What's Changed
๐ Features
- Add JSON Schema for Helm Chart by @lucacome in #3113
- add caseSensitiveHttpHeaders to appolicy crd by @galitskiy in #3133
- Add annotations for deployment and daemonset by @jasonwilliams14 in #3143
- Support default client proxy headers to be overwritten in VirtualServer by @centromere in #2735
- feature: Support Dynamic namespaces using Labels by @ciarams87 in #3299
- Deep service insight endpoint by @haywoodsh in #3261
- Add healthcheck for transport server by @jjngx in #3361
- Import JWKS from URL on JWT policy by @haywoodsh in #3347
๐ฃ Breaking Changes
๐ Bug Fixes
- Remove all IPV6 listeners in ingress resources with -disable-ipv6 command line by @haywoodsh in #3139
- Update script logic for validating tag by @shaun-nx in #3237
- Fix git command to retrieve commit matching the tag by @lucacome in #3239
๐ Documentation
- Merge release 2.4 to
mainby @lucacome in #3128 - Re-order and adjust custom resource headings for installation via manifest by @ADubhlaoich in #3141
- Add OpenSSF Scorecard Github Action and Badge by @lucacome in #3132
- Add controller.dnsPolicy to the helm chart by @wd in #3136
- Fix typo in Action.Proxy.ResponseHeaders by @tomasohaodha in #3157
- feat: October/22 f5-hugo theme bump by @ADubhlaoich in #3182
- Helm Chart: Add annotations to the service account in the Helm chart by @0m1xa in #3065
- fix: fix 2 broken links by @Jcahilltorre in #3211
- Use
nginxcontrib/nginxas base image for UBI by @lucacome in #2845 - Docs for 2.4.1 (#3184) by @ciarams87 in #3194
- Run pre-commit to fix whitespaces/newlines by @lucacome in #3223
- Watch subset of namespaces for secrets by @hafe in #3170
- feat: F5-hugo Theme bump - November by @ADubhlaoich in #3263
- Fix typos and links version by @lucacome in #3264
- add missing controller.config.annotation docs by @coolbry95 in #3285
- Add pytest command line option to skip resource teardown by @vepatel in #3291
- Allow configuration of
map-hash-bucket-sizeandmap-hash-max-sizedirectives by @shaun-nx in #3274 - add horizontalpodautoscaler by @coolbry95 in #3276
- Bump NGINX Plus to R28 by @ciarams87 in #3320
- Release 2.4.2 (#3323) by @ciarams87 in #3331
- Set value of
$remote_addrto client IP when TLSPassthrough and Proxy Protocol are enabled by @shaun-nx in #3341 - NSM OSS integration by @chase-kiefer in #3376
- fix: update github url for app-protect-waf by @Jcahilltorre in #3412
- feat: Fix minor issues, add docs contribution quickstart. by @ADubhlaoich in #3337
- Release 3.0.0 by @jjngx in #3429
๐งช Tests
- Update helloworld grpc generated file by @lucacome in #3220
- Run pre-commit to fix whitespaces/newlines in tests by @lucacome in #3226
- Run pre-commit hooks to fix python test imports by @lucacome in #3221
- Add automated tests for -watch-secret-namespace by @vepatel in #3245
- Move Docker build into reusable workflows, add NAP WAF by @lucacome in #3250
- Tests/flakiness tests ci kind by @vepatel in #3266
- Add more 502 checks for test backends by @vepatel in #3275
- Add retry mechanism for 502s by @vepatel in #3298
- Add hashes to python deps by @lucacome in #3305
- Add comments to requirements.txt by @lucacome in #3382
๐จ Maintenance
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #3134
- Add make target for running staticcheck locally by @jjngx in #3110
- Push NAP DoS image to AWS Marketplace by @lucacome in #3131
- Restore pushing
edgefor Plus images by @lucacome in #3162 - Add CODEOWNERS by @lucacome in #3151
- Run CI for docs changes by @lucacome in #3163
- Update test action by @lucacome in #3189
- Add pre-commit configuration by @lucacome in #2154
- Fix Makefile var overrides (#3224) by @hafe in #3225
- Unwrap error by @lucacome in #3234
- Remove unnecessary arg in generateTransportServerHealthCheckWithDefaults by @lucacome in #3236
- Always print build info, add flags used by @lucacome in #3231
- Remove ineffective break by @lucacome in #3235
- Add context to http calls by @lucacome in #3233
- Refactor watchers - Create separate type for namespaced informers by @ciarams87 in #3238
- Run golangci-lint in pre-commit only for changed files by @lucacome in #3247
- Add linter for GitHub Actions by @lucacome in #3251
- Update packages for CVEs by @lucacome in #3258
- Drop support for k8s < 1.21 by @lucacome in #3252
- Update minimum version in k8s version check by @ciarams87 in #3265
- fix: Pin ubi8 image to unblock nap ubi builds by @ciarams87 in #3267
- Bump GitHub runner to Ubuntu 22.04 by @lucacome in #3273
- Add NAP builds for UBI by @lucacome in #3272
- Remove version check in controller-service.yaml by @lucacome in #3282
- Update Helm Chart JSON Schema by @lucacome in #3283
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3289
- Update Scorecards workflow by @lucacome in #3290
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #3286
- [StepSecurity] Apply security best practices by @step-security-bot in #3292
- Add notifications for Build workflows by @lucacome in #3304
- Add label for Helm Chart by @lucacome in #3284
- Fix for CVE-2022-42898 by @ciarams87 in #3322
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3315
- Fix conditions for Docker build and cache name by @lucacome in #3340
- Restore versioned repo by @lucacome in #3348
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3362
- Add k8s 1.25 to the nightly matrix by @lucacome in #3359
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3378
- Update packages and dependencies for CVEs by @lucacome in #3384
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3395
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3417
โฌ๏ธ Dependencies
Details
- Bump google.golang.org/grpc from 1.49.0 to 1.50.0 by @dependabot in #3130
- Bump github.com/kr/pretty from 0.3.0 to 0.3.1 by @dependabot in #3137
- Bump k8s.io/client-go from 0.25.2 to 0.25.3 by @dependabot in #3147
- Bump ossf/scorecard-action from 2.0.3 to 2.0.4 by @dependabot in #3146
- Bump k8s.io/code-generator from 0.25.2 to 0.25.3 by @dependabot in #3149
- Update golang.org/x/text for CVE-2022-32149 by @lucacome in #3153
- Bump more-itertools from 8.14.0 to 9.0.0 in /tests by @dependabot in #3168
- Bump google.golang.org/grpc from 1.50.0 to 1.50.1 by @dependabot in #3160
- Bump grpcio from 1.49.1 to 1.50.0 in /tests by @dependabot in #3173
- Bump ossf/scorecard-action from 2.0.4 to 2.0.5 by @dependabot in #3172
- Bump locust from 2.12.1 to 2.12.2 in /perf-tests by @dependabot in #3159
- Bump ossf/scorecard-action from 2.0.5 to 2.0.6 by @dependabot in #3179
- Bump nginx from 1.23.1 to 1.23.2 in /build by @dependabot in #3188
- chore: Update cert-manager to latest by @ciarams87 in #3181
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.19 to 1.13.20 by @dependabot in #3198
- Bump github.com/aws/aws-sdk-go-v2/config from 1.17.8 to 1.17.10 by @dependabot in #3200
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.20 to 1.13.21 by @dependabot in #3201
- Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in #3197
- Bump pytest from 7.1.3 to 7.2.0 in /perf-tests by @dependabot in #3204
- Bump pytest-html from 3.1.1 to 3.2.0 in /tests by @dependabot in #3202
- Bump pytest from 7.1.3 to 7.2.0 in /tests by @dependabot in #3203
- Bump pytest-html from 3.1.1 to 3.2.0 in /perf-tests by @dependabot in #3205
- Bump kindest/node from v1.25.2 to v1.25.3 in /tests/docker by @dependabot in #3207
- Bump kubernetes from 24.2.0 to 25.3.0 in /tests by @dependabot in #3209
- Bump kubernetes from 24.2.0 to 25.3.0 in /perf-tests by @dependabot in #3208
- Bump opentracing/nginx-opentracing from nginx-1.23.1 to nginx-1.23.2 in /build by @dependabot in #3190
- Bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 by @dependabot in #3216
- Bump anchore/sbom-action from 0.12.0 to 0.13.0 by @dependabot in #3215
- Bump github.com/prometheus/client_golang from 1.13.0 to 1.13.1 by @dependabot in #3217
- Bump locust from 2.12.2 to 2.13.0 in /perf-tests by @dependabot in #3214
- Bump nginxcontrib/nginx from 1.23.1-ubi to 1.23.2-ubi in /build by @dependabot in #3218
- Bump grpcio-tools from 1.48.1 to 1.50.0 in /tests by @dependabot in #3169
- Bump python from 3.10 to 3.11 in /tests/docker by @dependabot in #3206
- Bump anchore/sbom-action from 0.13.0 to 0.13.1 by @dependabot in #3229
- Bump isort/isort-action from 1.0.0 to 1.1.0 by @dependabot in #3228
- Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 by @dependabot in #3230
- Bump k8s.io/client-go from 0.25.3 to 0.25.4 by @dependabot in #3241
- Bump k8s.io/code-generator from 0.25.3 to 0.25.4 by @dependabot in #3243
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.21 to 1.13.22 by @dependabot in #3242
- Bump github.com/aws/aws-sdk-go-v2/config from 1.17.10 to 1.18.0 by @dependabot in #3246
- Bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 by @dependabot in #3277
- Bump github.com/cert-manager/cert-manager from 1.10.0 to 1.10.1 by @dependabot in #3279
- Bump google.golang.org/grpc from 1.50.1 to 1.51.0 by @dependabot in #3280
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.0 to 1.18.2 by @dependabot in #3278
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.22 to 1.13.23 by @dependabot in #3270
- Bump grpcio from 1.50.0 to 1.51.0 in /tests by @dependabot in #3287
- Bump grpcio-tools from 1.50.0 to 1.51.0 in /tests by @dependabot in #3288
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.23 to 1.13.24 by @dependabot in #3296
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.2 to 1.18.3 by @dependabot in #3297
- Bump urllib3 from 1.26.12 to 1.26.13 in /tests by @dependabot in #3312
- Bump grpcio from 1.51.0 to 1.51.1 in /tests by @dependabot in #3324
- Bump urllib3 from 1.26.12 to 1.26.13 in /perf-tests by @dependabot in #3311
- Bump reviewdog/action-actionlint from 1.34.1 to 1.34.2 by @dependabot in #3332
- Bump grpcio-tools from 1.51.0 to 1.51.1 in /tests by @dependabot in #3325
- Bump actions/setup-go from 3.3.1 to 3.4.0 by @dependabot in #3329
- Bump locust from 2.13.0 to 2.13.1 in /perf-tests by @dependabot in #3327
- Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 by @dependabot in #3318
- Bump github/codeql-action from 2.1.33 to 2.1.35 by @dependabot in #3328
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.3 to 1.18.4 by @dependabot in #3335
- Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 by @dependabot in #3317
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.24 to 1.13.25 by @dependabot in #3333
- Bump alpine from 3.16 to 3.17 in /build by @dependabot in #3306
- Bump protobuf from 4.21.10 to 4.21.11 in /tests by @dependabot in #3343
- Bump certifi from 2022.9.24 to 2022.12.7 in /perf-tests by @dependabot in #3342
- Bump certifi from 2022.9.24 to 2022.12.7 in /tests by @dependabot in #3345
- Bump packaging from 21.3 to 22.0 in /tests by @dependabot in #3344
- Bump 8398a7/action-slack from 3.14.0 to 3.15.0 by @dependabot in #3350
- Bump github/codeql-action from 2.1.35 to 2.1.36 by @dependabot in #3351
- Bump locust from 2.13.1 to 2.13.2 in /perf-tests by @dependabot in #3349
- Bump kindest/node from v1.25.3 to v1.26.0 in /tests/docker by @dependabot in #3358
- Bump k8s.io/code-generator from 0.25.4 to 0.26.0 by @dependabot in #3353
- Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #3360
- Bump actions/setup-go from 3.4.0 to 3.5.0 by @dependabot in #3364
- Bump reviewdog/action-actionlint from 1.34.2 to 1.35.0 by @dependabot in #3367
- Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 by @dependabot in #3366
- Bump locust from 2.13.2 to 2.14.0 in /perf-tests by @dependabot in #3365
- Bump nginx from 1.23.2 to 1.23.3 in /build by @dependabot in #3368
- Bump nginxcontrib/nginx from 1.23.2-ubi to 1.23.3-ubi in /build by @dependabot in #3369
- Bump github/codeql-action from 2.1.36 to 2.1.37 by @dependabot in #3370
- Bump protobuf from 4.21.11 to 4.21.12 in /tests by @dependabot in #3371
- Bump opentracing/nginx-opentracing from nginx-1.23.2 to nginx-1.23.3 in /build by @dependabot in #3372
- Bump ossf/scorecard-action from 2.0.6 to 2.1.0 by @dependabot in #3373
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.4 to 1.18.5 by @dependabot in #3374
- Bump actions/stale from 6.0.1 to 7.0.0 by @dependabot in #3386
- Bump actions/cache from 3.0.11 to 3.2.0 by @dependabot in #3387
- Bump ossf/scorecard-action from 2.1.0 to 2.1.2 by @dependabot in #3390
- Bump attrs from 22.1.0 to 22.2.0 in /tests by @dependabot in #3388
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.5 to 1.18.7 by @dependabot in #3385
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.25 to 1.13.26 by @dependabot in #3375
- Bump pyopenssl from 22.1.0 to 23.0.0 in /tests by @dependabot in #3400
- Bump mock from 4.0.3 to 5.0.0 in /tests by @dependabot in #3397
- Bump actions/cache from 3.2.0 to 3.2.2 by @dependabot in #3396
- Bump cryptography from 38.0.4 to 39.0.0 in /tests by @dependabot in #3401
- Bump actions/setup-node from 3.5.1 to 3.6.0 by @dependabot in #3405
- Bump locust from 2.14.0 to 2.14.2 in /perf-tests by @dependabot in #3403
- Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #3406
- Bump actions/download-artifact from 3.0.1 to 3.0.2 by @dependabot in #3407
- Bump golang.org/x/exp by @lucacome in #3404
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.26 to 1.14.0 by @dependabot in #3408
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.7 to 1.18.8 by @dependabot in #3409
- Bump actions/upload-artifact from 3.1.1 to 3.1.2 by @dependabot in #3410
- Bump cachetools from 5.2.0 to 5.2.1 in /tests by @dependabot in #3414
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.1 to 2.1.2 by @dependabot in #3420
- Bump packaging from 22.0 to 23.0 in /tests by @dependabot in #3416
- Bump actions/cache from 3.2.2 to 3.2.3 by @dependabot in #3415
- Bump google-auth from 2.15.0 to 2.16.0 in /tests by @dependabot in #3419
- Bump mock from 5.0.0 to 5.0.1 in /tests by @dependabot in #3418
- Bump google.golang.org/grpc from 1.51.0 to 1.52.0 by @dependabot in #3421
- Bump iniconfig from 1.1.1 to 2.0.0 in /tests by @dependabot in #3411
- Bump cert-manager to v1.11.0 by @lucacome in #3391
New Contributors
- @step-security-bot made their first contribution in #3134
- @0m1xa made their first contribution in #3065
- @pre-commit-ci made their first contribution in #3289
- @chase-kiefer made their first contribution in #3376
Full Changelog: v2.4.2...v3.0.0
Upgrade
- For NGINX, use the v3.0.0 image from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v3.0.0 image from the F5 Container registry or the AWS Marketplace or build your own image using the v3.0.0 source code.
- For Helm, use version 0.16.0 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.0/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.0/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-operator/