v3.1.0
·
26 commits
to release-3.1
since this release
What's Changed
🚀 Features
- Reseting default TLS settings and making them optional by @jasonwilliams14 in #3302
- feat: Enable keepalive-time for healthchecks in VS and VSR by @ciarams87 in #3451
- Support empty path for ImplementationSpecific pathType by @ciarams87 in #3507
- Use new NSM Spiffe and Cert rotation library by @avahahn in #3482
- feat: Add initial support for SSL termination for TransportServer by @ciarams87 in #3462
- App Policy Bundle by @jjngx in #3560
- Prometheus tls path by @shaun-nx in #3615
- Push edge Helm Chart to OCI registries by @lucacome in #3581
- Use the "runtime default" seccomp profile by @sigv in #3629
- Remove app protect agent by @jjngx in #3646
🐛 Bug Fixes
- Support non-vs created Challenge Ingress by @ciarams87 in #3463
- Move logic for
-enable-leader-electionflag in helm templates by @shaun-nx in #3475 - Add missing OSS internal routes by @chase-kiefer in #3481
- Ensure non-ready endpoints are not added to upstreams by @shaun-nx in #3541
- Update keyCache path for JWKs to avoid conflict with OIDC by @shaun-nx in #3583
- Update proxy cache zone name by @shaun-nx in #3604
- set Content-Length "" for jwks uri and enable test by @vepatel in #3607
- remove unwanted chars from label value by @vepatel in #3660
📦 Helm Chart
- Allow extra args to be provided to the OIDC auth endpoint by @alanwilkie-finocomp in #3034
- Correct values.schema.json nodeSelector by @coolbry95 in #3449
- Fix Helm Chart Schema for priorityClassName by @lucacome in #3448
- Add websocket protocol option to monitor directive by @pasmant in #3442
- Add support for custom environment variables on the Nginx Controller container by @AaronShiels in #3326
- fix: Add OnDelete to allowed strategy values by @ciarams87 in #3519
- fix: controller.topologySpreadConstraints schema by @marcuz in #3527
- add pod disruption budget for ingress controller by @coolbry95 in #3248
- Update schema references to k8s v1.26.1 by @lucacome in #3537
- Update docs in main for Release 3.0.2 (#3547) by @ciarams87 in #3557
- chore: Add new label and metadata to pod by @ciarams87 in #3586
- Rework port binding logic without privileges by @sigv in #3573
- Fix Helm Chart labels and templates. Move version update to labels by @lucacome in #3606
- Configure IC root filesystem as read-only by @sigv in #3548
- feat: Add access token support in the OIDC by @shawnhankim in #3474
- Update nginx.org/ca secret type & crl field to IngressMTLS to support CRL by @shaun-nx in #3632
- Move NAP DoS chart to new repo by @lucacome in #3674
🧪 Tests
- DoS Status by @pasmant in #3379
- Move test containers to separate repo by @lucacome in #3454
- Add tests for jwt jwksuri by @vepatel in #3511
- make changes to req type and parameters by @vepatel in #3528
- Format shell scripts by @lucacome in #3590
- skip jwksuri test by @vepatel in #3612
- Add SBOMs for Docker images by @lucacome in #3627
- fix: Requeue DNSEndpoint request when create fails with already exists error by @ciarams87 in #3637
🔨 Maintenance
- Update workflow for UBI image by @lucacome in #3435
- Update packages for CVEs by @lucacome in #3447
- Fix dependabot for test deps and run checks weekly by @lucacome in #3452
- Fix dependabot for test by @lucacome in #3456
- chore: Output of gofumpt and remove deprecated reference by @ciarams87 in #3464
- Remove sync with internal repo by @lucacome in #3467
- Add missing file to update IC version for release by @haywoodsh in #3438
- Update package for CVE-2022-44617 by @lucacome in #3484
- Sync only once a week by @lucacome in #3494
- Remove tests from Docker update by @lucacome in #3485
- Change flow in CI workflow by @lucacome in #3505
- Only add the test container to cache once by @lucacome in #3518
- Update packages for CVE-2023-0286 by @lucacome in #3536
- Decouple UBI images for Plus and NAP by @lucacome in #3540
- Update labels and issue docs by @lucacome in #3553
- Replace deprecated command with environment file by @jongwooo in #3576
- Add detect-private-key to pre-commit by @lucacome in #3589
- Remove libcap by @lucacome in #3616
- Remove strict permissions for Helm in CI by @lucacome in #3648
- Add workaround for using latest UBI 8 for NAP by @lucacome in #3647
- Add Contributing Guidelines to bot response by @lucacome in #3652
- Don't use blocking status check by @lucacome in #3664
- PRs with docs changes appear in their own sections in changelog by @haywoodsh in #3437
📝 Documentation
- Release 3.0.0 (#3429) by @lucacome in #3434
- Add documentation for the Helm Operator OOM issue by @haywoodsh in #3470
- Correct typo in JWKS documentation by @haywoodsh in #3466
- Document and make public new issue lifecycle by @tomasohaodha in #3465
- clarify deep service insight by @brianehlert in #3453
- Release 3.0.1 by @lucacome in #3483
- Fix helm values to match chart value by @jasonwilliams14 in #3497
- docs: Hugo theme February 23 update by @ADubhlaoich in #3532
- fix: Add missing directory to NGINX App Protect DoS Instructions by @ADubhlaoich in #3605
- feat: Fix instruction link for NGINX Ingress Helm Operator by @ADubhlaoich in #3596
- Update service-insight.md to fix helm parameter typo by @aknot242 in #3654
- Add documentation for read-only root filesystem by @vepatel in #3661
- Add WAF Bundle example by @jjngx in #3656
- Revert "Add WAF Bundle example (#3656)" by @jjngx in #3677
- Release 3.1.0 by @shaun-nx in #3685
⬆️ Dependencies
Details
- Bump docker/metadata-action from 4.1.1 to 4.2.0 by @dependabot in #3425
- Bump urllib3 from 1.26.13 to 1.26.14 in /tests by @dependabot in #3426
- Bump urllib3 from 1.26.13 to 1.26.14 in /perf-tests by @dependabot in #3427
- Bump requests from 2.28.1 to 2.28.2 in /perf-tests by @dependabot in #3432
- Bump github/codeql-action from 2.1.37 to 2.1.38 by @dependabot in #3430
- Bump requests from 2.28.1 to 2.28.2 in /tests by @dependabot in #3433
- Bump joshdales/labeler from 4c74e8446142eeec7aa182f52ea24306a5479850 to 7b1327b4c44a8794dfc7573d60637cd60ce4b697 by @dependabot in #3431
- Bump docker/metadata-action from 4.2.0 to 4.3.0 by @dependabot in #3439
- Bump k8s.io/client-go from 0.26.0 to 0.26.1 by @dependabot in #3458
- Bump docker/build-push-action from 3.2.0 to 3.3.0 by @dependabot in #3444
- Bump pytest from 7.2.0 to 7.2.1 in /tests by @dependabot in #3445
- Bump pytest from 7.2.0 to 7.2.1 in /perf-tests by @dependabot in #3443
- Bump k8s.io/code-generator from 0.26.0 to 0.26.1 by @dependabot in #3461
- Bump github/codeql-action from 2.1.38 to 2.1.39 by @dependabot in #3457
- Bump cachetools from 5.2.1 to 5.3.0 in /tests by @dependabot in #3471
- Bump reviewdog/action-actionlint from 1.35.0 to 1.36.0 by @dependabot in #3473
- Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #3472
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.0 to 1.14.1 by @dependabot in #3476
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.8 to 1.18.9 by @dependabot in #3477
- Bump google.golang.org/grpc from 1.52.0 to 1.52.1 by @dependabot in #3478
- Bump actions/github-script from 6.3.3 to 6.4.0 by @dependabot in #3488
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.9 to 1.18.10 by @dependabot in #3490
- Bump lucacome/docker-image-update-checker from 1.1.1 to 1.2.0 by @dependabot in #3492
- Bump anchore/sbom-action from 0.13.1 to 0.13.3 by @dependabot in #3486
- Bump google.golang.org/grpc from 1.52.1 to 1.52.3 by @dependabot in #3489
- Bump github/codeql-action from 2.1.39 to 2.2.1 by @dependabot in #3496
- Bump websocket-client from 1.4.2 to 1.5.0 in /tests by @dependabot in #3493
- Bump actions/cache from 3.2.3 to 3.2.4 by @dependabot in #3501
- Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 by @dependabot in #3503
- Bump sigs.k8s.io/controller-tools from 0.11.1 to 0.11.2 by @dependabot in #3504
- Bump docker/setup-buildx-action from 2.2.1 to 2.4.0 by @dependabot in #3502
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3506
- Bump lucacome/docker-image-update-checker from 1.2.0 to 1.2.1 by @dependabot in #3509
- Bump golang from 1.19-alpine to 1.20-alpine in /build by @dependabot in #3515
- Bump Go to 1.20 by @lucacome in #3517
- Bump github/codeql-action from 2.2.1 to 2.2.2 by @dependabot in #3529
- Bump sigs.k8s.io/controller-tools from 0.11.2 to 0.11.3 by @dependabot in #3524
- Bump docker/setup-buildx-action from 2.4.0 to 2.4.1 by @dependabot in #3521
- Bump aquasecurity/trivy-action from 0.8.0 to 0.9.0 by @dependabot in #3514
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3526
- Bump docker/build-push-action from 3.3.0 to 4.0.0 by @dependabot in #3508
- Bump cryptography from 39.0.0 to 39.0.1 in /tests by @dependabot in #3530
- Bump websocket-client from 1.5.0 to 1.5.1 in /tests by @dependabot in #3522
- Bump google.golang.org/grpc from 1.52.3 to 1.53.0 by @dependabot in #3531
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.10 to 1.18.12 by @dependabot in #3523
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.1 to 1.14.2 by @dependabot in #3525
- Bump github/codeql-action from 2.2.2 to 2.2.3 by @dependabot in #3538
- Bump actions/cache from 3.2.4 to 3.2.5 by @dependabot in #3543
- Bump aquasecurity/trivy-action from 0.9.0 to 0.9.1 by @dependabot in #3542
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.2 to 1.14.3 by @dependabot in #3559
- Update packages for CVE-2023-0361 and CVE-2023-23916 by @lucacome in #3563
- Update golang.org/x/net for CVE-2022-41723 by @lucacome in #3565
- Bump kubernetes from 25.3.0 to 26.1.0 in /perf-tests by @dependabot in #3567
- Bump google-auth from 2.16.0 to 2.16.1 in /tests by @dependabot in #3568
- Bump github/codeql-action from 2.2.3 to 2.2.4 by @dependabot in #3549
- Bump actions/cache from 3.2.5 to 3.2.6 by @dependabot in #3577
- Bump github.com/golang-jwt/jwt/v4 from 4.4.3 to 4.5.0 by @dependabot in #3571
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.12 to 1.18.14 by @dependabot in #3579
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.3 to 1.14.4 by @dependabot in #3580
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3572
- Bump kubernetes from 25.3.0 to 26.1.0 in /tests by @dependabot in #3570
- Bump protobuf from 4.21.12 to 4.22.0 in /tests by @dependabot in #3569
- Bump grpcio from 1.51.1 to 1.51.3 in /tests by @dependabot in #3599
- Bump more-itertools from 9.0.0 to 9.1.0 in /tests by @dependabot in #3598
- Bump grpcio-tools from 1.51.1 to 1.51.3 in /tests by @dependabot in #3597
- Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by @dependabot in #3601
- Update packages for CVEs by @lucacome in #3603
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.14 to 1.18.15 by @dependabot in #3588
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.4 to 1.14.5 by @dependabot in #3587
- Bump github/codeql-action from 2.2.4 to 2.2.5 by @dependabot in #3600
- Bump k8s.io/client-go from 0.26.1 to 0.26.2 by @dependabot in #3611
- Bump k8s.io/code-generator from 0.26.1 to 0.26.2 by @dependabot in #3609
- Bump protobuf from 4.22.0 to 4.22.1 in /tests by @dependabot in #3626
- Bump locust from 2.14.2 to 2.15.0 in /perf-tests by @dependabot in #3621
- Bump peter-evans/dockerhub-description from 3.1.2 to 3.3.0 by @dependabot in #3624
- Bump google-auth from 2.16.1 to 2.16.2 in /tests by @dependabot in #3618
- Bump pytest from 7.2.1 to 7.2.2 in /perf-tests by @dependabot in #3619
- Update packages for CVEs by @lucacome in #3628
- Bump cryptography from 39.0.1 to 39.0.2 in /tests by @dependabot in #3623
- Bump pytest from 7.2.1 to 7.2.2 in /tests by @dependabot in #3620
- Bump charset-normalizer from 2.1.1 to 3.1.0 in /tests by @dependabot in #3622
- Bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 by @dependabot in #3625
- Bump actions/cache from 3.2.6 to 3.3.0 by @dependabot in #3631
- Bump github/codeql-action from 2.2.5 to 2.2.6 by @dependabot in #3641
- Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 by @dependabot in #3634
- Bump kindest/node from v1.26.0 to v1.26.2 in /tests/docker by @dependabot in #3640
- Bump actions/cache from 3.3.0 to 3.3.1 by @dependabot in #3642
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3645
- Bump urllib3 from 1.26.14 to 1.26.15 in /tests by @dependabot in #3638
- Bump urllib3 from 1.26.14 to 1.26.15 in /perf-tests by @dependabot in #3639
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.15 to 1.18.17 by @dependabot in #3649
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.5 to 1.14.6 by @dependabot in #3643
- Bump actions/setup-go from 3.5.0 to 4.0.0 by @dependabot in #3651
- Bump github/codeql-action from 2.2.6 to 2.2.7 by @dependabot in #3650
- Bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #3657
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.2 to 2.1.3 by @dependabot in #3658
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.17 to 1.18.18 by @dependabot in #3659
- Bump anchore/sbom-action from 0.13.3 to 0.13.4 by @dependabot in #3668
- Bump locust from 2.15.0 to 2.15.1 in /perf-tests by @dependabot in #3669
- Bump k8s.io/client-go from 0.26.2 to 0.26.3 by @dependabot in #3672
- Bump k8s.io/code-generator from 0.26.2 to 0.26.3 by @dependabot in #3673
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3676
New Contributors
- @alanwilkie-finocomp made their first contribution in #3034
- @AaronShiels made their first contribution in #3326
- @marcuz made their first contribution in #3527
- @avahahn made their first contribution in #3482
- @jongwooo made their first contribution in #3576
- @sigv made their first contribution in #3573
- @shawnhankim made their first contribution in #3474
Full Changelog: v3.0.0...v3.1.0
Upgrade
- For NGINX, use the v3.1.0 image from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v3.1.0 image from the F5 Container registry or the AWS Marketplace or build your own image using the v3.1.0 source code.
- For Helm, use version 0.17.0 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.1.0/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.1.0/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-operator/
Contributors
lucacome, marcuz, and 21 other contributors