What's Changed
๐ Features
- Add runAsNonRoot in deployments by @lucacome in #2583
- Add container resource requests by @lucacome in #2484
- Add OpenTracing to all Debian and Alpine based images by @lucacome in #2581
- Update InternalRoute server_name by @sjberman in #2627
- Add support for allocateLoadBalancerNodePorts, ipFamilyPolicy and ipFamilies by @centromere in #2418
- Add handling of multiple log destinations by @rafwegv in #2328
- Add minReadySeconds & strategy support by @cmk-pcs in #2672
- AP: log-conf escaping chars by @rafwegv in #2691
- allow configuring topologySpreadConstraints in Helm chart by @kdomanski in #2625
- Add string sanitisation for proxy-pass-headers & proxy-hide-headers by @shaun-nx in #2730
- Add additional unit tests to confirm special characters can't be used in the lb-method annotation by @shaun-nx in #2742
- Add string validation to server-tokens annotation by @shaun-nx in #2733
- Validate rewrite annotation by @haywoodsh in #2734
- Validate JWT key, realm and login url for ingress resources annotations by @haywoodsh in #2754
- Add string validation to sticky-cookie-services annotation by @shaun-nx in #2751
- Add validation to Ingress path by @shaun-nx in #2775
- Sanitize nginx.com/jwt-token by @haywoodsh in #2774
- feat: add support for HTTP01 Challenges on VirtualServer resources by @ciarams87 in #2759
- feat: Report Hostname in ExternalEndpoint for VS and VSR resources by @ciarams87 in #2781
- Add external DNS endpoint CRD by @jjngx in #2762
- Update validation regex for path spec by @shaun-nx in #2783
- Add SBOMs to release by @lucacome in #2801
- HTTP basic auth support by @svvac in #2269
- feat: Integrate ExternalDNS with VirtualServer resources by @ciarams87 in #2800
๐ Bug Fixes
- Fix Dockerfile for amd64 microarchitectures by @lucacome in #2617
- Fix typo in documentation by @haywoodsh in #2624
- Add terminationGracePeriodSeconds to deployment by @maksym-iv in #2637
- Update codegen and fix check by @lucacome in #2663
- Sync changes from OIDC repo, add field in policy by @lucacome in #2654
- Fix status.loadbalancer.hostname deletion on OOMKill by @hvoigt in #2673
- Fix cases where CM enabled but no TLS block specified in VS by @ciarams87 in #2718
- Fix CVE-2022-1664 by @ciarams87 in #2722
- Update openssl libraries in debian images by @ciarams87 in #2797
- Fix the latest CVES by @ciarams87 in #2834
๐ Documentation
- Add Slack to contacts and update link by @lucacome in #2613
- Report expected controller by @jsoref in #2642
- Update OIDC example note for IPv6 by @brianehlert in #2653
- Upload Docker images to Quay.io by @lucacome in #2665
- Correct spelling mistakes by @jsoref in #2645
- Fix typo in the documentation. by @thresheek in #2683
- Update docs to reflect DNS01 Issuer support by @ciarams87 in #2666
- Release 2.2.2 to main by @lucacome in #2720
- Update operator docs for latest release by @ciarams87 in #2752
- docs: Add missing doc update by @ciarams87 in #2782
- Validation for App Protect ingress annotations by @haywoodsh in #2793
- Bump NGINX Plus to R27 by @lucacome in #2799
- docs: Create real examples for basic auth by @ciarams87 in #2811
- Update readme by @shaun-nx in #2825
- Update images versions by @lucacome in #2838
๐งช Tests
- tests: Change error string check in openapi spec tests by @ciarams87 in #2794
- Record error and continue running tests by @jjngx in #2803
๐จ Maintenance
- Update updater for 2.2.0 by @lucacome in #2600
- Use new format for images metadata by @lucacome in #2657
- Warn about unhandled arguments by @jsoref in #2641
- Don't run some workflows on forks by @lucacome in #2715
- Use
NGINX_PLUS_VERSIONin the repo for Alpine and UBI by @lucacome in #2741 - Use Go build info from the binary by @lucacome in #2740
- Refactor main.go by @ciarams87 in #2763
- Automatically close milestone on release by @lucacome in #2810
โฌ๏ธ Dependencies
- Bump aquasecurity/trivy-action from 0.2.3 to 0.2.4 by @dependabot in #2612
- Update packages for CVE-2022-1271 by @lucacome in #2619
- Bump k8s.io/code-generator from 0.23.5 to 0.23.6 by @dependabot in #2620
- Bump aquasecurity/trivy-action from 0.2.4 to 0.2.5 by @dependabot in #2615
- Bump k8s.io/client-go from 0.23.5 to 0.23.6 by @dependabot in #2622
- Update packages for CVE-2022-22576 by @lucacome in #2644
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.3 to 1.13.4 by @dependabot in #2634
- Bump pytest from 7.1.1 to 7.1.2 in /tests by @dependabot in #2631
- Bump github/codeql-action from 1 to 2 by @dependabot in #2630
- Bump github.com/aws/aws-sdk-go-v2/config from 1.15.3 to 1.15.4 by @dependabot in #2633
- Bump pytest from 7.1.1 to 7.1.2 in /perf-tests by @dependabot in #2632
- Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #2636
- Bump grpcio from 1.45.0 to 1.46.0 in /tests by @dependabot in #2646
- Bump grpcio-tools from 1.45.0 to 1.46.0 in /tests by @dependabot in #2647
- Update go-spiffe to v2 by @sjberman in #2652
- Update cert-manager by @lucacome in #2656
- Bump docker/setup-qemu-action from 1 to 2 by @dependabot in #2661
- Bump docker/login-action from 1 to 2 by @dependabot in #2660
- Bump docker/metadata-action from 3 to 4 by @dependabot in #2658
- Bump docker/setup-buildx-action from 1 to 2 by @dependabot in #2659
- Bump docker/build-push-action from 2 to 3 by @dependabot in #2662
- Bump more-itertools from 8.12.0 to 8.13.0 in /tests by @dependabot in #2667
- Update packages for CVE-2022-27404 by @lucacome in #2669
- Bump kubernetes from 23.3.0 to 23.6.0 in /tests by @dependabot in #2671
- Bump kubernetes from 23.3.0 to 23.6.0 in /perf-tests by @dependabot in #2670
- Bump aquasecurity/trivy-action from 0.2.5 to 0.3.0 by @dependabot in #2675
- Bump github.com/aws/aws-sdk-go-v2/config from 1.15.4 to 1.15.5 by @dependabot in #2676
- Update packages for CVE-2022-29824 by @lucacome in #2681
- Bump grpcio from 1.46.0 to 1.46.1 in /tests by @dependabot in #2678
- Bump grpcio-tools from 1.46.0 to 1.46.1 in /tests by @dependabot in #2679
- Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #2685
- Bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #2684
- Update packages for CVE-2022-1292 by @lucacome in #2697
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.4 to 1.13.5 by @dependabot in #2694
- Bump github.com/aws/aws-sdk-go-v2/config from 1.15.5 to 1.15.7 by @dependabot in #2693
- docs: Hugo theme May update - CP by @Jcahilltorre in #2699
- Bump certifi from 2021.10.8 to 2022.5.18 in /tests by @dependabot in #2701
- Bump certifi from 2021.10.8 to 2022.5.18.1 in /perf-tests by @dependabot in #2702
- Update packages for CVE-2022-29155 and CVE-2022-29824 by @lucacome in #2714
- Bump goreleaser/goreleaser-action from 2 to 3 by @dependabot in #2706
- Bump grpcio from 1.46.1 to 1.46.3 in /tests by @dependabot in #2708
- Bump grpcio-tools from 1.46.1 to 1.46.3 in /tests by @dependabot in #2707
- Bump locust from 2.8.6 to 2.9.0 in /perf-tests by @dependabot in #2703
- Bump certifi from 2022.5.18 to 2022.5.18.1 in /tests by @dependabot in #2704
- Bump github.com/aws/aws-sdk-go-v2/config from 1.15.7 to 1.15.9 by @dependabot in #2727
- Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #2731
- Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #2739
- Bump github.com/aws/aws-sdk-go-v2/config from 1.15.9 to 1.15.10 by @dependabot in #2744
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.5 to 1.13.6 by @dependabot in #2743
- Bump requests from 2.27.1 to 2.28.0 in /tests by @dependabot in #2746
- Bump requests from 2.27.1 to 2.28.0 in /perf-tests by @dependabot in #2747
- Update packages for CVE-2022-1271 and CVE-2022-1586 by @lucacome in #2757
- Bump aquasecurity/trivy-action from 0.3.0 to 0.4.0 by @dependabot in #2760
- Bump certifi from 2022.5.18.1 to 2022.6.15 in /tests by @dependabot in #2765
- Bump certifi from 2022.5.18.1 to 2022.6.15 in /perf-tests by @dependabot in #2764
- Bump github.com/aws/aws-sdk-go-v2/config from 1.15.10 to 1.15.11 by @dependabot in #2773
- Bump aquasecurity/trivy-action from 0.4.0 to 0.4.1 by @dependabot in #2776
- Bump kubernetes from 23.6.0 to 24.2.0 in /perf-tests by @dependabot in #2788
- Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 by @dependabot in #2780
- Bump aquasecurity/trivy-action from 0.4.1 to 0.5.0 by @dependabot in #2786
- Bump grpcio from 1.46.3 to 1.47.0 in /tests by @dependabot in #2785
- Bump grpcio-tools from 1.46.3 to 1.47.0 in /tests by @dependabot in #2787
- Bump kubernetes from 23.6.0 to 24.2.0 in /tests by @dependabot in #2784
- Bump nginx from 1.21.6 to 1.23.0 in /build by @dependabot in #2790
- Bump library/nginx from 1.21.6-alpine to 1.23.0-alpine in /build by @dependabot in #2789
- Bump opentracing/nginx-opentracing from nginx-1.21.6 to nginx-1.23.0 in /build by @dependabot in #2791
- Bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 by @dependabot in #2792
- Bump kindest/node from v1.23.6 to v1.24.2 in /tests/docker by @dependabot in #2795
- Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 by @dependabot in #2796
- Bump locust from 2.9.0 to 2.10.0 in /perf-tests by @dependabot in #2798
- Bump alpine from 3.15 to 3.16 in /build by @dependabot in #2716
- Bump requests from 2.28.0 to 2.28.1 in /perf-tests by @dependabot in #2806
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.0 to 2.1.1 by @dependabot in #2807
- Bump locust from 2.10.0 to 2.10.1 in /perf-tests by @dependabot in #2805
- Bump requests from 2.28.0 to 2.28.1 in /tests by @dependabot in #2804
- Bump cert-manager to 1.8.2 by @lucacome in #2809
- Bump aquasecurity/trivy-action from 0.5.0 to 0.5.1 by @dependabot in #2813
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.6 to 1.13.7 by @dependabot in #2814
- Bump urllib3 from 1.26.9 to 1.26.10 in /tests by @dependabot in #2828
- Bump urllib3 from 1.26.9 to 1.26.10 in /perf-tests by @dependabot in #2829
- Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 by @dependabot in #2815
- Bump github.com/aws/aws-sdk-go-v2/config from 1.15.11 to 1.15.13 by @dependabot in #2823
- Bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.13.7 to 1.13.8 by @dependabot in #2832
- Bump cffi from 1.15.0 to 1.15.1 in /tests by @dependabot in #2817
- Bump cffi from 1.15.0 to 1.15.1 in /perf-tests by @dependabot in #2818
New Contributors
- @jsoref made their first contribution in #2642
- @sjberman made their first contribution in #2652
- @maksym-iv made their first contribution in #2637
- @centromere made their first contribution in #2418
- @thresheek made their first contribution in #2683
- @hvoigt made their first contribution in #2673
- @cmk-pcs made their first contribution in #2672
- @kdomanski made their first contribution in #2625
- @shaun-nx made their first contribution in #2730
Full Changelog: v2.2.2...v2.3.0
Upgrade
- For NGINX, use the v2.3.0 image from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v2.3.0 image from the F5 Container registry or the AWS Marketplace or build your own image using the v2.3.0 source code.
- For Helm, use version 0.14.0 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.0/examples
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.0/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-helm-operator/