Skip to content

Releases: nginxinc/kubernetes-ingress

v1.10.1

16 Mar 19:33
@lucacome lucacome
v1.10.1
ba03a73
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.10.1

Help make the NGINX Ingress Controller better by participating in our survey!

New in NGINX Ingress Controller v1.10.1

🐛 Bug Fixes

Fix various issues in the Makefile. In 1.10.0, a bug was introduced that prevented building Ingress Controller images on versions of make < 4.1. (#1373) (#1439) (#1440)

📝 Documentation

  • Add Kubernetes 1.20 support. (#1386)

🔨 Maintenance

Upgrade

  • For NGINX, use the v1.10.1 image from our DockerHub: nginx/nginx-ingress:1.10.1, nginx/nginx-ingress:1.10.1-alpine or nginx/nginx-ingress:1.10.1-ubi
  • For NGINX Plus, please build your own image using the v1.10.1 source code.
  • For Helm, use version 0.8.1 of the chart.

Resources

Assets 2

NGINX Ingress Controller 1.10.0

26 Jan 16:10
@Dean-Coakley Dean-Coakley
v1.10.0
98efb4e
Compare
Choose a tag to compare
NGINX Ingress Controller 1.10.0

🚀 Help make the NGINX Ingress Controller better by participating in our survey! 🚀

OVERVIEW:

Release 1.10.0 includes:

  • Open ID Connect authentication policy.
  • Improved handling of Secret resources with extended validation and error reporting.
  • Improved visibility with Prometheus metrics for the configuration workqueue and the ability to annotate NGINX logs with the metadata of Kubernetes resources.
  • NGINX App Protect User-Defined signatures support.
  • Improved validation of Ingress annotations.

You will find the complete changelog for release 1.10.0, including bug fixes, improvements, and changes below.

FEATURES FOR POLICY RESOURCE:

  • 1304 Add Open ID Connect policy.

FEATURES FOR NGINX APP PROTECT:

  • 1281 Add support for App Protect User Defined Signatures.

FEATURES:

  • 1266 Add workqueue metrics to Prometheus metrics.
  • 1233 Annotate tcp metrics with k8s object labels.
  • 1231 Support k8s objects variables in log format.

IMPROVEMENTS:

  • 1270 and 1277 Improve validation of Ingress annotations.
  • 1265 Report warnings for misconfigured TLS and JWK secrets.
  • 1262 Use setcap(8) only once. 1263 Use chown(8) only once. 1264 Use mkdir(1) only once. Thanks to Sergey A. Osokin.
  • 1256 and 1260 Improve handling of secret resources.
  • 1240 Validate TLS and CA secrets.
  • 1235 Use buildkit secret flag for NGINX plus images.
  • Documentation improvements: 1282, 1293, 1303, 1315.

HELM CHART:

  • The version of the helm chart is now 0.8.0.
  • 1290 Add new preview policies parameter to chart. controller.enablePreviewPolicies was added.
  • 1232 Replace deprecated imagePullSecrets helm setting. controller.serviceAccount.imagePullSecrets was removed. controller.serviceAccount.imagePullSecretName was added.
  • 1228 Fix installation of ingressclass on Kubernetes versions v1.18.x-*

CHANGES:

  • 1299 Update NGINX App Protect version to 2.3 and debian distribution to debian:buster-slim.
  • 1291 Update NGINX OSS to 1.19.6. Update NGINX Plus to R23.
  • 1290 Graduate policy resource and accessControl policy to generally available.
  • 1225 Require secrets to have types.
  • 1237 Deprecate support for helm2 clients.

UPGRADE:

  • For NGINX, use the 1.10.0 image from our DockerHub: nginx/nginx-ingress:1.10.0, nginx/nginx-ingress:1.10.0-alpine or nginx-ingress:1.10.0-ubi

  • For NGINX Plus, please build your own image using the 1.10.0 source code.

  • For Helm, use version 0.8.0 of the chart.

  • As a result of 1270 and 1277, the Ingress Controller improved validation of Ingress annotations: more annotations are validated and validation errors are reported via events for Ingress resources. Additionally, the default behavior for invalid annotation values was changed: instead of using the default values, the Ingress Controller will reject a resource with an invalid annotation value, which will make clients see 404 responses from NGINX. See this document to learn more. Before upgrading, ensure the Ingress resources don't have annotations with invalid values. Otherwise, after the upgrade, the Ingress Controller will reject such resources.

  • In 1232 controller.serviceAccount.imagePullSecrets was removed. Use the new controller.serviceAccount.imagePullSecretName instead.

  • The Policy resource was promoted to v1. If you used the alpha1 version, the policies are needed to be recreated with the v1 version. Before upgrading the Ingress Controller, run the following command to remove the alpha1 policies CRD (that will also remove all existing alpha1 policies):

     kubectl delete crd policies.k8s.nginx.org

    As part of the upgrade, make sure to create the v1 policies CRD. See the corresponding instructions for the manifests and Helm installations.

    Also note that all policies except for accessControl are still in preview. To enable them, run the Ingress Controller with - -enable-preview-policies command-line argument (controller.enablePreviewPolicies Helm parameter).

  • It is necessary to update secret resources. See the section UPDATING SECRETS below.

UPDATING SECRETS:

In 1225, as part of improving how the Ingress Controller handles secret resources, we added a requirement for secrets to be of one of the following types:

  • kubernetes.io/tls for TLS secrets.
  • nginx.org/jwk for JWK secrets.
  • nginx.org/ca for CA secrets.

The Ingress Controller now ignores secrets that are not of a supported type. As a consequence, special upgrade steps are required.

Before upgrading, ensure that the secrets referenced in Ingress, VirtualServer or Policies resources are of a supported type, which is configured via the type field. Because that field is immutable, it is necessary to either:

  • Recreate the secrets. Note that in this case, the client traffic for the affected resources will be rejected for the period during which a secret doesn't exist in the cluster.
  • Create copies of the secrets and update the affected resources to reference the copies. The copies need to be of a supported type. In contrast with the previous options, this will not make NGINX reject the client traffic.

It is also necessary to update the default server secret and the wildcard secret (if it was configured) in case their type is not kubernetes.io/tls. The steps depend on how you installed the Ingress Controller: via manifests or Helm. Performing the steps will not lead to a disruption of the client traffic, as the Ingress Controller retains the default and wildcard secrets if they are removed.

For manifests installation:

  1. Recreate the default server secret and the wildcard secret with the type kubernetes.io/tls.
  2. Upgrade the Ingress Controller.

For Helm installation, there two cases:

  1. If Helm created the secrets (you configured controller.defaultTLS.cert and controller.defaultTLS.key for the default secret and controller.wildcardTLS.cert and controller.wildcardTLS.key for the wildcard secret), then no special upgrade steps are required: during the upgrade, the Helm will remove the existing default and wildcard secrets and create new ones with different names with the type kubernetes.io/tls.
  2. If you created the secrets separately from Helm (you configured controller.defaultTLS.secret for the default secret and controller.wildcardTLS.secret for the wildcard secret):
    1. Recreate the secrets with the type kubernetes.io/tls.
    2. Upgrade to the new Helm release.

NOTES:

RESOURCES:

Assets 2

NGINX Ingress Controller 1.9.1

23 Nov 11:56
@Dean-Coakley Dean-Coakley
v1.9.1
aa19bb4
Compare
Choose a tag to compare
NGINX Ingress Controller 1.9.1

CHANGES:

  • Fix deployment of ingressclass resource via helm on some versions of Kubernetes.
  • Update the base ubi images to 8.3.
  • Renew CA cert for egress-mtls example.
  • Add controller.serviceAccount.imagePullSecretName parameter to the helm chart. Note: controller.serviceAccount.imagePullSecrets is deprecated and will be removed in the future 1.10.0 release.

HELM CHART:

  • The version of the Helm chart is now 0.7.1.

UPGRADE:

  • For NGINX, use the 1.9.1 image from our DockerHub: nginx/nginx-ingress:1.9.1, nginx/nginx-ingress:1.9.1-alpine or nginx/nginx-ingress:1.9.1-ubi
  • For NGINX Plus, please build your own image using the 1.9.1 source code.
  • For Helm, use version 0.7.1 of the chart.

RESOURCES:

Assets 2

NGINX Ingress Controller 1.9.0

20 Oct 13:42
@Dean-Coakley Dean-Coakley
v1.9.0
de1c27c
Compare
Choose a tag to compare
NGINX Ingress Controller 1.9.0

🚀 Help make the NGINX Ingress Controller better by participating in our survey! 🚀

OVERVIEW:

Release 1.9.0 includes:

  • Support for new Prometheus metrics and enhancements of the existing ones, including configuration reload reason, NGINX worker processes count, upstream latency, and more.
  • Support for rate limiting, JWT authentication, ingress(client) and egress(upstream) mutual TLS via the Policy resource.
  • Support for the latest Ingress resource features and the IngressClass resource.
  • Support for NGINX Service Mesh.

You will find the complete changelog for release 1.9.0, including bug fixes, improvements, and changes below.

FEATURES FOR POLICY RESOURCE:

  • 1180 Add support for EgressMTLS.
  • 1166 Add IngressMTLS policy support.
  • 1154 Add JWT policy support.
  • 1120 Add RateLimit policy support.
  • 1058 Support policies in VS routes and VSR subroutes.

FEATURES FOR NGINX APP PROTECT:

FEATURES:

  • 1133 Add support for IngressClass resources.
  • 1130 Add prometheus latency collector.
  • 1076 Add prometheus worker process metrics.
  • 1075 Add support for NGINX Service Mesh internal routes.

IMPROVEMENTS:

  • 1178 Resolve host collisions in VirtualServer and Ingresses.
  • 1158 Support variables in action proxy headers.
  • 1137 Add pod_owner label to metrics when -spire-agent-address is set.
  • 1107 Extend Upstream Servers with pod_name label.
  • 1099 Add reason label to total_reload metrics.
  • 1088 Extend Upstream Servers and Server Zones metrics, thanks to Raúl.
  • 1080 Support pathType field in the Ingress resource.
  • 1078 Remove trailing blank lines in vs/vsr snippets.
  • Documentation improvements: 1083, 1092, 1089, 1174, 1175, 1171.

BUGFIXES:

  • 1179 Fix TransportServers in debian AppProtect image.
  • 1129 Support real-ip in default server.
  • 1110 Add missing threat campaigns key to AppProtect CRD.

HELM CHART:

  • The version of the helm chart is now 0.7.0
  • 1105 Fix GlobalConfiguration support in helm chart.
  • Add new parameters to the Chart: controller.setAsDefaultIngress, controller.enableLatencyMetrics. Added in 1133 and 1148.

CHANGES:

  • 1182 Update NGINX version to 1.19.3.

UPGRADE:

  • For NGINX, use the 1.9.0 image from our DockerHub: nginx/nginx-ingress:1.9.0, nginx/nginx-ingress:1.9.0-alpine or nginx-ingress:1.9.0-ubi
  • For NGINX Plus, please build your own image using the 1.9.0 source code.
  • For Helm, use version 0.7.0 of the chart.

For Kubernetes >= 1.18, when upgrading using the manifests, make sure to update the ClusterRole and create the IngressClass resource, which is required for Kubernetes >= 1.18. Otherwise, the Ingress Controller will fail to start. If you run multiple NGINX Ingress Controllers in the cluster, each Ingress Controller has to have its own IngressClass resource. As the -use-ingress-class-only argument is now ignored (see NOTES), make sure your Ingress resources have the ingressClassName field or the kubernetes.io/ingress.class annotation set to the name of the IngressClass resource. Otherwise, the Ingress Controller will ignore them.

HELM UPGRADE:

  • If you're using custom resources like VirtualServer and TransportServer (controller.enableCustomResources is set to true), after you run the helm upgrade command, the CRDs will not be upgraded. After running the helm upgrade command, run kubectl apply -f deployments/helm-chart/crds to upgrade the CRDs.
  • For Kubernetes >= 1.18, a dedicated IngressClass resource, which is configured by controller.ingressClass, is required per helm release. Ensure controller.ingressClass is not set to the name of the IngressClass of other releases or Ingress Controllers. As the controller.useIngressClassOnly parameter is now ignored (see NOTES), make sure your Ingress resources have the ingressClassName field or the kubernetes.io/ingress.class annotation set to the value of controller.ingressClass. Otherwise, the Ingress Controller will ignore them.

NOTES:

  • When using Kubernetes >= 1.18, the -use-ingress-class-only command-line argument is now ignored, and the Ingress Controller will only process resources that belong to its class. See IngressClass doc to learn more.
  • For Kubernetes >= 1.18, a dedicated IngressClass resource, which is configured by controller.ingressClass, is required per helm release. When upgrading or installing releases, ensure controller.ingressClass is not set to the name of the IngressClass of other releases or Ingress Controllers.

RESOURCES:

Assets 2

NGINX Ingress Controller 1.8.1

18 Aug 10:14
@LorcanMcVeigh LorcanMcVeigh
v1.8.1
2c9e223
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
NGINX Ingress Controller 1.8.1

CHANGES:

  • Update NGINX version to 1.19.2.

HELM CHART:

  • The version of the Helm chart is now 0.6.1.

UPGRADE:

  • For NGINX, use the 1.8.1 image from our DockerHub: nginx/nginx-ingress:1.8.1, nginx/nginx-ingress:1.8.1-alpine or nginx/nginx-ingress:1.8.1-ubi
  • For NGINX Plus, please build your own image using the 1.8.1 source code.
  • For Helm, use version 0.6.1 of the chart.

KNOWN ISSUES:

  • Ingress Controller pods fails to start when deployed using Helm with controller.globalConfiguration.create set to true. A workaround is described here.

RESOURCES:

Assets 2

NGINX Ingress Controller 1.8.0

23 Jul 14:55
@Rulox Rulox
v1.8.0
ce3ab89
Compare
Choose a tag to compare
NGINX Ingress Controller 1.8.0

🚀 Help make the NGINX Ingress Controller better by participating in our survey! 🚀

OVERVIEW:

Release 1.8.0 includes:

  • Support for NGINX App Protect Web Application Firewall.
  • Support for configuration snippets and custom template for VirtualServer and VirtualServerRoute resources.
  • Support for request/response header manipulation and request URI rewriting for VirtualServer/VirtualServerRoute.
  • Introducing a new configuration resource - Policy - with the first policy for IP-based access control.

You will find the complete changelog for release 1.8.0, including bug fixes, improvements, and changes below.

FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES:

  • 1036: Add VirtualServer custom template support.
  • 1028: Add access control policy.
  • 1019: Add VirtualServer/VirtualServerRoute snippets support.
  • 1006: Add request/response modifiers to VS and VSR.
  • 994: Support Class Field in VS/VSR.
  • 973: Add status to VirtualServer and VirtualServerRoute.

FEATURES:

  • 1035: Support for App Protect module.
  • 1029: Add readiness endpoint.

IMPROVEMENTS:

BUGFIXES:

  • 1030: Fix port range validation in cli arguments.
  • 953: Fix error logging of master/minion ingresses.

HELM CHART:

  • The version of the helm chart is now 0.6.0.
  • Add new parameters to the Chart: controller.appprotect.enable, controller.globalConfiguration.create, controller.globalConfiguration.spec, controller.readyStatus.enable, controller.readyStatus.port, controller.config.annotations, controller.reportIngressStatus.annotations. Added in 1035, 1034, 1029, 1003 thanks to RubyLangdon.
  • 1047 and 1009: Change how Helm manages the custom resource defintions (CRDs) to support installing multiple Ingress Controller releases. Note: If you're using the custom resources (controller.enableCustomResources is set to true), this is a breaking change. See the HELM UPGRADE section below for the upgrade instructions.

CHANGES:

  • Update NGINX version to 1.19.1.
  • Update NGINX Plus to R22.
  • 1029: Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port 8081 and the path /nginx-ready. The endpoint returns a 200 response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe.
  • 980: Enable leader election by default.

UPGRADE:

  • For NGINX, use the 1.8.0 image from our DockerHub: nginx/nginx-ingress:1.8.0, nginx/nginx-ingress:1.8.0-alpine or nginx-ingress:1.8.0-ubi
  • For NGINX Plus, please build your own image using the 1.8.0 source code.
  • For Helm, use version 0.6.0 of the chart.

HELM UPGRADE:

If you're using custom resources like VirtualServer and TransportServer (controller.enableCustomResources is set to true), after you run the helm upgrade command, the CRDs and the corresponding custom resources will be removed from the cluster. Before upgrading, make sure to back up the custom resources. After running the helm upgrade command, run kubectl apply -f deployments/helm-chart/crds to re-install the CRDs and then restore the custom resources.

NOTES:

  • As part of installing a release, Helm will install the CRDs unless that step is disabled (see the corresponding doc). The installed CRDs include the CRDs for all Ingress Controller features, including the ones disabled by default (like App Protect with aplogconfs.appprotect.f5.com and appolicies.appprotect.f5.com CRDs).

RESOURCES:

Assets 2

NGINX Ingress Controller 1.7.2

30 Jun 15:02
@LorcanMcVeigh LorcanMcVeigh
v1.7.2
0e370c5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
NGINX Ingress Controller 1.7.2

CHANGES:

  • Update NGINX Plus version to R22.

HELM CHART:

  • The version of the Helm chart is now 0.5.2.

UPGRADE:

  • For NGINX, use the 1.7.2 image from our DockerHub: nginx/nginx-ingress:1.7.2, nginx/nginx-ingress:1.7.2-alpine or nginx/nginx-ingress:1.7.2-ubi
  • For NGINX Plus, please build your own image using the 1.7.2 source code.
  • For Helm, use version 0.5.2 of the chart.

RESOURCES:

NOTES:

After the release, the tag v1.7.2 was updated to point to a new commit. This was done to fix a problem with the release - the version of NGINX Plus wasn't updated to R22 in the Dockerfiles. If you checked out the source code with the old version of the v1.7.2 tag, make sure to run the following command to update v1.7.2 on your machine:

$ git tag -d v1.7.2
$ git fetch origin tag v1.7.2
Assets 2

NGINX Ingress Controller 1.7.1

26 Jun 15:00
@LorcanMcVeigh LorcanMcVeigh
v1.7.1
3cfd7e2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
NGINX Ingress Controller 1.7.1

1.7.1

CHANGES:

  • Update NGINX version to 1.19.0.

HELM CHART:

  • The version of the Helm chart is now 0.5.1.

UPGRADE:

  • For NGINX, use the 1.7.1 image from our DockerHub: nginx/nginx-ingress:1.7.1, nginx/nginx-ingress:1.7.1-alpine or nginx/nginx-ingress:1.7.1-ubi
  • For NGINX Plus, please build your own image using the 1.7.1 source code.
  • For Helm, use version 0.5.1 of the chart.

RESOURCES:

Assets 2

NGINX Ingress Controller 1.7.0

30 Apr 19:07
@pleshakov pleshakov
v1.7.0
d2ad33c
Compare
Choose a tag to compare
NGINX Ingress Controller 1.7.0

OVERVIEW:

Release 1.7.0 includes:

  • Support for TCP, UDP, and TLS Passthrough load balancing with the new configuration resources: TransportServer and GlobalConfiguration. The resources allow users to deliver complex, non-HTTP-based applications from Kubernetes using the NGINX Ingress Controller.
  • Support for error pages in VirtualServer and VirtualServerRoute resources. A user can now specify custom error responses for errors returned by backend applications or generated by NGINX, such as a 502 response.
  • Improved validation of VirtualServer and VirtualServerRoute resources. kubectl and the Kubernetes API server can now detect violations of the structure of VirtualServer/VirtualServerRoute resources and return an error.
  • Support for an operator which manages the lifecycle of the Ingress Controller on Kubernetes or OpenShift. See the NGINX Ingress Operator GitHub repo.

See the 1.7.0 release announcement blog post, which includes an overview of each feature.

You will find the complete changelog for release 1.7.0, including bug fixes, improvements, and changes at https://github.com/nginxinc/kubernetes-ingress/blob/v1.7.0/CHANGELOG.md#170

UPGRADE:

  • For NGINX, use the 1.7.0 image from our DockerHub: nginx/nginx-ingress:1.7.0, nginx/nginx-ingress:1.7.0-alpine or nginx-ingress:1.7.0-ubi
  • For NGINX Plus, please build your own image using the 1.7.0 source code.
  • For Helm, use version 0.5.0 of the chart.

When upgrading using the manifests, make sure to deploy the new TransportServer CRD (common/ts-definition.yaml), as it is required by the Ingress Controller. Otherwise, you will get error messages in the Ingress Controller logs.

RESOURCES:

Assets 2

NGINX Ingress Controller 1.7.0 - Release Candidate 1

31 Mar 23:55
@pleshakov pleshakov
v1.7.0-rc1
da8e223
Compare
Choose a tag to compare
NGINX Ingress Controller 1.7.0 - Release Candidate 1 Pre-release
Pre-release

OVERVIEW:

Release 1.7.0-rc1 includes:

  • Support for TCP, UDP, and TLS Passthrough load balancing with the new configuration resources: TransportServer and GlobalConfiguration. The resources allow users to deliver complex, non-HTTP-based applications from Kubernetes using the NGINX Ingress Controller.
  • Support for error pages in VirtualServer and VirtualServerRoute resources. A user can now specify custom error responses for errors returned by backend applications or generated by NGINX, such as a 502 response.
  • Improved validation of VirtualServer and VirtualServerRoute resources. kubectl and the Kubernetes API server can now detect violations of the structure of VirtualServer/VirtualServerRoute resources and return an error.

Full changelog -- https://github.com/nginxinc/kubernetes-ingress/blob/v1.7.0-rc1/CHANGELOG.md#170---release-candidate-1

UPGRADE:

  • For the release candidate, no DockerHub images are provided. Please build your own image using the 1.7.0-rc1 source code.
  • For Helm, use version 0.5.0-rc1 of the chart. Note: this release candidate version is not available from the stable repo helm.nginx.com/stable, but only from the source files in the deployments/helm-chart folder.

RESOURCES:

Assets 2