 2022.6.15.1 in /perf-tests by @dependabot in #3027
- Bump certifi from 2022.6.15.1 to 2022.9.14 in /tests by @dependabot in #3042
- Bail tests on test fixture setup error by @jjngx in #3037
- Bump grpcio from 1.48.1 to 1.49.0 in /tests by @dependabot in #3052
- Bump certifi from 2022.6.15.1 to 2022.9.14 in /perf-tests by @dependabot in #3043
- Add Helm test for Plus by @lucacome in #3064
- Improve NAP DoS tests by @pasmant in #2996
- Change timeout for attack ended by @pasmant in #3072
- Bump kindest/node from v1.25.0 to v1.25.1 in /tests/docker by @dependabot in #3068
- Bump locust from 2.12.0 to 2.12.1 in /perf-tests by @dependabot in #3073
- Bump grpcio from 1.49.0 to 1.49.1 in /tests by @dependabot in #3078
- Update containers in examples and tests by @lucacome in #3082
- Bump kindest/node from v1.25.1 to v1.25.2 in /tests/docker by @dependabot in #3089
- chore: Revert change to gitlab branch ref by @ciarams87 in #3093
- Change AppProtect warning message by @vepatel in #3096
- Bump pyopenssl from 22.0.0 to 22.1.0 in /tests by @dependabot in #3098
- Bump certifi from 2022.9.14 to 2022.9.24 in /perf-tests by @dependabot in #3099
- Bump certifi from 2022.9.14 to 2022.9.24 in /tests by @dependabot in #3100
- add canary header and update ap waf log pod by @vepatel in #3116
🔨 Maintenance
- Remove OpenTracing images in Updater by @lucacome in #2837
- Update path for CRD generation to include all by @lucacome in #2846
- fix: Change alpine version grab to include a colon in the updater by @ciarams87 in #2848
- Bump kind 1.21 and 1.22, add 1.23 by @lucacome in #2842
- Try to only include separators when necessary (#2766) by @jsoref in #2767
- Update Go lib for CVE-2022-29526 by @lucacome in #2878
- Use go-version-f...
Contributors
wd, lucacome, and 21 other contributors
Assets 13
v2.3.1
What's Changed
📝 Documentation
- fix: fix 2 broken links to NAP and NAP DoS docs by @Jcahilltorre in #2869
- Bump f5-theme to v0.22.1 for release-2.3 branch by @travisamartin in #2909
- fix: update footer for NMS by @Jcahilltorre in #2936
- NGINX Ingress Controller Configuration guide update (#2864) by @ciarams87 in #2950
- docs: Fix links in the NAP config doc by @ciarams87 in #2982
- docs: Fix typo in anchor link (#3013) by @ciarams87 in #3020
- Add docs for NAP DoS images by @lucacome in #3050
- Release 2.3.1 by @ciarams87 in #3047
🔨 Maintenance
- Cherry pick #3031 by @ciarams87 in #3046
- Add labeler to release-2.3 by @lucacome in #3051
⬆️ Dependencies
Full Changelog: v2.3.0...v2.3.1
Upgrade
- For NGINX, use the v2.3.1 image from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v2.3.1 image from the F5 Container registry or the AWS Marketplace or build your own image using the v2.3.1 source code.
- For Helm, use version 0.14.1 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.1/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-operator/
Contributors
lucacome, ciarams87, and 2 other contributors
Assets 13
v2.3.0
What's Changed
🚀 Features
- Add runAsNonRoot in deployments by @lucacome in #2583
- Add container resource requests by @lucacome in #2484
- Add OpenTracing to all Debian and Alpine based images by @lucacome in #2581
- Update InternalRoute server_name by @sjberman in #2627
- Add support for allocateLoadBalancerNodePorts, ipFamilyPolicy and ipFamilies by @centromere in #2418
- Add handling of multiple log destinations by @rafwegv in #2328
- Add minReadySeconds & strategy support by @cmk-pcs in #2672
- AP: log-conf escaping chars by @rafwegv in #2691
- allow configuring topologySpreadConstraints in Helm chart by @kdomanski in #2625
- Add string sanitisation for proxy-pass-headers & proxy-hide-headers by @shaun-nx in #2730
- Add additional unit tests to confirm special characters can't be used in the lb-method annotation by @shaun-nx in #2742
- Add string validation to server-tokens annotation by @shaun-nx in #2733
- Validate rewrite annotation by @haywoodsh in #2734
- Validate JWT key, realm and login url for ingress resources annotations by @haywoodsh in #2754
- Add string validation to sticky-cookie-services annotation by @shaun-nx in #2751
- Add validation to Ingress path by @shaun-nx in #2775
- Sanitize nginx.com/jwt-token by @haywoodsh in #2774
- feat: add support for HTTP01 Challenges on VirtualServer resources by @ciarams87 in #2759
- feat: Report Hostname in ExternalEndpoint for VS and VSR resources by @ciarams87 in #2781
- Add external DNS endpoint CRD by @jjngx in #2762
- Update validation regex for path spec by @shaun-nx in #2783
- Add SBOMs to release by @lucacome in #2801
- HTTP basic auth support by @svvac in #2269
- feat: Integrate ExternalDNS with VirtualServer resources by @ciarams87 in #2800
🐛 Bug Fixes
- Fix Dockerfile for amd64 microarchitectures by @lucacome in #2617
- Fix typo in documentation by @haywoodsh in #2624
- Add terminationGracePeriodSeconds to deployment by @maksym-iv in #2637
- Update codegen and fix check by @lucacome in #2663
- Sync changes from OIDC repo, add field in policy by @lucacome in #2654
- Fix status.loadbalancer.hostname deletion on OOMKill by @hvoigt in #2673
- Fix cases where CM enabled but no TLS block specified in VS by @ciarams87 in #2718
- Fix CVE-2022-1664 by @ciarams87 in #2722
- Update openssl libraries in debian images by @ciarams87 in #2797
- Fix the latest CVES by @ciarams87 in #2834
📝 Documentation
- Add Slack to contacts and update link by @lucacome in #2613
- Report expected controller by @jsoref in #2642
- Update OIDC example note for IPv6 by @brianehlert in #2653
- Upload Docker images to Quay.io by @lucacome in #2665
- Correct spelling mistakes by @jsoref in #2645
- Fix typo in the documentation. by @thresheek in #2683
- Update docs to reflect DNS01 Issuer support by @ciarams87 in #2666
- Release 2.2.2 to main by @lucacome in #2720
- Update operator docs for latest release by @ciarams87 in #2752
- docs: Add missing doc update by @ciarams87 in #2782
- Validation for App Protect ingress annotations by @haywoodsh in #2793
- Bump NGINX Plus to R27 by @lucacome in #2799
- docs: Create real examples for basic auth by @ciarams87 in #2811
- Update readme by @shaun-nx in #2825
- Update images versions by @lucacome in #2838
🧪 Tests
- tests: Change error string check in openapi spec tests by @ciarams87 in #2794
- Record error and continue running tests by @jjngx in #2803
🔨 Maintenance
- Update updater for 2.2.0 by @lucacome in #2600
- Use new format for images metadata by @lucacome in #2657
- Warn about unhandled arguments by @jsoref in #2641
- Don't run some workflows on forks by @lucacome in #2715
- Use
NGINX_PLUS_VERSIONin the repo for Alpine and UBI by @lucacome in #2741 - Use Go build info from the binary by @lucacome in #2740
- Refactor main.go by @ciarams87 in #2763
- Automatically close milestone on release by @lucacome in #2810
⬆️ Dependencies
- Bump aquasecurity/trivy-action from 0.2.3 to 0.2.4 by @dependabot in #2612
- Update packages for CVE-2022-1271 by @lucacome in #2619
- Bump k8s.io/code-generator from 0.23.5 to 0.23.6 by @dependabot in #2620
- Bump aquasecurity/trivy-action from 0.2.4 to 0.2.5 by @dependabot in #2615
- Bump k8s.io/client-go from 0.23.5 to 0.23.6 by @dependabot in #2622
- Update packages for CVE-2022-22576 by @lucacome in #2644
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.3 to 1.13.4 by @dependabot in #2634
- Bump pytest from 7.1.1 to 7.1.2 in /tests by @dependabot in #2631
- Bump github/codeql-action from 1 to 2 by @dependabot in #2630
- Bump github.com/aws/aws-sdk-go-v2/config from 1.15.3 to 1.15.4 by @dependabot in #2633
- Bump pytest from 7.1.1 to 7.1.2 in /perf-tests by @dependabot in #2632
- Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #2636
- Bump grpcio from 1.45.0 to 1.46.0 in /tests by @dependabot in #2646
- Bump grpcio-tools from 1.45.0 to 1.46.0 in /tests by @dependabot in #2647
- Update go-spiffe to v2 by @sjberman in #2652
- Update cert-manager by @lucacome in #2656
- Bump docker/setup-qemu-action from 1 to 2 by @dependabot in #2661
- Bump docker/login-action from 1 to 2 by @dependabot in #2660
- Bump docker/metadata-action from 3 to 4 by @dependabot in #2658
- Bump docker/setup-buildx-action from 1 to 2 by @dependabot in #2659
- Bump docker/build-push-action from 2 to 3 by @dependabot in #2662
- Bump more-itertools from 8.12.0 to 8.13.0 in /tests by @dependabot in #2667
- Update packages for CVE-2022-27404 by @lucacome in #2669
- Bump kubernetes from 23.3.0 to 23.6.0 in /tests by @dependabot in #267...
Contributors
svvac, hvoigt, and 16 other contributors