diff --git a/CHANGELOG.md b/CHANGELOG.md index 42e7e5be16..ca0c0c6ce6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,55 @@ # Changelog +### 1.7.0 - Release Candidate 1 + +OVERVIEW: + +Release 1.7.0-rc1 includes: +* Support for TCP, UDP, and TLS Passthrough load balancing with the new configuration resources: TransportServer and GlobalConfiguration. The resources allow users to deliver complex, non-HTTP-based applications from Kubernetes using the NGINX Ingress Controller. +* Support for error pages in VirtualServer and VirtualServerRoute resources. A user can now specify custom error responses for errors returned by backend applications or generated by NGINX, such as a 502 response. +* Improved validation of VirtualServer and VirtualServerRoute resources. kubectl and the Kubernetes API server can now detect violations of the structure of VirtualServer/VirtualServerRoute resources and return an error. + +The release announcement blog post includes an overview of each feature. See [link-to-be-added](#). + +You will find the complete changelog for release 1.7.0-rc1, including bug fixes, improvements, and changes below. + +FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: +* [868](https://github.com/nginxinc/kubernetes-ingress/pull/868): Add OpenAPI CRD schema validation. +* [847](https://github.com/nginxinc/kubernetes-ingress/pull/847): Add support for error pages for VS/VSR. + +FEATURES: +* [902](https://github.com/nginxinc/kubernetes-ingress/pull/902): Add TransportServer and GlobalConfiguration Resources. +* [894](https://github.com/nginxinc/kubernetes-ingress/pull/894): Add Dockerfile for NGINX Open Source for Openshift. +* [857](https://github.com/nginxinc/kubernetes-ingress/pull/857): Add Openshift Dockerfile for NGINX Plus. +* [852](https://github.com/nginxinc/kubernetes-ingress/pull/852): Add default-server-access-log-off to configmap. +* [845](https://github.com/nginxinc/kubernetes-ingress/pull/845): Add log-format-escaping and stream-log-format-escaping configmap keys. Thanks to [Alexey Maslov](https://github.com/alxmsl). +* [827](https://github.com/nginxinc/kubernetes-ingress/pull/827): Add ingress class label to all Prometheus metrics. + + +IMPROVEMENTS: +* [850](https://github.com/nginxinc/kubernetes-ingress/pull/850): Extend redirect URI validation with protocol check in VS/VSR. +* [832](https://github.com/nginxinc/kubernetes-ingress/pull/832): Update the examples to run the `nginxdemos/nginx-hello:plain-text` image, that doesn't require root user. +* [825](https://github.com/nginxinc/kubernetes-ingress/pull/825): Add multi-stage docker builds. + +BUGFIXES: +* [828](https://github.com/nginxinc/kubernetes-ingress/pull/828): Fix error messages for actions of the type return. + +HELM CHART: +* The version of the helm chart is now 0.5.0-rc1. +* Add new parameters to the Chart: `controller.volumes`, `controller.volumeMounts`, `controller.priorityClassName`. Added in [878](https://github.com/nginxinc/kubernetes-ingress/pull/878), [807](https://github.com/nginxinc/kubernetes-ingress/pull/807) thanks to [Greg Snow](https://github.com/gsnegovskiy). + +CHANGES: +* Update NGINX version to 1.17.9. +* [854](https://github.com/nginxinc/kubernetes-ingress/pull/854): Update the Debian base images for NGINX Plus to `debian:buster-slim`. +* [852](https://github.com/nginxinc/kubernetes-ingress/pull/852): Add default-server-access-log-off to configmap. The access logs for the default server are now enabled by default. +* [847](https://github.com/nginxinc/kubernetes-ingress/pull/847): Add support for error pages for VS/VSR. The PR affects how the Ingress Controller generates configuration for VirtualServer and VirtualServerRoutes. See [this comment](https://github.com/nginxinc/kubernetes-ingress/pull/847) for more details. +* [827](https://github.com/nginxinc/kubernetes-ingress/pull/827): Add ingress class label to all Prometheus metrics. Every Prometheus metric exposed by the Ingress Controller now includes the label `class` with the value of the Ingress Controller class (by default `nginx`), +* [825](https://github.com/nginxinc/kubernetes-ingress/pull/825): Add multi-stage docker builds. When building the Ingress Controller image in Docker, we now use a multi-stage docker build. + +UPGRADE: +* For this preview release, no DockerHub images are provided. Please build your own image using the 1.7.0-rc1 source code. +* For Helm, use version 0.5.0-rc1 of the chart. Note: this preview version is not available from the stable repo helm.nginx.com/stable, but only from the source files in the `deployments/helm-chart` folder. + ### 1.6.3 CHANGES: diff --git a/Makefile b/Makefile index 57fef935b6..f0c82383fd 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ all: push -VERSION = edge +VERSION = 1.7.0-rc1 TAG = $(VERSION) PREFIX = nginx/nginx-ingress diff --git a/README.md b/README.md index 5e391c4aa5..e2fe9e1eec 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Read [this doc](docs/nginx-plus.md) to learn more about NGINX Ingress controller We publish Ingress controller releases on GitHub. See our [releases page](https://github.com/nginxinc/kubernetes-ingress/releases). -The latest stable release is [1.6.3](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.6.3). For production use, we recommend that you choose the latest stable release. As an alternative, you can choose the *edge* version built from the [latest commit](https://github.com/nginxinc/kubernetes-ingress/commits/master) from the master branch. The edge version is useful for experimenting with new features that are not yet published in a stable release. +The latest stable release is [1.7.0-rc1](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.7.0-rc1). For production use, we recommend that you choose the latest stable release. As an alternative, you can choose the *edge* version built from the [latest commit](https://github.com/nginxinc/kubernetes-ingress/commits/master) from the master branch. The edge version is useful for experimenting with new features that are not yet published in a stable release. To use the Ingress controller, you need to have access to: * An Ingress controller image. @@ -62,7 +62,7 @@ The table below summarizes the options regarding the images, manifests, helm cha | Version | Description | Image for NGINX | Image for NGINX Plus | Installation Manifests and Helm Chart | Documentation and Examples | | ------- | ----------- | --------------- | -------------------- | ---------------------------------------| -------------------------- | -| Latest stable release | For production use | `nginx/nginx-ingress:1.6.3`, `nginx/nginx-ingress:1.6.3-alpine` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v1.6.3/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v1.6.3/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | +| Latest stable release | For production use | `nginx/nginx-ingress:1.7.0-rc1`, `nginx/nginx-ingress:1.7.0-rc1-alpine` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | | Edge | For testing and experimenting | `nginx/nginx-ingress:edge`, `nginx/nginx-ingress:edge-alpine` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/master/docs-web/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/master/docs-web/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments/helm-chart). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/master/docs-web). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples). | ## Contacts diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index e63626ddcd..d0a24587a8 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -17,8 +17,7 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx/nginx-ingress:edge - imagePullPolicy: Always + - image: nginx/nginx-ingress:1.7.0-rc1 name: nginx-ingress ports: - name: http diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index a876f9571c..453316c9b7 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -17,8 +17,7 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx-plus-ingress:edge - imagePullPolicy: Always + - image: nginx-plus-ingress:1.7.0-rc1 name: nginx-plus-ingress ports: - name: http diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index 61c9233a01..83c46f5913 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -18,8 +18,7 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx/nginx-ingress:edge - imagePullPolicy: Always + - image: nginx/nginx-ingress:1.7.0-rc1 name: nginx-ingress ports: - name: http diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index fed338bdc6..40bca59422 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -18,8 +18,7 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx-plus-ingress:edge - imagePullPolicy: Always + - image: nginx-plus-ingress:1.7.0-rc1 name: nginx-plus-ingress ports: - name: http diff --git a/deployments/helm-chart/Chart.yaml b/deployments/helm-chart/Chart.yaml index 70f53a99a0..6d94a8d8ae 100644 --- a/deployments/helm-chart/Chart.yaml +++ b/deployments/helm-chart/Chart.yaml @@ -1,11 +1,11 @@ name: nginx-ingress -version: edge -appVersion: edge +version: 0.5.0-rc1 +appVersion: 1.7.0-rc1 apiVersion: v1 description: NGINX Ingress Controller -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/master/deployments/helm-chart/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v1.7.0-rc1/deployments/helm-chart/chart-icon.png sources: - - https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments/helm-chart + - https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/deployments/helm-chart keywords: - ingress - nginx diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index da7aad89b1..fcf79ec621 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -19,7 +19,7 @@ This chart deploys the NGINX Ingress controller in your Kubernetes cluster. 1. Add NGINX Helm repository: ``` - $ helm repo add nginx-edge https://helm.nginx.com/edge + $ helm repo add nginx-stable https://helm.nginx.com/stable $ helm repo update ``` @@ -29,24 +29,24 @@ This chart deploys the NGINX Ingress controller in your Kubernetes cluster. For NGINX: ```console - $ helm install my-release nginx-edge/nginx-ingress + $ helm install my-release nginx-stable/nginx-ingress ``` For NGINX Plus: (assuming you have pushed the Ingress controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) ```console - $ helm install my-release nginx-edge/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true + $ helm install my-release nginx-stable/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true ``` * Using Helm 2.x client: For NGINX: ```console - $ helm install --name my-release nginx-edge/nginx-ingress + $ helm install --name my-release nginx-stable/nginx-ingress ``` For NGINX Plus: (assuming you have pushed the Ingress controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) ```console - $ helm install --name my-release nginx-edge/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true + $ helm install --name my-release nginx-stable/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true ``` ### Installing Using Chart Sources @@ -58,6 +58,8 @@ This chart deploys the NGINX Ingress controller in your Kubernetes cluster. 2. Change your working directory to /deployments/helm-chart: ```console $ cd kubernetes-ingress/deployments/helm-chart + $ cd kubernetes-ingress/deployments/helm-chart + $ git checkout v1.7.0-rc1 ``` 3. To install the chart with the release name my-release (my-release is the name that you choose): @@ -123,7 +125,7 @@ Parameter | Description | Default `controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false `controller.logLevel` | The log level of the Ingress Controller. | 1 `controller.image.repository` | The image repository of the Ingress controller. | nginx/nginx-ingress -`controller.image.tag` | The tag of the Ingress controller image. | edge +`controller.image.tag` | The tag of the Ingress controller image. | 1.7.0-rc1 `controller.image.pullPolicy` | The pull policy for the Ingress controller image. | IfNotPresent `controller.config.name` | The name of the ConfigMap used by the Ingress controller. | Autogenerated `controller.config.entries` | The entries of the ConfigMap for customizing NGINX configuration. | {} diff --git a/deployments/helm-chart/values-icp.yaml b/deployments/helm-chart/values-icp.yaml index 71b0b7ab37..9cf41ceba7 100644 --- a/deployments/helm-chart/values-icp.yaml +++ b/deployments/helm-chart/values-icp.yaml @@ -3,7 +3,7 @@ controller: nginxplus: true image: repository: mycluster.icp:8500/kube-system/nginx-plus-ingress - tag: "edge" + tag: "1.7.0-rc1" nodeSelector: beta.kubernetes.io/arch: "amd64" proxy: true diff --git a/deployments/helm-chart/values-plus.yaml b/deployments/helm-chart/values-plus.yaml index e30a6553bf..d016076d79 100644 --- a/deployments/helm-chart/values-plus.yaml +++ b/deployments/helm-chart/values-plus.yaml @@ -2,4 +2,4 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "edge" + tag: "1.7.0-rc1" diff --git a/docs-web/configuration/configuration-examples.md b/docs-web/configuration/configuration-examples.md index 2743ede52c..159e350b96 100644 --- a/docs-web/configuration/configuration-examples.md +++ b/docs-web/configuration/configuration-examples.md @@ -1,5 +1,5 @@ # Configuration Examples Out [GitHub repo](https://github.com/nginxinc/kubernetes-ingress) includes as number of configuration examples: -* [*Examples*](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples) show how to use advanced NGINX features in Ingress resources with annotations. -* [*Examples of Custom Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples-of-custom-resources) show how to use VirtualServer and VirtualServerResources for a few use cases. +* [*Examples*](https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/examples) show how to use advanced NGINX features in Ingress resources with annotations. +* [*Examples of Custom Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/examples-of-custom-resources) show how to use VirtualServer and VirtualServerResources for a few use cases. diff --git a/docs-web/configuration/global-configuration/configmap-resource.md b/docs-web/configuration/global-configuration/configmap-resource.md index 5f6a6f3763..fe73088887 100644 --- a/docs-web/configuration/global-configuration/configmap-resource.md +++ b/docs-web/configuration/global-configuration/configmap-resource.md @@ -149,19 +149,19 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``resolver-addresses`` - Sets the value of the `resolver `_ addresses. Note: If you use a DNS name (ex., ``kube-dns.kube-system.svc.cluster.local``\ ) as a resolver address, NGINX Plus will resolve it using the system resolver during the start and on every configuration reload. As a consequence, If the name cannot be resolved or the DNS server doesn't respond, NGINX Plus will fail to start or reload. To avoid this, consider using only IP addresses as resolver addresses. Supported in NGINX Plus only. - N/A - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``resolver-ipv6`` - Enables IPv6 resolution in the resolver. Supported in NGINX Plus only. - ``True`` - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``resolver-valid`` - Sets the time NGINX caches the resolved DNS records. Supported in NGINX Plus only. - TTL value of a DNS record - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``resolver-timeout`` - Sets the `resolver_timeout `_ for name resolution. Supported in NGINX Plus only. - ``30s`` - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``keepalive-timeout`` - Sets the value of the `keepalive_timeout `_ directive. - ``65s`` @@ -204,7 +204,7 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres - * - ``log-format`` - Sets the custom `log format `_ for HTTP and HTTPS traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. - - See the `template file `_ for the access log. + - See the `template file `_ for the access log. - * - ``log-format-escaping`` - Sets the characters escaping for the variables of the log format. Supported values: ``json`` (JSON escaping), ``default`` (the default escaping) ``none`` (disables escaping). @@ -212,7 +212,7 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres - * - ``stream-log-format`` - Sets the custom `log format `_ for TCP, UDP, and TLS Passthrough traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. - - See the `template file `_. + - See the `template file `_. - * - ``stream-log-format-escaping`` - Sets the characters escaping for the variables of the stream log format. Supported values: ``json`` (JSON escaping), ``default`` (the default escaping) ``none`` (disables escaping). @@ -309,7 +309,7 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``proxy-protocol`` - Enables PROXY Protocol for incoming connections. - ``False`` - - `Proxy Protocol `_. + - `Proxy Protocol `_. ``` ### Backend Services (Upstreams) @@ -373,7 +373,7 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``stream-snippets`` - Sets a custom snippet in stream context. - N/A - - `Support for TCP/UDP Load Balancing `_. + - `Support for TCP/UDP Load Balancing `_. * - ``main-template`` - Sets the main NGINX configuration template. - By default the template is read from the file in the container. @@ -397,13 +397,13 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``opentracing`` - Enables `OpenTracing `_ globally (for all Ingress, VirtualServer and VirtualServerRoute resources). Note: requires the Ingress Controller image with OpenTracing module and a tracer. See the `docs `_ for more information. - ``False`` - - `Support for OpenTracing `_. + - `Support for OpenTracing `_. * - ``opentracing-tracer`` - Sets the path to the vendor tracer binary plugin. - N/A - - `Support for OpenTracing `_. + - `Support for OpenTracing `_. * - ``opentracing-tracer-config`` - Sets the tracer configuration in JSON format. - N/A - - `Support for OpenTracing `_. + - `Support for OpenTracing `_. ``` diff --git a/docs-web/configuration/global-configuration/custom-templates.md b/docs-web/configuration/global-configuration/custom-templates.md index 2b55df272b..1320d08a85 100644 --- a/docs-web/configuration/global-configuration/custom-templates.md +++ b/docs-web/configuration/global-configuration/custom-templates.md @@ -1,3 +1,3 @@ # Custom Templates -The Ingress Controller uses templates to generate NGINX configuration for Ingress resources and the main NGINX configuration file. You can customize the templates and apply them via the ConfigMap. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/custom-templates). +The Ingress Controller uses templates to generate NGINX configuration for Ingress resources and the main NGINX configuration file. You can customize the templates and apply them via the ConfigMap. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/examples/custom-templates). diff --git a/docs-web/configuration/global-configuration/globalconfiguration-resource.md b/docs-web/configuration/global-configuration/globalconfiguration-resource.md index c1ae254027..c292a82685 100644 --- a/docs-web/configuration/global-configuration/globalconfiguration-resource.md +++ b/docs-web/configuration/global-configuration/globalconfiguration-resource.md @@ -161,4 +161,4 @@ Events: Normal Updated 55s nginx-ingress-controller GlobalConfiguration nginx-ingress/nginx-configuration was updated Warning Rejected 6s nginx-ingress-controller GlobalConfiguration nginx-ingress/nginx-configuration is invalid and was rejected: spec.listeners: Duplicate value: "Duplicated port/protocol combination 53/UDP" ``` -Note how the events section includes a Warning event with the Rejected reason. \ No newline at end of file +Note how the events section includes a Warning event with the Rejected reason. diff --git a/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md b/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md index be97c39aff..9d4dd3b04c 100644 --- a/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md +++ b/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md @@ -146,7 +146,7 @@ The table below summarizes the available annotations. - N/A - Configures URI rewriting. - N/A - - `Rewrites Support `_. + - `Rewrites Support `_. ``` ### Auth and SSL/TLS @@ -194,22 +194,22 @@ The table below summarizes the available annotations. - N/A - Specifies a Secret resource with keys for validating JSON Web Tokens (JWTs). - N/A - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. * - ``nginx.com/jwt-realm`` - N/A - Specifies a realm. - N/A - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. * - ``nginx.com/jwt-token`` - N/A - Specifies a variable that contains JSON Web Token. - By default, a JWT is expected in the ``Authorization`` header as a Bearer Token. - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. * - ``nginx.com/jwt-login-url`` - N/A - Specifies a URL to which a client is redirected in case of an invalid or missing JWT. - N/A - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. ``` ### Listeners @@ -255,17 +255,17 @@ The table below summarizes the available annotations. - N/A - Enables HTTPS or gRPC over SSL when connecting to the endpoints of services. - N/A - - `SSL Services Support `_. + - `SSL Services Support `_. * - ``nginx.org/grpc-services`` - N/A - Enables gRPC for services. Note: requires HTTP/2 (see ``http2`` ConfigMap key); only works for Ingresses with TLS termination enabled. - N/A - - `GRPC Services Support `_. + - `GRPC Services Support `_. * - ``nginx.org/websocket-services`` - N/A - Enables WebSocket for services. - N/A - - `WebSocket support `_. + - `WebSocket support `_. * - ``nginx.org/max-fails`` - ``max-fails`` - Sets the value of the `max_fails `_ parameter of the ``server`` directive. @@ -290,7 +290,7 @@ The table below summarizes the available annotations. - N/A - Configures session persistence. - N/A - - `Session Persistence `_. + - `Session Persistence `_. * - ``nginx.org/keepalive`` - ``keepalive`` - Sets the value of the `keepalive `_ directive. Note that ``proxy_set_header Connection "";`` is added to the generated configuration when the value > 0. @@ -300,20 +300,20 @@ The table below summarizes the available annotations. - N/A - Enables active health checks. - ``False`` - - `Support for Active Health Checks `_. + - `Support for Active Health Checks `_. * - ``nginx.com/health-checks-mandatory`` - N/A - Configures active health checks as mandatory. - ``False`` - - `Support for Active Health Checks `_. + - `Support for Active Health Checks `_. * - ``nginx.com/health-checks-mandatory-queue`` - N/A - When active health checks are mandatory, configures a queue for temporary storing incoming requests during the time when NGINX Plus is checking the health of the endpoints after a configuration reload. - ``0`` - - `Support for Active Health Checks `_. + - `Support for Active Health Checks `_. * - ``nginx.com/slow-start`` - N/A - - Sets the upstream server `slow-start period `_. By default, slow-start is activated after a server becomes `available `_ or `healthy `_. To enable slow-start for newly added servers, configure `mandatory active health checks `_. + - Sets the upstream server `slow-start period `_. By default, slow-start is activated after a server becomes `available `_ or `healthy `_. To enable slow-start for newly added servers, configure `mandatory active health checks `_. - ``"0s"`` - ``` diff --git a/docs-web/configuration/ingress-resources/basic-configuration.md b/docs-web/configuration/ingress-resources/basic-configuration.md index 768b8adb6e..0b47f5a151 100644 --- a/docs-web/configuration/ingress-resources/basic-configuration.md +++ b/docs-web/configuration/ingress-resources/basic-configuration.md @@ -36,7 +36,7 @@ Here is a breakdown of what this Ingress resource definition means: * The rule with the path `/coffee` instructs NGINX to distribute the requests with the `/coffee` URI among the pods of the *coffee* service, which is deployed with the name `coffee‑svc` in the cluster. * Both rules instruct NGINX to distribute the requests to `port 80` of the corresponding service (the `servicePort` field). -> For complete instructions on deploying the Ingress and Secret resources in the cluster, see the [complete-example](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/complete-example) in our GitHub repo. +> For complete instructions on deploying the Ingress and Secret resources in the cluster, see the [complete-example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/examples/complete-example) in our GitHub repo. > To learn more about the Ingress resource, see the [Ingress resource documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) in the Kubernetes docs. diff --git a/docs-web/configuration/ingress-resources/cross-namespace-configuration.md b/docs-web/configuration/ingress-resources/cross-namespace-configuration.md index bf9fe5f87b..92c26e5523 100644 --- a/docs-web/configuration/ingress-resources/cross-namespace-configuration.md +++ b/docs-web/configuration/ingress-resources/cross-namespace-configuration.md @@ -2,4 +2,4 @@ You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the *same* or *different* namespaces. This enables easier management when using a large number of paths. -See the [Mergeable Ingress Resources](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/mergeable-ingress-types) example on our GitHub. +See the [Mergeable Ingress Resources](https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/examples/mergeable-ingress-types) example on our GitHub. diff --git a/docs-web/configuration/ingress-resources/custom-annotations.md b/docs-web/configuration/ingress-resources/custom-annotations.md index 334f805d98..b75f01bc3c 100644 --- a/docs-web/configuration/ingress-resources/custom-annotations.md +++ b/docs-web/configuration/ingress-resources/custom-annotations.md @@ -12,7 +12,7 @@ Custom annotations allow you to add an annotation for an NGINX feature that is n ## Usage -The Ingress Controller generates NGINX configuration for Ingress resources by executing a configuration template. See [NGINX template](https://github.com/nginxinc/kubernetes-ingress/blob/master/internal/configs/version1/nginx.ingress.tmpl) or [NGINX Plus template](https://github.com/nginxinc/kubernetes-ingress/blob/master/internal/configs/version1/nginx-plus.ingress.tmpl). +The Ingress Controller generates NGINX configuration for Ingress resources by executing a configuration template. See [NGINX template](https://github.com/nginxinc/kubernetes-ingress/blob/v1.7.0-rc1/internal/configs/version1/nginx.ingress.tmpl) or [NGINX Plus template](https://github.com/nginxinc/kubernetes-ingress/blob/v1.7.0-rc1/internal/configs/version1/nginx-plus.ingress.tmpl). To support custom annotations, the template has access to the information about the Ingress resource - its *name*, *namespace* and *annotations*. It is possible to check if a particular annotation present in the Ingress resource and conditionally insert NGINX configuration directives at multiple NGINX contexts - `http`, `server`, `location` or `upstream`. Additionally, you can get the value that is set to the annotation. @@ -132,4 +132,4 @@ deny all; ## Example -See the [custom annotations example](https://github.com/nginxinc/kubernetes-ingress/blob/master/examples/custom-annotations). +See the [custom annotations example](https://github.com/nginxinc/kubernetes-ingress/blob/v1.7.0-rc1/examples/custom-annotations). diff --git a/docs-web/configuration/transportserver-resource.md b/docs-web/configuration/transportserver-resource.md index e1ab57c45b..e04aaf2f78 100644 --- a/docs-web/configuration/transportserver-resource.md +++ b/docs-web/configuration/transportserver-resource.md @@ -2,7 +2,7 @@ The TransportServer resource allows you to configure TCP, UDP, and TLS Passthrough load balancing. The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the TransportServer resource. To see additional examples of using the resource for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/master/examples-of-custom-resources) folder in our GitHub repo. +This document is the reference documentation for the TransportServer resource. To see additional examples of using the resource for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/v1.7.0-rc1/examples-of-custom-resources) folder in our GitHub repo. > **Feature Status**: The TransportServer resource is available as a preview feature: it is suitable for experimenting and testing; however, it must be used with caution in production environments. Additionally, while the feature is in preview, we might introduce some backward-incompatible changes to the resource specification in the next releases. @@ -310,6 +310,6 @@ The [ConfigMap](/nginx-ingress-controller/configuration/global-configuration/con ## Limitations As of Release 1.7, the TransportServer resource is a preview feature. Currently, it comes with the following limitations: -* When using TLS Passthrough, it is not possible to configure [Proxy Protocol](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/proxy-protocol) for port 443 both for regular HTTPS and TLS Passthrough traffic. +* When using TLS Passthrough, it is not possible to configure [Proxy Protocol](https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/examples/proxy-protocol) for port 443 both for regular HTTPS and TLS Passthrough traffic. * If multiple TCP (or UDP) TransportServers reference the same listener, only one of them will receive the traffic. Moreover, until there is only one TransportServer, NGINX will fail to reload. If this happens, the IC will report a warning event with the `AddedOrUpdatedWithError` reason for the resource, which caused the problem, and also report the error in the logs. -* If multiple TLS Passthrough TransportServers have the same hostname, only one of them will receive the traffic. If this happens, the IC will report a warning in the logs like `host "app.example.com" is used by more than one TransportServers`. \ No newline at end of file +* If multiple TLS Passthrough TransportServers have the same hostname, only one of them will receive the traffic. If this happens, the IC will report a warning in the logs like `host "app.example.com" is used by more than one TransportServers`. diff --git a/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md b/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md index 3f7b51b6b3..92ee928e35 100644 --- a/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md +++ b/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md @@ -2,7 +2,7 @@ The VirtualServer and VirtualServerRoute resources are new load balancing configuration, introduced in release 1.5 as an alternative to the Ingress resource. The resources enable use cases not supported with the Ingress resource, such as traffic splitting and advanced content-based routing. The resources are implemented as [Custom Resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the resources. To see additional examples of using the resources for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/master/examples-of-custom-resources) folder in our GitHub repo. +This document is the reference documentation for the resources. To see additional examples of using the resources for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/v1.7.0-rc1/examples-of-custom-resources) folder in our GitHub repo. ## Contents @@ -358,7 +358,7 @@ tls: - ``string`` - Yes * - ``service`` - - The name of a `service `_. The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. For NGINX Plus only, services of type `ExternalName `_ are also supported (check the `prerequisites `_\ ). + - The name of a `service `_. The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. For NGINX Plus only, services of type `ExternalName `_ are also supported (check the `prerequisites `_\ ). - ``string`` - Yes * - ``subselector`` diff --git a/docs-web/installation/building-ingress-controller-image.md b/docs-web/installation/building-ingress-controller-image.md index f73cb64eec..f83746e252 100644 --- a/docs-web/installation/building-ingress-controller-image.md +++ b/docs-web/installation/building-ingress-controller-image.md @@ -22,6 +22,8 @@ We build the image using the make utility and the provided `Makefile`. Let’s c 1. Clone the Ingress controller repo: ``` $ git clone https://github.com/nginxinc/kubernetes-ingress/ + $ cd kubernetes-ingress + $ git checkout v1.7.0-rc1 ``` 1. Build the image: @@ -31,7 +33,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c ``` `myregistry.example.com/nginx-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - As the result, the image **myregistry.example.com/nginx-ingress:edge** is built and pushed to the registry. Note that the tag `edge` comes from the `VERSION` variable, defined in the Makefile. + As the result, the image **myregistry.example.com/nginx-ingress:1.7.0-rc1** is built and pushed to the registry. Note that the tag `1.7.0-rc1` comes from the `VERSION` variable, defined in the Makefile. * For NGINX Plus, first, make sure that the certificate (`nginx-repo.crt`) and the key (`nginx-repo.key`) of your license are located in the root of the project: ``` @@ -44,7 +46,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c ``` `myregistry.example.com/nginx-plus-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - As the result, the image **myregistry.example.com/nginx-plus-ingress:edge** is built and pushed to the registry. Note that the tag `edge` comes from the `VERSION` variable, defined in the Makefile. + As the result, the image **myregistry.example.com/nginx-plus-ingress:1.7.0-rc1** is built and pushed to the registry. Note that the tag `1.7.0-rc1` comes from the `VERSION` variable, defined in the Makefile. Next you will find the details about available Makefile targets and variables. diff --git a/docs-web/installation/installation-with-helm.md b/docs-web/installation/installation-with-helm.md index 1d7aba578f..c126170a11 100644 --- a/docs-web/installation/installation-with-helm.md +++ b/docs-web/installation/installation-with-helm.md @@ -17,34 +17,34 @@ This document describes how to install the NGINX Ingress Controller in your Kube 1. Add NGINX Helm repository: ``` - $ helm repo add nginx-edge https://helm.nginx.com/edge + $ helm repo add nginx-stable https://helm.nginx.com/stable $ helm repo update ``` 2. To install the chart with the release name my-release (my-release is the name that you choose): - * Using Helm 3.x client: + * Using Helm 3.x client: For NGINX: ```console - $ helm install my-release nginx-edge/nginx-ingress + $ helm install my-release nginx-stable/nginx-ingress ``` For NGINX Plus: (assuming you have pushed the Ingress controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) ```console - $ helm install my-release nginx-edge/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true + $ helm install my-release nginx-stable/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true ``` * Using Helm 2.x client: For NGINX: ```console - $ helm install --name my-release nginx-edge/nginx-ingress + $ helm install --name my-release nginx-stable/nginx-ingress ``` For NGINX Plus: (assuming you have pushed the Ingress controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) ```console - $ helm install --name my-release nginx-edge/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true + $ helm install --name my-release nginx-stable/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true ``` ## Installing Using Chart Sources @@ -56,6 +56,7 @@ This document describes how to install the NGINX Ingress Controller in your Kube 2. Change your working directory to /deployments/helm-chart: ```console $ cd kubernetes-ingress/deployments/helm-chart + $ git checkout v1.7.0-rc1 ``` 3. To install the chart with the release name my-release (my-release is the name that you choose): @@ -141,7 +142,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont - nginx/nginx-ingress * - ``controller.image.tag`` - The tag of the Ingress controller image. - - edge + - 1.7.0-rc1 * - ``controller.image.pullPolicy`` - The pull policy for the Ingress controller image. - IfNotPresent diff --git a/docs-web/installation/installation-with-manifests.md b/docs-web/installation/installation-with-manifests.md index e523a5bfe9..b61648529e 100644 --- a/docs-web/installation/installation-with-manifests.md +++ b/docs-web/installation/installation-with-manifests.md @@ -11,6 +11,7 @@ This document describes how to install the NGINX Ingress Controller in your Kube ``` $ git clone https://github.com/nginxinc/kubernetes-ingress/ $ cd kubernetes-ingress/deployments + $ git checkout v1.7.0-rc1 ``` ## 1. Configure RBAC diff --git a/docs-web/releases.md b/docs-web/releases.md index 49b134b071..4afa236a04 100644 --- a/docs-web/releases.md +++ b/docs-web/releases.md @@ -1,5 +1,55 @@ # Releases +## NGINX Ingress Controller 1.7.0 - Release Candidate 1 + +OVERVIEW: + +Release 1.7.0-rc1 includes: +* Support for TCP, UDP, and TLS Passthrough load balancing with the new configuration resources: TransportServer and GlobalConfiguration. The resources allow users to deliver complex, non-HTTP-based applications from Kubernetes using the NGINX Ingress Controller. +* Support for error pages in VirtualServer and VirtualServerRoute resources. A user can now specify custom error responses for errors returned by backend applications or generated by NGINX, such as a 502 response. +* Improved validation of VirtualServer and VirtualServerRoute resources. kubectl and the Kubernetes API server can now detect violations of the structure of VirtualServer/VirtualServerRoute resources and return an error. + +The release announcement blog post includes an overview of each feature. See [link-to-be-added](#). + +You will find the complete changelog for release 1.7.0-rc1, including bug fixes, improvements, and changes below. + +FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: +* [868](https://github.com/nginxinc/kubernetes-ingress/pull/868): Add OpenAPI CRD schema validation. +* [847](https://github.com/nginxinc/kubernetes-ingress/pull/847): Add support for error pages for VS/VSR. + +FEATURES: +* [902](https://github.com/nginxinc/kubernetes-ingress/pull/902): Add TransportServer and GlobalConfiguration Resources. +* [894](https://github.com/nginxinc/kubernetes-ingress/pull/894): Add Dockerfile for NGINX Open Source for Openshift. +* [857](https://github.com/nginxinc/kubernetes-ingress/pull/857): Add Openshift Dockerfile for NGINX Plus. +* [852](https://github.com/nginxinc/kubernetes-ingress/pull/852): Add default-server-access-log-off to configmap. +* [845](https://github.com/nginxinc/kubernetes-ingress/pull/845): Add log-format-escaping and stream-log-format-escaping configmap keys. Thanks to [Alexey Maslov](https://github.com/alxmsl). +* [827](https://github.com/nginxinc/kubernetes-ingress/pull/827): Add ingress class label to all Prometheus metrics. + + +IMPROVEMENTS: +* [850](https://github.com/nginxinc/kubernetes-ingress/pull/850): Extend redirect URI validation with protocol check in VS/VSR. +* [832](https://github.com/nginxinc/kubernetes-ingress/pull/832): Update the examples to run the `nginxdemos/nginx-hello:plain-text` image, that doesn't require root user. +* [825](https://github.com/nginxinc/kubernetes-ingress/pull/825): Add multi-stage docker builds. + +BUGFIXES: +* [828](https://github.com/nginxinc/kubernetes-ingress/pull/828): Fix error messages for actions of the type return. + +HELM CHART: +* The version of the helm chart is now 0.5.0-rc1. +* Add new parameters to the Chart: `controller.volumes`, `controller.volumeMounts`, `controller.priorityClassName`. Added in [878](https://github.com/nginxinc/kubernetes-ingress/pull/878), [807](https://github.com/nginxinc/kubernetes-ingress/pull/807) thanks to [Greg Snow](https://github.com/gsnegovskiy). + +CHANGES: +* Update NGINX version to 1.17.9. +* [854](https://github.com/nginxinc/kubernetes-ingress/pull/854): Update the Debian base images for NGINX Plus to `debian:buster-slim`. +* [852](https://github.com/nginxinc/kubernetes-ingress/pull/852): Add default-server-access-log-off to configmap. The access logs for the default server are now enabled by default. +* [847](https://github.com/nginxinc/kubernetes-ingress/pull/847): Add support for error pages for VS/VSR. The PR affects how the Ingress Controller generates configuration for VirtualServer and VirtualServerRoutes. See [this comment](https://github.com/nginxinc/kubernetes-ingress/pull/847) for more details. +* [827](https://github.com/nginxinc/kubernetes-ingress/pull/827): Add ingress class label to all Prometheus metrics. Every Prometheus metric exposed by the Ingress Controller now includes the label `class` with the value of the Ingress Controller class (by default `nginx`), +* [825](https://github.com/nginxinc/kubernetes-ingress/pull/825): Add multi-stage docker builds. When building the Ingress Controller image in Docker, we now use a multi-stage docker build. + +UPGRADE: +* For this preview release, no DockerHub images are provided. Please build your own image using the 1.7.0-rc1 source code. +* For Helm, use version 0.5.0-rc1 of the chart. Note: this preview version is not available from the stable repo helm.nginx.com/stable, but only from the source files in the `deployments/helm-chart` folder. + ## NGINX Ingress Controller 1.6.3 CHANGES: diff --git a/docs-web/third-party-modules/opentracing.md b/docs-web/third-party-modules/opentracing.md index 5bcae8be71..618de3a013 100644 --- a/docs-web/third-party-modules/opentracing.md +++ b/docs-web/third-party-modules/opentracing.md @@ -2,7 +2,7 @@ The Ingress Controller supports [OpenTracing](http://opentracing.io/) with the third-party module [opentracing-contrib/nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing). -This document explains how to use OpenTracing with the Ingress Controller. Additionally, we have an [example](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/opentracing) on how to enable OpenTracing for a simple web application using Jaeger as a tracer. +This document explains how to use OpenTracing with the Ingress Controller. Additionally, we have an [example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.7.0-rc1/examples/opentracing) on how to enable OpenTracing for a simple web application using Jaeger as a tracer. ## Prerequisites 1. **Use the Ingress Controller image with OpenTracing.** The default Ingress Controller images don’t include the OpenTracing module. To use OpenTracing, you need to build the image with that module. Follow the build instructions to build the image using `DockerfileWithOpentracing` for NGINX or `DockerfileWithOpentracingForPlus` for NGINX Plus. @@ -69,7 +69,7 @@ Consider the following two cases: ## Customize OpenTracing -You can customize OpenTracing though the supported [OpenTracing module directives](https://github.com/opentracing-contrib/nginx-opentracing/blob/master/doc/Reference.md). Use the snippets ConfigMap keys or annotations to insert those directives into the http, server or location contexts of the generated NGINX configuration. +You can customize OpenTracing though the supported [OpenTracing module directives](https://github.com/opentracing-contrib/nginx-opentracing/blob/v1.7.0-rc1/doc/Reference.md). Use the snippets ConfigMap keys or annotations to insert those directives into the http, server or location contexts of the generated NGINX configuration. For example, to propagate the active span context for upstream requests, it is required to set the `opentracing_propagate_context` directive, which you can add to an Ingress resource using the location snippets annotation: @@ -78,4 +78,4 @@ nginx.org/location-snippets: | opentracing_propagate_context; ``` -**Note**: `opentracing_propagate_context` and `opentracing_grpc_propagate_context` directives can be used in http, server or location contexts according to the [module documentation](https://github.com/opentracing-contrib/nginx-opentracing/blob/master/doc/Reference.md#opentracing_propagate_context). However, because of the way the module works and how the Ingress Controller generates the NGINX configuration, it is only possible to use the directive in the location context. +**Note**: `opentracing_propagate_context` and `opentracing_grpc_propagate_context` directives can be used in http, server or location contexts according to the [module documentation](https://github.com/opentracing-contrib/nginx-opentracing/blob/v1.7.0-rc1/doc/Reference.md#opentracing_propagate_context). However, because of the way the module works and how the Ingress Controller generates the NGINX configuration, it is only possible to use the directive in the location context.