Releases: kubernetes/ingress-nginx
Releases · kubernetes/ingress-nginx
helm-chart-4.2.0
Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
NGINX Ingress Controller - v1.3.0 - The winter is coming
Feature freeze
Hello ingress friends
This is going to be our last release before we enter into the feature freeze stabilization period we announced. Ingress wont have new features for the next 6 months. We will make releases only if bugfixes are required, and over v1.3.1!
If you have any questions, reach us in #ingress-nginx-users in Kubernetes Slack!
Important Changes
- This release removes support for Kubernetes v1.19.0
- This release adds support for Kubernetes v1.24.0
- Starting with this release, we will need permissions on the
coordination.k8s.io/leasesresource for leaderelection lock
Image:
- registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5
- registry.k8s.io/ingress-nginx/controller-chroot:v1.3.0@sha256:0fcb91216a22aae43b374fc2e6a03b8afe9e8c78cbf07a09d75636dc4ea3c191
KNOWN ISSUES:
- This release reports a false positive on go-restful library that will be fixed with Kubernetes v1.25 release - Issue #8745
What's Changed
- Bump github.com/imdario/mergo from 0.3.12 to 0.3.13 by @dependabot in #8649
- Update supported version readme by @strongjz in #8654
- update ci kind version to v0.14.0 by @Ab-hishek in #8656
- Update index.md by @guylil in #8616
- bumped kind version to 0.14.0 in CI by @longwuyuan in #8677
- removed unavailable flag by @longwuyuan in #8681
- moved whathappend to top of issue-template by @longwuyuan in #8684
- feat: support enable nginx debug_connection by @phantooom in #8637
- changed k8s.gcr.io to registry.k8s.io by @longwuyuan in #8667
- Bump github.com/opencontainers/runc from 1.1.2 to 1.1.3 by @dependabot in #8688
- Updated dependabot to get updates for github actions by @naveensrinivasan in #8335
- fix the gosec test and a make target for it by @strongjz in #8699
- Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1 by @dependabot in #8694
- Bump actions/download-artifact from 2 to 3 by @dependabot in #8695
- Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #8669
- Bump actions/upload-artifact from 2.3.1 to 3.1.0 by @dependabot in #8698
- Bump actions/setup-go from 2.2.0 to 3.2.0 by @dependabot in #8697
- Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #8670
- Fix several typos by @stefanlasiewski in #8701
- Bump actions/dependency-review-action from 1 to 2 by @dependabot in #8703
- Bump github.com/prometheus/common from 0.34.0 to 0.35.0 by @dependabot in #8708
- Create Openssf scorecard by @strongjz in #8714
- support extraEnvs for job resources in helm chart by @Eric84626 in #8545
- prometheus metric: upstream_latency_seconds by @nailgun in #8726
- Working OpenTelemetry sidecar (base nginx image) by @Tobrek in #8719
- adding basic performance test by @longwuyuan in #8581
- Ci pin deps by @strongjz in #8720
- set ld-musl-path by @longwuyuan in #8736
- updated baseimage sha by @longwuyuan in #8737
- change sha e2etestrunner and echoserver by @longwuyuan in #8740
- Bump github.com/stretchr/testify from 1.7.2 to 1.7.5 by @dependabot in #8751
- change v1.2.0 to v1.2.1 in deploy doc URLs by @longwuyuan in #8767
- Fix typos and add links to developer guide by @Pearl1594 in #8769
- Bump github/codeql-action from 1.0.26 to 2.1.14 by @tao12345666333 in #8765
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #8752
- Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #8773
- Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #8772
- fix bullet md format by @longwuyuan in #8771
- Update deploy.yaml by @lucj in #8365
- Update docs to make it easier for noobs to follow step by step by @taylormonacelli in #8738
- Remove stable by @strongjz in #8775
- chore: remove stable.txt from release process by @tao12345666333 in #8778
- Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 by @dependabot in #8781
- added announcement by @longwuyuan in #8750
- changed to alpine-v3.16 by @longwuyuan in #8793
- Update nginx base image in one place by @strongjz in #8400
- feat: migrate leaderelection lock to leases by @tao12345666333 in #8733
- fix: add MAC_OS variable for static-check by @tao12345666333 in #8796
- Add condition for monitoring.coreos.com/v1 API by @smbambling in #8770
- Add v1.24.0 to test matrix by @rikatz in #8798
- Fix example Helm chart values to enable custom http errors by @kevinscholz in #8558
- Update to nginx base with alpine v3.16 by @longwuyuan in #8803
- chore: start v1.3.0 release process by @tao12345666333 in #8802
- revert arch var name by @rikatz in #8808
- Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1 by @dependabot in #8805
- Prepare for v1.3.0 by @rikatz in #8810
- Release v1.3.0 by @rikatz in #8811
New Contributors
- @Ab-hishek made their first contribution in #8656
- @guylil made their first contribution in #8616
- @phantooom made their first contribution in #8637
- @stefanlasiewski made their first contribution in #8701
- @Eric84626 made their first contribution in #8545
- @nailgun made their first contribution in #8726
- @Tobrek made their first contribution in #8719
- @Pearl1594 made their first contribution in #8769
- @lucj made their first contribution in #8365
- @taylormonacelli made their first contribution in #8738
- @smbambling made their first contribution in #8770
- @kevinscholz made their first contribution in #8558
Full Changelog: controller-v1.2.1...controller-v1.3.0
Contributors
nailgun, stefanlasiewski, and 16 other contributors
Assets 2
helm-chart-4.1.4
Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
helm-chart-4.1.3
Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
controller-v1.2.1
What's Changed
Image:
- k8s.gcr.io/ingress-nginx/controller:v1.2.1@sha256:5516d103a9c2ecc4f026efbd4b40662ce22dc1f824fb129ed121460aaa5c47f8
- k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.1@sha256:d301551cf62bc3fb75c69fa56f7aa1d9e87b5079333adaf38afe84d9b7439355
This release removes the root and alias directives in NGINX, this can avoid some potential security attacks.
- Add patch to remove root and alias directives by @rikatz in #8624
- Bump nginx image to version without core directives by @rikatz in #8625
- Change image build to go install by @rikatz in #8630
- update LD_LIBRARY_PATH for OpenTelemetry use by @esigo in #8628
- Bump testrunner image by @rikatz in #8631
- move creation of dev devices in /chroot/dev from build image to run image by @rba in #8619
- Fix tls1.0 test by @rikatz in #8632
- Improve path rule by @rikatz in #8623
- Fix small typo in GRPC README by @poblahblahblah in #8639
- update nginx otel LD_LIBRARY_PATH by @ssaei in #8641
- Start release of v1.2.1 by @rikatz in #8645
- chore: release v1.2.1 by @tao12345666333 in #8646
New Contributors
- @rba made their first contribution in #8619
- @poblahblahblah made their first contribution in #8639
- @ssaei made their first contribution in #8641
Full Changelog: controller-v1.2.0...controller-v1.2.1
Contributors
poblahblahblah, rba, and 4 other contributors
Assets 2
helm-chart-4.1.2
Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
helm-chart-4.1.1
Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
helm-chart-4.1.0
Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
NGINX Ingress Controller - v1.2.0
The chroot release :)
If you want to take full advantage of the security improvements in this release, and also want to take a look into the chroot feature, change the image in your manifest to use controller-chroot:v1.2.0 image and add the SYS_CHROOT capability.
We are going to release soon a blog post about this release!
Images:
- k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185
- k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.0@sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5
This new release contains the following changes that need attention:
- A new deep inspector for objects. Now every time an object gets to be reconciled/added, it will pass entirely through a validation (this may lead to some CPU increase)
- The NGINX process now can be chrooted/jailed inside the ingress container, for security reasons. This option is disabled by default and will be enabled in future releases. This new option requires the SYS_CHROOT capability to be added to the Pod
What's Changed
- Upstream keepalive time by @sskserk in #8319
- update base images and protobuf gomod by @rikatz in #8478
- added new auth-tls-match-cn annotation by @chrisshino in #8434
- changed nginx base img tag to img built with alpine3.14.6 by @longwuyuan in #8479
- change tag to v120beta1 by @longwuyuan in #8480
- Fix log creation in chroot script by @rikatz in #8481
- Release chart v1.2.0-beta.1 by @rikatz in #8484
- Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty by @phidlipus in #8468
- force helm release to artifact hub by @strongjz in #8417
- fix change log changes list by @strongjz in #8421
- kubectl-plugin code overview info by @kundan2707 in #8405
- Darwin arm64 by @jsoref in #8399
- Add dependency review enforcement by @rikatz in #8443
- Bump github.com/prometheus/common from 0.32.1 to 0.33.0 by @dependabot in #8426
- replace deprecated topology key in example with current one by @froblesmartin in #8444
- typo fixing by @chienfuchen32 in #8447
- Fix suggested annotation-value-word-blocklist by @sathieu in #8446
- Add keepalive support for auth requests by @leki75 in #8219
- Jail/chroot nginx process inside controller container by @rikatz in #8337
- Update index.md by @ndunks in #8454
- Update dependencies by @rikatz in #8455
- Implement object deep inspector by @rikatz in #8456
- Fix for buggy ingress sync with retries by @davideshay in #8325
- Improve req handling dashboard by @naseemkullah in #8322
- Prepare v1.2.0-beta.0 release by @rikatz in #8464
- chore: v1.2.0-beta.0 release by @tao12345666333 in #8465
New Contributors
- @chrisshino made their first contribution in #8434
- @phidlipus made their first contribution in #8468
- @froblesmartin made their first contribution in #8444
- @chienfuchen32 made their first contribution in #8447
- @ndunks made their first contribution in #8454
- @davideshay made their first contribution in #8325
Full Changelog: controller-v1.1.3...controller-v1.2.0
Thank you all for our amazing community!
Contributors
davideshay, sathieu, and 15 other contributors
Assets 2
helm-chart-4.1.0-beta.1
Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer