Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ jobs:
fail-build: false

- name: Upload scan result to GitHub Security tab
uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
continue-on-error: true
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ jobs:
- name: Output Variables
id: vars
run: |
K8S_KIND_VERSION=v1.31.1 # renovate: datasource=docker depName=kindest/node
K8S_KIND_VERSION=v1.31.2 # renovate: datasource=docker depName=kindest/node
echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT
echo "min_k8s_version=v1.25.16" >> $GITHUB_OUTPUT
echo "k8s_latest=${K8S_KIND_VERSION}" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -171,7 +171,7 @@ jobs:
- name: Build binary
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
with:
version: v2.4.4 # renovate: datasource=github-tags depName=goreleaser/goreleaser
version: v2.4.7 # renovate: datasource=github-tags depName=goreleaser/goreleaser
args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down Expand Up @@ -238,6 +238,7 @@ jobs:
with:
image: ${{ matrix.image }}
k8s-version: ${{ matrix.k8s-version }}
secrets: inherit
permissions:
contents: read

Expand All @@ -259,6 +260,7 @@ jobs:
image: ${{ matrix.image }}
k8s-version: ${{ matrix.k8s-version }}
enable-experimental: ${{ matrix.enable-experimental }}
secrets: inherit
permissions:
contents: write

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,13 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
queries: security-and-quality

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with:
category: "/language:${{matrix.language}}"
9 changes: 8 additions & 1 deletion .github/workflows/conformance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ jobs:
conformance-tests:
name: Run Tests
runs-on: ubuntu-24.04
if: ${{ !github.event.pull_request.head.repo.fork || inputs.image != 'plus' }}
permissions:
contents: write # needed for uploading release artifacts
env:
Expand Down Expand Up @@ -82,7 +83,7 @@ jobs:
- name: Build binary
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
with:
version: v2.4.4 # renovate: datasource=github-tags depName=goreleaser/goreleaser
version: v2.4.7 # renovate: datasource=github-tags depName=goreleaser/goreleaser
args: build --single-target --snapshot --clean
env:
TELEMETRY_ENDPOINT: "" # disables sending telemetry
Expand Down Expand Up @@ -135,6 +136,12 @@ jobs:
kind create cluster --name ${{ github.run_id }} --image=kindest/node:${{ inputs.k8s-version }}
kind load docker-image ${{ join(fromJSON(steps.ngf-meta.outputs.json).tags, ' ') }} ${{ join(fromJSON(steps.nginx-meta.outputs.json).tags, ' ') }} --name ${{ github.run_id }}

- name: Setup license file for plus
if: ${{ inputs.image == 'plus' }}
env:
PLUS_LICENSE: ${{ secrets.JWT_PLUS_REGISTRY }}
run: echo "${PLUS_LICENSE}" > license.jwt

- name: Setup conformance tests
run: |
ngf_prefix=ghcr.io/nginxinc/nginx-gateway-fabric
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/docs-build-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@ on:
paths:
- "site/**"

push:
branches:
- release-1.5
paths:
- "site/**"

concurrency:
group: ${{ github.ref_name }}-docs-push
cancel-in-progress: true
Expand Down Expand Up @@ -52,6 +58,8 @@ jobs:
docs_build_path: "./site"
doc_type: "hugo"
environment: ${{ inputs.environment }}
auto_deploy_branch: "release-1.5"
auto_deploy_env: "prod"
secrets:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS_DOCS }}
AZURE_KEY_VAULT: ${{ secrets.AZURE_KEY_VAULT_DOCS }}
9 changes: 8 additions & 1 deletion .github/workflows/functional.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ jobs:
functional-tests:
name: Run Tests
runs-on: ubuntu-24.04
if: ${{ !github.event.pull_request.head.repo.fork || inputs.image != 'plus' }}
env:
DOCKER_BUILD_SUMMARY: false
steps:
Expand Down Expand Up @@ -69,7 +70,7 @@ jobs:
- name: Build binary
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
with:
version: v2.4.4 # renovate: datasource=github-tags depName=goreleaser/goreleaser
version: v2.4.7 # renovate: datasource=github-tags depName=goreleaser/goreleaser
args: build --single-target --snapshot --clean
env:
TELEMETRY_ENDPOINT: otel-collector-opentelemetry-collector.collector.svc.cluster.local:4317
Expand Down Expand Up @@ -100,6 +101,12 @@ jobs:
NGINX_CONF_DIR=internal/mode/static/nginx/conf
BUILD_AGENT=gha

- name: Setup license file for plus
if: ${{ inputs.image == 'plus' }}
env:
PLUS_LICENSE: ${{ secrets.JWT_PLUS_REGISTRY }}
run: echo "${PLUS_LICENSE}" > license.jwt

- name: Install cloud-provider-kind
run: |
CLOUD_PROVIDER_KIND_VERSION=v0.4.0 # renovate: datasource=github-tags depName=kubernetes-sigs/cloud-provider-kind
Expand Down
19 changes: 16 additions & 3 deletions .github/workflows/helm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
helm-tests-local:
name: Helm Tests Local
runs-on: ubuntu-24.04
if: ${{ github.event_name != 'schedule' }}
if: ${{ github.event_name != 'schedule' && (!github.event.pull_request.head.repo.fork || inputs.image != 'plus') }}
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down Expand Up @@ -98,6 +98,15 @@ jobs:
kind create cluster --name ${{ github.run_id }} --image=kindest/node:${{ inputs.k8s-version }}
kind load docker-image ${{ join(fromJSON(steps.ngf-meta.outputs.json).tags, ' ') }} ${{ join(fromJSON(steps.nginx-meta.outputs.json).tags, ' ') }} --name ${{ github.run_id }}
kubectl kustomize config/crd/gateway-api/standard | kubectl apply -f -
kubectl create namespace nginx-gateway

- name: Create plus secret
if: ${{ inputs.image == 'plus' }}
env:
PLUS_LICENSE: ${{ secrets.JWT_PLUS_REGISTRY }}
run: |
echo "${PLUS_LICENSE}" > license.jwt
kubectl create secret generic nplus-license --from-file license.jwt -n nginx-gateway

- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
Expand All @@ -110,7 +119,7 @@ jobs:

- name: Install Chart
run: |
ct install --config .ct.yaml --helm-extra-set-args="--set=nginxGateway.image.tag=${{ steps.ngf-meta.outputs.version }} \
ct install --config .ct.yaml --namespace nginx-gateway --helm-extra-set-args="--set=nginxGateway.image.tag=${{ steps.ngf-meta.outputs.version }} \
--set=nginx.image.repository=ghcr.io/nginxinc/nginx-gateway-fabric/nginx${{ inputs.image == 'plus' && '-plus' || ''}} \
--set=nginx.plus=${{ inputs.image == 'plus' }} \
--set=nginx.image.tag=${{ steps.nginx-meta.outputs.version }} \
Expand Down Expand Up @@ -143,10 +152,14 @@ jobs:
kubectl kustomize config/crd/gateway-api/standard | kubectl apply -f -
kubectl create namespace nginx-gateway

- name: Create k8s secret
- name: Create plus secrets
if: ${{ inputs.image == 'plus' }}
env:
PLUS_LICENSE: ${{ secrets.JWT_PLUS_REGISTRY }}
run: |
echo "${PLUS_LICENSE}" > license.jwt
kubectl create secret docker-registry nginx-plus-registry-secret --docker-server=private-registry.nginx.com --docker-username=${{ secrets.JWT_PLUS_REGISTRY }} --docker-password=none -n nginx-gateway
kubectl create secret generic nplus-license --from-file license.jwt -n nginx-gateway

- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
working-directory: ${{ matrix.directory }}
version: v1.61.0 # renovate: datasource=github-tags depName=golangci/golangci-lint
version: v1.62.0 # renovate: datasource=github-tags depName=golangci/golangci-lint

njs-lint:
name: NJS Lint
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/nfr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,12 @@ jobs:
echo "GKE_NUM_NODES=12" >> vars.env
echo "GKE_MACHINE_TYPE=n2d-standard-16" >> vars.env

- name: Setup license file for plus
if: matrix.type == 'plus'
env:
PLUS_LICENSE: ${{ secrets.JWT_PLUS_REGISTRY }}
run: echo "${PLUS_LICENSE}" > license.jwt

- name: Create GKE cluster
working-directory: ./tests
run: make create-gke-cluster CI=true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with:
sarif_file: results.sarif
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ internal/mode/static/nginx/modules/coverage
*.crt
*.key

# JWT files
*.jwt

# Dotenv files
**/*.env

Expand Down
Empty file removed .hugo_build.lock
Empty file.
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ repos:
- javascript

- repo: https://github.com/golangci/golangci-lint
rev: v1.61.0
rev: v1.62.0
hooks:
- id: golangci-lint-full
name: golangci-lint-root
Expand Down
1 change: 1 addition & 0 deletions .yamllint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ ignore:
- charts/nginx-gateway-fabric/templates
- config/crd/bases/
- deploy/crds.yaml
- deploy/*nginx-plus
- site/static

rules:
Expand Down
54 changes: 54 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,60 @@ This document includes a curated changelog for each release. We also publish a c
a [GitHub release](https://github.com/nginxinc/nginx-gateway-fabric/releases), which, by contrast, is auto-generated
and includes links to all PRs that went into the release.

## Release 1.5.0

_November 20, 2024_

BREAKING CHANGES:

- NGINX Plus R33 support added. The NGINX Plus release now requires a valid JSON Web Token (JWT) in order to run. Users of NGINX Plus _must_ have this JWT added to a Secret before installing NGINX Gateway Fabric v1.5.0. See the [NGINX Plus JWT](https://docs.nginx.com/nginx-gateway-fabric/installation/nginx-plus-jwt/) guide for information on setting this up. [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760)

FEATURES:

- Add support to retain client IP information. [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284)
- Add the ability to configure data plane error log level. [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603)
- Introduce SnippetsFilter API, which allows users to inject custom NGINX configuration via an HTTPRoute or GRPCRoute filter. See the [SnippetsFilter guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets/) for information on how to use SnippetsFilters. [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604)
- Reduce logging verbosity of default Info log level. [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455)

BUG FIXES:

- Stream status_zone directive is no longer set if its value is empty. [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684)
- Fix an issue with upstream names when split clients are used with a namespace name that starts with a number. [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730)
- A 503 http response code is now returned to the client when a service has no ready endpoints. [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696)

DOCUMENTATION:

- Add a [guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets) for SnippetsFilter. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721)
- Add a new [Get started](https://docs.nginx.com/nginx-gateway-fabric/get-started/) document. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717)
- Add documentation for [proxyProtocol and rewriteClientIP](https://docs.nginx.com/nginx-gateway-fabric/how-to/data-plane-configuration/#configure-proxy-protocol-and-rewriteclientip-settings) settings. [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701)
- Fix indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank).

HELM CHART:

- The version of the Helm chart is now 1.5.0
- Add `loadBalancerSourceRanges` to helm parameters to use during install/upgrade. [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773)
- Add `loadBalancerIP` as a helm parameter to use during install/upgrade. [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766)
- Add Helm schema. [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492)
- Add capability to configure `topologySpreadConstraints`. [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86)

DEPENDENCIES:

- NGINX Plus was updated to R33. [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760)
- Update to v1.2.0 of the Gateway API. [2694](https://github.com/nginxinc/nginx-gateway-fabric/pull/2694)

COMPATIBILITY:

- Gateway API version: `1.2.0`
- NGINX version: `1.27.2`
- NGINX Plus version: `R33`
- Kubernetes version: `1.25+`

CONTAINER IMAGES:

- Control plane: `ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0`
- Data plane: `ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0`
- Data plane with NGINX Plus: `private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:1.5.0`

## Release 1.4.0

_August 20, 2024_
Expand Down
17 changes: 10 additions & 7 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,13 +1,12 @@
# variables that should not be overridden by the user
VERSION = edge
SELF_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
SELF_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
CHART_DIR = $(SELF_DIR)charts/nginx-gateway-fabric
NGINX_CONF_DIR = internal/mode/static/nginx/conf
NJS_DIR = internal/mode/static/nginx/modules/src
KIND_CONFIG_FILE = $(SELF_DIR)config/cluster/kind-cluster.yaml
NGINX_DOCKER_BUILD_PLUS_ARGS = --secret id=nginx-repo.crt,src=nginx-repo.crt --secret id=nginx-repo.key,src=nginx-repo.key
BUILD_AGENT=local
PLUS_ENABLED ?= false
NGINX_DOCKER_BUILD_PLUS_ARGS = --secret id=nginx-repo.crt,src=$(SELF_DIR)nginx-repo.crt --secret id=nginx-repo.key,src=$(SELF_DIR)nginx-repo.key
BUILD_AGENT = local

PROD_TELEMETRY_ENDPOINT = oss.edge.df.f5.com:443
# the telemetry related variables below are also configured in goreleaser.yml
Expand All @@ -24,9 +23,9 @@ GO_LINKER_FLAGS = $(GO_LINKER_FLAGS_OPTIMIZATIONS) $(GO_LINKER_FlAGS_VARS)

# tools versions
# renovate: datasource=github-tags depName=golangci/golangci-lint
GOLANGCI_LINT_VERSION = v1.61.0
GOLANGCI_LINT_VERSION = v1.62.0
# renovate: datasource=docker depName=kindest/node
KIND_K8S_VERSION = v1.31.1
KIND_K8S_VERSION = v1.31.2
# renovate: datasource=github-tags depName=norwoodj/helm-docs
HELM_DOCS_VERSION = v1.14.2
# renovate: datasource=github-tags depName=ahmetb/gen-crd-api-reference-docs
Expand All @@ -49,6 +48,8 @@ TARGET ?= local## The target of the build. Possible values: local and container
OUT_DIR ?= build/out## The folder where the binary will be stored
GOARCH ?= amd64## The architecture of the image and/or binary. For example: amd64 or arm64
GOOS ?= linux## The OS of the image and/or binary. For example: linux or darwin
PLUS_ENABLED ?= false
PLUS_LICENSE_FILE ?= $(SELF_DIR)license.jwt
override NGINX_DOCKER_BUILD_OPTIONS += --build-arg NJS_DIR=$(NJS_DIR) --build-arg NGINX_CONF_DIR=$(NGINX_CONF_DIR) --build-arg BUILD_AGENT=$(BUILD_AGENT)

.DEFAULT_GOAL := help
Expand Down Expand Up @@ -227,7 +228,9 @@ helm-install-local: install-gateway-crds ## Helm install NGF on configured kind

.PHONY: helm-install-local-with-plus
helm-install-local-with-plus: install-gateway-crds ## Helm install NGF with NGINX Plus on configured kind cluster with local images. To build, load, and install with helm run make install-ngf-local-build-with-plus.
helm install nginx-gateway $(CHART_DIR) --set nginx.image.repository=$(NGINX_PLUS_PREFIX) --create-namespace --wait --set nginxGateway.image.pullPolicy=Never --set service.type=NodePort --set nginxGateway.image.repository=$(PREFIX) --set nginxGateway.image.tag=$(TAG) --set nginx.image.tag=$(TAG) --set nginx.image.pullPolicy=Never --set nginxGateway.gwAPIExperimentalFeatures.enable=$(ENABLE_EXPERIMENTAL) -n nginx-gateway --set nginx.plus=true $(HELM_PARAMETERS)
kubectl create namespace nginx-gateway || true
kubectl -n nginx-gateway create secret generic nplus-license --from-file $(PLUS_LICENSE_FILE) || true
helm install nginx-gateway $(CHART_DIR) --set nginx.image.repository=$(NGINX_PLUS_PREFIX) --wait --set nginxGateway.image.pullPolicy=Never --set service.type=NodePort --set nginxGateway.image.repository=$(PREFIX) --set nginxGateway.image.tag=$(TAG) --set nginx.image.tag=$(TAG) --set nginx.image.pullPolicy=Never --set nginxGateway.gwAPIExperimentalFeatures.enable=$(ENABLE_EXPERIMENTAL) -n nginx-gateway --set nginx.plus=true $(HELM_PARAMETERS)

# Debug Targets
.PHONY: debug-build
Expand Down
Loading
Loading