What's Changed
🚀 Features
- Gunzip for VS by @jjngx in #3790
- Inherit NET_BIND_SERVICE from IC to Nginx by @sigv in #3722
- Fix/OIDC - relaxed OIDC scope validation by @jjngx in #3863
- Specify
manifests by @sigv in #3925 - Add support for the SameSite sticky cookie attribute by @jjngx in #4001
- Add Alpine image with FIPS inside by @lucacome in #4031
🐛 Bug Fixes
- Update VirtualServer to ignore CRL for EgressMTLS by @shaun-nx in #3737
- Update VirtualServer template to generate an internal jwt auth location per policy applied by @shaun-nx in #3798
- indent to annotations key in leader-elec cm by @vepatel in #3840
- Fix gunzip support for VS and add python tests by @jjngx in #3844
- Add Funcs() method to UpdateVirtualServerTemplate method by @coolbry95 in #3870
- fix --enternal-service flag when using serviceNameOverride by @timnee in #3933
📦 Helm Chart
- Update Helm docs by @lucacome in #3698
- Updated NGINX Service Mesh references in Helm templates by @jbyers19 in #3602
- Egress via Ingress VirtualServer Resource by @chase-kiefer in #3491
- Swap cpu and memory in HPA template by @coolbry95 in #3773
- added serviceNameOverride by @timnee in #3802
- Fix GlobalConfiguration name in Helm Chart by @lucacome in #3815
- Remove semverCompare for allocateLoadBalancerNodePorts by @centromere in #3814
- Reverse order of NAPDOS maxDaemons and maxWorkers in Helm chart by @ciarams87 in #3905
- Release 3.2.0 by @lucacome in #4055
🧪 Tests
- Update NAP DoS test container by @lucacome in #3663
- Update ca and client certificates for CRL python tests by @shaun-nx in #3764
- update gitlab dockerfile by @vepatel in #3789
- increase counter and add retries to jwks and mtls ingress tests by @vepatel in #3861
- Update expired CRL and Certificates for IngressMTLS python tests by @shaun-nx in #3906
- Skip JWKS tests by @shaun-nx in #3922
- Bail fast if function returns error by @jjngx in #4016
🔨 Maintenance
- Switch to draft-release action by @lucacome in #3675
- Only get the subject of the commit message for notifications by @lucacome in #3689
- Move build docker steps after tests by @lucacome in #3690
- Use OIDC to login to AWS by @lucacome in #3740
- Add k8s 1.26 to nightly run as k8s_latest is 1.27 by @vepatel in #3788
- Add AWS startup log by @lucacome in #3797
- Use appropriate context in metadata-action by @lucacome in #3796
- Use OIDC to login to GCR by @lucacome in #3838
- Simplify validators by @jjngx in #3818
- Simplify validation code for listener protocol by @jjngx in #3885
- Make TransportServer tests run in parallel by @jjngx in #3892
- Update CI by @lucacome in #3836
- Run tests in parallel by @jjngx in #3910
- Simplify validators by @jjngx in #3909
- Update error handling by @jjngx in #3936
- Remove explicit
definition by @sigv in #3926 - Fix release notes condition by @lucacome in #3950
- Update openid-connect.js by @vepatel in #3995
- Add dependency review workflow and config by @lucacome in #4000
- Update GoReleaser config by @lucacome in #3974
- Update packages for CVEs by @lucacome in #4033
- Cleanup Makefile by @lucacome in #4020
- Update notification and build workflows by @lucacome in #3973
- Update labeler to official action by @lucacome in #4004
- Create tags for OSS images on release branch by @lucacome in #4041
- Make NAP independent from Plus by @lucacome in #4054
- Add step to publish to AWS Marketplace by @lucacome in #4045
📝 Documentation
- Update Service Insight docs by @jjngx in #3684
- Release 3.1.0 by @shaun-nx in #3700
- Example for the service insight feature (VS and TS) by @jjngx in #3691
- Update release file with additional information by @jasonwilliams14 in #3704
- Update correct path for default-server-secret by @jasonwilliams14 in #3713
- Docs theme updates by @jputrino in #3751
- Update docs for operator 1.4.0 by @vepatel in #3762
- Initial install guide for GCP Marketplace Package (#3561) by @lucacome in #3800
- docs: Address two minor issues and update product nouns by @ADubhlaoich in #3736
- Add NGINX Ingress controller with OSM tutorial by @jasonwilliams14 in #3592
- Release 3.1.1 (#3860) by @lucacome in #3869
- Update official Ingress resource link by @ADubhlaoich in #3864
- Update operator docs by @lucacome in #3921
- Add AWS Marketplace images for NAP by @lucacome in #3935
- Add GCP Marketplace to technical-specifications and release by @lucacome in #3951
- update numbering in manifest installation by @vepatel in #4015
- Update theme version, adjust weight of top level pages & sections by @ADubhlaoich in #3979
- Add document to tutorial section for configuring the default oidc implementation by @shaun-nx in #4022
- fix links and product name usage in NAP WAF config guide by @jputrino in #3972
- Custom listen ports document by @jasonwilliams14 in #3715
- Add FIPS to the list of images by @lucacome in #4048
- Update README by @lucacome in #4044
- Tutorial for FCP by @haywoodsh in #3954
- fix: bump hugo theme to 0.33 by @Jcahilltorre in #4060
- NGINX Ingress with Linkerd guide by @jasonwilliams14 in #3993
⬆️ Dependencies
170 changes
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.18 to 1.18.19 by @dependabot in #3681
- Bump actions/stale from 7.0.0 to 8.0.0 by @dependabot in #3680
- Bump github/codeql-action from 2.2.7 to 2.2.8 by @dependabot in #3687
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.6 to 1.14.7 by @dependabot in #3682
- Bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #3688
- Bump pyopenssl from 23.0.0 to 23.1.0 in /tests by @dependabot in #3693
- Bump cryptography from 39.0.2 to 40.0.1 in /tests by @dependabot in #3694
- Bump google-auth from 2.16.2 to 2.16.3 in /tests by @dependabot in #3695
- Bump github/codeql-action from 2.2.8 to 2.2.9 by @dependabot in #3692
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3699
- Bump nginx from 1.23.3 to 1.23.4 in /build by @dependabot in #3705
- Bump nginxcontrib/nginx from 1.23.3-ubi to 1.23.4-ubi in /build by @dependabot in #3706
- Bump opentracing/nginx-opentracing from nginx-1.23.3 to nginx-1.23.4 in /build by @dependabot in #3709
- Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #3711
- Bump kindest/node from v1.26.2 to v1.26.3 in /tests/docker by @dependabot in #3710
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.3 to 2.1.4 by @dependabot in #3712
- Bump pyopenssl from 23.1.0 to 23.1.1 in /tests by @dependabot in #3717
- Bump anchore/sbom-action from 0.13.4 to 0.14.1 by @dependabot in #3720
- Bump google-auth from 2.16.3 to 2.17.1 in /tests by @dependabot in #3718
- Bump grpcio from 1.51.3 to 1.53.0 in /tests by @dependabot in #3721
- Bump grpcio-tools from 1.51.3 to 1.53.0 in /tests by @dependabot in #3719
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3723
- Bump reviewdog/action-actionlint from 1.36.0 to 1.37.0 by @dependabot in #3727
- Bump 8398a7/action-slack from 3.15.0 to 3.15.1 by @dependabot in #3734
- Bump github/codeql-action from 2.2.9 to 2.2.11 by @dependabot in #3735
- Bump github.com/cert-manager/cert-manager from 1.11.0 to 1.11.1 by @dependabot in #3739
- Bump peter-evans/dockerhub-description from 3.3.0 to 3.4.0 by @dependabot in #3738
- Bump actions/github-script from 6.4.0 to 6.4.1 by @dependabot in #3733
- Bump peter-evans/dockerhub-description from 3.4.0 to 3.4.1 by @dependabot in #3746
- Bump pytest from 7.2.2 to 7.3.0 in /tests by @dependabot in #3745
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.19 to 1.18.20 by @dependabot in #3748
- Bump google-auth from 2.17.1 to 2.17.2 in /tests by @dependabot in #3744
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.7 to 1.14.9 by @dependabot in #3749
- Bump kindest/node from v1.26.3 to v1.27.0 in /tests/docker by @dependabot in #3761
- Bump actions/checkout from 3.5.0 to 3.5.2 by @dependabot in #3765
- Bump github/codeql-action from 2.2.11 to 2.2.12 by @dependabot in #3766
- Bump codecov/codecov-action from 3.1.1 to 3.1.2 by @dependabot in #3755
- Bump cryptography from 40.0.1 to 40.0.2 in /tests by @dependabot in #3777
- Bump pytest from 7.2.2 to 7.3.1 in /perf-tests by @dependabot in #3775
- Bump packaging from 23.0 to 23.1 in /tests by @dependabot in #3776
- Bump attrs from 22.2.0 to 23.1.0 in /tests by @dependabot in #3774
- Bump protobuf from 4.22.1 to 4.22.3 in /tests by @dependabot in #3778
- Bump kindest/node from v1.27.0 to v1.27.1 in /tests/docker by @dependabot in #3786
- Bump google-auth from 2.17.2 to 2.17.3 in /tests by @dependabot in #3785
- Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 by @dependabot in #3787
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.20 to 1.18.21 by @dependabot in #3750
- Bump mock from 5.0.1 to 5.0.2 in /tests by @dependabot in #3779
- Bump pytest from 7.3.0 to 7.3.1 in /tests by @dependabot in #3784
- Bump k8s.io/code-generator from 0.26.3 to 0.27.1 by @dependabot in #3782
- Bump docker/metadata-action from 4.3.0 to 4.4.0 by @dependabot in #3794
- Bump grpcio from 1.53.0 to 1.54.0 in /tests by @dependabot in #3793
- Bump grpcio-tools from 1.53.0 to 1.54.0 in /tests by @dependabot in #3795
- Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 by @dependabot in #3799
- Bump github/codeql-action from 2.2.12 to 2.3.0 by @dependabot in #3810
- Bump pyasn1-modules from 0.2.8 to 0.3.0 in /tests by @dependabot in #3808
- Bump sigs.k8s.io/controller-tools from 0.11.3 to 0.11.4 by @dependabot in #3805
- Bump pyasn1 from 0.4.8 to 0.5.0 in /tests by @dependabot in #3809
- Bump codecov/codecov-action from 3.1.2 to 3.1.3 by @dependabot in #3803
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3811
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.21 to 1.18.22 by @dependabot in #3813
- Bump github/codeql-action from 2.3.0 to 2.3.2 by @dependabot in #3826
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.9 to 1.14.10 by @dependabot in #3812
- Bump lucacome/draft-release from 0.1.1 to 0.2.0 by @dependabot in #3825
- Bump requests from 2.28.2 to 2.29.0 in /tests by @dependabot in #3829
- Remove replace no longer needed by @lucacome in #3832
- Bump urllib3 from 1.26.15 to 2.0.1 in /perf-tests by @dependabot in #3828
- Update packages for CVEs by @lucacome in #3831
- Bump NGINX Plus to R29 by @lucacome in #3833
- Update Arbitrator to v1.1.1 by @lucacome in #3837
- Bump protobuf from 4.22.3 to 4.23.0 in /tests by @dependabot in #3901
- Bump codecov/codecov-action from 3.1.3 to 3.1.4 by @dependabot in #3904
- Bump google-github-actions/auth from 1.1.0 to 1.1.1 by @dependabot in #3888
- Bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #3899
- Bump anchore/sbom-action from 0.14.1 to 0.14.2 by @dependabot in #3876
- Bump github/codeql-action from 2.3.2 to 2.3.3 by @dependabot in #3866
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3886
- Bump github.com/prometheus/client_golang from 1.15.0 to 1.15.1 by @dependabot in #3845
- Bump google-auth from 2.17.3 to 2.18.1 in /tests by @dependabot in #3912
- Bump requests from 2.28.2 to 2.30.0 in /perf-tests by @dependabot in #3877
- Bump requests from 2.29.0 to 2.30.0 in /tests by @dependabot in #3881
- Bump protobuf from 4.23.0 to 4.23.1 in /tests by @dependabot in #3915
- Bump grpcio from 1.54.0 to 1.54.2 in /tests by @dependabot in #3916
- Bump certifi from 2022.12.7 to 2023.5.7 in /perf-tests by @dependabot in #3878
- Bump grpcio-tools from 1.54.0 to 1.54.2 in /tests by @dependabot in #3913
- Bump certifi from 2022.12.7 to 2023.5.7 in /tests by @dependabot in #3882
- Bump urllib3 from 2.0.1 to 2.0.2 in /perf-tests by @dependabot in #3879
- Bump github.com/cert-manager/cert-manager from 1.11.1 to 1.11.2 by @dependabot in #3914
- Bump kindest/node from v1.27.1 to v1.27.2 in /tests/docker by @dependabot in #3931
- Bump websocket-client from 1.5.1 to 1.5.2 in /tests by @dependabot in #3930
- Bump requests from 2.30.0 to 2.31.0 in /perf-tests by @dependabot in #3928
- Bump requests from 2.30.0 to 2.31.0 in /tests by @dependabot in #3929
- Bump k8s.io/code-generator from 0.27.1 to 0.27.2 by @dependabot in #3919
- Bump github.com/cert-manager/cert-manager from 1.11.2 to 1.12.0 by @dependabot in #3924
- Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in #3923
- Bump k8s.io/client-go from 0.26.4 to 0.27.2 by @dependabot in #3917
- Bump nginx from 1.23.4-alpine to 1.25.0-alpine in /build by @dependabot in #3938
- Bump github.com/cert-manager/cert-manager from 1.12.0 to 1.12.1 by @dependabot in #3941
- Bump nginxcontrib/nginx from 1.23.4-ubi to 1.25.0-ubi in /build by @dependabot in #3939
- Bump github/codeql-action from 2.3.3 to 2.3.4 by @dependabot in #3940
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.4 to 2.1.5 by @dependabot in #3947
- Bump cachetools from 5.3.0 to 5.3.1 in /tests by @dependabot in #3943
- Bump github/codeql-action from 2.3.4 to 2.3.5 by @dependabot in #3942
- Bump google-auth from 2.18.1 to 2.19.0 in /tests by @dependabot in #3946
- Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in #3948
- Bump protobuf from 4.23.1 to 4.23.2 in /tests by @dependabot in #3944
- Bump pytest-metadata from 2.0.4 to 3.0.0 in /tests by @dependabot in #3945
- Bump opentracing/nginx-opentracing from nginx-1.23.4 to nginx-1.25.0 in /build by @dependabot in #3949
- Bump github/codeql-action from 2.3.5 to 2.3.6 by @dependabot in #3953
- Bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @dependabot in #3955
- Bump aws-actions/configure-aws-credentials from 2.0.0 to 2.1.0 by @dependabot in #3952
- Bump pyopenssl from 23.1.1 to 23.2.0 in /tests by @dependabot in #3957
- Bump cryptography from 40.0.2 to 41.0.1 in /tests by @dependabot in #3958
- Bump google-auth from 2.19.0 to 2.19.1 in /tests by @dependabot in #3959
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3963
- Bump aquasecurity/trivy-action from 0.10.0 to 0.11.0 by @dependabot in #3966
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.5 to 2.1.6 by @dependabot in #3967
- Bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in #3968
- Bump docker/metadata-action from 4.4.0 to 4.5.0 by @dependabot in #3969
- Bump docker/setup-buildx-action from 2.5.0 to 2.6.0 by @dependabot in #3971
- Bump docker/setup-qemu-action from 2.1.0 to 2.2.0 by @dependabot in #3970
- Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #3981
- Bump docker/build-push-action from 4.0.0 to 4.1.0 by @dependabot in #3980
- Bump github/codeql-action from 2.3.6 to 2.13.4 by @dependabot in #3982
- Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @dependabot in #3986
- Bump urllib3 from 2.0.2 to 2.0.3 in /perf-tests by @dependabot in #3988
- Bump pytest from 7.3.1 to 7.3.2 in /tests by @dependabot in #3990
- Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 by @dependabot in #3985
- Bump aquasecurity/trivy-action from 0.11.0 to 0.11.2 by @dependabot in #3984
- Bump pytest from 7.3.1 to 7.3.2 in /perf-tests by @dependabot in #3987
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #3994
- Bump docker/metadata-action from 4.5.0 to 4.6.0 by @dependabot in #3997
- Bump docker/build-push-action from 4.1.0 to 4.1.1 by @dependabot in #3998
- Bump docker/setup-buildx-action from 2.6.0 to 2.7.0 by @dependabot in #3999
- Bump websocket-client from 1.5.2 to 1.5.3 in /tests by @dependabot in #3991
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.22 to 1.18.26 by @dependabot in #4003
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.10 to 1.14.12 by @dependabot in #4002
- Bump nginxcontrib/nginx from 1.25.0-ubi to 1.25.1-ubi in /build by @dependabot in #4005
- Bump kindest/node from v1.27.2 to v1.27.3 in /tests/docker by @dependabot in #4008
- Bump aws-actions/configure-aws-credentials from 2.1.0 to 2.2.0 by @dependabot in #4009
- Bump k8s.io/client-go from 0.27.2 to 0.27.3 by @dependabot in #4012
- Bump nginx from 1.25.0-alpine to 1.25.1-alpine in /build by @dependabot in #4006
- Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in #4010
- Bump k8s.io/code-generator from 0.27.2 to 0.27.3 by @dependabot in #4011
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.14.12 to 1.14.13 by @dependabot in #4019
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #4029
- Bump github.com/cert-manager/cert-manager from 1.12.1 to 1.12.2 by @dependabot in #4017
- Bump google-auth from 2.19.1 to 2.20.0 in /tests by @dependabot in #4025
- Bump protobuf from 4.23.2 to 4.23.3 in /tests by @dependabot in #4027
- Bump peter-evans/dockerhub-description from 3.4.1 to 3.4.2 by @dependabot in #4030
- Bump reviewdog/action-actionlint from 1.37.0 to 1.37.1 by @dependabot in #4026
- Bump pyparsing from 3.0.9 to 3.1.0 in /tests by @dependabot in #4024
- Bump github.com/aws/aws-sdk-go-v2/config from 1.18.26 to 1.18.27 by @dependabot in #4018
- Bump websocket-client from 1.5.3 to 1.6.0 in /tests by @dependabot in #4028
- Bump anchore/sbom-action from 0.14.2 to 0.14.3 by @dependabot in #4034
- Bump CodeQL actions to v2.20.0 by @lucacome in #4035
- Bump golang.org/x/exp by @lucacome in #4036
- Bump github/codeql-action from 2.20.0 to 2.20.1 by @dependabot in #4037
- Bump pluggy from 1.0.0 to 1.2.0 in /tests by @dependabot in #4038
- Bump opentracing/nginx-opentracing from nginx-1.25.0 to nginx-1.25.1 in /build by @dependabot in #4040
- Bump grpcio from 1.54.2 to 1.56.0 in /tests by @dependabot in #4046
- Bump grpcio-tools from 1.54.2 to 1.56.0 in /tests by @dependabot in #4047
- Bump pytest from 7.3.2 to 7.4.0 in /perf-tests by @dependabot in #4050
- Bump pytest from 7.3.2 to 7.4.0 in /tests by @dependabot in #4049
- Bump alpine from 3.17 to 3.18 in /build by @dependabot in #3890
- Bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in #4052
- Bump websocket-client from 1.6.0 to 1.6.1 in /tests by @dependabot in #4051
- Bump alpine-fips to 0.1.1-alpine3.18 by @lucacome in #4053
- Bump debian from 11-slim to 12-slim in /build by @dependabot in #3996
- Bump google-auth from 2.20.0 to 2.21.0 in /tests by @dependabot in #4061
- Bump lucacome/draft-release from 0.2.0 to 0.2.1 by @dependabot in #4062
New Contributors
Full Changelog: v3.1.1...v3.2.0
- For NGINX, use the v3.2.0 images from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v3.2.0 images from the F5 Container registry, the AWS Marketplace, the GCP Marketplace or build your own image using the v3.2.0 source code.
- For Helm, use version 0.18.0 of the chart.
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.2.0/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.2.0/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-operator/