NGINX Documentation

Releases

NGINX Ingress Controller 1.11.1

7 April 2021

CHANGES:

  • Update NGINX version to 1.19.9.
  • Update the OpenSSL libraries used in the UBI images
  • Fixed documentation in the Helm README

HELM CHART:

  • The version of the Helm chart is now 0.9.1.

UPGRADE:

  • For NGINX, use the 1.11.1 image from our DockerHub: nginx/nginx-ingress:1.11.1, nginx/nginx-ingress:1.11.1-alpine or nginx/nginx-ingress:1.11.1-ubi
  • For NGINX Plus, please build your own image using the 1.11.1 source code.
  • For Helm, use version 0.9.1 of the chart.

NGINX Ingress Controller 1.11.0

31 March 2021

OVERVIEW:

Release 1.11.0 includes:

  • Native NGINX Ingress Controller App Protect (WAF) policy
  • TransportServer improvements in terms of reliability, added features and operational aspects
  • Integration of NGINX Ingress Controller with Istio service mesh

You will find the complete changelog for release 1.11.0, including bug fixes, improvements, and changes below.

FEATURES:

  • 1317 Add status field to Policy resource.
  • 1449 Add support for ClusterIP in upstreams in VirtualServers/VirtualServerRoutes.
  • 1413 Add serverSnippets to TransportServer.
  • 1425 Add status field to TransportServer resource.
  • 1384 Add active health checks to TransportServer.
  • 1382 Add passive health checks to TransportServer.
  • 1346 Add configurable timeouts to TransportServer.
  • 1297 Support custom return in the default server. Thanks to 030.

FEATURES FOR NGINX APP PROTECT:

  • 1378 Add WAF Policy.

IMPROVEMENTS:

  • 1420 Support IngressClassName in TransportServer.
  • 1415 Handle host and listener collisions for TransportServer resource.
  • 1322 Improve VirtualServer/VirtualServerRoute warnings for Policies.
  • 1288 Add stricter validation for some ingress annotations.
  • 1241 Refactor Dockerfile and Makefile.
  • Documentation improvements: 1320, 1326, and 1377.

FIXES:

  • 1457 Wait for caches to sync when the Ingress Controller starts.
  • 1444 Fix setting host header in action proxy in VirtualServer/VirtualServerRoute.
  • 1396 Fix reload timeout calculation for verifying NGINX reloads.

HELM CHART:

  • The version of the helm chart is now 0.9.0.

CHANGES:

KNOWN ISSUES:

  • 1448 When an Ingress Controller pod starts, it can report warnings about missing secrets for Ingress and other resources that reference secrets. Those warnings are intermittent - once the Ingress Controller fully processes the resources of the cluster, it will clear the warnings. Only after that, the Ingress Controller will become ready to accept client traffic - its readiness probe will succeed.

UPGRADE:

  • For NGINX, use the 1.11.0 image from our DockerHub: nginx/nginx-ingress:1.11.0, nginx/nginx-ingress:1.11.0-alpine or nginx-ingress:1.11.0-ubi
  • For NGINX Plus, please build your own image using the 1.11.0 source code.
  • For Helm, use version 0.9.0 of the chart.
  • 1241 improved the Makefile. As a result, the commands for building the Ingress Controller image were changed. See the updated commands here.
  • 1241 also consolidated all Dockerfiles into a singe Dockerfile. If you customized any of the Dockerfiles, make sure to port the changes to the new Dockerfile.
  • 1288 further improved validation of Ingress annotations. See this document to learn more about which annotations are validated. Note that the Ingress Controller will reject resources with invalid annotations, which means clients will see 404 responses from NGINX. Before upgrading, ensure the Ingress resources don’t have annotations with invalid values. Otherwise, after the upgrade, the Ingress Controller will reject such resources.
  • 1457 fixed the bug when an Ingress Controller pod could become ready before it generated the configuration for all relevant resources in the cluster. The fix also requires that the Ingress Controller can successfully list the relevant resources from the Kubernetes API. For example, if the -enable-custom-resources cli argument is true (which is the default), the VirtualServer, VirtualServerRoute, TransportServer, and Policy CRDs must be created in the cluster, so that the Ingress Controller can list them. This is similar to other custom resources – see the list here. Thus, before upgrading, make sure that the CRDs are created in the cluster. Otherwise, the Ingress Controller pods will not become ready.

SUPPORTED PLATFORMS:

We will provide technical support for the NGINX Ingress Controller on any Kubernetes platform that is currently supported by its provider and which passes the Kubernetes conformance tests. This release was fully tested on the following Kubernetes versions: 1.16-1.20.

NGINX Ingress Controller 1.10.1

16 March 2021

CHANGES:

  • Update NGINX version to 1.19.8.
  • Add Kubernetes 1.20 support.
  • 1373, 1439, 1440: Fix various issues in the Makefile. In 1.10.0, a bug was introduced that prevented building Ingress Controller images on versions of make < 4.1.

HELM CHART:

  • The version of the Helm chart is now 0.8.1.

UPGRADE:

  • For NGINX, use the 1.10.1 image from our DockerHub: nginx/nginx-ingress:1.10.1, nginx/nginx-ingress:1.10.1-alpine or nginx/nginx-ingress:1.10.1-ubi
  • For NGINX Plus, please build your own image using the 1.10.1 source code.
  • For Helm, use version 0.8.1 of the chart.

NGINX Ingress Controller 1.10.0

26 January 2021

OVERVIEW:

Release 1.10.0 includes:

  • Open ID Connect authentication policy.
  • Improved handling of Secret resources with extended validation and error reporting.
  • Improved visibility with Prometheus metrics for the configuration workqueue and the ability to annotate NGINX logs with the metadata of Kubernetes resources.
  • NGINX App Protect User-Defined signatures support.
  • Improved validation of Ingress annotations.

You will find the complete changelog for release 1.10.0, including bug fixes, improvements, and changes below.

FEATURES FOR POLICY RESOURCE:

  • 1304 Add Open ID Connect policy.

FEATURES FOR NGINX APP PROTECT:

  • 1281 Add support for App Protect User Defined Signatures.

FEATURES:

  • 1266 Add workqueue metrics to Prometheus metrics.
  • 1233 Annotate tcp metrics with k8s object labels.
  • 1231 Support k8s objects variables in log format.

IMPROVEMENTS:

  • 1270 and 1277 Improve validation of Ingress annotations.
  • 1265 Report warnings for misconfigured TLS and JWK secrets.
  • 1262 Use setcap(8) only once. 1263 Use chown(8) only once. 1264 Use mkdir(1) only once. Thanks to Sergey A. Osokin.
  • 1256 and 1260 Improve handling of secret resources.
  • 1240 Validate TLS and CA secrets.
  • 1235 Use buildkit secret flag for NGINX plus images.
  • Documentation improvements: 1282, 1293, 1303, 1315.

HELM CHART:

  • The version of the helm chart is now 0.8.0.
  • 1290 Add new preview policies parameter to chart. controller.enablePreviewPolicies was added.
  • 1232 Replace deprecated imagePullSecrets helm setting. controller.serviceAccount.imagePullSecrets was removed. controller.serviceAccount.imagePullSecretName was added.
  • 1228 Fix installation of ingressclass on Kubernetes versions v1.18.x-*

CHANGES:

  • 1299 Update NGINX App Protect version to 2.3 and debian distribution to debian:buster-slim.
  • 1291 Update NGINX OSS to 1.19.6. Update NGINX Plus to R23.
  • 1290 Graduate policy resource and accessControl policy to generally available.
  • 1225 Require secrets to have types.
  • 1237 Deprecate support for helm2 clients.

UPGRADE:

  • For NGINX, use the 1.10.0 image from our DockerHub: nginx/nginx-ingress:1.10.0, nginx/nginx-ingress:1.10.0-alpine or nginx-ingress:1.10.0-ubi

  • For NGINX Plus, please build your own image using the 1.10.0 source code.

  • For Helm, use version 0.8.0 of the chart.

  • As a result of 1270 and 1277, the Ingress Controller improved validation of Ingress annotations: more annotations are validated and validation errors are reported via events for Ingress resources. Additionally, the default behavior for invalid annotation values was changed: instead of using the default values, the Ingress Controller will reject a resource with an invalid annotation value, which will make clients see 404 responses from NGINX. See this document to learn more. Before upgrading, ensure the Ingress resources don’t have annotations with invalid values. Otherwise, after the upgrade, the Ingress Controller will reject such resources.

  • In 1232 controller.serviceAccount.imagePullSecrets was removed. Use the new controller.serviceAccount.imagePullSecretName instead.

  • The Policy resource was promoted to v1. If you used the alpha1 version, the policies are needed to be recreated with the v1 version. Before upgrading the Ingress Controller, run the following command to remove the alpha1 policies CRD (that will also remove all existing alpha1 policies):

     kubectl delete crd policies.k8s.nginx.org
    

    As part of the upgrade, make sure to create the v1 policies CRD. See the corresponding instructions for the manifests and Helm installations.

    Also note that all policies except for accessControl are still in preview. To enable them, run the Ingress Controller with - -enable-preview-policies command-line argument (controller.enablePreviewPolicies Helm parameter).

  • It is necessary to update secret resources. See the section UPDATING SECRETS below.

UPDATING SECRETS:

In 1225, as part of improving how the Ingress Controller handles secret resources, we added a requirement for secrets to be of one of the following types:

  • kubernetes.io/tls for TLS secrets.
  • nginx.org/jwk for JWK secrets.
  • nginx.org/ca for CA secrets.

The Ingress Controller now ignores secrets that are not of a supported type. As a consequence, special upgrade steps are required.

Before upgrading, ensure that the secrets referenced in Ingress, VirtualServer or Policies resources are of a supported type, which is configured via the type field. Because that field is immutable, it is necessary to either:

  • Recreate the secrets. Note that in this case, the client traffic for the affected resources will be rejected for the period during which a secret doesn’t exist in the cluster.
  • Create copies of the secrets and update the affected resources to reference the copies. The copies need to be of a supported type. In contrast with the previous options, this will not make NGINX reject the client traffic.

It is also necessary to update the default server secret and the wildcard secret (if it was configured) in case their type is not kubernetes.io/tls. The steps depend on how you installed the Ingress Controller: via manifests or Helm. Performing the steps will not lead to a disruption of the client traffic, as the Ingress Controller retains the default and wildcard secrets if they are removed.

For manifests installation:

  1. Recreate the default server secret and the wildcard secret with the type kubernetes.io/tls.
  2. Upgrade the Ingress Controller.

For Helm installation, there two cases:

  1. If Helm created the secrets (you configured controller.defaultTLS.cert and controller.defaultTLS.key for the default secret and controller.wildcardTLS.cert and controller.wildcardTLS.key for the wildcard secret), then no special upgrade steps are required: during the upgrade, the Helm will remove the existing default and wildcard secrets and create new ones with different names with the type kubernetes.io/tls.
  2. If you created the secrets separately from Helm (you configured controller.defaultTLS.secret for the default secret and controller.wildcardTLS.secret for the wildcard secret):
    1. Recreate the secrets with the type kubernetes.io/tls.
    2. Upgrade to the new Helm release.

NOTES:

  • Helm 2 clients are no longer supported due to reaching End of Life: https://helm.sh/blog/helm-2-becomes-unsupported/

NGINX Ingress Controller 1.9.1

23 November 2020

CHANGES:

  • Fix deployment of ingressclass resource via helm on some versions of Kubernetes.
  • Update the base ubi images to 8.3.
  • Renew CA cert for egress-mtls example.
  • Add imagePullSecretName support to helm chart.

HELM CHART:

  • The version of the Helm chart is now 0.7.1.

UPGRADE:

  • For NGINX, use the 1.9.1 image from our DockerHub: nginx/nginx-ingress:1.9.1, nginx/nginx-ingress:1.9.1-alpine or nginx/nginx-ingress:1.9.1-ubi
  • For NGINX Plus, please build your own image using the 1.9.1 source code.
  • For Helm, use version 0.7.1 of the chart.

NGINX Ingress Controller 1.9.0

20 October 2020

OVERVIEW:

Release 1.9.0 includes:

  • Support for new Prometheus metrics and enhancements of the existing ones, including configuration reload reason, NGINX worker processes count, upstream latency, and more.
  • Support for rate limiting, JWT authentication, ingress(client) and egress(upstream) mutual TLS via the Policy resource.
  • Support for the latest Ingress resource features and the IngressClass resource.
  • Support for NGINX Service Mesh.

You will find the complete changelog for release 1.9.0, including bug fixes, improvements, and changes below.

FEATURES FOR POLICY RESOURCE:

  • 1180 Add support for EgressMTLS.
  • 1166 Add IngressMTLS policy support.
  • 1154 Add JWT policy support.
  • 1120 Add RateLimit policy support.
  • 1058 Support policies in VS routes and VSR subroutes.

FEATURES FOR NGINX APP PROTECT:

FEATURES:

  • 1133 Add support for IngressClass resources.
  • 1130 Add prometheus latency collector.
  • 1076 Add prometheus worker process metrics.
  • 1075 Add support for NGINX Service Mesh internal routes.

IMPROVEMENTS:

  • 1178 Resolve host collisions in VirtualServer and Ingresses.
  • 1158 Support variables in action proxy headers.
  • 1137 Add pod_owner label to metrics when -spire-agent-address is set.
  • 1107 Extend Upstream Servers with pod_name label.
  • 1099 Add reason label to total_reload metrics.
  • 1088 Extend Upstream Servers and Server Zones metrics, thanks to Raúl.
  • 1080 Support pathType field in the Ingress resource.
  • 1078 Remove trailing blank lines in vs/vsr snippets.
  • Documentation improvements: 1083, 1092, 1089, 1174, 1175, 1171.

BUGFIXES:

  • 1179 Fix TransportServers in debian AppProtect image.
  • 1129 Support real-ip in default server.
  • 1110 Add missing threat campaigns key to AppProtect CRD.

HELM CHART:

  • The version of the helm chart is now 0.7.0
  • 1105 Fix GlobalConfiguration support in helm chart.
  • Add new parameters to the Chart: controller.setAsDefaultIngress, controller.enableLatencyMetrics. Added in 1133 and 1148.

CHANGES:

  • 1182 Update NGINX version to 1.19.3.

UPGRADE:

  • For NGINX, use the 1.9.0 image from our DockerHub: nginx/nginx-ingress:1.9.0, nginx/nginx-ingress:1.9.0-alpine or nginx-ingress:1.9.0-ubi
  • For NGINX Plus, please build your own image using the 1.9.0 source code.
  • For Helm, use version 0.7.0 of the chart.

For Kubernetes >= 1.18, when upgrading using the manifests, make sure to update the ClusterRole and create the IngressClass resource, which is required for Kubernetes >= 1.18. Otherwise, the Ingress Controller will fail to start. If you run multiple NGINX Ingress Controllers in the cluster, each Ingress Controller must have its own IngressClass resource. As the -use-ingress-class-only argument is now ignored (see NOTES), make sure your Ingress resources have the ingressClassName field or the kubernetes.io/ingress.class annotation set to the name of the IngressClass resource. Otherwise, the Ingress Controller will ignore them.

HELM UPGRADE:

  • If you’re using custom resources like VirtualServer and TransportServer (controller.enableCustomResources is set to true), after you run the helm upgrade command, the CRDs will not be upgraded. After running the helm upgrade command, run kubectl apply -f deployments/helm-chart/crds to upgrade the CRDs.
  • For Kubernetes >= 1.18, a dedicated IngressClass resource, which is configured by controller.ingressClass, is required per helm release. Ensure controller.ingressClass is not set to the name of the IngressClass of other releases or Ingress Controllers. As the controller.useIngressClassOnly parameter is now ignored (see NOTES), make sure your Ingress resources have the ingressClassName field or the kubernetes.io/ingress.class annotation set to the value of controller.ingressClass. Otherwise, the Ingress Controller will ignore them.

NOTES:

  • When using Kubernetes >= 1.18, the -use-ingress-class-only command-line argument is now ignored, and the Ingress Controller will only process resources that belong to its class. See IngressClass doc for more details.
  • For Kubernetes >= 1.18, a dedicated IngressClass resource, which is configured by controller.ingressClass, is required per helm release. When upgrading or installing releases, ensure controller.ingressClass is not set to the name of the IngressClass of other releases or Ingress Controllers.

NGINX Ingress Controller 1.8.1

14 August 2020

CHANGES:

  • Update NGINX version to 1.19.2.

HELM CHART:

  • The version of the Helm chart is now 0.6.1.

UPGRADE:

  • For NGINX, use the 1.8.1 image from our DockerHub: nginx/nginx-ingress:1.8.1, nginx/nginx-ingress:1.8.1-alpine or nginx/nginx-ingress:1.8.1-ubi
  • For NGINX Plus, please build your own image using the 1.8.1 source code.
  • For Helm, use version 0.6.1 of the chart.

NGINX Ingress Controller 1.8.0

1.8.0

22 July 2020

OVERVIEW:

Release 1.8.0 includes:

  • Support for NGINX App Protect Web Application Firewall.
  • Support for configuration snippets and custom template for VirtualServer and VirtualServerRoute resources.
  • Support for request/response header manipulation and request URI rewriting for VirtualServer/VirtualServerRoute.
  • Introducing a new configuration resource - Policy - with the first policy for IP-based access control.

You will find the complete changelog for release 1.8.0, including bug fixes, improvements, and changes below.

FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES:

  • 1036: Add VirtualServer custom template support.
  • 1028: Add access control policy.
  • 1019: Add VirtualServer/VirtualServerRoute snippets support.
  • 1006: Add request/response modifiers to VS and VSR.
  • 994: Support Class Field in VS/VSR.
  • 973: Add status to VirtualServer and VirtualServerRoute.

FEATURES:

  • 1035: Support for App Protect module.
  • 1029: Add readiness endpoint.

IMPROVEMENTS:

BUGFIXES:

  • 1030: Fix port range validation in cli arguments.
  • 953: Fix error logging of master/minion ingresses.

HELM CHART:

  • The version of the helm chart is now 0.6.0.
  • Add new parameters to the Chart: controller.appprotect.enable, controller.globalConfiguration.create, controller.globalConfiguration.spec, controller.readyStatus.enable, controller.readyStatus.port, controller.config.annotations, controller.reportIngressStatus.annotations. Added in 1035, 1034, 1029, 1003 thanks to RubyLangdon.
  • 1047 and 1009: Change how Helm manages the custom resource defintions (CRDs) to support installing multiple Ingress Controller releases. Note: If you’re using the custom resources (controller.enableCustomResources is set to true), this is a breaking change. See the HELM UPGRADE section below for the upgrade instructions.

CHANGES:

  • Update NGINX version to 1.19.1.
  • Update NGINX Plus to R22.
  • 1029: Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port 8081 and the path /nginx-ready. The endpoint returns a 200 response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe.
  • 980: Enable leader election by default.

UPGRADE:

  • For NGINX, use the 1.8.0 image from our DockerHub: nginx/nginx-ingress:1.8.0, nginx/nginx-ingress:1.8.0-alpine or nginx-ingress:1.8.0-ubi
  • For NGINX Plus, please build your own image using the 1.8.0 source code.
  • For Helm, use version 0.6.0 of the chart.

HELM UPGRADE:

If you’re using custom resources like VirtualServer and TransportServer (controller.enableCustomResources is set to true), after you run the helm upgrade command, the CRDs and the corresponding custom resources will be removed from the cluster. Before upgrading, make sure to back up the custom resources. After running the helm upgrade command, run kubectl apply -f deployments/helm-chart/crds to re-install the CRDs and then restore the custom resources.

NOTES:

  • As part of installing a release, Helm will install the CRDs unless that step is disabled (see the corresponding doc). The installed CRDs include the CRDs for all Ingress Controller features, including the ones disabled by default (like App Protect with aplogconfs.appprotect.f5.com and appolicies.appprotect.f5.com CRDs).

NGINX Ingress Controller 1.7.2

23 June 2020

CHANGES:

  • Update NGINX Plus version to R22.

HELM CHART:

  • The version of the Helm chart is now 0.5.2.

UPGRADE:

  • For NGINX, use the 1.7.2 image from our DockerHub: nginx/nginx-ingress:1.7.2, nginx/nginx-ingress:1.7.2-alpine or nginx/nginx-ingress:1.7.2-ubi
  • For NGINX Plus, please build your own image using the 1.7.2 source code.
  • For Helm, use version 0.5.2 of the chart.

NGINX Ingress Controller 1.7.1

4 June 2020

CHANGES:

  • Update NGINX version to 1.19.0.

HELM CHART:

  • The version of the Helm chart is now 0.5.1.

UPGRADE:

  • For NGINX, use the 1.7.1 image from our DockerHub: nginx/nginx-ingress:1.7.1, nginx/nginx-ingress:1.7.1-alpine or nginx/nginx-ingress:1.7.1-ubi
  • For NGINX Plus, please build your own image using the 1.7.1 source code.
  • For Helm, use version 0.5.1 of the chart.

NGINX Ingress Controller 1.7.0

30 April 2020

OVERVIEW:

Release 1.7.0 includes:

  • Support for TCP, UDP, and TLS Passthrough load balancing with the new configuration resources: TransportServer and GlobalConfiguration. The resources allow users to deliver complex, non-HTTP-based applications from Kubernetes using the NGINX Ingress Controller.
  • Support for error pages in VirtualServer and VirtualServerRoute resources. A user can now specify custom error responses for errors returned by backend applications or generated by NGINX, such as a 502 response.
  • Improved validation of VirtualServer and VirtualServerRoute resources. kubectl and the Kubernetes API server can now detect violations of the structure of VirtualServer/VirtualServerRoute resources and return an error.
  • Support for an operator which manages the lifecycle of the Ingress Controller on Kubernetes or OpenShift. See the NGINX Ingress Operator GitHub repo.

See the 1.7.0 release announcement blog post, which includes an overview of each feature.

You will find the complete changelog for release 1.7.0, including bug fixes, improvements, and changes below.

FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES:

  • 868: Add OpenAPI CRD schema validation.
  • 847: Add support for error pages for VS/VSR.

FEATURES:

  • 902: Add TransportServer and GlobalConfiguration Resources.
  • 894: Add Dockerfile for NGINX Open Source for Openshift.
  • 857: Add Openshift Dockerfile for NGINX Plus.
  • 852: Add default-server-access-log-off to configmap.
  • 845: Add log-format-escaping and stream-log-format-escaping configmap keys. Thanks to Alexey Maslov.
  • 827: Add ingress class label to all Prometheus metrics.

IMPROVEMENTS:

  • 850: Extend redirect URI validation with protocol check in VS/VSR.
  • 832: Update the examples to run the nginxdemos/nginx-hello:plain-text image, that doesn’t require root user.
  • 825: Add multi-stage docker builds.

BUGFIXES:

  • 828: Fix error messages for actions of the type return.

HELM CHART:

  • The version of the helm chart is now 0.5.0.
  • Add new parameters to the Chart: controller.enableTLSPassthrough, controller.volumes, controller.volumeMounts, controller.priorityClassName. Added in 921, 878, 807 thanks to Greg Snow.

CHANGES:

  • Update NGINX version to 1.17.10.
  • Update NGINX Plus to R21.
  • 854: Update the Debian base images for NGINX Plus to debian:buster-slim.
  • 852: Add default-server-access-log-off to configmap. The access logs for the default server are now enabled by default.
  • 847: Add support for error pages for VS/VSR. The PR affects how the Ingress Controller generates configuration for VirtualServer and VirtualServerRoutes. See this comment for more details.
  • 827: Add ingress class label to all Prometheus metrics. Every Prometheus metric exposed by the Ingress Controller now includes the label class with the value of the Ingress Controller class (by default nginx),
  • 825: Add multi-stage docker builds. When building the Ingress Controller image in Docker, we now use a multi-stage docker build.

UPGRADE:

  • For NGINX, use the 1.7.0 image from our DockerHub: nginx/nginx-ingress:1.7.0, nginx/nginx-ingress:1.7.0-alpine or nginx-ingress:1.7.0-ubi
  • For NGINX Plus, please build your own image using the 1.7.0 source code.
  • For Helm, use version 0.5.0 of the chart.

When upgrading using the manifests, make sure to deploy the new TransportServer CRD (common/ts-definition.yaml), as it is required by the Ingress Controller. Otherwise, you will get error messages in the Ingress Controller logs.

NGINX Ingress Controller 1.6.3

6 March 2020

CHANGES:

  • Update NGINX version to 1.17.9.

HELM CHART:

  • The version of the Helm chart is now 0.4.3.

UPGRADE:

  • For NGINX, use the 1.6.3 image from our DockerHub: nginx/nginx-ingress:1.6.3 or nginx/nginx-ingress:1.6.3-alpine
  • For NGINX Plus, please build your own image using the 1.6.3 source code.
  • For Helm, use version 0.4.3 of the chart.

NGINX Ingress Controller 1.6.2

6 February 2020

CHANGES:

  • Update NGINX version to 1.17.8.

HELM CHART:

  • The version of the Helm chart is now 0.4.2.

UPGRADE:

  • For NGINX, use the 1.6.2 image from our DockerHub: nginx/nginx-ingress:1.6.2 or nginx/nginx-ingress:1.6.2-alpine
  • For NGINX Plus, please build your own image using the 1.6.2 source code.
  • For Helm, use version 0.4.2 of the chart.

NGINX Ingress Controller 1.6.1

14 January 2020

CHANGES:

  • Update NGINX version to 1.17.7.

HELM CHART:

  • The version of the Helm chart is now 0.4.1.

UPGRADE:

  • For NGINX, use the 1.6.1 image from our DockerHub: nginx/nginx-ingress:1.6.1 or nginx/nginx-ingress:1.6.1-alpine
  • For NGINX Plus, please build your own image using the 1.6.1 source code.
  • For Helm, use version 0.4.1 of the chart.

NGINX Ingress Controller 1.6.0

19 December 2019

OVERVIEW:

Release 1.6.0 includes:

  • Improvements to VirtualServer and VirtualServerRoute resources, adding support for richer load balancing behavior, more sophisticated request routing, redirects, direct responses, and blue-green and circuit breaker patterns. The VirtualServer and VirtualServerRoute resources are enabled by default and are ready for production use.
  • Support for OpenTracing, helping you to monitor and debug complex transactions.
  • An improved security posture, with support to run the Ingress Controller as a non-root user.

The release announcement blog post includes the overview for each feature. See https://www.nginx.com/blog/announcing-nginx-ingress-controller-for-kubernetes-release-1-6-0/

You will find the complete changelog for release 1.6.0, including bug fixes, improvements, and changes below.

FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES:

  • 780: Add support for canned responses to VS/VSR.
  • 778: Add redirect support in VS/VSR.
  • 766: Add exact matches and regex support to location paths in VS/VSR.
  • 748: Add TLS redirect support in Virtualserver.
  • 745: Improve routing rules in VS/VSR
  • 728: Add session persistence in VS/VSR.
  • 724: Add VS/VSR Prometheus metrics.
  • 712: Add service subselector support in vs/vsr.
  • 707: Emit warning events in VS/VSR.
  • 701: Add support queue in upstreams for plus in VS/VSR.
  • 693: Add ServerStatusZones support in vs/vsr.
  • 670: Add buffering support for vs/vsr.
  • 660: Add ClientBodyMaxSize support in vs/vsr.
  • 659: Support configuring upstream zone sizes in VS/VSR.
  • 655: Add slow-start support in vs/vsr.
  • 653: Add websockets support for vs/vsr upstreams.
  • 641: Add support for ExternalName Services for vs/vsr.
  • 635: Add HealthChecks support for vs/vsr.
  • 634: Add Active Connections support to vs/vsr.
  • 628: Add retries support for vs/vsr.
  • 621: Add TLS support for vs/vsr upstreams.
  • 617: Add keepalive support to vs/vsr.
  • 612: Add timeouts support to vs/vsr.
  • 607: Add fail-timeout and max-fails support to vs/vsr.
  • 596: Add lb-method support in vs and vsr.

FEATURES:

  • 750: Add support for health status uri customisation.
  • 691: Helper Functions for custom annotations.
  • 631: Add max_conns support for NGINX plus.
  • 629: Added upstream zone directive annotation. Thanks to Victor Regalado.
  • 616: Add proxy-send-timeout to configmap key and annotation.
  • 615: Add support for Opentracing.
  • 614: Add max-conns annotation. Thanks to Victor Regalado.

IMPROVEMENTS:

  • 678: Increase defaults for server-names-hash-max-size and servers-names-hash-bucket-size ConfigMap keys.
  • 694: Reject VS/VSR resources with enabled plus features for OSS.
  • Documentation improvements: 713 thanks to Matthew Wahner.

BUGFIXES:

  • 788: Fix VSR updates when namespace is set implicitly.
  • 736: Init Ingress labeled metrics on start.
  • 686: Check if config map created for leader-election.
  • 664: Fix reporting events for Ingress minions.
  • 632: Fix hsts support when not using SSL. Thanks to Martín Fernández.

HELM CHART:

  • The version of the helm chart is now 0.4.0.
  • Add new parameters to the Chart: controller.healthCheckURI, controller.resources, controller.logLevel, controller.customPorts, controller.service.customPorts. Added in 750, 636 thanks to Guilherme Oki, 600, 581 thanks to Alex Meijer.
  • 722: Fix trailing leader election cm when using helm. This change might lead to a failed upgrade. See the helm upgrade instruction below.
  • 573: Use Controller name value for app selectors.

CHANGES:

  • Update NGINX versions to 1.17.6.
  • Update NGINX Plus version to R20.
  • 799: Enable CRDs by default. VirtualServer and VirtualServerRoute resources are now enabled by default.
  • 772: Update VS/VSR version from v1alpha1 to v1. Make sure to update the apiVersion of your VirtualServer and VirtualServerRoute resources.
  • 748: Add TLS redirect support in VirtualServer. The redirect-to-https and ssl-redirect ConfigMap keys no longer have any effect on generated configs for VirtualServer resources.
  • 745: Improve routing rules. Update the spec of VirtualServer and VirtualServerRoute accordingly. See YAML examples of the changes here.
  • 710: Run IC as non-root. Make sure to use the updated manifests to install/upgrade the Ingress Controller.
  • 603: Update apiVersion in Deployments and DaemonSets to apps/v1.

UPGRADE:

  • For NGINX, use the 1.6.0 image from our DockerHub: nginx/nginx-ingress:1.6.0 or nginx/nginx-ingress:1.6.0-alpine
  • For NGINX Plus, please build your own image using the 1.6.0 source code.
  • For Helm, use version 0.4.0 of the chart.

HELM UPGRADE:

If leader election (the controller.reportIngressStatus.enableLeaderElection parameter) is enabled, when upgrading to the new version of the Helm chart:

  1. Make sure to specify a new ConfigMap lock name (controller.reportIngressStatus.leaderElectionLockName) different from the one that was created by the current version. To find out the current name, check ConfigMap resources in the namespace where the Ingress Controller is running.
  2. After the upgrade, delete the old ConfigMap.

Otherwise, the helm upgrade will not succeed.

Previous Releases

To see the previous releases, see the Releases page on the Ingress Controller GitHub repo.