Skip to content

Latest commit

 

History

History
1769 lines (1514 loc) · 136 KB

Changelog.md

File metadata and controls

1769 lines (1514 loc) · 136 KB

Changelog

0.19.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0

New Features:

  • NGINX 1.15.3
  • Serve SSL certificates synamically instead of reloading NGINX when they are created, updated, or deleted. Feature behind the flag --enable-dynamic-certificates
  • GDB binary is included in the image to help troubleshooting issues
  • Adjust the number of CPUs when CGROUP limits are defined (worker-processes=auto uses all the availables)

Changes:

  • #2616 Add use-forwarded-headers configmap option.
  • #2857 remove unnecessary encoding/decoding also fix ipv6 issue
  • #2884 [grafana] Rate over 2 minutes since default Prometheus interval is 1m
  • #2889 Add Lua endpoint to support dynamic certificate serving functionality
  • #2899 fixed rewrites for paths not ending in /
  • #2923 Add dynamic certificate serving feature to controller
  • #2925 Update nginx dependencies
  • #2932 Fixed typo in flags.go
  • #2934 Datasource input variable
  • #2941 now actually using the $controller and $namespace variables
  • #2942 Update nginx image
  • #2946 Add unit tests to configuration_test.lua that cover Backends configuration
  • #2955 Update nginx opentracing zipkin module
  • #2956 Update nginx and e2e images
  • #2957 Batch metrics and flush periodically
  • #2964 fix variable parsing when key is number
  • #2965 Add Lua module to serve SSL Certificates dynamically
  • #2966 Add unit tests for sticky lua module
  • #2970 Update labels
  • #2972 consistently fallback to default certificate when TLS is configured
  • #2977 Pass real source IP address to auth request
  • #2979 clear dynamic configuration e2e tests
  • #2987 cleanup dynamic cert e2e tests
  • #2988 Update go to 1.11
  • #2990 Check if cgroup cpu limits are defined to get the number of CPUs
  • #3003 Update nginx to 1.15.3
  • #3004 Update nginx image
  • #3005 Fix gdb issue and update e2e image
  • #3006 apply nginx patch to make ssl_certificate_by_lua_block work properly
  • #3011 Update nginx image

Documentation:

  • #2806 add help for tls prerequisite for ingress.yaml
  • #2912 Add documentation to install prometheus and grafana
  • #2928 docs: Precisations on the usage of the InfluxDB module
  • #2962 Fix broken anchor link to GCE/GKE
  • #2983 Add documentation for enable-dynamic-certificates feature
  • #2998 fixed jsonpath command in examples
  • #3002 Enhance Troubleshooting Documentation

0.18.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0

New Features:

  • NGINX 1.15.2
  • Dynamic configuration is enabled by default
  • Support for AJP protocol
  • Use of authbind to bind privileged ports
  • Replace minikube with kubeadm-dind-cluster to run e2e tests

Changes:

  • #2789 Remove KubeConfig Dependency for Store Tests
  • #2794 enable dynamic backend configuration by default
  • #2795 start minikube before trying to build the image
  • #2804 add support for ExternalName service type in dynamic mode
  • #2808 fix the bug #2799, add prefix (?i) in rewrite statement.
  • #2811 Escape $request_uri for external auth
  • #2812 modified annotation name "rewrite-to" to "rewrite-target" in comments
  • #2819 Catch errors waiting for controller deployment
  • #2823 Multiple optimizations to build targets
  • #2825 Refactoring of how we run as user
  • #2826 Remove setcap from image and update nginx to 0.15.1
  • #2827 Use nginx image as base and install go on top
  • #2829 use resty-cli for running lua unit tests
  • #2830 Remove lua mocks
  • #2834 Added permanent-redirect-code
  • #2844 Do not allow invalid latency values in metrics
  • #2852 fix custom-error-pages functionality in dynamic mode
  • #2853 improve annotations/default_backend e2e test
  • #2858 Update build image
  • #2859 Fix inconsistent metric labels
  • #2863 Replace minikube for e2e tests
  • #2867 fix bug with lua e2e test suite
  • #2868 Use an existing e2e image
  • #2869 describe under what circumstances and how we avoid Nginx reload
  • #2871 Add support for AJP protocol
  • #2872 Update nginx to 1.15.2
  • #2874 Delay initial prometheus status metric
  • #2876 Remove dashboard an tune sync-frequency
  • #2877 Refactor entrypoint to avoid issues with volumes
  • #2885 fix: Sort TCP/UDP upstream order
  • #2888 Fix grafana datasources
  • #2890 Usability improvements to build steps
  • #2893 Update nginx image
  • #2894 Use authbind to bind privileged ports
  • #2895 support custom configuration to main context of nginx config
  • #2896 support configuring multi_accept directive via configmap
  • #2897 Enable reuse-port by default
  • #2905 Fix IPV6 detection

Documentation:

  • #2816 doc log-format: add variables about ingress
  • #2866 Update index.md
  • #2898 Fix default sync-period doc
  • #2903 Very minor grammar fix

0.17.1

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1

Changes:

  • #2782 Add Better Error Handling for SSLSessionTicketKey
  • #2790 Update prometheus labels

Documentation:

  • #2770 Basic-Auth doc misleading: fix double quotes leading to nginx config error

0.17.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.0

New Features:

Changes:

  • #2705 Remove duplicated securityContext
  • #2719 Sample rate configmap option for zipkin in nginx-opentracing
  • #2726 Cleanup prometheus metrics after a reload
  • #2727 Add e2e tests for Client-Body-Buffer-Size
  • #2732 Improve logging
  • #2741 Add redirect uri for oauth2 login
  • #2744 fix: Use the correct opentracing plugin for Jaeger
  • #2747 Update opentracing-cpp and modsecurity
  • #2748 Update nginx image to 0.54
  • #2749 Use docker to build go binaries
  • #2754 Allow gzip compression level to be controlled via ConfigMap
  • #2760 Fix ingress rule parsing error
  • #2767 Fix regression introduced in #2732
  • #2771 Grafana Dashboard
  • #2775 Simplify handler registration and updates prometheus
  • #2776 Fix configuration hash calculation

Documentation:

  • #2717 GCE/GKE proxy mentioned for Azure
  • #2743 Clarify Installation Document by Separating Helm Steps
  • #2761 Fix spelling mistake
  • #2764 Use language neutral links to MDN
  • #2765 Add FOSSA status badge
  • #2777 Build docs using local docker image [ci skip]

0.16.2

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2

Breaking changes:

Running as user requires an update in the deployment manifest.

securityContext:
  capabilities:
    drop:
      - ALL
    add:
      - NET_BIND_SERVICE
  # www-data -> 33
  runAsUser: 33

Note: the deploy guide contains this change

Changes:

  • #2678 Refactor server type to include SSLCert
  • #2685 Fix qemu docker build
  • #2696 If server_tokens is disabled completely remove the Server header
  • #2698 Improve best-cert guessing with empty tls.hosts
  • #2701 Remove prometheus labels with high cardinality

Documentation:

  • #2368 [aggregate] Fix typos across codebase
  • #2681 Typo fix in error message: encounted->encountered
  • #2697 Enhance Distributed Tracing Documentation

0.16.1

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.1

Breaking changes:

Running as user requires an update in the deployment manifest.

securityContext:
  capabilities:
    drop:
      - ALL
    add:
      - NET_BIND_SERVICE
  # www-data -> 33
  runAsUser: 33

Note: the deploy guide contains this change

New Features:

Changes:

  • #2692 Fix initial read of configuration configmap
  • #2693 Revert #2669
  • #2694 Add note about status update

0.16.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.1

Breaking changes:

Running as user requires an update in the deployment manifest.

securityContext:
  capabilities:
    drop:
      - ALL
    add:
      - NET_BIND_SERVICE
  # www-data -> 33
  runAsUser: 33

Note: the deploy guide contains this change

New Features:

Changes:

  • #2423 Resolves issue with proxy-redirect nginx configuration
  • #2451 fix for #1930, make sessions sticky, for ingress with multiple rules …
  • #2484 Fix bugs in Lua implementation of sticky sessions
  • #2486 Extend kubernetes interrelation variables in nginx.tmpl
  • #2504 Add Timeout For TLS Passthrough
  • #2505 Annotations for the InfluxDB module
  • #2517 Fix typo about the kind of request
  • #2523 Add tests for bind-address
  • #2524 Add support for grpc_set_header
  • #2526 Fix upstream hash lua test
  • #2528 Remove go-bindata
  • #2533 NGINX image update: add the influxdb module
  • #2534 Set Focus for E2E Tests
  • #2537 Update nginx modules
  • #2542 Instrument controller to show configReload metrics
  • #2543 introduce a balancer interface
  • #2548 Implement generate-request-id
  • #2554 use better defaults for proxy-next-upstream(-tries)
  • #2558 Update qemu to 2.12.0 [ci skip]
  • #2559 Add geoip2 module and DB to nginx build
  • #2564 Add security contacts file [ci skip]
  • #2569 Update nginx modules to fix core dump [ci skip]
  • #2570 Enable core dumps during tests
  • #2573 Refactor e2e tests and update go dependencies
  • #2574 Fix default-backend annotation
  • #2575 Print information about NGINX version
  • #2577 make sure ingress-nginx instances are watching their namespace only during test runs
  • #2588 Update nginx dependencies
  • #2590 Typo fix: muthual autentication -> mutual authentication
  • #2591 Access log improvements
  • #2597 Fix arm paths for liblua.so and lua_package_cpath
  • #2598 Always sort upstream list to provide stable iteration order
  • #2600 typo fix futher to further && preformance to performance
  • #2602 Crossplat fixes
  • #2603 Bump nginx influxdb module to f8732268d44aea706ecf8d9c6036e9b6dacc99b2
  • #2608 Expose UDP message on /metrics endpoint
  • #2611 Add metric emitter lua module
  • #2614 fix nginx conf test error when not found active service endpoints
  • #2617 Update go to 1.10.3
  • #2618 Update nginx to 1.15.0 and remove VTS module
  • #2619 Run as user dropping privileges
  • #2623 Proofread cmd package and update flags description
  • #2634 Disable resync period
  • #2636 Add missing equality comparisons for ingress.Server
  • #2638 Wait the result of the controller deployment before running any test
  • #2639 Clarify log messages in controller package
  • #2643 Remove VTS from the ingress controller
  • #2644 Update nginx image version
  • #2646 Rollback nginx 1.15.0 to 1.13.12
  • #2649 Add support for IPV6 in stream upstream servers
  • #2652 Use a unix socket instead udp for reception of metrics
  • #2653 Remove dummy file watcher
  • #2654 Hotfix: influxdb module enable disable toggle
  • #2656 Improve configuration change detection
  • #2658 Do not wait informer initialization to read configuration
  • #2659 Update nginx image
  • #2660 Change modsecurity directories
  • #2661 Add additional header when debug is enabled
  • #2664 refactor some lua code
  • #2669 Remove unnecessary sync when the leader change
  • #2672 After a configmap change parse ingress annotations (again)
  • #2673 Add new approvers to the project
  • #2674 Add e2e test for configmap change and reload
  • #2675 Update opentracing nginx module
  • #2676 Update opentracing configuration

Documentation:

  • #2479 Document how the NGINX Ingress controller build nginx.conf
  • #2515 Simplify installation and e2e manifests
  • #2531 Mention the #ingress-nginx Slack channel
  • #2540 DOCS: Correct ssl-passthrough annotation description.
  • #2544 [docs] Fix manifest URL for GKE + Azure
  • #2566 Fix wrong default value for enable-brotli
  • #2581 Improved link in modsecurity.md
  • #2583 docs: add secret scheme details to the example
  • #2592 Typo fix: are be->are/to on->to
  • #2595 Typo fix: successfull->successful
  • #2601 fix changelog link in README.md
  • #2624 Fix minor documentation example
  • #2625 Add annotation doc on proxy buffer size
  • #2630 Update documentation for custom error pages
  • #2666 Add documentation for proxy-cookie-domain annotation (#2034)

0.15.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0

Changes:

  • #2440 TLS tests
  • #2443 improve build-dev-env.sh script
  • #2446 always use x-request-id
  • #2447 Add basic security context to deployment YAMLs
  • #2453 Add google analytics [ci skip]
  • #2456 Assert or install go-bindata before incanting
  • #2472 Refactor Lua balancer
  • #2477 Change TrimLeft for TrimPrefix on the from-to-www redirect
  • #2490 add resty cookie
  • #2495 [ci skip] bump nginx baseimage version
  • #2501 Refactor update of status removing initial check for loadbalancer
  • #2502 Update go version in fortune teller image
  • #2511 force backend sync when worker starts
  • #2512 Remove warning when secret is used only for authentication
  • #2514 Fix and simplify local dev workflow and execution of e2e tests

Documentation:

  • #2448 Update GitHub pull request template
  • #2449 Improve documentation format
  • #2454 Add gRPC annotation doc
  • #2455 Adjust size of tables and only adjust the first column on mobile
  • #2457 Add Getting the Code section to Quick Start
  • #2464 Documentation fixes & improvements
  • #2467 Fixed broken link in deploy README
  • #2498 Add some clarification around multiple ingress controller behavior
  • #2503 Add KubeCon Europe 2018 Video to documentation

0.14.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.14.0

New Features:

  • Documentation web page
  • Support for upstream-hash-by annotation in dynamic configuration mode
  • Improved e2e test suite

Changes:

  • #2346 Move ConfigMap updating methods into e2e/framework
  • #2347 Update owners
  • #2348 Use same convention, curl + kubectl for GKE
  • #2350 Correct some returned messages in server_tokens.go
  • #2352 Correct some info in flags.go
  • #2353 Add proxy-add-original-uri-header config flag
  • #2356 Add vts-sum-key config flag
  • #2361 Check ingress rule contains HTTP paths
  • #2363 Review $request_id
  • #2365 Clean JSON before post request to update configuration
  • #2369 Update nginx image to fix modsecurity crs issues
  • #2370 Update nginx image
  • #2374 Remove most of the time.Sleep from the e2e tests
  • #2379 Add busted unit testing framework for lua code
  • #2382 Accept ns/name Secret reference in annotations
  • #2383 Improve speed of e2e tests
  • #2385 include lua-resty-balancer in nginx image
  • #2386 upstream-hash-by annotation support for dynamic configuraton mode
  • #2388 Silence unnecessary MissingAnnotations errors
  • #2392 Ensure dep fix fsnotify
  • #2395 Fix flaky test
  • #2396 Update go dependencies
  • #2398 Allow tls section without hosts in Ingress rule
  • #2399 Add test for store helper ListIngresses
  • #2401 Add tests for controller getEndpoints
  • #2408 Read backends data even if buffered to temp file
  • #2410 Add balancer unit tests
  • #2411 Update nginx-opentracing to 0.3.0
  • #2414 Fix golint installation
  • #2416 Update nginx image
  • #2417 Automate building developer environment
  • #2421 Apply gometalinter suggestions
  • #2428 Add buffer configuration to external auth location config
  • #2433 Remove data races from tests
  • #2434 Check ginkgo is installed before running e2e tests
  • #2437 Add annotation to enable rewrite logs in a location

Documentation:

  • #2351 Typo fix in cli-arguments.md
  • #2372 fix the default cookie name in doc
  • #2377 DOCS: Add clarification regarding ssl passthrough
  • #2409 Add deployment instructions for Docker for Mac (Edge)
  • #2413 Reorganize documentation
  • #2438 Update custom-errors.md
  • #2439 Update README.md
  • #2430 Add scripts and tasks to publish docs to github pages
  • #2431 Improve readme file
  • #2366 fix: fill missing patch yaml config.
  • #2432 Fix broken links in the docs
  • #2436 Update exposing-tcp-udp-services.md

0.13.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.13.0

New Features:

  • NGINX 1.13.12
  • Support for gRPC:
    • The annotation nginx.ingress.kubernetes.io/grpc-backend: "true" enable this feature
    • If the gRPC service requires TLS nginx.ingress.kubernetes.io/secure-backends: "true"
  • Configurable load balancing with EWMA
  • Support for lua-resty-waf as alternative to ModSecurity. Check configuration guide
  • Support for session affinity when dynamic configuration is enabled.
  • Add NoAuthLocations and default it to "/.well-known/acme-challenge"

Changes:

  • #2078 Expose SSL client cert data to external auth provider.
  • #2187 Managing a whitelist for _/nginx_status
  • #2208 Add missing lua bindata change
  • #2209 fix go test TestSkipEnqueue error, move queue.Run
  • #2210 allow ipv6 localhost when enabled
  • #2212 Fix dynamic configuration when custom errors are enabled
  • #2215 fix wrong config generation when upstream-hash-by is set
  • #2220 fix: cannot set $service_name if use rewrite
  • #2221 Update nginx to 1.13.10 and enable gRPC
  • #2223 Add support for gRPC
  • #2227 do not hardcode keepalive for upstream_balancer
  • #2228 Fix broken links in multi-tls
  • #2229 Configurable load balancing with EWMA
  • #2232 Make proxy_next_upstream_tries configurable
  • #2233 clean backends data before sending to Lua endpoint
  • #2234 Update go dependencies
  • #2235 add proxy header ssl-client-issuer-dn, fix #2178
  • #2241 Revert "Get file max from fs/file-max. (#2050)"
  • #2243 Add NoAuthLocations and default it to "/.well-known/acme-challenge"
  • #2244 fix: empty ingress path
  • #2246 Fix grpc json tag name
  • #2254 e2e tests for dynamic configuration and Lua features and a bug fix
  • #2263 clean up tmpl
  • #2270 Revert deleted code in #2146
  • #2271 Use SharedIndexInformers in place of Informers
  • #2272 Disable opentracing for nginx internal urls
  • #2273 Update go to 1.10.1
  • #2280 Fix bug when auth req is enabled(external authentication)
  • #2283 Fix flaky e2e tests
  • #2285 Update controller.go
  • #2290 Update nginx to 1.13.11
  • #2294 Fix HSTS without preload
  • #2296 Improve indentation of generated nginx.conf
  • #2298 Disable dynamic configuration in s390x and ppc64le
  • #2300 Fix race condition when Ingress does not contains a secret
  • #2301 include lua-resty-waf and its dependencies in the base Nginx image
  • #2303 More lua dependencies
  • #2304 Lua resty waf controller
  • #2305 Fix issues building nginx image in different platforms
  • #2306 Disable lua waf where luajit is not available
  • #2308 Add verification of lua load balancer to health check
  • #2309 Configure upload limits for setup of lua load balancer
  • #2314 annotation to ignore given list of WAF rulesets
  • #2315 extra waf rules per ingress
  • #2317 run lua-resty-waf in different modes
  • #2327 Update nginx to 1.13.12
  • #2328 Update nginx image
  • #2331 fix nil pointer when ssl with ca.crt
  • #2333 disable lua for arch s390x and ppc64le
  • #2340 Fix buildupstream name to work with dynamic session affinity
  • #2341 Add session affinity to custom load balancing
  • #2342 Sync SSL certificates on events

Documentation:

  • #2236 Add missing configuration in #2235
  • #1785 Add deployment docs for AWS NLB
  • #2213 Update cli-arguments.md
  • #2219 Fix log format documentation
  • #2238 Correct typo
  • #2239 fix-link
  • #2240 fix:"any value other" should be "any other value"
  • #2255 Update annotations.md
  • #2267 Update README.md
  • #2274 Typo fixes in modsecurity.md
  • #2276 Update README.md
  • #2282 Fix nlb instructions

0.12.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.12.0

New Features:

  • Live NGINX configuration update without reloading using the flag --enable-dynamic-configuration (disabled by default).
  • New flag --publish-status-address to manually set the Ingress status IP address.
  • Add worker-cpu-affinity NGINX option.
  • Enable remote logging using syslog.
  • Do not redirect /.well-known/acme-challenge to HTTPS.

Changes:

  • #2125 Add GCB config to build defaultbackend
  • #2127 Revert deletion of dependency version override
  • #2137 Updated log level to v2 for sysctlFSFileMax.
  • #2140 Cors header should always be returned
  • #2141 Fix error loading modules
  • #2143 Only add HSTS headers in HTTPS
  • #2144 Add annotation to disable logs in a location
  • #2145 Add option in the configuration configmap to enable remote logging
  • #2146 In case of TLS errors do not allow traffic
  • #2148 Add publish-status-address flag
  • #2155 Update nginx with new modules
  • #2162 Remove duplicated BuildConfigFromFlags func
  • #2163 include lua-upstream-nginx-module in Nginx build
  • #2164 use the correct error channel
  • #2167 configuring load balancing per ingress
  • #2172 include lua-resty-lock in nginx image
  • #2174 Live Nginx configuration update without reloading
  • #2180 Include tests in golint checks, fix warnings
  • #2181 change nginx process pgid
  • #2185 Remove ProxyPassParams setting
  • #2191 Add checker test for bad pid
  • #2193 fix wrong json tag
  • #2201 Add worker-cpu-affinity nginx option
  • #2202 Allow config to disable geoip
  • #2205 add luacheck to lint lua files

Documentation:

  • #2124 Document how to provide list types in configmap
  • #2133 fix limit-req-status-code doc
  • #2139 Update documentation for nginx-ingress-role RBAC.
  • #2165 Typo fix "api server " -> "API server"
  • #2169 Add documentation about secure-verify-ca-secret
  • #2200 fix grammer mistake

0.11.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.11.0

New Features:

  • NGINX 1.13.9

Changes:

  • #1992 Added configmap option to disable IPv6 in nginx DNS resolver
  • #1993 Enable Customization of Auth Request Redirect
  • #1996 Use v3/dev/performance of ModSecurity because of performance
  • #1997 fix var checked
  • #1998 Add support to enable/disable proxy buffering
  • #1999 Add connection-proxy-header annotation
  • #2001 Add limit-request-status-code option
  • #2005 fix typo error for server name _
  • #2006 Add support for enabling ssl_ciphers per host
  • #2019 Update nginx image
  • #2021 Add nginx_cookie_flag_module
  • #2026 update KUBERNETES from v1.8.0 to 1.9.0
  • #2027 Show pod information in http-svc example
  • #2030 do not ignore $http_host and $http_x_forwarded_host
  • #2031 The maximum number of open file descriptors should be maxOpenFiles.
  • #2036 add matchLabels in Deployment yaml, that both API extensions/v1beta1 …
  • #2050 Get file max from fs/file-max.
  • #2063 Run one test at a time
  • #2065 Always return an IP address
  • #2069 Do not cancel the synchronization of secrets
  • #2071 Update Go to 1.9.4
  • #2082 Use a ring channel to avoid blocking write of events
  • #2089 Retry initial connection to the Kubernetes cluster
  • #2093 Only pods in running phase are vallid for status
  • #2099 Added GeoIP Organisational data
  • #2107 Enabled the dynamic reload of GeoIP data
  • #2119 Remove deprecated flag disable-node-list
  • #2120 Migrate to codecov.io

Documentation:

  • #1987 add kube-system namespace for oauth2-proxy example
  • #1991 Add comment about bolean and number values
  • #2009 docs/user-guide/tls: remove duplicated section
  • #2011 broken link for sticky-ingress.yaml
  • #2014 Add document for connection-proxy-header annotation
  • #2016 Minor link fix in deployment docs
  • #2018 Added documentation for Permanent Redirect
  • #2035 fix broken links in static-ip readme
  • #2038 fix typo: appropiate -> [appropriate]
  • #2039 fix typo stickyness to stickiness
  • #2040 fix wrong annotation
  • #2041 fix spell error reslover -> resolver
  • #2046 Fix typos
  • #2054 Adding documentation for helm with RBAC enabled
  • #2075 Fix opentracing configuration when multiple options are configured
  • #2076 Fix spelling errors
  • #2077 Remove initContainer from default deployment

0.10.2

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.2

Changes:

  • #1978 Fix chain completion and default certificate flag issues

0.10.1

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.1

Changes:

  • #1945 When a secret is updated read ingress annotations (again)
  • #1948 Update go to 1.9.3
  • #1953 Added annotation for upstream-vhost
  • #1960 Adjust sysctl values to improve nginx performance
  • #1963 Fix tests
  • #1969 Rollback #1854
  • #1970 By default brotli is disabled

0.10.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.0

Breaking changes:

Changed the names of default Nginx ingress prometheus metrics. If you are scraping default Nginx ingress metrics with prometheus the metrics changes are as follows:

nginx_active_connections_total          -> nginx_connections_total{state="active"}
nginx_accepted_connections_total        -> nginx_connections_total{state="accepted"}
nginx_handled_connections_total         -> nginx_connections_total{state="handled"}
nginx_current_reading_connections_total -> nginx_connections{state="reading"}
nginx_current_writing_connections_total -> nginx_connections{state="writing"}
current_waiting_connections_total       -> nginx_connections{state="waiting"}

New Features:

  • NGINX 1.13.8
  • Support to hide headers from upstream servers
  • Support for Jaeger
  • CORS max age annotation

Changes:

  • #1782 auth-tls-pass-certificate-to-upstream should be bool
  • #1787 force external_auth requests to http/1.1
  • #1800 Add control of the configuration refresh interval
  • #1805 Add X-Forwarded-Prefix on rewrites
  • #1844 Validate x-forwarded-proto and connection scheme before redirect to https
  • #1852 Update nginx to v1.13.8 and update modules
  • #1854 Fix redirect to ssl
  • #1858 When upstream-hash-by annotation is used do not configure a lb algorithm
  • #1861 Improve speed of tests execution
  • #1869 "proxy_redirect default" should be placed after the "proxy_pass"
  • #1870 Fix SSL Passthrough template issue and custom ports in redirect to HTTPS
  • #1871 Update nginx image to 0.31
  • #1872 Fix data race updating ingress status
  • #1880 Update go dependencies and cleanup deprecated packages
  • #1888 Add CORS max age annotation
  • #1891 Refactor initial synchronization of ingress objects
  • #1903 If server_tokens is disabled remove the Server header
  • #1906 Random string function should only contains letters
  • #1907 Fix custom port in redirects
  • #1909 Release nginx 0.32
  • #1910 updating prometheus metrics names according to naming best practices
  • #1912 removing _total prefix from nginx guage metrics
  • #1914 Add --with-http_secure_link_module for the Nginx build configuration
  • #1916 Add support for jaeger backend
  • #1918 Update nginx image to 0.32
  • #1919 Add option for reuseport in nginx listen section
  • #1926 Do not use port from host header
  • #1927 Remove sendfile configuration
  • #1928 Add support to hide headers from upstream servers
  • #1929 Refactoring of kubernetes informers and local caches
  • #1933 Remove deploy of ingress controller from the example

Documentation:

  • #1786 fix: some typo.
  • #1792 Add note about annotation values
  • #1814 Fix link to custom configuration
  • #1826 Add note about websocket and load balancers
  • #1840 Add note about default log files
  • #1853 Clarify docs for add-headers and proxy-set-headers
  • #1864 configmap.md: Convert hyphens in name column to non-breaking-hyphens
  • #1865 Add docs for legacy TLS version and ciphers
  • #1867 Fix publish-service patch and update README
  • #1913 Missing r
  • #1925 Fix doc links

0.9.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0

Changes:

  • #1731 Allow configuration of proxy_responses value for tcp/udp configmaps
  • #1766 Fix ingress typo
  • #1768 Custom default backend must use annotations if present
  • #1769 Use custom https port in redirects
  • #1771 Add additional check for old SSL certificates
  • #1776 Add option to configure the redirect code

0.9-beta.19

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.19

Changes:

  • Fix regression with ingress.class annotation introduced in 0.9-beta.18

0.9-beta.18

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.18

Breaking changes:

  • The NGINX ingress annotations contains a new prefix: nginx.ingress.kubernetes.io. This change is behind a flag to avoid breaking running deployments. To avoid breaking a running NGINX ingress controller add the flag --annotations-prefix=ingress.kubernetes.io to the nginx ingress controller deployment. There is one exception, the annotation kubernetes.io/ingress.class remains unchanged (this annotation is used in multiple ingress controllers)

New Features:

  • NGINX 1.13.7
  • Support for s390x
  • e2e tests

Changes:

  • #1648 Remove GenericController and add tests
  • #1650 Fix misspell errors
  • #1651 Remove node lister
  • #1652 Remove node lister
  • #1653 Fix diff execution
  • #1654 Fix travis script and update kubernetes to 1.8.0
  • #1658 Tests
  • #1659 Add nginx helper tests
  • #1662 Refactor annotations
  • #1665 Add the original http request method to the auth request
  • #1687 Fix use merge of annotations
  • #1689 Enable s390x
  • #1693 Fix docker build
  • #1695 Update nginx to v0.29
  • #1696 Always add cors headers when enabled
  • #1697 Disable features not availables in some platforms
  • #1698 Auth e2e tests
  • #1699 Refactor SSL intermediate CA certificate check
  • #1700 Add patch command to append publish-service flag
  • #1701 fix: Core() is deprecated use CoreV1() instead.
  • #1702 Fix TLS example [ci skip]
  • #1704 Add e2e tests to verify the correct source IP address
  • #1705 Add annotation for setting proxy_redirect
  • #1706 Increase ELB idle timeouts [ci skip]
  • #1710 Do not update a secret not referenced by ingress rules
  • #1713 add --report-node-internal-ip-address describe to cli-arguments.md
  • #1717 Fix command used to detect version
  • #1720 Add docker-registry example [ci skip]
  • #1722 Add annotation to enable passing the certificate to the upstream server
  • #1723 Add timeouts to http server and additional pprof routes
  • #1724 Cleanup main
  • #1725 Enable all e2e tests
  • #1726 fix: replace deprecated methods.
  • #1734 Changes ssl-client-cert header
  • #1737 Update nginx v1.13.7
  • #1738 Cleanup
  • #1739 Improve e2e checks
  • #1740 Update nginx
  • #1745 Simplify annotations
  • #1746 Cleanup of e2e helpers

Documentation:

  • #1657 Add better documentation for deploying for dev
  • #1680 Add doc for log-format-escape-json [ci skip]
  • #1685 Fix default SSL certificate flag docs [ci skip]
  • #1686 Fix development doc [ci skip]
  • #1727 fix: fix typos in docs.
  • #1747 Add config-map usage and options to Documentation

0.9-beta.17

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.17

Changes:

  • Fix regression with annotations introduced in 0.9-beta.16 (thanks @tomlanyon)

0.9-beta.16

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.16

New Features:

Breaking changes:

  • The default SSL configuration was updated to use TLSv1.2 and the default cipher list is ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Known issues:

Changes:

  • #1489 Compute a real X-Forwarded-For header
  • #1490 Introduce an upstream-hash-by annotation to support consistent hashing by nginx variable or text
  • #1498 Add modsecurity module
  • #1500 Enable modsecurity feature
  • #1501 Request ingress controller version in issue template
  • #1502 Force reload on template change
  • #1503 Add falg to report node internal IP address in ingress status
  • #1505 Increase size of variable hash bucket
  • #1506 Update nginx ssl configuration
  • #1507 Add tls session ticket key setting
  • #1511 fix deprecated ssl_client_cert. add ssl_client_verify header
  • #1513 Return 503 by default when no endpoint is available
  • #1520 Change alias behaviour not to create new server section needlessly
  • #1523 Include the serversnippet from the config map in server blocks
  • #1533 Remove authentication send body annotation
  • #1535 Remove auth-send-body [ci skip]
  • #1538 Rename service-nodeport.yml to service-nodeport.yaml
  • #1543 Fix glog initialization error
  • #1544 Fix make container for OSX.
  • #1547 fix broken GCE-GKE service descriptor
  • #1550 Add e2e tests - default backend
  • #1553 Cors features improvements
  • #1554 Add missing unit test for nextPowerOf2 function
  • #1556 fixed https port forwarding in Azure LB service
  • #1566 Release nginx-slim 0.27
  • #1568 update defaultbackend tag
  • #1569 Update 404 server image
  • #1570 Update nginx version
  • #1571 Fix cors tests
  • #1572 Certificate Auth Bugfix
  • #1577 Do not use relative urls for yaml files
  • #1580 Upgrade to use the latest version of nginx-opentracing.
  • #1581 Fix Makefile to work in OSX.
  • #1582 Add scripts to release from travis-ci
  • #1584 Add missing probes in deployments
  • #1585 Add version flag
  • #1587 Use pass access scheme in signin url
  • #1589 Fix upstream vhost Equal comparison
  • #1590 Fix Equals Comparison for CORS annotation
  • #1592 Update opentracing module and release image to quay.io
  • #1593 Fix makefile default task
  • #1605 Fix ExternalName services
  • #1607 Add support for named ports with service-upstream. #1459
  • #1608 Fix issue with clusterIP detection on service upstream. #1534
  • #1610 Only set alias if not already set
  • #1618 Fix full XFF with PROXY
  • #1620 Add gzip_vary
  • #1621 Fix path to ELB listener image
  • #1627 Add brotli support
  • #1629 Add ssl-client-dn header
  • #1632 Rename OWNERS assignees: to approvers:
  • #1635 Install dumb-init using apt-get
  • #1636 Update go to 1.9.2
  • #1640 Update nginx to 0.28 and enable brotli

Documentation:

  • #1491 Note that GCE has moved to a new repo
  • #1492 Cleanup readme.md
  • #1494 Cleanup
  • #1497 Cleanup examples directory
  • #1504 Clean readme
  • #1508 Fixed link in prometheus example
  • #1527 Split documentation
  • #1536 Update documentation and examples [ci skip]
  • #1541 fix(documentation): Fix some typos
  • #1548 link to prometheus docs
  • #1562 Fix development guide link
  • #1563 Add task to verify markdown links
  • #1583 Add note for certificate authentication in Cloudflare
  • #1617 fix typo in user-guide/annotations.md

0.9-beta.15

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15

New Features:

  • Add OCSP support
  • Configurable ssl_verify_client

Changes:

  • #1468 Add the original URL to the auth request
  • #1469 Typo: Add missing {{ }}
  • #1472 Fix X-Auth-Request-Redirect value to reflect the request uri
  • #1473 Fix proxy protocol check
  • #1475 Add OCSP support
  • #1477 Fix semicolons in global configuration
  • #1478 Pass redirect field in login page to get a proper redirect
  • #1480 configurable ssl_verify_client
  • #1485 Fix source IP address
  • #1486 Fix overwrite of custom configuration

Documentation:

  • #1460 Expose UDP port in UDP ingress example
  • #1465 review prometheus docs

0.9-beta.14

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.14

New Features:

  • Opentracing support for NGINX
  • Setting upstream vhost for nginx
  • Allow custom global configuration at multiple levels
  • Add support for proxy protocol decoding and encoding in TCP services

Changes:

  • #719 Setting upstream vhost for nginx.
  • #1321 Enable keepalive in upstreams
  • #1322 parse real ip
  • #1323 use $the_real_ip for rate limit whitelist
  • #1326 Pass headers from the custom error backend
  • #1328 update deprecated interface
  • #1329 add example for nginx-ingress
  • #1330 Increase coverage in template.go for nginx controller
  • #1335 Configurable proxy_request_buffering per location..
  • #1338 Fix multiple leader election
  • #1339 Enable status port listening in all interfaces
  • #1340 Update sha256sum of nginx substitutions
  • #1341 Fix typos
  • #1345 refactor controllers.go
  • #1349 Force reload if a secret is updated
  • #1363 Fix proxy request buffering default configuration
  • #1365 Fix equals comparsion returing False if both objects have nil Targets or Services.
  • #1367 Fix typos
  • #1379 Fix catch all upstream server
  • #1380 Cleanup
  • #1381 Refactor X-Forwarded-* headers
  • #1382 Cleanup
  • #1387 Improve resource usage in nginx controller
  • #1392 Avoid issues with goroutines updating fields
  • #1393 Limit the number of goroutines used for the update of ingress status
  • #1394 Improve equals
  • #1402 fix error when cert or key is nil
  • #1403 Added tls ports to rbac nginx ingress controller and service
  • #1404 Use nginx default value for SSLECDHCurve
  • #1411 Add more descriptive logging in certificate loading
  • #1412 Correct Error Handling to avoid panics and add more logging to template
  • #1413 Validate external names
  • #1418 Fix links after design proposals move
  • #1419 Remove duplicated ingress check code
  • #1420 Process queue items by time window
  • #1423 Fix cast error
  • #1424 Allow overriding the tag and registry
  • #1426 Enhance Certificate Logging and Clearup Mutual Auth Docs
  • #1430 Add support for proxy protocol decoding and encoding in TCP services
  • #1434 Fix exec of readSecrets
  • #1435 Add header to upstream server for external authentication
  • #1438 Do not intercept errors from the custom error service
  • #1439 Nginx master process killed thus no further reloads
  • #1440 Kill worker processes to allow the restart of nginx
  • #1445 Updated godeps
  • #1450 Fix links
  • #1451 Add example of server-snippet
  • #1452 Fix sync of secrets (kube lego)
  • #1454 Allow custom global configuration at multiple levels

Documentation:

  • #1400 Fix ConfigMap link in doc
  • #1422 Add docs for opentracing
  • #1441 Improve custom error pages doc
  • #1442 Opentracing docs
  • #1446 Add custom timeout annotations doc

0.9-beta.13

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.13

New Features:

  • NGINX 1.3.5
  • New flag to disable node listing
  • Custom X-Forwarder-Header (CloudFlare uses CF-Connecting-IP as header)
  • Custom error page in Client Certificate Authentication

Changes:

  • #1272 Delete useless statement
  • #1277 Add indent for nginx.conf
  • #1278 Add proxy-pass-params annotation and Backend field
  • #1282 Fix nginx stats
  • #1288 Allow PATCH in enable-cors
  • #1290 Add flag to disabling node listing
  • #1293 Adds support for error page in Client Certificate Authentication
  • #1308 A trivial typo in config
  • #1310 Refactoring nginx configuration configmap
  • #1311 Enable nginx async writes
  • #1312 Allow custom forwarded for header
  • #1313 Fix eol in nginx template
  • #1315 Fix nginx custom error pages

Documentation:

  • #1270 add missing yamls in controllers/nginx
  • #1276 Link rbac sample from deployment docs
  • #1291 fix link to conformance suite
  • #1295 fix README of nginx-ingress-controller
  • #1299 fix two doc issues in nginx/README
  • #1306 Fix kubeconfig example for nginx deployment

0.9-beta.12

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.12

Breaking changes:

  • SSL passthrough is disabled by default. To enable the feature use --enable-ssl-passthrough

New Features:

  • Support for arm64
  • New flags to customize listen ports
  • Per minute rate limiting
  • Rate limit whitelist
  • Configuration of nginx worker timeout (to avoid zombie nginx workers processes)
  • Redirects from non-www to www
  • Custom default backend (per Ingress)
  • Graceful shutdown for NGINX

Changes:

  • #977 Add sort-backends command line option
  • #981 Add annotation to allow use of service ClusterIP for NGINX upstream.
  • #991 Remove secret sync loop
  • #992 Check errors generating pem files
  • #993 Fix the sed command to work on macOS
  • #1013 The fields of vtsDate are unified in the form of plural
  • #1025 Fix file watch
  • #1027 Lint code
  • #1031 Change missing secret name log level to V(3)
  • #1032 Alternative syncSecret approach #1030
  • #1042 Add function to allow custom values in Ingress status
  • #1043 Return reference to object providing Endpoint
  • #1046 Add field FileSHA in BasicDigest struct
  • #1058 add per minute rate limiting
  • #1060 Update fsnotify dependency to fix arm64 issue
  • #1065 Add more descriptive steps in Dev Documentation
  • #1073 Release nginx-slim 0.22
  • #1074 Remove lua and use fastcgi to render errors
  • #1075 (feat/ #374) support proxy timeout
  • #1076 Add more ssl test cases
  • #1078 fix the same udp port and tcp port, update nginx.conf error
  • #1080 Disable platform s390x
  • #1081 Spit Static check and Coverage in diff Stages of Travis CI
  • #1082 Fix build tasks
  • #1087 Release nginx-slim 0.23
  • #1088 Configure nginx worker timeout
  • #1089 Update nginx to 1.13.4
  • #1098 Exposing the event recorder to allow other controllers to create events
  • #1102 Fix lose SSL Passthrough
  • #1104 Simplify verification of hostname in ssl certificates
  • #1109 Cleanup remote address in nginx template
  • #1110 Fix Endpoint comparison
  • #1118 feat(#733)Support nginx bandwidth control
  • #1124 check fields len in dns.go
  • #1130 Update nginx.go
  • #1134 replace deprecated interface with versioned ones
  • #1136 Fix status update - changed in #1074
  • #1138 update nginx.go: performance improve
  • #1139 Fix Todo:convert sequence to table
  • #1162 Optimize CI build time
  • #1164 Use variable request_uri as redirect after auth
  • #1179 Fix sticky upstream not used when enable rewrite
  • #1184 Add support for temporal and permanent redirects
  • #1185 Add more info about Server-Alias usage
  • #1186 Add annotation for client-body-buffer-size per location
  • #1190 Add flag to disable SSL passthrough
  • #1193 fix broken link
  • #1198 Add option for specific scheme for base url
  • #1202 formatIP issue
  • #1203 NGINX not reloading correctly
  • #1204 Fix template error
  • #1205 Add initial sync of secrets
  • #1206 Update ssl-passthrough docs
  • #1207 delete broken link
  • #1208 fix some typo
  • #1210 add rate limit whitelist
  • #1215 Replace base64 encoding with random uuid
  • #1218 Trivial fixes in core/pkg/net
  • #1219 keep zones unique per ingress resource
  • #1221 Move certificate authentication from location to server
  • #1223 Add doc for non-www to www annotation
  • #1224 refactor rate limit whitelist
  • #1226 Remove useless variable in nginx.tmpl
  • #1227 Update annotations doc with base-url-scheme
  • #1233 Fix ClientBodyBufferSize annotation
  • #1234 Lint code
  • #1235 Fix Equal comparison
  • #1236 Add Validation for Client Body Buffer Size
  • #1238 Add support for 'client_body_timeout' and 'client_header_timeout'
  • #1239 Add flags to customize listen ports and detect port collisions
  • #1243 Add support for access-log-path and error-log-path
  • #1244 Add custom default backend annotation
  • #1246 Add additional headers when custom default backend is used
  • #1247 Make Ingress annotations available in template
  • #1248 Improve nginx controller performance
  • #1254 fix Type transform panic
  • #1257 Graceful shutdown for Nginx
  • #1261 Add support for 'worker-shutdown-timeout'

Documentation:

  • #976 Update annotations doc
  • #979 Missing auth example
  • #980 Add nginx basic auth example
  • #1001 examples/nginx/rbac: Give access to own namespace
  • #1005 Update configuration.md
  • #1018 add docs for proxy-set-headers and add-headers
  • #1038 typo / spelling in README.md
  • #1039 typo in examples/tcp/nginx/README.md
  • #1049 Fix config name in the example.
  • #1054 Fix link to UDP example
  • #1084 (issue #310)Fix some broken link
  • #1103 Add GoDoc Widget
  • #1105 Make Readme file more readable
  • #1106 Update annotations.md
  • #1107 Fix Broken Link
  • #1119 fix typos in controllers/nginx/README.md
  • #1122 Fix broken link
  • #1131 Add short help doc in configuration for nginx limit rate
  • #1143 Minor Typo Fix
  • #1144 Minor Typo fix
  • #1145 Minor Typo fix
  • #1146 Fix Minor Typo in Readme
  • #1147 Minor Typo Fix
  • #1148 Minor Typo Fix in Getting-Started.md
  • #1149 Fix Minor Typo in TLS authentication
  • #1150 Fix Minor Typo in Customize the HAProxy configuration
  • #1151 Fix Minor Typo in customization custom-template
  • #1152 Fix minor typo in HAProxy Multi TLS certificate termination
  • #1153 Fix minor typo in Multi TLS certificate termination
  • #1154 Fix minor typo in Role Based Access Control
  • #1155 Fix minor typo in TCP loadbalancing
  • #1156 Fix minor typo in UDP loadbalancing
  • #1157 Fix minor typos in Prerequisites
  • #1158 Fix minor typo in Ingress examples
  • #1159 Fix minor typos in Ingress admin guide
  • #1160 Fix a broken href and typo in Ingress FAQ
  • #1165 Update CONTRIBUTING.md
  • #1168 finx link to running-locally.md
  • #1170 Update dead link in nginx/HTTPS section
  • #1172 Update README.md
  • #1173 Update admin.md
  • #1174 fix several titles
  • #1177 fix typos
  • #1188 Fix minor typo
  • #1189 Fix sign in URL redirect parameter
  • #1192 Update README.md
  • #1195 Update troubleshooting.md
  • #1196 Update README.md
  • #1209 Update README.md
  • #1085 Fix ConfigMap's namespace in custom configuration example for nginx
  • #1142 Fix typo in multiple docs
  • #1228 Update release doc in getting-started.md
  • #1230 Update godep guide link

0.9-beta.11

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11

Fixes NGINX CVE-2017-7529

Changes:

  • #659 [nginx] TCP configmap should allow listen proxy_protocol per service
  • #730 Add support for add_headers
  • #808 HTTP->HTTPS redirect does not work with use-proxy-protocol: "true"
  • #921 Make proxy-real-ip-cidr a comma separated list
  • #930 Add support for proxy protocol in TCP services
  • #933 Lint code
  • #937 Fix lint code errors
  • #940 Sets parameters for a shared memory zone of limit_conn_zone
  • #949 fix nginx version to 1.13.3 to fix integer overflow
  • #956 Simplify handling of ssl certificates
  • #958 Release ubuntu-slim:0.13
  • #959 Release nginx-slim 0.21
  • #960 Update nginx in ingress controller
  • #964 Support for proxy_headers_hash_bucket_size and proxy_headers_hash_max_size
  • #966 Fix error checking for pod name & NS
  • #967 Fix runningAddresses typo
  • #968 Fix missing hyphen in yaml for nginx RBAC example
  • #973 check number of servers in configuration comparator

0.9-beta.10

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.10

Fix release 0.9-beta.9

0.9-beta.9

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.9

New Features:

  • Add support for arm and ppc64le

Changes:

  • #548 nginx: support multidomain certificates
  • #620 [nginx] Listening ports are not configurable, so ingress can't be run multiple times per node when using CNI
  • #648 publish-service argument isn't honored when ELB is internal only facing.
  • #833 WIP: Avoid reloads implementing Equals in structs
  • #838 Feature request: Add ingress annotation to enable upstream "keepalive" option
  • #844 ingress annotations affinity is not working
  • #862 Avoid reloads implementing Equaler interface
  • #864 Remove dead code
  • #868 Lint nginx code
  • #871 Add feature to allow sticky sessions per location
  • #873 Update README.md
  • #876 Add information about nginx controller flags
  • #878 Update go to 1.8.3
  • #881 Option to not remove loadBalancer status record?
  • #882 Add flag to skip the update of Ingress status on shutdown
  • #885 Don't use $proxy_protocol var which may be undefined.
  • #886 Add support for SubjectAltName in SSL certificates
  • #888 Update nginx-slim to 0.19
  • #889 Add PHOST to backend
  • #890 Improve variable configuration for source IP address
  • #892 Add upstream keepalive connections cache
  • #897 Update outdated ingress resource link
  • #898 add error check right when reload nginx fail
  • #899 Fix nginx error check
  • #900 After #862 changes in the configmap do not trigger a reload
  • #901 [doc] Update NGinX status port to 18080
  • #902 Always reload after a change in the configuration
  • #904 Fix nginx sticky sessions
  • #906 Fix race condition with closed channels
  • #907 nginx/proxy: allow specifying next upstream behaviour
  • #910 Feature request: use X-Forwarded-Host from the reverse proxy before
  • #911 Improve X-Forwarded-Host support
  • #915 Release nginx-slim 0.20
  • #916 Add arm and ppc64le support
  • #919 Apply the 'ssl-redirect' annotation per-location
  • #922 Add example of TLS termination using a classic ELB

0.9-beta.8

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.8

Changes:

  • #761 NGINX TCP Ingresses do not bind on IPv6
  • #850 Fix IPv6 UDP stream section
  • #851 ensure private key and certificate match
  • #852 Don't expose certificate metrics for default server
  • #846 Match ServicePort to Endpoints by Name
  • #854 Document log-format-stream and log-format-upstream
  • #847 fix semicolon
  • #848 Add metric "ssl certificate expiration"
  • #839 "No endpoints" issue
  • #845 Fix no endpoints issue when named ports are used
  • #822 Release ubuntu-slim 0.11
  • #824 Update nginx-slim to 0.18
  • #823 Release nginx-slim 0.18
  • #827 Introduce working example of nginx controller with rbac
  • #835 Make log format json escaping configurable
  • #843 Avoid setting maximum number of open file descriptors lower than 1024
  • #837 Cleanup interface
  • #836 Make log format json escaping configurable
  • #828 Wrap IPv6 endpoints in []
  • #821 nginx-ingress: occasional 503 Service Temporarily Unavailable
  • #829 feat(template): wrap IPv6 addresses in []
  • #786 Update echoserver image version in examples
  • #825 Create or delete ingress based on class annotation
  • #790 #789 removing duplicate X-Real-IP header
  • #792 Avoid checking if the controllers are synced
  • #798 nginx: RBAC for leader election
  • #799 could not build variables_hash
  • #809 Fix dynamic variable name
  • #804 Fix #798 - RBAC for leader election
  • #806 fix ingress rbac roles
  • #811 external auth - proxy_pass_request_body off + big bodies give 500/413
  • #785 Publish echoheader image
  • #813 Added client_max_body_size to authPath location
  • #814 rbac-nginx: resourceNames cannot filter create verb
  • #774 Add IPv6 support in TCP and UDP stream section
  • #784 Allow customization of variables hash tables
  • #782 Set "proxy_pass_header Server;"
  • #783 nginx/README.md: clarify app-root and fix example hyperlink
  • #787 Add setting to allow returning the Server header from the backend

0.9-beta.7

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7

Changes:

  • #777 Update sniff parser to fix index out of bound error

0.9-beta.6

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.6

Changes:

  • #647 ingress.class enhancement for debugging.
  • #708 ingress losing real source IP when tls enabled
  • #760 Change recorder event scheme
  • #704 fix nginx reload flags '-c'
  • #757 Replace use of endpoints as locks with configmap
  • #752 nginx ingress header config backwards
  • #756 Fix bad variable assignment in template nginx
  • #729 Release nginx-slim 0.17
  • #755 Fix server name hash maxSize default value
  • #741 Update golang dependencies
  • #749 Remove service annotation for namedPorts
  • #740 Refactoring whitelist source IP verification
  • #734 Specify nginx image arch
  • #728 Update nginx image
  • #723 update readme about vts metrics
  • #726 Release ubuntu-slim 0.10
  • #727 [nginx] whitelist-source-range doesn’t work on ssl port
  • #709 Add config for X-Forwarded-For trust
  • #679 add getenv
  • #680 nginx/pkg/config: delete unuseful variable
  • #716 Add secure-verify-ca-secret annotation
  • #722 Remove go-reap and use tini as process reaper
  • #725 Add keepalive_requests and client_body_buffer_size options
  • #724 change the directory of default-backend.yaml
  • #656 Nginx Ingress Controller - Specify load balancing method
  • #717 delete unuseful variable
  • #712 Set $proxy_upstream_name before location directive
  • #715 Corrected annotation ex signin-url to auth-url
  • #718 nodeController sync
  • #694 SSL-Passthrough broken in beta.5
  • #678 Convert CN SSL Certificate to lowercase before comparison
  • #690 Fix IP in logs for https traffic
  • #673 Override load balancer alg view config map
  • #675 Use proxy-protocol to pass through source IP to nginx
  • #707 use nginx vts module version 0.1.14
  • #702 Document passing of ssl_client_cert to backend
  • #688 Add example of UDP loadbalancing
  • #696 [nginx] pass non-SNI TLS hello to default backend, Fixes #693
  • #685 Fix error in generated nginx.conf for optional hsts-preload

0.9-beta.5

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.5

Changes:

  • #663 Remove helper required in go < 1.8
  • #662 Add debug information about ingress class
  • #661 Avoid running nginx if the configuration file is empty
  • #660 Rollback queue refactoring
  • #654 Update go version to 1.8

0.9-beta.4

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.4

New Features:

  • Add support for services of type ExternalName

Changes:

  • #635 Allow configuration of features underscores_in_headers and ignore_invalid_headers
  • #633 Fix lint errors
  • #630 Add example of TCP loadbalancing
  • #629 Add support for services of type ExternalName
  • #624 Compute server_names_hash_bucket_size correctly
  • #615 Process exited cleanly before we hit wait4
  • #614 Refactor nginx ssl passthrough
  • #613 Status leader election must consired the ingress class
  • #607 Allow custom server_names_hash_max_size & server_names_hash_bucket_size
  • #601 add a judgment
  • #601 Replace custom child reap code with go-reap
  • #597 Add flag to force namespace isolation
  • #595 Remove Host header from auth_request proxy configuration
  • #588 Read resolv.conf file just once
  • #586 Updated instructions to create an ingress controller build
  • #583 fixed lua_package_path in nginx.tmpl
  • #580 Updated faq for running multiple ingress controller
  • #579 Detect if the ingress controller is running with multiple replicas
  • #578 Set different listeners per protocol version
  • #577 Avoid zombie child processes
  • #576 Replace secret workqueue
  • #568 Revert merge annotations to the implicit root context
  • #563 Add option to disable hsts preload
  • #560 Fix intermittent misconfiguration of backend.secure and SessionAffinity
  • #556 Update nginx version and remove dumb-init
  • #551 Build namespace and ingress class as label
  • #546 Fix a couple of 'does not contains' typos
  • #542 Fix lint errors
  • #540 Add Backends.SSLPassthrough attribute
  • #539 Migrate to client-go
  • #536 add unit test cases for core/pkg/ingress/controller/backend_ssl
  • #535 Add test for ingress status update
  • #532 Add setting to configure ecdh curve
  • #531 Fix link to examples
  • #530 Fix link to custom nginx configuration
  • #528 Add reference to apiserver-host flag
  • #527 Add annotations to location of default backend (root context)
  • #525 Avoid negative values configuring the max number of open files
  • #523 Fix a typo in an error message
  • #521 nginx-ingress-controller is built twice by docker-build target
  • #517 Use whitelist-source-range from configmap when no annotation on ingress
  • #516 Convert WorkerProcesses setting to string to allow the value auto
  • #512 Fix typos regarding the ssl-passthrough annotation documentation
  • #505 add unit test cases for core/pkg/ingress/controller/annotations
  • #503 Add example for nginx in aws
  • #502 Add information about SSL Passthrough annotation
  • #500 Improve TLS secret configuration
  • #498 Proper enqueue a secret on the secret queue
  • #493 Update nginx and vts module
  • #490 Add unit test case for named_port
  • #488 Adds support for CORS on error responses and Authorization header
  • #485 Fix typo nginx configMap vts metrics customization
  • #481 Remove unnecessary quote in nginx log format
  • #471 prometheus scrape annotations
  • #460 add example of 'run multiple haproxy ingress controllers as a deployment'
  • #459 Add information about SSL certificates in the default log level
  • #456 Avoid upstreams with multiple servers with the same port
  • #454 Pass request port to real server
  • #450 fix nginx-tcp-and-udp on same port
  • #446 remove configmap validations
  • #445 Remove snakeoil certificate generation
  • #442 Fix a few bugs in the nginx-ingress-controller Makefile
  • #441 skip validation when configmap is empty
  • #439 Avoid a nil-reference when the temporary file cannot be created
  • #438 Improve English in error messages
  • #437 Reference constant

0.9-beta.3

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3

New Features:

  • Custom log formats using log-format-upstream directive in the configuration configmap.
  • Force redirect to SSL using the annotation ingress.kubernetes.io/force-ssl-redirect
  • Prometheus metric for VTS status module (transparent, just enable vts stats)
  • Improved external authentication adding ingress.kubernetes.io/auth-signin annotation. Please check this example

Breaking changes:

  • ssl-dh-param configuration in configmap is now the name of a secret that contains the Diffie-Hellman key

Changes:

  • #433 close over the ingress variable or the last assignment will be used
  • #424 Manually sync secrets from certificate authentication annotations
  • #423 Scrap json metrics from nginx vts module when enabled
  • #418 Only update Ingress status for the configured class
  • #415 Improve external authentication docs
  • #410 Add support for "signin url"
  • #409 Allow custom http2 header sizes
  • #408 Review docs
  • #406 Add debug info and fix spelling
  • #402 allow specifying custom dh param
  • #397 Fix external auth
  • #394 Update README.md
  • #392 Fix http2 header size
  • #391 remove tmp nginx-diff files
  • #390 Fix RateLimit comment
  • #385 add Copyright
  • #382 Ingress Fake Certificate generation
  • #380 Fix custom log format
  • #373 Cleanup
  • #371 add configuration to disable listening on ipv6
  • #370 Add documentation for ingress.kubernetes.io/force-ssl-redirect
  • #369 Minor text fix for "ApiServer"
  • #367 BuildLogFormatUpstream was always using the default log-format
  • #366 add_judgment
  • #365 add ForceSSLRedirect ingress annotation
  • #364 Fix error caused by increasing proxy_buffer_size (#363)
  • #362 Fix ingress class
  • #360 add example of 'run multiple nginx ingress controllers as a deployment'
  • #358 Checks if the TLS secret contains a valid keypair structure
  • #356 Disable listen only on ipv6 and fix proxy_protocol
  • #354 add judgment
  • #352 Add ability to customize upstream and stream log format
  • #351 Enable custom election id for status sync.
  • #347 Fix client source IP address
  • #345 Fix lint error
  • #344 Refactoring of TCP and UDP services
  • #343 Fix node lister when --watch-namespace is used
  • #341 Do not run coverage check in the default target.
  • #340 Add support for specify proxy cookie path/domain
  • #337 Fix for formatting error introduced in #304
  • #335 Fix for vet complaints:
  • #332 Add annotation to customize nginx configuration
  • #331 Correct spelling mistake
  • #328 fix misspell "affinity" in main.go
  • #326 add nginx daemonset example
  • #311 Sort stream service ports to avoid extra reloads
  • #307 Add docs for body-size annotation
  • #306 modify nginx readme
  • #304 change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams'

0.9-beta.2

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2

New Features:

  • New configuration flag proxy-set-headers to allow set custom headers before send traffic to backends. Example here
  • Disable directive access_log globally using disable-access-log: "true" in the configuration ConfigMap.
  • Sticky session per Ingress rule using the annotation ingress.kubernetes.io/affinity. Example here

Changes:

  • #300 Change nginx variable to use in filter of access_log
  • #296 Fix rewrite regex to match the start of the URL and not a substring
  • #293 Update makefile gcloud docker command
  • #290 Update nginx version in ingress controller to 1.11.10
  • #286 Add logs to help debugging and simplify default upstream configuration
  • #285 Added a Node StoreLister type
  • #281 Add chmod up directory tree for world read/execute on directories
  • #279 fix wrong link in the file of examples/README.md
  • #275 Pass headers to custom error backend
  • #272 Fix error getting class information from Ingress annotations
  • #268 minor: Fix typo in nginx README
  • #265 Fix rewrite annotation parser
  • #262 Add nginx README and configuration docs back
  • #261 types.go: fix typo in godoc
  • #258 Nginx sticky annotations
  • #255 Adds support for disabling access_log globally
  • #247 Fix wrong URL in nginx ingress configuration
  • #246 Add support for custom proxy headers using a ConfigMap
  • #244 Add information about cors annotation
  • #241 correct a spell mistake
  • #232 Change searchs with searches
  • #231 Add information about proxy_protocol in port 442
  • #228 Fix worker check issue
  • #227 proxy_protocol on ssl_passthrough listener
  • #223 Fix panic if a tempfile cannot be created
  • #220 Fixes for minikube usage instructions.
  • #219 Fix typo, add a couple of links.
  • #218 Improve links from CONTRIBUTING.
  • #217 Fix an e2e link.
  • #212 Simplify code to obtain TCP or UDP services
  • #208 Fix nil HTTP field
  • #198 Add an example for static-ip and deployment

0.9-beta.1

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.1

New Features:

  • SSL Passthrough
  • New Flag --publish-service that set the Service fronting the ingress controllers
  • Ingress status shows the correct IP/hostname address without duplicates
  • Custom body sizes per Ingress
  • Prometheus metrics

Breaking changes:

  • Flag --nginx-configmap was replaced with --configmap
  • Configmap field body-size was replaced with proxy-body-size

Changes:

  • #184 Fix template error
  • #179 Allows the usage of Default SSL Cert
  • #178 Add initialization of proxy variable
  • #177 Refactoring sysctlFSFileMax helper
  • #176 Fix TLS does not get updated when changed
  • #174 Update nginx to 1.11.9
  • #172 add some unit test cases for some packages under folder "core.pkg.ingress"
  • #168 Changes the SSL Temp file to something inside the same SSL Directory
  • #165 Fix rate limit issue when more than 2 servers enabled in ingress
  • #161 Document some missing parameters and their defaults for NGINX controller
  • #158 prefect unit test cases for annotation.proxy
  • #156 Fix issue for ratelimit
  • #154 add unit test cases for core.pkg.ingress.annotations.cors
  • #151 Port in redirect
  • #150 Add support for custom header sizes
  • #149 Add flag to allow switch off the update of Ingress status
  • #148 Add annotation to allow custom body sizes
  • #145 fix wrong links and punctuations
  • #144 add unit test cases for core.pkg.k8s
  • #143 Use protobuf instead of rest to connect to apiserver host and add troubleshooting doc
  • #142 Use system fs.max-files as limits instead of hard-coded value
  • #141 Add reuse port and backlog to port 80 and 443
  • #138 reference to const
  • #136 Add content and descriptions about nginx's configuration
  • #135 correct improper punctuation
  • #134 fix typo
  • #133 Add TCP and UDP services removed in migration
  • #132 Document nginx controller configuration tweaks
  • #128 Add tests and godebug to compare structs
  • #126 change the type of imagePullPolicy
  • #123 Add resolver configuration to nginx
  • #119 add unit test case for annotations.service
  • #115 add default_server to listen statement for default backend
  • #114 fix typo
  • #113 Add condition of enqueue and unit test cases for task.Queue
  • #108 annotations: print error and skip if malformed
  • #107 fix some wrong links of examples which to be used for nginx
  • #103 Update the nginx controller manifests
  • #101 Add unit test for strings.StringInSlice
  • #99 Update nginx to 1.11.8
  • #97 Fix gofmt
  • #96 Fix typo PassthrougBackends -> PassthroughBackends
  • #95 Deny location mapping in case of specific errors
  • #94 Add support to disable server_tokens directive
  • #93 Fix sort for catch all server
  • #92 Refactoring of nginx configuration deserialization
  • #91 Fix x-forwarded-port mapping
  • #90 fix the wrong link to build/test/release
  • #89 fix the wrong links to the examples and developer documentation
  • #88 Fix multiple tls hosts sharing the same secretName
  • #86 Update X-Forwarded-Port
  • #82 Fix incorrect X-Forwarded-Port for TLS
  • #81 Do not push containers to remote repo as part of test-e2e
  • #78 Fix #76: hardcode X-Forwarded-Port due to SSL Passthrough
  • #77 Add support for IPV6 in dns resolvers
  • #66 Start FAQ docs
  • #65 Support hostnames in Ingress status
  • #64 Sort whitelist list to avoid random orders
  • #62 Fix e2e make targets
  • #61 Ignore coverage profile files
  • #58 Fix "invalid port in upstream" on nginx controller
  • #57 Fix invalid port in upstream
  • #54 Expand developer docs
  • #52 fix typo in variable ProxyRealIPCIDR
  • #44 Bump nginx version to one higher than that in contrib
  • #36 Add nginx metrics to prometheus
  • #34 nginx: also listen on ipv6
  • #32 Restart nginx if master process dies
  • #31 Add healthz checker
  • #25 Fix a data race in TestFileWatcher
  • #12 Split implementations from generic code
  • #10 Copy Ingress history from kubernetes/contrib
  • #1498 Refactoring of template handling
  • #1571 use POD_NAMESPACE as a namespace in cli parameters
  • #1591 Always listen on port 443, even without ingress rules
  • #1596 Adapt nginx hash sizes to the number of ingress
  • #1653 Update image version
  • #1672 Add firewall rules and ing class clarifications
  • #1711 Add function helpers to nginx template
  • #1743 Allow customisation of the nginx proxy_buffer_size directive via ConfigMap
  • #1749 Readiness probe that works behind a CP lb
  • #1751 Add the name of the upstream in the log
  • #1758 Update nginx to 1.11.4
  • #1759 Add support for default backend in Ingress rule
  • #1762 Add cloud detection
  • #1766 Clarify the controller uses endpoints and not services
  • #1767 Update godeps
  • #1772 Avoid replacing nginx.conf file if the new configuration is invalid
  • #1773 Add annotation to add CORS support
  • #1786 Add docs about go template
  • #1796 Add external authentication support using auth_request
  • #1802 Initialize proxy_upstream_name variable
  • #1806 Add docs about the log format
  • #1808 WebSocket documentation
  • #1847 Change structure of packages
  • Add annotation for custom upstream timeouts
  • Mutual TLS auth (kubernetes-retired/contrib#1870)

0.8.3

  • #1450 Check for errors in nginx template
  • #1498 Refactoring of template handling
  • #1467 Use ClientConfig to configure connection
  • #1575 Update nginx to 1.11.3

0.8.2

  • #1336 Add annotation to skip ingress rule
  • #1338 Add HTTPS default backend
  • #1351 Avoid generation of invalid ssl certificates
  • #1379 improve nginx performance
  • #1350 Improve performance (listen backlog=net.core.somaxconn)
  • #1384 Unset Authorization header when proxying
  • #1398 Mitigate HTTPoxy Vulnerability

0.8.1

  • #1317 Fix duplicated real_ip_header
  • #1315 Addresses #1314

0.8

  • #1063 watches referenced tls secrets
  • #850 adds configurable SSL redirect nginx controller
  • #1136 Fix nginx rewrite rule order
  • #1144 Add cidr whitelist support
  • #1230 Improve docs and examples
  • #1258 Avoid sync without a reachable
  • #1235 Fix stats by country in nginx status page
  • #1236 Update nginx to add dynamic TLS records and spdy
  • #1238 Add support for dynamic TLS records and spdy
  • #1239 Add support for conditional log of urls
  • #1253 Use delayed queue
  • #1296 Fix formatting
  • #1299 Fix formatting

0.7