Changelog

0.25.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.0

New Features:

Validating webhook for ingress sanity check documentation
Migration from NGINX to OpenResty 1.15.8
ARM image
Improve external authorization concept from opt-in to secure-by-default 3506
Reduce memory footprint and cpu usage when modsecurity is enabled 4091
Support new networking.k8s.io/v1beta1 package (for Kubernetes cluster > v1.14.0) 4127
New variable $proxy_alternative_upstream_name in the log to show a hit in a canary endpoint #4246

Non-functional improvements:

Migration from travis-ci to Prow
Testgrid dashboards for ingress-nginx
Update kind to v0.4.0
Switch to go modules
Go v1.12.6
Docker size image reduced by 20%

Changes:

#3506 Improve the external authorization concept from opt-in to secure-by-default
#3802 Add a validating webhook for ingress sanity check
#3803 use nkeys for counting lua table elements
#3852 Enable arm again
#4004 Remove valgrind
#4005 Support proxy_next_upstream_timeout
#4008 refactor GetFakeSSLCert
#4009 Update nginx to 1.15.12
#4010 Update nginx image and Go to 1.12.4
#4012 Switch to go modules
#4022 Add e2e test coverage for mult-auth
#4042 Release custom error pages image v0.4 [skip-ci]
#4048 Change upstream on error when sticky session balancer is used
#4055 Rearrange deployment files into kustomizations
#4064 Update go to 1.12.5, kubectl to 1.14.1 and kind to 0.2.1
#4067 Trim spaces from annotations that can contain multiple lines
#4069 fix e2e-test make target
#4070 Don't try to create e2e runner rbac resources twice
#4080 Load modsecurity config with OWASP core rules
#4088 Migrate to Prow
#4091 reduce memory footprint and cpu usage when modsecurity and owasp rule
#4100 Remove stop controller endpoint
#4101 Refactor whitelist from map to standard allow directives
#4102 Refactor ListIngresses to add filters
#4105 UPT: Add variable to define custom sampler host and port
#4108 Add retry to LookupHost used to check the content of ExternalName
#4109 Use real apiserver
#4110 Update e2e images
#4113 Force GOOS to linux
#4119 Only load module ngx_http_modsecurity_module.so when option enable-mo…
#4120 log info when endpoints change for a balancer
#4122 Update Nginx to 1.17.0 and upgrade some other modules
#4123 Update nginx image to 0.86
#4127 Migrate to new networking.k8s.io/v1beta1 package
#4128 feature(collectors): Added services to collectorLabels
#4133 Run PodSecurityPolicy E2E test in parallel
#4135 Use apps/v1 api group in e2e tests
#4140 update modsecurity to latest, libmodsecurity to v3.0.3 and owasp-scrs…
#4150 Update nginx
#4160 SSL expiration metrics cannot be tied to dynamic updates
#4162 Add "text/javascript" to compressible MIME types
#4164 fix source file mods
#4166 Session Affinity ChangeOnFailure should be boolean
#4169 simplify sticky balancer and fix a bug
#4180 Service type=ExternalName can be defined with ports
#4185 Fix: fillout missing health check timeout on health check.
#4187 Add unit test cases for balancer lua module
#4191 increase lua_shared_dict config data
#4204 Add e2e test for service type=ExternalName
#4212 Add e2e tests for grpc
#4214 Update go dependencies
#4219 Get AuthTLS annotation unit tests to 100%
#4220 Migrate to openresty
#4221 Switch to openresty image
#4223 Remove travis-ci badge
#4224 fix monitor test after move to openresty
#4225 Update image dependencies
#4226 Update nginx image
#4227 Fix misspelled and e2e check
#4229 Do not send empty certificates to nginx
#4232 override least recently used entries when certificate_data dict is full
#4233 Update nginx image to 0.90
#4235 Add new lints
#4236 Add e2e test suite to detect memory leaks in lua
#4237 Update go dependencies
#4246 introduce proxy_alternative_upstream_name Nginx var
#4249 test to make sure dynamic cert works trailing dot in domains
#4250 Lint shell scripts
#4251 Refactor prometheus leader helper
#4253 Remove kubeclient configuration
#4254 Update kind to 0.4.0
#4257 Fix error deleting temporal directory in case of errors
#4258 Fix go imports
#4267 More e2e tests
#4270 GetLbAlgorithm helper func for e2e
#4272 introduce ngx.var.balancer_ewma_score
#4273 Check and complete intermediate SSL certificates
#4274 Support trailing dot

Documentation:

#3966 Documentation example code fix
#3978 Fix CA certificate example docs
#3981 Add missing PR in changelog [skip ci]
#3982 Add kubectl plugin docs
#3987 Link to kubectl plugin docs in nav
#4014 Update plugin krew manifest
#4034 🔧 fix navigation error in file baremetal.md
#4036 Docs have incorrect command in baremetal.md
#4037 [doc] fixing regex in example of rewrite
#4040 Fix default Content-Type for custom-error-pages example
#4068 fix typo: deployement->deployment
#4082 Explain references in custom-headers documentation
#4089 Docs: configmap: use-gzip
#4099 Docs - Update capture group placeholder
#4098 Update configmap about adding custom locations
#4107 Clear up some inconsistent / unclear wording
#4132 Update README.md for external-auth Test 4
#4153 Add clarification on how to enable path matching
#4159 Partially revert usage of kustomize for installation
#4217 Fix typo in annotations
#4228 Add notes on timeouts while using long GRPC streams

0.24.1

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1

Changes:

#3990 Fix dynamic cert issue with default-ssl-certificate
#3980 Refactor isIterable
#4000 Dynamic ssl improvements
#4007 do not create empty access_by_lua_block

0.24.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.0

New Features:

NGINX 1.15.10

Changes:

#3743 Remove session-cookie-hash annotation
#3786 Fix x-forwarded-prefix annotation
#3798 Move some configuration logic from Nginx config to Lua code
#3806 Migrate e2e cluster to kind
#3807 Lua plugin system - MVP
#3808 make dynamic SSL mode default
#3827 Fix plugin install location
#3829 Prevent e2e-tests from running on non-local clusters
#3833 bump luajit version to v2.1-20190228
#3835 Update nginx image
#3839 Fix panic on multiple non-matching canary
#3846 Fix race condition in metric process collector test
#3849 Use Gauge instead of Counter for connections_active Prometheus metric
#3853 Remove authbind
#3856 Fix ssl-dh-param issue when secret does not exit
#3864 ing.Service with multiple hosts fix
#3870 Improve kubectl plugin
#3871 Fix name of field used to sort ingresses [skip-ci]
#3875 Allow the use of a secret located in a different namespace
#3882 Add support for IPV6 resolvers
#3884 update GKE header to match link in contents
#3885 Refactor status update
#3886 Clean up ssl package and fix dynamic cert mode
#3887 Remove useless nodeip calls and deprecate --force-namespace-isolation
#3889 Separate out annotation assignment logic
#3895 Correctly format ipv6 resolver config for lua
#3900 Add lint subcommand to plugin
#3907 Remove unnecessary copy of GeoIP databases
#3908 Update nginx image
#3918 Set X-Request-ID for the default-backend, too.
#3927 Update apiVersion to apps/v1, drop duplicate line
#3932 Fix dynamic SSL certificate for aliases and redirect-from-to-www
#3933 Update nginx to 1.15.10
#3934 Update nginx image
#3943 Update dependencies
#3947 Adds a log warning when falling back to default fake cert
#3950 Fix forwarded host parsing
#3954 Fix load-balance configmap value
#3955 Plugin select deployment using replicaset name
#3958 Refactor equals
#3960 Fix segfault on reference to nonexistent configmap
#3968 Update nginx image
#3969 Update nginx image to 0.84

Documentation:

#3841 Improve "Sticky session" docs
#3836 Update mkdocs [skip ci]
#3847 Add missing basic usage documentation link
#3874 Update embargo doc link in SECURITY_CONTACTS and change PST to PSC
#3890 Make sure cli-arguments doc is in alphabetical order
#3945 fix typo: delete '`'

0.23.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.23.0

New Features:

NGINX 1.15.9
New canary-by-header-value annotation.
New debug binary to get runtime information from lua 3686
Support for Opentracing with Datadog
New kubectl plugin Alpha

Breaking changes:

The NGINX server listening in port 18080 was removed. It was replaced by a server using an unix socket as port #3684 This server was internal to the ingress controller. In case this was being acceded from the outside, you can restore the old server using the http-snipet feature in the configuration configmap like:
```
http-snippet: |
  server {
    listen 18080;

    location /nginx_status {
      allow 127.0.0.1;
      allow ::1;
      deny all;
      stub_status on;
    }

    location / {
      return 404;
    }
  }
```

Changes:

#3619 add header-value annotation
#3628 Fix 503 error generation on empty endpoints
#3666 rename sysctlFSFileMax to rlimitMaxNumFiles to reflect what it actually does
#3667 worker_connections should be less (3/4th) than worker_rlimit_nofile
#3671 bugfix: fixed duplicated seeds.
#3673 used table functions of LuaJIT for better performance.
#3674 used cjson.safe instead of pcall.
#3682 enable use-forwarded-headers for L7 LB
#3684 Replace Status port using a socket
#3686 Add debug binary to the docker image
#3695 > Don't reload nginx when L4 endpoints changed
#3696 Apply annotations to default location
#3698 Fix --disable-catch-all
#3702 Add params for access log
#3704 make sure dev-env forces context to be minikube
#3728 Fix flaky test
#3730 Changes CustomHTTPErrors annotation to use custom default backend
#3734 remove old unused lua dicts
#3736 do not unnecessarily log
#3737 Adjust probe timeouts
#3739 dont log unnecessarily
#3740 Fix ingress updating for session-cookie-* annotation changes
#3747 Update nginx and modules
#3748 Update nginx image
#3749 Enhance Unit Tests for Annotations
#3750 Update go dependencies
#3751 Parse environment variables in OpenTracing configuration
#3756 Create custom annotation for satisfy "value"
#3757 Add mention of secure-backends to backend-protocol docs
#3764 delete confusing CustomErrors attribute to make things more explicit
#3765 simplify customhttperrors e2e test and add regression test and fix a bug
#3766 Support Opentracing with Datadog - part 2
#3767 Support Opentracing with Datadog - part 1
#3771 Do not log unnecessarily
#3772 Fix dashboard link [skip ci]
#3775 Fix DNS lookup failures in L4 services
#3779 Add kubectl plugin
#3780 Enable access log for default backend
#3781 feat: configurable proxy buffers number
#3782 Lua bridge tracer
#3784 use correct host for jaeger-collector-host in docs
#3785 use latest base nginx image
#3787 Use UsePortInRedirects only if enabled
#3791 - remove annotations in nginxcontroller struct
#3792 dont restart minikube when it is already running
#3793 Update mergo dependency
#3794 use use-context that actually changes the context
#3795 do not warn when optional annotations arent set
#3799 Add /dbg certs command
#3800 Refactor e2e
#3809 Upgrade openresty/lua-resty-balancer
#3810 Update nginx image
#3811 Fix e2e tests
#3812 Removes unused const from customhttperrors e2e test
#3813 Prevent dep from vendoring grpc-fortune-teller dependencies
#3819 Fix e2e test in osx
#3820 Update nginx image
#3821 Update nginx to 1.15.9
#3822 Set default for satisfy annotation to nothing

Documentation:

#3680 mention rewrite-target change for 0.22.0
#3693 Correcting links for gRPC Fortune Teller app
#3701 Update usage documentation for default-backend annotation
#3705 Increase Unit Test Coverage for Templates
#3708 Update OWNERS
#3731 Update a doc example that uses rewrite-target

Deprecations:

The annotation session-cookie-hash is deprecated and will be removed in 0.24.
Flag --force-namespace-isolation is deprecated and will be removed in 0.24. Currently this annotation is being replaced by --watch-namespace

0.22.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.22.0

New Features:

NGINX 1.15.8
New balancer implementation: consistent hash subset
Adds support for HTTP2 Push Preload annotation
Allow to disable NGINX prometheus metrics
New --disable-catch-all flag to ignore catch-all ingresses
Add flag --metrics-per-host to make per-host metrics optional

Breaking changes:

Annotation nginx.ingress.kubernetes.io/rewrite-target has changed and will not behave as expected if you don't update them.

Refer to https://kubernetes.github.io/ingress-nginx/examples/rewrite/#rewrite-target on how to change it.

Refer to kubernetes#3174 (comment) on how to do seamless migration.
Annotations nginx.ingress.kubernetes.io/add-base-url and nginx.ingress.kubernetes.io/base-url-scheme were removed.

Please check issue #3174 for details.
By default do not trust any client to extract true client IP address from X-Forwarded-For header using realip module (use-forwarded-headers: "false")

Changes:

#3174 Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
#3240 Adds support for HTTP2 Push Preload annotation
#3333 breaking change: by default do not trust any client
#3342 Allow privilege escalation
#3363 Document for cookie expires annotation
#3396 New balancer implementation: consistent hash subset
#3446 add more testing for mergeAlternativeBackends
#3453 Monitor fixes
#3455 Watch controller Pods and make then available in k8sStore
#3465 Bump nginx-opentracing for gRPC support
#3467 store ewma stats per backend
#3470 Use opentracing_grpc_propagate_context when necessary
#3474 Improve parsing of annotations and use of Ingress wrapper
#3476 Fix nginx directory permissions
#3477 clarify canary ingress
#3478 delete unused buildLoadBalancingConfig
#3487 dynamic certificate mode should support widlcard hosts
#3488 Add probes to deployments used in e2e tests
#3492 Fix data size validations
#3494 Since dynamic mode only checking for 'return 503' is not valid anymore
#3495 Adjust default timeout for e2e tests
#3497 Wait for the right number of endpoints
#3498 Update godeps
#3501 be consistent with what Nginx supports
#3503 compare error with error types from k8s.io/apimachinery/pkg/api/errors
#3504 fix an ewma unit test
#3505 Update lua configuration_data when number of controller pod change
#3507 Remove temporal configuration file after a while
#3508 Update nginx to 1.15.7
#3509 [1759] Ingress affinity session cookie with Secure flag for HTTPS
#3512 Allow to disable NGINX metrics
#3518 Fix log output format
#3521 Fix a bug with Canary becoming main server
#3522 {tcp,udp}-services cm appear twice
#3525 make canary ingresses independent of the order they were applied
#3530 Update nginx image
#3532 Ignore updates of ingresses with invalid class
#3536 Replace dockerfile entrypoint
#3548 e2e test to ensure graceful shutdown does not lose requests
#3551 Fix --enable-dynamic-certificates for nested subdomain
#3553 handle_error_when_executing_diff
#3562 Rename nginx.yaml to nginx.json
#3566 Add Unit Tests for getIngressInformation
#3569 fix status updated: make sure ingress.status is copied
#3573 Update Certificate Generation Docs to not use MD5
#3581 lua randomseed per worker
#3582 Sort ingresses by creation timestamp
#3584 Update go to 1.11.4
#3586 Add --disable-catch-all option to disable catch-all server
#3587 adjust dind istallation
#3594 Add a flag to make per-host metrics optional
#3596 Fix proxy_host variable configuration
#3601 Update nginx to 1.15.8
#3602 Update nginx image
#3604 Add an option to automatically set worker_connections based on worker_rlimit_nofile
#3615 Pass k8s Service data through to the TCP balancer script.
#3620 Added server alias to metrics
#3624 Update nginx to fix geoip database deprecation
#3625 Update nginx image
#3633 Fix a bug in Ingress update handler
#3634 canary by cookie should support hypen in cookie name
#3635 Fix duplicate alternative backend merging
#3637 Add support for redirect https to https (from-to-www-redirect)
#3640 add limit connection status code
#3641 Replace deprecated apiVersion in deploy folder
#3643 Update nginx
#3644 Update nginx image
#3648 Remove stickyness cookie domain from Lua balancer to match old behavior
#3649 Empty access_by_lua_block breaks satisfy any
#3655 Remove flag sort-backends
#3656 Change default value of flag for ssl chain completion
#3660 Revert max-worker-connections default value
#3664 Fix invalid validation creating prometheus valid host values

Documentation:

#3513 Revert removal of TCP and UDP support configmaps in mandatroy manifest
#3456 Revert TCP/UDP documentation removal and links
#3482 Annotations doc links: minor fixes and unification
#3491 Update example to use latest Dashboard version.
#3510 Update mkdocs [skip ci]
#3516 Fix error in configmap yaml definition
#3575 Add documentation for spec.rules.host format
#3577 Add standard labels to namespace specs
#3592 Add inside the User Guide documentation section a basic usage section and example
#3605 Fix CLA URLs
#3627 Typo: docs/examples/rewrite/README.md
#3632 Fixed: error parsing with-rbac.yaml: error converting YAML to JSON

0.21.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0

New Features:

NGINX 1.15.6 with fixes for vulnerabilities in HTTP/2 (CVE-2018-16843, CVE-2018-16844)
Support for TLSv1.3. Disabled by default. Use ssl-protocols ssl-protocols: TLSv1.3 TLSv1.2
New annotation for canary deployments
Support for configuration snippets when the authentication annotation is used
Support for custom ModSecurity configuration
LUA upstream configuration for TCP and UDP services

Changes:

#3156 [404-server] Removes 404 server
#3170 Move mainSnippet before events to fix load_module issue.
#3187 UPT: annotation enhancement for resty-lua-waf
#3190 Refactor e2e Tests to use common helper
#3193 Add E2E tests for HealthCheck
#3194 Make literal $ character work in set $location_path
#3195 Add e2e Tests for AuthTLS
#3196 Remove default backend requirement
#3197 Remove support for TCP and UDP services
#3198 Only support dynamic configuration
#3199 Remove duplication in files
#3201 no data shows for config reloads charts when select to namespace or controller
#3203 Remove annotations grpc-backend and secure-backend already deprecated
#3204 Flags publish-service and publish-status-address are mutually exclusive
#3205 Update OWNERS [skip ci]
#3207 delete upstream healthcheck annotation
#3209 Fix: update config map name
#3212 Add some extra detail to the client cert auth example regarding potential gotcha
#3213 Update deps
#3214 Cleanup of nginx image
#3219 Update nginx image
#3222 Allow Ability to Configure Upstream Keepalive
#3230 Retry initial backend configuration
#3231 Improve dynamic lua configuration
#3234 Added e2e tests for backend protocols
#3247 Refactor probe url requests
#3252 remove the command args of enable-dynamic-configuration
#3257 Add e2e tests for upstream vhost
#3260 fix logging calls
#3261 Mount minikube volume to docker container
#3265 Update kubeadm-dind-cluster
#3266 fix two bugs with backend-protocol annotation
#3267 Fix status update in case of connection errors
#3270 Don't sort IngressStatus from each Goroutine(update for each ingress)
#3277 Add e2e test for configuration snippet
#3279 Fix usages of %q formatting for numbers (%d)
#3280 Add e2e test for from-to-www-redirect
#3281 Add e2e test for log
#3285 Add health-check-timeout as command line argument
#3286 fix bug with balancer.lua configuration
#3295 Refactor EWMA to not use shared dictionaries
#3296 Update nginx and add support for TLSv1.3
#3297 Add e2e test for force-ssl-redirect
#3301 Add e2e tests for IP Whitelist
#3302 Add e2e test for server snippet
#3304 Update kubeadm-dind-cluster script
#3305 Add e2e test for app-root
#3306 Update e2e test to verify redirect code
#3309 Customize ModSecurity to be used in Locations
#3310 Fix geoip2 db files
#3313 Support cookie expires
#3320 Update nginx image and QEMU version
#3321 Add configuration for geoip2 module
#3322 Remove e2e boilerplate
#3324 Fix sticky session
#3325 Fix e2e tests
#3328 Code linting
#3332 Update build-single-manifest-sh,remove tcp-services-configmap.yaml and udp-services-configmap.yaml
#3338 Avoid reloads when endpoints are not available
#3341 Add canary annotation and alternative backends for traffic shaping
#3343 Auth snippet
#3344 Adds CustomHTTPErrors ingress annotation and test
#3345 update annotation
#3346 Add e2e test for session-cookie-hash
#3347 Add e2e test for ssl-redirect
#3348 Update cli-arguments.md. Remove tcp and udp, add health-check-timeout.
#3353 Update nginx modules
#3354 Update nginx image
#3356 Download latest dep releases instead of fetching from HEAD
#3357 Add missing modsecurity unicode.mapping file
#3367 Remove reloads when there is no endpoints
#3372 Add annotation for session affinity path
#3373 Update nginx
#3374 Revert removal of support for TCP and UDP services
#3383 Only set cookies on paths that enable session affinity
#3387 Modify the wrong function name
#3390 Add e2e test for round robin load balancing
#3400 Add Snippet for ModSecurity
#3404 Update nginx image
#3405 Prevent X-Forwarded-Proto forward during external auth subrequest
#3406 Update nginx and e2e image
#3407 Restructure load balance e2e tests and update round robin test
#3408 Fix modsecurity configuration file location
#3409 Convert isValidClientBodyBufferSize to something more generic
#3410 fix logging calls
#3415 bugfix: set canary attributes when initializing balancer
#3417 bugfix: do not merge catch-all canary backends with itself
#3421 Fix X-Forwarded-Proto typo
#3424 Update nginx image
#3425 Update nginx modules
#3428 Set proxy_host variable to avoid using default value from proxy_pass
#3437 Use struct to pack Ingress and its annotations
#3441 Match buffer
#3442 Increase log level when there is an invalid size value
#3453 Monitor fixes

Documentation:

#3166 Added ingress tls values.yaml example to documentation
#3215 align opentracing user-guide with nginx configmap configuration
#3229 Fix documentation links [skip ci]
#3232 Fix typo
#3242 Add a note to the deployment into GKE
#3249 Clarify mandatory script doc
#3262 Add e2e test for connection
#3263 "diretly" typo
#3264 Add missing annotations to Docs
#3271 the sample ingress spec error
#3275 Add Better Documentation for using AuthTLS
#3282 Fix some typos
#3312 Delete some extra words
#3319 Fix links in deploy index docs
#3326 fix broken link
#3349 fix typo
#3364 Fix links format [skip-ci]
#3366 Fix some typos
#3369 Fix some typos
#3370 Fix typo: whitlelist -> whitelist
#3377 Fix typos and default value
#3379 Fix typos
#3382 Fix typos: reqrite -> rewrite
#3388 Update annotations.md. Remove Duplication.
#3392 Fix link in documentation [skip ci]
#3395 Fix some documents issues

0.20.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0

New Features:

NGINX 1.15.5
Support for regular expressions in paths https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/ingress-path-matching.md
Provide possibility to block IPs, User-Agents and Referers globally
Remove --default-backend-service requirement. Use the flag only for custom default backends
Valgrind and Openresty gdb tools

Changes:

#2997 Provide possibility to block IPs, User-Agents and Referers globally
#3016 Log Errors Missing in Internal
#3017 Add e2e tests for CORS
#3022 Add support for valgrind
#3029 add support for http2-max-requests in configmap
#3035 Fixup #2970: Add Missing Label app.kubernetes.io/part-of: ingress-nginx
#3049 fix: Don't try and find local certs when secretName is not specified
#3050 Add Ingress variable in Grafana dashboard
#3062 Pass Host header for custom errors
#3065 Join host/port with go helper (supports ipv6)
#3067 fix missing datasource value
#3069 Replace client-go deprecated method
#3072 Update ingress service IP
#3073 do not hardcode the path
#3078 Fix Rewrite-Target Annotation Edge Case
#3079 Openresty gdb tools
#3080 Update nginx image to 0.62
#3098 make upstream keepalive work for http
#3100 update annotation name from rewrite-log to enable-rewrite-log
#3118 Replace standard json encoding with jsoniter
#3121 Typo fix: adresses -> addresses
#3126 do not require --default-backend-service
#3130 fix newlines location denied
#3133 multi-tls readme example to reference the file
#3134 Update nginx to 1.15.4
#3135 Remove payload from post log
#3136 Update nginx image
#3137 Docker run as user
#3143 Ensure monitoring for custom error pages
#3144 Fix incorrect .DisableLua access.
#3145 Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
#3146 Update default backend image
#3147 Fix error publishing docs [skip ci]
#3149 Add e2e Tests for Proxy Annotations
#3151 Add e2e test for SSL-Ciphers
#3159 Pass --shell to minikube docker-env
#3178 Update nginx to 1.15.5
#3179 Update nginx image
#3182 Allow curly braces to be used in regex paths

Documentation:

#3021 Fix documentation search
#3027 Add documentation about running Ingress NGINX on bare-metal
#3039 Remove link to invalid example [ci-skip]
#3046 Document when to modify ELB idle timeouts and set default value to 60s
#3059 fix some typos
#3068 Complete documentation about SSL Passthrough
#3074 Add MetalLB to bare-metal deployment page
#3090 Add note about default namespace and merge behavior
#3092 Update mkdocs and travis-ci
#3094 Fix baremetal images [skip ci]
#3097 Added notes to regarding external access when using TCP/UDP proxy in Ingress
#3102 Replace kubernetes-users mailing list links with discuss forum link
#3111 doc issue related to monitor part
#3113 fix typos
#3115 Fixed link to aws elastic loadbalancer
#3162 update name of config map in README.md
#3175 Fix yaml indentation in annotations server-snippet doc

0.19.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0

New Features:

NGINX 1.15.3
Serve SSL certificates synamically instead of reloading NGINX when they are created, updated, or deleted. Feature behind the flag --enable-dynamic-certificates
GDB binary is included in the image to help troubleshooting issues
Adjust the number of CPUs when CGROUP limits are defined (worker-processes=auto uses all the availables)

Changes:

#2616 Add use-forwarded-headers configmap option.
#2857 remove unnecessary encoding/decoding also fix ipv6 issue
#2884 [grafana] Rate over 2 minutes since default Prometheus interval is 1m
#2889 Add Lua endpoint to support dynamic certificate serving functionality
#2899 fixed rewrites for paths not ending in /
#2923 Add dynamic certificate serving feature to controller
#2925 Update nginx dependencies
#2932 Fixed typo in flags.go
#2934 Datasource input variable
#2941 now actually using the $controller and $namespace variables
#2942 Update nginx image
#2946 Add unit tests to configuration_test.lua that cover Backends configuration
#2955 Update nginx opentracing zipkin module
#2956 Update nginx and e2e images
#2957 Batch metrics and flush periodically
#2964 fix variable parsing when key is number
#2965 Add Lua module to serve SSL Certificates dynamically
#2966 Add unit tests for sticky lua module
#2970 Update labels
#2972 consistently fallback to default certificate when TLS is configured
#2977 Pass real source IP address to auth request
#2979 clear dynamic configuration e2e tests
#2987 cleanup dynamic cert e2e tests
#2988 Update go to 1.11
#2990 Check if cgroup cpu limits are defined to get the number of CPUs
#3003 Update nginx to 1.15.3
#3004 Update nginx image
#3005 Fix gdb issue and update e2e image
#3006 apply nginx patch to make ssl_certificate_by_lua_block work properly
#3011 Update nginx image

Documentation:

#2806 add help for tls prerequisite for ingress.yaml
#2912 Add documentation to install prometheus and grafana
#2928 docs: Precisations on the usage of the InfluxDB module
#2962 Fix broken anchor link to GCE/GKE
#2983 Add documentation for enable-dynamic-certificates feature
#2998 fixed jsonpath command in examples
#3002 Enhance Troubleshooting Documentation

0.18.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0

New Features:

NGINX 1.15.2
Dynamic configuration is enabled by default
Support for AJP protocol
Use of authbind to bind privileged ports
Replace minikube with kubeadm-dind-cluster to run e2e tests

Changes:

#2789 Remove KubeConfig Dependency for Store Tests
#2794 enable dynamic backend configuration by default
#2795 start minikube before trying to build the image
#2804 add support for ExternalName service type in dynamic mode
#2808 fix the bug #2799, add prefix (?i) in rewrite statement.
#2811 Escape $request_uri for external auth
#2812 modified annotation name "rewrite-to" to "rewrite-target" in comments
#2819 Catch errors waiting for controller deployment
#2823 Multiple optimizations to build targets
#2825 Refactoring of how we run as user
#2826 Remove setcap from image and update nginx to 0.15.1
#2827 Use nginx image as base and install go on top
#2829 use resty-cli for running lua unit tests
#2830 Remove lua mocks
#2834 Added permanent-redirect-code
#2844 Do not allow invalid latency values in metrics
#2852 fix custom-error-pages functionality in dynamic mode
#2853 improve annotations/default_backend e2e test
#2858 Update build image
#2859 Fix inconsistent metric labels
#2863 Replace minikube for e2e tests
#2867 fix bug with lua e2e test suite
#2868 Use an existing e2e image
#2869 describe under what circumstances and how we avoid Nginx reload
#2871 Add support for AJP protocol
#2872 Update nginx to 1.15.2
#2874 Delay initial prometheus status metric
#2876 Remove dashboard an tune sync-frequency
#2877 Refactor entrypoint to avoid issues with volumes
#2885 fix: Sort TCP/UDP upstream order
#2888 Fix grafana datasources
#2890 Usability improvements to build steps
#2893 Update nginx image
#2894 Use authbind to bind privileged ports
#2895 support custom configuration to main context of nginx config
#2896 support configuring multi_accept directive via configmap
#2897 Enable reuse-port by default
#2905 Fix IPV6 detection

Documentation:

#2816 doc log-format: add variables about ingress
#2866 Update index.md
#2898 Fix default sync-period doc
#2903 Very minor grammar fix

0.17.1

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1

Changes:

#2782 Add Better Error Handling for SSLSessionTicketKey
#2790 Update prometheus labels

Documentation:

#2770 Basic-Auth doc misleading: fix double quotes leading to nginx config error

0.17.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.0

New Features:

Grafana dashboards

Changes:

#2705 Remove duplicated securityContext
#2719 Sample rate configmap option for zipkin in nginx-opentracing
#2726 Cleanup prometheus metrics after a reload
#2727 Add e2e tests for Client-Body-Buffer-Size
#2732 Improve logging
#2741 Add redirect uri for oauth2 login
#2744 fix: Use the correct opentracing plugin for Jaeger
#2747 Update opentracing-cpp and modsecurity
#2748 Update nginx image to 0.54
#2749 Use docker to build go binaries
#2754 Allow gzip compression level to be controlled via ConfigMap
#2760 Fix ingress rule parsing error
#2767 Fix regression introduced in #2732
#2771 Grafana Dashboard
#2775 Simplify handler registration and updates prometheus
#2776 Fix configuration hash calculation

Documentation:

#2717 GCE/GKE proxy mentioned for Azure
#2743 Clarify Installation Document by Separating Helm Steps
#2761 Fix spelling mistake
#2764 Use language neutral links to MDN
#2765 Add FOSSA status badge
#2777 Build docs using local docker image [ci skip]

0.16.2

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2

Breaking changes:

Running as user requires an update in the deployment manifest.

securityContext:
  capabilities:
    drop:
      - ALL
    add:
      - NET_BIND_SERVICE
  # www-data -> 33
  runAsUser: 33

Note: the deploy guide contains this change

Changes:

#2678 Refactor server type to include SSLCert
#2685 Fix qemu docker build
#2696 If server_tokens is disabled completely remove the Server header
#2698 Improve best-cert guessing with empty tls.hosts
#2701 Remove prometheus labels with high cardinality

Documentation:

#2368 [aggregate] Fix typos across codebase
#2681 Typo fix in error message: encounted->encountered
#2697 Enhance Distributed Tracing Documentation

0.16.1

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.1

Breaking changes:

Running as user requires an update in the deployment manifest.

securityContext:
  capabilities:
    drop:
      - ALL
    add:
      - NET_BIND_SERVICE
  # www-data -> 33
  runAsUser: 33

Note: the deploy guide contains this change

New Features:

Run as user dropping root privileges
New prometheus metric implementation (VTS module was removed)
InfluxDB integration
Module GeoIP2

Changes:

#2692 Fix initial read of configuration configmap
#2693 Revert #2669
#2694 Add note about status update

0.16.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.1

Breaking changes:

Running as user requires an update in the deployment manifest.

securityContext:
  capabilities:
    drop:
      - ALL
    add:
      - NET_BIND_SERVICE
  # www-data -> 33
  runAsUser: 33

Note: the deploy guide contains this change

New Features:

Run as user dropping root privileges
New prometheus metric implementation (VTS module was removed)
InfluxDB integration
Module GeoIP2

Changes:

#2423 Resolves issue with proxy-redirect nginx configuration
#2451 fix for #1930, make sessions sticky, for ingress with multiple rules …
#2484 Fix bugs in Lua implementation of sticky sessions
#2486 Extend kubernetes interrelation variables in nginx.tmpl
#2504 Add Timeout For TLS Passthrough
#2505 Annotations for the InfluxDB module
#2517 Fix typo about the kind of request
#2523 Add tests for bind-address
#2524 Add support for grpc_set_header
#2526 Fix upstream hash lua test
#2528 Remove go-bindata
#2533 NGINX image update: add the influxdb module
#2534 Set Focus for E2E Tests
#2537 Update nginx modules
#2542 Instrument controller to show configReload metrics
#2543 introduce a balancer interface
#2548 Implement generate-request-id
#2554 use better defaults for proxy-next-upstream(-tries)
#2558 Update qemu to 2.12.0 [ci skip]
#2559 Add geoip2 module and DB to nginx build
#2564 Add security contacts file [ci skip]
#2569 Update nginx modules to fix core dump [ci skip]
#2570 Enable core dumps during tests
#2573 Refactor e2e tests and update go dependencies
#2574 Fix default-backend annotation
#2575 Print information about NGINX version
#2577 make sure ingress-nginx instances are watching their namespace only during test runs
#2588 Update nginx dependencies
#2590 Typo fix: muthual autentication -> mutual authentication
#2591 Access log improvements
#2597 Fix arm paths for liblua.so and lua_package_cpath
#2598 Always sort upstream list to provide stable iteration order
#2600 typo fix futher to further && preformance to performance
#2602 Crossplat fixes
#2603 Bump nginx influxdb module to f8732268d44aea706ecf8d9c6036e9b6dacc99b2
#2608 Expose UDP message on /metrics endpoint
#2611 Add metric emitter lua module
#2614 fix nginx conf test error when not found active service endpoints
#2617 Update go to 1.10.3
#2618 Update nginx to 1.15.0 and remove VTS module
#2619 Run as user dropping privileges
#2623 Proofread cmd package and update flags description
#2634 Disable resync period
#2636 Add missing equality comparisons for ingress.Server
#2638 Wait the result of the controller deployment before running any test
#2639 Clarify log messages in controller package
#2643 Remove VTS from the ingress controller
#2644 Update nginx image version
#2646 Rollback nginx 1.15.0 to 1.13.12
#2649 Add support for IPV6 in stream upstream servers
#2652 Use a unix socket instead udp for reception of metrics
#2653 Remove dummy file watcher
#2654 Hotfix: influxdb module enable disable toggle
#2656 Improve configuration change detection
#2658 Do not wait informer initialization to read configuration
#2659 Update nginx image
#2660 Change modsecurity directories
#2661 Add additional header when debug is enabled
#2664 refactor some lua code
#2669 Remove unnecessary sync when the leader change
#2672 After a configmap change parse ingress annotations (again)
#2673 Add new approvers to the project
#2674 Add e2e test for configmap change and reload
#2675 Update opentracing nginx module
#2676 Update opentracing configuration

Documentation:

#2479 Document how the NGINX Ingress controller build nginx.conf
#2515 Simplify installation and e2e manifests
#2531 Mention the #ingress-nginx Slack channel
#2540 DOCS: Correct ssl-passthrough annotation description.
#2544 [docs] Fix manifest URL for GKE + Azure
#2566 Fix wrong default value for enable-brotli
#2581 Improved link in modsecurity.md
#2583 docs: add secret scheme details to the example
#2592 Typo fix: are be->are/to on->to
#2595 Typo fix: successfull->successful
#2601 fix changelog link in README.md
#2624 Fix minor documentation example
#2625 Add annotation doc on proxy buffer size
#2630 Update documentation for custom error pages
#2666 Add documentation for proxy-cookie-domain annotation (#2034)

0.15.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0

Changes:

#2440 TLS tests
#2443 improve build-dev-env.sh script
#2446 always use x-request-id
#2447 Add basic security context to deployment YAMLs
#2453 Add google analytics [ci skip]
#2456 Assert or install go-bindata before incanting
#2472 Refactor Lua balancer
#2477 Change TrimLeft for TrimPrefix on the from-to-www redirect
#2490 add resty cookie
#2495 [ci skip] bump nginx baseimage version
#2501 Refactor update of status removing initial check for loadbalancer
#2502 Update go version in fortune teller image
#2511 force backend sync when worker starts
#2512 Remove warning when secret is used only for authentication
#2514 Fix and simplify local dev workflow and execution of e2e tests

Documentation:

#2448 Update GitHub pull request template
#2449 Improve documentation format
#2454 Add gRPC annotation doc
#2455 Adjust size of tables and only adjust the first column on mobile
#2457 Add Getting the Code section to Quick Start
#2464 Documentation fixes & improvements
#2467 Fixed broken link in deploy README
#2498 Add some clarification around multiple ingress controller behavior
#2503 Add KubeCon Europe 2018 Video to documentation

0.14.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.14.0

New Features:

Documentation web page
Support for upstream-hash-by annotation in dynamic configuration mode
Improved e2e test suite

Changes:

#2346 Move ConfigMap updating methods into e2e/framework
#2347 Update owners
#2348 Use same convention, curl + kubectl for GKE
#2350 Correct some returned messages in server_tokens.go
#2352 Correct some info in flags.go
#2353 Add proxy-add-original-uri-header config flag
#2356 Add vts-sum-key config flag
#2361 Check ingress rule contains HTTP paths
#2363 Review $request_id
#2365 Clean JSON before post request to update configuration
#2369 Update nginx image to fix modsecurity crs issues
#2370 Update nginx image
#2374 Remove most of the time.Sleep from the e2e tests
#2379 Add busted unit testing framework for lua code
#2382 Accept ns/name Secret reference in annotations
#2383 Improve speed of e2e tests
#2385 include lua-resty-balancer in nginx image
#2386 upstream-hash-by annotation support for dynamic configuraton mode
#2388 Silence unnecessary MissingAnnotations errors
#2392 Ensure dep fix fsnotify
#2395 Fix flaky test
#2396 Update go dependencies
#2398 Allow tls section without hosts in Ingress rule
#2399 Add test for store helper ListIngresses
#2401 Add tests for controller getEndpoints
#2408 Read backends data even if buffered to temp file
#2410 Add balancer unit tests
#2411 Update nginx-opentracing to 0.3.0
#2414 Fix golint installation
#2416 Update nginx image
#2417 Automate building developer environment
#2421 Apply gometalinter suggestions
#2428 Add buffer configuration to external auth location config
#2433 Remove data races from tests
#2434 Check ginkgo is installed before running e2e tests
#2437 Add annotation to enable rewrite logs in a location

Documentation:

#2351 Typo fix in cli-arguments.md
#2372 fix the default cookie name in doc
#2377 DOCS: Add clarification regarding ssl passthrough
#2409 Add deployment instructions for Docker for Mac (Edge)
#2413 Reorganize documentation
#2438 Update custom-errors.md
#2439 Update README.md
#2430 Add scripts and tasks to publish docs to github pages
#2431 Improve readme file
#2366 fix: fill missing patch yaml config.
#2432 Fix broken links in the docs
#2436 Update exposing-tcp-udp-services.md

0.13.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.13.0

New Features:

NGINX 1.13.12
Support for gRPC:
- The annotation nginx.ingress.kubernetes.io/grpc-backend: "true" enable this feature
- If the gRPC service requires TLS nginx.ingress.kubernetes.io/secure-backends: "true"
Configurable load balancing with EWMA
Support for lua-resty-waf as alternative to ModSecurity. Check configuration guide
Support for session affinity when dynamic configuration is enabled.
Add NoAuthLocations and default it to "/.well-known/acme-challenge"

Changes:

#2078 Expose SSL client cert data to external auth provider.
#2187 Managing a whitelist for _/nginx_status
#2208 Add missing lua bindata change
#2209 fix go test TestSkipEnqueue error, move queue.Run
#2210 allow ipv6 localhost when enabled
#2212 Fix dynamic configuration when custom errors are enabled
#2215 fix wrong config generation when upstream-hash-by is set
#2220 fix: cannot set $service_name if use rewrite
#2221 Update nginx to 1.13.10 and enable gRPC
#2223 Add support for gRPC
#2227 do not hardcode keepalive for upstream_balancer
#2228 Fix broken links in multi-tls
#2229 Configurable load balancing with EWMA
#2232 Make proxy_next_upstream_tries configurable
#2233 clean backends data before sending to Lua endpoint
#2234 Update go dependencies
#2235 add proxy header ssl-client-issuer-dn, fix #2178
#2241 Revert "Get file max from fs/file-max. (#2050)"
#2243 Add NoAuthLocations and default it to "/.well-known/acme-challenge"
#2244 fix: empty ingress path
#2246 Fix grpc json tag name
#2254 e2e tests for dynamic configuration and Lua features and a bug fix
#2263 clean up tmpl
#2270 Revert deleted code in #2146
#2271 Use SharedIndexInformers in place of Informers
#2272 Disable opentracing for nginx internal urls
#2273 Update go to 1.10.1
#2280 Fix bug when auth req is enabled(external authentication)
#2283 Fix flaky e2e tests
#2285 Update controller.go
#2290 Update nginx to 1.13.11
#2294 Fix HSTS without preload
#2296 Improve indentation of generated nginx.conf
#2298 Disable dynamic configuration in s390x and ppc64le
#2300 Fix race condition when Ingress does not contains a secret
#2301 include lua-resty-waf and its dependencies in the base Nginx image
#2303 More lua dependencies
#2304 Lua resty waf controller
#2305 Fix issues building nginx image in different platforms
#2306 Disable lua waf where luajit is not available
#2308 Add verification of lua load balancer to health check
#2309 Configure upload limits for setup of lua load balancer
#2314 annotation to ignore given list of WAF rulesets
#2315 extra waf rules per ingress
#2317 run lua-resty-waf in different modes
#2327 Update nginx to 1.13.12
#2328 Update nginx image
#2331 fix nil pointer when ssl with ca.crt
#2333 disable lua for arch s390x and ppc64le
#2340 Fix buildupstream name to work with dynamic session affinity
#2341 Add session affinity to custom load balancing
#2342 Sync SSL certificates on events

Documentation:

#2236 Add missing configuration in #2235
#1785 Add deployment docs for AWS NLB
#2213 Update cli-arguments.md
#2219 Fix log format documentation
#2238 Correct typo
#2239 fix-link
#2240 fix:"any value other" should be "any other value"
#2255 Update annotations.md
#2267 Update README.md
#2274 Typo fixes in modsecurity.md
#2276 Update README.md
#2282 Fix nlb instructions

0.12.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.12.0

New Features:

Live NGINX configuration update without reloading using the flag --enable-dynamic-configuration (disabled by default).
New flag --publish-status-address to manually set the Ingress status IP address.
Add worker-cpu-affinity NGINX option.
Enable remote logging using syslog.
Do not redirect /.well-known/acme-challenge to HTTPS.

Changes:

#2125 Add GCB config to build defaultbackend
#2127 Revert deletion of dependency version override
#2137 Updated log level to v2 for sysctlFSFileMax.
#2140 Cors header should always be returned
#2141 Fix error loading modules
#2143 Only add HSTS headers in HTTPS
#2144 Add annotation to disable logs in a location
#2145 Add option in the configuration configmap to enable remote logging
#2146 In case of TLS errors do not allow traffic
#2148 Add publish-status-address flag
#2155 Update nginx with new modules
#2162 Remove duplicated BuildConfigFromFlags func
#2163 include lua-upstream-nginx-module in Nginx build
#2164 use the correct error channel
#2167 configuring load balancing per ingress
#2172 include lua-resty-lock in nginx image
#2174 Live Nginx configuration update without reloading
#2180 Include tests in golint checks, fix warnings
#2181 change nginx process pgid
#2185 Remove ProxyPassParams setting
#2191 Add checker test for bad pid
#2193 fix wrong json tag
#2201 Add worker-cpu-affinity nginx option
#2202 Allow config to disable geoip
#2205 add luacheck to lint lua files

Documentation:

#2124 Document how to provide list types in configmap
#2133 fix limit-req-status-code doc
#2139 Update documentation for nginx-ingress-role RBAC.
#2165 Typo fix "api server " -> "API server"
#2169 Add documentation about secure-verify-ca-secret
#2200 fix grammer mistake

0.11.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.11.0

New Features:

NGINX 1.13.9

Changes:

#1992 Added configmap option to disable IPv6 in nginx DNS resolver
#1993 Enable Customization of Auth Request Redirect
#1996 Use v3/dev/performance of ModSecurity because of performance
#1997 fix var checked
#1998 Add support to enable/disable proxy buffering
#1999 Add connection-proxy-header annotation
#2001 Add limit-request-status-code option
#2005 fix typo error for server name _
#2006 Add support for enabling ssl_ciphers per host
#2019 Update nginx image
#2021 Add nginx_cookie_flag_module
#2026 update KUBERNETES from v1.8.0 to 1.9.0
#2027 Show pod information in http-svc example
#2030 do not ignore $http_host and $http_x_forwarded_host
#2031 The maximum number of open file descriptors should be maxOpenFiles.
#2036 add matchLabels in Deployment yaml, that both API extensions/v1beta1 …
#2050 Get file max from fs/file-max.
#2063 Run one test at a time
#2065 Always return an IP address
#2069 Do not cancel the synchronization of secrets
#2071 Update Go to 1.9.4
#2082 Use a ring channel to avoid blocking write of events
#2089 Retry initial connection to the Kubernetes cluster
#2093 Only pods in running phase are vallid for status
#2099 Added GeoIP Organisational data
#2107 Enabled the dynamic reload of GeoIP data
#2119 Remove deprecated flag disable-node-list
#2120 Migrate to codecov.io

Documentation:

#1987 add kube-system namespace for oauth2-proxy example
#1991 Add comment about bolean and number values
#2009 docs/user-guide/tls: remove duplicated section
#2011 broken link for sticky-ingress.yaml
#2014 Add document for connection-proxy-header annotation
#2016 Minor link fix in deployment docs
#2018 Added documentation for Permanent Redirect
#2035 fix broken links in static-ip readme
#2038 fix typo: appropiate -> [appropriate]
#2039 fix typo stickyness to stickiness
#2040 fix wrong annotation
#2041 fix spell error reslover -> resolver
#2046 Fix typos
#2054 Adding documentation for helm with RBAC enabled
#2075 Fix opentracing configuration when multiple options are configured
#2076 Fix spelling errors
#2077 Remove initContainer from default deployment

0.10.2

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.2

Changes:

#1978 Fix chain completion and default certificate flag issues

0.10.1

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.1

Changes:

#1945 When a secret is updated read ingress annotations (again)
#1948 Update go to 1.9.3
#1953 Added annotation for upstream-vhost
#1960 Adjust sysctl values to improve nginx performance
#1963 Fix tests
#1969 Rollback #1854
#1970 By default brotli is disabled

0.10.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.0

Breaking changes:

Changed the names of default Nginx ingress prometheus metrics. If you are scraping default Nginx ingress metrics with prometheus the metrics changes are as follows:

nginx_active_connections_total          -> nginx_connections_total{state="active"}
nginx_accepted_connections_total        -> nginx_connections_total{state="accepted"}
nginx_handled_connections_total         -> nginx_connections_total{state="handled"}
nginx_current_reading_connections_total -> nginx_connections{state="reading"}
nginx_current_writing_connections_total -> nginx_connections{state="writing"}
current_waiting_connections_total       -> nginx_connections{state="waiting"}

New Features:

NGINX 1.13.8
Support to hide headers from upstream servers
Support for Jaeger
CORS max age annotation

Changes:

#1782 auth-tls-pass-certificate-to-upstream should be bool
#1787 force external_auth requests to http/1.1
#1800 Add control of the configuration refresh interval
#1805 Add X-Forwarded-Prefix on rewrites
#1844 Validate x-forwarded-proto and connection scheme before redirect to https
#1852 Update nginx to v1.13.8 and update modules
#1854 Fix redirect to ssl
#1858 When upstream-hash-by annotation is used do not configure a lb algorithm
#1861 Improve speed of tests execution
#1869 "proxy_redirect default" should be placed after the "proxy_pass"
#1870 Fix SSL Passthrough template issue and custom ports in redirect to HTTPS
#1871 Update nginx image to 0.31
#1872 Fix data race updating ingress status
#1880 Update go dependencies and cleanup deprecated packages
#1888 Add CORS max age annotation
#1891 Refactor initial synchronization of ingress objects
#1903 If server_tokens is disabled remove the Server header
#1906 Random string function should only contains letters
#1907 Fix custom port in redirects
#1909 Release nginx 0.32
#1910 updating prometheus metrics names according to naming best practices
#1912 removing _total prefix from nginx guage metrics
#1914 Add --with-http_secure_link_module for the Nginx build configuration
#1916 Add support for jaeger backend
#1918 Update nginx image to 0.32
#1919 Add option for reuseport in nginx listen section
#1926 Do not use port from host header
#1927 Remove sendfile configuration
#1928 Add support to hide headers from upstream servers
#1929 Refactoring of kubernetes informers and local caches
#1933 Remove deploy of ingress controller from the example

Documentation:

#1786 fix: some typo.
#1792 Add note about annotation values
#1814 Fix link to custom configuration
#1826 Add note about websocket and load balancers
#1840 Add note about default log files
#1853 Clarify docs for add-headers and proxy-set-headers
#1864 configmap.md: Convert hyphens in name column to non-breaking-hyphens
#1865 Add docs for legacy TLS version and ciphers
#1867 Fix publish-service patch and update README
#1913 Missing r
#1925 Fix doc links

0.9.0

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0

Changes:

#1731 Allow configuration of proxy_responses value for tcp/udp configmaps
#1766 Fix ingress typo
#1768 Custom default backend must use annotations if present
#1769 Use custom https port in redirects
#1771 Add additional check for old SSL certificates
#1776 Add option to configure the redirect code

0.9-beta.19

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.19

Changes:

Fix regression with ingress.class annotation introduced in 0.9-beta.18

0.9-beta.18

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.18

Breaking changes:

The NGINX ingress annotations contains a new prefix: nginx.ingress.kubernetes.io. This change is behind a flag to avoid breaking running deployments. To avoid breaking a running NGINX ingress controller add the flag --annotations-prefix=ingress.kubernetes.io to the nginx ingress controller deployment. There is one exception, the annotation kubernetes.io/ingress.class remains unchanged (this annotation is used in multiple ingress controllers)

New Features:

NGINX 1.13.7
Support for s390x
e2e tests

Changes:

#1648 Remove GenericController and add tests
#1650 Fix misspell errors
#1651 Remove node lister
#1652 Remove node lister
#1653 Fix diff execution
#1654 Fix travis script and update kubernetes to 1.8.0
#1658 Tests
#1659 Add nginx helper tests
#1662 Refactor annotations
#1665 Add the original http request method to the auth request
#1687 Fix use merge of annotations
#1689 Enable s390x
#1693 Fix docker build
#1695 Update nginx to v0.29
#1696 Always add cors headers when enabled
#1697 Disable features not availables in some platforms
#1698 Auth e2e tests
#1699 Refactor SSL intermediate CA certificate check
#1700 Add patch command to append publish-service flag
#1701 fix: Core() is deprecated use CoreV1() instead.
#1702 Fix TLS example [ci skip]
#1704 Add e2e tests to verify the correct source IP address
#1705 Add annotation for setting proxy_redirect
#1706 Increase ELB idle timeouts [ci skip]
#1710 Do not update a secret not referenced by ingress rules
#1713 add --report-node-internal-ip-address describe to cli-arguments.md
#1717 Fix command used to detect version
#1720 Add docker-registry example [ci skip]
#1722 Add annotation to enable passing the certificate to the upstream server
#1723 Add timeouts to http server and additional pprof routes
#1724 Cleanup main
#1725 Enable all e2e tests
#1726 fix: replace deprecated methods.
#1734 Changes ssl-client-cert header
#1737 Update nginx v1.13.7
#1738 Cleanup
#1739 Improve e2e checks
#1740 Update nginx
#1745 Simplify annotations
#1746 Cleanup of e2e helpers

Documentation:

#1657 Add better documentation for deploying for dev
#1680 Add doc for log-format-escape-json [ci skip]
#1685 Fix default SSL certificate flag docs [ci skip]
#1686 Fix development doc [ci skip]
#1727 fix: fix typos in docs.
#1747 Add config-map usage and options to Documentation

0.9-beta.17

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.17

Changes:

Fix regression with annotations introduced in 0.9-beta.16 (thanks @tomlanyon)

0.9-beta.16

Image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.16

New Features:

Images are published to quay.io
NGINX 1.13.6
OpenTracing Jaeger support inNGINX
ModSecurity support
Support for brotli compression in NGINX
Return 503 error instead of 404 when no endpoint is available

Breaking changes:

The default SSL configuration was updated to use TLSv1.2 and the default cipher list is ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Known issues:

When ModSecurity is enabled a segfault could occur - ModSecurity#1590

Changes:

#1489 Compute a real X-Forwarded-For header
#1490 Introduce an upstream-hash-by annotation to support consistent hashing by nginx variable or text
#1498 Add modsecurity module
#1500 Enable modsecurity feature
#1501 Request ingress controller version in issue template
#1502 Force reload on template change
#1503 Add falg to report node internal IP address in ingress status
#1505 Increase size of variable hash bucket
#1506 Update nginx ssl configuration
#1507 Add tls session ticket key setting
#1511 fix deprecated ssl_client_cert. add ssl_client_verify header
#1513 Return 503 by default when no endpoint is available
#1520 Change alias behaviour not to create new server section needlessly
#1523 Include the serversnippet from the config map in server blocks
#1533 Remove authentication send body annotation
#1535 Remove auth-send-body [ci skip]
#1538 Rename service-nodeport.yml to service-nodeport.yaml
#1543 Fix glog initialization error
#1544 Fix make container for OSX.
#1547 fix broken GCE-GKE service descriptor
#1550 Add e2e tests - default backend
#1553 Cors features improvements
#1554 Add missing unit test for nextPowerOf2 function
#1556 fixed https port forwarding in Azure LB service
#1566 Release nginx-slim 0.27
#1568 update defaultbackend tag
#1569 Update 404 server image
#1570 Update nginx version
#1571 Fix cors tests
#1572 Certificate Auth Bugfix
#1577 Do not use relative urls for yaml files
#1580 Upgrade to use the latest version of nginx-opentracing.
#1581 Fix Makefile to work in OSX.
#1582 Add scripts to release from travis-ci
#1584 Add missing probes in deployments
#1585 Add version flag
#1587 Use pass access scheme in signin url
#1589 Fix upstream vhost Equal comparison
#1590 Fix Equals Comparison for CORS annotation
#1592 Update opentracing module and release image to quay.io
#1593 Fix makefile default task
#1605 Fix ExternalName services
#1607 Add support for named ports with service-upstream. #1459
#1608 Fix issue with clusterIP detection on service upstream. #1534
#1610 Only set alias if not already set
#1618 Fix full XFF with PROXY
#1620 Add gzip_vary
#1621 Fix path to ELB listener image
#1627 Add brotli support
#1629 Add ssl-client-dn header
#1632 Rename OWNERS assignees: to approvers:
#1635 Install dumb-init using apt-get
#1636 Update go to 1.9.2
#1640 Update nginx to 0.28 and enable brotli

Documentation:

#1491 Note that GCE has moved to a new repo
#1492 Cleanup readme.md
#1494 Cleanup
#1497 Cleanup examples directory
#1504 Clean readme
#1508 Fixed link in prometheus example
#1527 Split documentation
#1536 Update documentation and examples [ci skip]
#1541 fix(documentation): Fix some typos
#1548 link to prometheus docs
#1562 Fix development guide link
#1563 Add task to verify markdown links
#1583 Add note for certificate authentication in Cloudflare
#1617 fix typo in user-guide/annotations.md

0.9-beta.15

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15

New Features:

Add OCSP support
Configurable ssl_verify_client

Changes:

#1468 Add the original URL to the auth request
#1469 Typo: Add missing {{ }}
#1472 Fix X-Auth-Request-Redirect value to reflect the request uri
#1473 Fix proxy protocol check
#1475 Add OCSP support
#1477 Fix semicolons in global configuration
#1478 Pass redirect field in login page to get a proper redirect
#1480 configurable ssl_verify_client
#1485 Fix source IP address
#1486 Fix overwrite of custom configuration

Documentation:

#1460 Expose UDP port in UDP ingress example
#1465 review prometheus docs

0.9-beta.14

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.14

New Features:

Opentracing support for NGINX
Setting upstream vhost for nginx
Allow custom global configuration at multiple levels
Add support for proxy protocol decoding and encoding in TCP services

Changes:

#719 Setting upstream vhost for nginx.
#1321 Enable keepalive in upstreams
#1322 parse real ip
#1323 use $the_real_ip for rate limit whitelist
#1326 Pass headers from the custom error backend
#1328 update deprecated interface
#1329 add example for nginx-ingress
#1330 Increase coverage in template.go for nginx controller
#1335 Configurable proxy_request_buffering per location..
#1338 Fix multiple leader election
#1339 Enable status port listening in all interfaces
#1340 Update sha256sum of nginx substitutions
#1341 Fix typos
#1345 refactor controllers.go
#1349 Force reload if a secret is updated
#1363 Fix proxy request buffering default configuration
#1365 Fix equals comparsion returing False if both objects have nil Targets or Services.
#1367 Fix typos
#1379 Fix catch all upstream server
#1380 Cleanup
#1381 Refactor X-Forwarded-* headers
#1382 Cleanup
#1387 Improve resource usage in nginx controller
#1392 Avoid issues with goroutines updating fields
#1393 Limit the number of goroutines used for the update of ingress status
#1394 Improve equals
#1402 fix error when cert or key is nil
#1403 Added tls ports to rbac nginx ingress controller and service
#1404 Use nginx default value for SSLECDHCurve
#1411 Add more descriptive logging in certificate loading
#1412 Correct Error Handling to avoid panics and add more logging to template
#1413 Validate external names
#1418 Fix links after design proposals move
#1419 Remove duplicated ingress check code
#1420 Process queue items by time window
#1423 Fix cast error
#1424 Allow overriding the tag and registry
#1426 Enhance Certificate Logging and Clearup Mutual Auth Docs
#1430 Add support for proxy protocol decoding and encoding in TCP services
#1434 Fix exec of readSecrets
#1435 Add header to upstream server for external authentication
#1438 Do not intercept errors from the custom error service
#1439 Nginx master process killed thus no further reloads
#1440 Kill worker processes to allow the restart of nginx
#1445 Updated godeps
#1450 Fix links
#1451 Add example of server-snippet
#1452 Fix sync of secrets (kube lego)
#1454 Allow custom global configuration at multiple levels

Documentation:

#1400 Fix ConfigMap link in doc
#1422 Add docs for opentracing
#1441 Improve custom error pages doc
#1442 Opentracing docs
#1446 Add custom timeout annotations doc

0.9-beta.13

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.13

New Features:

NGINX 1.3.5
New flag to disable node listing
Custom X-Forwarder-Header (CloudFlare uses CF-Connecting-IP as header)
Custom error page in Client Certificate Authentication

Changes:

#1272 Delete useless statement
#1277 Add indent for nginx.conf
#1278 Add proxy-pass-params annotation and Backend field
#1282 Fix nginx stats
#1288 Allow PATCH in enable-cors
#1290 Add flag to disabling node listing
#1293 Adds support for error page in Client Certificate Authentication
#1308 A trivial typo in config
#1310 Refactoring nginx configuration configmap
#1311 Enable nginx async writes
#1312 Allow custom forwarded for header
#1313 Fix eol in nginx template
#1315 Fix nginx custom error pages

Documentation:

#1270 add missing yamls in controllers/nginx
#1276 Link rbac sample from deployment docs
#1291 fix link to conformance suite
#1295 fix README of nginx-ingress-controller
#1299 fix two doc issues in nginx/README
#1306 Fix kubeconfig example for nginx deployment

0.9-beta.12

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.12

Breaking changes:

SSL passthrough is disabled by default. To enable the feature use --enable-ssl-passthrough

New Features:

Support for arm64
New flags to customize listen ports
Per minute rate limiting
Rate limit whitelist
Configuration of nginx worker timeout (to avoid zombie nginx workers processes)
Redirects from non-www to www
Custom default backend (per Ingress)
Graceful shutdown for NGINX

Changes:

#977 Add sort-backends command line option
#981 Add annotation to allow use of service ClusterIP for NGINX upstream.
#991 Remove secret sync loop
#992 Check errors generating pem files
#993 Fix the sed command to work on macOS
#1013 The fields of vtsDate are unified in the form of plural
#1025 Fix file watch
#1027 Lint code
#1031 Change missing secret name log level to V(3)
#1032 Alternative syncSecret approach #1030
#1042 Add function to allow custom values in Ingress status
#1043 Return reference to object providing Endpoint
#1046 Add field FileSHA in BasicDigest struct
#1058 add per minute rate limiting
#1060 Update fsnotify dependency to fix arm64 issue
#1065 Add more descriptive steps in Dev Documentation
#1073 Release nginx-slim 0.22
#1074 Remove lua and use fastcgi to render errors
#1075 (feat/ #374) support proxy timeout
#1076 Add more ssl test cases
#1078 fix the same udp port and tcp port, update nginx.conf error
#1080 Disable platform s390x
#1081 Spit Static check and Coverage in diff Stages of Travis CI
#1082 Fix build tasks
#1087 Release nginx-slim 0.23
#1088 Configure nginx worker timeout
#1089 Update nginx to 1.13.4
#1098 Exposing the event recorder to allow other controllers to create events
#1102 Fix lose SSL Passthrough
#1104 Simplify verification of hostname in ssl certificates
#1109 Cleanup remote address in nginx template
#1110 Fix Endpoint comparison
#1118 feat(#733)Support nginx bandwidth control
#1124 check fields len in dns.go
#1130 Update nginx.go
#1134 replace deprecated interface with versioned ones
#1136 Fix status update - changed in #1074
#1138 update nginx.go: performance improve
#1139 Fix Todo:convert sequence to table
#1162 Optimize CI build time
#1164 Use variable request_uri as redirect after auth
#1179 Fix sticky upstream not used when enable rewrite
#1184 Add support for temporal and permanent redirects
#1185 Add more info about Server-Alias usage
#1186 Add annotation for client-body-buffer-size per location
#1190 Add flag to disable SSL passthrough
#1193 fix broken link
#1198 Add option for specific scheme for base url
#1202 formatIP issue
#1203 NGINX not reloading correctly
#1204 Fix template error
#1205 Add initial sync of secrets
#1206 Update ssl-passthrough docs
#1207 delete broken link
#1208 fix some typo
#1210 add rate limit whitelist
#1215 Replace base64 encoding with random uuid
#1218 Trivial fixes in core/pkg/net
#1219 keep zones unique per ingress resource
#1221 Move certificate authentication from location to server
#1223 Add doc for non-www to www annotation
#1224 refactor rate limit whitelist
#1226 Remove useless variable in nginx.tmpl
#1227 Update annotations doc with base-url-scheme
#1233 Fix ClientBodyBufferSize annotation
#1234 Lint code
#1235 Fix Equal comparison
#1236 Add Validation for Client Body Buffer Size
#1238 Add support for 'client_body_timeout' and 'client_header_timeout'
#1239 Add flags to customize listen ports and detect port collisions
#1243 Add support for access-log-path and error-log-path
#1244 Add custom default backend annotation
#1246 Add additional headers when custom default backend is used
#1247 Make Ingress annotations available in template
#1248 Improve nginx controller performance
#1254 fix Type transform panic
#1257 Graceful shutdown for Nginx
#1261 Add support for 'worker-shutdown-timeout'

Documentation:

#976 Update annotations doc
#979 Missing auth example
#980 Add nginx basic auth example
#1001 examples/nginx/rbac: Give access to own namespace
#1005 Update configuration.md
#1018 add docs for proxy-set-headers and add-headers
#1038 typo / spelling in README.md
#1039 typo in examples/tcp/nginx/README.md
#1049 Fix config name in the example.
#1054 Fix link to UDP example
#1084 (issue #310)Fix some broken link
#1103 Add GoDoc Widget
#1105 Make Readme file more readable
#1106 Update annotations.md
#1107 Fix Broken Link
#1119 fix typos in controllers/nginx/README.md
#1122 Fix broken link
#1131 Add short help doc in configuration for nginx limit rate
#1143 Minor Typo Fix
#1144 Minor Typo fix
#1145 Minor Typo fix
#1146 Fix Minor Typo in Readme
#1147 Minor Typo Fix
#1148 Minor Typo Fix in Getting-Started.md
#1149 Fix Minor Typo in TLS authentication
#1150 Fix Minor Typo in Customize the HAProxy configuration
#1151 Fix Minor Typo in customization custom-template
#1152 Fix minor typo in HAProxy Multi TLS certificate termination
#1153 Fix minor typo in Multi TLS certificate termination
#1154 Fix minor typo in Role Based Access Control
#1155 Fix minor typo in TCP loadbalancing
#1156 Fix minor typo in UDP loadbalancing
#1157 Fix minor typos in Prerequisites
#1158 Fix minor typo in Ingress examples
#1159 Fix minor typos in Ingress admin guide
#1160 Fix a broken href and typo in Ingress FAQ
#1165 Update CONTRIBUTING.md
#1168 finx link to running-locally.md
#1170 Update dead link in nginx/HTTPS section
#1172 Update README.md
#1173 Update admin.md
#1174 fix several titles
#1177 fix typos
#1188 Fix minor typo
#1189 Fix sign in URL redirect parameter
#1192 Update README.md
#1195 Update troubleshooting.md
#1196 Update README.md
#1209 Update README.md
#1085 Fix ConfigMap's namespace in custom configuration example for nginx
#1142 Fix typo in multiple docs
#1228 Update release doc in getting-started.md
#1230 Update godep guide link

0.9-beta.11

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11

Fixes NGINX CVE-2017-7529

Changes:

#659 [nginx] TCP configmap should allow listen proxy_protocol per service
#730 Add support for add_headers
#808 HTTP->HTTPS redirect does not work with use-proxy-protocol: "true"
#921 Make proxy-real-ip-cidr a comma separated list
#930 Add support for proxy protocol in TCP services
#933 Lint code
#937 Fix lint code errors
#940 Sets parameters for a shared memory zone of limit_conn_zone
#949 fix nginx version to 1.13.3 to fix integer overflow
#956 Simplify handling of ssl certificates
#958 Release ubuntu-slim:0.13
#959 Release nginx-slim 0.21
#960 Update nginx in ingress controller
#964 Support for proxy_headers_hash_bucket_size and proxy_headers_hash_max_size
#966 Fix error checking for pod name & NS
#967 Fix runningAddresses typo
#968 Fix missing hyphen in yaml for nginx RBAC example
#973 check number of servers in configuration comparator

0.9-beta.10

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.10

Fix release 0.9-beta.9

0.9-beta.9

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.9

New Features:

Add support for arm and ppc64le

Changes:

#548 nginx: support multidomain certificates
#620 [nginx] Listening ports are not configurable, so ingress can't be run multiple times per node when using CNI
#648 publish-service argument isn't honored when ELB is internal only facing.
#833 WIP: Avoid reloads implementing Equals in structs
#838 Feature request: Add ingress annotation to enable upstream "keepalive" option
#844 ingress annotations affinity is not working
#862 Avoid reloads implementing Equaler interface
#864 Remove dead code
#868 Lint nginx code
#871 Add feature to allow sticky sessions per location
#873 Update README.md
#876 Add information about nginx controller flags
#878 Update go to 1.8.3
#881 Option to not remove loadBalancer status record?
#882 Add flag to skip the update of Ingress status on shutdown
#885 Don't use $proxy_protocol var which may be undefined.
#886 Add support for SubjectAltName in SSL certificates
#888 Update nginx-slim to 0.19
#889 Add PHOST to backend
#890 Improve variable configuration for source IP address
#892 Add upstream keepalive connections cache
#897 Update outdated ingress resource link
#898 add error check right when reload nginx fail
#899 Fix nginx error check
#900 After #862 changes in the configmap do not trigger a reload
#901 [doc] Update NGinX status port to 18080
#902 Always reload after a change in the configuration
#904 Fix nginx sticky sessions
#906 Fix race condition with closed channels
#907 nginx/proxy: allow specifying next upstream behaviour
#910 Feature request: use X-Forwarded-Host from the reverse proxy before
#911 Improve X-Forwarded-Host support
#915 Release nginx-slim 0.20
#916 Add arm and ppc64le support
#919 Apply the 'ssl-redirect' annotation per-location
#922 Add example of TLS termination using a classic ELB

0.9-beta.8

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.8

Changes:

#761 NGINX TCP Ingresses do not bind on IPv6
#850 Fix IPv6 UDP stream section
#851 ensure private key and certificate match
#852 Don't expose certificate metrics for default server
#846 Match ServicePort to Endpoints by Name
#854 Document log-format-stream and log-format-upstream
#847 fix semicolon
#848 Add metric "ssl certificate expiration"
#839 "No endpoints" issue
#845 Fix no endpoints issue when named ports are used
#822 Release ubuntu-slim 0.11
#824 Update nginx-slim to 0.18
#823 Release nginx-slim 0.18
#827 Introduce working example of nginx controller with rbac
#835 Make log format json escaping configurable
#843 Avoid setting maximum number of open file descriptors lower than 1024
#837 Cleanup interface
#836 Make log format json escaping configurable
#828 Wrap IPv6 endpoints in []
#821 nginx-ingress: occasional 503 Service Temporarily Unavailable
#829 feat(template): wrap IPv6 addresses in []
#786 Update echoserver image version in examples
#825 Create or delete ingress based on class annotation
#790 #789 removing duplicate X-Real-IP header
#792 Avoid checking if the controllers are synced
#798 nginx: RBAC for leader election
#799 could not build variables_hash
#809 Fix dynamic variable name
#804 Fix #798 - RBAC for leader election
#806 fix ingress rbac roles
#811 external auth - proxy_pass_request_body off + big bodies give 500/413
#785 Publish echoheader image
#813 Added client_max_body_size to authPath location
#814 rbac-nginx: resourceNames cannot filter create verb
#774 Add IPv6 support in TCP and UDP stream section
#784 Allow customization of variables hash tables
#782 Set "proxy_pass_header Server;"
#783 nginx/README.md: clarify app-root and fix example hyperlink
#787 Add setting to allow returning the Server header from the backend

0.9-beta.7

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7

Changes:

#777 Update sniff parser to fix index out of bound error

0.9-beta.6

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.6

Changes:

#647 ingress.class enhancement for debugging.
#708 ingress losing real source IP when tls enabled
#760 Change recorder event scheme
#704 fix nginx reload flags '-c'
#757 Replace use of endpoints as locks with configmap
#752 nginx ingress header config backwards
#756 Fix bad variable assignment in template nginx
#729 Release nginx-slim 0.17
#755 Fix server name hash maxSize default value
#741 Update golang dependencies
#749 Remove service annotation for namedPorts
#740 Refactoring whitelist source IP verification
#734 Specify nginx image arch
#728 Update nginx image
#723 update readme about vts metrics
#726 Release ubuntu-slim 0.10
#727 [nginx] whitelist-source-range doesn’t work on ssl port
#709 Add config for X-Forwarded-For trust
#679 add getenv
#680 nginx/pkg/config: delete unuseful variable
#716 Add secure-verify-ca-secret annotation
#722 Remove go-reap and use tini as process reaper
#725 Add keepalive_requests and client_body_buffer_size options
#724 change the directory of default-backend.yaml
#656 Nginx Ingress Controller - Specify load balancing method
#717 delete unuseful variable
#712 Set $proxy_upstream_name before location directive
#715 Corrected annotation ex signin-url to auth-url
#718 nodeController sync
#694 SSL-Passthrough broken in beta.5
#678 Convert CN SSL Certificate to lowercase before comparison
#690 Fix IP in logs for https traffic
#673 Override load balancer alg view config map
#675 Use proxy-protocol to pass through source IP to nginx
#707 use nginx vts module version 0.1.14
#702 Document passing of ssl_client_cert to backend
#688 Add example of UDP loadbalancing
#696 [nginx] pass non-SNI TLS hello to default backend, Fixes #693
#685 Fix error in generated nginx.conf for optional hsts-preload

0.9-beta.5

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.5

Changes:

#663 Remove helper required in go < 1.8
#662 Add debug information about ingress class
#661 Avoid running nginx if the configuration file is empty
#660 Rollback queue refactoring
#654 Update go version to 1.8

0.9-beta.4

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.4

New Features:

Add support for services of type ExternalName

Changes:

#635 Allow configuration of features underscores_in_headers and ignore_invalid_headers
#633 Fix lint errors
#630 Add example of TCP loadbalancing
#629 Add support for services of type ExternalName
#624 Compute server_names_hash_bucket_size correctly
#615 Process exited cleanly before we hit wait4
#614 Refactor nginx ssl passthrough
#613 Status leader election must consired the ingress class
#607 Allow custom server_names_hash_max_size & server_names_hash_bucket_size
#601 add a judgment
#601 Replace custom child reap code with go-reap
#597 Add flag to force namespace isolation
#595 Remove Host header from auth_request proxy configuration
#588 Read resolv.conf file just once
#586 Updated instructions to create an ingress controller build
#583 fixed lua_package_path in nginx.tmpl
#580 Updated faq for running multiple ingress controller
#579 Detect if the ingress controller is running with multiple replicas
#578 Set different listeners per protocol version
#577 Avoid zombie child processes
#576 Replace secret workqueue
#568 Revert merge annotations to the implicit root context
#563 Add option to disable hsts preload
#560 Fix intermittent misconfiguration of backend.secure and SessionAffinity
#556 Update nginx version and remove dumb-init
#551 Build namespace and ingress class as label
#546 Fix a couple of 'does not contains' typos
#542 Fix lint errors
#540 Add Backends.SSLPassthrough attribute
#539 Migrate to client-go
#536 add unit test cases for core/pkg/ingress/controller/backend_ssl
#535 Add test for ingress status update
#532 Add setting to configure ecdh curve
#531 Fix link to examples
#530 Fix link to custom nginx configuration
#528 Add reference to apiserver-host flag
#527 Add annotations to location of default backend (root context)
#525 Avoid negative values configuring the max number of open files
#523 Fix a typo in an error message
#521 nginx-ingress-controller is built twice by docker-build target
#517 Use whitelist-source-range from configmap when no annotation on ingress
#516 Convert WorkerProcesses setting to string to allow the value auto
#512 Fix typos regarding the ssl-passthrough annotation documentation
#505 add unit test cases for core/pkg/ingress/controller/annotations
#503 Add example for nginx in aws
#502 Add information about SSL Passthrough annotation
#500 Improve TLS secret configuration
#498 Proper enqueue a secret on the secret queue
#493 Update nginx and vts module
#490 Add unit test case for named_port
#488 Adds support for CORS on error responses and Authorization header
#485 Fix typo nginx configMap vts metrics customization
#481 Remove unnecessary quote in nginx log format
#471 prometheus scrape annotations
#460 add example of 'run multiple haproxy ingress controllers as a deployment'
#459 Add information about SSL certificates in the default log level
#456 Avoid upstreams with multiple servers with the same port
#454 Pass request port to real server
#450 fix nginx-tcp-and-udp on same port
#446 remove configmap validations
#445 Remove snakeoil certificate generation
#442 Fix a few bugs in the nginx-ingress-controller Makefile
#441 skip validation when configmap is empty
#439 Avoid a nil-reference when the temporary file cannot be created
#438 Improve English in error messages
#437 Reference constant

0.9-beta.3

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3

New Features:

Custom log formats using log-format-upstream directive in the configuration configmap.
Force redirect to SSL using the annotation ingress.kubernetes.io/force-ssl-redirect
Prometheus metric for VTS status module (transparent, just enable vts stats)
Improved external authentication adding ingress.kubernetes.io/auth-signin annotation. Please check this example

Breaking changes:

ssl-dh-param configuration in configmap is now the name of a secret that contains the Diffie-Hellman key

Changes:

#433 close over the ingress variable or the last assignment will be used
#424 Manually sync secrets from certificate authentication annotations
#423 Scrap json metrics from nginx vts module when enabled
#418 Only update Ingress status for the configured class
#415 Improve external authentication docs
#410 Add support for "signin url"
#409 Allow custom http2 header sizes
#408 Review docs
#406 Add debug info and fix spelling
#402 allow specifying custom dh param
#397 Fix external auth
#394 Update README.md
#392 Fix http2 header size
#391 remove tmp nginx-diff files
#390 Fix RateLimit comment
#385 add Copyright
#382 Ingress Fake Certificate generation
#380 Fix custom log format
#373 Cleanup
#371 add configuration to disable listening on ipv6
#370 Add documentation for ingress.kubernetes.io/force-ssl-redirect
#369 Minor text fix for "ApiServer"
#367 BuildLogFormatUpstream was always using the default log-format
#366 add_judgment
#365 add ForceSSLRedirect ingress annotation
#364 Fix error caused by increasing proxy_buffer_size (#363)
#362 Fix ingress class
#360 add example of 'run multiple nginx ingress controllers as a deployment'
#358 Checks if the TLS secret contains a valid keypair structure
#356 Disable listen only on ipv6 and fix proxy_protocol
#354 add judgment
#352 Add ability to customize upstream and stream log format
#351 Enable custom election id for status sync.
#347 Fix client source IP address
#345 Fix lint error
#344 Refactoring of TCP and UDP services
#343 Fix node lister when --watch-namespace is used
#341 Do not run coverage check in the default target.
#340 Add support for specify proxy cookie path/domain
#337 Fix for formatting error introduced in #304
#335 Fix for vet complaints:
#332 Add annotation to customize nginx configuration
#331 Correct spelling mistake
#328 fix misspell "affinity" in main.go
#326 add nginx daemonset example
#311 Sort stream service ports to avoid extra reloads
#307 Add docs for body-size annotation
#306 modify nginx readme
#304 change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams'

0.9-beta.2

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2

New Features:

New configuration flag proxy-set-headers to allow set custom headers before send traffic to backends. Example here
Disable directive access_log globally using disable-access-log: "true" in the configuration ConfigMap.
Sticky session per Ingress rule using the annotation ingress.kubernetes.io/affinity. Example here

Changes:

#300 Change nginx variable to use in filter of access_log
#296 Fix rewrite regex to match the start of the URL and not a substring
#293 Update makefile gcloud docker command
#290 Update nginx version in ingress controller to 1.11.10
#286 Add logs to help debugging and simplify default upstream configuration
#285 Added a Node StoreLister type
#281 Add chmod up directory tree for world read/execute on directories
#279 fix wrong link in the file of examples/README.md
#275 Pass headers to custom error backend
#272 Fix error getting class information from Ingress annotations
#268 minor: Fix typo in nginx README
#265 Fix rewrite annotation parser
#262 Add nginx README and configuration docs back
#261 types.go: fix typo in godoc
#258 Nginx sticky annotations
#255 Adds support for disabling access_log globally
#247 Fix wrong URL in nginx ingress configuration
#246 Add support for custom proxy headers using a ConfigMap
#244 Add information about cors annotation
#241 correct a spell mistake
#232 Change searchs with searches
#231 Add information about proxy_protocol in port 442
#228 Fix worker check issue
#227 proxy_protocol on ssl_passthrough listener
#223 Fix panic if a tempfile cannot be created
#220 Fixes for minikube usage instructions.
#219 Fix typo, add a couple of links.
#218 Improve links from CONTRIBUTING.
#217 Fix an e2e link.
#212 Simplify code to obtain TCP or UDP services
#208 Fix nil HTTP field
#198 Add an example for static-ip and deployment

0.9-beta.1

Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.1

New Features:

SSL Passthrough
New Flag --publish-service that set the Service fronting the ingress controllers
Ingress status shows the correct IP/hostname address without duplicates
Custom body sizes per Ingress
Prometheus metrics

Breaking changes:

Flag --nginx-configmap was replaced with --configmap
Configmap field body-size was replaced with proxy-body-size

Changes:

#184 Fix template error
#179 Allows the usage of Default SSL Cert
#178 Add initialization of proxy variable
#177 Refactoring sysctlFSFileMax helper
#176 Fix TLS does not get updated when changed
#174 Update nginx to 1.11.9
#172 add some unit test cases for some packages under folder "core.pkg.ingress"
#168 Changes the SSL Temp file to something inside the same SSL Directory
#165 Fix rate limit issue when more than 2 servers enabled in ingress
#161 Document some missing parameters and their defaults for NGINX controller
#158 prefect unit test cases for annotation.proxy
#156 Fix issue for ratelimit
#154 add unit test cases for core.pkg.ingress.annotations.cors
#151 Port in redirect
#150 Add support for custom header sizes
#149 Add flag to allow switch off the update of Ingress status
#148 Add annotation to allow custom body sizes
#145 fix wrong links and punctuations
#144 add unit test cases for core.pkg.k8s
#143 Use protobuf instead of rest to connect to apiserver host and add troubleshooting doc
#142 Use system fs.max-files as limits instead of hard-coded value
#141 Add reuse port and backlog to port 80 and 443
#138 reference to const
#136 Add content and descriptions about nginx's configuration
#135 correct improper punctuation
#134 fix typo
#133 Add TCP and UDP services removed in migration
#132 Document nginx controller configuration tweaks
#128 Add tests and godebug to compare structs
#126 change the type of imagePullPolicy
#123 Add resolver configuration to nginx
#119 add unit test case for annotations.service
#115 add default_server to listen statement for default backend
#114 fix typo
#113 Add condition of enqueue and unit test cases for task.Queue
#108 annotations: print error and skip if malformed
#107 fix some wrong links of examples which to be used for nginx
#103 Update the nginx controller manifests
#101 Add unit test for strings.StringInSlice
#99 Update nginx to 1.11.8
#97 Fix gofmt
#96 Fix typo PassthrougBackends -> PassthroughBackends
#95 Deny location mapping in case of specific errors
#94 Add support to disable server_tokens directive
#93 Fix sort for catch all server
#92 Refactoring of nginx configuration deserialization
#91 Fix x-forwarded-port mapping
#90 fix the wrong link to build/test/release
#89 fix the wrong links to the examples and developer documentation
#88 Fix multiple tls hosts sharing the same secretName
#86 Update X-Forwarded-Port
#82 Fix incorrect X-Forwarded-Port for TLS
#81 Do not push containers to remote repo as part of test-e2e
#78 Fix #76: hardcode X-Forwarded-Port due to SSL Passthrough
#77 Add support for IPV6 in dns resolvers
#66 Start FAQ docs
#65 Support hostnames in Ingress status
#64 Sort whitelist list to avoid random orders
#62 Fix e2e make targets
#61 Ignore coverage profile files
#58 Fix "invalid port in upstream" on nginx controller
#57 Fix invalid port in upstream
#54 Expand developer docs
#52 fix typo in variable ProxyRealIPCIDR
#44 Bump nginx version to one higher than that in contrib
#36 Add nginx metrics to prometheus
#34 nginx: also listen on ipv6
#32 Restart nginx if master process dies
#31 Add healthz checker
#25 Fix a data race in TestFileWatcher
#12 Split implementations from generic code
#10 Copy Ingress history from kubernetes/contrib
#1498 Refactoring of template handling
#1571 use POD_NAMESPACE as a namespace in cli parameters
#1591 Always listen on port 443, even without ingress rules
#1596 Adapt nginx hash sizes to the number of ingress
#1653 Update image version
#1672 Add firewall rules and ing class clarifications
#1711 Add function helpers to nginx template
#1743 Allow customisation of the nginx proxy_buffer_size directive via ConfigMap
#1749 Readiness probe that works behind a CP lb
#1751 Add the name of the upstream in the log
#1758 Update nginx to 1.11.4
#1759 Add support for default backend in Ingress rule
#1762 Add cloud detection
#1766 Clarify the controller uses endpoints and not services
#1767 Update godeps
#1772 Avoid replacing nginx.conf file if the new configuration is invalid
#1773 Add annotation to add CORS support
#1786 Add docs about go template
#1796 Add external authentication support using auth_request
#1802 Initialize proxy_upstream_name variable
#1806 Add docs about the log format
#1808 WebSocket documentation
#1847 Change structure of packages
Add annotation for custom upstream timeouts
Mutual TLS auth (kubernetes-retired/contrib#1870)

0.8.3

#1450 Check for errors in nginx template
#1498 Refactoring of template handling
#1467 Use ClientConfig to configure connection
#1575 Update nginx to 1.11.3

0.8.2

#1336 Add annotation to skip ingress rule
#1338 Add HTTPS default backend
#1351 Avoid generation of invalid ssl certificates
#1379 improve nginx performance
#1350 Improve performance (listen backlog=net.core.somaxconn)
#1384 Unset Authorization header when proxying
#1398 Mitigate HTTPoxy Vulnerability

0.8.1

#1317 Fix duplicated real_ip_header
#1315 Addresses #1314

0.8

#1063 watches referenced tls secrets
#850 adds configurable SSL redirect nginx controller
#1136 Fix nginx rewrite rule order
#1144 Add cidr whitelist support
#1230 Improve docs and examples
#1258 Avoid sync without a reachable
#1235 Fix stats by country in nginx status page
#1236 Update nginx to add dynamic TLS records and spdy
#1238 Add support for dynamic TLS records and spdy
#1239 Add support for conditional log of urls
#1253 Use delayed queue
#1296 Fix formatting
#1299 Fix formatting

0.7

#898 reorder locations. Location / must be the last one to avoid errors routing to subroutes
#946 Add custom authentication (Basic or Digest) to ingress rules
#926 Custom errors should be optional
#1002 Use k8s probes (disable NGINX checks)
#962 Make optional http2
#1054 force reload if some certificate change
#958 update NGINX to 1.11.0 and add digest module
#960 https://trac.nginx.org/nginx/changeset/ce94f07d50826fcc8d48f046fe19d59329420fdb/nginx
#1057 Remove loadBalancer ip on shutdown
#1079 path rewrite
#1093 rate limiting
#1102 geolocation of traffic in stats
#884 support services running ssl
#930 detect changes in configuration configmaps

Files

Changelog.md

Latest commit

History

Changelog.md

File metadata and controls

Changelog

0.25.0

0.24.1

0.24.0

0.23.0

0.22.0

0.21.0

0.20.0

0.19.0

0.18.0

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.0

0.14.0

0.13.0

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.9-beta.19

0.9-beta.18

0.9-beta.17

0.9-beta.16

0.9-beta.15

0.9-beta.14

0.9-beta.13

0.9-beta.12

0.9-beta.11

0.9-beta.10

0.9-beta.9

0.9-beta.8

0.9-beta.7

0.9-beta.6

0.9-beta.5

0.9-beta.4

0.9-beta.3

0.9-beta.2

0.9-beta.1

0.8.3

0.8.2

0.8.1

0.8

0.7