Ingress NGINX Controller for Kubernetes
3a887f28e8
Current implementation of OCSP stapling makes use of the DNS caching machinery[^1], which results in resty.http not seeing the actual host name of the OCSP responder. On HTTP level, this is already mitigated via overriding the Host header, but if a given responder operates on a HTTPS endpoint (a setup which, admittedly, isn't very popular due to its chicken-and-egg caveats involved but is nonetheless legal[^2]) the connection will fail to be established. A relevant (and a bit redacted) excerpt from logs: 2023/07/02 18:13:23 [info] 112#112: *29039 [lua] dns.lua:32: cache_set(): cache set for 'my.ocsp.responder' with value of [10.1.2.3, 10.4.5.6, 10.7.8.9] and ttl of 30., context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442 2023/07/02 18:13:23 [error] 112#112: *29039 lua ssl certificate does not match host "10.1.2.3", context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442 2023/07/02 18:13:23 [error] 112#112: *29039 [lua] certificate.lua:143: fetch_and_cache_ocsp_response(): could not get OCSP response: certificate host mismatch, context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442 [^1]: https://github.com/kubernetes/ingress-nginx/blob/ebb6314/rootfs/etc/nginx/lua/certificate.lua#L81 [^2]: https://datatracker.ietf.org/doc/html/rfc2560#appendix-A.1.1 |
||
|---|---|---|
| .github | ||
| build | ||
| changelog | ||
| charts/ingress-nginx | ||
| cmd | ||
| deploy | ||
| docs | ||
| hack | ||
| images | ||
| internal | ||
| magefiles | ||
| pkg | ||
| rootfs | ||
| test | ||
| version | ||
| .gcloudignore | ||
| .gitignore | ||
| .golangci.yml | ||
| .goreleaser.yaml | ||
| .luacheckrc | ||
| Changelog.md | ||
| cloudbuild.yaml | ||
| code-of-conduct.md | ||
| CONTRIBUTING.md | ||
| ginkgo_upgrade.md | ||
| go.mod | ||
| go.sum | ||
| go.work | ||
| go.work.sum | ||
| GOLANG_VERSION | ||
| ingress-nginx.yaml | ||
| ISSUE_TRIAGE.md | ||
| LICENSE | ||
| Makefile | ||
| MANUAL_RELEASE.md | ||
| mkdocs.yml | ||
| netlify.toml | ||
| NEW_CONTRIBUTOR.md | ||
| NEW_RELEASE_PROCESS.md | ||
| NGINX_BASE | ||
| OWNERS | ||
| OWNERS_ALIASES | ||
| README.md | ||
| SECURITY.md | ||
| SECURITY_CONTACTS | ||
| TAG | ||
Ingress NGINX Controller
Overview
ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
Learn more about Ingress on the main Kubernetes documentation site.
Get started
See the Getting Started document.
Troubleshooting
If you encounter issues, review the troubleshooting docs, file an issue, or talk to us on the #ingress-nginx channel on the Kubernetes Slack server.
Changelog
See the list of releases for all changes.
For detailed changes for each release, please check the changelog-$version.md file for the release version.
For detailed changes on the ingress-nginx helm chart, please check the changelog folder for a specific version
CHANGELOG-$current-version.md file.
Supported Versions table
Supported versions for the ingress-nginx project mean that we have completed E2E tests, and they are passing for the versions listed. Ingress-Nginx versions may work on older versions, but the project does not make that guarantee.
| Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version |
|---|---|---|---|---|---|
| 🔄 | v1.9.6 | 1.29, 1.28, 1.27, 1.26, 1.25 | 3.19.0 | 1.21.6 | 4.9.1* |
| 🔄 | v1.9.5 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.9.0* |
| 🔄 | v1.9.4 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.3 |
| 🔄 | v1.9.3 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* |
| 🔄 | v1.9.1 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* |
| 🔄 | v1.9.0 | 1.28, 1.27, 1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* |
| 🔄 | v1.8.4 | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* |
| 🔄 | v1.8.2 | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* |
| 🔄 | v1.8.1 | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* |
| 🔄 | v1.8.0 | 1.27, 1.26, 1.25, 1.24 | 3.18.0 | 1.21.6 | 4.7.* |
| v1.7.1 | 1.27, 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | |
| v1.7.0 | 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | |
| v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* | |
| v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* | |
| v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 | |
| v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | 4.2.5 | |
| v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† | 4.2.3 |
See this article if you want upgrade to the stable Ingress API.
Get Involved
Thanks for taking the time to join our community and start contributing!
-
This project adheres to the Kubernetes Community Code of Conduct. By participating in this project, you agree to abide by its terms.
-
Contributing: Contributions of all kinds are welcome!
- Read
CONTRIBUTING.mdfor information about setting up your environment, the workflow that we expect, and instructions on the developer certificate of origin that we require. - Join our Kubernetes Slack channel for developer discussion : #ingress-nginx-dev.
- Submit GitHub issues for any feature enhancements, bugs, or documentation problems.
- Please make sure to read the Issue Reporting Checklist before opening an issue. Issues not conforming to the guidelines may be closed immediately.
- Join our ingress-nginx-dev mailing list
- Read
-
Support:
- Join the #ingress-nginx-users channel inside the Kubernetes Slack to ask questions or get support from the maintainers and other users.
- The GitHub issues in the repository are exclusively for bug reports and feature requests.
- Discuss: Tweet using the
#IngressNginxhashtag or sharing with us @IngressNginx.