From b64a2f23f5dd3ba99ebcf93a1671f1fb760cbb7a Mon Sep 17 00:00:00 2001 From: Sean O'Neill <78733408+soneillf5@users.noreply.github.com> Date: Wed, 31 Mar 2021 09:19:50 +0100 Subject: [PATCH] Release 1.11.0 (#1464) --- CHANGELOG.md | 55 +++++--- Makefile | 2 +- README.md | 4 +- deployments/daemon-set/nginx-ingress.yaml | 4 +- .../daemon-set/nginx-plus-ingress.yaml | 6 +- deployments/deployment/nginx-ingress.yaml | 4 +- .../deployment/nginx-plus-ingress.yaml | 4 +- deployments/helm-chart/Chart.yaml | 8 +- deployments/helm-chart/README.md | 9 +- deployments/helm-chart/values-icp.yaml | 2 +- deployments/helm-chart/values-plus.yaml | 2 +- deployments/helm-chart/values.yaml | 2 +- docs-web/app-protect/configuration.md | 4 +- docs-web/app-protect/installation.md | 2 +- .../configuration/configuration-examples.md | 4 +- .../configmap-resource.md | 132 +++++++++--------- .../global-configuration/custom-templates.md | 2 +- .../globalconfiguration-resource.md | 2 +- .../handling-host-and-listener-collisions.md | 2 +- ...advanced-configuration-with-annotations.md | 36 ++--- .../ingress-resources/basic-configuration.md | 2 +- .../cross-namespace-configuration.md | 4 +- .../ingress-resources/custom-annotations.md | 4 +- docs-web/configuration/policy-resource.md | 4 +- .../configuration/transportserver-resource.md | 4 +- ...server-and-virtualserverroute-resources.md | 6 +- docs-web/index.rst | 1 - .../building-ingress-controller-image.md | 5 +- .../installation/installation-with-helm.md | 15 +- .../installation-with-manifests.md | 1 + .../installation-with-operator.md | 6 +- docs-web/integration-with-cis.md | 114 --------------- docs-web/releases.md | 93 +++++++++++- docs-web/technical-specifications.md | 6 +- docs-web/third-party-modules/opentracing.md | 2 +- docs/nginx-ingress-controllers.md | 2 +- 36 files changed, 273 insertions(+), 282 deletions(-) delete mode 100644 docs-web/integration-with-cis.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 25b0a218bd..0781eb26e8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,26 @@ # Changelog +### 1.11.0 + +An automatically generated list of changes can be found on Github at: [1.11.0 Release](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.11.0) + +A curated list of changes can be found in the [Releases](http://docs.nginx.com/nginx-ingress-controller/releases/) page on NGINX Documentation website. + +### 1.10.1 + +CHANGES: +* Update NGINX version to 1.19.8. +* Add Kubernetes 1.20 support. +* [1373](https://github.com/nginxinc/kubernetes-ingress/pull/1373), [1439](https://github.com/nginxinc/kubernetes-ingress/pull/1439), [1440](https://github.com/nginxinc/kubernetes-ingress/pull/1440): Fix various issues in the Makefile. In 1.10.0, a bug was introduced that prevented building Ingress Controller images on versions of make < 4.1. + +HELM CHART: +* The version of the Helm chart is now 0.8.1. + +UPGRADE: +* For NGINX, use the 1.10.1 image from our DockerHub: `nginx/nginx-ingress:1.10.1`, `nginx/nginx-ingress:1.10.1-alpine` or `nginx/nginx-ingress:1.10.1-ubi` +* For NGINX Plus, please build your own image using the 1.10.1 source code. +* For Helm, use version 0.8.1 of the chart. + ### 1.10.0 OVERVIEW: @@ -194,16 +215,16 @@ UPGRADE: OVERVIEW: Release 1.8.0 includes: -* Support for NGINX App Protect Web Application Firewall. +* Support for NGINX App Protect Web Application Firewall. * Support for configuration snippets and custom template for VirtualServer and VirtualServerRoute resources. * Support for request/response header manipulation and request URI rewriting for VirtualServer/VirtualServerRoute. -* Introducing a new configuration resource - Policy - with the first policy for IP-based access control. +* Introducing a new configuration resource - Policy - with the first policy for IP-based access control. You will find the complete changelog for release 1.8.0, including bug fixes, improvements, and changes below. FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: * [1036](https://github.com/nginxinc/kubernetes-ingress/pull/1036): Add VirtualServer custom template support. -* [1028](https://github.com/nginxinc/kubernetes-ingress/pull/1028): Add access control policy. +* [1028](https://github.com/nginxinc/kubernetes-ingress/pull/1028): Add access control policy. * [1019](https://github.com/nginxinc/kubernetes-ingress/pull/1019): Add VirtualServer/VirtualServerRoute snippets support. * [1006](https://github.com/nginxinc/kubernetes-ingress/pull/1006): Add request/response modifiers to VS and VSR. * [994](https://github.com/nginxinc/kubernetes-ingress/pull/994): Support Class Field in VS/VSR. @@ -223,13 +244,13 @@ BUGFIXES: HELM CHART: * The version of the helm chart is now 0.6.0. -* Add new parameters to the Chart: `controller.appprotect.enable`, `controller.globalConfiguration.create`, `controller.globalConfiguration.spec`, `controller.readyStatus.enable`, `controller.readyStatus.port`, `controller.config.annotations`, `controller.reportIngressStatus.annotations`. Added in [1035](https://github.com/nginxinc/kubernetes-ingress/pull/1035), [1034](https://github.com/nginxinc/kubernetes-ingress/pull/1034), [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029), [1003](https://github.com/nginxinc/kubernetes-ingress/pull/1003) thanks to [RubyLangdon](https://github.com/RubyLangdon). +* Add new parameters to the Chart: `controller.appprotect.enable`, `controller.globalConfiguration.create`, `controller.globalConfiguration.spec`, `controller.readyStatus.enable`, `controller.readyStatus.port`, `controller.config.annotations`, `controller.reportIngressStatus.annotations`. Added in [1035](https://github.com/nginxinc/kubernetes-ingress/pull/1035), [1034](https://github.com/nginxinc/kubernetes-ingress/pull/1034), [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029), [1003](https://github.com/nginxinc/kubernetes-ingress/pull/1003) thanks to [RubyLangdon](https://github.com/RubyLangdon). * [1047](https://github.com/nginxinc/kubernetes-ingress/pull/1047) and [1009](https://github.com/nginxinc/kubernetes-ingress/pull/1009): Change how Helm manages the custom resource defintions (CRDs) to support installing multiple Ingress Controller releases. **Note**: If you're using the custom resources (`controller.enableCustomResources` is set to `true`), this is a breaking change. See the HELM UPGRADE section below for the upgrade instructions. CHANGES: * Update NGINX version to 1.19.1. * Update NGINX Plus to R22. -* [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029): Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port `8081` and the path `/nginx-ready`. The endpoint returns a `200` response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe. +* [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029): Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port `8081` and the path `/nginx-ready`. The endpoint returns a `200` response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe. * [980](https://github.com/nginxinc/kubernetes-ingress/pull/980): Enable leader election by default. UPGRADE: @@ -368,7 +389,7 @@ UPGRADE: OVERVIEW: -Release 1.6.0 includes: +Release 1.6.0 includes: * Improvements to VirtualServer and VirtualServerRoute resources, adding support for richer load balancing behavior, more sophisticated request routing, redirects, direct responses, and blue-green and circuit breaker patterns. The VirtualServer and VirtualServerRoute resources are enabled by default and are ready for production use. * Support for OpenTracing, helping you to monitor and debug complex transactions. * An improved security posture, with support to run the Ingress Controller as a non-root user. @@ -405,7 +426,7 @@ FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: * [596](https://github.com/nginxinc/kubernetes-ingress/pull/596): Add lb-method support in vs and vsr. FEATURES: -* [750](https://github.com/nginxinc/kubernetes-ingress/pull/750): Add support for health status uri customisation. +* [750](https://github.com/nginxinc/kubernetes-ingress/pull/750): Add support for health status uri customisation. * [691](https://github.com/nginxinc/kubernetes-ingress/pull/691): Helper Functions for custom annotations. * [631](https://github.com/nginxinc/kubernetes-ingress/pull/631): Add max_conns support for NGINX plus. * [629](https://github.com/nginxinc/kubernetes-ingress/pull/629): Added upstream zone directive annotation. Thanks to [Victor Regalado](https://github.com/vrrs). @@ -563,7 +584,7 @@ UPGRADE: HELM UPGRADE: -In the changelog of Release 1.5.0, we advised not to upgrade the helm chart from `0.2.1` to `0.3.0` unless the mentioned in the changelog problems were acceptable. This release we provide mitigation instructions on how to upgrade from `0.2.1` to `0.3.1` without disruptions. +In the changelog of Release 1.5.0, we advised not to upgrade the helm chart from `0.2.1` to `0.3.0` unless the mentioned in the changelog problems were acceptable. This release we provide mitigation instructions on how to upgrade from `0.2.1` to `0.3.1` without disruptions. When you upgrade from `0.2.1` to `0.3.1`, make sure to configure the following parameters: * `controller.name` is set to `nginx-ingress` or the previously used value in case you customized it. This ensures the Deployment/Daemonset will not be recreated. @@ -591,9 +612,9 @@ BUGFIXES: HELM CHART: * The version of the helm chart is now 0.3.0. -* The helm chart is now available in our helm chart repo `helm.nginx.com/stable`. +* The helm chart is now available in our helm chart repo `helm.nginx.com/stable`. * Add new parameters to the Chart: `controller.service.httpPort.targetPort`, `controller.service.httpsPort.targetPort`, `controller.service.name`, `controller.pod.annotations`, `controller.config.name`, `controller.reportIngressStatus.leaderElectionLockName`, `controller.service.httpPort`, `controller.service.httpsPort`, `controller.service.loadBalancerIP`, `controller.service.loadBalancerSourceRanges`, `controller.tolerations`, `controller.affinity`. Added in [562](https://github.com/nginxinc/kubernetes-ingress/pull/562), [561](https://github.com/nginxinc/kubernetes-ingress/pull/561), [553](https://github.com/nginxinc/kubernetes-ingress/pull/553), [534](https://github.com/nginxinc/kubernetes-ingress/pull/534) thanks to [Paulo Ribeiro](https://github.com/paigr), [479](https://github.com/nginxinc/kubernetes-ingress/pull/479) thanks to [Alejandro Llanes](https://github.com/sombralibre), [468](https://github.com/nginxinc/kubernetes-ingress/pull/468), [456](https://github.com/nginxinc/kubernetes-ingress/pull/456). -* [546](https://github.com/nginxinc/kubernetes-ingress/pull/546): Support deploying multiple Ingress Controllers in a cluster. **Note**: The generated resources have new names that are unique for each Ingress Controller. As a consequence, the name change affects the upgrade. See the HELM UPGRADE section for more information. +* [546](https://github.com/nginxinc/kubernetes-ingress/pull/546): Support deploying multiple Ingress Controllers in a cluster. **Note**: The generated resources have new names that are unique for each Ingress Controller. As a consequence, the name change affects the upgrade. See the HELM UPGRADE section for more information. * [542](https://github.com/nginxinc/kubernetes-ingress/pull/542): Reduce the required privileges in the RBAC manifests. CHANGES: @@ -608,8 +629,8 @@ UPGRADE: HELM UPGRADE: The new version of the helm chart uses different names for the generated resources. This makes it possible to deploy multiple Ingress Controllers in a cluster. However, as a side effect, during the upgrade from the previous version, helm will recreate the resources, instead of updating the existing ones. This, in turn, might cause problems for the following resources: -* Service: If the service was created with the type LoadBalancer, the public IP of the new service might change. Additionally, helm updates the selector of the service, so that the old pods will be immediately excluded from the service. -* Deployment/DaemonSet: Because the resource is recreated, the old pods will be removed and the new ones will be launched, instead of the default Deployment/Daemonset upgrade strategy. +* Service: If the service was created with the type LoadBalancer, the public IP of the new service might change. Additionally, helm updates the selector of the service, so that the old pods will be immediately excluded from the service. +* Deployment/DaemonSet: Because the resource is recreated, the old pods will be removed and the new ones will be launched, instead of the default Deployment/Daemonset upgrade strategy. * ConfigMap: After the helm removes the resource, the old Ingress Controller pods will be immediately reconfigured to use the default values of the ConfigMap keys. During a small window between the reconfiguration and the shutdown of the old pods, NGINX will use the configuration with the default values. We advise not to upgrade to the new version of the helm chart unless the mentioned problems are acceptable for your case. We will provide special upgrade instructions for helm that mitigate the problems for the next minor release of the Ingress Controller (1.5.1). @@ -717,7 +738,7 @@ HELM CHART: * The version of the Helm chart is now 0.2.0. CHANGES: -* Update NGINX version to 1.15.6. +* Update NGINX version to 1.15.6. * Update NGINX Plus version to R16p1. * Update NGINX Prometheus Exporter to 0.2.0. * [430](https://github.com/nginxinc/kubernetes-ingress/pull/430): Add the `controller.serviceAccount.imagePullSecrets` parameter to the helm chart. **Note**: the `controller.serviceAccountName` parameter has been changed to `controller.serviceAccount.name`. @@ -786,13 +807,13 @@ UPGRADE: * [278](https://github.com/nginxinc/kubernetes-ingress/pull/278): Fix mergeable Ingress types. * [277](https://github.com/nginxinc/kubernetes-ingress/pull/277): Support grpc error responses. * [276](https://github.com/nginxinc/kubernetes-ingress/pull/276): Add gRPC support. -* [274](https://github.com/nginxinc/kubernetes-ingress/pull/274): Change the default load balancing method to least_conn. +* [274](https://github.com/nginxinc/kubernetes-ingress/pull/274): Change the default load balancing method to least_conn. * [272](https://github.com/nginxinc/kubernetes-ingress/pull/272): Move nginx-ingress image to the official nginx DockerHub. -* [268](https://github.com/nginxinc/kubernetes-ingress/pull/268): Correct Mergeable Types misspelling and optimize blacklists. Thanks to [Fernando Diaz](https://github.com/diazjf). +* [268](https://github.com/nginxinc/kubernetes-ingress/pull/268): Correct Mergeable Types misspelling and optimize blacklists. Thanks to [Fernando Diaz](https://github.com/diazjf). * [266](https://github.com/nginxinc/kubernetes-ingress/pull/266): Add support for passive health checks. * [261](https://github.com/nginxinc/kubernetes-ingress/pull/261): Update Customization Example. * [258](https://github.com/nginxinc/kubernetes-ingress/pull/258): Handle annotations and conflicting paths for MergeableTypes. Thanks to [Fernando Diaz](https://github.com/diazjf). -* [256](https://github.com/nginxinc/kubernetes-ingress/pull/256): Add helm chart support. +* [256](https://github.com/nginxinc/kubernetes-ingress/pull/256): Add helm chart support. * [249](https://github.com/nginxinc/kubernetes-ingress/pull/249): Add support for prometheus for Plus. * [241](https://github.com/nginxinc/kubernetes-ingress/pull/241): Update the doc about building the Docker image. * [240](https://github.com/nginxinc/kubernetes-ingress/pull/240): Use new NGINX Plus API. @@ -835,7 +856,7 @@ UPGRADE: * [175](https://github.com/nginxinc/kubernetes-ingress/pull/175): Add support for JWT for NGINX Plus. * [171](https://github.com/nginxinc/kubernetes-ingress/pull/171): Allow NGINX to listen on non-standard ports. Thanks to [Stanislav Seletskiy](https://github.com/seletskiy). -* [170](https://github.com/nginxinc/kubernetes-ingress/pull/170): Add the default server. **Note**: The Ingress controller will fail to start if there are no cert and key for the default server. You can pass a TLS Secret for the default server as an argument to the Ingress controller or add a cert and a key to the Docker image. +* [170](https://github.com/nginxinc/kubernetes-ingress/pull/170): Add the default server. **Note**: The Ingress controller will fail to start if there are no cert and key for the default server. You can pass a TLS Secret for the default server as an argument to the Ingress controller or add a cert and a key to the Docker image. * [169](https://github.com/nginxinc/kubernetes-ingress/pull/169): Ignore Ingress resources with empty hostnames. * [168](https://github.com/nginxinc/kubernetes-ingress/pull/168): Add the `nginx.org/lb-method` annotation. Thanks to [Sajal Kayan](https://github.com/sajal). * [166](https://github.com/nginxinc/kubernetes-ingress/pull/166): Watch Secret resources for updates. **Note**: If a Secret referenced by one or more Ingress resources becomes invalid or gets removed, the configuration for those Ingress resources will be disabled until there is a valid Secret. diff --git a/Makefile b/Makefile index ea3b830b23..3f6684fa2e 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION = edge +VERSION = 1.11.0 TAG = $(VERSION) PREFIX = nginx/nginx-ingress GOFLAGS ?= -mod=vendor diff --git a/README.md b/README.md index 8fbbfe9a85..d55587890e 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ Read [this doc](docs/nginx-plus.md) to learn more about NGINX Ingress controller We publish Ingress controller releases on GitHub. See our [releases page](https://github.com/nginxinc/kubernetes-ingress/releases). -The latest stable release is [1.10.0](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.10.0). For production use, we recommend that you choose the latest stable release. As an alternative, you can choose the *edge* version built from the [latest commit](https://github.com/nginxinc/kubernetes-ingress/commits/master) from the master branch. The edge version is useful for experimenting with new features that are not yet published in a stable release. +The latest stable release is [1.11.0](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.11.0). For production use, we recommend that you choose the latest stable release. As an alternative, you can choose the *edge* version built from the [latest commit](https://github.com/nginxinc/kubernetes-ingress/commits/master) from the master branch. The edge version is useful for experimenting with new features that are not yet published in a stable release. To use the Ingress controller, you need to have access to: * An Ingress controller image. @@ -66,7 +66,7 @@ The table below summarizes the options regarding the images, manifests, helm cha | Version | Description | Image for NGINX | Image for NGINX Plus | Installation Manifests and Helm Chart | Documentation and Examples | | ------- | ----------- | --------------- | -------------------- | ---------------------------------------| -------------------------- | -| Latest stable release | For production use | `nginx/nginx-ingress:1.10.0`, `nginx/nginx-ingress:1.10.0-alpine` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | +| Latest stable release | For production use | `nginx/nginx-ingress:1.11.0`, `nginx/nginx-ingress:1.11.0-alpine` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | | Edge | For testing and experimenting | `nginx/nginx-ingress:edge`, `nginx/nginx-ingress:edge-alpine` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/master/docs-web/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/master/docs-web/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments/helm-chart). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/master/docs-web). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples). | ## Contacts diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index c450f7c523..90307902d4 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -17,8 +17,8 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx/nginx-ingress:edge - imagePullPolicy: Always + - image: nginx/nginx-ingress:1.11.0 + imagePullPolicy: IfNotPresent name: nginx-ingress ports: - name: http diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index 191926d19d..615eb86237 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -17,8 +17,8 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx-plus-ingress:edge - imagePullPolicy: Always + - image: nginx-plus-ingress:1.11.0 + imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: - name: http @@ -57,7 +57,7 @@ spec: - -nginx-plus - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret - #- -enable-app-protect + #- -enable-app-protect #- -v=3 # Enables extensive logging. Useful for troubleshooting. #- -report-ingress-status #- -external-service=nginx-ingress diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index 51c39fd765..f627337970 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -18,8 +18,8 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx/nginx-ingress:edge - imagePullPolicy: Always + - image: nginx/nginx-ingress:1.11.0 + imagePullPolicy: IfNotPresent name: nginx-ingress ports: - name: http diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index be871f75b5..09d91751b3 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -18,8 +18,8 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx-plus-ingress:edge - imagePullPolicy: Always + - image: nginx-plus-ingress:1.11.0 + imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: - name: http diff --git a/deployments/helm-chart/Chart.yaml b/deployments/helm-chart/Chart.yaml index a5d28b320b..7874381c2a 100644 --- a/deployments/helm-chart/Chart.yaml +++ b/deployments/helm-chart/Chart.yaml @@ -1,13 +1,13 @@ name: nginx-ingress -version: 0.0.0-edge -appVersion: edge +version: 0.9.0 +appVersion: 1.11.0 apiVersion: v1 kubeVersion: ">= 1.16.0-0" description: NGINX Ingress Controller -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/master/deployments/helm-chart/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v1.11.0/deployments/helm-chart/chart-icon.png home: https://github.com/nginxinc/kubernetes-ingress sources: - - https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments/helm-chart + - https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/deployments/helm-chart keywords: - ingress - nginx diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index d87cbc4897..c8635f7eda 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -24,6 +24,7 @@ This step is required if you're installing the chart using its sources. Addition 2. Change your working directory to /deployments/helm-chart: ```console $ cd kubernetes-ingress/deployments/helm-chart + $ git checkout v1.11.0 ``` ## Adding the Helm Repository @@ -49,12 +50,12 @@ To install the chart with the release name my-release (my-release is the name th For NGINX: ```console -$ helm install my-release nginx-edge/nginx-ingress --devel +$ helm install my-release nginx-stable/nginx-ingress --devel ``` For NGINX Plus: (assuming you have pushed the Ingress controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) ```console -$ helm install my-release nginx-edge/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true --devel +$ helm install my-release nginx-stable/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true --devel ``` ### Installing Using Chart Sources @@ -101,7 +102,7 @@ $ helm upgrade my-release . #### Upgrade via Helm Repository: ```console -$ helm upgrade my-release nginx-edge/nginx-ingress +$ helm upgrade my-release nginx-stable/nginx-ingress ``` ## Uninstalling the Chart @@ -145,7 +146,7 @@ Parameter | Description | Default `controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false `controller.logLevel` | The log level of the Ingress Controller. | 1 `controller.image.repository` | The image repository of the Ingress controller. | nginx/nginx-ingress -`controller.image.tag` | The tag of the Ingress controller image. | edge +`controller.image.tag` | The tag of the Ingress controller image. | 1.11.0 `controller.image.pullPolicy` | The pull policy for the Ingress controller image. | IfNotPresent `controller.config.name` | The name of the ConfigMap used by the Ingress controller. | Autogenerated `controller.config.annotations` | The annotations of the Ingress controller configmap. | {} diff --git a/deployments/helm-chart/values-icp.yaml b/deployments/helm-chart/values-icp.yaml index 71b0b7ab37..b515691db8 100644 --- a/deployments/helm-chart/values-icp.yaml +++ b/deployments/helm-chart/values-icp.yaml @@ -3,7 +3,7 @@ controller: nginxplus: true image: repository: mycluster.icp:8500/kube-system/nginx-plus-ingress - tag: "edge" + tag: "1.11.0" nodeSelector: beta.kubernetes.io/arch: "amd64" proxy: true diff --git a/deployments/helm-chart/values-plus.yaml b/deployments/helm-chart/values-plus.yaml index e30a6553bf..8edf073822 100644 --- a/deployments/helm-chart/values-plus.yaml +++ b/deployments/helm-chart/values-plus.yaml @@ -2,4 +2,4 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "edge" + tag: "1.11.0" diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index bbcbcde5a6..ab2df88824 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -36,7 +36,7 @@ controller: repository: nginx/nginx-ingress ## The tag of the Ingress controller image. - tag: "edge" + tag: "1.11.0" ## The pull policy for the Ingress controller image. pullPolicy: IfNotPresent diff --git a/docs-web/app-protect/configuration.md b/docs-web/app-protect/configuration.md index 031ed402cb..def59560cf 100644 --- a/docs-web/app-protect/configuration.md +++ b/docs-web/app-protect/configuration.md @@ -1,12 +1,12 @@ # Configuration This document describes how to configure the NGINX App Protect module -> Check out the complete [NGINX Ingress Controller with App Protect example resources on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/appprotect). +> Check out the complete [NGINX Ingress Controller with App Protect example resources on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples/appprotect). ## Global Configuration The NGINX Ingress Controller has a set of global configuration parameters that align with those available in the NGINX App Protect module. See [ConfigMap keys](/nginx-ingress-controller/configuration/global-configuration/configmap-resource/#modules) for the complete list. The App Protect parameters use the `app-protect*` prefix. -> Check out the complete [NGINX Ingress Controller with App Protect example resources on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/appprotect). +> Check out the complete [NGINX Ingress Controller with App Protect example resources on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples/appprotect). ## Enable App Protect for an Ingress Resource diff --git a/docs-web/app-protect/installation.md b/docs-web/app-protect/installation.md index 1b7ec7a8a7..c24334c7dc 100644 --- a/docs-web/app-protect/installation.md +++ b/docs-web/app-protect/installation.md @@ -37,4 +37,4 @@ Take the steps below to set up and deploy the NGINX Ingress Controller and App P 3. Enable the App Protect module by adding the `enable-app-protect` [cli argument](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-app-protect) to your Deployment or DaemonSet file. 4. [Deploy the Ingress Controller](/nginx-ingress-controller/installation/installation-with-manifests/#deploy-the-ingress-controller). -For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect/configuration) and the [NGINX Ingress Controller with App Protect examples on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/appprotect). +For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect/configuration) and the [NGINX Ingress Controller with App Protect examples on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples/appprotect). diff --git a/docs-web/configuration/configuration-examples.md b/docs-web/configuration/configuration-examples.md index e26dede10a..ddcdd5f242 100644 --- a/docs-web/configuration/configuration-examples.md +++ b/docs-web/configuration/configuration-examples.md @@ -1,5 +1,5 @@ # Configuration Examples Our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress) includes a number of configuration examples: -* [*Examples*](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples) show how to use advanced NGINX features in Ingress resources with annotations. -* [*Examples of Custom Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples-of-custom-resources) show how to use VirtualServer and VirtualServerResources for a few use cases. +* [*Examples*](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples) show how to use advanced NGINX features in Ingress resources with annotations. +* [*Examples of Custom Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples-of-custom-resources) show how to use VirtualServer and VirtualServerResources for a few use cases. diff --git a/docs-web/configuration/global-configuration/configmap-resource.md b/docs-web/configuration/global-configuration/configmap-resource.md index 1cb2fd6d09..65670735c0 100644 --- a/docs-web/configuration/global-configuration/configmap-resource.md +++ b/docs-web/configuration/global-configuration/configmap-resource.md @@ -73,47 +73,47 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``proxy-connect-timeout`` - Sets the value of the `proxy_connect_timeout `_ and `grpc_connect_timeout `_ directive. - ``60s`` - - + - * - ``proxy-read-timeout`` - Sets the value of the `proxy_read_timeout `_ and `grpc_read_timeout `_ directive. - ``60s`` - - + - * - ``proxy-send-timeout`` - Sets the value of the `proxy_send_timeout `_ and `grpc_send_timeout `_ directive. - ``60s`` - - + - * - ``client-max-body-size`` - Sets the value of the `client_max_body_size `_ directive. - ``1m`` - - + - * - ``proxy-buffering`` - Enables or disables `buffering of responses `_ from the proxied server. - ``True`` - - + - * - ``proxy-buffers`` - Sets the value of the `proxy_buffers `_ directive. - Depends on the platform. - - + - * - ``proxy-buffer-size`` - Sets the value of the `proxy_buffer_size `_ and `grpc_buffer_size `_ directives. - Depends on the platform. - - + - * - ``proxy-max-temp-file-size`` - Sets the value of the `proxy_max_temp_file_size `_ directive. - ``1024m`` - - + - * - ``set-real-ip-from`` - Sets the value of the `set_real_ip_from `_ directive. - N/A - - + - * - ``real-ip-header`` - Sets the value of the `real_ip_header `_ directive. - ``X-Real-IP`` - - + - * - ``real-ip-recursive`` - Enables or disables the `real_ip_recursive `_ directive. - ``False`` - - + - * - ``default-server-return`` - Configures the `return `_ directive in the default server, which handles a client request if none of the hosts of Ingress or VirtualServer resources match. The default value configures NGINX to return a 404 error page. You can configure a fixed response or a redirect. For example, ``default-server-return: 302 https://nginx.org`` will redirect a client to ``https://nginx.org``. - ``404`` @@ -121,67 +121,67 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``server-tokens`` - Enables or disables the `server_tokens `_ directive. Additionally, with the NGINX Plus, you can specify a custom string value, including the empty string value, which disables the emission of the “Server” field. - ``True`` - - + - * - ``worker-processes`` - Sets the value of the `worker_processes `_ directive. - ``auto`` - - + - * - ``worker-rlimit-nofile`` - Sets the value of the `worker_rlimit_nofile `_ directive. - N/A - - + - * - ``worker-connections`` - Sets the value of the `worker_connections `_ directive. - ``1024`` - - + - * - ``worker-cpu-affinity`` - Sets the value of the `worker_cpu_affinity `_ directive. - N/A - - + - * - ``worker-shutdown-timeout`` - Sets the value of the `worker_shutdown_timeout `_ directive. - N/A - - + - * - ``server-names-hash-bucket-size`` - Sets the value of the `server_names_hash_bucket_size `_ directive. - ``256`` - - + - * - ``server-names-hash-max-size`` - Sets the value of the `server_names_hash_max_size `_ directive. - ``1024`` - - + - * - ``resolver-addresses`` - Sets the value of the `resolver `_ addresses. Note: If you use a DNS name (ex., ``kube-dns.kube-system.svc.cluster.local``\ ) as a resolver address, NGINX Plus will resolve it using the system resolver during the start and on every configuration reload. As a consequence, If the name cannot be resolved or the DNS server doesn't respond, NGINX Plus will fail to start or reload. To avoid this, consider using only IP addresses as resolver addresses. Supported in NGINX Plus only. - N/A - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``resolver-ipv6`` - Enables IPv6 resolution in the resolver. Supported in NGINX Plus only. - ``True`` - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``resolver-valid`` - Sets the time NGINX caches the resolved DNS records. Supported in NGINX Plus only. - TTL value of a DNS record - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``resolver-timeout`` - Sets the `resolver_timeout `_ for name resolution. Supported in NGINX Plus only. - ``30s`` - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``keepalive-timeout`` - Sets the value of the `keepalive_timeout `_ directive. - ``65s`` - - + - * - ``keepalive-requests`` - Sets the value of the `keepalive_requests `_ directive. - ``100`` - - + - * - ``variables-hash-bucket-size`` - Sets the value of the `variables_hash_bucket_size `_ directive. - ``256`` - - + - * - ``variables-hash-max-size`` - Sets the value of the `variables-hash-max-size `_ directive. - ``1024`` - - + - ``` ### Logging @@ -197,31 +197,31 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``error-log-level`` - Sets the global `error log level `_ for NGINX. - ``notice`` - - + - * - ``access-log-off`` - Disables the `access log `_. - ``False`` - - + - * - ``default-server-access-log-off`` - Disables the `access log `_ for the default server. If access log is disabled globally (``access-log-off: "True"``), then the default server access log is always disabled. - ``False`` - - + - * - ``log-format`` - Sets the custom `log format `_ for HTTP and HTTPS traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. - - See the `template file `_ for the access log. - - `Custom Log Format `_. + - See the `template file `_ for the access log. + - `Custom Log Format `_. * - ``log-format-escaping`` - Sets the characters escaping for the variables of the log format. Supported values: ``json`` (JSON escaping), ``default`` (the default escaping) ``none`` (disables escaping). - ``default`` - * - ``stream-log-format`` - Sets the custom `log format `_ for TCP, UDP, and TLS Passthrough traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. - - See the `template file `_. - - + - See the `template file `_. + - * - ``stream-log-format-escaping`` - Sets the characters escaping for the variables of the stream log format. Supported values: ``json`` (JSON escaping), ``default`` (the default escaping) ``none`` (disables escaping). - ``default`` - - + - ``` ### Request URI/Header Manipulation @@ -237,11 +237,11 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``proxy-hide-headers`` - Sets the value of one or more `proxy_hide_header `_ directives. Example: ``"nginx.org/proxy-hide-headers": "header-a,header-b"`` - N/A - - + - * - ``proxy-pass-headers`` - Sets the value of one or more `proxy_pass_header `_ directives. Example: ``"nginx.org/proxy-pass-headers": "header-a,header-b"`` - N/A - - + - ``` ### Auth and SSL/TLS @@ -257,43 +257,43 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``redirect-to-https`` - Sets the 301 redirect rule based on the value of the ``http_x_forwarded_proto`` header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress controller — see `115 `_ - ``False`` - - + - * - ``ssl-redirect`` - Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. - ``True`` - - + - * - ``hsts`` - Enables `HTTP Strict Transport Security (HSTS) `_\ : the HSTS header is added to the responses from backends. The ``preload`` directive is included in the header. - ``False`` - - + - * - ``hsts-max-age`` - Sets the value of the ``max-age`` directive of the HSTS header. - ``2592000`` (1 month) - - + - * - ``hsts-include-subdomains`` - Adds the ``includeSubDomains`` directive to the HSTS header. - ``False`` - - + - * - ``hsts-behind-proxy`` - Enables HSTS based on the value of the ``http_x_forwarded_proto`` request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the ``nginx.org/redirect-to-https`` annotation. - ``False`` - - + - * - ``ssl-protocols`` - Sets the value of the `ssl_protocols `_ directive. - ``TLSv1 TLSv1.1 TLSv1.2`` - - + - * - ``ssl-prefer-server-ciphers`` - Enables or disables the `ssl_prefer_server_ciphers `_ directive. - ``False`` - - + - * - ``ssl-ciphers`` - Sets the value of the `ssl_ciphers `_ directive. - ``HIGH:!aNULL:!MD5`` - - + - * - ``ssl-dhparam-file`` - Sets the content of the dhparam file. The controller will create the file and set the value of the `ssl_dhparam `_ directive with the path of the file. - N/A - - + - ``` ### Listeners @@ -309,11 +309,11 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``http2`` - Enables HTTP/2 in servers with SSL enabled. - ``False`` - - + - * - ``proxy-protocol`` - Enables PROXY Protocol for incoming connections. - ``False`` - - `Proxy Protocol `_. + - `Proxy Protocol `_. ``` ### Backend Services (Upstreams) @@ -329,23 +329,23 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``lb-method`` - Sets the `load balancing method `_. To use the round-robin method, specify ``"round_robin"``. - ``"random two least_conn"`` - - + - * - ``max-fails`` - Sets the value of the `max_fails `_ parameter of the ``server`` directive. - ``1`` - - + - * - ``upstream-zone-size`` - Sets the size of the shared memory `zone `_ for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. - ``256K`` - - + - * - ``fail-timeout`` - Sets the value of the `fail_timeout `_ parameter of the ``server`` directive. - ``10s`` - - + - * - ``keepalive`` - Sets the value of the `keepalive `_ directive. Note that ``proxy_set_header Connection "";`` is added to the generated configuration when the value > 0. - ``0`` - - + - ``` ### Snippets and Custom Templates @@ -361,23 +361,23 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``main-snippets`` - Sets a custom snippet in main context. - N/A - - + - * - ``http-snippets`` - Sets a custom snippet in http context. - N/A - - + - * - ``location-snippets`` - Sets a custom snippet in location context. - N/A - - + - * - ``server-snippets`` - Sets a custom snippet in server context. - N/A - - + - * - ``stream-snippets`` - Sets a custom snippet in stream context. - N/A - - `Support for TCP/UDP Load Balancing `_. + - `Support for TCP/UDP Load Balancing `_. * - ``main-template`` - Sets the main NGINX configuration template. - By default the template is read from the file in the container. @@ -405,29 +405,29 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``opentracing`` - Enables `OpenTracing `_ globally (for all Ingress, VirtualServer and VirtualServerRoute resources). Note: requires the Ingress Controller image with OpenTracing module and a tracer. See the `docs `_ for more information. - ``False`` - - + - * - ``opentracing-tracer`` - Sets the path to the vendor tracer binary plugin. - N/A - - + - * - ``opentracing-tracer-config`` - Sets the tracer configuration in JSON format. - N/A - - + - * - ``app-protect-cookie-seed`` - Sets the ``app_protect_cookie_seed`` `global directive `_. - Random automatically generated string - - + - * - ``app-protect-failure-mode-action`` - Sets the ``app_protect_failure_mode_action`` `global directive `_. - ``pass`` - - + - * - ``app-protect-cpu-thresholds`` - Sets the ``app_protect_cpu_thresholds`` `global directive `_. - ``high=100 low=100`` - - + - * - ``app-protect-physical-memory-util-thresholds`` - Sets the ``app_protect_physical_memory_util_thresholds`` `global directive `_. - ``high=100 low=100`` - - + - ``` diff --git a/docs-web/configuration/global-configuration/custom-templates.md b/docs-web/configuration/global-configuration/custom-templates.md index 6ab8cdcb0a..d891d37634 100644 --- a/docs-web/configuration/global-configuration/custom-templates.md +++ b/docs-web/configuration/global-configuration/custom-templates.md @@ -1,3 +1,3 @@ # Custom Templates -The Ingress Controller uses templates to generate NGINX configuration for Ingress resources, VirtualServer resources and the main NGINX configuration file. You can customize the templates and apply them via the ConfigMap. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/custom-templates). +The Ingress Controller uses templates to generate NGINX configuration for Ingress resources, VirtualServer resources and the main NGINX configuration file. You can customize the templates and apply them via the ConfigMap. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples/custom-templates). diff --git a/docs-web/configuration/global-configuration/globalconfiguration-resource.md b/docs-web/configuration/global-configuration/globalconfiguration-resource.md index 883a9bc0c9..cd55b37a39 100644 --- a/docs-web/configuration/global-configuration/globalconfiguration-resource.md +++ b/docs-web/configuration/global-configuration/globalconfiguration-resource.md @@ -2,7 +2,7 @@ The GlobalConfiguration resource allows you to define the global configuration parameters of the Ingress Controller. The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -In Release 1.9, the resource supports configuring listeners for TCP and UDP load balancing. Listeners are required by [TransportServer resources](/nginx-ingress-controller/configuration/transportserver-resource). +The resource supports configuring listeners for TCP and UDP load balancing. Listeners are required by [TransportServer resources](/nginx-ingress-controller/configuration/transportserver-resource). > **Feature Status**: The GlobalConfiguration resource is available as a preview feature: it is suitable for experimenting and testing; however, it must be used with caution in production environments. Additionally, while the feature is in preview, we might introduce some backward-incompatible changes to the resource specification in the next releases. diff --git a/docs-web/configuration/handling-host-and-listener-collisions.md b/docs-web/configuration/handling-host-and-listener-collisions.md index c2e86b465c..ff627382d3 100644 --- a/docs-web/configuration/handling-host-and-listener-collisions.md +++ b/docs-web/configuration/handling-host-and-listener-collisions.md @@ -72,7 +72,7 @@ Similarly, if `cafe-ingress` was created first, it will win `cafe.example.com` a It is possible to merge configuration for multiple Ingress resources for the same host. One common use case for this approach is distributing resources across multiple namespaces. See the [Cross-namespace Configuration](/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration/) doc for more information. -It is *not* possible to merge the configurations for multiple VirtualServer resources for the same host. However, you can split the VirtualServers into multiple VirtualServerRoute resources, which a single VirtualServer can then reference. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples-of-custom-resources/cross-namespace-configuration) on GitHub. +It is *not* possible to merge the configurations for multiple VirtualServer resources for the same host. However, you can split the VirtualServers into multiple VirtualServerRoute resources, which a single VirtualServer can then reference. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples-of-custom-resources/cross-namespace-configuration) on GitHub. It is *not* possible to merge configuration for multiple TransportServer resources. diff --git a/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md b/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md index fe0a71cd83..3f72c0a108 100644 --- a/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md +++ b/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md @@ -190,7 +190,7 @@ The table below summarizes the available annotations. - N/A - Configures URI rewriting. - N/A - - `Rewrites Support `_. + - `Rewrites Support `_. ``` ### Auth and SSL/TLS @@ -238,22 +238,22 @@ The table below summarizes the available annotations. - N/A - Specifies a Secret resource with keys for validating JSON Web Tokens (JWTs). - N/A - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. * - ``nginx.com/jwt-realm`` - N/A - Specifies a realm. - N/A - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. * - ``nginx.com/jwt-token`` - N/A - Specifies a variable that contains JSON Web Token. - By default, a JWT is expected in the ``Authorization`` header as a Bearer Token. - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. * - ``nginx.com/jwt-login-url`` - N/A - Specifies a URL to which a client is redirected in case of an invalid or missing JWT. - N/A - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. ``` ### Listeners @@ -299,17 +299,17 @@ The table below summarizes the available annotations. - N/A - Enables HTTPS or gRPC over SSL when connecting to the endpoints of services. - N/A - - `SSL Services Support `_. + - `SSL Services Support `_. * - ``nginx.org/grpc-services`` - N/A - Enables gRPC for services. Note: requires HTTP/2 (see ``http2`` ConfigMap key); only works for Ingresses with TLS termination enabled. - N/A - - `GRPC Services Support `_. + - `GRPC Services Support `_. * - ``nginx.org/websocket-services`` - N/A - Enables WebSocket for services. - N/A - - `WebSocket support `_. + - `WebSocket support `_. * - ``nginx.org/max-fails`` - ``max-fails`` - Sets the value of the `max_fails `_ parameter of the ``server`` directive. @@ -334,7 +334,7 @@ The table below summarizes the available annotations. - N/A - Configures session persistence. - N/A - - `Session Persistence `_. + - `Session Persistence `_. * - ``nginx.org/keepalive`` - ``keepalive`` - Sets the value of the `keepalive `_ directive. Note that ``proxy_set_header Connection "";`` is added to the generated configuration when the value > 0. @@ -344,20 +344,20 @@ The table below summarizes the available annotations. - N/A - Enables active health checks. - ``False`` - - `Support for Active Health Checks `_. + - `Support for Active Health Checks `_. * - ``nginx.com/health-checks-mandatory`` - N/A - Configures active health checks as mandatory. - ``False`` - - `Support for Active Health Checks `_. + - `Support for Active Health Checks `_. * - ``nginx.com/health-checks-mandatory-queue`` - N/A - When active health checks are mandatory, configures a queue for temporary storing incoming requests during the time when NGINX Plus is checking the health of the endpoints after a configuration reload. - ``0`` - - `Support for Active Health Checks `_. + - `Support for Active Health Checks `_. * - ``nginx.com/slow-start`` - N/A - - Sets the upstream server `slow-start period `_. By default, slow-start is activated after a server becomes `available `_ or `healthy `_. To enable slow-start for newly added servers, configure `mandatory active health checks `_. + - Sets the upstream server `slow-start period `_. By default, slow-start is activated after a server becomes `available `_ or `healthy `_. To enable slow-start for newly added servers, configure `mandatory active health checks `_. - ``"0s"`` - ``` @@ -402,25 +402,25 @@ The table below summarizes the available annotations. - N/A - The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable`` is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. - N/A - - `Example for App Protect `_. + - `Example for App Protect `_. * - ``appprotect.f5.com/app-protect-enable`` - N/A - Enable App Protect for the Ingress Resource. - ``False`` - - `Example for App Protect `_. + - `Example for App Protect `_. * - ``appprotect.f5.com/app-protect-security-log-enable`` - N/A - Enable the `security log `_ for App Protect. - ``False`` - - `Example for App Protect `_. + - `Example for App Protect `_. * - ``appprotect.f5.com/app-protect-security-log`` - N/A - The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the default is used which is: filter: ``illegal``, format: ``default`` - N/A - - `Example for App Protect `_. + - `Example for App Protect `_. * - ``appprotect.f5.com/app-protect-security-log-destination`` - N/A - The destination of the security log. For more information check the `DESTINATION argument `_. - ``syslog:server=localhost:514`` - - `Example for App Protect `_. + - `Example for App Protect `_. ``` diff --git a/docs-web/configuration/ingress-resources/basic-configuration.md b/docs-web/configuration/ingress-resources/basic-configuration.md index 8f36b6362d..1620f61442 100644 --- a/docs-web/configuration/ingress-resources/basic-configuration.md +++ b/docs-web/configuration/ingress-resources/basic-configuration.md @@ -36,7 +36,7 @@ Here is a breakdown of what this Ingress resource definition means: * The rule with the path `/coffee` instructs NGINX to distribute the requests with the `/coffee` URI among the pods of the *coffee* service, which is deployed with the name `coffee‑svc` in the cluster. * Both rules instruct NGINX to distribute the requests to `port 80` of the corresponding service (the `servicePort` field). -> For complete instructions on deploying the Ingress and Secret resources in the cluster, see the [complete-example](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/complete-example) in our GitHub repo. +> For complete instructions on deploying the Ingress and Secret resources in the cluster, see the [complete-example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples/complete-example) in our GitHub repo. > To learn more about the Ingress resource, see the [Ingress resource documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) in the Kubernetes docs. diff --git a/docs-web/configuration/ingress-resources/cross-namespace-configuration.md b/docs-web/configuration/ingress-resources/cross-namespace-configuration.md index e21e3647bf..20176c2110 100644 --- a/docs-web/configuration/ingress-resources/cross-namespace-configuration.md +++ b/docs-web/configuration/ingress-resources/cross-namespace-configuration.md @@ -1,5 +1,5 @@ # Cross-namespace Configuration -You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the *same* or *different* namespaces. This enables easier management when using a large number of paths. See the [Mergeable Ingress Resources](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/mergeable-ingress-types) example on our GitHub. +You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the *same* or *different* namespaces. This enables easier management when using a large number of paths. See the [Mergeable Ingress Resources](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples/mergeable-ingress-types) example on our GitHub. -As an alternative to Mergeable Ingress resources, you can use [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) for cross-namespace configuration. See the [Cross-Namespace Configuration](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples-of-custom-resources/cross-namespace-configuration) example on our GitHub. +As an alternative to Mergeable Ingress resources, you can use [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) for cross-namespace configuration. See the [Cross-Namespace Configuration](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples-of-custom-resources/cross-namespace-configuration) example on our GitHub. diff --git a/docs-web/configuration/ingress-resources/custom-annotations.md b/docs-web/configuration/ingress-resources/custom-annotations.md index 480283429c..777cffd74b 100644 --- a/docs-web/configuration/ingress-resources/custom-annotations.md +++ b/docs-web/configuration/ingress-resources/custom-annotations.md @@ -12,7 +12,7 @@ Custom annotations allow you to add an annotation for an NGINX feature that is n ## Usage -The Ingress Controller generates NGINX configuration for Ingress resources by executing a configuration template. See [NGINX template](https://github.com/nginxinc/kubernetes-ingress/blob/master/internal/configs/version1/nginx.ingress.tmpl) or [NGINX Plus template](https://github.com/nginxinc/kubernetes-ingress/blob/master/internal/configs/version1/nginx-plus.ingress.tmpl). +The Ingress Controller generates NGINX configuration for Ingress resources by executing a configuration template. See [NGINX template](https://github.com/nginxinc/kubernetes-ingress/blob/v1.11.0/internal/configs/version1/nginx.ingress.tmpl) or [NGINX Plus template](https://github.com/nginxinc/kubernetes-ingress/blob/v1.11.0/internal/configs/version1/nginx-plus.ingress.tmpl). To support custom annotations, the template has access to the information about the Ingress resource - its *name*, *namespace* and *annotations*. It is possible to check if a particular annotation present in the Ingress resource and conditionally insert NGINX configuration directives at multiple NGINX contexts - `http`, `server`, `location` or `upstream`. Additionally, you can get the value that is set to the annotation. @@ -132,4 +132,4 @@ deny all; ## Example -See the [custom annotations example](https://github.com/nginxinc/kubernetes-ingress/blob/master/examples/custom-annotations). +See the [custom annotations example](https://github.com/nginxinc/kubernetes-ingress/blob/v1.11.0/examples/custom-annotations). diff --git a/docs-web/configuration/policy-resource.md b/docs-web/configuration/policy-resource.md index 2f54e5ad22..6fc9bb4547 100644 --- a/docs-web/configuration/policy-resource.md +++ b/docs-web/configuration/policy-resource.md @@ -4,7 +4,7 @@ The Policy resource allows you to configure features like access control and rat The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the Policy resource. An example of a Policy for access control is available in our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/master/examples-of-custom-resources/access-control). +This document is the reference documentation for the Policy resource. An example of a Policy for access control is available in our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/v1.11.0/examples-of-custom-resources/access-control). ## Contents @@ -450,7 +450,7 @@ NGINX Plus will pass the ID of an authenticated user to the backend in the HTTP #### Prerequisites -For the OIDC feature to work, it is necessary to enable [zone synchronization](https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync/), otherwise NGINX Plus will fail to reload. Additionally, it is necessary to configure a resolver, so that NGINX Plus can resolve the IDP authorization endpoint. For an example of the necessary configuration see the documentation [here](https://github.com/nginxinc/kubernetes-ingress/blob/master/examples-of-custom-resources/oidc#step-7---configure-nginx-plus-zone-synchronization-and-resolver). +For the OIDC feature to work, it is necessary to enable [zone synchronization](https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync/), otherwise NGINX Plus will fail to reload. Additionally, it is necessary to configure a resolver, so that NGINX Plus can resolve the IDP authorization endpoint. For an example of the necessary configuration see the documentation [here](https://github.com/nginxinc/kubernetes-ingress/blob/v1.11.0/examples-of-custom-resources/oidc#step-7---configure-nginx-plus-zone-synchronization-and-resolver). > **Note**: The configuration in the example doesn't enable TLS and the synchronization between the replica happens in clear text. This could lead to the exposure of tokens. diff --git a/docs-web/configuration/transportserver-resource.md b/docs-web/configuration/transportserver-resource.md index 9072cb0ed7..526cd3fb76 100644 --- a/docs-web/configuration/transportserver-resource.md +++ b/docs-web/configuration/transportserver-resource.md @@ -2,7 +2,7 @@ The TransportServer resource allows you to configure TCP, UDP, and TLS Passthrough load balancing. The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the TransportServer resource. To see additional examples of using the resource for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/master/examples-of-custom-resources) folder in our GitHub repo. +This document is the reference documentation for the TransportServer resource. To see additional examples of using the resource for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/v1.11.0/examples-of-custom-resources) folder in our GitHub repo. > **Feature Status**: The TransportServer resource is available as a preview feature: it is suitable for experimenting and testing; however, it must be used with caution in production environments. Additionally, while the feature is in preview, we might introduce some backward-incompatible changes to the resource specification in the next releases. @@ -473,4 +473,4 @@ The [ConfigMap](/nginx-ingress-controller/configuration/global-configuration/con ## Limitations The TransportServer resource is a preview feature. Currently, it comes with the following limitation: -* When using TLS Passthrough, it is not possible to configure [Proxy Protocol](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/proxy-protocol) for port 443 both for regular HTTPS and TLS Passthrough traffic. \ No newline at end of file +* When using TLS Passthrough, it is not possible to configure [Proxy Protocol](https://github.com/nginxinc/kubernetes-ingress/tree/v1.11.0/examples/proxy-protocol) for port 443 both for regular HTTPS and TLS Passthrough traffic. \ No newline at end of file diff --git a/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md b/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md index d38a82f216..23f6b9f811 100644 --- a/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md +++ b/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md @@ -2,7 +2,7 @@ The VirtualServer and VirtualServerRoute resources are new load balancing configuration, introduced in release 1.5 as an alternative to the Ingress resource. The resources enable use cases not supported with the Ingress resource, such as traffic splitting and advanced content-based routing. The resources are implemented as [Custom Resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the resources. To see additional examples of using the resources for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/master/examples-of-custom-resources) folder in our GitHub repo. +This document is the reference documentation for the resources. To see additional examples of using the resources for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/v1.11.0/examples-of-custom-resources) folder in our GitHub repo. ## Contents @@ -420,7 +420,7 @@ tls: - ``string`` - Yes * - ``service`` - - The name of a `service `_. The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. For NGINX Plus only, services of type `ExternalName `_ are also supported (check the `prerequisites `_\ ). + - The name of a `service `_. The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. For NGINX Plus only, services of type `ExternalName `_ are also supported (check the `prerequisites `_\ ). - ``string`` - Yes * - ``subselector`` @@ -922,7 +922,7 @@ proxy: - `action.Proxy.ResponseHeaders <#action-proxy-responseheaders>`_ - No * - ``rewritePath`` - - The rewritten URI. If the route path is a regular expression (starts with ~), the rewritePath can include capture groups with ``$1-9``. For example `$1` for the first group, and so on. For more information, check the `rewrite `_ example. + - The rewritten URI. If the route path is a regular expression (starts with ~), the rewritePath can include capture groups with ``$1-9``. For example `$1` for the first group, and so on. For more information, check the `rewrite `_ example. - ``string`` - No ``` diff --git a/docs-web/index.rst b/docs-web/index.rst index fd1143d2df..305eb6997e 100644 --- a/docs-web/index.rst +++ b/docs-web/index.rst @@ -15,7 +15,6 @@ Request your `free 30-day trial diff --git a/docs-web/installation/building-ingress-controller-image.md b/docs-web/installation/building-ingress-controller-image.md index 66edc5f1ce..85d2ef902b 100644 --- a/docs-web/installation/building-ingress-controller-image.md +++ b/docs-web/installation/building-ingress-controller-image.md @@ -26,6 +26,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c 1. Clone the Ingress Controller repo: ``` $ git clone https://github.com/nginxinc/kubernetes-ingress/ + $ git checkout v1.11.0 ``` 1. Build the image: @@ -39,7 +40,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c ``` `myregistry.example.com/nginx-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - As a result, the image **myregistry.example.com/nginx-ingress:edge** is built. Note that the tag `edge` comes from the `VERSION` variable, defined in the Makefile. + As a result, the image **myregistry.example.com/nginx-ingress:1.11.0** is built. Note that the tag `1.11.0` comes from the `VERSION` variable, defined in the Makefile. * For **NGINX Plus**, first, make sure that the certificate (`nginx-repo.crt`) and the key (`nginx-repo.key`) of your license are located in the root of the project: ``` @@ -52,7 +53,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c ``` `myregistry.example.com/nginx-plus-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - As a result, the image **myregistry.example.com/nginx-plus-ingress:edge** is built. Note that the tag `edge` comes from the `VERSION` variable, defined in the Makefile. + As a result, the image **myregistry.example.com/nginx-plus-ingress:1.11.0** is built. Note that the tag `1.11.0` comes from the `VERSION` variable, defined in the Makefile. 1. Push the image: ``` diff --git a/docs-web/installation/installation-with-helm.md b/docs-web/installation/installation-with-helm.md index c626bc2d33..db29d28ae5 100644 --- a/docs-web/installation/installation-with-helm.md +++ b/docs-web/installation/installation-with-helm.md @@ -22,6 +22,7 @@ This step is required if you're installing the chart using its sources. Addition 2. Change your working directory to /deployments/helm-chart: ```console $ cd kubernetes-ingress/deployments/helm-chart + $ git checkout v1.11.0 ``` ## Adding the Helm Repository @@ -29,7 +30,7 @@ This step is required if you're installing the chart using its sources. Addition This step is required if you're installing the chart via the helm repository. ```console -$ helm repo add nginx-edge https://helm.nginx.com/edge +$ helm repo add nginx-stable https://helm.nginx.com/stable $ helm repo update ``` @@ -47,12 +48,12 @@ To install the chart with the release name my-release (my-release is the name th For NGINX: ```console -$ helm install my-release nginx-edge/nginx-ingress --devel +$ helm install my-release nginx-stable/nginx-ingress ``` For NGINX Plus: (assuming you have pushed the Ingress controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) ```console -$ helm install my-release nginx-edge/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true --devel +$ helm install my-release nginx-stable/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true ``` ### Installing Using Chart Sources @@ -98,7 +99,7 @@ $ helm upgrade my-release . #### Upgrade via Helm Repository: ```console -$ helm upgrade my-release nginx-edge/nginx-ingress +$ helm upgrade my-release nginx-stable/nginx-ingress ``` ## Uninstalling the Chart @@ -150,7 +151,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont - false * - ``controller.nginxReloadTimeout`` - The timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. The default is 4000 (or 20000 if `controller.appprotect.enable` is true). If set to 0, the default value will be used. - - 0 + - 0 * - ``controller.appprotect.enable`` - Enables the App Protect module in the Ingress Controller. - false @@ -168,7 +169,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont - nginx/nginx-ingress * - ``controller.image.tag`` - The tag of the Ingress controller image. - - edge + - 1.11.0 * - ``controller.image.pullPolicy`` - The pull policy for the Ingress controller image. - IfNotPresent @@ -176,7 +177,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont - The name of the ConfigMap used by the Ingress controller. - Autogenerated * - ``controller.config.entries`` - - The entries of the ConfigMap for customizing NGINX configuration. See `ConfigMap resource docs `_ for the list of supported ConfigMap keys. + - The entries of the ConfigMap for customizing NGINX configuration. See `ConfigMap resource docs `_ for the list of supported ConfigMap keys. - {} * - ``controller.customPorts`` - A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports. diff --git a/docs-web/installation/installation-with-manifests.md b/docs-web/installation/installation-with-manifests.md index b10ecbc42c..1f3c4aced5 100644 --- a/docs-web/installation/installation-with-manifests.md +++ b/docs-web/installation/installation-with-manifests.md @@ -11,6 +11,7 @@ This document describes how to install the NGINX Ingress Controller in your Kube ``` $ git clone https://github.com/nginxinc/kubernetes-ingress/ $ cd kubernetes-ingress/deployments + $ git checkout v1.11.0 ``` ## 1. Configure RBAC diff --git a/docs-web/installation/installation-with-operator.md b/docs-web/installation/installation-with-operator.md index a2f2070ded..f7bca46c29 100644 --- a/docs-web/installation/installation-with-operator.md +++ b/docs-web/installation/installation-with-operator.md @@ -2,6 +2,8 @@ This document describes how to install the NGINX Ingress Controller in your Kubernetes cluster using the NGINX Ingress Operator. +**Note: an NGINX Ingress Operator version compatible with the 1.11.0 NGINX Ingress Controller release is not available yet. We will update this document and remove this note once we publish a compatible Operator version.* + ## Prerequisites 1. Make sure you have access to the Ingress Controller image: @@ -23,7 +25,7 @@ spec: type: deployment image: repository: nginx/nginx-ingress - tag: edge + tag: 1.11.0 pullPolicy: Always serviceType: NodePort nginxPlus: False @@ -39,4 +41,4 @@ $ kubectl apply -f nginx-ingress-controller.yaml A new instance of the NGINX Ingress Controller will be deployed by the NGINX Ingress Operator in the `default` namespace with default parameters. -To configure other parameters of the NginxIngressController resource, check the [documentation](https://github.com/nginxinc/nginx-ingress-operator/blob/master/docs/nginx-ingress-controller.md). \ No newline at end of file +To configure other parameters of the NginxIngressController resource, check the [documentation](https://github.com/nginxinc/nginx-ingress-operator/blob/master/docs/nginx-ingress-controller.md). diff --git a/docs-web/integration-with-cis.md b/docs-web/integration-with-cis.md deleted file mode 100644 index 7ad9a37481..0000000000 --- a/docs-web/integration-with-cis.md +++ /dev/null @@ -1,114 +0,0 @@ -# Integration with F5 Container Ingress Services - -The integration with [F5 Container Ingress Services](https://clouddocs.f5.com/containers/v2/) (CIS) configures an F5 BIG-IP device as a load balancer for NGINX Ingress Controller pods. - -> **Feature Status**: The integration with F5 CIS is available as a preview feature: it is suitable for experimenting and testing; however, it must be used with caution in production environments. Additionally, while the feature is in preview, we might introduce some backward-incompatible changes in the next releases. - -## Prerequisites - -To enable the integration, the F5 CIS must be deployed in the cluster and configured to support the integration. Follow the instructions on the [CIS documentation portal](#link-to-be-added-later). - -## Configuration - -### 1. Install the Ingress Controller with the Integration Enabled - -This step depends on how you install the Ingress Controller: using [Manifests](/nginx-ingress-controller/installation/installation-with-manifests) or the [Helm chart](/nginx-ingress-controller/installation/installation-with-helm). - -#### Manifests Installation - -1. Create a service for the Ingress Controller pods for ports 80 and 443. For example: - ```yaml - apiVersion: v1 - kind: Service - metadata: - name: nginx-ingress-ingresslink - namespace: nginx-ingress - labels: - app: ingresslink - spec: - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - - port: 443 - targetPort: 443 - protocol: TCP - name: https - selector: - app: nginx-ingress - ``` - Note the label `app: ingresslink`. We will use it in the Step 2. -1. In the [ConfigMap](/nginx-ingress-controller/configuration/global-configuration/configmap-resource), enable the PROXY protocol, which the BIG-IP system will use to pass the client IP and port information to NGINX. For the `set-real-ip-from` key, use the subnet of the IP, which the BIG-IP system uses to send traffic to NGINX: - ```yaml - proxy-protocol: "True" - real-ip-header: "proxy_protocol" - set-real-ip-from: "0.0.0.0/0" - ``` -1. Deploy the Ingress Controller with additional [command-line arguments](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments): - ```yaml - args: - - -ingresslink=nginx-ingress - - -report-ingress-status - . . . - ``` - where `ingresslink` references the name of the IngressLink resource from Step 2, and `report-ingress-status` enables [reporting Ingress statuses](/nginx-ingress-controller/configuration/global-configuration/reporting-resources-status#ingress-resources). - -#### Helm Installation - -Install a helm release with the following values that replicate the Manifest installation above: -```yaml -controller: - config: - entries: - proxy-protocol: "True" - real-ip-header: "proxy_protocol" - set-real-ip-from: "0.0.0.0/0" - reportIngressStatus: - ingressLink: nginx-ingress - service: - type: ClusterIP - externalTrafficPolicy: Cluster - extraLabels: - app: ingresslink -``` -We will use the values for the parameters `ingressLink` and `extraLabels` in Step 2. For the `set-real-ip-from` key, use the subnet of the IP, which the BIG-IP system uses to send traffic to NGINX. - -### 2. Create an IngressLink Resource - -To configure the BIG-IP device to load balance among the Ingress Controller pods, create an IngressLink resource. For example, the following resource will expose the Ingress Controller pods via `192.168.10.5`: -```yaml -apiVersion: "cis.f5.com/v1" -kind: IngressLink -metadata: - name: nginx-ingress - namespace: nginx-ingress -spec: - virtualServerAddress: "192.168.10.5" - iRules: - - /Common/Proxy_Protocol_iRule - selector: - matchLabels: - app: ingresslink -``` - -The name of the resource and the labels in the selector must match the values you configured in Step 1. The resource must belong to the same namespace as the Ingress Controller pod. - -### 3. Test the Integration - -Now the Ingress Controller pods are behind the IP configured in Step 2. - -If you deploy the [cafe example](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/complete-example), you will be able to send requests to the Ingress Controller pods using the following command: -``` -$ curl --resolve cafe.example.com:192.168.10.5:443 https://cafe.example.com:443/coffee --insecure -Server address: 10.12.0.18:80 -Server name: coffee-7586895968-r26zn -... -``` - -Also, if you check the status of the cafe-ingress, you will see the IP of the BIG-IP system: -``` -$ kubectl get ing cafe-ingress -NAME HOSTS ADDRESS PORTS AGE -cafe-ingress cafe.example.com 192.168.10.5 80, 443 115s -``` \ No newline at end of file diff --git a/docs-web/releases.md b/docs-web/releases.md index b5bfc8fa0d..71bd3018c2 100644 --- a/docs-web/releases.md +++ b/docs-web/releases.md @@ -1,5 +1,84 @@ # Releases +## NGINX Ingress Controller 1.11.0 + +31 March 2021 + +OVERVIEW: + +Release 1.11.0 includes: +* Native NGINX Ingress Controller App Protect (WAF) policy +* TransportServer improvements in terms of reliability, added features and operational aspects +* Integration of NGINX Ingress Controller with Istio service mesh + +You will find the complete changelog for release 1.11.0, including bug fixes, improvements, and changes below. + +FEATURES: +* [1317](https://github.com/nginxinc/kubernetes-ingress/pull/1317) Add status field to Policy resource. +* [1449](https://github.com/nginxinc/kubernetes-ingress/pull/1449) Add support for ClusterIP in upstreams in VirtualServers/VirtualServerRoutes. +* [1413](https://github.com/nginxinc/kubernetes-ingress/pull/1413) Add serverSnippets to TransportServer. +* [1425](https://github.com/nginxinc/kubernetes-ingress/pull/1425) Add status field to TransportServer resource. +* [1384](https://github.com/nginxinc/kubernetes-ingress/pull/1384) Add active health checks to TransportServer. +* [1382](https://github.com/nginxinc/kubernetes-ingress/pull/1382) Add passive health checks to TransportServer. +* [1346](https://github.com/nginxinc/kubernetes-ingress/pull/1346) Add configurable timeouts to TransportServer. +* [1297](https://github.com/nginxinc/kubernetes-ingress/pull/1297) Support custom return in the default server. Thanks to [030](https://github.com/030). + +FEATURES FOR NGINX APP PROTECT: +* [1378](https://github.com/nginxinc/kubernetes-ingress/pull/1378) Add WAF Policy. + +IMPROVEMENTS: +* [1420](https://github.com/nginxinc/kubernetes-ingress/pull/1420) Support IngressClassName in TransportServer. +* [1415](https://github.com/nginxinc/kubernetes-ingress/pull/1415) Handle host and listener collisions for TransportServer resource. +* [1322](https://github.com/nginxinc/kubernetes-ingress/pull/1322) Improve VirtualServer/VirtualServerRoute warnings for Policies. +* [1288](https://github.com/nginxinc/kubernetes-ingress/pull/1288) Add stricter validation for some ingress annotations. +* [1241](https://github.com/nginxinc/kubernetes-ingress/pull/1241) Refactor Dockerfile and Makefile. +* Documentation improvements: [1320](https://github.com/nginxinc/kubernetes-ingress/pull/1320), [1326](https://github.com/nginxinc/kubernetes-ingress/pull/1326), and [1377](https://github.com/nginxinc/kubernetes-ingress/pull/1377). + +FIXES: +* [1457](https://github.com/nginxinc/kubernetes-ingress/pull/1457) Wait for caches to sync when the Ingress Controller starts. +* [1444](https://github.com/nginxinc/kubernetes-ingress/pull/1444) Fix setting host header in action proxy in VirtualServer/VirtualServerRoute. +* [1396](https://github.com/nginxinc/kubernetes-ingress/pull/1396) Fix reload timeout calculation for verifying NGINX reloads. + +HELM CHART: +* The version of the helm chart is now 0.9.0. + +CHANGES: +* [1455](https://github.com/nginxinc/kubernetes-ingress/pull/1455) Update NGINX version to 1.19.8. +* [1428](https://github.com/nginxinc/kubernetes-ingress/pull/1428) Update Nginx App Protect version to 3.0. **Note**: [The Advanced gRPC Protection for Unary Traffic](/nginx-app-protect/configuration/#advanced-grpc-protection-for-unary-traffic) is not currently supported. + +KNOWN ISSUES: +* [1448](https://github.com/nginxinc/kubernetes-ingress/issues/1448) When an Ingress Controller pod starts, it can report warnings about missing secrets for Ingress and other resources that reference secrets. Those warnings are intermittent - once the Ingress Controller fully processes the resources of the cluster, it will clear the warnings. Only after that, the Ingress Controller will become ready to accept client traffic - its readiness probe will succeed. + +UPGRADE: +* For NGINX, use the 1.11.0 image from our DockerHub: `nginx/nginx-ingress:1.11.0`, `nginx/nginx-ingress:1.11.0-alpine` or `nginx-ingress:1.11.0-ubi` +* For NGINX Plus, please build your own image using the 1.11.0 source code. +* For Helm, use version 0.9.0 of the chart. +* [1241](https://github.com/nginxinc/kubernetes-ingress/pull/1241) improved the Makefile. As a result, the commands for building the Ingress Controller image were changed. See the updated commands [here](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/#building-the-image-and-pushing-it-to-the-private-registry). +* [1241](https://github.com/nginxinc/kubernetes-ingress/pull/1241) also consolidated all Dockerfiles into a singe Dockerfile. If you customized any of the Dockerfiles, make sure to port the changes to the new Dockerfile. +* [1288](https://github.com/nginxinc/kubernetes-ingress/pull/1288) further improved validation of Ingress annotations. See this [document](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/#validation) to learn more about which annotations are validated. Note that the Ingress Controller will reject resources with invalid annotations, which means clients will see `404` responses from NGINX. Before upgrading, ensure the Ingress resources don't have annotations with invalid values. Otherwise, after the upgrade, the Ingress Controller will reject such resources. +* [1457](https://github.com/nginxinc/kubernetes-ingress/pull/1457) fixed the bug when an Ingress Controller pod could become ready before it generated the configuration for all relevant resources in the cluster. The fix also requires that the Ingress Controller can successfully list the relevant resources from the Kubernetes API. For example, if the `-enable-custom-resources` cli argument is `true` (which is the default), the VirtualServer, VirtualServerRoute, TransportServer, and Policy CRDs must be created in the cluster, so that the Ingress Controller can list them. This is similar to other custom resources -- see the list [here](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/#create-custom-resources). Thus, before upgrading, make sure that the CRDs are created in the cluster. Otherwise, the Ingress Controller pods will not become ready. + +SUPPORTED PLATFORMS: + +We will provide technical support for the NGINX Ingress Controller on any Kubernetes platform that is currently supported by its provider and which passes the Kubernetes conformance tests. This release was fully tested on the following Kubernetes versions: 1.16-1.20. + +## NGINX Ingress Controller 1.10.1 + +16 March 2021 + +CHANGES: +* Update NGINX version to 1.19.8. +* Add Kubernetes 1.20 support. +* [1373](https://github.com/nginxinc/kubernetes-ingress/pull/1373), [1439](https://github.com/nginxinc/kubernetes-ingress/pull/1439), [1440](https://github.com/nginxinc/kubernetes-ingress/pull/1440): Fix various issues in the Makefile. In 1.10.0, a bug was introduced that prevented building Ingress Controller images on versions of make < 4.1. + +HELM CHART: +* The version of the Helm chart is now 0.8.1. + +UPGRADE: +* For NGINX, use the 1.10.1 image from our DockerHub: `nginx/nginx-ingress:1.10.1`, `nginx/nginx-ingress:1.10.1-alpine` or `nginx/nginx-ingress:1.10.1-ubi` +* For NGINX Plus, please build your own image using the 1.10.1 source code. +* For Helm, use version 0.8.1 of the chart. + ## NGINX Ingress Controller 1.10.0 26 January 2021 @@ -206,16 +285,16 @@ UPGRADE: OVERVIEW: Release 1.8.0 includes: -* Support for NGINX App Protect Web Application Firewall. +* Support for NGINX App Protect Web Application Firewall. * Support for configuration snippets and custom template for VirtualServer and VirtualServerRoute resources. * Support for request/response header manipulation and request URI rewriting for VirtualServer/VirtualServerRoute. -* Introducing a new configuration resource - Policy - with the first policy for IP-based access control. +* Introducing a new configuration resource - Policy - with the first policy for IP-based access control. You will find the complete changelog for release 1.8.0, including bug fixes, improvements, and changes below. FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: * [1036](https://github.com/nginxinc/kubernetes-ingress/pull/1036): Add VirtualServer custom template support. -* [1028](https://github.com/nginxinc/kubernetes-ingress/pull/1028): Add access control policy. +* [1028](https://github.com/nginxinc/kubernetes-ingress/pull/1028): Add access control policy. * [1019](https://github.com/nginxinc/kubernetes-ingress/pull/1019): Add VirtualServer/VirtualServerRoute snippets support. * [1006](https://github.com/nginxinc/kubernetes-ingress/pull/1006): Add request/response modifiers to VS and VSR. * [994](https://github.com/nginxinc/kubernetes-ingress/pull/994): Support Class Field in VS/VSR. @@ -235,13 +314,13 @@ BUGFIXES: HELM CHART: * The version of the helm chart is now 0.6.0. -* Add new parameters to the Chart: `controller.appprotect.enable`, `controller.globalConfiguration.create`, `controller.globalConfiguration.spec`, `controller.readyStatus.enable`, `controller.readyStatus.port`, `controller.config.annotations`, `controller.reportIngressStatus.annotations`. Added in [1035](https://github.com/nginxinc/kubernetes-ingress/pull/1035), [1034](https://github.com/nginxinc/kubernetes-ingress/pull/1034), [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029), [1003](https://github.com/nginxinc/kubernetes-ingress/pull/1003) thanks to [RubyLangdon](https://github.com/RubyLangdon). +* Add new parameters to the Chart: `controller.appprotect.enable`, `controller.globalConfiguration.create`, `controller.globalConfiguration.spec`, `controller.readyStatus.enable`, `controller.readyStatus.port`, `controller.config.annotations`, `controller.reportIngressStatus.annotations`. Added in [1035](https://github.com/nginxinc/kubernetes-ingress/pull/1035), [1034](https://github.com/nginxinc/kubernetes-ingress/pull/1034), [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029), [1003](https://github.com/nginxinc/kubernetes-ingress/pull/1003) thanks to [RubyLangdon](https://github.com/RubyLangdon). * [1047](https://github.com/nginxinc/kubernetes-ingress/pull/1047) and [1009](https://github.com/nginxinc/kubernetes-ingress/pull/1009): Change how Helm manages the custom resource defintions (CRDs) to support installing multiple Ingress Controller releases. **Note**: If you're using the custom resources (`controller.enableCustomResources` is set to `true`), this is a breaking change. See the HELM UPGRADE section below for the upgrade instructions. CHANGES: * Update NGINX version to 1.19.1. * Update NGINX Plus to R22. -* [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029): Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port `8081` and the path `/nginx-ready`. The endpoint returns a `200` response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe. +* [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029): Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port `8081` and the path `/nginx-ready`. The endpoint returns a `200` response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe. * [980](https://github.com/nginxinc/kubernetes-ingress/pull/980): Enable leader election by default. UPGRADE: @@ -394,7 +473,7 @@ UPGRADE: OVERVIEW: -Release 1.6.0 includes: +Release 1.6.0 includes: * Improvements to VirtualServer and VirtualServerRoute resources, adding support for richer load balancing behavior, more sophisticated request routing, redirects, direct responses, and blue-green and circuit breaker patterns. The VirtualServer and VirtualServerRoute resources are enabled by default and are ready for production use. * Support for OpenTracing, helping you to monitor and debug complex transactions. * An improved security posture, with support to run the Ingress Controller as a non-root user. @@ -431,7 +510,7 @@ FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: * [596](https://github.com/nginxinc/kubernetes-ingress/pull/596): Add lb-method support in vs and vsr. FEATURES: -* [750](https://github.com/nginxinc/kubernetes-ingress/pull/750): Add support for health status uri customisation. +* [750](https://github.com/nginxinc/kubernetes-ingress/pull/750): Add support for health status uri customisation. * [691](https://github.com/nginxinc/kubernetes-ingress/pull/691): Helper Functions for custom annotations. * [631](https://github.com/nginxinc/kubernetes-ingress/pull/631): Add max_conns support for NGINX plus. * [629](https://github.com/nginxinc/kubernetes-ingress/pull/629): Added upstream zone directive annotation. Thanks to [Victor Regalado](https://github.com/vrrs). diff --git a/docs-web/technical-specifications.md b/docs-web/technical-specifications.md index 34815de421..8cec385c54 100644 --- a/docs-web/technical-specifications.md +++ b/docs-web/technical-specifications.md @@ -28,11 +28,11 @@ The supported architecture is x86-64. * - Debian-based image - ``nginx:1.19.8``, which is based on ``debian:buster-slim`` - - - ``nginx/nginx-ingress:1.10.0`` + - ``nginx/nginx-ingress:1.11.0`` * - Alpine-based image - ``nginx:1.19.8-alpine``, which is based on ``alpine:3.13`` - - - ``nginx/nginx-ingress:1.10.0-alpine`` + - ``nginx/nginx-ingress:1.11.0-alpine`` * - Debian-based image with Opentracing - ``nginx:1.19.8``, which is based on ``debian:buster-slim`` - OpenTracing API for C++ 1.5.1, NGINX plugin for OpenTracing, C++ OpenTracing binding for Jaeger 0.4.2 @@ -40,7 +40,7 @@ The supported architecture is x86-64. * - Ubi-based image - ``registry.access.redhat.com/ubi8/ubi:8.3`` - - - ``nginx/nginx-ingress:1.10.0-ubi`` + - ``nginx/nginx-ingress:1.11.0-ubi`` ``` ### Images with NGINX Plus diff --git a/docs-web/third-party-modules/opentracing.md b/docs-web/third-party-modules/opentracing.md index c57e61d3db..25acf6e769 100644 --- a/docs-web/third-party-modules/opentracing.md +++ b/docs-web/third-party-modules/opentracing.md @@ -2,7 +2,7 @@ The Ingress Controller supports [OpenTracing](https://opentracing.io/) with the third-party module [opentracing-contrib/nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing). -This document explains how to use OpenTracing with the Ingress Controller. +This document explains how to use OpenTracing with the Ingress Controller. ## Prerequisites 1. **Use the Ingress Controller image with OpenTracing.** The default Ingress Controller images don’t include the OpenTracing module. To use OpenTracing, you need to build the image with that module. Follow the build instructions to build the image using `openshift-image` for NGINX or `openshift-image-plus` for NGINX Plus. diff --git a/docs/nginx-ingress-controllers.md b/docs/nginx-ingress-controllers.md index e4bbc1b981..6497b006f6 100644 --- a/docs/nginx-ingress-controllers.md +++ b/docs/nginx-ingress-controllers.md @@ -26,7 +26,7 @@ The table below summarizes the key difference between nginxinc/kubernetes-ingres | JWT validation | Not supported | Not supported | Supported | | Session persistence | Supported via a third-party module | Not supported | Supported | | Canary testing (by header, cookie, weight) | Supported via annotations | Supported via custom resources | Supported via custom resources | -| Configuration templates *1 | See the [template](https://github.com/kubernetes/ingress-nginx/blob/master/rootfs/etc/nginx/template/nginx.tmpl) | See the [templates](../internal/configs/version1) | See the [templates](../internal/configs/version1) | +| Configuration templates *1 | See the [template](https://github.com/kubernetes/ingress-nginx/blob/v1.11.0/rootfs/etc/nginx/template/nginx.tmpl) | See the [templates](../internal/configs/version1) | See the [templates](../internal/configs/version1) | | **Load balancing configuration via Custom Resources** | | HTTP load balancing | Not supported | See [VirtualServer and VirtualServerRoute](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) resources | See [VirtualServer and VirtualServerRoute](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) resources | | TCP/UDP load balancing | Not supported | See [TransportServer](https://docs.nginx.com/nginx-ingress-controller/configuration/transportserver-resource/) resource | See [TransportServer](https://docs.nginx.com/nginx-ingress-controller/configuration/transportserver-resource/) resource |