Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0
New Features:
- NGINX 1.15.3
- Serve SSL certificates synamically instead of reloading NGINX when they are created, updated, or deleted.
Feature behind the flag
--enable-dynamic-certificates
- GDB binary is included in the image to help troubleshooting issues
- Adjust the number of CPUs when CGROUP limits are defined (
worker-processes=auto
uses all the availables)
Changes:
- #2616 Add use-forwarded-headers configmap option.
- #2857 remove unnecessary encoding/decoding also fix ipv6 issue
- #2884 [grafana] Rate over 2 minutes since default Prometheus interval is 1m
- #2889 Add Lua endpoint to support dynamic certificate serving functionality
- #2899 fixed rewrites for paths not ending in /
- #2923 Add dynamic certificate serving feature to controller
- #2925 Update nginx dependencies
- #2932 Fixed typo in flags.go
- #2934 Datasource input variable
- #2941 now actually using the $controller and $namespace variables
- #2942 Update nginx image
- #2946 Add unit tests to configuration_test.lua that cover Backends configuration
- #2955 Update nginx opentracing zipkin module
- #2956 Update nginx and e2e images
- #2957 Batch metrics and flush periodically
- #2964 fix variable parsing when key is number
- #2965 Add Lua module to serve SSL Certificates dynamically
- #2966 Add unit tests for sticky lua module
- #2970 Update labels
- #2972 consistently fallback to default certificate when TLS is configured
- #2977 Pass real source IP address to auth request
- #2979 clear dynamic configuration e2e tests
- #2987 cleanup dynamic cert e2e tests
- #2988 Update go to 1.11
- #2990 Check if cgroup cpu limits are defined to get the number of CPUs
- #3003 Update nginx to 1.15.3
- #3004 Update nginx image
- #3005 Fix gdb issue and update e2e image
- #3006 apply nginx patch to make ssl_certificate_by_lua_block work properly
- #3011 Update nginx image
Documentation:
- #2806 add help for tls prerequisite for ingress.yaml
- #2912 Add documentation to install prometheus and grafana
- #2928 docs: Precisations on the usage of the InfluxDB module
- #2962 Fix broken anchor link to GCE/GKE
- #2983 Add documentation for enable-dynamic-certificates feature
- #2998 fixed jsonpath command in examples
- #3002 Enhance Troubleshooting Documentation
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0
New Features:
- NGINX 1.15.2
- Dynamic configuration is enabled by default
- Support for AJP protocol
- Use of authbind to bind privileged ports
- Replace minikube with kubeadm-dind-cluster to run e2e tests
Changes:
- #2789 Remove KubeConfig Dependency for Store Tests
- #2794 enable dynamic backend configuration by default
- #2795 start minikube before trying to build the image
- #2804 add support for ExternalName service type in dynamic mode
- #2808 fix the bug #2799, add prefix (?i) in rewrite statement.
- #2811 Escape $request_uri for external auth
- #2812 modified annotation name "rewrite-to" to "rewrite-target" in comments
- #2819 Catch errors waiting for controller deployment
- #2823 Multiple optimizations to build targets
- #2825 Refactoring of how we run as user
- #2826 Remove setcap from image and update nginx to 0.15.1
- #2827 Use nginx image as base and install go on top
- #2829 use resty-cli for running lua unit tests
- #2830 Remove lua mocks
- #2834 Added permanent-redirect-code
- #2844 Do not allow invalid latency values in metrics
- #2852 fix custom-error-pages functionality in dynamic mode
- #2853 improve annotations/default_backend e2e test
- #2858 Update build image
- #2859 Fix inconsistent metric labels
- #2863 Replace minikube for e2e tests
- #2867 fix bug with lua e2e test suite
- #2868 Use an existing e2e image
- #2869 describe under what circumstances and how we avoid Nginx reload
- #2871 Add support for AJP protocol
- #2872 Update nginx to 1.15.2
- #2874 Delay initial prometheus status metric
- #2876 Remove dashboard an tune sync-frequency
- #2877 Refactor entrypoint to avoid issues with volumes
- #2885 fix: Sort TCP/UDP upstream order
- #2888 Fix grafana datasources
- #2890 Usability improvements to build steps
- #2893 Update nginx image
- #2894 Use authbind to bind privileged ports
- #2895 support custom configuration to main context of nginx config
- #2896 support configuring multi_accept directive via configmap
- #2897 Enable reuse-port by default
- #2905 Fix IPV6 detection
Documentation:
- #2816 doc log-format: add variables about ingress
- #2866 Update index.md
- #2898 Fix default sync-period doc
- #2903 Very minor grammar fix
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1
Changes:
Documentation:
- #2770 Basic-Auth doc misleading: fix double quotes leading to nginx config error
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.0
New Features:
Changes:
- #2705 Remove duplicated securityContext
- #2719 Sample rate configmap option for zipkin in nginx-opentracing
- #2726 Cleanup prometheus metrics after a reload
- #2727 Add e2e tests for Client-Body-Buffer-Size
- #2732 Improve logging
- #2741 Add redirect uri for oauth2 login
- #2744 fix: Use the correct opentracing plugin for Jaeger
- #2747 Update opentracing-cpp and modsecurity
- #2748 Update nginx image to 0.54
- #2749 Use docker to build go binaries
- #2754 Allow gzip compression level to be controlled via ConfigMap
- #2760 Fix ingress rule parsing error
- #2767 Fix regression introduced in #2732
- #2771 Grafana Dashboard
- #2775 Simplify handler registration and updates prometheus
- #2776 Fix configuration hash calculation
Documentation:
- #2717 GCE/GKE proxy mentioned for Azure
- #2743 Clarify Installation Document by Separating Helm Steps
- #2761 Fix spelling mistake
- #2764 Use language neutral links to MDN
- #2765 Add FOSSA status badge
- #2777 Build docs using local docker image [ci skip]
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2
Breaking changes:
Running as user requires an update in the deployment manifest.
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
Note: the deploy guide contains this change
Changes:
- #2678 Refactor server type to include SSLCert
- #2685 Fix qemu docker build
- #2696 If server_tokens is disabled completely remove the Server header
- #2698 Improve best-cert guessing with empty tls.hosts
- #2701 Remove prometheus labels with high cardinality
Documentation:
- #2368 [aggregate] Fix typos across codebase
- #2681 Typo fix in error message: encounted->encountered
- #2697 Enhance Distributed Tracing Documentation
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.1
Breaking changes:
Running as user requires an update in the deployment manifest.
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
Note: the deploy guide contains this change
New Features:
- Run as user dropping root privileges
- New prometheus metric implementation (VTS module was removed)
- InfluxDB integration
- Module GeoIP2
Changes:
- #2692 Fix initial read of configuration configmap
- #2693 Revert #2669
- #2694 Add note about status update
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.1
Breaking changes:
Running as user requires an update in the deployment manifest.
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
Note: the deploy guide contains this change
New Features:
- Run as user dropping root privileges
- New prometheus metric implementation (VTS module was removed)
- InfluxDB integration
- Module GeoIP2
Changes:
- #2423 Resolves issue with proxy-redirect nginx configuration
- #2451 fix for #1930, make sessions sticky, for ingress with multiple rules …
- #2484 Fix bugs in Lua implementation of sticky sessions
- #2486 Extend kubernetes interrelation variables in nginx.tmpl
- #2504 Add Timeout For TLS Passthrough
- #2505 Annotations for the InfluxDB module
- #2517 Fix typo about the kind of request
- #2523 Add tests for bind-address
- #2524 Add support for grpc_set_header
- #2526 Fix upstream hash lua test
- #2528 Remove go-bindata
- #2533 NGINX image update: add the influxdb module
- #2534 Set Focus for E2E Tests
- #2537 Update nginx modules
- #2542 Instrument controller to show configReload metrics
- #2543 introduce a balancer interface
- #2548 Implement generate-request-id
- #2554 use better defaults for proxy-next-upstream(-tries)
- #2558 Update qemu to 2.12.0 [ci skip]
- #2559 Add geoip2 module and DB to nginx build
- #2564 Add security contacts file [ci skip]
- #2569 Update nginx modules to fix core dump [ci skip]
- #2570 Enable core dumps during tests
- #2573 Refactor e2e tests and update go dependencies
- #2574 Fix default-backend annotation
- #2575 Print information about NGINX version
- #2577 make sure ingress-nginx instances are watching their namespace only during test runs
- #2588 Update nginx dependencies
- #2590 Typo fix: muthual autentication -> mutual authentication
- #2591 Access log improvements
- #2597 Fix arm paths for liblua.so and lua_package_cpath
- #2598 Always sort upstream list to provide stable iteration order
- #2600 typo fix futher to further && preformance to performance
- #2602 Crossplat fixes
- #2603 Bump nginx influxdb module to f8732268d44aea706ecf8d9c6036e9b6dacc99b2
- #2608 Expose UDP message on /metrics endpoint
- #2611 Add metric emitter lua module
- #2614 fix nginx conf test error when not found active service endpoints
- #2617 Update go to 1.10.3
- #2618 Update nginx to 1.15.0 and remove VTS module
- #2619 Run as user dropping privileges
- #2623 Proofread cmd package and update flags description
- #2634 Disable resync period
- #2636 Add missing equality comparisons for ingress.Server
- #2638 Wait the result of the controller deployment before running any test
- #2639 Clarify log messages in controller package
- #2643 Remove VTS from the ingress controller
- #2644 Update nginx image version
- #2646 Rollback nginx 1.15.0 to 1.13.12
- #2649 Add support for IPV6 in stream upstream servers
- #2652 Use a unix socket instead udp for reception of metrics
- #2653 Remove dummy file watcher
- #2654 Hotfix: influxdb module enable disable toggle
- #2656 Improve configuration change detection
- #2658 Do not wait informer initialization to read configuration
- #2659 Update nginx image
- #2660 Change modsecurity directories
- #2661 Add additional header when debug is enabled
- #2664 refactor some lua code
- #2669 Remove unnecessary sync when the leader change
- #2672 After a configmap change parse ingress annotations (again)
- #2673 Add new approvers to the project
- #2674 Add e2e test for configmap change and reload
- #2675 Update opentracing nginx module
- #2676 Update opentracing configuration
Documentation:
- #2479 Document how the NGINX Ingress controller build nginx.conf
- #2515 Simplify installation and e2e manifests
- #2531 Mention the #ingress-nginx Slack channel
- #2540 DOCS: Correct ssl-passthrough annotation description.
- #2544 [docs] Fix manifest URL for GKE + Azure
- #2566 Fix wrong default value for
enable-brotli
- #2581 Improved link in modsecurity.md
- #2583 docs: add secret scheme details to the example
- #2592 Typo fix: are be->are/to on->to
- #2595 Typo fix: successfull->successful
- #2601 fix changelog link in README.md
- #2624 Fix minor documentation example
- #2625 Add annotation doc on proxy buffer size
- #2630 Update documentation for custom error pages
- #2666 Add documentation for proxy-cookie-domain annotation (#2034)
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0
Changes:
- #2440 TLS tests
- #2443 improve build-dev-env.sh script
- #2446 always use x-request-id
- #2447 Add basic security context to deployment YAMLs
- #2453 Add google analytics [ci skip]
- #2456 Assert or install go-bindata before incanting
- #2472 Refactor Lua balancer
- #2477 Change TrimLeft for TrimPrefix on the from-to-www redirect
- #2490 add resty cookie
- #2495 [ci skip] bump nginx baseimage version
- #2501 Refactor update of status removing initial check for loadbalancer
- #2502 Update go version in fortune teller image
- #2511 force backend sync when worker starts
- #2512 Remove warning when secret is used only for authentication
- #2514 Fix and simplify local dev workflow and execution of e2e tests
Documentation:
- #2448 Update GitHub pull request template
- #2449 Improve documentation format
- #2454 Add gRPC annotation doc
- #2455 Adjust size of tables and only adjust the first column on mobile
- #2457 Add Getting the Code section to Quick Start
- #2464 Documentation fixes & improvements
- #2467 Fixed broken link in deploy README
- #2498 Add some clarification around multiple ingress controller behavior
- #2503 Add KubeCon Europe 2018 Video to documentation
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.14.0
New Features:
- Documentation web page
- Support for
upstream-hash-by
annotation in dynamic configuration mode - Improved e2e test suite
Changes:
- #2346 Move ConfigMap updating methods into e2e/framework
- #2347 Update owners
- #2348 Use same convention, curl + kubectl for GKE
- #2350 Correct some returned messages in server_tokens.go
- #2352 Correct some info in flags.go
- #2353 Add proxy-add-original-uri-header config flag
- #2356 Add vts-sum-key config flag
- #2361 Check ingress rule contains HTTP paths
- #2363 Review $request_id
- #2365 Clean JSON before post request to update configuration
- #2369 Update nginx image to fix modsecurity crs issues
- #2370 Update nginx image
- #2374 Remove most of the time.Sleep from the e2e tests
- #2379 Add busted unit testing framework for lua code
- #2382 Accept ns/name Secret reference in annotations
- #2383 Improve speed of e2e tests
- #2385 include lua-resty-balancer in nginx image
- #2386 upstream-hash-by annotation support for dynamic configuraton mode
- #2388 Silence unnecessary MissingAnnotations errors
- #2392 Ensure dep fix fsnotify
- #2395 Fix flaky test
- #2396 Update go dependencies
- #2398 Allow tls section without hosts in Ingress rule
- #2399 Add test for store helper ListIngresses
- #2401 Add tests for controller getEndpoints
- #2408 Read backends data even if buffered to temp file
- #2410 Add balancer unit tests
- #2411 Update nginx-opentracing to 0.3.0
- #2414 Fix golint installation
- #2416 Update nginx image
- #2417 Automate building developer environment
- #2421 Apply gometalinter suggestions
- #2428 Add buffer configuration to external auth location config
- #2433 Remove data races from tests
- #2434 Check ginkgo is installed before running e2e tests
- #2437 Add annotation to enable rewrite logs in a location
Documentation:
- #2351 Typo fix in cli-arguments.md
- #2372 fix the default cookie name in doc
- #2377 DOCS: Add clarification regarding ssl passthrough
- #2409 Add deployment instructions for Docker for Mac (Edge)
- #2413 Reorganize documentation
- #2438 Update custom-errors.md
- #2439 Update README.md
- #2430 Add scripts and tasks to publish docs to github pages
- #2431 Improve readme file
- #2366 fix: fill missing patch yaml config.
- #2432 Fix broken links in the docs
- #2436 Update exposing-tcp-udp-services.md
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.13.0
New Features:
- NGINX 1.13.12
- Support for gRPC:
- The annotation
nginx.ingress.kubernetes.io/grpc-backend: "true"
enable this feature - If the gRPC service requires TLS
nginx.ingress.kubernetes.io/secure-backends: "true"
- The annotation
- Configurable load balancing with EWMA
- Support for lua-resty-waf as alternative to ModSecurity. Check configuration guide
- Support for session affinity when dynamic configuration is enabled.
- Add NoAuthLocations and default it to "/.well-known/acme-challenge"
Changes:
- #2078 Expose SSL client cert data to external auth provider.
- #2187 Managing a whitelist for _/nginx_status
- #2208 Add missing lua bindata change
- #2209 fix go test TestSkipEnqueue error, move queue.Run
- #2210 allow ipv6 localhost when enabled
- #2212 Fix dynamic configuration when custom errors are enabled
- #2215 fix wrong config generation when upstream-hash-by is set
- #2220 fix: cannot set $service_name if use rewrite
- #2221 Update nginx to 1.13.10 and enable gRPC
- #2223 Add support for gRPC
- #2227 do not hardcode keepalive for upstream_balancer
- #2228 Fix broken links in multi-tls
- #2229 Configurable load balancing with EWMA
- #2232 Make proxy_next_upstream_tries configurable
- #2233 clean backends data before sending to Lua endpoint
- #2234 Update go dependencies
- #2235 add proxy header ssl-client-issuer-dn, fix #2178
- #2241 Revert "Get file max from fs/file-max. (#2050)"
- #2243 Add NoAuthLocations and default it to "/.well-known/acme-challenge"
- #2244 fix: empty ingress path
- #2246 Fix grpc json tag name
- #2254 e2e tests for dynamic configuration and Lua features and a bug fix
- #2263 clean up tmpl
- #2270 Revert deleted code in #2146
- #2271 Use SharedIndexInformers in place of Informers
- #2272 Disable opentracing for nginx internal urls
- #2273 Update go to 1.10.1
- #2280 Fix bug when auth req is enabled(external authentication)
- #2283 Fix flaky e2e tests
- #2285 Update controller.go
- #2290 Update nginx to 1.13.11
- #2294 Fix HSTS without preload
- #2296 Improve indentation of generated nginx.conf
- #2298 Disable dynamic configuration in s390x and ppc64le
- #2300 Fix race condition when Ingress does not contains a secret
- #2301 include lua-resty-waf and its dependencies in the base Nginx image
- #2303 More lua dependencies
- #2304 Lua resty waf controller
- #2305 Fix issues building nginx image in different platforms
- #2306 Disable lua waf where luajit is not available
- #2308 Add verification of lua load balancer to health check
- #2309 Configure upload limits for setup of lua load balancer
- #2314 annotation to ignore given list of WAF rulesets
- #2315 extra waf rules per ingress
- #2317 run lua-resty-waf in different modes
- #2327 Update nginx to 1.13.12
- #2328 Update nginx image
- #2331 fix nil pointer when ssl with ca.crt
- #2333 disable lua for arch s390x and ppc64le
- #2340 Fix buildupstream name to work with dynamic session affinity
- #2341 Add session affinity to custom load balancing
- #2342 Sync SSL certificates on events
Documentation:
- #2236 Add missing configuration in #2235
- #1785 Add deployment docs for AWS NLB
- #2213 Update cli-arguments.md
- #2219 Fix log format documentation
- #2238 Correct typo
- #2239 fix-link
- #2240 fix:"any value other" should be "any other value"
- #2255 Update annotations.md
- #2267 Update README.md
- #2274 Typo fixes in modsecurity.md
- #2276 Update README.md
- #2282 Fix nlb instructions
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.12.0
New Features:
- Live NGINX configuration update without reloading using the flag
--enable-dynamic-configuration
(disabled by default). - New flag
--publish-status-address
to manually set the Ingress status IP address. - Add worker-cpu-affinity NGINX option.
- Enable remote logging using syslog.
- Do not redirect
/.well-known/acme-challenge
to HTTPS.
Changes:
- #2125 Add GCB config to build defaultbackend
- #2127 Revert deletion of dependency version override
- #2137 Updated log level to v2 for sysctlFSFileMax.
- #2140 Cors header should always be returned
- #2141 Fix error loading modules
- #2143 Only add HSTS headers in HTTPS
- #2144 Add annotation to disable logs in a location
- #2145 Add option in the configuration configmap to enable remote logging
- #2146 In case of TLS errors do not allow traffic
- #2148 Add publish-status-address flag
- #2155 Update nginx with new modules
- #2162 Remove duplicated BuildConfigFromFlags func
- #2163 include lua-upstream-nginx-module in Nginx build
- #2164 use the correct error channel
- #2167 configuring load balancing per ingress
- #2172 include lua-resty-lock in nginx image
- #2174 Live Nginx configuration update without reloading
- #2180 Include tests in golint checks, fix warnings
- #2181 change nginx process pgid
- #2185 Remove ProxyPassParams setting
- #2191 Add checker test for bad pid
- #2193 fix wrong json tag
- #2201 Add worker-cpu-affinity nginx option
- #2202 Allow config to disable geoip
- #2205 add luacheck to lint lua files
Documentation:
- #2124 Document how to provide list types in configmap
- #2133 fix limit-req-status-code doc
- #2139 Update documentation for nginx-ingress-role RBAC.
- #2165 Typo fix "api server " -> "API server"
- #2169 Add documentation about secure-verify-ca-secret
- #2200 fix grammer mistake
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.11.0
New Features:
- NGINX 1.13.9
Changes:
- #1992 Added configmap option to disable IPv6 in nginx DNS resolver
- #1993 Enable Customization of Auth Request Redirect
- #1996 Use v3/dev/performance of ModSecurity because of performance
- #1997 fix var checked
- #1998 Add support to enable/disable proxy buffering
- #1999 Add connection-proxy-header annotation
- #2001 Add limit-request-status-code option
- #2005 fix typo error for server name _
- #2006 Add support for enabling ssl_ciphers per host
- #2019 Update nginx image
- #2021 Add nginx_cookie_flag_module
- #2026 update KUBERNETES from v1.8.0 to 1.9.0
- #2027 Show pod information in http-svc example
- #2030 do not ignore $http_host and $http_x_forwarded_host
- #2031 The maximum number of open file descriptors should be maxOpenFiles.
- #2036 add matchLabels in Deployment yaml, that both API extensions/v1beta1 …
- #2050 Get file max from fs/file-max.
- #2063 Run one test at a time
- #2065 Always return an IP address
- #2069 Do not cancel the synchronization of secrets
- #2071 Update Go to 1.9.4
- #2082 Use a ring channel to avoid blocking write of events
- #2089 Retry initial connection to the Kubernetes cluster
- #2093 Only pods in running phase are vallid for status
- #2099 Added GeoIP Organisational data
- #2107 Enabled the dynamic reload of GeoIP data
- #2119 Remove deprecated flag disable-node-list
- #2120 Migrate to codecov.io
Documentation:
- #1987 add kube-system namespace for oauth2-proxy example
- #1991 Add comment about bolean and number values
- #2009 docs/user-guide/tls: remove duplicated section
- #2011 broken link for sticky-ingress.yaml
- #2014 Add document for connection-proxy-header annotation
- #2016 Minor link fix in deployment docs
- #2018 Added documentation for Permanent Redirect
- #2035 fix broken links in static-ip readme
- #2038 fix typo: appropiate -> [appropriate]
- #2039 fix typo stickyness to stickiness
- #2040 fix wrong annotation
- #2041 fix spell error reslover -> resolver
- #2046 Fix typos
- #2054 Adding documentation for helm with RBAC enabled
- #2075 Fix opentracing configuration when multiple options are configured
- #2076 Fix spelling errors
- #2077 Remove initContainer from default deployment
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.2
Changes:
- #1978 Fix chain completion and default certificate flag issues
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.1
Changes:
- #1945 When a secret is updated read ingress annotations (again)
- #1948 Update go to 1.9.3
- #1953 Added annotation for upstream-vhost
- #1960 Adjust sysctl values to improve nginx performance
- #1963 Fix tests
- #1969 Rollback #1854
- #1970 By default brotli is disabled
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.0
Breaking changes:
Changed the names of default Nginx ingress prometheus metrics. If you are scraping default Nginx ingress metrics with prometheus the metrics changes are as follows:
nginx_active_connections_total -> nginx_connections_total{state="active"}
nginx_accepted_connections_total -> nginx_connections_total{state="accepted"}
nginx_handled_connections_total -> nginx_connections_total{state="handled"}
nginx_current_reading_connections_total -> nginx_connections{state="reading"}
nginx_current_writing_connections_total -> nginx_connections{state="writing"}
current_waiting_connections_total -> nginx_connections{state="waiting"}
New Features:
- NGINX 1.13.8
- Support to hide headers from upstream servers
- Support for Jaeger
- CORS max age annotation
Changes:
- #1782 auth-tls-pass-certificate-to-upstream should be bool
- #1787 force external_auth requests to http/1.1
- #1800 Add control of the configuration refresh interval
- #1805 Add X-Forwarded-Prefix on rewrites
- #1844 Validate x-forwarded-proto and connection scheme before redirect to https
- #1852 Update nginx to v1.13.8 and update modules
- #1854 Fix redirect to ssl
- #1858 When upstream-hash-by annotation is used do not configure a lb algorithm
- #1861 Improve speed of tests execution
- #1869 "proxy_redirect default" should be placed after the "proxy_pass"
- #1870 Fix SSL Passthrough template issue and custom ports in redirect to HTTPS
- #1871 Update nginx image to 0.31
- #1872 Fix data race updating ingress status
- #1880 Update go dependencies and cleanup deprecated packages
- #1888 Add CORS max age annotation
- #1891 Refactor initial synchronization of ingress objects
- #1903 If server_tokens is disabled remove the Server header
- #1906 Random string function should only contains letters
- #1907 Fix custom port in redirects
- #1909 Release nginx 0.32
- #1910 updating prometheus metrics names according to naming best practices
- #1912 removing _total prefix from nginx guage metrics
- #1914 Add --with-http_secure_link_module for the Nginx build configuration
- #1916 Add support for jaeger backend
- #1918 Update nginx image to 0.32
- #1919 Add option for reuseport in nginx listen section
- #1926 Do not use port from host header
- #1927 Remove sendfile configuration
- #1928 Add support to hide headers from upstream servers
- #1929 Refactoring of kubernetes informers and local caches
- #1933 Remove deploy of ingress controller from the example
Documentation:
- #1786 fix: some typo.
- #1792 Add note about annotation values
- #1814 Fix link to custom configuration
- #1826 Add note about websocket and load balancers
- #1840 Add note about default log files
- #1853 Clarify docs for add-headers and proxy-set-headers
- #1864 configmap.md: Convert hyphens in name column to non-breaking-hyphens
- #1865 Add docs for legacy TLS version and ciphers
- #1867 Fix publish-service patch and update README
- #1913 Missing r
- #1925 Fix doc links
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
Changes:
- #1731 Allow configuration of proxy_responses value for tcp/udp configmaps
- #1766 Fix ingress typo
- #1768 Custom default backend must use annotations if present
- #1769 Use custom https port in redirects
- #1771 Add additional check for old SSL certificates
- #1776 Add option to configure the redirect code
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.19
Changes:
- Fix regression with ingress.class annotation introduced in 0.9-beta.18
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.18
Breaking changes:
- The NGINX ingress annotations contains a new prefix: nginx.ingress.kubernetes.io. This change is behind a flag to avoid breaking running deployments.
To avoid breaking a running NGINX ingress controller add the flag --annotations-prefix=ingress.kubernetes.io to the nginx ingress controller deployment.
There is one exception, the annotation
kubernetes.io/ingress.class
remains unchanged (this annotation is used in multiple ingress controllers)
New Features:
- NGINX 1.13.7
- Support for s390x
- e2e tests
Changes:
- #1648 Remove GenericController and add tests
- #1650 Fix misspell errors
- #1651 Remove node lister
- #1652 Remove node lister
- #1653 Fix diff execution
- #1654 Fix travis script and update kubernetes to 1.8.0
- #1658 Tests
- #1659 Add nginx helper tests
- #1662 Refactor annotations
- #1665 Add the original http request method to the auth request
- #1687 Fix use merge of annotations
- #1689 Enable s390x
- #1693 Fix docker build
- #1695 Update nginx to v0.29
- #1696 Always add cors headers when enabled
- #1697 Disable features not availables in some platforms
- #1698 Auth e2e tests
- #1699 Refactor SSL intermediate CA certificate check
- #1700 Add patch command to append publish-service flag
- #1701 fix: Core() is deprecated use CoreV1() instead.
- #1702 Fix TLS example [ci skip]
- #1704 Add e2e tests to verify the correct source IP address
- #1705 Add annotation for setting proxy_redirect
- #1706 Increase ELB idle timeouts [ci skip]
- #1710 Do not update a secret not referenced by ingress rules
- #1713 add --report-node-internal-ip-address describe to cli-arguments.md
- #1717 Fix command used to detect version
- #1720 Add docker-registry example [ci skip]
- #1722 Add annotation to enable passing the certificate to the upstream server
- #1723 Add timeouts to http server and additional pprof routes
- #1724 Cleanup main
- #1725 Enable all e2e tests
- #1726 fix: replace deprecated methods.
- #1734 Changes ssl-client-cert header
- #1737 Update nginx v1.13.7
- #1738 Cleanup
- #1739 Improve e2e checks
- #1740 Update nginx
- #1745 Simplify annotations
- #1746 Cleanup of e2e helpers
Documentation:
- #1657 Add better documentation for deploying for dev
- #1680 Add doc for log-format-escape-json [ci skip]
- #1685 Fix default SSL certificate flag docs [ci skip]
- #1686 Fix development doc [ci skip]
- #1727 fix: fix typos in docs.
- #1747 Add config-map usage and options to Documentation
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.17
Changes:
- Fix regression with annotations introduced in 0.9-beta.16 (thanks @tomlanyon)
Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.16
New Features:
- Images are published to quay.io
- NGINX 1.13.6
- OpenTracing Jaeger support inNGINX
- ModSecurity support
- Support for brotli compression in NGINX
- Return 503 error instead of 404 when no endpoint is available
Breaking changes:
- The default SSL configuration was updated to use
TLSv1.2
and the default cipher list isECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
Known issues:
- When ModSecurity is enabled a segfault could occur - ModSecurity#1590
Changes:
- #1489 Compute a real
X-Forwarded-For
header - #1490 Introduce an upstream-hash-by annotation to support consistent hashing by nginx variable or text
- #1498 Add modsecurity module
- #1500 Enable modsecurity feature
- #1501 Request ingress controller version in issue template
- #1502 Force reload on template change
- #1503 Add falg to report node internal IP address in ingress status
- #1505 Increase size of variable hash bucket
- #1506 Update nginx ssl configuration
- #1507 Add tls session ticket key setting
- #1511 fix deprecated ssl_client_cert. add ssl_client_verify header
- #1513 Return 503 by default when no endpoint is available
- #1520 Change alias behaviour not to create new server section needlessly
- #1523 Include the serversnippet from the config map in server blocks
- #1533 Remove authentication send body annotation
- #1535 Remove auth-send-body [ci skip]
- #1538 Rename service-nodeport.yml to service-nodeport.yaml
- #1543 Fix glog initialization error
- #1544 Fix
make container
for OSX. - #1547 fix broken GCE-GKE service descriptor
- #1550 Add e2e tests - default backend
- #1553 Cors features improvements
- #1554 Add missing unit test for nextPowerOf2 function
- #1556 fixed https port forwarding in Azure LB service
- #1566 Release nginx-slim 0.27
- #1568 update defaultbackend tag
- #1569 Update 404 server image
- #1570 Update nginx version
- #1571 Fix cors tests
- #1572 Certificate Auth Bugfix
- #1577 Do not use relative urls for yaml files
- #1580 Upgrade to use the latest version of nginx-opentracing.
- #1581 Fix Makefile to work in OSX.
- #1582 Add scripts to release from travis-ci
- #1584 Add missing probes in deployments
- #1585 Add version flag
- #1587 Use pass access scheme in signin url
- #1589 Fix upstream vhost Equal comparison
- #1590 Fix Equals Comparison for CORS annotation
- #1592 Update opentracing module and release image to quay.io
- #1593 Fix makefile default task
- #1605 Fix ExternalName services
- #1607 Add support for named ports with service-upstream. #1459
- #1608 Fix issue with clusterIP detection on service upstream. #1534
- #1610 Only set alias if not already set
- #1618 Fix full XFF with PROXY
- #1620 Add gzip_vary
- #1621 Fix path to ELB listener image
- #1627 Add brotli support
- #1629 Add ssl-client-dn header
- #1632 Rename OWNERS assignees: to approvers:
- #1635 Install dumb-init using apt-get
- #1636 Update go to 1.9.2
- #1640 Update nginx to 0.28 and enable brotli
Documentation:
- #1491 Note that GCE has moved to a new repo
- #1492 Cleanup readme.md
- #1494 Cleanup
- #1497 Cleanup examples directory
- #1504 Clean readme
- #1508 Fixed link in prometheus example
- #1527 Split documentation
- #1536 Update documentation and examples [ci skip]
- #1541 fix(documentation): Fix some typos
- #1548 link to prometheus docs
- #1562 Fix development guide link
- #1563 Add task to verify markdown links
- #1583 Add note for certificate authentication in Cloudflare
- #1617 fix typo in user-guide/annotations.md
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15
New Features:
- Add OCSP support
- Configurable ssl_verify_client
Changes:
- #1468 Add the original URL to the auth request
- #1469 Typo: Add missing {{ }}
- #1472 Fix X-Auth-Request-Redirect value to reflect the request uri
- #1473 Fix proxy protocol check
- #1475 Add OCSP support
- #1477 Fix semicolons in global configuration
- #1478 Pass redirect field in login page to get a proper redirect
- #1480 configurable ssl_verify_client
- #1485 Fix source IP address
- #1486 Fix overwrite of custom configuration
Documentation:
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.14
New Features:
- Opentracing support for NGINX
- Setting upstream vhost for nginx
- Allow custom global configuration at multiple levels
- Add support for proxy protocol decoding and encoding in TCP services
Changes:
- #719 Setting upstream vhost for nginx.
- #1321 Enable keepalive in upstreams
- #1322 parse real ip
- #1323 use $the_real_ip for rate limit whitelist
- #1326 Pass headers from the custom error backend
- #1328 update deprecated interface
- #1329 add example for nginx-ingress
- #1330 Increase coverage in template.go for nginx controller
- #1335 Configurable proxy_request_buffering per location..
- #1338 Fix multiple leader election
- #1339 Enable status port listening in all interfaces
- #1340 Update sha256sum of nginx substitutions
- #1341 Fix typos
- #1345 refactor controllers.go
- #1349 Force reload if a secret is updated
- #1363 Fix proxy request buffering default configuration
- #1365 Fix equals comparsion returing False if both objects have nil Targets or Services.
- #1367 Fix typos
- #1379 Fix catch all upstream server
- #1380 Cleanup
- #1381 Refactor X-Forwarded-* headers
- #1382 Cleanup
- #1387 Improve resource usage in nginx controller
- #1392 Avoid issues with goroutines updating fields
- #1393 Limit the number of goroutines used for the update of ingress status
- #1394 Improve equals
- #1402 fix error when cert or key is nil
- #1403 Added tls ports to rbac nginx ingress controller and service
- #1404 Use nginx default value for SSLECDHCurve
- #1411 Add more descriptive logging in certificate loading
- #1412 Correct Error Handling to avoid panics and add more logging to template
- #1413 Validate external names
- #1418 Fix links after design proposals move
- #1419 Remove duplicated ingress check code
- #1420 Process queue items by time window
- #1423 Fix cast error
- #1424 Allow overriding the tag and registry
- #1426 Enhance Certificate Logging and Clearup Mutual Auth Docs
- #1430 Add support for proxy protocol decoding and encoding in TCP services
- #1434 Fix exec of readSecrets
- #1435 Add header to upstream server for external authentication
- #1438 Do not intercept errors from the custom error service
- #1439 Nginx master process killed thus no further reloads
- #1440 Kill worker processes to allow the restart of nginx
- #1445 Updated godeps
- #1450 Fix links
- #1451 Add example of server-snippet
- #1452 Fix sync of secrets (kube lego)
- #1454 Allow custom global configuration at multiple levels
Documentation:
- #1400 Fix ConfigMap link in doc
- #1422 Add docs for opentracing
- #1441 Improve custom error pages doc
- #1442 Opentracing docs
- #1446 Add custom timeout annotations doc
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.13
New Features:
- NGINX 1.3.5
- New flag to disable node listing
- Custom X-Forwarder-Header (CloudFlare uses
CF-Connecting-IP
as header) - Custom error page in Client Certificate Authentication
Changes:
- #1272 Delete useless statement
- #1277 Add indent for nginx.conf
- #1278 Add proxy-pass-params annotation and Backend field
- #1282 Fix nginx stats
- #1288 Allow PATCH in enable-cors
- #1290 Add flag to disabling node listing
- #1293 Adds support for error page in Client Certificate Authentication
- #1308 A trivial typo in config
- #1310 Refactoring nginx configuration configmap
- #1311 Enable nginx async writes
- #1312 Allow custom forwarded for header
- #1313 Fix eol in nginx template
- #1315 Fix nginx custom error pages
Documentation:
- #1270 add missing yamls in controllers/nginx
- #1276 Link rbac sample from deployment docs
- #1291 fix link to conformance suite
- #1295 fix README of nginx-ingress-controller
- #1299 fix two doc issues in nginx/README
- #1306 Fix kubeconfig example for nginx deployment
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.12
Breaking changes:
- SSL passthrough is disabled by default. To enable the feature use
--enable-ssl-passthrough
New Features:
- Support for arm64
- New flags to customize listen ports
- Per minute rate limiting
- Rate limit whitelist
- Configuration of nginx worker timeout (to avoid zombie nginx workers processes)
- Redirects from non-www to www
- Custom default backend (per Ingress)
- Graceful shutdown for NGINX
Changes:
- #977 Add sort-backends command line option
- #981 Add annotation to allow use of service ClusterIP for NGINX upstream.
- #991 Remove secret sync loop
- #992 Check errors generating pem files
- #993 Fix the sed command to work on macOS
- #1013 The fields of vtsDate are unified in the form of plural
- #1025 Fix file watch
- #1027 Lint code
- #1031 Change missing secret name log level to V(3)
- #1032 Alternative syncSecret approach #1030
- #1042 Add function to allow custom values in Ingress status
- #1043 Return reference to object providing Endpoint
- #1046 Add field FileSHA in BasicDigest struct
- #1058 add per minute rate limiting
- #1060 Update fsnotify dependency to fix arm64 issue
- #1065 Add more descriptive steps in Dev Documentation
- #1073 Release nginx-slim 0.22
- #1074 Remove lua and use fastcgi to render errors
- #1075 (feat/ #374) support proxy timeout
- #1076 Add more ssl test cases
- #1078 fix the same udp port and tcp port, update nginx.conf error
- #1080 Disable platform s390x
- #1081 Spit Static check and Coverage in diff Stages of Travis CI
- #1082 Fix build tasks
- #1087 Release nginx-slim 0.23
- #1088 Configure nginx worker timeout
- #1089 Update nginx to 1.13.4
- #1098 Exposing the event recorder to allow other controllers to create events
- #1102 Fix lose SSL Passthrough
- #1104 Simplify verification of hostname in ssl certificates
- #1109 Cleanup remote address in nginx template
- #1110 Fix Endpoint comparison
- #1118 feat(#733)Support nginx bandwidth control
- #1124 check fields len in dns.go
- #1130 Update nginx.go
- #1134 replace deprecated interface with versioned ones
- #1136 Fix status update - changed in #1074
- #1138 update nginx.go: performance improve
- #1139 Fix Todo:convert sequence to table
- #1162 Optimize CI build time
- #1164 Use variable request_uri as redirect after auth
- #1179 Fix sticky upstream not used when enable rewrite
- #1184 Add support for temporal and permanent redirects
- #1185 Add more info about Server-Alias usage
- #1186 Add annotation for client-body-buffer-size per location
- #1190 Add flag to disable SSL passthrough
- #1193 fix broken link
- #1198 Add option for specific scheme for base url
- #1202 formatIP issue
- #1203 NGINX not reloading correctly
- #1204 Fix template error
- #1205 Add initial sync of secrets
- #1206 Update ssl-passthrough docs
- #1207 delete broken link
- #1208 fix some typo
- #1210 add rate limit whitelist
- #1215 Replace base64 encoding with random uuid
- #1218 Trivial fixes in core/pkg/net
- #1219 keep zones unique per ingress resource
- #1221 Move certificate authentication from location to server
- #1223 Add doc for non-www to www annotation
- #1224 refactor rate limit whitelist
- #1226 Remove useless variable in nginx.tmpl
- #1227 Update annotations doc with base-url-scheme
- #1233 Fix ClientBodyBufferSize annotation
- #1234 Lint code
- #1235 Fix Equal comparison
- #1236 Add Validation for Client Body Buffer Size
- #1238 Add support for 'client_body_timeout' and 'client_header_timeout'
- #1239 Add flags to customize listen ports and detect port collisions
- #1243 Add support for access-log-path and error-log-path
- #1244 Add custom default backend annotation
- #1246 Add additional headers when custom default backend is used
- #1247 Make Ingress annotations available in template
- #1248 Improve nginx controller performance
- #1254 fix Type transform panic
- #1257 Graceful shutdown for Nginx
- #1261 Add support for 'worker-shutdown-timeout'
Documentation:
- #976 Update annotations doc
- #979 Missing auth example
- #980 Add nginx basic auth example
- #1001 examples/nginx/rbac: Give access to own namespace
- #1005 Update configuration.md
- #1018 add docs for
proxy-set-headers
andadd-headers
- #1038 typo / spelling in README.md
- #1039 typo in examples/tcp/nginx/README.md
- #1049 Fix config name in the example.
- #1054 Fix link to UDP example
- #1084 (issue #310)Fix some broken link
- #1103 Add GoDoc Widget
- #1105 Make Readme file more readable
- #1106 Update annotations.md
- #1107 Fix Broken Link
- #1119 fix typos in controllers/nginx/README.md
- #1122 Fix broken link
- #1131 Add short help doc in configuration for nginx limit rate
- #1143 Minor Typo Fix
- #1144 Minor Typo fix
- #1145 Minor Typo fix
- #1146 Fix Minor Typo in Readme
- #1147 Minor Typo Fix
- #1148 Minor Typo Fix in Getting-Started.md
- #1149 Fix Minor Typo in TLS authentication
- #1150 Fix Minor Typo in Customize the HAProxy configuration
- #1151 Fix Minor Typo in customization custom-template
- #1152 Fix minor typo in HAProxy Multi TLS certificate termination
- #1153 Fix minor typo in Multi TLS certificate termination
- #1154 Fix minor typo in Role Based Access Control
- #1155 Fix minor typo in TCP loadbalancing
- #1156 Fix minor typo in UDP loadbalancing
- #1157 Fix minor typos in Prerequisites
- #1158 Fix minor typo in Ingress examples
- #1159 Fix minor typos in Ingress admin guide
- #1160 Fix a broken href and typo in Ingress FAQ
- #1165 Update CONTRIBUTING.md
- #1168 finx link to running-locally.md
- #1170 Update dead link in nginx/HTTPS section
- #1172 Update README.md
- #1173 Update admin.md
- #1174 fix several titles
- #1177 fix typos
- #1188 Fix minor typo
- #1189 Fix sign in URL redirect parameter
- #1192 Update README.md
- #1195 Update troubleshooting.md
- #1196 Update README.md
- #1209 Update README.md
- #1085 Fix ConfigMap's namespace in custom configuration example for nginx
- #1142 Fix typo in multiple docs
- #1228 Update release doc in getting-started.md
- #1230 Update godep guide link
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11
Fixes NGINX CVE-2017-7529
Changes:
- #659 [nginx] TCP configmap should allow listen proxy_protocol per service
- #730 Add support for add_headers
- #808 HTTP->HTTPS redirect does not work with use-proxy-protocol: "true"
- #921 Make proxy-real-ip-cidr a comma separated list
- #930 Add support for proxy protocol in TCP services
- #933 Lint code
- #937 Fix lint code errors
- #940 Sets parameters for a shared memory zone of limit_conn_zone
- #949 fix nginx version to 1.13.3 to fix integer overflow
- #956 Simplify handling of ssl certificates
- #958 Release ubuntu-slim:0.13
- #959 Release nginx-slim 0.21
- #960 Update nginx in ingress controller
- #964 Support for proxy_headers_hash_bucket_size and proxy_headers_hash_max_size
- #966 Fix error checking for pod name & NS
- #967 Fix runningAddresses typo
- #968 Fix missing hyphen in yaml for nginx RBAC example
- #973 check number of servers in configuration comparator
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.10
Fix release 0.9-beta.9
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.9
New Features:
- Add support for arm and ppc64le
Changes:
- #548 nginx: support multidomain certificates
- #620 [nginx] Listening ports are not configurable, so ingress can't be run multiple times per node when using CNI
- #648 publish-service argument isn't honored when ELB is internal only facing.
- #833 WIP: Avoid reloads implementing Equals in structs
- #838 Feature request: Add ingress annotation to enable upstream "keepalive" option
- #844 ingress annotations affinity is not working
- #862 Avoid reloads implementing Equaler interface
- #864 Remove dead code
- #868 Lint nginx code
- #871 Add feature to allow sticky sessions per location
- #873 Update README.md
- #876 Add information about nginx controller flags
- #878 Update go to 1.8.3
- #881 Option to not remove loadBalancer status record?
- #882 Add flag to skip the update of Ingress status on shutdown
- #885 Don't use $proxy_protocol var which may be undefined.
- #886 Add support for SubjectAltName in SSL certificates
- #888 Update nginx-slim to 0.19
- #889 Add PHOST to backend
- #890 Improve variable configuration for source IP address
- #892 Add upstream keepalive connections cache
- #897 Update outdated ingress resource link
- #898 add error check right when reload nginx fail
- #899 Fix nginx error check
- #900 After #862 changes in the configmap do not trigger a reload
- #901 [doc] Update NGinX status port to 18080
- #902 Always reload after a change in the configuration
- #904 Fix nginx sticky sessions
- #906 Fix race condition with closed channels
- #907 nginx/proxy: allow specifying next upstream behaviour
- #910 Feature request: use
X-Forwarded-Host
from the reverse proxy before - #911 Improve X-Forwarded-Host support
- #915 Release nginx-slim 0.20
- #916 Add arm and ppc64le support
- #919 Apply the 'ssl-redirect' annotation per-location
- #922 Add example of TLS termination using a classic ELB
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.8
Changes:
- #761 NGINX TCP Ingresses do not bind on IPv6
- #850 Fix IPv6 UDP stream section
- #851 ensure private key and certificate match
- #852 Don't expose certificate metrics for default server
- #846 Match ServicePort to Endpoints by Name
- #854 Document log-format-stream and log-format-upstream
- #847 fix semicolon
- #848 Add metric "ssl certificate expiration"
- #839 "No endpoints" issue
- #845 Fix no endpoints issue when named ports are used
- #822 Release ubuntu-slim 0.11
- #824 Update nginx-slim to 0.18
- #823 Release nginx-slim 0.18
- #827 Introduce working example of nginx controller with rbac
- #835 Make log format json escaping configurable
- #843 Avoid setting maximum number of open file descriptors lower than 1024
- #837 Cleanup interface
- #836 Make log format json escaping configurable
- #828 Wrap IPv6 endpoints in []
- #821 nginx-ingress: occasional 503 Service Temporarily Unavailable
- #829 feat(template): wrap IPv6 addresses in []
- #786 Update echoserver image version in examples
- #825 Create or delete ingress based on class annotation
- #790 #789 removing duplicate X-Real-IP header
- #792 Avoid checking if the controllers are synced
- #798 nginx: RBAC for leader election
- #799 could not build variables_hash
- #809 Fix dynamic variable name
- #804 Fix #798 - RBAC for leader election
- #806 fix ingress rbac roles
- #811 external auth - proxy_pass_request_body off + big bodies give 500/413
- #785 Publish echoheader image
- #813 Added client_max_body_size to authPath location
- #814 rbac-nginx: resourceNames cannot filter create verb
- #774 Add IPv6 support in TCP and UDP stream section
- #784 Allow customization of variables hash tables
- #782 Set "proxy_pass_header Server;"
- #783 nginx/README.md: clarify app-root and fix example hyperlink
- #787 Add setting to allow returning the Server header from the backend
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7
Changes:
- #777 Update sniff parser to fix index out of bound error
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.6
Changes:
- #647 ingress.class enhancement for debugging.
- #708 ingress losing real source IP when tls enabled
- #760 Change recorder event scheme
- #704 fix nginx reload flags '-c'
- #757 Replace use of endpoints as locks with configmap
- #752 nginx ingress header config backwards
- #756 Fix bad variable assignment in template nginx
- #729 Release nginx-slim 0.17
- #755 Fix server name hash maxSize default value
- #741 Update golang dependencies
- #749 Remove service annotation for namedPorts
- #740 Refactoring whitelist source IP verification
- #734 Specify nginx image arch
- #728 Update nginx image
- #723 update readme about vts metrics
- #726 Release ubuntu-slim 0.10
- #727 [nginx] whitelist-source-range doesn’t work on ssl port
- #709 Add config for X-Forwarded-For trust
- #679 add getenv
- #680 nginx/pkg/config: delete unuseful variable
- #716 Add secure-verify-ca-secret annotation
- #722 Remove go-reap and use tini as process reaper
- #725 Add keepalive_requests and client_body_buffer_size options
- #724 change the directory of default-backend.yaml
- #656 Nginx Ingress Controller - Specify load balancing method
- #717 delete unuseful variable
- #712 Set $proxy_upstream_name before location directive
- #715 Corrected annotation ex
signin-url
toauth-url
- #718 nodeController sync
- #694 SSL-Passthrough broken in beta.5
- #678 Convert CN SSL Certificate to lowercase before comparison
- #690 Fix IP in logs for https traffic
- #673 Override load balancer alg view config map
- #675 Use proxy-protocol to pass through source IP to nginx
- #707 use nginx vts module version 0.1.14
- #702 Document passing of ssl_client_cert to backend
- #688 Add example of UDP loadbalancing
- #696 [nginx] pass non-SNI TLS hello to default backend, Fixes #693
- #685 Fix error in generated nginx.conf for optional hsts-preload
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.5
Changes:
- #663 Remove helper required in go < 1.8
- #662 Add debug information about ingress class
- #661 Avoid running nginx if the configuration file is empty
- #660 Rollback queue refactoring
- #654 Update go version to 1.8
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.4
New Features:
- Add support for services of type ExternalName
Changes:
- #635 Allow configuration of features underscores_in_headers and ignore_invalid_headers
- #633 Fix lint errors
- #630 Add example of TCP loadbalancing
- #629 Add support for services of type ExternalName
- #624 Compute server_names_hash_bucket_size correctly
- #615 Process exited cleanly before we hit wait4
- #614 Refactor nginx ssl passthrough
- #613 Status leader election must consired the ingress class
- #607 Allow custom server_names_hash_max_size & server_names_hash_bucket_size
- #601 add a judgment
- #601 Replace custom child reap code with go-reap
- #597 Add flag to force namespace isolation
- #595 Remove Host header from auth_request proxy configuration
- #588 Read resolv.conf file just once
- #586 Updated instructions to create an ingress controller build
- #583 fixed lua_package_path in nginx.tmpl
- #580 Updated faq for running multiple ingress controller
- #579 Detect if the ingress controller is running with multiple replicas
- #578 Set different listeners per protocol version
- #577 Avoid zombie child processes
- #576 Replace secret workqueue
- #568 Revert merge annotations to the implicit root context
- #563 Add option to disable hsts preload
- #560 Fix intermittent misconfiguration of backend.secure and SessionAffinity
- #556 Update nginx version and remove dumb-init
- #551 Build namespace and ingress class as label
- #546 Fix a couple of 'does not contains' typos
- #542 Fix lint errors
- #540 Add Backends.SSLPassthrough attribute
- #539 Migrate to client-go
- #536 add unit test cases for core/pkg/ingress/controller/backend_ssl
- #535 Add test for ingress status update
- #532 Add setting to configure ecdh curve
- #531 Fix link to examples
- #530 Fix link to custom nginx configuration
- #528 Add reference to apiserver-host flag
- #527 Add annotations to location of default backend (root context)
- #525 Avoid negative values configuring the max number of open files
- #523 Fix a typo in an error message
- #521 nginx-ingress-controller is built twice by docker-build target
- #517 Use whitelist-source-range from configmap when no annotation on ingress
- #516 Convert WorkerProcesses setting to string to allow the value auto
- #512 Fix typos regarding the ssl-passthrough annotation documentation
- #505 add unit test cases for core/pkg/ingress/controller/annotations
- #503 Add example for nginx in aws
- #502 Add information about SSL Passthrough annotation
- #500 Improve TLS secret configuration
- #498 Proper enqueue a secret on the secret queue
- #493 Update nginx and vts module
- #490 Add unit test case for named_port
- #488 Adds support for CORS on error responses and Authorization header
- #485 Fix typo nginx configMap vts metrics customization
- #481 Remove unnecessary quote in nginx log format
- #471 prometheus scrape annotations
- #460 add example of 'run multiple haproxy ingress controllers as a deployment'
- #459 Add information about SSL certificates in the default log level
- #456 Avoid upstreams with multiple servers with the same port
- #454 Pass request port to real server
- #450 fix nginx-tcp-and-udp on same port
- #446 remove configmap validations
- #445 Remove snakeoil certificate generation
- #442 Fix a few bugs in the nginx-ingress-controller Makefile
- #441 skip validation when configmap is empty
- #439 Avoid a nil-reference when the temporary file cannot be created
- #438 Improve English in error messages
- #437 Reference constant
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3
New Features:
- Custom log formats using
log-format-upstream
directive in the configuration configmap. - Force redirect to SSL using the annotation
ingress.kubernetes.io/force-ssl-redirect
- Prometheus metric for VTS status module (transparent, just enable vts stats)
- Improved external authentication adding
ingress.kubernetes.io/auth-signin
annotation. Please check this example
Breaking changes:
ssl-dh-param
configuration in configmap is now the name of a secret that contains the Diffie-Hellman key
Changes:
- #433 close over the ingress variable or the last assignment will be used
- #424 Manually sync secrets from certificate authentication annotations
- #423 Scrap json metrics from nginx vts module when enabled
- #418 Only update Ingress status for the configured class
- #415 Improve external authentication docs
- #410 Add support for "signin url"
- #409 Allow custom http2 header sizes
- #408 Review docs
- #406 Add debug info and fix spelling
- #402 allow specifying custom dh param
- #397 Fix external auth
- #394 Update README.md
- #392 Fix http2 header size
- #391 remove tmp nginx-diff files
- #390 Fix RateLimit comment
- #385 add Copyright
- #382 Ingress Fake Certificate generation
- #380 Fix custom log format
- #373 Cleanup
- #371 add configuration to disable listening on ipv6
- #370 Add documentation for ingress.kubernetes.io/force-ssl-redirect
- #369 Minor text fix for "ApiServer"
- #367 BuildLogFormatUpstream was always using the default log-format
- #366 add_judgment
- #365 add ForceSSLRedirect ingress annotation
- #364 Fix error caused by increasing proxy_buffer_size (#363)
- #362 Fix ingress class
- #360 add example of 'run multiple nginx ingress controllers as a deployment'
- #358 Checks if the TLS secret contains a valid keypair structure
- #356 Disable listen only on ipv6 and fix proxy_protocol
- #354 add judgment
- #352 Add ability to customize upstream and stream log format
- #351 Enable custom election id for status sync.
- #347 Fix client source IP address
- #345 Fix lint error
- #344 Refactoring of TCP and UDP services
- #343 Fix node lister when --watch-namespace is used
- #341 Do not run coverage check in the default target.
- #340 Add support for specify proxy cookie path/domain
- #337 Fix for formatting error introduced in #304
- #335 Fix for vet complaints:
- #332 Add annotation to customize nginx configuration
- #331 Correct spelling mistake
- #328 fix misspell "affinity" in main.go
- #326 add nginx daemonset example
- #311 Sort stream service ports to avoid extra reloads
- #307 Add docs for body-size annotation
- #306 modify nginx readme
- #304 change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams'
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2
New Features:
- New configuration flag
proxy-set-headers
to allow set custom headers before send traffic to backends. Example here - Disable directive access_log globally using
disable-access-log: "true"
in the configuration ConfigMap. - Sticky session per Ingress rule using the annotation
ingress.kubernetes.io/affinity
. Example here
Changes:
- #300 Change nginx variable to use in filter of access_log
- #296 Fix rewrite regex to match the start of the URL and not a substring
- #293 Update makefile gcloud docker command
- #290 Update nginx version in ingress controller to 1.11.10
- #286 Add logs to help debugging and simplify default upstream configuration
- #285 Added a Node StoreLister type
- #281 Add chmod up directory tree for world read/execute on directories
- #279 fix wrong link in the file of examples/README.md
- #275 Pass headers to custom error backend
- #272 Fix error getting class information from Ingress annotations
- #268 minor: Fix typo in nginx README
- #265 Fix rewrite annotation parser
- #262 Add nginx README and configuration docs back
- #261 types.go: fix typo in godoc
- #258 Nginx sticky annotations
- #255 Adds support for disabling access_log globally
- #247 Fix wrong URL in nginx ingress configuration
- #246 Add support for custom proxy headers using a ConfigMap
- #244 Add information about cors annotation
- #241 correct a spell mistake
- #232 Change searchs with searches
- #231 Add information about proxy_protocol in port 442
- #228 Fix worker check issue
- #227 proxy_protocol on ssl_passthrough listener
- #223 Fix panic if a tempfile cannot be created
- #220 Fixes for minikube usage instructions.
- #219 Fix typo, add a couple of links.
- #218 Improve links from CONTRIBUTING.
- #217 Fix an e2e link.
- #212 Simplify code to obtain TCP or UDP services
- #208 Fix nil HTTP field
- #198 Add an example for static-ip and deployment
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.1
New Features:
- SSL Passthrough
- New Flag
--publish-service
that set the Service fronting the ingress controllers - Ingress status shows the correct IP/hostname address without duplicates
- Custom body sizes per Ingress
- Prometheus metrics
Breaking changes:
- Flag
--nginx-configmap
was replaced with--configmap
- Configmap field
body-size
was replaced withproxy-body-size
Changes:
- #184 Fix template error
- #179 Allows the usage of Default SSL Cert
- #178 Add initialization of proxy variable
- #177 Refactoring sysctlFSFileMax helper
- #176 Fix TLS does not get updated when changed
- #174 Update nginx to 1.11.9
- #172 add some unit test cases for some packages under folder "core.pkg.ingress"
- #168 Changes the SSL Temp file to something inside the same SSL Directory
- #165 Fix rate limit issue when more than 2 servers enabled in ingress
- #161 Document some missing parameters and their defaults for NGINX controller
- #158 prefect unit test cases for annotation.proxy
- #156 Fix issue for ratelimit
- #154 add unit test cases for core.pkg.ingress.annotations.cors
- #151 Port in redirect
- #150 Add support for custom header sizes
- #149 Add flag to allow switch off the update of Ingress status
- #148 Add annotation to allow custom body sizes
- #145 fix wrong links and punctuations
- #144 add unit test cases for core.pkg.k8s
- #143 Use protobuf instead of rest to connect to apiserver host and add troubleshooting doc
- #142 Use system fs.max-files as limits instead of hard-coded value
- #141 Add reuse port and backlog to port 80 and 443
- #138 reference to const
- #136 Add content and descriptions about nginx's configuration
- #135 correct improper punctuation
- #134 fix typo
- #133 Add TCP and UDP services removed in migration
- #132 Document nginx controller configuration tweaks
- #128 Add tests and godebug to compare structs
- #126 change the type of imagePullPolicy
- #123 Add resolver configuration to nginx
- #119 add unit test case for annotations.service
- #115 add default_server to listen statement for default backend
- #114 fix typo
- #113 Add condition of enqueue and unit test cases for task.Queue
- #108 annotations: print error and skip if malformed
- #107 fix some wrong links of examples which to be used for nginx
- #103 Update the nginx controller manifests
- #101 Add unit test for strings.StringInSlice
- #99 Update nginx to 1.11.8
- #97 Fix gofmt
- #96 Fix typo PassthrougBackends -> PassthroughBackends
- #95 Deny location mapping in case of specific errors
- #94 Add support to disable server_tokens directive
- #93 Fix sort for catch all server
- #92 Refactoring of nginx configuration deserialization
- #91 Fix x-forwarded-port mapping
- #90 fix the wrong link to build/test/release
- #89 fix the wrong links to the examples and developer documentation
- #88 Fix multiple tls hosts sharing the same secretName
- #86 Update X-Forwarded-Port
- #82 Fix incorrect X-Forwarded-Port for TLS
- #81 Do not push containers to remote repo as part of test-e2e
- #78 Fix #76: hardcode X-Forwarded-Port due to SSL Passthrough
- #77 Add support for IPV6 in dns resolvers
- #66 Start FAQ docs
- #65 Support hostnames in Ingress status
- #64 Sort whitelist list to avoid random orders
- #62 Fix e2e make targets
- #61 Ignore coverage profile files
- #58 Fix "invalid port in upstream" on nginx controller
- #57 Fix invalid port in upstream
- #54 Expand developer docs
- #52 fix typo in variable ProxyRealIPCIDR
- #44 Bump nginx version to one higher than that in contrib
- #36 Add nginx metrics to prometheus
- #34 nginx: also listen on ipv6
- #32 Restart nginx if master process dies
- #31 Add healthz checker
- #25 Fix a data race in TestFileWatcher
- #12 Split implementations from generic code
- #10 Copy Ingress history from kubernetes/contrib
- #1498 Refactoring of template handling
- #1571 use POD_NAMESPACE as a namespace in cli parameters
- #1591 Always listen on port 443, even without ingress rules
- #1596 Adapt nginx hash sizes to the number of ingress
- #1653 Update image version
- #1672 Add firewall rules and ing class clarifications
- #1711 Add function helpers to nginx template
- #1743 Allow customisation of the nginx proxy_buffer_size directive via ConfigMap
- #1749 Readiness probe that works behind a CP lb
- #1751 Add the name of the upstream in the log
- #1758 Update nginx to 1.11.4
- #1759 Add support for default backend in Ingress rule
- #1762 Add cloud detection
- #1766 Clarify the controller uses endpoints and not services
- #1767 Update godeps
- #1772 Avoid replacing nginx.conf file if the new configuration is invalid
- #1773 Add annotation to add CORS support
- #1786 Add docs about go template
- #1796 Add external authentication support using auth_request
- #1802 Initialize proxy_upstream_name variable
- #1806 Add docs about the log format
- #1808 WebSocket documentation
- #1847 Change structure of packages
- Add annotation for custom upstream timeouts
- Mutual TLS auth (kubernetes-retired/contrib#1870)
- #1450 Check for errors in nginx template
- #1498 Refactoring of template handling
- #1467 Use ClientConfig to configure connection
- #1575 Update nginx to 1.11.3
- #1336 Add annotation to skip ingress rule
- #1338 Add HTTPS default backend
- #1351 Avoid generation of invalid ssl certificates
- #1379 improve nginx performance
- #1350 Improve performance (listen backlog=net.core.somaxconn)
- #1384 Unset Authorization header when proxying
- #1398 Mitigate HTTPoxy Vulnerability
- #1063 watches referenced tls secrets
- #850 adds configurable SSL redirect nginx controller
- #1136 Fix nginx rewrite rule order
- #1144 Add cidr whitelist support
- #1230 Improve docs and examples
- #1258 Avoid sync without a reachable
- #1235 Fix stats by country in nginx status page
- #1236 Update nginx to add dynamic TLS records and spdy
- #1238 Add support for dynamic TLS records and spdy
- #1239 Add support for conditional log of urls
- #1253 Use delayed queue
- #1296 Fix formatting
- #1299 Fix formatting
- #898 reorder locations. Location / must be the last one to avoid errors routing to subroutes
- #946 Add custom authentication (Basic or Digest) to ingress rules
- #926 Custom errors should be optional
- #1002 Use k8s probes (disable NGINX checks)
- #962 Make optional http2
- #1054 force reload if some certificate change
- #958 update NGINX to 1.11.0 and add digest module
- #960 https://trac.nginx.org/nginx/changeset/ce94f07d50826fcc8d48f046fe19d59329420fdb/nginx
- #1057 Remove loadBalancer ip on shutdown
- #1079 path rewrite
- #1093 rate limiting
- #1102 geolocation of traffic in stats
- #884 support services running ssl
- #930 detect changes in configuration configmaps