From ba03a73dde61ede2544475a5d88dbc0c58af5c68 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 16 Mar 2021 11:42:09 -0700 Subject: [PATCH] Release 1.10.1 (#1461) --- CHANGELOG.md | 49 ++++-- Makefile | 2 +- README.md | 14 +- deployments/daemon-set/nginx-ingress.yaml | 2 +- .../daemon-set/nginx-plus-ingress.yaml | 4 +- deployments/deployment/nginx-ingress.yaml | 2 +- .../deployment/nginx-plus-ingress.yaml | 2 +- deployments/helm-chart/Chart.yaml | 8 +- deployments/helm-chart/README.md | 4 +- deployments/helm-chart/values-icp.yaml | 2 +- deployments/helm-chart/values-plus.yaml | 2 +- deployments/helm-chart/values.yaml | 2 +- docs-web/app-protect/configuration.md | 44 ++--- docs-web/app-protect/installation.md | 7 +- .../configuration/configuration-examples.md | 4 +- .../configmap-resource.md | 132 +++++++-------- .../global-configuration/custom-templates.md | 2 +- .../configuration/handling-host-collisions.md | 4 +- ...advanced-configuration-with-annotations.md | 154 +++++++++--------- .../ingress-resources/basic-configuration.md | 2 +- .../cross-namespace-configuration.md | 4 +- .../ingress-resources/custom-annotations.md | 14 +- docs-web/configuration/policy-resource.md | 4 +- .../configuration/transportserver-resource.md | 26 +-- ...server-and-virtualserverroute-resources.md | 22 +-- docs-web/index.rst | 4 +- .../building-ingress-controller-image.md | 10 +- .../installation/installation-with-helm.md | 8 +- .../installation-with-manifests.md | 2 +- .../installation-with-operator.md | 4 +- docs-web/releases.md | 31 +++- docs-web/technical-specifications.md | 6 +- docs-web/third-party-modules/opentracing.md | 2 +- 33 files changed, 305 insertions(+), 274 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 25b0a218bd..29f9e82180 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,20 @@ # Changelog +### 1.10.1 + +CHANGES: +* Update NGINX version to 1.19.8. +* Add Kubernetes 1.20 support. +* [1373](https://github.com/nginxinc/kubernetes-ingress/pull/1373), [1439](https://github.com/nginxinc/kubernetes-ingress/pull/1439), [1440](https://github.com/nginxinc/kubernetes-ingress/pull/1440): Fix various issues in the Makefile. In 1.10.0, a bug was introduced that prevented building Ingress Controller images on versions of make < 4.1. + +HELM CHART: +* The version of the Helm chart is now 0.8.1. + +UPGRADE: +* For NGINX, use the 1.10.1 image from our DockerHub: `nginx/nginx-ingress:1.10.1`, `nginx/nginx-ingress:1.10.1-alpine` or `nginx/nginx-ingress:1.10.1-ubi` +* For NGINX Plus, please build your own image using the 1.10.1 source code. +* For Helm, use version 0.8.1 of the chart. + ### 1.10.0 OVERVIEW: @@ -194,16 +209,16 @@ UPGRADE: OVERVIEW: Release 1.8.0 includes: -* Support for NGINX App Protect Web Application Firewall. +* Support for NGINX App Protect Web Application Firewall. * Support for configuration snippets and custom template for VirtualServer and VirtualServerRoute resources. * Support for request/response header manipulation and request URI rewriting for VirtualServer/VirtualServerRoute. -* Introducing a new configuration resource - Policy - with the first policy for IP-based access control. +* Introducing a new configuration resource - Policy - with the first policy for IP-based access control. You will find the complete changelog for release 1.8.0, including bug fixes, improvements, and changes below. FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: * [1036](https://github.com/nginxinc/kubernetes-ingress/pull/1036): Add VirtualServer custom template support. -* [1028](https://github.com/nginxinc/kubernetes-ingress/pull/1028): Add access control policy. +* [1028](https://github.com/nginxinc/kubernetes-ingress/pull/1028): Add access control policy. * [1019](https://github.com/nginxinc/kubernetes-ingress/pull/1019): Add VirtualServer/VirtualServerRoute snippets support. * [1006](https://github.com/nginxinc/kubernetes-ingress/pull/1006): Add request/response modifiers to VS and VSR. * [994](https://github.com/nginxinc/kubernetes-ingress/pull/994): Support Class Field in VS/VSR. @@ -223,13 +238,13 @@ BUGFIXES: HELM CHART: * The version of the helm chart is now 0.6.0. -* Add new parameters to the Chart: `controller.appprotect.enable`, `controller.globalConfiguration.create`, `controller.globalConfiguration.spec`, `controller.readyStatus.enable`, `controller.readyStatus.port`, `controller.config.annotations`, `controller.reportIngressStatus.annotations`. Added in [1035](https://github.com/nginxinc/kubernetes-ingress/pull/1035), [1034](https://github.com/nginxinc/kubernetes-ingress/pull/1034), [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029), [1003](https://github.com/nginxinc/kubernetes-ingress/pull/1003) thanks to [RubyLangdon](https://github.com/RubyLangdon). +* Add new parameters to the Chart: `controller.appprotect.enable`, `controller.globalConfiguration.create`, `controller.globalConfiguration.spec`, `controller.readyStatus.enable`, `controller.readyStatus.port`, `controller.config.annotations`, `controller.reportIngressStatus.annotations`. Added in [1035](https://github.com/nginxinc/kubernetes-ingress/pull/1035), [1034](https://github.com/nginxinc/kubernetes-ingress/pull/1034), [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029), [1003](https://github.com/nginxinc/kubernetes-ingress/pull/1003) thanks to [RubyLangdon](https://github.com/RubyLangdon). * [1047](https://github.com/nginxinc/kubernetes-ingress/pull/1047) and [1009](https://github.com/nginxinc/kubernetes-ingress/pull/1009): Change how Helm manages the custom resource defintions (CRDs) to support installing multiple Ingress Controller releases. **Note**: If you're using the custom resources (`controller.enableCustomResources` is set to `true`), this is a breaking change. See the HELM UPGRADE section below for the upgrade instructions. CHANGES: * Update NGINX version to 1.19.1. * Update NGINX Plus to R22. -* [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029): Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port `8081` and the path `/nginx-ready`. The endpoint returns a `200` response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe. +* [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029): Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port `8081` and the path `/nginx-ready`. The endpoint returns a `200` response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe. * [980](https://github.com/nginxinc/kubernetes-ingress/pull/980): Enable leader election by default. UPGRADE: @@ -368,7 +383,7 @@ UPGRADE: OVERVIEW: -Release 1.6.0 includes: +Release 1.6.0 includes: * Improvements to VirtualServer and VirtualServerRoute resources, adding support for richer load balancing behavior, more sophisticated request routing, redirects, direct responses, and blue-green and circuit breaker patterns. The VirtualServer and VirtualServerRoute resources are enabled by default and are ready for production use. * Support for OpenTracing, helping you to monitor and debug complex transactions. * An improved security posture, with support to run the Ingress Controller as a non-root user. @@ -405,7 +420,7 @@ FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: * [596](https://github.com/nginxinc/kubernetes-ingress/pull/596): Add lb-method support in vs and vsr. FEATURES: -* [750](https://github.com/nginxinc/kubernetes-ingress/pull/750): Add support for health status uri customisation. +* [750](https://github.com/nginxinc/kubernetes-ingress/pull/750): Add support for health status uri customisation. * [691](https://github.com/nginxinc/kubernetes-ingress/pull/691): Helper Functions for custom annotations. * [631](https://github.com/nginxinc/kubernetes-ingress/pull/631): Add max_conns support for NGINX plus. * [629](https://github.com/nginxinc/kubernetes-ingress/pull/629): Added upstream zone directive annotation. Thanks to [Victor Regalado](https://github.com/vrrs). @@ -563,7 +578,7 @@ UPGRADE: HELM UPGRADE: -In the changelog of Release 1.5.0, we advised not to upgrade the helm chart from `0.2.1` to `0.3.0` unless the mentioned in the changelog problems were acceptable. This release we provide mitigation instructions on how to upgrade from `0.2.1` to `0.3.1` without disruptions. +In the changelog of Release 1.5.0, we advised not to upgrade the helm chart from `0.2.1` to `0.3.0` unless the mentioned in the changelog problems were acceptable. This release we provide mitigation instructions on how to upgrade from `0.2.1` to `0.3.1` without disruptions. When you upgrade from `0.2.1` to `0.3.1`, make sure to configure the following parameters: * `controller.name` is set to `nginx-ingress` or the previously used value in case you customized it. This ensures the Deployment/Daemonset will not be recreated. @@ -591,9 +606,9 @@ BUGFIXES: HELM CHART: * The version of the helm chart is now 0.3.0. -* The helm chart is now available in our helm chart repo `helm.nginx.com/stable`. +* The helm chart is now available in our helm chart repo `helm.nginx.com/stable`. * Add new parameters to the Chart: `controller.service.httpPort.targetPort`, `controller.service.httpsPort.targetPort`, `controller.service.name`, `controller.pod.annotations`, `controller.config.name`, `controller.reportIngressStatus.leaderElectionLockName`, `controller.service.httpPort`, `controller.service.httpsPort`, `controller.service.loadBalancerIP`, `controller.service.loadBalancerSourceRanges`, `controller.tolerations`, `controller.affinity`. Added in [562](https://github.com/nginxinc/kubernetes-ingress/pull/562), [561](https://github.com/nginxinc/kubernetes-ingress/pull/561), [553](https://github.com/nginxinc/kubernetes-ingress/pull/553), [534](https://github.com/nginxinc/kubernetes-ingress/pull/534) thanks to [Paulo Ribeiro](https://github.com/paigr), [479](https://github.com/nginxinc/kubernetes-ingress/pull/479) thanks to [Alejandro Llanes](https://github.com/sombralibre), [468](https://github.com/nginxinc/kubernetes-ingress/pull/468), [456](https://github.com/nginxinc/kubernetes-ingress/pull/456). -* [546](https://github.com/nginxinc/kubernetes-ingress/pull/546): Support deploying multiple Ingress Controllers in a cluster. **Note**: The generated resources have new names that are unique for each Ingress Controller. As a consequence, the name change affects the upgrade. See the HELM UPGRADE section for more information. +* [546](https://github.com/nginxinc/kubernetes-ingress/pull/546): Support deploying multiple Ingress Controllers in a cluster. **Note**: The generated resources have new names that are unique for each Ingress Controller. As a consequence, the name change affects the upgrade. See the HELM UPGRADE section for more information. * [542](https://github.com/nginxinc/kubernetes-ingress/pull/542): Reduce the required privileges in the RBAC manifests. CHANGES: @@ -608,8 +623,8 @@ UPGRADE: HELM UPGRADE: The new version of the helm chart uses different names for the generated resources. This makes it possible to deploy multiple Ingress Controllers in a cluster. However, as a side effect, during the upgrade from the previous version, helm will recreate the resources, instead of updating the existing ones. This, in turn, might cause problems for the following resources: -* Service: If the service was created with the type LoadBalancer, the public IP of the new service might change. Additionally, helm updates the selector of the service, so that the old pods will be immediately excluded from the service. -* Deployment/DaemonSet: Because the resource is recreated, the old pods will be removed and the new ones will be launched, instead of the default Deployment/Daemonset upgrade strategy. +* Service: If the service was created with the type LoadBalancer, the public IP of the new service might change. Additionally, helm updates the selector of the service, so that the old pods will be immediately excluded from the service. +* Deployment/DaemonSet: Because the resource is recreated, the old pods will be removed and the new ones will be launched, instead of the default Deployment/Daemonset upgrade strategy. * ConfigMap: After the helm removes the resource, the old Ingress Controller pods will be immediately reconfigured to use the default values of the ConfigMap keys. During a small window between the reconfiguration and the shutdown of the old pods, NGINX will use the configuration with the default values. We advise not to upgrade to the new version of the helm chart unless the mentioned problems are acceptable for your case. We will provide special upgrade instructions for helm that mitigate the problems for the next minor release of the Ingress Controller (1.5.1). @@ -717,7 +732,7 @@ HELM CHART: * The version of the Helm chart is now 0.2.0. CHANGES: -* Update NGINX version to 1.15.6. +* Update NGINX version to 1.15.6. * Update NGINX Plus version to R16p1. * Update NGINX Prometheus Exporter to 0.2.0. * [430](https://github.com/nginxinc/kubernetes-ingress/pull/430): Add the `controller.serviceAccount.imagePullSecrets` parameter to the helm chart. **Note**: the `controller.serviceAccountName` parameter has been changed to `controller.serviceAccount.name`. @@ -786,13 +801,13 @@ UPGRADE: * [278](https://github.com/nginxinc/kubernetes-ingress/pull/278): Fix mergeable Ingress types. * [277](https://github.com/nginxinc/kubernetes-ingress/pull/277): Support grpc error responses. * [276](https://github.com/nginxinc/kubernetes-ingress/pull/276): Add gRPC support. -* [274](https://github.com/nginxinc/kubernetes-ingress/pull/274): Change the default load balancing method to least_conn. +* [274](https://github.com/nginxinc/kubernetes-ingress/pull/274): Change the default load balancing method to least_conn. * [272](https://github.com/nginxinc/kubernetes-ingress/pull/272): Move nginx-ingress image to the official nginx DockerHub. -* [268](https://github.com/nginxinc/kubernetes-ingress/pull/268): Correct Mergeable Types misspelling and optimize blacklists. Thanks to [Fernando Diaz](https://github.com/diazjf). +* [268](https://github.com/nginxinc/kubernetes-ingress/pull/268): Correct Mergeable Types misspelling and optimize blacklists. Thanks to [Fernando Diaz](https://github.com/diazjf). * [266](https://github.com/nginxinc/kubernetes-ingress/pull/266): Add support for passive health checks. * [261](https://github.com/nginxinc/kubernetes-ingress/pull/261): Update Customization Example. * [258](https://github.com/nginxinc/kubernetes-ingress/pull/258): Handle annotations and conflicting paths for MergeableTypes. Thanks to [Fernando Diaz](https://github.com/diazjf). -* [256](https://github.com/nginxinc/kubernetes-ingress/pull/256): Add helm chart support. +* [256](https://github.com/nginxinc/kubernetes-ingress/pull/256): Add helm chart support. * [249](https://github.com/nginxinc/kubernetes-ingress/pull/249): Add support for prometheus for Plus. * [241](https://github.com/nginxinc/kubernetes-ingress/pull/241): Update the doc about building the Docker image. * [240](https://github.com/nginxinc/kubernetes-ingress/pull/240): Use new NGINX Plus API. @@ -835,7 +850,7 @@ UPGRADE: * [175](https://github.com/nginxinc/kubernetes-ingress/pull/175): Add support for JWT for NGINX Plus. * [171](https://github.com/nginxinc/kubernetes-ingress/pull/171): Allow NGINX to listen on non-standard ports. Thanks to [Stanislav Seletskiy](https://github.com/seletskiy). -* [170](https://github.com/nginxinc/kubernetes-ingress/pull/170): Add the default server. **Note**: The Ingress controller will fail to start if there are no cert and key for the default server. You can pass a TLS Secret for the default server as an argument to the Ingress controller or add a cert and a key to the Docker image. +* [170](https://github.com/nginxinc/kubernetes-ingress/pull/170): Add the default server. **Note**: The Ingress controller will fail to start if there are no cert and key for the default server. You can pass a TLS Secret for the default server as an argument to the Ingress controller or add a cert and a key to the Docker image. * [169](https://github.com/nginxinc/kubernetes-ingress/pull/169): Ignore Ingress resources with empty hostnames. * [168](https://github.com/nginxinc/kubernetes-ingress/pull/168): Add the `nginx.org/lb-method` annotation. Thanks to [Sajal Kayan](https://github.com/sajal). * [166](https://github.com/nginxinc/kubernetes-ingress/pull/166): Watch Secret resources for updates. **Note**: If a Secret referenced by one or more Ingress resources becomes invalid or gets removed, the configuration for those Ingress resources will be disabled until there is a valid Secret. diff --git a/Makefile b/Makefile index f5cf4da1b7..44f6aafcc1 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ all: push -VERSION = 1.10.0 +VERSION = 1.10.1 TAG = $(VERSION) PREFIX = nginx/nginx-ingress diff --git a/README.md b/README.md index 8fbbfe9a85..9919a63a78 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ # NGINX Ingress Controller -This repo provides an implementation of an Ingress controller for NGINX and NGINX Plus. +This repo provides an implementation of an Ingress controller for NGINX and NGINX Plus. **Note**: this project is different from the NGINX Ingress controller in [kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx) repo. See [this doc](docs/nginx-ingress-controllers.md) to find out about the key differences. @@ -23,7 +23,7 @@ See the [Ingress User Guide](https://kubernetes.io/docs/user-guide/ingress/) to ## What is the Ingress Controller? -The Ingress controller is an application that runs in a cluster and configures an HTTP load balancer according to Ingress resources. The load balancer can be a software load balancer running in the cluster or a hardware or cloud load balancer running externally. Different load balancers require different Ingress controller implementations. +The Ingress controller is an application that runs in a cluster and configures an HTTP load balancer according to Ingress resources. The load balancer can be a software load balancer running in the cluster or a hardware or cloud load balancer running externally. Different load balancers require different Ingress controller implementations. In the case of NGINX, the Ingress controller is deployed in a pod along with the load balancer. @@ -53,20 +53,20 @@ Read [this doc](docs/nginx-plus.md) to learn more about NGINX Ingress controller We publish Ingress controller releases on GitHub. See our [releases page](https://github.com/nginxinc/kubernetes-ingress/releases). -The latest stable release is [1.10.0](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.10.0). For production use, we recommend that you choose the latest stable release. As an alternative, you can choose the *edge* version built from the [latest commit](https://github.com/nginxinc/kubernetes-ingress/commits/master) from the master branch. The edge version is useful for experimenting with new features that are not yet published in a stable release. +The latest stable release is [1.10.1](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.10.1). For production use, we recommend that you choose the latest stable release. As an alternative, you can choose the *edge* version built from the [latest commit](https://github.com/nginxinc/kubernetes-ingress/commits/master) from the master branch. The edge version is useful for experimenting with new features that are not yet published in a stable release. To use the Ingress controller, you need to have access to: * An Ingress controller image. * Installation manifests or a Helm chart. * Documentation and examples. -It is important that the versions of those things above match. +It is important that the versions of those things above match. The table below summarizes the options regarding the images, manifests, helm chart, documentation and examples and gives your links to the correct versions: | Version | Description | Image for NGINX | Image for NGINX Plus | Installation Manifests and Helm Chart | Documentation and Examples | | ------- | ----------- | --------------- | -------------------- | ---------------------------------------| -------------------------- | -| Latest stable release | For production use | `nginx/nginx-ingress:1.10.0`, `nginx/nginx-ingress:1.10.0-alpine` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | +| Latest stable release | For production use | `nginx/nginx-ingress:1.10.1`, `nginx/nginx-ingress:1.10.1-alpine` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | | Edge | For testing and experimenting | `nginx/nginx-ingress:edge`, `nginx/nginx-ingress:edge-alpine` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/master/docs-web/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/master/docs-web/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments/helm-chart). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/master/docs-web). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples). | ## Contacts @@ -78,7 +78,7 @@ You can contact us directly via [kubernetes@nginx.com](mailto:kubernetes@nginx.c If you'd like to contribute to the project, please read our [Contributing guide](CONTRIBUTING.md). -## Support +## Support -For NGINX Plus customers NGINX Ingress controller (when used with NGINX Plus) is covered +For NGINX Plus customers NGINX Ingress controller (when used with NGINX Plus) is covered by the support contract. diff --git a/deployments/daemon-set/nginx-ingress.yaml b/deployments/daemon-set/nginx-ingress.yaml index 5da9494a64..b16addc827 100644 --- a/deployments/daemon-set/nginx-ingress.yaml +++ b/deployments/daemon-set/nginx-ingress.yaml @@ -17,7 +17,7 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx/nginx-ingress:1.10.0 + - image: nginx/nginx-ingress:1.10.1 imagePullPolicy: IfNotPresent name: nginx-ingress ports: diff --git a/deployments/daemon-set/nginx-plus-ingress.yaml b/deployments/daemon-set/nginx-plus-ingress.yaml index c626702420..afcd0ad11e 100644 --- a/deployments/daemon-set/nginx-plus-ingress.yaml +++ b/deployments/daemon-set/nginx-plus-ingress.yaml @@ -17,7 +17,7 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx-plus-ingress:1.10.0 + - image: nginx-plus-ingress:1.10.1 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: @@ -57,7 +57,7 @@ spec: - -nginx-plus - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret - #- -enable-app-protect + #- -enable-app-protect #- -v=3 # Enables extensive logging. Useful for troubleshooting. #- -report-ingress-status #- -external-service=nginx-ingress diff --git a/deployments/deployment/nginx-ingress.yaml b/deployments/deployment/nginx-ingress.yaml index 71000f048d..4e99294e4e 100644 --- a/deployments/deployment/nginx-ingress.yaml +++ b/deployments/deployment/nginx-ingress.yaml @@ -18,7 +18,7 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx/nginx-ingress:1.10.0 + - image: nginx/nginx-ingress:1.10.1 imagePullPolicy: IfNotPresent name: nginx-ingress ports: diff --git a/deployments/deployment/nginx-plus-ingress.yaml b/deployments/deployment/nginx-plus-ingress.yaml index e19d2d5db5..c70ff360d3 100644 --- a/deployments/deployment/nginx-plus-ingress.yaml +++ b/deployments/deployment/nginx-plus-ingress.yaml @@ -18,7 +18,7 @@ spec: spec: serviceAccountName: nginx-ingress containers: - - image: nginx-plus-ingress:1.10.0 + - image: nginx-plus-ingress:1.10.1 imagePullPolicy: IfNotPresent name: nginx-plus-ingress ports: diff --git a/deployments/helm-chart/Chart.yaml b/deployments/helm-chart/Chart.yaml index 18043085f6..bf68ddde19 100644 --- a/deployments/helm-chart/Chart.yaml +++ b/deployments/helm-chart/Chart.yaml @@ -1,13 +1,13 @@ name: nginx-ingress -version: 0.8.0 -appVersion: 1.10.0 +version: 0.8.1 +appVersion: 1.10.1 apiVersion: v1 kubeVersion: ">= 1.14.0-0" description: NGINX Ingress Controller -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v1.10.0/deployments/helm-chart/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v1.10.1/deployments/helm-chart/chart-icon.png home: https://github.com/nginxinc/kubernetes-ingress sources: - - https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/deployments/helm-chart + - https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/deployments/helm-chart keywords: - ingress - nginx diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index 51788bbc92..c03c47bdee 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -24,7 +24,7 @@ This step is required if you're installing the chart using its sources. Addition 2. Change your working directory to /deployments/helm-chart: ```console $ cd kubernetes-ingress/deployments/helm-chart - $ git checkout v1.10.0 + $ git checkout v1.10.1 ``` ## Adding the Helm Repository @@ -146,7 +146,7 @@ Parameter | Description | Default `controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false `controller.logLevel` | The log level of the Ingress Controller. | 1 `controller.image.repository` | The image repository of the Ingress controller. | nginx/nginx-ingress -`controller.image.tag` | The tag of the Ingress controller image. | 1.10.0 +`controller.image.tag` | The tag of the Ingress controller image. | 1.10.1 `controller.image.pullPolicy` | The pull policy for the Ingress controller image. | IfNotPresent `controller.config.name` | The name of the ConfigMap used by the Ingress controller. | Autogenerated `controller.config.annotations` | The annotations of the Ingress controller configmap. | {} diff --git a/deployments/helm-chart/values-icp.yaml b/deployments/helm-chart/values-icp.yaml index e2661edbd1..7a2b4b4791 100644 --- a/deployments/helm-chart/values-icp.yaml +++ b/deployments/helm-chart/values-icp.yaml @@ -3,7 +3,7 @@ controller: nginxplus: true image: repository: mycluster.icp:8500/kube-system/nginx-plus-ingress - tag: "1.10.0" + tag: "1.10.1" nodeSelector: beta.kubernetes.io/arch: "amd64" proxy: true diff --git a/deployments/helm-chart/values-plus.yaml b/deployments/helm-chart/values-plus.yaml index 3c35974dc9..52b1d512c1 100644 --- a/deployments/helm-chart/values-plus.yaml +++ b/deployments/helm-chart/values-plus.yaml @@ -2,4 +2,4 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "1.10.0" + tag: "1.10.1" diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index ae1b1b2211..db7c8cfc7a 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -36,7 +36,7 @@ controller: repository: nginx/nginx-ingress ## The tag of the Ingress controller image. - tag: "1.10.0" + tag: "1.10.1" ## The pull policy for the Ingress controller image. pullPolicy: IfNotPresent diff --git a/docs-web/app-protect/configuration.md b/docs-web/app-protect/configuration.md index bdf04e417d..8e51ae38c3 100644 --- a/docs-web/app-protect/configuration.md +++ b/docs-web/app-protect/configuration.md @@ -1,12 +1,12 @@ # Configuration This document describes how to configure the NGINX App Protect module -> Check out the complete [NGINX Ingress Controller with App Protect example resources on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples/appprotect). +> Check out the complete [NGINX Ingress Controller with App Protect example resources on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples/appprotect). ## Global Configuration The NGINX Ingress Controller has a set of global configuration parameters that align with those available in the NGINX App Protect module. See [ConfigMap keys](/nginx-ingress-controller/configuration/global-configuration/configmap-resource/#modules) for the complete list. The App Protect parameters use the `app-protect*` prefix. -> Check out the complete [NGINX Ingress Controller with App Protect example resources on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples/appprotect). +> Check out the complete [NGINX Ingress Controller with App Protect example resources on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples/appprotect). ## Enable App Protect for an Ingress Resource @@ -16,14 +16,14 @@ You can enable and configure NGINX App Protect on a per-Ingress-resource basis. You can define App Protect policies for your Ingress resources by creating an `APPolicy` [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). - > **Note**: The fields `policy.signature-requirements[].minRevisionDatetime` and `policy.signature-requirements[].maxRevisionDatetime` are not currently supported. + > **Note**: The fields `policy.signature-requirements[].minRevisionDatetime` and `policy.signature-requirements[].maxRevisionDatetime` are not currently supported. To add any [App Protect policy](/nginx-app-protect/policy/#policy) to an Ingress resource: -1. Create an `APPolicy` Custom resource manifest. -2. Add the desired policy to the `spec` field in the `APPolicy` resource. - - > **Note**: The relationship between the Policy JSON and the resource spec is 1:1. If you're defining your resources in YAML, as we do in our examples, you'll need to represent the policy as YAML. The fields must match those in the source JSON exactly in name and level. +1. Create an `APPolicy` Custom resource manifest. +2. Add the desired policy to the `spec` field in the `APPolicy` resource. + + > **Note**: The relationship between the Policy JSON and the resource spec is 1:1. If you're defining your resources in YAML, as we do in our examples, you'll need to represent the policy as YAML. The fields must match those in the source JSON exactly in name and level. For example, say you want to use the [DataGuard policy](/nginx-app-protect/policy/#data-guard) shown below: @@ -49,7 +49,7 @@ To add any [App Protect policy](/nginx-app-protect/policy/#policy) to an Ingress "creditCardNumbers": true, "usSocialSecurityNumbers": true, "enforcementMode": "ignore-urls-in-list", - "enforcementUrls": [] + "enforcementUrls": [] } } } @@ -60,15 +60,15 @@ To add any [App Protect policy](/nginx-app-protect/policy/#policy) to an Ingress ```yaml apiVersion: appprotect.f5.com/v1beta1 kind: APPolicy - metadata: + metadata: name: dataguard-blocking spec: policy: name: dataguard_blocking - template: + template: name: POLICY_TEMPLATE_NGINX_BASE applicationLanguage: utf-8 - enforcementMode: blocking + enforcementMode: blocking blocking-settings: violations: - name: VIOL_DATA_GUARD @@ -91,9 +91,9 @@ You can set the [App Protect Log configurations](/nginx-app-protect/nginx-app-pr To add the [App Protect log configurations](/nginx-app-protect/policy/#policy) to an Ingress resource: -1. Create an `APLogConf` Custom resource manifest. -2. Add the desired log configuration to the `spec` field in the `APLogConf` resource. - +1. Create an `APLogConf` Custom resource manifest. +2. Add the desired log configuration to the `spec` field in the `APLogConf` resource. + > **Note**: The fields from the JSON must be presented in the YAML *exactly* the same, in name and level. The Ingress Controller will transform the YAML into a valid JSON App Protect log config. For example, say you want to [log state changing requests](nginx-app-protect/troubleshooting/#log-state-changing-requests) for your Ingress resources using App Protect. The App Protect log configuration looks like this: @@ -116,30 +116,30 @@ You would add define that config in the `spec` of your `APLogConf` resource as f ```yaml apiVersion: appprotect.f5.com/v1beta1 kind: APLogConf -metadata: +metadata: name: logconf spec: - filter: + filter: request_type: all - content: + content: format: default max_request_size: any max_message_size: 5k ``` ## App Protect User Defined Signatures -You can define App Protect [User Defined Signatures](https://docs.nginx.com/nginx-app-protect/configuration/#user-defined-signature-definitions) for your Ingress resources by creating an `APUserSig` [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). +You can define App Protect [User Defined Signatures](https://docs.nginx.com/nginx-app-protect/configuration/#user-defined-signature-definitions) for your Ingress resources by creating an `APUserSig` [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). - > **Note**: The field `revisionDatetime` is not currently supported. + > **Note**: The field `revisionDatetime` is not currently supported. > **Note**: `APUserSig` resources increase the reload time of NGINX Plus compared with `APPolicy` and `APLogConf` resources. Refer to [NGINX Fails to Start or Reload](/nginx-ingress-controller/app-protect/troubleshooting/#nginx-fails-to-start-or-reload) for more information. To add the [User Defined Signatures](https://docs.nginx.com/nginx-app-protect/configuration/#user-defined-signature-definitions) to an Ingress resource: -1. Create an `APUserSig` Custom resource manifest. -2. Add the desired User defined signature to the `spec` field in the `APUserSig` resource. +1. Create an `APUserSig` Custom resource manifest. +2. Add the desired User defined signature to the `spec` field in the `APUserSig` resource. - > **Note**: The fields from the JSON must be presented in the YAML *exactly* the same, in name and level. The Ingress Controller will transform the YAML into a valid JSON App Protect User Defined signature. There is no need to reference the user defined signature resource in the ingress resource. + > **Note**: The fields from the JSON must be presented in the YAML *exactly* the same, in name and level. The Ingress Controller will transform the YAML into a valid JSON App Protect User Defined signature. There is no need to reference the user defined signature resource in the ingress resource. For example, say you want to create the following user defined signature: diff --git a/docs-web/app-protect/installation.md b/docs-web/app-protect/installation.md index 9429d199c0..ffd413ba13 100644 --- a/docs-web/app-protect/installation.md +++ b/docs-web/app-protect/installation.md @@ -10,7 +10,7 @@ You can also [install the Ingress Controller with App Protect by using Helm](/ng Take the steps below to create the Docker image that you'll use to deploy NGINX Ingress Controller with App Protect in Kubernetes. -- [Build the NGINX Ingress Controller image](/nginx-ingress-controller/installation/building-ingress-controller-image). +- [Build the NGINX Ingress Controller image](/nginx-ingress-controller/installation/building-ingress-controller-image). When running the `make` command to build the image, be sure to use the `DOCKERFILE=appprotect/DockerfileWithAppProtectForPlus` build parameter. For example: @@ -29,12 +29,11 @@ Take the steps below to create the Docker image that you'll use to deploy NGINX Take the steps below to set up and deploy the NGINX Ingress Controller and App Protect module in your Kubernetes cluster. 1. [Configure role-based access control (RBAC)](/nginx-ingress-controller/installation/installation-with-manifests/#configure-rbac). - + > **Important**: You must have an admin role to configure RBAC in your Kubernetes cluster. 2. [Create the common Kubernetes resources](/nginx-ingress-controller/installation/installation-with-manifests/#create-common-resources). 3. Enable the App Protect module by adding the `enable-app-protect` [cli argument](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-app-protect) to your Deployment or DaemonSet file. 4. [Deploy the Ingress Controller](/nginx-ingress-controller/installation/installation-with-manifests/#deploy-the-ingress-controller). -For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect/configuration) and the [NGINX Ingress Controller with App Protect examples on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples/appprotect). - +For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect/configuration) and the [NGINX Ingress Controller with App Protect examples on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples/appprotect). diff --git a/docs-web/configuration/configuration-examples.md b/docs-web/configuration/configuration-examples.md index d0c5fc9c7e..5582b0eac4 100644 --- a/docs-web/configuration/configuration-examples.md +++ b/docs-web/configuration/configuration-examples.md @@ -1,5 +1,5 @@ # Configuration Examples Our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress) includes a number of configuration examples: -* [*Examples*](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples) show how to use advanced NGINX features in Ingress resources with annotations. -* [*Examples of Custom Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples-of-custom-resources) show how to use VirtualServer and VirtualServerResources for a few use cases. +* [*Examples*](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples) show how to use advanced NGINX features in Ingress resources with annotations. +* [*Examples of Custom Resources*](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples-of-custom-resources) show how to use VirtualServer and VirtualServerResources for a few use cases. diff --git a/docs-web/configuration/global-configuration/configmap-resource.md b/docs-web/configuration/global-configuration/configmap-resource.md index a181b98677..204bc7aaf7 100644 --- a/docs-web/configuration/global-configuration/configmap-resource.md +++ b/docs-web/configuration/global-configuration/configmap-resource.md @@ -73,111 +73,111 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``proxy-connect-timeout`` - Sets the value of the `proxy_connect_timeout `_ and `grpc_connect_timeout `_ directive. - ``60s`` - - + - * - ``proxy-read-timeout`` - Sets the value of the `proxy_read_timeout `_ and `grpc_read_timeout `_ directive. - ``60s`` - - + - * - ``proxy-send-timeout`` - Sets the value of the `proxy_send_timeout `_ and `grpc_send_timeout `_ directive. - ``60s`` - - + - * - ``client-max-body-size`` - Sets the value of the `client_max_body_size `_ directive. - ``1m`` - - + - * - ``proxy-buffering`` - Enables or disables `buffering of responses `_ from the proxied server. - ``True`` - - + - * - ``proxy-buffers`` - Sets the value of the `proxy_buffers `_ directive. - Depends on the platform. - - + - * - ``proxy-buffer-size`` - Sets the value of the `proxy_buffer_size `_ and `grpc_buffer_size `_ directives. - Depends on the platform. - - + - * - ``proxy-max-temp-file-size`` - Sets the value of the `proxy_max_temp_file_size `_ directive. - ``1024m`` - - + - * - ``set-real-ip-from`` - Sets the value of the `set_real_ip_from `_ directive. - N/A - - + - * - ``real-ip-header`` - Sets the value of the `real_ip_header `_ directive. - ``X-Real-IP`` - - + - * - ``real-ip-recursive`` - Enables or disables the `real_ip_recursive `_ directive. - ``False`` - - + - * - ``server-tokens`` - Enables or disables the `server_tokens `_ directive. Additionally, with the NGINX Plus, you can specify a custom string value, including the empty string value, which disables the emission of the “Server” field. - ``True`` - - + - * - ``worker-processes`` - Sets the value of the `worker_processes `_ directive. - ``auto`` - - + - * - ``worker-rlimit-nofile`` - Sets the value of the `worker_rlimit_nofile `_ directive. - N/A - - + - * - ``worker-connections`` - Sets the value of the `worker_connections `_ directive. - ``1024`` - - + - * - ``worker-cpu-affinity`` - Sets the value of the `worker_cpu_affinity `_ directive. - N/A - - + - * - ``worker-shutdown-timeout`` - Sets the value of the `worker_shutdown_timeout `_ directive. - N/A - - + - * - ``server-names-hash-bucket-size`` - Sets the value of the `server_names_hash_bucket_size `_ directive. - ``256`` - - + - * - ``server-names-hash-max-size`` - Sets the value of the `server_names_hash_max_size `_ directive. - ``1024`` - - + - * - ``resolver-addresses`` - Sets the value of the `resolver `_ addresses. Note: If you use a DNS name (ex., ``kube-dns.kube-system.svc.cluster.local``\ ) as a resolver address, NGINX Plus will resolve it using the system resolver during the start and on every configuration reload. As a consequence, If the name cannot be resolved or the DNS server doesn't respond, NGINX Plus will fail to start or reload. To avoid this, consider using only IP addresses as resolver addresses. Supported in NGINX Plus only. - N/A - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``resolver-ipv6`` - Enables IPv6 resolution in the resolver. Supported in NGINX Plus only. - ``True`` - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``resolver-valid`` - Sets the time NGINX caches the resolved DNS records. Supported in NGINX Plus only. - TTL value of a DNS record - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``resolver-timeout`` - Sets the `resolver_timeout `_ for name resolution. Supported in NGINX Plus only. - ``30s`` - - `Support for Type ExternalName Services `_. + - `Support for Type ExternalName Services `_. * - ``keepalive-timeout`` - Sets the value of the `keepalive_timeout `_ directive. - ``65s`` - - + - * - ``keepalive-requests`` - Sets the value of the `keepalive_requests `_ directive. - ``100`` - - + - * - ``variables-hash-bucket-size`` - Sets the value of the `variables_hash_bucket_size `_ directive. - ``256`` - - + - * - ``variables-hash-max-size`` - Sets the value of the `variables-hash-max-size `_ directive. - ``1024`` - - + - ``` ### Logging @@ -193,31 +193,31 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``error-log-level`` - Sets the global `error log level `_ for NGINX. - ``notice`` - - + - * - ``access-log-off`` - Disables the `access log `_. - ``False`` - - + - * - ``default-server-access-log-off`` - Disables the `access log `_ for the default server. If access log is disabled globally (``access-log-off: "True"``), then the default server access log is always disabled. - ``False`` - - + - * - ``log-format`` - Sets the custom `log format `_ for HTTP and HTTPS traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. - - See the `template file `_ for the access log. - - `Custom Log Format `_. + - See the `template file `_ for the access log. + - `Custom Log Format `_. * - ``log-format-escaping`` - Sets the characters escaping for the variables of the log format. Supported values: ``json`` (JSON escaping), ``default`` (the default escaping) ``none`` (disables escaping). - ``default`` - * - ``stream-log-format`` - Sets the custom `log format `_ for TCP, UDP, and TLS Passthrough traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped. - - See the `template file `_. - - + - See the `template file `_. + - * - ``stream-log-format-escaping`` - Sets the characters escaping for the variables of the stream log format. Supported values: ``json`` (JSON escaping), ``default`` (the default escaping) ``none`` (disables escaping). - ``default`` - - + - ``` ### Request URI/Header Manipulation @@ -233,11 +233,11 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``proxy-hide-headers`` - Sets the value of one or more `proxy_hide_header `_ directives. Example: ``"nginx.org/proxy-hide-headers": "header-a,header-b"`` - N/A - - + - * - ``proxy-pass-headers`` - Sets the value of one or more `proxy_pass_header `_ directives. Example: ``"nginx.org/proxy-pass-headers": "header-a,header-b"`` - N/A - - + - ``` ### Auth and SSL/TLS @@ -253,43 +253,43 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``redirect-to-https`` - Sets the 301 redirect rule based on the value of the ``http_x_forwarded_proto`` header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress controller — see `115 `_ - ``False`` - - + - * - ``ssl-redirect`` - Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. - ``True`` - - + - * - ``hsts`` - Enables `HTTP Strict Transport Security (HSTS) `_\ : the HSTS header is added to the responses from backends. The ``preload`` directive is included in the header. - ``False`` - - + - * - ``hsts-max-age`` - Sets the value of the ``max-age`` directive of the HSTS header. - ``2592000`` (1 month) - - + - * - ``hsts-include-subdomains`` - Adds the ``includeSubDomains`` directive to the HSTS header. - ``False`` - - + - * - ``hsts-behind-proxy`` - Enables HSTS based on the value of the ``http_x_forwarded_proto`` request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the ``nginx.org/redirect-to-https`` annotation. - ``False`` - - + - * - ``ssl-protocols`` - Sets the value of the `ssl_protocols `_ directive. - ``TLSv1 TLSv1.1 TLSv1.2`` - - + - * - ``ssl-prefer-server-ciphers`` - Enables or disables the `ssl_prefer_server_ciphers `_ directive. - ``False`` - - + - * - ``ssl-ciphers`` - Sets the value of the `ssl_ciphers `_ directive. - ``HIGH:!aNULL:!MD5`` - - + - * - ``ssl-dhparam-file`` - Sets the content of the dhparam file. The controller will create the file and set the value of the `ssl_dhparam `_ directive with the path of the file. - N/A - - + - ``` ### Listeners @@ -305,11 +305,11 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``http2`` - Enables HTTP/2 in servers with SSL enabled. - ``False`` - - + - * - ``proxy-protocol`` - Enables PROXY Protocol for incoming connections. - ``False`` - - `Proxy Protocol `_. + - `Proxy Protocol `_. ``` ### Backend Services (Upstreams) @@ -325,23 +325,23 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``lb-method`` - Sets the `load balancing method `_. To use the round-robin method, specify ``"round_robin"``. - ``"random two least_conn"`` - - + - * - ``max-fails`` - Sets the value of the `max_fails `_ parameter of the ``server`` directive. - ``1`` - - + - * - ``upstream-zone-size`` - Sets the size of the shared memory `zone `_ for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. - ``256K`` - - + - * - ``fail-timeout`` - Sets the value of the `fail_timeout `_ parameter of the ``server`` directive. - ``10s`` - - + - * - ``keepalive`` - Sets the value of the `keepalive `_ directive. Note that ``proxy_set_header Connection "";`` is added to the generated configuration when the value > 0. - ``0`` - - + - ``` ### Snippets and Custom Templates @@ -357,23 +357,23 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``main-snippets`` - Sets a custom snippet in main context. - N/A - - + - * - ``http-snippets`` - Sets a custom snippet in http context. - N/A - - + - * - ``location-snippets`` - Sets a custom snippet in location context. - N/A - - + - * - ``server-snippets`` - Sets a custom snippet in server context. - N/A - - + - * - ``stream-snippets`` - Sets a custom snippet in stream context. - N/A - - `Support for TCP/UDP Load Balancing `_. + - `Support for TCP/UDP Load Balancing `_. * - ``main-template`` - Sets the main NGINX configuration template. - By default the template is read from the file in the container. @@ -401,29 +401,29 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres * - ``opentracing`` - Enables `OpenTracing `_ globally (for all Ingress, VirtualServer and VirtualServerRoute resources). Note: requires the Ingress Controller image with OpenTracing module and a tracer. See the `docs `_ for more information. - ``False`` - - `Support for OpenTracing `_. + - `Support for OpenTracing `_. * - ``opentracing-tracer`` - Sets the path to the vendor tracer binary plugin. - N/A - - `Support for OpenTracing `_. + - `Support for OpenTracing `_. * - ``opentracing-tracer-config`` - Sets the tracer configuration in JSON format. - N/A - - `Support for OpenTracing `_. + - `Support for OpenTracing `_. * - ``app-protect-cookie-seed`` - Sets the ``app_protect_cookie_seed`` `global directive `_. - Random automatically generated string - - + - * - ``app-protect-failure-mode-action`` - Sets the ``app_protect_failure_mode_action`` `global directive `_. - ``pass`` - - + - * - ``app-protect-cpu-thresholds`` - Sets the ``app_protect_cpu_thresholds`` `global directive `_. - ``high=100 low=100`` - - + - * - ``app-protect-physical-memory-util-thresholds`` - Sets the ``app_protect_physical_memory_util_thresholds`` `global directive `_. - ``high=100 low=100`` - - + - ``` diff --git a/docs-web/configuration/global-configuration/custom-templates.md b/docs-web/configuration/global-configuration/custom-templates.md index f5844dcacf..673447cc34 100644 --- a/docs-web/configuration/global-configuration/custom-templates.md +++ b/docs-web/configuration/global-configuration/custom-templates.md @@ -1,3 +1,3 @@ # Custom Templates -The Ingress Controller uses templates to generate NGINX configuration for Ingress resources, VirtualServer resources and the main NGINX configuration file. You can customize the templates and apply them via the ConfigMap. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples/custom-templates). +The Ingress Controller uses templates to generate NGINX configuration for Ingress resources, VirtualServer resources and the main NGINX configuration file. You can customize the templates and apply them via the ConfigMap. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples/custom-templates). diff --git a/docs-web/configuration/handling-host-collisions.md b/docs-web/configuration/handling-host-collisions.md index 433f4b2c4a..6bc7dc7ae8 100644 --- a/docs-web/configuration/handling-host-collisions.md +++ b/docs-web/configuration/handling-host-collisions.md @@ -35,7 +35,7 @@ If a user creates both resources in the cluster, a host collision will occur. As > If multiple resources contend for the same host, the Ingress Controller will pick the winner based on the `creationTimestamp` of the resources: the oldest resource will win. In case there are more than one oldest resources (their `creationTimestamp` is the same), the Ingress Controller will choose the resource with the lexicographically smallest `uid`. -> Note: the `creationTimestamp` and `uid` fields are part of the resource [ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta). +> Note: the `creationTimestamp` and `uid` fields are part of the resource [ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta). In our example, if `cafe-virtual-server` was created first, it will win the host `cafe.example.com` and the Ingress Controller will reject `cafe-ingress`. This will be reflected in the events and in the resource's status field: ``` @@ -66,4 +66,4 @@ Similarly, if `cafe-ingress` was created first, it will win `cafe.example.com` a It is possible to merge configuration for multiple Ingress resources for the same host. One common use case for this approach is distributing resources across multiple namespaces. See the [Cross-namespace Configuration](/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration/) doc for more information. -It is *not* possible to merge the configurations for multiple VirtualServer resources for the same host. However, you can split the VirtualServers into multiple VirtualServerRoute resources, which a single VirtualServer can then reference. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples-of-custom-resources/cross-namespace-configuration) on GitHub. +It is *not* possible to merge the configurations for multiple VirtualServer resources for the same host. However, you can split the VirtualServers into multiple VirtualServerRoute resources, which a single VirtualServer can then reference. See the [corresponding example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples-of-custom-resources/cross-namespace-configuration) on GitHub. diff --git a/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md b/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md index 5defb68926..7c02ce63b6 100644 --- a/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md +++ b/docs-web/configuration/ingress-resources/advanced-configuration-with-annotations.md @@ -1,10 +1,10 @@ # Advanced Configuration with Annotations -The Ingress resource only allows you to use basic NGINX features -- host and path-based routing and TLS termination. Thus, advanced features like rewriting the request URI or inserting additional response headers are not available. +The Ingress resource only allows you to use basic NGINX features -- host and path-based routing and TLS termination. Thus, advanced features like rewriting the request URI or inserting additional response headers are not available. In addition to using advanced features, often it is necessary to customize or fine tune NGINX behavior. For example, set the value of connection timeouts. -Annotations applied to an Ingress resource allow you to use advanced NGINX features and customize/fine tune NGINX behavior for that Ingress resource. +Annotations applied to an Ingress resource allow you to use advanced NGINX features and customize/fine tune NGINX behavior for that Ingress resource. Customization and fine-tuning is also available through the [ConfigMap](/nginx-ingress-controller/configuration/global-configuration/configmap-resource). Annotations take precedence over the ConfigMap. @@ -67,38 +67,38 @@ Note how the events section includes a Warning event with the Rejected reason. **Note**: If you make an existing Ingress invalid, the Ingress Controller will reject it and remove the corresponding configuration from NGINX. -The following Ingress annotations currently have limited or no validation: - -- `nginx.org/proxy-connect-timeout`, -- `nginx.org/proxy-read-timeout`, -- `nginx.org/proxy-send-timeout`, -- `nginx.org/client-max-body-size`, -- `nginx.org/proxy-buffers`, -- `nginx.org/proxy-buffer-size`, -- `nginx.org/proxy-max-temp-file-size`, -- `nginx.org/upstream-zone-size`, -- `nginx.org/fail-timeout`, -- `nginx.org/server-tokens`, -- `nginx.org/proxy-hide-headers`, -- `nginx.org/proxy-pass-headers`, -- `nginx.org/rewrites`, -- `nginx.com/jwt-key`, -- `nginx.com/jwt-realm`, -- `nginx.com/jwt-token`, -- `nginx.com/jwt-login-url`, -- `nginx.org/ssl-services`, -- `nginx.org/grpc-services`, -- `nginx.org/websocket-services`, -- `nginx.com/sticky-cookie-services`, -- `nginx.com/slow-start`, -- `appprotect.f5.com/app-protect-policy`, +The following Ingress annotations currently have limited or no validation: + +- `nginx.org/proxy-connect-timeout`, +- `nginx.org/proxy-read-timeout`, +- `nginx.org/proxy-send-timeout`, +- `nginx.org/client-max-body-size`, +- `nginx.org/proxy-buffers`, +- `nginx.org/proxy-buffer-size`, +- `nginx.org/proxy-max-temp-file-size`, +- `nginx.org/upstream-zone-size`, +- `nginx.org/fail-timeout`, +- `nginx.org/server-tokens`, +- `nginx.org/proxy-hide-headers`, +- `nginx.org/proxy-pass-headers`, +- `nginx.org/rewrites`, +- `nginx.com/jwt-key`, +- `nginx.com/jwt-realm`, +- `nginx.com/jwt-token`, +- `nginx.com/jwt-login-url`, +- `nginx.org/ssl-services`, +- `nginx.org/grpc-services`, +- `nginx.org/websocket-services`, +- `nginx.com/sticky-cookie-services`, +- `nginx.com/slow-start`, +- `appprotect.f5.com/app-protect-policy`, - `appprotect.f5.com/app-protect-security-log`. Validation of these annotations will be addressed in the future. ## Summary of Annotations -The table below summarizes the available annotations. +The table below summarizes the available annotations. **Note**: The annotations that start with `nginx.com` are only supported with NGINX Plus. @@ -135,47 +135,47 @@ The table below summarizes the available annotations. - ``proxy-connect-timeout`` - Sets the value of the `proxy_connect_timeout `_ and `grpc_connect_timeout `_ directive. - ``60s`` - - + - * - ``nginx.org/proxy-read-timeout`` - ``proxy-read-timeout`` - Sets the value of the `proxy_read_timeout `_ and `grpc_read_timeout `_ directive. - ``60s`` - - + - * - ``nginx.org/proxy-send-timeout`` - ``proxy-send-timeout`` - Sets the value of the `proxy_send_timeout `_ and `grpc_send_timeout `_ directive. - ``60s`` - - + - * - ``nginx.org/client-max-body-size`` - ``client-max-body-size`` - Sets the value of the `client_max_body_size `_ directive. - ``1m`` - - + - * - ``nginx.org/proxy-buffering`` - ``proxy-buffering`` - Enables or disables `buffering of responses `_ from the proxied server. - ``True`` - - + - * - ``nginx.org/proxy-buffers`` - ``proxy-buffers`` - Sets the value of the `proxy_buffers `_ directive. - Depends on the platform. - - + - * - ``nginx.org/proxy-buffer-size`` - ``proxy-buffer-size`` - Sets the value of the `proxy_buffer_size `_ and `grpc_buffer_size `_ directives. - Depends on the platform. - - + - * - ``nginx.org/proxy-max-temp-file-size`` - ``proxy-max-temp-file-size`` - Sets the value of the `proxy_max_temp_file_size `_ directive. - ``1024m`` - - + - * - ``nginx.org/server-tokens`` - ``server-tokens`` - Enables or disables the `server_tokens `_ directive. Additionally, with the NGINX Plus, you can specify a custom string value, including the empty string value, which disables the emission of the “Server” field. - ``True`` - - + - ``` ### Request URI/Header Manipulation @@ -193,17 +193,17 @@ The table below summarizes the available annotations. - ``proxy-hide-headers`` - Sets the value of one or more `proxy_hide_header `_ directives. Example: ``"nginx.org/proxy-hide-headers": "header-a,header-b"`` - N/A - - + - * - ``nginx.org/proxy-pass-headers`` - ``proxy-pass-headers`` - Sets the value of one or more `proxy_pass_header `_ directives. Example: ``"nginx.org/proxy-pass-headers": "header-a,header-b"`` - N/A - - + - * - ``nginx.org/rewrites`` - N/A - Configures URI rewriting. - N/A - - `Rewrites Support `_. + - `Rewrites Support `_. ``` ### Auth and SSL/TLS @@ -221,52 +221,52 @@ The table below summarizes the available annotations. - ``redirect-to-https`` - Sets the 301 redirect rule based on the value of the ``http_x_forwarded_proto`` header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress controller — see `115 `_ - ``False`` - - + - * - ``ingress.kubernetes.io/ssl-redirect`` - ``ssl-redirect`` - Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. - ``True`` - - + - * - ``nginx.org/hsts`` - ``hsts`` - Enables `HTTP Strict Transport Security (HSTS) `_\ : the HSTS header is added to the responses from backends. The ``preload`` directive is included in the header. - ``False`` - - + - * - ``nginx.org/hsts-max-age`` - ``hsts-max-age`` - Sets the value of the ``max-age`` directive of the HSTS header. - ``2592000`` (1 month) - - + - * - ``nginx.org/hsts-include-subdomains`` - ``hsts-include-subdomains`` - Adds the ``includeSubDomains`` directive to the HSTS header. - ``False`` - - + - * - ``nginx.org/hsts-behind-proxy`` - ``hsts-behind-proxy`` - Enables HSTS based on the value of the ``http_x_forwarded_proto`` request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the ``nginx.org/redirect-to-https`` annotation. - ``False`` - - + - * - ``nginx.com/jwt-key`` - N/A - Specifies a Secret resource with keys for validating JSON Web Tokens (JWTs). - N/A - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. * - ``nginx.com/jwt-realm`` - N/A - Specifies a realm. - N/A - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. * - ``nginx.com/jwt-token`` - N/A - Specifies a variable that contains JSON Web Token. - By default, a JWT is expected in the ``Authorization`` header as a Bearer Token. - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. * - ``nginx.com/jwt-login-url`` - N/A - Specifies a URL to which a client is redirected in case of an invalid or missing JWT. - N/A - - `Support for JSON Web Tokens (JWTs) `_. + - `Support for JSON Web Tokens (JWTs) `_. ``` ### Listeners @@ -284,12 +284,12 @@ The table below summarizes the available annotations. - N/A - Configures HTTP ports that NGINX will listen on. - ``[80]`` - - + - * - ``nginx.org/listen-ports-ssl`` - N/A - Configures HTTPS ports that NGINX will listen on. - ``[443]`` - - + - ``` ### Backend Services (Upstreams) @@ -307,72 +307,72 @@ The table below summarizes the available annotations. - ``lb-method`` - Sets the `load balancing method `_. To use the round-robin method, specify ``"round_robin"``. - ``"random two least_conn"`` - - + - * - ``nginx.org/ssl-services`` - N/A - Enables HTTPS or gRPC over SSL when connecting to the endpoints of services. - N/A - - `SSL Services Support `_. + - `SSL Services Support `_. * - ``nginx.org/grpc-services`` - N/A - Enables gRPC for services. Note: requires HTTP/2 (see ``http2`` ConfigMap key); only works for Ingresses with TLS termination enabled. - N/A - - `GRPC Services Support `_. + - `GRPC Services Support `_. * - ``nginx.org/websocket-services`` - N/A - Enables WebSocket for services. - N/A - - `WebSocket support `_. + - `WebSocket support `_. * - ``nginx.org/max-fails`` - ``max-fails`` - Sets the value of the `max_fails `_ parameter of the ``server`` directive. - ``1`` - - + - * - ``nginx.org/max-conns`` - N\A - Sets the value of the `max_conns `_ parameter of the ``server`` directive. - ``0`` - - + - * - ``nginx.org/upstream-zone-size`` - ``upstream-zone-size`` - Sets the size of the shared memory `zone `_ for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. - ``256K`` - - + - * - ``nginx.org/fail-timeout`` - ``fail-timeout`` - Sets the value of the `fail_timeout `_ parameter of the ``server`` directive. - ``10s`` - - + - * - ``nginx.com/sticky-cookie-services`` - N/A - Configures session persistence. - N/A - - `Session Persistence `_. + - `Session Persistence `_. * - ``nginx.org/keepalive`` - ``keepalive`` - Sets the value of the `keepalive `_ directive. Note that ``proxy_set_header Connection "";`` is added to the generated configuration when the value > 0. - ``0`` - - + - * - ``nginx.com/health-checks`` - N/A - Enables active health checks. - ``False`` - - `Support for Active Health Checks `_. + - `Support for Active Health Checks `_. * - ``nginx.com/health-checks-mandatory`` - N/A - Configures active health checks as mandatory. - ``False`` - - `Support for Active Health Checks `_. + - `Support for Active Health Checks `_. * - ``nginx.com/health-checks-mandatory-queue`` - N/A - When active health checks are mandatory, configures a queue for temporary storing incoming requests during the time when NGINX Plus is checking the health of the endpoints after a configuration reload. - ``0`` - - `Support for Active Health Checks `_. + - `Support for Active Health Checks `_. * - ``nginx.com/slow-start`` - N/A - - Sets the upstream server `slow-start period `_. By default, slow-start is activated after a server becomes `available `_ or `healthy `_. To enable slow-start for newly added servers, configure `mandatory active health checks `_. + - Sets the upstream server `slow-start period `_. By default, slow-start is activated after a server becomes `available `_ or `healthy `_. To enable slow-start for newly added servers, configure `mandatory active health checks `_. - ``"0s"`` - - + - ``` ### Snippets and Custom Templates @@ -390,14 +390,14 @@ The table below summarizes the available annotations. - ``location-snippets`` - Sets a custom snippet in location context. - N/A - - + - * - ``nginx.org/server-snippets`` - ``server-snippets`` - Sets a custom snippet in server context. - N/A - - + - ``` - + ### App Protect **Note**: The App Protect annotations only work if App Protect module is [installed](/nginx-ingress-controller/app-protect/installation/). @@ -413,27 +413,27 @@ The table below summarizes the available annotations. - Example * - ``appprotect.f5.com/app-protect-policy`` - N/A - - The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable`` is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. + - The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable`` is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. - N/A - - `Example for App Protect `_. + - `Example for App Protect `_. * - ``appprotect.f5.com/app-protect-enable`` - N/A - Enable App Protect for the Ingress Resource. - ``False`` - - `Example for App Protect `_. + - `Example for App Protect `_. * - ``appprotect.f5.com/app-protect-security-log-enable`` - N/A - Enable the `security log `_ for App Protect. - ``False`` - - `Example for App Protect `_. + - `Example for App Protect `_. * - ``appprotect.f5.com/app-protect-security-log`` - N/A - The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the default is used which is: filter: ``illegal``, format: ``default`` - N/A - - `Example for App Protect `_. + - `Example for App Protect `_. * - ``appprotect.f5.com/app-protect-security-log-destination`` - N/A - - The destination of the security log. For more information check the `DESTINATION argument `_. + - The destination of the security log. For more information check the `DESTINATION argument `_. - ``syslog:server=localhost:514`` - - `Example for App Protect `_. + - `Example for App Protect `_. ``` diff --git a/docs-web/configuration/ingress-resources/basic-configuration.md b/docs-web/configuration/ingress-resources/basic-configuration.md index 46654045ef..b82f21fd51 100644 --- a/docs-web/configuration/ingress-resources/basic-configuration.md +++ b/docs-web/configuration/ingress-resources/basic-configuration.md @@ -36,7 +36,7 @@ Here is a breakdown of what this Ingress resource definition means: * The rule with the path `/coffee` instructs NGINX to distribute the requests with the `/coffee` URI among the pods of the *coffee* service, which is deployed with the name `coffee‑svc` in the cluster. * Both rules instruct NGINX to distribute the requests to `port 80` of the corresponding service (the `servicePort` field). -> For complete instructions on deploying the Ingress and Secret resources in the cluster, see the [complete-example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples/complete-example) in our GitHub repo. +> For complete instructions on deploying the Ingress and Secret resources in the cluster, see the [complete-example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples/complete-example) in our GitHub repo. > To learn more about the Ingress resource, see the [Ingress resource documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) in the Kubernetes docs. diff --git a/docs-web/configuration/ingress-resources/cross-namespace-configuration.md b/docs-web/configuration/ingress-resources/cross-namespace-configuration.md index 4634d3656b..9bd8a25aea 100644 --- a/docs-web/configuration/ingress-resources/cross-namespace-configuration.md +++ b/docs-web/configuration/ingress-resources/cross-namespace-configuration.md @@ -1,5 +1,5 @@ # Cross-namespace Configuration -You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the *same* or *different* namespaces. This enables easier management when using a large number of paths. See the [Mergeable Ingress Resources](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples/mergeable-ingress-types) example on our GitHub. +You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the *same* or *different* namespaces. This enables easier management when using a large number of paths. See the [Mergeable Ingress Resources](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples/mergeable-ingress-types) example on our GitHub. -As an alternative to Mergeable Ingress resources, you can use [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) for cross-namespace configuration. See the [Cross-Namespace Configuration](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples-of-custom-resources/cross-namespace-configuration) example on our GitHub. +As an alternative to Mergeable Ingress resources, you can use [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) for cross-namespace configuration. See the [Cross-Namespace Configuration](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples-of-custom-resources/cross-namespace-configuration) example on our GitHub. diff --git a/docs-web/configuration/ingress-resources/custom-annotations.md b/docs-web/configuration/ingress-resources/custom-annotations.md index 250a7f4ff2..7b8e0087b8 100644 --- a/docs-web/configuration/ingress-resources/custom-annotations.md +++ b/docs-web/configuration/ingress-resources/custom-annotations.md @@ -6,15 +6,15 @@ Custom annotations enable you to quickly extend the Ingress resource to support NGINX Ingress Controller supports a number of annotations for the Ingress resource that fine tune NGINX configuration (for example, connection timeouts) or enable additional features (for example, JWT validation). The complete list of annotations is available [here](/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations). -The annotations are provided only for the most common features and use cases, meaning that not every NGINX feature or a customization option is available through the annotations. Additionally, even if an annotation is available, it might not give you the satisfactory level of control of a particular NGINX feature. +The annotations are provided only for the most common features and use cases, meaning that not every NGINX feature or a customization option is available through the annotations. Additionally, even if an annotation is available, it might not give you the satisfactory level of control of a particular NGINX feature. Custom annotations allow you to add an annotation for an NGINX feature that is not available as a regular annotation. In contrast with regular annotations, to add a custom annotation, you don't need to modify the Ingress Controller source code -- just modify the template. Additionally, with a custom annotation, you get full control of how the feature is implemented in NGINX configuration. ## Usage -The Ingress Controller generates NGINX configuration for Ingress resources by executing a configuration template. See [NGINX template](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.0/internal/configs/version1/nginx.ingress.tmpl) or [NGINX Plus template](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.0/internal/configs/version1/nginx-plus.ingress.tmpl). +The Ingress Controller generates NGINX configuration for Ingress resources by executing a configuration template. See [NGINX template](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.1/internal/configs/version1/nginx.ingress.tmpl) or [NGINX Plus template](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.1/internal/configs/version1/nginx-plus.ingress.tmpl). -To support custom annotations, the template has access to the information about the Ingress resource - its *name*, *namespace* and *annotations*. It is possible to check if a particular annotation present in the Ingress resource and conditionally insert NGINX configuration directives at multiple NGINX contexts - `http`, `server`, `location` or `upstream`. Additionally, you can get the value that is set to the annotation. +To support custom annotations, the template has access to the information about the Ingress resource - its *name*, *namespace* and *annotations*. It is possible to check if a particular annotation present in the Ingress resource and conditionally insert NGINX configuration directives at multiple NGINX contexts - `http`, `server`, `location` or `upstream`. Additionally, you can get the value that is set to the annotation. Consider the following excerpt from the template, which was extended to support two custom annotations: @@ -59,7 +59,7 @@ Assuming that the Ingress Controller is using that customized template, it will # Print the value assigned to the annotation: 512 ``` -**Notes**: +**Notes**: * You can customize the template to insert you custom annotations via [custom templates](/nginx-ingress-controller/configuration/global-configuration/custom-templates). * The Ingress Controller uses go templates to generate NGINX config. You can read more information about go templates [here](https://golang.org/pkg/text/template/). @@ -82,7 +82,7 @@ If you'd like to use custom annotations with Mergeable Ingress resources, please . . . } {{end}} ``` - **Note**: `$location.MinionIngress` is a pointer. When a regular Ingress resource is processed in the template, the value of the pointer is `nil`. Thus, it is important that you check that `$location.MinionIngress` is not `nil` as in the example above using the `with` action. + **Note**: `$location.MinionIngress` is a pointer. When a regular Ingress resource is processed in the template, the value of the pointer is `nil`. Thus, it is important that you check that `$location.MinionIngress` is not `nil` as in the example above using the `with` action. * Minions do not inherent custom annotations of the master. @@ -101,7 +101,7 @@ Helper functions can be used in the Ingress template to parse the values of cust * - ``split`` - ``s, sep string`` - ``[]string`` - - Splits the string ``s`` into a slice of strings separated by the ``sep``. + - Splits the string ``s`` into a slice of strings separated by the ``sep``. * - ``trim`` - ``s string`` - ``string`` @@ -132,4 +132,4 @@ deny all; ## Example -See the [custom annotations example](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.0/examples/custom-annotations). +See the [custom annotations example](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.1/examples/custom-annotations). diff --git a/docs-web/configuration/policy-resource.md b/docs-web/configuration/policy-resource.md index b3cc9811af..4f04655132 100644 --- a/docs-web/configuration/policy-resource.md +++ b/docs-web/configuration/policy-resource.md @@ -4,7 +4,7 @@ The Policy resource allows you to configure features like access control and rat The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the Policy resource. An example of a Policy for access control is available in our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.0/examples-of-custom-resources/access-control). +This document is the reference documentation for the Policy resource. An example of a Policy for access control is available in our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.1/examples-of-custom-resources/access-control). ## Contents @@ -444,7 +444,7 @@ NGINX Plus will pass the ID of an authenticated user to the backend in the HTTP #### Prerequisites -For the OIDC feature to work, it is necessary to enable [zone synchronization](https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync/), otherwise NGINX Plus will fail to reload. Additionally, it is necessary to configure a resolver, so that NGINX Plus can resolve the IDP authorization endpoint. For an example of the necessary configuration see the documentation [here](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.0/examples-of-custom-resources/oidc#step-7---configure-nginx-plus-zone-synchronization-and-resolver). +For the OIDC feature to work, it is necessary to enable [zone synchronization](https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync/), otherwise NGINX Plus will fail to reload. Additionally, it is necessary to configure a resolver, so that NGINX Plus can resolve the IDP authorization endpoint. For an example of the necessary configuration see the documentation [here](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.1/examples-of-custom-resources/oidc#step-7---configure-nginx-plus-zone-synchronization-and-resolver). > **Note**: The configuration in the example doesn't enable TLS and the synchronization between the replica happens in clear text. This could lead to the exposure of tokens. diff --git a/docs-web/configuration/transportserver-resource.md b/docs-web/configuration/transportserver-resource.md index 76179aff74..4ed37a8235 100644 --- a/docs-web/configuration/transportserver-resource.md +++ b/docs-web/configuration/transportserver-resource.md @@ -2,7 +2,7 @@ The TransportServer resource allows you to configure TCP, UDP, and TLS Passthrough load balancing. The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the TransportServer resource. To see additional examples of using the resource for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.0/examples-of-custom-resources) folder in our GitHub repo. +This document is the reference documentation for the TransportServer resource. To see additional examples of using the resource for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.1/examples-of-custom-resources) folder in our GitHub repo. > **Feature Status**: The TransportServer resource is available as a preview feature: it is suitable for experimenting and testing; however, it must be used with caution in production environments. Additionally, while the feature is in preview, we might introduce some backward-incompatible changes to the resource specification in the next releases. @@ -40,7 +40,7 @@ The TransportServer resource defines load balancing configuration for TCP, UDP, name: dns-tcp spec: listener: - name: dns-tcp + name: dns-tcp protocol: TCP upstreams: - name: dns-app @@ -57,7 +57,7 @@ The TransportServer resource defines load balancing configuration for TCP, UDP, name: dns-udp spec: listener: - name: dns-udp + name: dns-udp protocol: UDP upstreams: - name: dns-app @@ -122,13 +122,13 @@ The TransportServer resource defines load balancing configuration for TCP, UDP, ### Listener -The listener field references a listener that NGINX will use to accept incoming traffic for the TransportServer. For TCP and UDP, the listener must be defined in the [GlobalConfiguration resource](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource). When referencing a listener, both the name and the protocol must match. For TLS Passthrough, use the built-in listener with the name `tls-passthrough` and the protocol `TLS_PASSTHROUGH`. +The listener field references a listener that NGINX will use to accept incoming traffic for the TransportServer. For TCP and UDP, the listener must be defined in the [GlobalConfiguration resource](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource). When referencing a listener, both the name and the protocol must match. For TLS Passthrough, use the built-in listener with the name `tls-passthrough` and the protocol `TLS_PASSTHROUGH`. An example: ```yaml listener: - name: dns-udp - protocol: UDP + name: dns-udp + protocol: UDP ``` ```eval_rst @@ -146,14 +146,14 @@ listener: * - ``protocol`` - The protocol of the listener. - ``string`` - - Yes + - Yes ``` ### Upstream The upstream defines a destination for the TransportServer. For example: ```yaml -name: secure-app +name: secure-app service: secure-app port: 8443 ``` @@ -204,7 +204,7 @@ upstreamParameters: * - ``udpResponses`` - The number of datagrams expected from the proxied server in response to a client datagram. See the `proxy_responses `_ directive. By default, the number of datagrams is not limited. - ``int`` - - No + - No ``` ### Action @@ -228,10 +228,10 @@ action: * - ``pass`` - Passes connections/datagrams to an upstream. The upstream with that name must be defined in the resource. - ``string`` - - Yes + - Yes ``` -## Using TransportServer +## Using TransportServer You can use the usual `kubectl` commands to work with TransportServer resources, similar to Ingress resources. @@ -310,6 +310,6 @@ The [ConfigMap](/nginx-ingress-controller/configuration/global-configuration/con ## Limitations As of Release 1.7, the TransportServer resource is a preview feature. Currently, it comes with the following limitations: -* When using TLS Passthrough, it is not possible to configure [Proxy Protocol](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples/proxy-protocol) for port 443 both for regular HTTPS and TLS Passthrough traffic. +* When using TLS Passthrough, it is not possible to configure [Proxy Protocol](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples/proxy-protocol) for port 443 both for regular HTTPS and TLS Passthrough traffic. * If multiple TCP (or UDP) TransportServers reference the same listener, only one of them will receive the traffic. Moreover, until there is only one TransportServer, NGINX will fail to reload. If this happens, the IC will report a warning event with the `AddedOrUpdatedWithError` reason for the resource, which caused the problem, and also report the error in the logs. -* If multiple TLS Passthrough TransportServers have the same hostname, only one of them will receive the traffic. If this happens, the IC will report a warning in the logs like `host "app.example.com" is used by more than one TransportServers`. \ No newline at end of file +* If multiple TLS Passthrough TransportServers have the same hostname, only one of them will receive the traffic. If this happens, the IC will report a warning in the logs like `host "app.example.com" is used by more than one TransportServers`. diff --git a/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md b/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md index f079e1c2e6..4adabe167b 100644 --- a/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md +++ b/docs-web/configuration/virtualserver-and-virtualserverroute-resources.md @@ -2,7 +2,7 @@ The VirtualServer and VirtualServerRoute resources are new load balancing configuration, introduced in release 1.5 as an alternative to the Ingress resource. The resources enable use cases not supported with the Ingress resource, such as traffic splitting and advanced content-based routing. The resources are implemented as [Custom Resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). -This document is the reference documentation for the resources. To see additional examples of using the resources for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.0/examples-of-custom-resources) folder in our GitHub repo. +This document is the reference documentation for the resources. To see additional examples of using the resources for specific use cases, go to the [examples-of-custom-resources](https://github.com/nginxinc/kubernetes-ingress/blob/v1.10.1/examples-of-custom-resources) folder in our GitHub repo. ## Contents @@ -189,9 +189,9 @@ name: access-control * - ``name`` - The name of a policy. If the policy doesn't exist or invalid, NGINX will respond with an error response with the `500` status code. - ``string`` - - Yes + - Yes * - ``namespace`` - - The namespace of a policy. If not specified, the namespace of the VirtualServer resource is used. + - The namespace of a policy. If not specified, the namespace of the VirtualServer resource is used. - ``string`` - No ``` @@ -218,7 +218,7 @@ The route defines rules for matching client requests to actions like passing a r - ``string`` - Yes * - ``policies`` - - A list of policies. The policies override the policies of the same type defined in the ``spec`` of the VirtualServer. See `Applying Policies `_ for more details. + - A list of policies. The policies override the policies of the same type defined in the ``spec`` of the VirtualServer. See `Applying Policies `_ for more details. - `[]policy <#virtualserver-policy>`_ - No * - ``action`` @@ -351,7 +351,7 @@ action: - ``string`` - Yes * - ``policies`` - - A list of policies. The policies override *all* policies defined in the route of the VirtualServer that references this resource. The policies also override the policies of the same type defined in the ``spec`` of the VirtualServer. See `Applying Policies `_ for more details. + - A list of policies. The policies override *all* policies defined in the route of the VirtualServer that references this resource. The policies also override the policies of the same type defined in the ``spec`` of the VirtualServer. See `Applying Policies `_ for more details. - `[]policy <#virtualserver-policy>`_ - No * - ``action`` @@ -420,7 +420,7 @@ tls: - ``string`` - Yes * - ``service`` - - The name of a `service `_. The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. For NGINX Plus only, services of type `ExternalName `_ are also supported (check the `prerequisites `_\ ). + - The name of a `service `_. The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. For NGINX Plus only, services of type `ExternalName `_ are also supported (check the `prerequisites `_\ ). - ``string`` - Yes * - ``subselector`` @@ -914,7 +914,7 @@ proxy: - `action.Proxy.ResponseHeaders <#action-proxy-responseheaders>`_ - No * - ``rewritePath`` - - The rewritten URI. If the route path is a regular expression (starts with ~), the rewritePath can include capture groups with ``$1-9``. For example `$1` for the first group, and so on. For more information, check the `rewrite `_ example. + - The rewritten URI. If the route path is a regular expression (starts with ~), the rewritePath can include capture groups with ``$1-9``. For example `$1` for the first group, and so on. For more information, check the `rewrite `_ example. - ``string`` - No ``` @@ -945,7 +945,7 @@ The RequestHeaders field modifies the headers of the request to the proxied upst The header defines an HTTP Header: ```yaml -name: My-Header +name: My-Header value: My-Value ``` @@ -1007,8 +1007,8 @@ The ResponseHeaders field modifies the headers of the response to the client. The addHeader defines an HTTP Header with an optional `always` field: ```yaml -name: My-Header -value: My-Value +name: My-Header +value: My-Value always: true ``` @@ -1458,7 +1458,7 @@ Additionally, this information is also available in the `status` field of the Vi ``` $ kubectl describe vs cafe -. . . +. . . Status: External Endpoints: Ip: 12.13.23.123 diff --git a/docs-web/index.rst b/docs-web/index.rst index 68f40febdb..305eb6997e 100644 --- a/docs-web/index.rst +++ b/docs-web/index.rst @@ -4,6 +4,8 @@ NGINX Ingress Controller ======================== +Request your `free 30-day trial `_ today. + .. toctree:: :maxdepth: 2 @@ -15,4 +17,4 @@ NGINX Ingress Controller app-protect/index third-party-modules/index releases - Technical Specifications \ No newline at end of file + Technical Specifications diff --git a/docs-web/installation/building-ingress-controller-image.md b/docs-web/installation/building-ingress-controller-image.md index c301309115..b2be147a6a 100644 --- a/docs-web/installation/building-ingress-controller-image.md +++ b/docs-web/installation/building-ingress-controller-image.md @@ -23,7 +23,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c ``` $ git clone https://github.com/nginxinc/kubernetes-ingress/ $ cd kubernetes-ingress/ - $ git checkout v1.10.0 + $ git checkout v1.10.1 ``` 1. Build the image: @@ -33,7 +33,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c ``` `myregistry.example.com/nginx-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - As a result, the image **myregistry.example.com/nginx-ingress:1.10.0** is built and pushed to the registry. Note that the tag `1.10.0` comes from the `VERSION` variable, defined in the Makefile. + As a result, the image **myregistry.example.com/nginx-ingress:1.10.1** is built and pushed to the registry. Note that the tag `1.10.1` comes from the `VERSION` variable, defined in the Makefile. * For NGINX Plus, first, make sure that the certificate (`nginx-repo.crt`) and the key (`nginx-repo.key`) of your license are located in the root of the project: ``` @@ -46,7 +46,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c ``` `myregistry.example.com/nginx-plus-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - As a result, the image **myregistry.example.com/nginx-plus-ingress:1.10.0** is built and pushed to the registry. Note that the tag `1.10.0` comes from the `VERSION` variable, defined in the Makefile. + As a result, the image **myregistry.example.com/nginx-plus-ingress:1.10.1** is built and pushed to the registry. Note that the tag `1.10.1` comes from the `VERSION` variable, defined in the Makefile. Next you will find the details about available Makefile targets and variables. @@ -76,8 +76,8 @@ The **Makefile** contains the following main variables for you to customize (eit 1. `openshift/Dockerfile`, for building an ubi-based image with NGINX for [Openshift](https://www.openshift.com/) clusters. 1. `openshift/DockerfileForPlus`, for building an ubi-based image with NGINX Plus for [Openshift](https://www.openshift.com/) clusters. 1. `appprotect/DockerfileWithAppProtectForPlusForOpenShift`, for building an ubi-based image with NGINX Plus and the [appprotect](/nginx-app-protect/) module for [Openshift](https://www.openshift.com/) clusters. - Note: You need to place a file named `rhel_license` containing Your Organization and Activation key in the project root. Example: - ```bash + Note: You need to place a file named `rhel_license` containing Your Organization and Activation key in the project root. Example: + ```bash RHEL_ORGANIZATION=1111111 RHEL_ACTIVATION_KEY=your-key ``` diff --git a/docs-web/installation/installation-with-helm.md b/docs-web/installation/installation-with-helm.md index d2420bd252..ec0a04dd88 100644 --- a/docs-web/installation/installation-with-helm.md +++ b/docs-web/installation/installation-with-helm.md @@ -22,7 +22,7 @@ This step is required if you're installing the chart using its sources. Addition 2. Change your working directory to /deployments/helm-chart: ```console $ cd kubernetes-ingress/deployments/helm-chart - $ git checkout v1.10.0 + $ git checkout v1.10.1 ``` ## Adding the Helm Repository @@ -151,7 +151,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont - false * - ``controller.nginxReloadTimeout`` - The timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. The default is 4000 (or 20000 if `controller.appprotect.enable` is true). If set to 0, the default value will be used. - - 0 + - 0 * - ``controller.appprotect.enable`` - Enables the App Protect module in the Ingress Controller. - false @@ -169,7 +169,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont - nginx/nginx-ingress * - ``controller.image.tag`` - The tag of the Ingress controller image. - - 1.10.0 + - 1.10.1 * - ``controller.image.pullPolicy`` - The pull policy for the Ingress controller image. - IfNotPresent @@ -177,7 +177,7 @@ The following tables lists the configurable parameters of the NGINX Ingress cont - The name of the ConfigMap used by the Ingress controller. - Autogenerated * - ``controller.config.entries`` - - The entries of the ConfigMap for customizing NGINX configuration. See `ConfigMap resource docs `_ for the list of supported ConfigMap keys. + - The entries of the ConfigMap for customizing NGINX configuration. See `ConfigMap resource docs `_ for the list of supported ConfigMap keys. - {} * - ``controller.customPorts`` - A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports. diff --git a/docs-web/installation/installation-with-manifests.md b/docs-web/installation/installation-with-manifests.md index 6418e36ce6..28bb99bd1a 100644 --- a/docs-web/installation/installation-with-manifests.md +++ b/docs-web/installation/installation-with-manifests.md @@ -11,7 +11,7 @@ This document describes how to install the NGINX Ingress Controller in your Kube ``` $ git clone https://github.com/nginxinc/kubernetes-ingress/ $ cd kubernetes-ingress/deployments - $ git checkout v1.10.0 + $ git checkout v1.10.1 ``` ## 1. Configure RBAC diff --git a/docs-web/installation/installation-with-operator.md b/docs-web/installation/installation-with-operator.md index 0d381ef943..bb1552c4c7 100644 --- a/docs-web/installation/installation-with-operator.md +++ b/docs-web/installation/installation-with-operator.md @@ -2,8 +2,6 @@ This document describes how to install the NGINX Ingress Controller in your Kubernetes cluster using the NGINX Ingress Operator. -**Note: an NGINX Ingress Operator version compatible with the 1.10.0 NGINX Ingress Controller release is not available yet. We will update this document and remove this note once we publish a compatible Operator version.** - ## Prerequisites 1. Make sure you have access to the Ingress Controller image: @@ -25,7 +23,7 @@ spec: type: deployment image: repository: nginx/nginx-ingress - tag: 1.9.1 + tag: 1.10.1 pullPolicy: Always serviceType: NodePort nginxPlus: False diff --git a/docs-web/releases.md b/docs-web/releases.md index 68c012a46d..36ddb6e1d1 100644 --- a/docs-web/releases.md +++ b/docs-web/releases.md @@ -1,5 +1,22 @@ # Releases +### NGINX Ingress Controller 1.10.1 + +16 March 2021 + +CHANGES: +* Update NGINX version to 1.19.8. +* Add Kubernetes 1.20 support. +* [1373](https://github.com/nginxinc/kubernetes-ingress/pull/1373), [1439](https://github.com/nginxinc/kubernetes-ingress/pull/1439), [1440](https://github.com/nginxinc/kubernetes-ingress/pull/1440): Fix various issues in the Makefile. In 1.10.0, a bug was introduced that prevented building Ingress Controller images on versions of make < 4.1. + +HELM CHART: +* The version of the Helm chart is now 0.8.1. + +UPGRADE: +* For NGINX, use the 1.10.1 image from our DockerHub: `nginx/nginx-ingress:1.10.1`, `nginx/nginx-ingress:1.10.1-alpine` or `nginx/nginx-ingress:1.10.1-ubi` +* For NGINX Plus, please build your own image using the 1.10.1 source code. +* For Helm, use version 0.8.1 of the chart. + ### NGINX Ingress Controller 1.10.0 26 January 2021 @@ -206,16 +223,16 @@ UPGRADE: OVERVIEW: Release 1.8.0 includes: -* Support for NGINX App Protect Web Application Firewall. +* Support for NGINX App Protect Web Application Firewall. * Support for configuration snippets and custom template for VirtualServer and VirtualServerRoute resources. * Support for request/response header manipulation and request URI rewriting for VirtualServer/VirtualServerRoute. -* Introducing a new configuration resource - Policy - with the first policy for IP-based access control. +* Introducing a new configuration resource - Policy - with the first policy for IP-based access control. You will find the complete changelog for release 1.8.0, including bug fixes, improvements, and changes below. FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: * [1036](https://github.com/nginxinc/kubernetes-ingress/pull/1036): Add VirtualServer custom template support. -* [1028](https://github.com/nginxinc/kubernetes-ingress/pull/1028): Add access control policy. +* [1028](https://github.com/nginxinc/kubernetes-ingress/pull/1028): Add access control policy. * [1019](https://github.com/nginxinc/kubernetes-ingress/pull/1019): Add VirtualServer/VirtualServerRoute snippets support. * [1006](https://github.com/nginxinc/kubernetes-ingress/pull/1006): Add request/response modifiers to VS and VSR. * [994](https://github.com/nginxinc/kubernetes-ingress/pull/994): Support Class Field in VS/VSR. @@ -235,13 +252,13 @@ BUGFIXES: HELM CHART: * The version of the helm chart is now 0.6.0. -* Add new parameters to the Chart: `controller.appprotect.enable`, `controller.globalConfiguration.create`, `controller.globalConfiguration.spec`, `controller.readyStatus.enable`, `controller.readyStatus.port`, `controller.config.annotations`, `controller.reportIngressStatus.annotations`. Added in [1035](https://github.com/nginxinc/kubernetes-ingress/pull/1035), [1034](https://github.com/nginxinc/kubernetes-ingress/pull/1034), [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029), [1003](https://github.com/nginxinc/kubernetes-ingress/pull/1003) thanks to [RubyLangdon](https://github.com/RubyLangdon). +* Add new parameters to the Chart: `controller.appprotect.enable`, `controller.globalConfiguration.create`, `controller.globalConfiguration.spec`, `controller.readyStatus.enable`, `controller.readyStatus.port`, `controller.config.annotations`, `controller.reportIngressStatus.annotations`. Added in [1035](https://github.com/nginxinc/kubernetes-ingress/pull/1035), [1034](https://github.com/nginxinc/kubernetes-ingress/pull/1034), [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029), [1003](https://github.com/nginxinc/kubernetes-ingress/pull/1003) thanks to [RubyLangdon](https://github.com/RubyLangdon). * [1047](https://github.com/nginxinc/kubernetes-ingress/pull/1047) and [1009](https://github.com/nginxinc/kubernetes-ingress/pull/1009): Change how Helm manages the custom resource defintions (CRDs) to support installing multiple Ingress Controller releases. **Note**: If you're using the custom resources (`controller.enableCustomResources` is set to `true`), this is a breaking change. See the HELM UPGRADE section below for the upgrade instructions. CHANGES: * Update NGINX version to 1.19.1. * Update NGINX Plus to R22. -* [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029): Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port `8081` and the path `/nginx-ready`. The endpoint returns a `200` response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe. +* [1029](https://github.com/nginxinc/kubernetes-ingress/pull/1029): Add readiness endpoint. The Ingress Controller now exposes a readiness endpoint on port `8081` and the path `/nginx-ready`. The endpoint returns a `200` response after the Ingress Controller finishes the initial configuration of NGINX at the start. The pod template was updated to use that endpoint in a readiness probe. * [980](https://github.com/nginxinc/kubernetes-ingress/pull/980): Enable leader election by default. UPGRADE: @@ -394,7 +411,7 @@ UPGRADE: OVERVIEW: -Release 1.6.0 includes: +Release 1.6.0 includes: * Improvements to VirtualServer and VirtualServerRoute resources, adding support for richer load balancing behavior, more sophisticated request routing, redirects, direct responses, and blue-green and circuit breaker patterns. The VirtualServer and VirtualServerRoute resources are enabled by default and are ready for production use. * Support for OpenTracing, helping you to monitor and debug complex transactions. * An improved security posture, with support to run the Ingress Controller as a non-root user. @@ -431,7 +448,7 @@ FEATURES FOR VIRTUALSERVER AND VIRTUALSERVERROUTE RESOURCES: * [596](https://github.com/nginxinc/kubernetes-ingress/pull/596): Add lb-method support in vs and vsr. FEATURES: -* [750](https://github.com/nginxinc/kubernetes-ingress/pull/750): Add support for health status uri customisation. +* [750](https://github.com/nginxinc/kubernetes-ingress/pull/750): Add support for health status uri customisation. * [691](https://github.com/nginxinc/kubernetes-ingress/pull/691): Helper Functions for custom annotations. * [631](https://github.com/nginxinc/kubernetes-ingress/pull/631): Add max_conns support for NGINX plus. * [629](https://github.com/nginxinc/kubernetes-ingress/pull/629): Added upstream zone directive annotation. Thanks to [Victor Regalado](https://github.com/vrrs). diff --git a/docs-web/technical-specifications.md b/docs-web/technical-specifications.md index 6a56ab56a1..7a942ae5ed 100644 --- a/docs-web/technical-specifications.md +++ b/docs-web/technical-specifications.md @@ -27,12 +27,12 @@ The supported architecture is x86-64. - ``Dockerfile`` - ``nginx:1.19.8``, which is based on ``debian:buster-slim`` - - - ``nginx/nginx-ingress:1.10.0`` + - ``nginx/nginx-ingress:1.10.1`` * - Alpine-based image - ``DockerfileForAlpine`` - ``nginx:1.19.8-alpine``, which is based on ``alpine:3.13`` - - - ``nginx/nginx-ingress:1.10.0-alpine`` + - ``nginx/nginx-ingress:1.10.1-alpine`` * - Debian-based image with Opentracing - ``DockerfileWithOpentracing`` - ``nginx:1.19.8``, which is based on ``debian:buster-slim`` @@ -42,7 +42,7 @@ The supported architecture is x86-64. - ``openshift/Dockerfile`` - ``registry.access.redhat.com/ubi8/ubi:8.3`` - - - ``nginx/nginx-ingress:1.10.0-ubi`` + - ``nginx/nginx-ingress:1.10.1-ubi`` ``` \* -- Dockerfile paths are relative to the ``build`` folder of the Ingress Controller git repo. diff --git a/docs-web/third-party-modules/opentracing.md b/docs-web/third-party-modules/opentracing.md index 04534353a0..a7822505a1 100644 --- a/docs-web/third-party-modules/opentracing.md +++ b/docs-web/third-party-modules/opentracing.md @@ -2,7 +2,7 @@ The Ingress Controller supports [OpenTracing](https://opentracing.io/) with the third-party module [opentracing-contrib/nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing). -This document explains how to use OpenTracing with the Ingress Controller. Additionally, we have an [example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.0/examples/opentracing) on how to enable OpenTracing for a simple web application using Jaeger as a tracer. +This document explains how to use OpenTracing with the Ingress Controller. Additionally, we have an [example](https://github.com/nginxinc/kubernetes-ingress/tree/v1.10.1/examples/opentracing) on how to enable OpenTracing for a simple web application using Jaeger as a tracer. ## Prerequisites 1. **Use the Ingress Controller image with OpenTracing.** The default Ingress Controller images don’t include the OpenTracing module. To use OpenTracing, you need to build the image with that module. Follow the build instructions to build the image using `DockerfileWithOpentracing` for NGINX or `DockerfileWithOpentracingForPlus` for NGINX Plus.