Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0
Fix regression in validating webhook when the ingress controller is installed in Kubernetes v1.18
Changes:
- #4271 Add support for multi-arch images
- #5429 Update krew plugin configuration
- #5430 Use github actions to create releases and krew plugin assets
- #5432 Allow releases from a github action
- #5433 Avoid removal of index.yaml file
- #5434 Disable PR against krew repository
- #5436 Disable github release action
- #5439 Change action order
- #5453 Ensure alpine packages are up to date
- #5456 Case-insensitive TLS host matching
- #5459 Refactor ingress validation in webhook
- #5461 Fix helper for defaultbackend name
- #5462 Remove noisy dns log
- #5469 Changes on services must trigger a sync event
- #5472 Update admission webhook image
- #5474 Add install command for Digital Ocean
- #5476 Fix chart missing default backend name
- #5481 fix first backend sync
- #5483 Fix chart maxmindLicenseKey location
- #5484 Only load docker images in kind worker nodes
Documentation:
- #5404 update the helm v3 install way
- #5435 Fix deployment links
- #5438 Update chart instructions
- #5460 fix(Chart): Mismatch between README.md and values.yml (defaultBackend.enabled)
- #5465 Update helm v2 installation instructions
- #5468 Update admission webhook annotations
- #5479 Remove obsolete default backend settings
- #5480 docs(changelog): fix typo
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.31.1
Fix regression in validating webhook
- #5445 Ensure webhook validation ingress has a PathType
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.31.0
New Features:
- NGINX 1.17.10
- OpenSSL 1.1.1g - CVE-2020-1967
- OCSP stapling
- Helm chart stable/nginx-ingress is now maintained in the ingress-nginx repository
- Support for custom Maxmind GeoLite2 Databases flag --maxmind-edition-ids
- New PathType and IngressClass fields. Requires Kubernetes v1.18 or higher
- Enable configuration of lua plugins using the configuration configmap
- Go 1.14
Changes:
- #4632 run lua plugin tests
- #4958 Add a forwarded protocol map for included x-forwarded-proto.
- #4981 Applying proxy-ssl-* directives on locations only
- #5131 Add request handling performance dashboard
- #5133 Lua OCSP stapling
- #5157 Added limit-rate annotation test
- #5158 Fix push task
- #5159 Start migration of helm chart
- #5160 Fix e2e test run.sh
- #5165 Use local chart directory for dev-env and e2e tests
- #5166 proxy_ssl_name support
- #5169 Cleanup e2e directory
- #5170 Update go dependencies
- #5171 Sync chart PR #20984
- #5172 Add script to check helm chart
- #5173 Update go to 1.14
- #5174 Update e2e image
- #5175 Migrate the backends handle logic to function
- #5178 Adding annotations support to helm chart configmaps
- #5181 Fix public function comment
- #5182 Update go mod for 1.14
- #5183 Remove unused docker file
- #5185 [helm chart] Use recommended labels and label helpers
- #5190 Refactored test/e2e/annotations/proxy.go
- #5192 Update helm templates to match new chart name
- #5194 I found a typo :)
- #5201 Added TC for proxy connect, read, and send timeout
- #5202 Refactored client body buffer size TC-s.
- #5204 Cleanup chart code
- #5205 Add OWNERS file for helm chart
- #5207 [helm chart] Hardcode component names.
- #5211 Update NGINX to 1.17.9
- #5213 Make quote function to render pointers in the template properly
- #5216 Check go exists in $PATH
- #5217 Added affinity-mode tc and refactored affinity.go
- #5221 Update NGINX image
- #5225 Avoid secret without tls.crt and tls.key but a valid ca.crt
- #5226 Fix $service_name and $service_port variables values without host
- #5232 Refacored proxy ssl TC-s
- #5241 Fix controller container name
- #5246 Remove checks for older versions
- #5249 Add support for hostPort in Deployment
- #5250 Use rbac scope feature in e2e tests
- #5251 Add support for custom healthz path in helm chart
- #5252 Check chart controller image tag
- #5254 Switch dev-env script to deployment
- #5258 Cleanup of chart labels
- #5262 Add Maxmind Editions support
- #5264 Fix reference to DH param secret, recommend larger parameter size
- #5266 Redirect for app-root should preserve current scheme
- #5268 do not require go for building
- #5269 Ensure DeleteDeployment waits until there are no pods running
- #5276 Fix the ability to disable ModSecurity at location level
- #5277 refactoring: use more specific var name
- #5281 Remove unnecessary logs
- #5283 Add retries for dns in tcp e2e test
- #5284 Wait for update in tcp e2e test
- #5288 Update client-go methods to support context and and new options
- #5289 Update go and e2e image
- #5290 Add DS_PROMETHEUS datasource for templating
- #5296 Added proxy-ssl-location-only test.
- #5298 Increase e2e concurrency
- #5301 Forward X-Request-ID to auth service
- #5307 Migrate ingress.class annotation to new IngressClassName field
- #5308 Set new default PathType to prefix
- #5309 Fix condition in server-alias annotation
- #5310 Added auth-tls-verify-client testcase
- #5313 Add script to generate yaml files from helm
- #5314 Set default resource requests limits
- #5315 Fix definition order of modsecurity directives
- #5320 Change condition order that produces endless loop
- #5324 Add support for PathTypeExact
- #5329 Update e2e dev image to v1.18.0
- #5330 Set k8s version kind should use for dev environment
- #5331 Enable configuration of plugins using configmap
- #5332 Add lifecycle hook and option to enable mimalloc
- #5333 Remove duplicated annotations definition and refactor hostPort conf
- #5336 Fix deployment strategy
- #5340 fix: remove unnecessary if statement when redirect annotation is defined
- #5341 ensure make lua-test runs locally
- #5346 Ensure krew plugin includes license
- #5357 Fix broken symlink to mimalloc
- #5361 Cleanup parsing of annotations with lists
- #5362 Cleanup httpbin image
- #5363 Remove version dependency in mimalloc symlink
- #5369 Update luajit and nginx to 1.17.10
- #5371 Update e2e image
- #5372 Update Go to 1.14.2
- #5374 Add port for plain HTTP to HTTPS redirection
- #5375 Remove chart old podSecurityPolicy check
- #5380 Use official mkdocs image and github action
- #5381 Add e2e tests for helm chart
- #5387 Add e2e test for OCSP and new configmap setting
- #5388 Remove TODO that were done
- #5392 Add new cfssl image and update e2e tests to use it
- #5393 Fix dev-env script to use new hostPort setting
- #5403 staple only when OCSP response status is "good"
- #5407 Update go dependencies
- #5409 Removed wrong code
- #5410 Add support for IngressClass and ingress.class annotation
- #5414 Pin mimalloc version and update openssl
- #5415 Update nginx image to fix openssl CVE-2020-1967
- #5419 Improve build time of httpbin e2e test image
Documentation:
- #5162 Migrate release of docs from travis-ci to github actions
- #5163 Cleanup build of documentation and update to mkdocs 1.1
- #5114 Feat: add header-pattern annotation.
- #5274 [docs]: fix deploy Prerequisite section
- #5347 docs: fix use-gzip wrong markdown style
- #5349 Update doc for validating Webhook with helm
- #5351 Remove deprecated flags and update docs
- #5355 ingress-nginx lua plugins docs
- #5360 Update deployment documentation
- #5365 Fix broken link for Layer 2 configuration mode
- #5370 Fix plugin README.md link
- #5395 Fix from-to-www link
- #5399 Cleanup deploy docs and remove old yaml manifests
- #5400 Update images README.md
- #5408 Add manifest for kind documentation
- #5420 Remove lua-resty-waf docs
- #5422 update notes.txt example with networking.k8s.io
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
- Allow service type ExternalName with different port and targetPort
- Update datadog tracer to v1.1.3
- Update default variables_hash_bucket_size value to 256
- Enable Opentracing for authentication subrequests (auth_request)
Changes:
- #5080 Add label selector for plugin
- #5083 Cleanup docker build
- #5084 Cleanup docker build
- #5085 Cleanup build of nginx image
- #5086 Migration e2e installation to helm
- #5087 Fox docker opencontainers version label
- #5088 Remove .cache directory with make clean.
- #5089 Abort any task in case of errors running shell commands
- #5090 Cleanup and standardization of e2e test definitions
- #5091 Add case for when user agent is nil
- #5092 Print information about e2e suite tests
- #5094 Remove comment from e2e_test.go
- #5095 Update datadog tracer to v1.1.3
- #5097 New e2e test: log-format-escape-json and log-format-upstream
- #5098 Fix make dev-env
- #5100 Ensure make dev-env support rolling updates
- #5101 Add keep-alive config check test
- #5102 Migrate e2e libaries
- #5103 Added configmap test for no-tls-redirect-locations
- #5105 Reuse-port check e2e tc (config check only)
- #5109 Added basic limit-rate configmap test.
- #5111 ingress-path-matching: doc typo
- #5117 Hash size e2e check test case
- #5122 refactor ssl handling in preparation of OCSP stapling
- #5123 Ensure helm repository and charts are available
- #5124 make dev-env improvements
- #5125 Added tc for limit-connection annotation
- #5131 Add request handling performance dashboard
- #5132 Lint go code
- #5134 Update list of e2e tests
- #5136 Add upstream keep alive tests
- #5139 Fixes kubernetes#5120
- #5140 Added configmap test for ssl-ciphers.
- #5141 Allow service type ExternalName with different port and targetPort
- #5145 Refactor the HSTS related test file and add config check to the HSTS tests
- #5149 Use helm template instead of update to install dev cluster
- #5150 Update default VariablesHashBucketSize value to 256
- #5151 Check there is a difference in the template besides the checksum
- #5152 Clean template
- #5153 Update nginx and e2e images
Documentation:
- #5018 Update developer document on dependency updates
- #5081 Fixed incorrect documentation of cli flag --default-backend-service
- #5093 Generate doc with list of e2e tests
- #5135 Correct spelling of the word "Original" in annotations documentation
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
New Features:
- NGINX 1.17.8
- Add SameSite support for Cookie Affinity https://www.chromium.org/updates/same-site
- Refactor of mirror feature to remove additional annotations
Changes:
- #4949 Add SameSite support - omit None for old browsers
- #4973 Fix release script
- #4975 Fix docker installation in travis script
- #4976 Fix travis
- #4977 Fix image version
- #4983 Fix enable opentracing per location
- #4987 Dump kind logs after e2e tests
- #4993 Calculation algorithm for server_names_hash_bucket_size should consid…
- #4995 Cleanup main makefile and remove the need of sed
- #4996 Fix status update for clusters where networking.k8s.io is not available
- #4999 Fix limitrange definition
- #5000 Update python syntax in OAuth2 example
- #5003 Fix server aliases
- #5008 Fix docker buildx check in Makefile
- #5009 Move mod-security logic from template to go code
- #5010 Update nginx image
- #5011 Update nginx image, go to 1.13.7 and e2e image
- #5015 Refactor mirror feature
- #5016 Fix dep-ensure task
- #5023 Update metric dependencies and restore default Objectives
- #5028 Add echo image to avoid building and installing dependencies in each …
- #5031 Update kindest/node version to v1.17.2
- #5032 Fix fortune-teller app manifest
- #5035 Update github.com/paultag/sniff dependency
- #5036 Disable DIND in script run-in-docker.sh
- #5038 Update code to use pault.ag/go/sniff package
- #5042 Fix X-Forwarded-Proto based on proxy-protocol server port
- #5050 Add flag to allow custom ingress status update intervals
- #5052 Change the handling of ConfigMap creation
- #5053 Validation of header in authreq should be done only in the key
- #5055 Only set mirror source when a target is configured
- #5059 Remove minikube and only use kind
- #5060 Cleanup e2e tests
- #5061 Fix scripts to run in osx
- #5062 Ensure scripts and dev-env works in osx
- #5067 Make sure set-cookie is retained from external auth endpoint
- #5069 Enable grpc e2e tests
- #5070 Update go to 1.13.8
- #5071 Add gzip-min-length as a Configuration Option
Documentation:
- #4974 Add travis script for docs
- #4991 doc: added hint why regular expressions might not be accepted
- #5018 Update developer document on dependency updates
- #5020 docs(deploy): fix helm install command for helm v3
- #5037 Cleanup README.md
- #5040 Update documentation and remove hack fixed by upstream cookie library
- #5041 36.94% size reduction of image assets using lossless compression from ImgBot
- #5043 Cleanup docs
- #5068 docs: reference buildx as a requirement for docker builds
- #5073 oauth-external-auth: README.md: Link to oauth2-proxy, dashboard-ingress.yaml
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.28.0
Fix occasional prometheus http: superfluous response.WriteHeader call...
error #4943
Remove prometheus socket before the start of metrics collector #4961
Reduce CPU utilization when the ingress controller is shutting down #4959
Fixes a flaw (CVE-2019-11251) when auth-type basic annotation is used #4960
Changes:
- #4912 Update README.md
- #4914 Disable docker in docker tasks in terraform release script
- #4932 Cleanup dev-env script
- #4943 Update client_golang dependency to v1.3.0
- #4956 Fix proxy protocol support for X-Forwarded-Port
- #4959 Refactor how to handle sigterm and nginx process goroutine
- #4960 Avoid overlap of configuration definitions
- #4961 Remove prometheus socket before listen
- #4962 Cleanup of e2e docker images
- #4965 Move opentracing configuration for location to go
- #4966 Add verification of docker buildx support
- #4967 Update go dependencies
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.27.1
Fix regression in Jaeger opentracing module, incorrect UID in webhook AdmissionResponse in Kubernetes > 1.16.0.
Changes:
- #4920 Rollback jaeger module version
- #4922 Use docker buildx and remove qemu-static
- #4927 Fix incorrect UID in webhook AdmissionResponse
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.27.0
New Features:
- NGINX 1.17.7
- Migration to alpinelinux.
- Global Modsecurity Snippet via ConfigMap
- Support Datadog sample rate with global trace sampling from configmap #4897
- Modsecurity CRS v3.2.0 #4829
- Modsecurity-nginx v1.0.1 #4842
- Allow enabling/disabling opentracing for ingresses #4732
Breaking Changes:
-
Enable download of GeoLite2 databases #4896
From maxmind website:
Due to upcoming data privacy regulations, we are making significant changes to how you access free GeoLite2 databases starting December 30, 2019. Learn more on our blog https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/
Because of this change, it is not clear we can provide the databases directly from the docker image. To enable the feature, we provide two options:
- Add the flag
--maxmind-license-key
to download the databases when the ingress controller starts. - or add a volume to mount the files
GeoLite2-City.mmdb
andGeoLite2-ASN.mmdb
in the directory/etc/nginx/geoip
.
If any of these conditions are not met, the geoip2 module will be disabled
- Add the flag
-
The feature
lua-resty-waf
was removed. -
Due to the migration to alpinelinux the uid of the user is different. Please make sure to update it
runAsUser: 101
or the ingress controller will not start (CrashLoopBackOff).
Changes:
- #4087 Define Modsecurity Snippet via ConfigMap
- #4603 optimize: local cache global variable and reduce string object creation.
- #4613 Terraform release
- #4619 Issue 4244
- #4620 ISSUE-4244 e2e test
- #4645 Bind ingress controller to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes
- #4650 Expose GeoIP2 Organization as variable $geoip2_org
- #4658 Need to quote expansion of
$cfg.LogFormatStream
inlog_stream
access log - #4664 warn when ConfigMap is missing or not parsable instead of erroring
- #4669 Simplify initialization function of bytes.Buffer
- #4671 Discontinue use of a single DNS query to validate an endpoint name
- #4673 More helpful dns error
- #4678 Increase the kubernetes 1.14 version to the installation prompt
- #4689 Server-only authentication of backends and per-location SSL config
- #4693 Adding some documentation about the use of metrics-per-host and enabl…
- #4694 Enhancement : add remote_addr in TCP access log
- #4695 Removing secure-verify-ca-secret support
- #4700 adds hability to use externalIP when controller service is of type NodePort
- #4730 add configuration for http2_max_concurrent_streams
- #4732 Allow enabling/disabling opentracing for ingresses
- #4745 add cmluciano to owners
- #4747 Docker image: Add source code reference label
- #4766 dev-env.sh: fix for parsing
minikube status
output of newer versions, fix shellcheck lints - #4779 Remove lua-resty-waf feature
- #4780 Update nginx image to use openresty master
- #4785 Update nginx image and Go to 1.13.4
- #4791 deploy: add protocol to all Container/ServicePorts
- #4793 Fix issue in logic of modsec template
- #4794 Remove extra annotation when Enabling ModSecurity
- #4797 Add a datasource variable $DS_PROMETHEUS
- #4803 Update nginx image to fix regression in jaeger tracing
- #4805 Update nginx and e2e images
- #4806 Add log to parallel command to dump logs in case of errors
- #4807 Allow custom CA certificate when flag --api-server is specified
- #4813 Update default SSL ciphers
- #4816 apply default certificate again in cases of invalid or incomplete cert config
- #4823 Update go dependencies to v1.17.0
- #4826 regression test and fix for duplicate hsts bug
- #4827 Migrate ingress definitions from extensions to networking.k8s.io
- #4829 Update modsecurity crs to v3.2.0
- #4840 Return specific type
- #4842 Update Modsecurity-nginx to latest (v1.0.1)
- #4843 Define minimum limits to run the ingress controller
- #4848 Update nginx image
- #4859 Use a named location for authSignURL
- #4862 Update nginx image
- #4863 Switch to nginx again
- #4866 Improve issue and pull request template
- #4867 Fix sticky session for ingress without host
- #4870 Default backend protocol only supports http
- #4871 Fix ingress status regression introduced in #4490
- #4875 Remove /build endpoint
- #4880 Remove download of geoip databases
- #4882 Use yaml files from a particular tag, not from master
- #4883 Update e2e image
- #4884 Update e2e image
- #4886 Fix flaking e2e tests
- #4887 Master branch uses a master tag image
- #4891 Add help task
- #4893 Use docker to run makefile tasks
- #4894 Remove todo from lua test
- #4896 Enable download of GeoLite2 databases
- #4897 Support Datadog sample rate with global trace sampling from configmap
- #4907 Add script to check go version and fix output directory permissions
Documentation:
- #4623 remove duplicated line in docs
- #4681 Fix docs/development.md describing inaccurate issues
- #4683 Fixed upgrading example command
- #4708 add proxy-max-temp-file-size doc
- #4727 update docs, remove output in prometheus deploy command
- #4744 Fix generation of sitemap.xml file
- #4746 Fix broken links in documentation
- #4748 Update documentation for static ip example
- #4749 Update documentation for rate limiting
- #4765 Fix extra word
- #4777 [docs] Add info about x-forwarded-prefix breaking change
- #4800 Update sysctl example
- #4801 Fix markdown list
- #4849 Fixed documentation for FCGI annotation.
- #4885 Correct MetalLB setup instructions.
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.2
Changes:
- #4859 Use a named location for authSignURL
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
Changes:
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.0
New Features:
-
Add support for NGINX proxy_ssl_* directives
-
Add support for FastCGI backends
-
Add support for multiple alias and remove duplication of SSL certificates
-
Support configuring basic auth credentials as a map of user/password hashes
-
Caching support for external authentication annotation with new annotations auth-cache-key and auth-cache-duration
-
Allow Requests to be Mirrored to different backends #4379
-
Improve connection draining when ingress controller pod is deleted using a lifecycle hook:
With this new hook, we increased the default
terminationGracePeriodSeconds
from 30 seconds to 300, allowing the draining of connections up to five minutes.If the active connections end before that, the pod will terminate gracefully at that time.
To efectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is
240s
instead of10s
.IMPORTANT: this value has a side effect during reloads, consuming more memory until the old NGINX workers are replaced.
lifecycle: preStop: exec: command: - /wait-shutdown
-
mimalloc as a drop-in replacement for malloc.
This feature can be enabled using the LD_PRELOAD environment variable in the ingress controller deployment
Example:
env: - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so
Please check the additional options it provides.
Breaking Changes:
-
The variable $the_real_ip variable was removed from template and default
log_format
. -
The default value of configmap setting proxy-add-original-uri-header is now
"false"
.When the setting
proxy-add-original-uri-header
is"true"
, the ingress controller adds a new headerX-Original-Uri
with the value of NGINX variable$request_uri
.In most of the cases this is not an issue but with request with long URLs it could lead to unexpected errors in the application defined in the Ingress serviceName, like issue 4593 - 431 Request Header Fields Too Large
Non-functional improvements:
-
Automation of NGINX image using terraform scripts
-
Removal of Go profiling on port
:10254
to uselocalhost:10245
To profile the ingress controller Go binary, use:
INGRESS_PODS=($(kubectl get pods -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx -o 'jsonpath={..metadata.name}')) kubectl port-forward -n ingress-nginx pod/${INGRESS_PODS[0]} 10245
Using the URL http://localhost:10245/debug/pprof/ to reach the profiler.
Changes:
- #3164 Initial support for CRL in Ingress Controller
- #4086 Resolve #4038, move X-Forwarded-Port variable to the location context
- #4278 feat: auth-req caching
- #4286 fix lua lints
- #4287 Add script for luacheck
- #4288 added proxy-http-version annotation to override the HTTP/1.1 default …
- #4289 Apply fixes suggested by staticcheck
- #4290 Make dev-env.sh script work on Linux
- #4291 hack scripts do not need PKG var
- #4298 Fix RBAC issues with networking.k8s.io
- #4299 Fix scripts to be able to run tests in docker
- #4302 Squash rules regarding ingresses
- #4306 Remove unnecessary output
- #4307 Disable access log in stream section for configuration socket
- #4313 avoid warning during lua unit test
- #4322 Update go dependencies
- #4327 Add proxy_ssl_* directives
- #4333 Add [$proxy_alternative_upstream_name]
- #4334 Refactor http client for unix sockets
- #4341 duplicate argument "--disable-catch-all"
- #4344 Add FastCGI backend support (#2982)
- #4356 Only support SSL dynamic mode
- #4365 memoize balancer for a request
- #4369 Fix broken test's filenames
- #4371 Update datadog tracing plugin to v1.0.1
- #4379 Allow Requests to be Mirrored to different backends
- #4383 Add support for psp
- #4386 Update go dependencies
- #4405 Lua shared cfg
- #4409 sort ingress by namespace and name when ingress.CreationTimestamp identical
- #4410 fix dev-env script
- #4412 Add nginx ssl_early_data option support
- #4415 more dev-env script improvements
- #4416 Remove invalid log "Failed to executing diff command: exit status 1"
- #4418 Remove dynamic TLS records
- #4420 Cleanup
- #4422 teach lua about search and ndots settings in resolv.conf
- #4423 Add quote function in template
- #4426 Update klog
- #4428 Add timezone value into $geoip2_time_zone variable
- #4435 Add option to use existing images
- #4437 Refactor version helper
- #4438 Add helper to extract prometheus metrics in e2e tests
- #4439 Move listen logic to go
- #4440 Fixes for CVE-2018-16843, CVE-2018-16844, CVE-2019-9511, CVE-2019-9513, and CVE-2019-9516
- #4443 Lua resolv conf parser
- #4445 use latest openresty with CVE patches
- #4446 lua-shared-dicts improvements, fixes and documentation
- #4448 ewma improvements
- #4449 Fix service type external name using the name
- #4450 Add nginx proxy_max_temp_file_size configuration option
- #4451 post data to Lua only if it changes
- #4452 Fix test description on error
- #4456 Fix file permissions to support volumes
- #4458 implementation proposal for zone aware routing
- #4459 cleanup logging message typos in rewrite.go
- #4460 cleanup: fix typos in framework.go
- #4463 Always set headers with add-headers option
- #4466 Add rate limit units and error status
- #4471 Lint code using staticcheck
- #4472 Add support for multiple alias and remove duplication of SSL certificates
- #4476 Initialize nginx process error channel
- #4478 Re-add Support for Wildcard Hosts with Sticky Sessions
- #4484 Add terraform scripts to build nginx image
- #4487 Refactor health checks and wait until NGINX process ends
- #4489 Fix log format markdown
- #4490 Refactor ingress status IP address
- #4492 fix lua certificate handling tests
- #4495 point users to kubectl ingress-nginx plugin
- #4500 Fix nginx variable service_port (nginx)
- #4501 Move nginx helper
- #4502 Remove hard-coded names from e2e test and use local docker dependencies
- #4506 Fix panic on multiple ingress mess up upstream is primary or not
- #4509 Update openresty and third party modules
- #4520 fix typo
- #4521 backward compatibility for k8s version < 1.14
- #4522 Fix relative links
- #4524 Update go dependencies
- #4527 Switch to official kind images
- #4528 Cleanup of docker images
- #4530 Update nginx image to 0.92
- #4531 Remove nginx unix sockets
- #4534 Show current reloads count, not total
- #4535 Improve the time to run e2e tests
- #4543 Correctly format ipv6 resolver config for lua
- #4545 Rollback luarocks version to 3.1.3
- #4547 Fix terraform build of nginx images
- #4548 regression test for the issue fixed in #4543
- #4549 Cleanup of docker build
- #4556 Allow multiple CA Certificates
- #4557 Remove the_real_ip variable
- #4560 Support configuring basic auth credentials as a map of user/password hashes
- #4569 allow to configure jaeger header names
- #4570 Update nginx image
- #4571 Increase log level for identical CreationTimestamp warning
- #4572 Fix log format after #4557
- #4575 Update go dependencies for kubernetes 1.16.0
- #4583 Disable go modules
- #4584 Remove retries to ExternalName
- #4586 Fix reload when a configmap changes
- #4587 Avoid unnecessary reloads generating lua_shared_dict directives
- #4591 optimize: local cache global variable and avoid single lines over 80
- #4592 refactor force ssl redirect logic
- #4594 cleanup unused certificates
- #4595 Rollback change of ModSecurity setting SecAuditLog
- #4596 sort auth proxy headers from configmap
- #4597 more meaningful assertion for tls hsts test
- #4598 delete redundant config
- #4600 Update nginx image
- #4601 Hsts refactoring
- #4602 fix bug with new and running configuration comparison
- #4604 Change default for proxy-add-original-uri-header
- #4606 Mount temporal directory volume for ingress controller
- #4611 Fix custom default backend switch to default
Documentation:
- #4277 doc: fix image link.
- #4316 Update how-it-works.md
- #4329 Update references to oauth2_proxy
- #4348 KEP process
- #4351 KEP: Remove static SSL configuration mode
- #4389 Fix docs build due to an invalid link
- #4455 KEP: availability zone aware routing
- #4581 Fix spelling and remove local reference of 404 docker image
- #4582 Update kubectl-plugin docs
- #4588 tls user guide --default-ssl-certificate clarification
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.1
Changes:
- #4440 Fixes for CVE-2018-16843, CVE-2018-16844, CVE-2019-9511, CVE-2019-9513, and CVE-2019-9516
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.0
New Features:
- Validating webhook for ingress sanity check documentation
- Migration from NGINX to OpenResty 1.15.8
- ARM image
- Improve external authorization concept from opt-in to secure-by-default 3506
- Reduce memory footprint and cpu usage when modsecurity is enabled 4091
- Support new
networking.k8s.io/v1beta1
package (for Kubernetes cluster > v1.14.0) 4127 - New variable
$proxy_alternative_upstream_name
in the log to show a hit in a canary endpoint #4246
Non-functional improvements:
- Migration from travis-ci to Prow
- Testgrid dashboards for ingress-nginx
- Update kind to v0.4.0
- Switch to go modules
- Go v1.12.6
- Docker size image reduced by 20%
Changes:
- #3506 Improve the external authorization concept from opt-in to secure-by-default
- #3802 Add a validating webhook for ingress sanity check
- #3803 use nkeys for counting lua table elements
- #3852 Enable arm again
- #4004 Remove valgrind
- #4005 Support proxy_next_upstream_timeout
- #4008 refactor GetFakeSSLCert
- #4009 Update nginx to 1.15.12
- #4010 Update nginx image and Go to 1.12.4
- #4012 Switch to go modules
- #4022 Add e2e test coverage for mult-auth
- #4042 Release custom error pages image v0.4 [skip-ci]
- #4048 Change upstream on error when sticky session balancer is used
- #4055 Rearrange deployment files into kustomizations
- #4064 Update go to 1.12.5, kubectl to 1.14.1 and kind to 0.2.1
- #4067 Trim spaces from annotations that can contain multiple lines
- #4069 fix e2e-test make target
- #4070 Don't try to create e2e runner rbac resources twice
- #4080 Load modsecurity config with OWASP core rules
- #4088 Migrate to Prow
- #4091 reduce memory footprint and cpu usage when modsecurity and owasp rule
- #4100 Remove stop controller endpoint
- #4101 Refactor whitelist from map to standard allow directives
- #4102 Refactor ListIngresses to add filters
- #4105 UPT: Add variable to define custom sampler host and port
- #4108 Add retry to LookupHost used to check the content of ExternalName
- #4109 Use real apiserver
- #4110 Update e2e images
- #4113 Force GOOS to linux
- #4119 Only load module ngx_http_modsecurity_module.so when option enable-mo…
- #4120 log info when endpoints change for a balancer
- #4122 Update Nginx to 1.17.0 and upgrade some other modules
- #4123 Update nginx image to 0.86
- #4127 Migrate to new networking.k8s.io/v1beta1 package
- #4128 feature(collectors): Added services to collectorLabels
- #4133 Run PodSecurityPolicy E2E test in parallel
- #4135 Use apps/v1 api group in e2e tests
- #4140 update modsecurity to latest, libmodsecurity to v3.0.3 and owasp-scrs…
- #4150 Update nginx
- #4160 SSL expiration metrics cannot be tied to dynamic updates
- #4162 Add "text/javascript" to compressible MIME types
- #4164 fix source file mods
- #4166 Session Affinity ChangeOnFailure should be boolean
- #4169 simplify sticky balancer and fix a bug
- #4180 Service type=ExternalName can be defined with ports
- #4185 Fix: fillout missing health check timeout on health check.
- #4187 Add unit test cases for balancer lua module
- #4191 increase lua_shared_dict config data
- #4204 Add e2e test for service type=ExternalName
- #4212 Add e2e tests for grpc
- #4214 Update go dependencies
- #4219 Get AuthTLS annotation unit tests to 100%
- #4220 Migrate to openresty
- #4221 Switch to openresty image
- #4223 Remove travis-ci badge
- #4224 fix monitor test after move to openresty
- #4225 Update image dependencies
- #4226 Update nginx image
- #4227 Fix misspelled and e2e check
- #4229 Do not send empty certificates to nginx
- #4232 override least recently used entries when certificate_data dict is full
- #4233 Update nginx image to 0.90
- #4235 Add new lints
- #4236 Add e2e test suite to detect memory leaks in lua
- #4237 Update go dependencies
- #4246 introduce proxy_alternative_upstream_name Nginx var
- #4249 test to make sure dynamic cert works trailing dot in domains
- #4250 Lint shell scripts
- #4251 Refactor prometheus leader helper
- #4253 Remove kubeclient configuration
- #4254 Update kind to 0.4.0
- #4257 Fix error deleting temporal directory in case of errors
- #4258 Fix go imports
- #4267 More e2e tests
- #4270 GetLbAlgorithm helper func for e2e
- #4272 introduce ngx.var.balancer_ewma_score
- #4273 Check and complete intermediate SSL certificates
- #4274 Support trailing dot
Documentation:
- #3966 Documentation example code fix
- #3978 Fix CA certificate example docs
- #3981 Add missing PR in changelog [skip ci]
- #3982 Add kubectl plugin docs
- #3987 Link to kubectl plugin docs in nav
- #4014 Update plugin krew manifest
- #4034 🔧 fix navigation error in file baremetal.md
- #4036 Docs have incorrect command in baremetal.md
- #4037 [doc] fixing regex in example of rewrite
- #4040 Fix default Content-Type for custom-error-pages example
- #4068 fix typo: deployement->deployment
- #4082 Explain references in custom-headers documentation
- #4089 Docs: configmap: use-gzip
- #4099 Docs - Update capture group
placeholder
- #4098 Update configmap about adding custom locations
- #4107 Clear up some inconsistent / unclear wording
- #4132 Update README.md for external-auth Test 4
- #4153 Add clarification on how to enable path matching
- #4159 Partially revert usage of kustomize for installation
- #4217 Fix typo in annotations
- #4228 Add notes on timeouts while using long GRPC streams
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1
Changes:
- #3990 Fix dynamic cert issue with default-ssl-certificate
- #3980 Refactor isIterable
- #4000 Dynamic ssl improvements
- #4007 do not create empty access_by_lua_block
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.0
New Features:
- NGINX 1.15.10
Breaking changes:
x-forwarded-prefix
annotation changed from a boolean to a string, see #3786
Changes:
- #3743 Remove session-cookie-hash annotation
- #3786 Fix x-forwarded-prefix annotation
- #3798 Move some configuration logic from Nginx config to Lua code
- #3806 Migrate e2e cluster to kind
- #3807 Lua plugin system - MVP
- #3808 make dynamic SSL mode default
- #3827 Fix plugin install location
- #3829 Prevent e2e-tests from running on non-local clusters
- #3833 bump luajit version to v2.1-20190228
- #3835 Update nginx image
- #3839 Fix panic on multiple non-matching canary
- #3846 Fix race condition in metric process collector test
- #3849 Use Gauge instead of Counter for connections_active Prometheus metric
- #3853 Remove authbind
- #3856 Fix ssl-dh-param issue when secret does not exit
- #3864 ing.Service with multiple hosts fix
- #3870 Improve kubectl plugin
- #3871 Fix name of field used to sort ingresses [skip-ci]
- #3875 Allow the use of a secret located in a different namespace
- #3882 Add support for IPV6 resolvers
- #3884 update GKE header to match link in contents
- #3885 Refactor status update
- #3886 Clean up ssl package and fix dynamic cert mode
- #3887 Remove useless nodeip calls and deprecate --force-namespace-isolation
- #3889 Separate out annotation assignment logic
- #3895 Correctly format ipv6 resolver config for lua
- #3900 Add lint subcommand to plugin
- #3907 Remove unnecessary copy of GeoIP databases
- #3908 Update nginx image
- #3918 Set
X-Request-ID
for thedefault-backend
, too. - #3927 Update apiVersion to apps/v1, drop duplicate line
- #3932 Fix dynamic SSL certificate for aliases and redirect-from-to-www
- #3933 Update nginx to 1.15.10
- #3934 Update nginx image
- #3943 Update dependencies
- #3947 Adds a log warning when falling back to default fake cert
- #3950 Fix forwarded host parsing
- #3954 Fix load-balance configmap value
- #3955 Plugin select deployment using replicaset name
- #3958 Refactor equals
- #3960 Fix segfault on reference to nonexistent configmap
- #3968 Update nginx image
- #3969 Update nginx image to 0.84
Documentation:
- #3841 Improve "Sticky session" docs
- #3836 Update mkdocs [skip ci]
- #3847 Add missing basic usage documentation link
- #3874 Update embargo doc link in SECURITY_CONTACTS and change PST to PSC
- #3890 Make sure cli-arguments doc is in alphabetical order
- #3945 fix typo: delete '`'
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.23.0
New Features:
- NGINX 1.15.9
- New
canary-by-header-value
annotation. - New debug binary to get runtime information from lua 3686
- Support for Opentracing with Datadog
- New kubectl plugin Alpha
Breaking changes:
-
The NGINX server listening in port 18080 was removed. It was replaced by a server using an unix socket as port #3684 This server was internal to the ingress controller. In case this was being acceded from the outside, you can restore the old server using the
http-snipet
feature in the configuration configmap like:http-snippet: | server { listen 18080; location /nginx_status { allow 127.0.0.1; allow ::1; deny all; stub_status on; } location / { return 404; } }
Changes:
- #3619 add header-value annotation
- #3628 Fix 503 error generation on empty endpoints
- #3666 rename sysctlFSFileMax to rlimitMaxNumFiles to reflect what it actually does
- #3667 worker_connections should be less (3/4th) than worker_rlimit_nofile
- #3671 bugfix: fixed duplicated seeds.
- #3673 used table functions of LuaJIT for better performance.
- #3674 used cjson.safe instead of pcall.
- #3682 enable use-forwarded-headers for L7 LB
- #3684 Replace Status port using a socket
- #3686 Add debug binary to the docker image
- #3695 > Don't reload nginx when L4 endpoints changed
- #3696 Apply annotations to default location
- #3698 Fix --disable-catch-all
- #3702 Add params for access log
- #3704 make sure dev-env forces context to be minikube
- #3728 Fix flaky test
- #3730 Changes CustomHTTPErrors annotation to use custom default backend
- #3734 remove old unused lua dicts
- #3736 do not unnecessarily log
- #3737 Adjust probe timeouts
- #3739 dont log unnecessarily
- #3740 Fix ingress updating for session-cookie-* annotation changes
- #3747 Update nginx and modules
- #3748 Update nginx image
- #3749 Enhance Unit Tests for Annotations
- #3750 Update go dependencies
- #3751 Parse environment variables in OpenTracing configuration
- #3756 Create custom annotation for satisfy "value"
- #3757 Add mention of secure-backends to backend-protocol docs
- #3764 delete confusing CustomErrors attribute to make things more explicit
- #3765 simplify customhttperrors e2e test and add regression test and fix a bug
- #3766 Support Opentracing with Datadog - part 2
- #3767 Support Opentracing with Datadog - part 1
- #3771 Do not log unnecessarily
- #3772 Fix dashboard link [skip ci]
- #3775 Fix DNS lookup failures in L4 services
- #3779 Add kubectl plugin
- #3780 Enable access log for default backend
- #3781 feat: configurable proxy buffers number
- #3782 Lua bridge tracer
- #3784 use correct host for jaeger-collector-host in docs
- #3785 use latest base nginx image
- #3787 Use UsePortInRedirects only if enabled
- #3791 - remove annotations in nginxcontroller struct
- #3792 dont restart minikube when it is already running
- #3793 Update mergo dependency
- #3794 use use-context that actually changes the context
- #3795 do not warn when optional annotations arent set
- #3799 Add /dbg certs command
- #3800 Refactor e2e
- #3809 Upgrade openresty/lua-resty-balancer
- #3810 Update nginx image
- #3811 Fix e2e tests
- #3812 Removes unused const from customhttperrors e2e test
- #3813 Prevent dep from vendoring grpc-fortune-teller dependencies
- #3819 Fix e2e test in osx
- #3820 Update nginx image
- #3821 Update nginx to 1.15.9
- #3822 Set default for satisfy annotation to nothing
Documentation:
- #3680 mention rewrite-target change for 0.22.0
- #3693 Correcting links for gRPC Fortune Teller app
- #3701 Update usage documentation for default-backend annotation
- #3705 Increase Unit Test Coverage for Templates
- #3708 Update OWNERS
- #3731 Update a doc example that uses rewrite-target
Deprecations:
- The annotation
session-cookie-hash
is deprecated and will be removed in 0.24. - Flag
--force-namespace-isolation
is deprecated and will be removed in 0.24. Currently this annotation is being replaced by--watch-namespace
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.22.0
New Features:
- NGINX 1.15.8
- New balancer implementation: consistent hash subset
- Adds support for HTTP2 Push Preload annotation
- Allow to disable NGINX prometheus metrics
- New --disable-catch-all flag to ignore catch-all ingresses
- Add flag --metrics-per-host to make per-host metrics optional
Breaking changes:
-
Annotation
nginx.ingress.kubernetes.io/rewrite-target
has changed and will not behave as expected if you don't update them.Refer to https://kubernetes.github.io/ingress-nginx/examples/rewrite/#rewrite-target on how to change it.
Refer to kubernetes#3174 (comment) on how to do seamless migration.
-
Annotations
nginx.ingress.kubernetes.io/add-base-url
andnginx.ingress.kubernetes.io/base-url-scheme
were removed.Please check issue #3174 for details.
-
By default do not trust any client to extract true client IP address from X-Forwarded-For header using realip module (
use-forwarded-headers: "false"
)
Changes:
- #3174 Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
- #3240 Adds support for HTTP2 Push Preload annotation
- #3333 breaking change: by default do not trust any client
- #3342 Allow privilege escalation
- #3363 Document for cookie expires annotation
- #3396 New balancer implementation: consistent hash subset
- #3446 add more testing for mergeAlternativeBackends
- #3453 Monitor fixes
- #3455 Watch controller Pods and make then available in k8sStore
- #3465 Bump nginx-opentracing for gRPC support
- #3467 store ewma stats per backend
- #3470 Use opentracing_grpc_propagate_context when necessary
- #3474 Improve parsing of annotations and use of Ingress wrapper
- #3476 Fix nginx directory permissions
- #3477 clarify canary ingress
- #3478 delete unused buildLoadBalancingConfig
- #3487 dynamic certificate mode should support widlcard hosts
- #3488 Add probes to deployments used in e2e tests
- #3492 Fix data size validations
- #3494 Since dynamic mode only checking for 'return 503' is not valid anymore
- #3495 Adjust default timeout for e2e tests
- #3497 Wait for the right number of endpoints
- #3498 Update godeps
- #3501 be consistent with what Nginx supports
- #3503 compare error with error types from k8s.io/apimachinery/pkg/api/errors
- #3504 fix an ewma unit test
- #3505 Update lua configuration_data when number of controller pod change
- #3507 Remove temporal configuration file after a while
- #3508 Update nginx to 1.15.7
- #3509 [1759] Ingress affinity session cookie with Secure flag for HTTPS
- #3512 Allow to disable NGINX metrics
- #3518 Fix log output format
- #3521 Fix a bug with Canary becoming main server
- #3522 {tcp,udp}-services cm appear twice
- #3525 make canary ingresses independent of the order they were applied
- #3530 Update nginx image
- #3532 Ignore updates of ingresses with invalid class
- #3536 Replace dockerfile entrypoint
- #3548 e2e test to ensure graceful shutdown does not lose requests
- #3551 Fix --enable-dynamic-certificates for nested subdomain
- #3553 handle_error_when_executing_diff
- #3562 Rename nginx.yaml to nginx.json
- #3566 Add Unit Tests for getIngressInformation
- #3569 fix status updated: make sure ingress.status is copied
- #3573 Update Certificate Generation Docs to not use MD5
- #3581 lua randomseed per worker
- #3582 Sort ingresses by creation timestamp
- #3584 Update go to 1.11.4
- #3586 Add --disable-catch-all option to disable catch-all server
- #3587 adjust dind istallation
- #3594 Add a flag to make per-host metrics optional
- #3596 Fix proxy_host variable configuration
- #3601 Update nginx to 1.15.8
- #3602 Update nginx image
- #3604 Add an option to automatically set worker_connections based on worker_rlimit_nofile
- #3615 Pass k8s
Service
data through to the TCP balancer script. - #3620 Added server alias to metrics
- #3624 Update nginx to fix geoip database deprecation
- #3625 Update nginx image
- #3633 Fix a bug in Ingress update handler
- #3634 canary by cookie should support hypen in cookie name
- #3635 Fix duplicate alternative backend merging
- #3637 Add support for redirect https to https (from-to-www-redirect)
- #3640 add limit connection status code
- #3641 Replace deprecated apiVersion in deploy folder
- #3643 Update nginx
- #3644 Update nginx image
- #3648 Remove stickyness cookie domain from Lua balancer to match old behavior
- #3649 Empty access_by_lua_block breaks satisfy any
- #3655 Remove flag sort-backends
- #3656 Change default value of flag for ssl chain completion
- #3660 Revert max-worker-connections default value
- #3664 Fix invalid validation creating prometheus valid host values
Documentation:
- #3513 Revert removal of TCP and UDP support configmaps in mandatroy manifest
- #3456 Revert TCP/UDP documentation removal and links
- #3482 Annotations doc links: minor fixes and unification
- #3491 Update example to use latest Dashboard version.
- #3510 Update mkdocs [skip ci]
- #3516 Fix error in configmap yaml definition
- #3575 Add documentation for spec.rules.host format
- #3577 Add standard labels to namespace specs
- #3592 Add inside the User Guide documentation section a basic usage section and example
- #3605 Fix CLA URLs
- #3627 Typo: docs/examples/rewrite/README.md
- #3632 Fixed: error parsing with-rbac.yaml: error converting YAML to JSON
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
New Features:
- NGINX 1.15.6 with fixes for vulnerabilities in HTTP/2 (CVE-2018-16843, CVE-2018-16844)
- Support for TLSv1.3. Disabled by default. Use ssl-protocols
ssl-protocols: TLSv1.3 TLSv1.2
- New annotation for canary deployments
- Support for configuration snippets when the authentication annotation is used
- Support for custom ModSecurity configuration
- LUA upstream configuration for TCP and UDP services
Changes:
- #3156 [404-server] Removes 404 server
- #3170 Move mainSnippet before events to fix load_module issue.
- #3187 UPT: annotation enhancement for resty-lua-waf
- #3190 Refactor e2e Tests to use common helper
- #3193 Add E2E tests for HealthCheck
- #3194 Make literal $ character work in set $location_path
- #3195 Add e2e Tests for AuthTLS
- #3196 Remove default backend requirement
- #3197 Remove support for TCP and UDP services
- #3198 Only support dynamic configuration
- #3199 Remove duplication in files
- #3201 no data shows for config reloads charts when select to namespace or controller
- #3203 Remove annotations grpc-backend and secure-backend already deprecated
- #3204 Flags publish-service and publish-status-address are mutually exclusive
- #3205 Update OWNERS [skip ci]
- #3207 delete upstream healthcheck annotation
- #3209 Fix: update config map name
- #3212 Add some extra detail to the client cert auth example regarding potential gotcha
- #3213 Update deps
- #3214 Cleanup of nginx image
- #3219 Update nginx image
- #3222 Allow Ability to Configure Upstream Keepalive
- #3230 Retry initial backend configuration
- #3231 Improve dynamic lua configuration
- #3234 Added e2e tests for backend protocols
- #3247 Refactor probe url requests
- #3252 remove the command args of enable-dynamic-configuration
- #3257 Add e2e tests for upstream vhost
- #3260 fix logging calls
- #3261 Mount minikube volume to docker container
- #3265 Update kubeadm-dind-cluster
- #3266 fix two bugs with backend-protocol annotation
- #3267 Fix status update in case of connection errors
- #3270 Don't sort IngressStatus from each Goroutine(update for each ingress)
- #3277 Add e2e test for configuration snippet
- #3279 Fix usages of %q formatting for numbers (%d)
- #3280 Add e2e test for from-to-www-redirect
- #3281 Add e2e test for log
- #3285 Add health-check-timeout as command line argument
- #3286 fix bug with balancer.lua configuration
- #3295 Refactor EWMA to not use shared dictionaries
- #3296 Update nginx and add support for TLSv1.3
- #3297 Add e2e test for force-ssl-redirect
- #3301 Add e2e tests for IP Whitelist
- #3302 Add e2e test for server snippet
- #3304 Update kubeadm-dind-cluster script
- #3305 Add e2e test for app-root
- #3306 Update e2e test to verify redirect code
- #3309 Customize ModSecurity to be used in Locations
- #3310 Fix geoip2 db files
- #3313 Support cookie expires
- #3320 Update nginx image and QEMU version
- #3321 Add configuration for geoip2 module
- #3322 Remove e2e boilerplate
- #3324 Fix sticky session
- #3325 Fix e2e tests
- #3328 Code linting
- #3332 Update build-single-manifest-sh,remove tcp-services-configmap.yaml and udp-services-configmap.yaml
- #3338 Avoid reloads when endpoints are not available
- #3341 Add canary annotation and alternative backends for traffic shaping
- #3343 Auth snippet
- #3344 Adds CustomHTTPErrors ingress annotation and test
- #3345 update annotation
- #3346 Add e2e test for session-cookie-hash
- #3347 Add e2e test for ssl-redirect
- #3348 Update cli-arguments.md. Remove tcp and udp, add health-check-timeout.
- #3353 Update nginx modules
- #3354 Update nginx image
- #3356 Download latest dep releases instead of fetching from HEAD
- #3357 Add missing modsecurity unicode.mapping file
- #3367 Remove reloads when there is no endpoints
- #3372 Add annotation for session affinity path
- #3373 Update nginx
- #3374 Revert removal of support for TCP and UDP services
- #3383 Only set cookies on paths that enable session affinity
- #3387 Modify the wrong function name
- #3390 Add e2e test for round robin load balancing
- #3400 Add Snippet for ModSecurity
- #3404 Update nginx image
- #3405 Prevent X-Forwarded-Proto forward during external auth subrequest
- #3406 Update nginx and e2e image
- #3407 Restructure load balance e2e tests and update round robin test
- #3408 Fix modsecurity configuration file location
- #3409 Convert isValidClientBodyBufferSize to something more generic
- #3410 fix logging calls
- #3415 bugfix: set canary attributes when initializing balancer
- #3417 bugfix: do not merge catch-all canary backends with itself
- #3421 Fix X-Forwarded-Proto typo
- #3424 Update nginx image
- #3425 Update nginx modules
- #3428 Set proxy_host variable to avoid using default value from proxy_pass
- #3437 Use struct to pack Ingress and its annotations
- #3441 Match buffer
- #3442 Increase log level when there is an invalid size value
- #3453 Monitor fixes
Documentation:
- #3166 Added ingress tls values.yaml example to documentation
- #3215 align opentracing user-guide with nginx configmap configuration
- #3229 Fix documentation links [skip ci]
- #3232 Fix typo
- #3242 Add a note to the deployment into GKE
- #3249 Clarify mandatory script doc
- #3262 Add e2e test for connection
- #3263 "diretly" typo
- #3264 Add missing annotations to Docs
- #3271 the sample ingress spec error
- #3275 Add Better Documentation for using AuthTLS
- #3282 Fix some typos
- #3312 Delete some extra words
- #3319 Fix links in deploy index docs
- #3326 fix broken link
- #3349 fix typo
- #3364 Fix links format [skip-ci]
- #3366 Fix some typos
- #3369 Fix some typos
- #3370 Fix typo: whitlelist -> whitelist
- #3377 Fix typos and default value
- #3379 Fix typos
- #3382 Fix typos: reqrite -> rewrite
- #3388 Update annotations.md. Remove Duplication.
- #3392 Fix link in documentation [skip ci]
- #3395 Fix some documents issues
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0
New Features:
- NGINX 1.15.5
- Support for regular expressions in paths https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/ingress-path-matching.md
- Provide possibility to block IPs, User-Agents and Referers globally
- Remove --default-backend-service requirement. Use the flag only for custom default backends
- Valgrind and Openresty gdb tools
Changes:
- #2997 Provide possibility to block IPs, User-Agents and Referers globally
- #3016 Log Errors Missing in Internal
- #3017 Add e2e tests for CORS
- #3022 Add support for valgrind
- #3029 add support for http2-max-requests in configmap
- #3035 Fixup #2970: Add Missing Label
app.kubernetes.io/part-of: ingress-nginx
- #3049 fix: Don't try and find local certs when secretName is not specified
- #3050 Add Ingress variable in Grafana dashboard
- #3062 Pass Host header for custom errors
- #3065 Join host/port with go helper (supports ipv6)
- #3067 fix missing datasource value
- #3069 Replace client-go deprecated method
- #3072 Update ingress service IP
- #3073 do not hardcode the path
- #3078 Fix Rewrite-Target Annotation Edge Case
- #3079 Openresty gdb tools
- #3080 Update nginx image to 0.62
- #3098 make upstream keepalive work for http
- #3100 update annotation name from rewrite-log to enable-rewrite-log
- #3118 Replace standard json encoding with jsoniter
- #3121 Typo fix: adresses -> addresses
- #3126 do not require --default-backend-service
- #3130 fix newlines location denied
- #3133 multi-tls readme example to reference the file
- #3134 Update nginx to 1.15.4
- #3135 Remove payload from post log
- #3136 Update nginx image
- #3137 Docker run as user
- #3143 Ensure monitoring for custom error pages
- #3144 Fix incorrect .DisableLua access.
- #3145 Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
- #3146 Update default backend image
- #3147 Fix error publishing docs [skip ci]
- #3149 Add e2e Tests for Proxy Annotations
- #3151 Add e2e test for SSL-Ciphers
- #3159 Pass --shell to minikube docker-env
- #3178 Update nginx to 1.15.5
- #3179 Update nginx image
- #3182 Allow curly braces to be used in regex paths
Documentation:
- #3021 Fix documentation search
- #3027 Add documentation about running Ingress NGINX on bare-metal
- #3039 Remove link to invalid example [ci-skip]
- #3046 Document when to modify ELB idle timeouts and set default value to 60s
- #3059 fix some typos
- #3068 Complete documentation about SSL Passthrough
- #3074 Add MetalLB to bare-metal deployment page
- #3090 Add note about default namespace and merge behavior
- #3092 Update mkdocs and travis-ci
- #3094 Fix baremetal images [skip ci]
- #3097 Added notes to regarding external access when using TCP/UDP proxy in Ingress
- #3102 Replace kubernetes-users mailing list links with discuss forum link
- #3111 doc issue related to monitor part
- #3113 fix typos
- #3115 Fixed link to aws elastic loadbalancer
- #3162 update name of config map in README.md
- #3175 Fix yaml indentation in annotations server-snippet doc
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0
New Features:
- NGINX 1.15.3
- Serve SSL certificates synamically instead of reloading NGINX when they are created, updated, or deleted.
Feature behind the flag
--enable-dynamic-certificates
- GDB binary is included in the image to help troubleshooting issues
- Adjust the number of CPUs when CGROUP limits are defined (
worker-processes=auto
uses all the availables)
Changes:
- #2616 Add use-forwarded-headers configmap option.
- #2857 remove unnecessary encoding/decoding also fix ipv6 issue
- #2884 [grafana] Rate over 2 minutes since default Prometheus interval is 1m
- #2889 Add Lua endpoint to support dynamic certificate serving functionality
- #2899 fixed rewrites for paths not ending in /
- #2923 Add dynamic certificate serving feature to controller
- #2925 Update nginx dependencies
- #2932 Fixed typo in flags.go
- #2934 Datasource input variable
- #2941 now actually using the $controller and $namespace variables
- #2942 Update nginx image
- #2946 Add unit tests to configuration_test.lua that cover Backends configuration
- #2955 Update nginx opentracing zipkin module
- #2956 Update nginx and e2e images
- #2957 Batch metrics and flush periodically
- #2964 fix variable parsing when key is number
- #2965 Add Lua module to serve SSL Certificates dynamically
- #2966 Add unit tests for sticky lua module
- #2970 Update labels
- #2972 consistently fallback to default certificate when TLS is configured
- #2977 Pass real source IP address to auth request
- #2979 clear dynamic configuration e2e tests
- #2987 cleanup dynamic cert e2e tests
- #2988 Update go to 1.11
- #2990 Check if cgroup cpu limits are defined to get the number of CPUs
- #3003 Update nginx to 1.15.3
- #3004 Update nginx image
- #3005 Fix gdb issue and update e2e image
- #3006 apply nginx patch to make ssl_certificate_by_lua_block work properly
- #3011 Update nginx image
Documentation:
- #2806 add help for tls prerequisite for ingress.yaml
- #2912 Add documentation to install prometheus and grafana
- #2928 docs: Precisations on the usage of the InfluxDB module
- #2962 Fix broken anchor link to GCE/GKE
- #2983 Add documentation for enable-dynamic-certificates feature
- #2998 fixed jsonpath command in examples
- #3002 Enhance Troubleshooting Documentation
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0
New Features:
- NGINX 1.15.2
- Dynamic configuration is enabled by default
- Support for AJP protocol
- Use of authbind to bind privileged ports
- Replace minikube with kubeadm-dind-cluster to run e2e tests
Changes:
- #2789 Remove KubeConfig Dependency for Store Tests
- #2794 enable dynamic backend configuration by default
- #2795 start minikube before trying to build the image
- #2804 add support for ExternalName service type in dynamic mode
- #2808 fix the bug #2799, add prefix (?i) in rewrite statement.
- #2811 Escape $request_uri for external auth
- #2812 modified annotation name "rewrite-to" to "rewrite-target" in comments
- #2819 Catch errors waiting for controller deployment
- #2823 Multiple optimizations to build targets
- #2825 Refactoring of how we run as user
- #2826 Remove setcap from image and update nginx to 0.15.1
- #2827 Use nginx image as base and install go on top
- #2829 use resty-cli for running lua unit tests
- #2830 Remove lua mocks
- #2834 Added permanent-redirect-code
- #2844 Do not allow invalid latency values in metrics
- #2852 fix custom-error-pages functionality in dynamic mode
- #2853 improve annotations/default_backend e2e test
- #2858 Update build image
- #2859 Fix inconsistent metric labels
- #2863 Replace minikube for e2e tests
- #2867 fix bug with lua e2e test suite
- #2868 Use an existing e2e image
- #2869 describe under what circumstances and how we avoid Nginx reload
- #2871 Add support for AJP protocol
- #2872 Update nginx to 1.15.2
- #2874 Delay initial prometheus status metric
- #2876 Remove dashboard an tune sync-frequency
- #2877 Refactor entrypoint to avoid issues with volumes
- #2885 fix: Sort TCP/UDP upstream order
- #2888 Fix grafana datasources
- #2890 Usability improvements to build steps
- #2893 Update nginx image
- #2894 Use authbind to bind privileged ports
- #2895 support custom configuration to main context of nginx config
- #2896 support configuring multi_accept directive via configmap
- #2897 Enable reuse-port by default
- #2905 Fix IPV6 detection
Documentation:
- #2816 doc log-format: add variables about ingress
- #2866 Update index.md
- #2898 Fix default sync-period doc
- #2903 Very minor grammar fix
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1
Changes:
Documentation:
- #2770 Basic-Auth doc misleading: fix double quotes leading to nginx config error
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.0
New Features:
Changes:
- #2705 Remove duplicated securityContext
- #2719 Sample rate configmap option for zipkin in nginx-opentracing
- #2726 Cleanup prometheus metrics after a reload
- #2727 Add e2e tests for Client-Body-Buffer-Size
- #2732 Improve logging
- #2741 Add redirect uri for oauth2 login
- #2744 fix: Use the correct opentracing plugin for Jaeger
- #2747 Update opentracing-cpp and modsecurity
- #2748 Update nginx image to 0.54
- #2749 Use docker to build go binaries
- #2754 Allow gzip compression level to be controlled via ConfigMap
- #2760 Fix ingress rule parsing error
- #2767 Fix regression introduced in #2732
- #2771 Grafana Dashboard
- #2775 Simplify handler registration and updates prometheus
- #2776 Fix configuration hash calculation
Documentation:
- #2717 GCE/GKE proxy mentioned for Azure
- #2743 Clarify Installation Document by Separating Helm Steps
- #2761 Fix spelling mistake
- #2764 Use language neutral links to MDN
- #2765 Add FOSSA status badge
- #2777 Build docs using local docker image [ci skip]
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2
Breaking changes:
Running as user requires an update in the deployment manifest.
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
Note: the deploy guide contains this change
Changes:
- #2678 Refactor server type to include SSLCert
- #2685 Fix qemu docker build
- #2696 If server_tokens is disabled completely remove the Server header
- #2698 Improve best-cert guessing with empty tls.hosts
- #2701 Remove prometheus labels with high cardinality
Documentation:
- #2368 [aggregate] Fix typos across codebase
- #2681 Typo fix in error message: encounted->encountered
- #2697 Enhance Distributed Tracing Documentation
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.1
Breaking changes:
Running as user requires an update in the deployment manifest.
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
Note: the deploy guide contains this change
New Features:
- Run as user dropping root privileges
- New prometheus metric implementation (VTS module was removed)
- InfluxDB integration
- Module GeoIP2
Changes:
- #2692 Fix initial read of configuration configmap
- #2693 Revert #2669
- #2694 Add note about status update
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.1
Breaking changes:
Running as user requires an update in the deployment manifest.
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
Note: the deploy guide contains this change
New Features:
- Run as user dropping root privileges
- New prometheus metric implementation (VTS module was removed)
- InfluxDB integration
- Module GeoIP2
Changes:
- #2423 Resolves issue with proxy-redirect nginx configuration
- #2451 fix for #1930, make sessions sticky, for ingress with multiple rules …
- #2484 Fix bugs in Lua implementation of sticky sessions
- #2486 Extend kubernetes interrelation variables in nginx.tmpl
- #2504 Add Timeout For TLS Passthrough
- #2505 Annotations for the InfluxDB module
- #2517 Fix typo about the kind of request
- #2523 Add tests for bind-address
- #2524 Add support for grpc_set_header
- #2526 Fix upstream hash lua test
- #2528 Remove go-bindata
- #2533 NGINX image update: add the influxdb module
- #2534 Set Focus for E2E Tests
- #2537 Update nginx modules
- #2542 Instrument controller to show configReload metrics
- #2543 introduce a balancer interface
- #2548 Implement generate-request-id
- #2554 use better defaults for proxy-next-upstream(-tries)
- #2558 Update qemu to 2.12.0 [ci skip]
- #2559 Add geoip2 module and DB to nginx build
- #2564 Add security contacts file [ci skip]
- #2569 Update nginx modules to fix core dump [ci skip]
- #2570 Enable core dumps during tests
- #2573 Refactor e2e tests and update go dependencies
- #2574 Fix default-backend annotation
- #2575 Print information about NGINX version
- #2577 make sure ingress-nginx instances are watching their namespace only during test runs
- #2588 Update nginx dependencies
- #2590 Typo fix: muthual autentication -> mutual authentication
- #2591 Access log improvements
- #2597 Fix arm paths for liblua.so and lua_package_cpath
- #2598 Always sort upstream list to provide stable iteration order
- #2600 typo fix futher to further && preformance to performance
- #2602 Crossplat fixes
- #2603 Bump nginx influxdb module to f8732268d44aea706ecf8d9c6036e9b6dacc99b2
- #2608 Expose UDP message on /metrics endpoint
- #2611 Add metric emitter lua module
- #2614 fix nginx conf test error when not found active service endpoints
- #2617 Update go to 1.10.3
- #2618 Update nginx to 1.15.0 and remove VTS module
- #2619 Run as user dropping privileges
- #2623 Proofread cmd package and update flags description
- #2634 Disable resync period
- #2636 Add missing equality comparisons for ingress.Server
- #2638 Wait the result of the controller deployment before running any test
- #2639 Clarify log messages in controller package
- #2643 Remove VTS from the ingress controller
- #2644 Update nginx image version
- #2646 Rollback nginx 1.15.0 to 1.13.12
- #2649 Add support for IPV6 in stream upstream servers
- #2652 Use a unix socket instead udp for reception of metrics
- #2653 Remove dummy file watcher
- #2654 Hotfix: influxdb module enable disable toggle
- #2656 Improve configuration change detection
- #2658 Do not wait informer initialization to read configuration
- #2659 Update nginx image
- #2660 Change modsecurity directories
- #2661 Add additional header when debug is enabled
- #2664 refactor some lua code
- #2669 Remove unnecessary sync when the leader change
- #2672 After a configmap change parse ingress annotations (again)
- #2673 Add new approvers to the project
- #2674 Add e2e test for configmap change and reload
- #2675 Update opentracing nginx module
- #2676 Update opentracing configuration
Documentation:
- #2479 Document how the NGINX Ingress controller build nginx.conf
- #2515 Simplify installation and e2e manifests
- #2531 Mention the #ingress-nginx Slack channel
- #2540 DOCS: Correct ssl-passthrough annotation description.
- #2544 [docs] Fix manifest URL for GKE + Azure
- #2566 Fix wrong default value for
enable-brotli
- #2581 Improved link in modsecurity.md
- #2583 docs: add secret scheme details to the example
- #2592 Typo fix: are be->are/to on->to
- #2595 Typo fix: successfull->successful
- #2601 fix changelog link in README.md
- #2624 Fix minor documentation example
- #2625 Add annotation doc on proxy buffer size
- #2630 Update documentation for custom error pages
- #2666 Add documentation for proxy-cookie-domain annotation (#2034)
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0
Changes:
- #2440 TLS tests
- #2443 improve build-dev-env.sh script
- #2446 always use x-request-id
- #2447 Add basic security context to deployment YAMLs
- #2453 Add google analytics [ci skip]
- #2456 Assert or install go-bindata before incanting
- #2472 Refactor Lua balancer
- #2477 Change TrimLeft for TrimPrefix on the from-to-www redirect
- #2490 add resty cookie
- #2495 [ci skip] bump nginx baseimage version
- #2501 Refactor update of status removing initial check for loadbalancer
- #2502 Update go version in fortune teller image
- #2511 force backend sync when worker starts
- #2512 Remove warning when secret is used only for authentication
- #2514 Fix and simplify local dev workflow and execution of e2e tests
Documentation:
- #2448 Update GitHub pull request template
- #2449 Improve documentation format
- #2454 Add gRPC annotation doc
- #2455 Adjust size of tables and only adjust the first column on mobile
- #2457 Add Getting the Code section to Quick Start
- #2464 Documentation fixes & improvements
- #2467 Fixed broken link in deploy README
- #2498 Add some clarification around multiple ingress controller behavior
- #2503 Add KubeCon Europe 2018 Video to documentation
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.14.0
New Features:
- Documentation web page
- Support for
upstream-hash-by
annotation in dynamic configuration mode - Improved e2e test suite
Changes:
- #2346 Move ConfigMap updating methods into e2e/framework
- #2347 Update owners
- #2348 Use same convention, curl + kubectl for GKE
- #2350 Correct some returned messages in server_tokens.go
- #2352 Correct some info in flags.go
- #2353 Add proxy-add-original-uri-header config flag
- #2356 Add vts-sum-key config flag
- #2361 Check ingress rule contains HTTP paths
- #2363 Review $request_id
- #2365 Clean JSON before post request to update configuration
- #2369 Update nginx image to fix modsecurity crs issues
- #2370 Update nginx image
- #2374 Remove most of the time.Sleep from the e2e tests
- #2379 Add busted unit testing framework for lua code
- #2382 Accept ns/name Secret reference in annotations
- #2383 Improve speed of e2e tests
- #2385 include lua-resty-balancer in nginx image
- #2386 upstream-hash-by annotation support for dynamic configuraton mode
- #2388 Silence unnecessary MissingAnnotations errors
- #2392 Ensure dep fix fsnotify
- #2395 Fix flaky test
- #2396 Update go dependencies
- #2398 Allow tls section without hosts in Ingress rule
- #2399 Add test for store helper ListIngresses
- #2401 Add tests for controller getEndpoints
- #2408 Read backends data even if buffered to temp file
- #2410 Add balancer unit tests
- #2411 Update nginx-opentracing to 0.3.0
- #2414 Fix golint installation
- #2416 Update nginx image
- #2417 Automate building developer environment
- #2421 Apply gometalinter suggestions
- #2428 Add buffer configuration to external auth location config
- #2433 Remove data races from tests
- #2434 Check ginkgo is installed before running e2e tests
- #2437 Add annotation to enable rewrite logs in a location
Documentation:
- #2351 Typo fix in cli-arguments.md
- #2372 fix the default cookie name in doc
- #2377 DOCS: Add clarification regarding ssl passthrough
- #2409 Add deployment instructions for Docker for Mac (Edge)
- #2413 Reorganize documentation
- #2438 Update custom-errors.md
- #2439 Update README.md
- #2430 Add scripts and tasks to publish docs to github pages
- #2431 Improve readme file
- #2366 fix: fill missing patch yaml config.
- #2432 Fix broken links in the docs
- #2436 Update exposing-tcp-udp-services.md
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.13.0
New Features:
- NGINX 1.13.12
- Support for gRPC:
- The annotation
nginx.ingress.kubernetes.io/grpc-backend: "true"
enable this feature - If the gRPC service requires TLS
nginx.ingress.kubernetes.io/secure-backends: "true"
- The annotation
- Configurable load balancing with EWMA
- Support for lua-resty-waf as alternative to ModSecurity. Check configuration guide
- Support for session affinity when dynamic configuration is enabled.
- Add NoAuthLocations and default it to "/.well-known/acme-challenge"
Changes:
- #2078 Expose SSL client cert data to external auth provider.
- #2187 Managing a whitelist for _/nginx_status
- #2208 Add missing lua bindata change
- #2209 fix go test TestSkipEnqueue error, move queue.Run
- #2210 allow ipv6 localhost when enabled
- #2212 Fix dynamic configuration when custom errors are enabled
- #2215 fix wrong config generation when upstream-hash-by is set
- #2220 fix: cannot set $service_name if use rewrite
- #2221 Update nginx to 1.13.10 and enable gRPC
- #2223 Add support for gRPC
- #2227 do not hardcode keepalive for upstream_balancer
- #2228 Fix broken links in multi-tls
- #2229 Configurable load balancing with EWMA
- #2232 Make proxy_next_upstream_tries configurable
- #2233 clean backends data before sending to Lua endpoint
- #2234 Update go dependencies
- #2235 add proxy header ssl-client-issuer-dn, fix #2178
- #2241 Revert "Get file max from fs/file-max. (#2050)"
- #2243 Add NoAuthLocations and default it to "/.well-known/acme-challenge"
- #2244 fix: empty ingress path
- #2246 Fix grpc json tag name
- #2254 e2e tests for dynamic configuration and Lua features and a bug fix
- #2263 clean up tmpl
- #2270 Revert deleted code in #2146
- #2271 Use SharedIndexInformers in place of Informers
- #2272 Disable opentracing for nginx internal urls
- #2273 Update go to 1.10.1
- #2280 Fix bug when auth req is enabled(external authentication)
- #2283 Fix flaky e2e tests
- #2285 Update controller.go
- #2290 Update nginx to 1.13.11
- #2294 Fix HSTS without preload
- #2296 Improve indentation of generated nginx.conf
- #2298 Disable dynamic configuration in s390x and ppc64le
- #2300 Fix race condition when Ingress does not contains a secret
- #2301 include lua-resty-waf and its dependencies in the base Nginx image
- #2303 More lua dependencies
- #2304 Lua resty waf controller
- #2305 Fix issues building nginx image in different platforms
- #2306 Disable lua waf where luajit is not available
- #2308 Add verification of lua load balancer to health check
- #2309 Configure upload limits for setup of lua load balancer
- #2314 annotation to ignore given list of WAF rulesets
- #2315 extra waf rules per ingress
- #2317 run lua-resty-waf in different modes
- #2327 Update nginx to 1.13.12
- #2328 Update nginx image
- #2331 fix nil pointer when ssl with ca.crt
- #2333 disable lua for arch s390x and ppc64le
- #2340 Fix buildupstream name to work with dynamic session affinity
- #2341 Add session affinity to custom load balancing
- #2342 Sync SSL certificates on events
Documentation:
- #2236 Add missing configuration in #2235
- #1785 Add deployment docs for AWS NLB
- #2213 Update cli-arguments.md
- #2219 Fix log format documentation
- #2238 Correct typo
- #2239 fix-link
- #2240 fix:"any value other" should be "any other value"
- #2255 Update annotations.md
- #2267 Update README.md
- #2274 Typo fixes in modsecurity.md
- #2276 Update README.md
- #2282 Fix nlb instructions
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.12.0
New Features:
- Live NGINX configuration update without reloading using the flag
--enable-dynamic-configuration
(disabled by default). - New flag
--publish-status-address
to manually set the Ingress status IP address. - Add worker-cpu-affinity NGINX option.
- Enable remote logging using syslog.
- Do not redirect
/.well-known/acme-challenge
to HTTPS.
Changes:
- #2125 Add GCB config to build defaultbackend
- #2127 Revert deletion of dependency version override
- #2137 Updated log level to v2 for sysctlFSFileMax.
- #2140 Cors header should always be returned
- #2141 Fix error loading modules
- #2143 Only add HSTS headers in HTTPS
- #2144 Add annotation to disable logs in a location
- #2145 Add option in the configuration configmap to enable remote logging
- #2146 In case of TLS errors do not allow traffic
- #2148 Add publish-status-address flag
- #2155 Update nginx with new modules
- #2162 Remove duplicated BuildConfigFromFlags func
- #2163 include lua-upstream-nginx-module in Nginx build
- #2164 use the correct error channel
- #2167 configuring load balancing per ingress
- #2172 include lua-resty-lock in nginx image
- #2174 Live Nginx configuration update without reloading
- #2180 Include tests in golint checks, fix warnings
- #2181 change nginx process pgid
- #2185 Remove ProxyPassParams setting
- #2191 Add checker test for bad pid
- #2193 fix wrong json tag
- #2201 Add worker-cpu-affinity nginx option
- #2202 Allow config to disable geoip
- #2205 add luacheck to lint lua files
Documentation:
- #2124 Document how to provide list types in configmap
- #2133 fix limit-req-status-code doc
- #2139 Update documentation for nginx-ingress-role RBAC.
- #2165 Typo fix "api server " -> "API server"
- #2169 Add documentation about secure-verify-ca-secret
- #2200 fix grammer mistake
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.11.0
New Features:
- NGINX 1.13.9
Changes:
- #1992 Added configmap option to disable IPv6 in nginx DNS resolver
- #1993 Enable Customization of Auth Request Redirect
- #1996 Use v3/dev/performance of ModSecurity because of performance
- #1997 fix var checked
- #1998 Add support to enable/disable proxy buffering
- #1999 Add connection-proxy-header annotation
- #2001 Add limit-request-status-code option
- #2005 fix typo error for server name _
- #2006 Add support for enabling ssl_ciphers per host
- #2019 Update nginx image
- #2021 Add nginx_cookie_flag_module
- #2026 update KUBERNETES from v1.8.0 to 1.9.0
- #2027 Show pod information in http-svc example
- #2030 do not ignore $http_host and $http_x_forwarded_host
- #2031 The maximum number of open file descriptors should be maxOpenFiles.
- #2036 add matchLabels in Deployment yaml, that both API extensions/v1beta1 …
- #2050 Get file max from fs/file-max.
- #2063 Run one test at a time
- #2065 Always return an IP address
- #2069 Do not cancel the synchronization of secrets
- #2071 Update Go to 1.9.4
- #2082 Use a ring channel to avoid blocking write of events
- #2089 Retry initial connection to the Kubernetes cluster
- #2093 Only pods in running phase are vallid for status
- #2099 Added GeoIP Organisational data
- #2107 Enabled the dynamic reload of GeoIP data
- #2119 Remove deprecated flag disable-node-list
- #2120 Migrate to codecov.io
Documentation:
- #1987 add kube-system namespace for oauth2-proxy example
- #1991 Add comment about bolean and number values
- #2009 docs/user-guide/tls: remove duplicated section
- #2011 broken link for sticky-ingress.yaml
- #2014 Add document for connection-proxy-header annotation
- #2016 Minor link fix in deployment docs
- #2018 Added documentation for Permanent Redirect
- #2035 fix broken links in static-ip readme
- #2038 fix typo: appropiate -> [appropriate]
- #2039 fix typo stickyness to stickiness
- #2040 fix wrong annotation
- #2041 fix spell error reslover -> resolver
- #2046 Fix typos
- #2054 Adding documentation for helm with RBAC enabled
- #2075 Fix opentracing configuration when multiple options are configured
- #2076 Fix spelling errors
- #2077 Remove initContainer from default deployment
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.2
Changes:
- #1978 Fix chain completion and default certificate flag issues
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.1
Changes:
- #1945 When a secret is updated read ingress annotations (again)
- #1948 Update go to 1.9.3
- #1953 Added annotation for upstream-vhost
- #1960 Adjust sysctl values to improve nginx performance
- #1963 Fix tests
- #1969 Rollback #1854
- #1970 By default brotli is disabled
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.0
Breaking changes:
Changed the names of default Nginx ingress prometheus metrics. If you are scraping default Nginx ingress metrics with prometheus the metrics changes are as follows:
nginx_active_connections_total -> nginx_connections_total{state="active"}
nginx_accepted_connections_total -> nginx_connections_total{state="accepted"}
nginx_handled_connections_total -> nginx_connections_total{state="handled"}
nginx_current_reading_connections_total -> nginx_connections{state="reading"}
nginx_current_writing_connections_total -> nginx_connections{state="writing"}
current_waiting_connections_total -> nginx_connections{state="waiting"}
New Features:
- NGINX 1.13.8
- Support to hide headers from upstream servers
- Support for Jaeger
- CORS max age annotation
Changes:
- #1782 auth-tls-pass-certificate-to-upstream should be bool
- #1787 force external_auth requests to http/1.1
- #1800 Add control of the configuration refresh interval
- #1805 Add X-Forwarded-Prefix on rewrites
- #1844 Validate x-forwarded-proto and connection scheme before redirect to https
- #1852 Update nginx to v1.13.8 and update modules
- #1854 Fix redirect to ssl
- #1858 When upstream-hash-by annotation is used do not configure a lb algorithm
- #1861 Improve speed of tests execution
- #1869 "proxy_redirect default" should be placed after the "proxy_pass"
- #1870 Fix SSL Passthrough template issue and custom ports in redirect to HTTPS
- #1871 Update nginx image to 0.31
- #1872 Fix data race updating ingress status
- #1880 Update go dependencies and cleanup deprecated packages
- #1888 Add CORS max age annotation
- #1891 Refactor initial synchronization of ingress objects
- #1903 If server_tokens is disabled remove the Server header
- #1906 Random string function should only contains letters
- #1907 Fix custom port in redirects
- #1909 Release nginx 0.32
- #1910 updating prometheus metrics names according to naming best practices
- #1912 removing _total prefix from nginx guage metrics
- #1914 Add --with-http_secure_link_module for the Nginx build configuration
- #1916 Add support for jaeger backend
- #1918 Update nginx image to 0.32
- #1919 Add option for reuseport in nginx listen section
- #1926 Do not use port from host header
- #1927 Remove sendfile configuration
- #1928 Add support to hide headers from upstream servers
- #1929 Refactoring of kubernetes informers and local caches
- #1933 Remove deploy of ingress controller from the example
Documentation:
- #1786 fix: some typo.
- #1792 Add note about annotation values
- #1814 Fix link to custom configuration
- #1826 Add note about websocket and load balancers
- #1840 Add note about default log files
- #1853 Clarify docs for add-headers and proxy-set-headers
- #1864 configmap.md: Convert hyphens in name column to non-breaking-hyphens
- #1865 Add docs for legacy TLS version and ciphers
- #1867 Fix publish-service patch and update README
- #1913 Missing r
- #1925 Fix doc links
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
Changes:
- #1731 Allow configuration of proxy_responses value for tcp/udp configmaps
- #1766 Fix ingress typo
- #1768 Custom default backend must use annotations if present
- #1769 Use custom https port in redirects
- #1771 Add additional check for old SSL certificates
- #1776 Add option to configure the redirect code
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.19
Changes:
- Fix regression with ingress.class annotation introduced in 0.9-beta.18
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.18
Breaking changes:
- The NGINX ingress annotations contains a new prefix: nginx.ingress.kubernetes.io. This change is behind a flag to avoid breaking running deployments.
To avoid breaking a running NGINX ingress controller add the flag --annotations-prefix=ingress.kubernetes.io to the nginx ingress controller deployment.
There is one exception, the annotation
kubernetes.io/ingress.class
remains unchanged (this annotation is used in multiple ingress controllers)
New Features:
- NGINX 1.13.7
- Support for s390x
- e2e tests
Changes:
- #1648 Remove GenericController and add tests
- #1650 Fix misspell errors
- #1651 Remove node lister
- #1652 Remove node lister
- #1653 Fix diff execution
- #1654 Fix travis script and update kubernetes to 1.8.0
- #1658 Tests
- #1659 Add nginx helper tests
- #1662 Refactor annotations
- #1665 Add the original http request method to the auth request
- #1687 Fix use merge of annotations
- #1689 Enable s390x
- #1693 Fix docker build
- #1695 Update nginx to v0.29
- #1696 Always add cors headers when enabled
- #1697 Disable features not availables in some platforms
- #1698 Auth e2e tests
- #1699 Refactor SSL intermediate CA certificate check
- #1700 Add patch command to append publish-service flag
- #1701 fix: Core() is deprecated use CoreV1() instead.
- #1702 Fix TLS example [ci skip]
- #1704 Add e2e tests to verify the correct source IP address
- #1705 Add annotation for setting proxy_redirect
- #1706 Increase ELB idle timeouts [ci skip]
- #1710 Do not update a secret not referenced by ingress rules
- #1713 add --report-node-internal-ip-address describe to cli-arguments.md
- #1717 Fix command used to detect version
- #1720 Add docker-registry example [ci skip]
- #1722 Add annotation to enable passing the certificate to the upstream server
- #1723 Add timeouts to http server and additional pprof routes
- #1724 Cleanup main
- #1725 Enable all e2e tests
- #1726 fix: replace deprecated methods.
- #1734 Changes ssl-client-cert header
- #1737 Update nginx v1.13.7
- #1738 Cleanup
- #1739 Improve e2e checks
- #1740 Update nginx
- #1745 Simplify annotations
- #1746 Cleanup of e2e helpers
Documentation:
- #1657 Add better documentation for deploying for dev
- #1680 Add doc for log-format-escape-json [ci skip]
- #1685 Fix default SSL certificate flag docs [ci skip]
- #1686 Fix development doc [ci skip]
- #1727 fix: fix typos in docs.
- #1747 Add config-map usage and options to Documentation
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.17
Changes:
- Fix regression with annotations introduced in 0.9-beta.16 (thanks @tomlanyon)
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.16
New Features:
- Images are published to quay.io
- NGINX 1.13.6
- OpenTracing Jaeger support inNGINX
- ModSecurity support
- Support for brotli compression in NGINX
- Return 503 error instead of 404 when no endpoint is available
Breaking changes:
- The default SSL configuration was updated to use
TLSv1.2
and the default cipher list isECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
Known issues:
- When ModSecurity is enabled a segfault could occur - ModSecurity#1590
Changes:
- #1489 Compute a real
X-Forwarded-For
header - #1490 Introduce an upstream-hash-by annotation to support consistent hashing by nginx variable or text
- #1498 Add modsecurity module
- #1500 Enable modsecurity feature
- #1501 Request ingress controller version in issue template
- #1502 Force reload on template change
- #1503 Add falg to report node internal IP address in ingress status
- #1505 Increase size of variable hash bucket
- #1506 Update nginx ssl configuration
- #1507 Add tls session ticket key setting
- #1511 fix deprecated ssl_client_cert. add ssl_client_verify header
- #1513 Return 503 by default when no endpoint is available
- #1520 Change alias behaviour not to create new server section needlessly
- #1523 Include the serversnippet from the config map in server blocks
- #1533 Remove authentication send body annotation
- #1535 Remove auth-send-body [ci skip]
- #1538 Rename service-nodeport.yml to service-nodeport.yaml
- #1543 Fix glog initialization error
- #1544 Fix
make container
for OSX. - #1547 fix broken GCE-GKE service descriptor
- #1550 Add e2e tests - default backend
- #1553 Cors features improvements
- #1554 Add missing unit test for nextPowerOf2 function
- #1556 fixed https port forwarding in Azure LB service
- #1566 Release nginx-slim 0.27
- #1568 update defaultbackend tag
- #1569 Update 404 server image
- #1570 Update nginx version
- #1571 Fix cors tests
- #1572 Certificate Auth Bugfix
- #1577 Do not use relative urls for yaml files
- #1580 Upgrade to use the latest version of nginx-opentracing.
- #1581 Fix Makefile to work in OSX.
- #1582 Add scripts to release from travis-ci
- #1584 Add missing probes in deployments
- #1585 Add version flag
- #1587 Use pass access scheme in signin url
- #1589 Fix upstream vhost Equal comparison
- #1590 Fix Equals Comparison for CORS annotation
- #1592 Update opentracing module and release image to quay.io
- #1593 Fix makefile default task
- #1605 Fix ExternalName services
- #1607 Add support for named ports with service-upstream. #1459
- #1608 Fix issue with clusterIP detection on service upstream. #1534
- #1610 Only set alias if not already set
- #1618 Fix full XFF with PROXY
- #1620 Add gzip_vary
- #1621 Fix path to ELB listener image
- #1627 Add brotli support
- #1629 Add ssl-client-dn header
- #1632 Rename OWNERS assignees: to approvers:
- #1635 Install dumb-init using apt-get
- #1636 Update go to 1.9.2
- #1640 Update nginx to 0.28 and enable brotli
Documentation:
- #1491 Note that GCE has moved to a new repo
- #1492 Cleanup readme.md
- #1494 Cleanup
- #1497 Cleanup examples directory
- #1504 Clean readme
- #1508 Fixed link in prometheus example
- #1527 Split documentation
- #1536 Update documentation and examples [ci skip]
- #1541 fix(documentation): Fix some typos
- #1548 link to prometheus docs
- #1562 Fix development guide link
- #1563 Add task to verify markdown links
- #1583 Add note for certificate authentication in Cloudflare
- #1617 fix typo in user-guide/annotations.md
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15
New Features:
- Add OCSP support
- Configurable ssl_verify_client
Changes:
- #1468 Add the original URL to the auth request
- #1469 Typo: Add missing {{ }}
- #1472 Fix X-Auth-Request-Redirect value to reflect the request uri
- #1473 Fix proxy protocol check
- #1475 Add OCSP support
- #1477 Fix semicolons in global configuration
- #1478 Pass redirect field in login page to get a proper redirect
- #1480 configurable ssl_verify_client
- #1485 Fix source IP address
- #1486 Fix overwrite of custom configuration
Documentation:
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.14
New Features:
- Opentracing support for NGINX
- Setting upstream vhost for nginx
- Allow custom global configuration at multiple levels
- Add support for proxy protocol decoding and encoding in TCP services
Changes:
- #719 Setting upstream vhost for nginx.
- #1321 Enable keepalive in upstreams
- #1322 parse real ip
- #1323 use $the_real_ip for rate limit whitelist
- #1326 Pass headers from the custom error backend
- #1328 update deprecated interface
- #1329 add example for nginx-ingress
- #1330 Increase coverage in template.go for nginx controller
- #1335 Configurable proxy_request_buffering per location..
- #1338 Fix multiple leader election
- #1339 Enable status port listening in all interfaces
- #1340 Update sha256sum of nginx substitutions
- #1341 Fix typos
- #1345 refactor controllers.go
- #1349 Force reload if a secret is updated
- #1363 Fix proxy request buffering default configuration
- #1365 Fix equals comparsion returing False if both objects have nil Targets or Services.
- #1367 Fix typos
- #1379 Fix catch all upstream server
- #1380 Cleanup
- #1381 Refactor X-Forwarded-* headers
- #1382 Cleanup
- #1387 Improve resource usage in nginx controller
- #1392 Avoid issues with goroutines updating fields
- #1393 Limit the number of goroutines used for the update of ingress status
- #1394 Improve equals
- #1402 fix error when cert or key is nil
- #1403 Added tls ports to rbac nginx ingress controller and service
- #1404 Use nginx default value for SSLECDHCurve
- #1411 Add more descriptive logging in certificate loading
- #1412 Correct Error Handling to avoid panics and add more logging to template
- #1413 Validate external names
- #1418 Fix links after design proposals move
- #1419 Remove duplicated ingress check code
- #1420 Process queue items by time window
- #1423 Fix cast error
- #1424 Allow overriding the tag and registry
- #1426 Enhance Certificate Logging and Clearup Mutual Auth Docs
- #1430 Add support for proxy protocol decoding and encoding in TCP services
- #1434 Fix exec of readSecrets
- #1435 Add header to upstream server for external authentication
- #1438 Do not intercept errors from the custom error service
- #1439 Nginx master process killed thus no further reloads
- #1440 Kill worker processes to allow the restart of nginx
- #1445 Updated godeps
- #1450 Fix links
- #1451 Add example of server-snippet
- #1452 Fix sync of secrets (kube lego)
- #1454 Allow custom global configuration at multiple levels
Documentation:
- #1400 Fix ConfigMap link in doc
- #1422 Add docs for opentracing
- #1441 Improve custom error pages doc
- #1442 Opentracing docs
- #1446 Add custom timeout annotations doc
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.13
New Features:
- NGINX 1.3.5
- New flag to disable node listing
- Custom X-Forwarder-Header (CloudFlare uses
CF-Connecting-IP
as header) - Custom error page in Client Certificate Authentication
Changes:
- #1272 Delete useless statement
- #1277 Add indent for nginx.conf
- #1278 Add proxy-pass-params annotation and Backend field
- #1282 Fix nginx stats
- #1288 Allow PATCH in enable-cors
- #1290 Add flag to disabling node listing
- #1293 Adds support for error page in Client Certificate Authentication
- #1308 A trivial typo in config
- #1310 Refactoring nginx configuration configmap
- #1311 Enable nginx async writes
- #1312 Allow custom forwarded for header
- #1313 Fix eol in nginx template
- #1315 Fix nginx custom error pages
Documentation:
- #1270 add missing yamls in controllers/nginx
- #1276 Link rbac sample from deployment docs
- #1291 fix link to conformance suite
- #1295 fix README of nginx-ingress-controller
- #1299 fix two doc issues in nginx/README
- #1306 Fix kubeconfig example for nginx deployment
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.12
Breaking changes:
- SSL passthrough is disabled by default. To enable the feature use
--enable-ssl-passthrough
New Features:
- Support for arm64
- New flags to customize listen ports
- Per minute rate limiting
- Rate limit whitelist
- Configuration of nginx worker timeout (to avoid zombie nginx workers processes)
- Redirects from non-www to www
- Custom default backend (per Ingress)
- Graceful shutdown for NGINX
Changes:
- #977 Add sort-backends command line option
- #981 Add annotation to allow use of service ClusterIP for NGINX upstream.
- #991 Remove secret sync loop
- #992 Check errors generating pem files
- #993 Fix the sed command to work on macOS
- #1013 The fields of vtsDate are unified in the form of plural
- #1025 Fix file watch
- #1027 Lint code
- #1031 Change missing secret name log level to V(3)
- #1032 Alternative syncSecret approach #1030
- #1042 Add function to allow custom values in Ingress status
- #1043 Return reference to object providing Endpoint
- #1046 Add field FileSHA in BasicDigest struct
- #1058 add per minute rate limiting
- #1060 Update fsnotify dependency to fix arm64 issue
- #1065 Add more descriptive steps in Dev Documentation
- #1073 Release nginx-slim 0.22
- #1074 Remove lua and use fastcgi to render errors
- #1075 (feat/ #374) support proxy timeout
- #1076 Add more ssl test cases
- #1078 fix the same udp port and tcp port, update nginx.conf error
- #1080 Disable platform s390x
- #1081 Spit Static check and Coverage in diff Stages of Travis CI
- #1082 Fix build tasks
- #1087 Release nginx-slim 0.23
- #1088 Configure nginx worker timeout
- #1089 Update nginx to 1.13.4
- #1098 Exposing the event recorder to allow other controllers to create events
- #1102 Fix lose SSL Passthrough
- #1104 Simplify verification of hostname in ssl certificates
- #1109 Cleanup remote address in nginx template
- #1110 Fix Endpoint comparison
- #1118 feat(#733)Support nginx bandwidth control
- #1124 check fields len in dns.go
- #1130 Update nginx.go
- #1134 replace deprecated interface with versioned ones
- #1136 Fix status update - changed in #1074
- #1138 update nginx.go: performance improve
- #1139 Fix Todo:convert sequence to table
- #1162 Optimize CI build time
- #1164 Use variable request_uri as redirect after auth
- #1179 Fix sticky upstream not used when enable rewrite
- #1184 Add support for temporal and permanent redirects
- #1185 Add more info about Server-Alias usage
- #1186 Add annotation for client-body-buffer-size per location
- #1190 Add flag to disable SSL passthrough
- #1193 fix broken link
- #1198 Add option for specific scheme for base url
- #1202 formatIP issue
- #1203 NGINX not reloading correctly
- #1204 Fix template error
- #1205 Add initial sync of secrets
- #1206 Update ssl-passthrough docs
- #1207 delete broken link
- #1208 fix some typo
- #1210 add rate limit whitelist
- #1215 Replace base64 encoding with random uuid
- #1218 Trivial fixes in core/pkg/net
- #1219 keep zones unique per ingress resource
- #1221 Move certificate authentication from location to server
- #1223 Add doc for non-www to www annotation
- #1224 refactor rate limit whitelist
- #1226 Remove useless variable in nginx.tmpl
- #1227 Update annotations doc with base-url-scheme
- #1233 Fix ClientBodyBufferSize annotation
- #1234 Lint code
- #1235 Fix Equal comparison
- #1236 Add Validation for Client Body Buffer Size
- #1238 Add support for 'client_body_timeout' and 'client_header_timeout'
- #1239 Add flags to customize listen ports and detect port collisions
- #1243 Add support for access-log-path and error-log-path
- #1244 Add custom default backend annotation
- #1246 Add additional headers when custom default backend is used
- #1247 Make Ingress annotations available in template
- #1248 Improve nginx controller performance
- #1254 fix Type transform panic
- #1257 Graceful shutdown for Nginx
- #1261 Add support for 'worker-shutdown-timeout'
Documentation:
- #976 Update annotations doc
- #979 Missing auth example
- #980 Add nginx basic auth example
- #1001 examples/nginx/rbac: Give access to own namespace
- #1005 Update configuration.md
- #1018 add docs for
proxy-set-headers
andadd-headers
- #1038 typo / spelling in README.md
- #1039 typo in examples/tcp/nginx/README.md
- #1049 Fix config name in the example.
- #1054 Fix link to UDP example
- #1084 (issue #310)Fix some broken link
- #1103 Add GoDoc Widget
- #1105 Make Readme file more readable
- #1106 Update annotations.md
- #1107 Fix Broken Link
- #1119 fix typos in controllers/nginx/README.md
- #1122 Fix broken link
- #1131 Add short help doc in configuration for nginx limit rate
- #1143 Minor Typo Fix
- #1144 Minor Typo fix
- #1145 Minor Typo fix
- #1146 Fix Minor Typo in Readme
- #1147 Minor Typo Fix
- #1148 Minor Typo Fix in Getting-Started.md
- #1149 Fix Minor Typo in TLS authentication
- #1150 Fix Minor Typo in Customize the HAProxy configuration
- #1151 Fix Minor Typo in customization custom-template
- #1152 Fix minor typo in HAProxy Multi TLS certificate termination
- #1153 Fix minor typo in Multi TLS certificate termination
- #1154 Fix minor typo in Role Based Access Control
- #1155 Fix minor typo in TCP loadbalancing
- #1156 Fix minor typo in UDP loadbalancing
- #1157 Fix minor typos in Prerequisites
- #1158 Fix minor typo in Ingress examples
- #1159 Fix minor typos in Ingress admin guide
- #1160 Fix a broken href and typo in Ingress FAQ
- #1165 Update CONTRIBUTING.md
- #1168 finx link to running-locally.md
- #1170 Update dead link in nginx/HTTPS section
- #1172 Update README.md
- #1173 Update admin.md
- #1174 fix several titles
- #1177 fix typos
- #1188 Fix minor typo
- #1189 Fix sign in URL redirect parameter
- #1192 Update README.md
- #1195 Update troubleshooting.md
- #1196 Update README.md
- #1209 Update README.md
- #1085 Fix ConfigMap's namespace in custom configuration example for nginx
- #1142 Fix typo in multiple docs
- #1228 Update release doc in getting-started.md
- #1230 Update godep guide link
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11
Fixes NGINX CVE-2017-7529
Changes:
- #659 [nginx] TCP configmap should allow listen proxy_protocol per service
- #730 Add support for add_headers
- #808 HTTP->HTTPS redirect does not work with use-proxy-protocol: "true"
- #921 Make proxy-real-ip-cidr a comma separated list
- #930 Add support for proxy protocol in TCP services
- #933 Lint code
- #937 Fix lint code errors
- #940 Sets parameters for a shared memory zone of limit_conn_zone
- #949 fix nginx version to 1.13.3 to fix integer overflow
- #956 Simplify handling of ssl certificates
- #958 Release ubuntu-slim:0.13
- #959 Release nginx-slim 0.21
- #960 Update nginx in ingress controller
- #964 Support for proxy_headers_hash_bucket_size and proxy_headers_hash_max_size
- #966 Fix error checking for pod name & NS
- #967 Fix runningAddresses typo
- #968 Fix missing hyphen in yaml for nginx RBAC example
- #973 check number of servers in configuration comparator
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.10
Fix release 0.9-beta.9
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.9
New Features:
- Add support for arm and ppc64le
Changes:
- #548 nginx: support multidomain certificates
- #620 [nginx] Listening ports are not configurable, so ingress can't be run multiple times per node when using CNI
- #648 publish-service argument isn't honored when ELB is internal only facing.
- #833 WIP: Avoid reloads implementing Equals in structs
- #838 Feature request: Add ingress annotation to enable upstream "keepalive" option
- #844 ingress annotations affinity is not working
- #862 Avoid reloads implementing Equaler interface
- #864 Remove dead code
- #868 Lint nginx code
- #871 Add feature to allow sticky sessions per location
- #873 Update README.md
- #876 Add information about nginx controller flags
- #878 Update go to 1.8.3
- #881 Option to not remove loadBalancer status record?
- #882 Add flag to skip the update of Ingress status on shutdown
- #885 Don't use $proxy_protocol var which may be undefined.
- #886 Add support for SubjectAltName in SSL certificates
- #888 Update nginx-slim to 0.19
- #889 Add PHOST to backend
- #890 Improve variable configuration for source IP address
- #892 Add upstream keepalive connections cache
- #897 Update outdated ingress resource link
- #898 add error check right when reload nginx fail
- #899 Fix nginx error check
- #900 After #862 changes in the configmap do not trigger a reload
- #901 [doc] Update NGinX status port to 18080
- #902 Always reload after a change in the configuration
- #904 Fix nginx sticky sessions
- #906 Fix race condition with closed channels
- #907 nginx/proxy: allow specifying next upstream behaviour
- #910 Feature request: use
X-Forwarded-Host
from the reverse proxy before - #911 Improve X-Forwarded-Host support
- #915 Release nginx-slim 0.20
- #916 Add arm and ppc64le support
- #919 Apply the 'ssl-redirect' annotation per-location
- #922 Add example of TLS termination using a classic ELB
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.8
Changes:
- #761 NGINX TCP Ingresses do not bind on IPv6
- #850 Fix IPv6 UDP stream section
- #851 ensure private key and certificate match
- #852 Don't expose certificate metrics for default server
- #846 Match ServicePort to Endpoints by Name
- #854 Document log-format-stream and log-format-upstream
- #847 fix semicolon
- #848 Add metric "ssl certificate expiration"
- #839 "No endpoints" issue
- #845 Fix no endpoints issue when named ports are used
- #822 Release ubuntu-slim 0.11
- #824 Update nginx-slim to 0.18
- #823 Release nginx-slim 0.18
- #827 Introduce working example of nginx controller with rbac
- #835 Make log format json escaping configurable
- #843 Avoid setting maximum number of open file descriptors lower than 1024
- #837 Cleanup interface
- #836 Make log format json escaping configurable
- #828 Wrap IPv6 endpoints in []
- #821 nginx-ingress: occasional 503 Service Temporarily Unavailable
- #829 feat(template): wrap IPv6 addresses in []
- #786 Update echoserver image version in examples
- #825 Create or delete ingress based on class annotation
- #790 #789 removing duplicate X-Real-IP header
- #792 Avoid checking if the controllers are synced
- #798 nginx: RBAC for leader election
- #799 could not build variables_hash
- #809 Fix dynamic variable name
- #804 Fix #798 - RBAC for leader election
- #806 fix ingress rbac roles
- #811 external auth - proxy_pass_request_body off + big bodies give 500/413
- #785 Publish echoheader image
- #813 Added client_max_body_size to authPath location
- #814 rbac-nginx: resourceNames cannot filter create verb
- #774 Add IPv6 support in TCP and UDP stream section
- #784 Allow customization of variables hash tables
- #782 Set "proxy_pass_header Server;"
- #783 nginx/README.md: clarify app-root and fix example hyperlink
- #787 Add setting to allow returning the Server header from the backend
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7
Changes:
- #777 Update sniff parser to fix index out of bound error
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.6
Changes:
- #647 ingress.class enhancement for debugging.
- #708 ingress losing real source IP when tls enabled
- #760 Change recorder event scheme
- #704 fix nginx reload flags '-c'
- #757 Replace use of endpoints as locks with configmap
- #752 nginx ingress header config backwards
- #756 Fix bad variable assignment in template nginx
- #729 Release nginx-slim 0.17
- #755 Fix server name hash maxSize default value
- #741 Update golang dependencies
- #749 Remove service annotation for namedPorts
- #740 Refactoring whitelist source IP verification
- #734 Specify nginx image arch
- #728 Update nginx image
- #723 update readme about vts metrics
- #726 Release ubuntu-slim 0.10
- #727 [nginx] whitelist-source-range doesn’t work on ssl port
- #709 Add config for X-Forwarded-For trust
- #679 add getenv
- #680 nginx/pkg/config: delete unuseful variable
- #716 Add secure-verify-ca-secret annotation
- #722 Remove go-reap and use tini as process reaper
- #725 Add keepalive_requests and client_body_buffer_size options
- #724 change the directory of default-backend.yaml
- #656 Nginx Ingress Controller - Specify load balancing method
- #717 delete unuseful variable
- #712 Set $proxy_upstream_name before location directive
- #715 Corrected annotation ex
signin-url
toauth-url
- #718 nodeController sync
- #694 SSL-Passthrough broken in beta.5
- #678 Convert CN SSL Certificate to lowercase before comparison
- #690 Fix IP in logs for https traffic
- #673 Override load balancer alg view config map
- #675 Use proxy-protocol to pass through source IP to nginx
- #707 use nginx vts module version 0.1.14
- #702 Document passing of ssl_client_cert to backend
- #688 Add example of UDP loadbalancing
- #696 [nginx] pass non-SNI TLS hello to default backend, Fixes #693
- #685 Fix error in generated nginx.conf for optional hsts-preload
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.5
Changes:
- #663 Remove helper required in go < 1.8
- #662 Add debug information about ingress class
- #661 Avoid running nginx if the configuration file is empty
- #660 Rollback queue refactoring
- #654 Update go version to 1.8
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.4
New Features:
- Add support for services of type ExternalName
Changes:
- #635 Allow configuration of features underscores_in_headers and ignore_invalid_headers
- #633 Fix lint errors
- #630 Add example of TCP loadbalancing
- #629 Add support for services of type ExternalName
- #624 Compute server_names_hash_bucket_size correctly
- #615 Process exited cleanly before we hit wait4
- #614 Refactor nginx ssl passthrough
- #613 Status leader election must consired the ingress class
- #607 Allow custom server_names_hash_max_size & server_names_hash_bucket_size
- #601 add a judgment
- #601 Replace custom child reap code with go-reap
- #597 Add flag to force namespace isolation
- #595 Remove Host header from auth_request proxy configuration
- #588 Read resolv.conf file just once
- #586 Updated instructions to create an ingress controller build
- #583 fixed lua_package_path in nginx.tmpl
- #580 Updated faq for running multiple ingress controller
- #579 Detect if the ingress controller is running with multiple replicas
- #578 Set different listeners per protocol version
- #577 Avoid zombie child processes
- #576 Replace secret workqueue
- #568 Revert merge annotations to the implicit root context
- #563 Add option to disable hsts preload
- #560 Fix intermittent misconfiguration of backend.secure and SessionAffinity
- #556 Update nginx version and remove dumb-init
- #551 Build namespace and ingress class as label
- #546 Fix a couple of 'does not contains' typos
- #542 Fix lint errors
- #540 Add Backends.SSLPassthrough attribute
- #539 Migrate to client-go
- #536 add unit test cases for core/pkg/ingress/controller/backend_ssl
- #535 Add test for ingress status update
- #532 Add setting to configure ecdh curve
- #531 Fix link to examples
- #530 Fix link to custom nginx configuration
- #528 Add reference to apiserver-host flag
- #527 Add annotations to location of default backend (root context)
- #525 Avoid negative values configuring the max number of open files
- #523 Fix a typo in an error message
- #521 nginx-ingress-controller is built twice by docker-build target
- #517 Use whitelist-source-range from configmap when no annotation on ingress
- #516 Convert WorkerProcesses setting to string to allow the value auto
- #512 Fix typos regarding the ssl-passthrough annotation documentation
- #505 add unit test cases for core/pkg/ingress/controller/annotations
- #503 Add example for nginx in aws
- #502 Add information about SSL Passthrough annotation
- #500 Improve TLS secret configuration
- #498 Proper enqueue a secret on the secret queue
- #493 Update nginx and vts module
- #490 Add unit test case for named_port
- #488 Adds support for CORS on error responses and Authorization header
- #485 Fix typo nginx configMap vts metrics customization
- #481 Remove unnecessary quote in nginx log format
- #471 prometheus scrape annotations
- #460 add example of 'run multiple haproxy ingress controllers as a deployment'
- #459 Add information about SSL certificates in the default log level
- #456 Avoid upstreams with multiple servers with the same port
- #454 Pass request port to real server
- #450 fix nginx-tcp-and-udp on same port
- #446 remove configmap validations
- #445 Remove snakeoil certificate generation
- #442 Fix a few bugs in the nginx-ingress-controller Makefile
- #441 skip validation when configmap is empty
- #439 Avoid a nil-reference when the temporary file cannot be created
- #438 Improve English in error messages
- #437 Reference constant
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3
New Features:
- Custom log formats using
log-format-upstream
directive in the configuration configmap. - Force redirect to SSL using the annotation
ingress.kubernetes.io/force-ssl-redirect
- Prometheus metric for VTS status module (transparent, just enable vts stats)
- Improved external authentication adding
ingress.kubernetes.io/auth-signin
annotation. Please check this example
Breaking changes:
ssl-dh-param
configuration in configmap is now the name of a secret that contains the Diffie-Hellman key
Changes:
- #433 close over the ingress variable or the last assignment will be used
- #424 Manually sync secrets from certificate authentication annotations
- #423 Scrap json metrics from nginx vts module when enabled
- #418 Only update Ingress status for the configured class
- #415 Improve external authentication docs
- #410 Add support for "signin url"
- #409 Allow custom http2 header sizes
- #408 Review docs
- #406 Add debug info and fix spelling
- #402 allow specifying custom dh param
- #397 Fix external auth
- #394 Update README.md
- #392 Fix http2 header size
- #391 remove tmp nginx-diff files
- #390 Fix RateLimit comment
- #385 add Copyright
- #382 Ingress Fake Certificate generation
- #380 Fix custom log format
- #373 Cleanup
- #371 add configuration to disable listening on ipv6
- #370 Add documentation for ingress.kubernetes.io/force-ssl-redirect
- #369 Minor text fix for "ApiServer"
- #367 BuildLogFormatUpstream was always using the default log-format
- #366 add_judgment
- #365 add ForceSSLRedirect ingress annotation
- #364 Fix error caused by increasing proxy_buffer_size (#363)
- #362 Fix ingress class
- #360 add example of 'run multiple nginx ingress controllers as a deployment'
- #358 Checks if the TLS secret contains a valid keypair structure
- #356 Disable listen only on ipv6 and fix proxy_protocol
- #354 add judgment
- #352 Add ability to customize upstream and stream log format
- #351 Enable custom election id for status sync.
- #347 Fix client source IP address
- #345 Fix lint error
- #344 Refactoring of TCP and UDP services
- #343 Fix node lister when --watch-namespace is used
- #341 Do not run coverage check in the default target.
- #340 Add support for specify proxy cookie path/domain
- #337 Fix for formatting error introduced in #304
- #335 Fix for vet complaints:
- #332 Add annotation to customize nginx configuration
- #331 Correct spelling mistake
- #328 fix misspell "affinity" in main.go
- #326 add nginx daemonset example
- #311 Sort stream service ports to avoid extra reloads
- #307 Add docs for body-size annotation
- #306 modify nginx readme
- #304 change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams'
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2
New Features:
- New configuration flag
proxy-set-headers
to allow set custom headers before send traffic to backends. Example here - Disable directive access_log globally using
disable-access-log: "true"
in the configuration ConfigMap. - Sticky session per Ingress rule using the annotation
ingress.kubernetes.io/affinity
. Example here
Changes:
- #300 Change nginx variable to use in filter of access_log
- #296 Fix rewrite regex to match the start of the URL and not a substring
- #293 Update makefile gcloud docker command
- #290 Update nginx version in ingress controller to 1.11.10
- #286 Add logs to help debugging and simplify default upstream configuration
- #285 Added a Node StoreLister type
- #281 Add chmod up directory tree for world read/execute on directories
- #279 fix wrong link in the file of examples/README.md
- #275 Pass headers to custom error backend
- #272 Fix error getting class information from Ingress annotations
- #268 minor: Fix typo in nginx README
- #265 Fix rewrite annotation parser
- #262 Add nginx README and configuration docs back
- #261 types.go: fix typo in godoc
- #258 Nginx sticky annotations
- #255 Adds support for disabling access_log globally
- #247 Fix wrong URL in nginx ingress configuration
- #246 Add support for custom proxy headers using a ConfigMap
- #244 Add information about cors annotation
- #241 correct a spell mistake
- #232 Change searchs with searches
- #231 Add information about proxy_protocol in port 442
- #228 Fix worker check issue
- #227 proxy_protocol on ssl_passthrough listener
- #223 Fix panic if a tempfile cannot be created
- #220 Fixes for minikube usage instructions.
- #219 Fix typo, add a couple of links.
- #218 Improve links from CONTRIBUTING.
- #217 Fix an e2e link.
- #212 Simplify code to obtain TCP or UDP services
- #208 Fix nil HTTP field
- #198 Add an example for static-ip and deployment
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.1
New Features:
- SSL Passthrough
- New Flag
--publish-service
that set the Service fronting the ingress controllers - Ingress status shows the correct IP/hostname address without duplicates
- Custom body sizes per Ingress
- Prometheus metrics
Breaking changes:
- Flag
--nginx-configmap
was replaced with--configmap
- Configmap field
body-size
was replaced withproxy-body-size
Changes:
- #184 Fix template error
- #179 Allows the usage of Default SSL Cert
- #178 Add initialization of proxy variable
- #177 Refactoring sysctlFSFileMax helper
- #176 Fix TLS does not get updated when changed
- #174 Update nginx to 1.11.9
- #172 add some unit test cases for some packages under folder "core.pkg.ingress"
- #168 Changes the SSL Temp file to something inside the same SSL Directory
- #165 Fix rate limit issue when more than 2 servers enabled in ingress
- #161 Document some missing parameters and their defaults for NGINX controller
- #158 prefect unit test cases for annotation.proxy
- #156 Fix issue for ratelimit
- #154 add unit test cases for core.pkg.ingress.annotations.cors
- #151 Port in redirect
- #150 Add support for custom header sizes
- #149 Add flag to allow switch off the update of Ingress status
- #148 Add annotation to allow custom body sizes
- #145 fix wrong links and punctuations
- #144 add unit test cases for core.pkg.k8s
- #143 Use protobuf instead of rest to connect to apiserver host and add troubleshooting doc
- #142 Use system fs.max-files as limits instead of hard-coded value
- #141 Add reuse port and backlog to port 80 and 443
- #138 reference to const
- #136 Add content and descriptions about nginx's configuration
- #135 correct improper punctuation
- #134 fix typo
- #133 Add TCP and UDP services removed in migration
- #132 Document nginx controller configuration tweaks
- #128 Add tests and godebug to compare structs
- #126 change the type of imagePullPolicy
- #123 Add resolver configuration to nginx
- #119 add unit test case for annotations.service
- #115 add default_server to listen statement for default backend
- #114 fix typo
- #113 Add condition of enqueue and unit test cases for task.Queue
- #108 annotations: print error and skip if malformed
- #107 fix some wrong links of examples which to be used for nginx
- #103 Update the nginx controller manifests
- #101 Add unit test for strings.StringInSlice
- #99 Update nginx to 1.11.8
- #97 Fix gofmt
- #96 Fix typo PassthrougBackends -> PassthroughBackends
- #95 Deny location mapping in case of specific errors
- #94 Add support to disable server_tokens directive
- #93 Fix sort for catch all server
- #92 Refactoring of nginx configuration deserialization
- #91 Fix x-forwarded-port mapping
- #90 fix the wrong link to build/test/release
- #89 fix the wrong links to the examples and developer documentation
- #88 Fix multiple tls hosts sharing the same secretName
- #86 Update X-Forwarded-Port
- #82 Fix incorrect X-Forwarded-Port for TLS
- #81 Do not push containers to remote repo as part of test-e2e
- #78 Fix #76: hardcode X-Forwarded-Port due to SSL Passthrough
- #77 Add support for IPV6 in dns resolvers
- #66 Start FAQ docs
- #65 Support hostnames in Ingress status
- #64 Sort whitelist list to avoid random orders
- #62 Fix e2e make targets
- #61 Ignore coverage profile files
- #58 Fix "invalid port in upstream" on nginx controller
- #57 Fix invalid port in upstream
- #54 Expand developer docs
- #52 fix typo in variable ProxyRealIPCIDR
- #44 Bump nginx version to one higher than that in contrib
- #36 Add nginx metrics to prometheus
- #34 nginx: also listen on ipv6
- #32 Restart nginx if master process dies
- #31 Add healthz checker
- #25 Fix a data race in TestFileWatcher
- #12 Split implementations from generic code
- #10 Copy Ingress history from kubernetes/contrib
- #1498 Refactoring of template handling
- #1571 use POD_NAMESPACE as a namespace in cli parameters
- #1591 Always listen on port 443, even without ingress rules
- #1596 Adapt nginx hash sizes to the number of ingress
- #1653 Update image version
- #1672 Add firewall rules and ing class clarifications
- #1711 Add function helpers to nginx template
- #1743 Allow customisation of the nginx proxy_buffer_size directive via ConfigMap
- #1749 Readiness probe that works behind a CP lb
- #1751 Add the name of the upstream in the log
- #1758 Update nginx to 1.11.4
- #1759 Add support for default backend in Ingress rule
- #1762 Add cloud detection
- #1766 Clarify the controller uses endpoints and not services
- #1767 Update godeps
- #1772 Avoid replacing nginx.conf file if the new configuration is invalid
- #1773 Add annotation to add CORS support
- #1786 Add docs about go template
- #1796 Add external authentication support using auth_request
- #1802 Initialize proxy_upstream_name variable
- #1806 Add docs about the log format
- #1808 WebSocket documentation
- #1847 Change structure of packages
- Add annotation for custom upstream timeouts
- Mutual TLS auth (kubernetes-retired/contrib#1870)
- #1450 Check for errors in nginx template
- #1498 Refactoring of template handling
- #1467 Use ClientConfig to configure connection
- #1575 Update nginx to 1.11.3
- #1336 Add annotation to skip ingress rule
- #1338 Add HTTPS default backend
- #1351 Avoid generation of invalid ssl certificates
- #1379 improve nginx performance
- #1350 Improve performance (listen backlog=net.core.somaxconn)
- #1384 Unset Authorization header when proxying
- #1398 Mitigate HTTPoxy Vulnerability
- #1063 watches referenced tls secrets
- #850 adds configurable SSL redirect nginx controller
- #1136 Fix nginx rewrite rule order
- #1144 Add cidr whitelist support
- #1230 Improve docs and examples
- #1258 Avoid sync without a reachable
- #1235 Fix stats by country in nginx status page
- #1236 Update nginx to add dynamic TLS records and spdy
- #1238 Add support for dynamic TLS records and spdy
- #1239 Add support for conditional log of urls
- #1253 Use delayed queue
- #1296 Fix formatting
- #1299 Fix formatting
- #898 reorder locations. Location / must be the last one to avoid errors routing to subroutes
- #946 Add custom authentication (Basic or Digest) to ingress rules
- #926 Custom errors should be optional
- #1002 Use k8s probes (disable NGINX checks)
- #962 Make optional http2
- #1054 force reload if some certificate change
- #958 update NGINX to 1.11.0 and add digest module
- #960 https://trac.nginx.org/nginx/changeset/ce94f07d50826fcc8d48f046fe19d59329420fdb/nginx
- #1057 Remove loadBalancer ip on shutdown
- #1079 path rewrite
- #1093 rate limiting
- #1102 geolocation of traffic in stats
- #884 support services running ssl
- #930 detect changes in configuration configmaps