39 KiB
39 KiB
Changelog
0.9-beta.8
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.8
Changes:
- #761 NGINX TCP Ingresses do not bind on IPv6
- #850 Fix IPv6 UDP stream section
- #851 ensure private key and certificate match
- #852 Don't expose certificate metrics for default server
- #846 Match ServicePort to Endpoints by Name
- #854 Document log-format-stream and log-format-upstream
- #847 fix semicolon
- #848 Add metric "ssl certificate expiration"
- #839 "No endpoints" issue
- #845 Fix no endpoints issue when named ports are used
- #822 Release ubuntu-slim 0.11
- #824 Update nginx-slim to 0.18
- #823 Release nginx-slim 0.18
- #827 Introduce working example of nginx controller with rbac
- #835 Make log format json escaping configurable
- #843 Avoid setting maximum number of open file descriptors lower than 1024
- #837 Cleanup interface
- #836 Make log format json escaping configurable
- #828 Wrap IPv6 endpoints in []
- #821 nginx-ingress: occasional 503 Service Temporarily Unavailable
- #829 feat(template): wrap IPv6 addresses in []
- #786 Update echoserver image version in examples
- #825 Create or delete ingress based on class annotation
- #790 #789 removing duplicate X-Real-IP header
- #792 Avoid checking if the controllers are synced
- #798 nginx: RBAC for leader election
- #799 could not build variables_hash
- #809 Fix dynamic variable name
- #804 Fix #798 - RBAC for leader election
- #806 fix ingress rbac roles
- #811 external auth - proxy_pass_request_body off + big bodies give 500/413
- #785 Publish echoheader image
- #813 Added client_max_body_size to authPath location
- #814 rbac-nginx: resourceNames cannot filter create verb
- #774 Add IPv6 support in TCP and UDP stream section
- #784 Allow customization of variables hash tables
- #782 Set "proxy_pass_header Server;"
- #783 nginx/README.md: clarify app-root and fix example hyperlink
- #787 Add setting to allow returning the Server header from the backend
0.9-beta.7
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7
Changes:
- #777 Update sniff parser to fix index out of bound error
0.9-beta.6
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.6
Changes:
- #647 ingress.class enhancement for debugging.
- #708 ingress losing real source IP when tls enabled
- #760 Change recorder event scheme
- #704 fix nginx reload flags '-c'
- #757 Replace use of endpoints as locks with configmap
- #752 nginx ingress header config backwards
- #756 Fix bad variable assignment in template nginx
- #729 Release nginx-slim 0.17
- #755 Fix server name hash maxSize default value
- #741 Update golang dependencies
- #749 Remove service annotation for namedPorts
- #740 Refactoring whitelist source IP verification
- #734 Specify nginx image arch
- #728 Update nginx image
- #723 update readme about vts metrics
- #726 Release ubuntu-slim 0.10
- #727 [nginx] whitelist-source-range doesn’t work on ssl port
- #709 Add config for X-Forwarded-For trust
- #679 add getenv
- #680 nginx/pkg/config: delete unuseful variable
- #716 Add secure-verify-ca-secret annotation
- #722 Remove go-reap and use tini as process reaper
- #725 Add keepalive_requests and client_body_buffer_size options
- #724 change the directory of default-backend.yaml
- #656 Nginx Ingress Controller - Specify load balancing method
- #717 delete unuseful variable
- #712 Set $proxy_upstream_name before location directive
- #715 Corrected annotation ex
signin-url
toauth-url
- #718 nodeController sync
- #694 SSL-Passthrough broken in beta.5
- #678 Convert CN SSL Certificate to lowercase before comparison
- #690 Fix IP in logs for https traffic
- #673 Override load balancer alg view config map
- #675 Use proxy-protocol to pass through source IP to nginx
- #707 use nginx vts module version 0.1.14
- #702 Document passing of ssl_client_cert to backend
- #688 Add example of UDP loadbalancing
- #696 [nginx] pass non-SNI TLS hello to default backend, Fixes #693
- #685 Fix error in generated nginx.conf for optional hsts-preload
0.9-beta.5
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.5
Changes:
- #663 Remove helper required in go < 1.8
- #662 Add debug information about ingress class
- #661 Avoid running nginx if the configuration file is empty
- #660 Rollback queue refactoring
- #654 Update go version to 1.8
0.9-beta.4
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.4
New Features:
- Add support for services of type ExternalName
Changes:
- #635 Allow configuration of features underscores_in_headers and ignore_invalid_headers
- #633 Fix lint errors
- #630 Add example of TCP loadbalancing
- #629 Add support for services of type ExternalName
- #624 Compute server_names_hash_bucket_size correctly
- #615 Process exited cleanly before we hit wait4
- #614 Refactor nginx ssl passthrough
- #613 Status leader election must consired the ingress class
- #607 Allow custom server_names_hash_max_size & server_names_hash_bucket_size
- #601 add a judgment
- #601 Replace custom child reap code with go-reap
- #597 Add flag to force namespace isolation
- #595 Remove Host header from auth_request proxy configuration
- #588 Read resolv.conf file just once
- #586 Updated instructions to create an ingress controller build
- #583 fixed lua_package_path in nginx.tmpl
- #580 Updated faq for running multiple ingress controller
- #579 Detect if the ingress controller is running with multiple replicas
- #578 Set different listeners per protocol version
- #577 Avoid zombie child processes
- #576 Replace secret workqueue
- #568 Revert merge annotations to the implicit root context
- #563 Add option to disable hsts preload
- #560 Fix intermittent misconfiguration of backend.secure and SessionAffinity
- #556 Update nginx version and remove dumb-init
- #551 Build namespace and ingress class as label
- #546 Fix a couple of 'does not contains' typos
- #542 Fix lint errors
- #540 Add Backends.SSLPassthrough attribute
- #539 Migrate to client-go
- #536 add unit test cases for core/pkg/ingress/controller/backend_ssl
- #535 Add test for ingress status update
- #532 Add setting to configure ecdh curve
- #531 Fix link to examples
- #530 Fix link to custom nginx configuration
- #528 Add reference to apiserver-host flag
- #527 Add annotations to location of default backend (root context)
- #525 Avoid negative values configuring the max number of open files
- #523 Fix a typo in an error message
- #521 nginx-ingress-controller is built twice by docker-build target
- #517 Use whitelist-source-range from configmap when no annotation on ingress
- #516 Convert WorkerProcesses setting to string to allow the value auto
- #512 Fix typos regarding the ssl-passthrough annotation documentation
- #505 add unit test cases for core/pkg/ingress/controller/annotations
- #503 Add example for nginx in aws
- #502 Add information about SSL Passthrough annotation
- #500 Improve TLS secret configuration
- #498 Proper enqueue a secret on the secret queue
- #493 Update nginx and vts module
- #490 Add unit test case for named_port
- #488 Adds support for CORS on error responses and Authorization header
- #485 Fix typo nginx configMap vts metrics customization
- #481 Remove unnecessary quote in nginx log format
- #471 prometheus scrape annotations
- #460 add example of 'run multiple haproxy ingress controllers as a deployment'
- #459 Add information about SSL certificates in the default log level
- #456 Avoid upstreams with multiple servers with the same port
- #454 Pass request port to real server
- #450 fix nginx-tcp-and-udp on same port
- #446 remove configmap validations
- #445 Remove snakeoil certificate generation
- #442 Fix a few bugs in the nginx-ingress-controller Makefile
- #441 skip validation when configmap is empty
- #439 Avoid a nil-reference when the temporary file cannot be created
- #438 Improve English in error messages
- #437 Reference constant
0.9-beta.3
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3
New Features:
- Custom log formats using
log-format-upstream
directive in the configuration configmap. - Force redirect to SSL using the annotation
ingress.kubernetes.io/force-ssl-redirect
- Prometheus metric for VTS status module (transparent, just enable vts stats)
- Improved external authentication adding
ingress.kubernetes.io/auth-signin
annotation. Please check this example
Breaking changes:
ssl-dh-param
configuration in configmap is now the name of a secret that contains the Diffie-Hellman key
Changes:
- #433 close over the ingress variable or the last assignment will be used
- #424 Manually sync secrets from certificate authentication annotations
- #423 Scrap json metrics from nginx vts module when enabled
- #418 Only update Ingress status for the configured class
- #415 Improve external authentication docs
- #410 Add support for "signin url"
- #409 Allow custom http2 header sizes
- #408 Review docs
- #406 Add debug info and fix spelling
- #402 allow specifying custom dh param
- #397 Fix external auth
- #394 Update README.md
- #392 Fix http2 header size
- #391 remove tmp nginx-diff files
- #390 Fix RateLimit comment
- #385 add Copyright
- #382 Ingress Fake Certificate generation
- #380 Fix custom log format
- #373 Cleanup
- #371 add configuration to disable listening on ipv6
- #370 Add documentation for ingress.kubernetes.io/force-ssl-redirect
- #369 Minor text fix for "ApiServer"
- #367 BuildLogFormatUpstream was always using the default log-format
- #366 add_judgment
- #365 add ForceSSLRedirect ingress annotation
- #364 Fix error caused by increasing proxy_buffer_size (#363)
- #362 Fix ingress class
- #360 add example of 'run multiple nginx ingress controllers as a deployment'
- #358 Checks if the TLS secret contains a valid keypair structure
- #356 Disable listen only on ipv6 and fix proxy_protocol
- #354 add judgment
- #352 Add ability to customize upstream and stream log format
- #351 Enable custom election id for status sync.
- #347 Fix client source IP address
- #345 Fix lint error
- #344 Refactoring of TCP and UDP services
- #343 Fix node lister when --watch-namespace is used
- #341 Do not run coverage check in the default target.
- #340 Add support for specify proxy cookie path/domain
- #337 Fix for formatting error introduced in #304
- #335 Fix for vet complaints:
- #332 Add annotation to customize nginx configuration
- #331 Correct spelling mistake
- #328 fix misspell "affinity" in main.go
- #326 add nginx daemonset example
- #311 Sort stream service ports to avoid extra reloads
- #307 Add docs for body-size annotation
- #306 modify nginx readme
- #304 change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams'
0.9-beta.2
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2
New Features:
- New configuration flag
proxy-set-headers
to allow set custom headers before send traffic to backends. Example here - Disable directive access_log globally using
disable-access-log: "true"
in the configuration ConfigMap. - Sticky session per Ingress rule using the annotation
ingress.kubernetes.io/affinity
. Example here
Changes:
- #300 Change nginx variable to use in filter of access_log
- #296 Fix rewrite regex to match the start of the URL and not a substring
- #293 Update makefile gcloud docker command
- #290 Update nginx version in ingress controller to 1.11.10
- #286 Add logs to help debugging and simplify default upstream configuration
- #285 Added a Node StoreLister type
- #281 Add chmod up directory tree for world read/execute on directories
- #279 fix wrong link in the file of examples/README.md
- #275 Pass headers to custom error backend
- #272 Fix error getting class information from Ingress annotations
- #268 minor: Fix typo in nginx README
- #265 Fix rewrite annotation parser
- #262 Add nginx README and configuration docs back
- #261 types.go: fix typo in godoc
- #258 Nginx sticky annotations
- #255 Adds support for disabling access_log globally
- #247 Fix wrong URL in nginx ingress configuration
- #246 Add support for custom proxy headers using a ConfigMap
- #244 Add information about cors annotation
- #241 correct a spell mistake
- #232 Change searchs with searches
- #231 Add information about proxy_protocol in port 442
- #228 Fix worker check issue
- #227 proxy_protocol on ssl_passthrough listener
- #223 Fix panic if a tempfile cannot be created
- #220 Fixes for minikube usage instructions.
- #219 Fix typo, add a couple of links.
- #218 Improve links from CONTRIBUTING.
- #217 Fix an e2e link.
- #212 Simplify code to obtain TCP or UDP services
- #208 Fix nil HTTP field
- #198 Add an example for static-ip and deployment
0.9-beta.1
Image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.1
New Features:
- SSL Passthrough
- New Flag
--publish-service
that set the Service fronting the ingress controllers - Ingress status shows the correct IP/hostname address without duplicates
- Custom body sizes per Ingress
- Prometheus metrics
Breaking changes:
- Flag
--nginx-configmap
was replaced with--configmap
- Configmap field
body-size
was replaced withproxy-body-size
Changes:
- #184 Fix template error
- #179 Allows the usage of Default SSL Cert
- #178 Add initialization of proxy variable
- #177 Refactoring sysctlFSFileMax helper
- #176 Fix TLS does not get updated when changed
- #174 Update nginx to 1.11.9
- #172 add some unit test cases for some packages under folder "core.pkg.ingress"
- #168 Changes the SSL Temp file to something inside the same SSL Directory
- #165 Fix rate limit issue when more than 2 servers enabled in ingress
- #161 Document some missing parameters and their defaults for NGINX controller
- #158 prefect unit test cases for annotation.proxy
- #156 Fix issue for ratelimit
- #154 add unit test cases for core.pkg.ingress.annotations.cors
- #151 Port in redirect
- #150 Add support for custom header sizes
- #149 Add flag to allow switch off the update of Ingress status
- #148 Add annotation to allow custom body sizes
- #145 fix wrong links and punctuations
- #144 add unit test cases for core.pkg.k8s
- #143 Use protobuf instead of rest to connect to apiserver host and add troubleshooting doc
- #142 Use system fs.max-files as limits instead of hard-coded value
- #141 Add reuse port and backlog to port 80 and 443
- #138 reference to const
- #136 Add content and descriptions about nginx's configuration
- #135 correct improper punctuation
- #134 fix typo
- #133 Add TCP and UDP services removed in migration
- #132 Document nginx controller configuration tweaks
- #128 Add tests and godebug to compare structs
- #126 change the type of imagePullPolicy
- #123 Add resolver configuration to nginx
- #119 add unit test case for annotations.service
- #115 add default_server to listen statement for default backend
- #114 fix typo
- #113 Add condition of enqueue and unit test cases for task.Queue
- #108 annotations: print error and skip if malformed
- #107 fix some wrong links of examples which to be used for nginx
- #103 Update the nginx controller manifests
- #101 Add unit test for strings.StringInSlice
- #99 Update nginx to 1.11.8
- #97 Fix gofmt
- #96 Fix typo PassthrougBackends -> PassthroughBackends
- #95 Deny location mapping in case of specific errors
- #94 Add support to disable server_tokens directive
- #93 Fix sort for catch all server
- #92 Refactoring of nginx configuration deserialization
- #91 Fix x-forwarded-port mapping
- #90 fix the wrong link to build/test/release
- #89 fix the wrong links to the examples and developer documentation
- #88 Fix multiple tls hosts sharing the same secretName
- #86 Update X-Forwarded-Port
- #82 Fix incorrect X-Forwarded-Port for TLS
- #81 Do not push containers to remote repo as part of test-e2e
- #78 Fix #76: hardcode X-Forwarded-Port due to SSL Passthrough
- #77 Add support for IPV6 in dns resolvers
- #66 Start FAQ docs
- #65 Support hostnames in Ingress status
- #64 Sort whitelist list to avoid random orders
- #62 Fix e2e make targets
- #61 Ignore coverage profile files
- #58 Fix "invalid port in upstream" on nginx controller
- #57 Fix invalid port in upstream
- #54 Expand developer docs
- #52 fix typo in variable ProxyRealIPCIDR
- #44 Bump nginx version to one higher than that in contrib
- #36 Add nginx metrics to prometheus
- #34 nginx: also listen on ipv6
- #32 Restart nginx if master process dies
- #31 Add healthz checker
- #25 Fix a data race in TestFileWatcher
- #12 Split implementations from generic code
- #10 Copy Ingress history from kubernetes/contrib
- #1498 Refactoring of template handling
- #1571 use POD_NAMESPACE as a namespace in cli parameters
- #1591 Always listen on port 443, even without ingress rules
- #1596 Adapt nginx hash sizes to the number of ingress
- #1653 Update image version
- #1672 Add firewall rules and ing class clarifications
- #1711 Add function helpers to nginx template
- #1743 Allow customisation of the nginx proxy_buffer_size directive via ConfigMap
- #1749 Readiness probe that works behind a CP lb
- #1751 Add the name of the upstream in the log
- #1758 Update nginx to 1.11.4
- #1759 Add support for default backend in Ingress rule
- #1762 Add cloud detection
- #1766 Clarify the controller uses endpoints and not services
- #1767 Update godeps
- #1772 Avoid replacing nginx.conf file if the new configuration is invalid
- #1773 Add annotation to add CORS support
- #1786 Add docs about go template
- #1796 Add external authentication support using auth_request
- #1802 Initialize proxy_upstream_name variable
- #1806 Add docs about the log format
- #1808 WebSocket documentation
- #1847 Change structure of packages
- Add annotation for custom upstream timeouts
- Mutual TLS auth (https://github.com/kubernetes/contrib/issues/1870)
0.8.3
- #1450 Check for errors in nginx template
- #1498 Refactoring of template handling
- #1467 Use ClientConfig to configure connection
- #1575 Update nginx to 1.11.3
0.8.2
- #1336 Add annotation to skip ingress rule
- #1338 Add HTTPS default backend
- #1351 Avoid generation of invalid ssl certificates
- #1379 improve nginx performance
- #1350 Improve performance (listen backlog=net.core.somaxconn)
- #1384 Unset Authorization header when proxying
- #1398 Mitigate HTTPoxy Vulnerability
0.8.1
0.8
- #1063 watches referenced tls secrets
- #850 adds configurable SSL redirect nginx controller
- #1136 Fix nginx rewrite rule order
- #1144 Add cidr whitelist support
- #1230 Improve docs and examples
- #1258 Avoid sync without a reachable
- #1235 Fix stats by country in nginx status page
- #1236 Update nginx to add dynamic TLS records and spdy
- #1238 Add support for dynamic TLS records and spdy
- #1239 Add support for conditional log of urls
- #1253 Use delayed queue
- #1296 Fix formatting
- #1299 Fix formatting
0.7
- #898 reorder locations. Location / must be the last one to avoid errors routing to subroutes
- #946 Add custom authentication (Basic or Digest) to ingress rules
- #926 Custom errors should be optional
- #1002 Use k8s probes (disable NGINX checks)
- #962 Make optional http2
- #1054 force reload if some certificate change
- #958 update NGINX to 1.11.0 and add digest module
- #960 https://trac.nginx.org/nginx/changeset/ce94f07d50826fcc8d48f046fe19d59329420fdb/nginx
- #1057 Remove loadBalancer ip on shutdown
- #1079 path rewrite
- #1093 rate limiting
- #1102 geolocation of traffic in stats
- #884 support services running ssl
- #930 detect changes in configuration configmaps