Nginx Ingress Controller - controller-v1.2.0


The chroot release :)

If you want to take full advantage of the security improvements in this release, and also want to take a look into the chroot feature, change the image in your manifest to use controller-chroot:v1.2.0 image and add the SYS_CHROOT capability.

We are going to release soon a blog post about this release!



This new release contains the following changes that need attention:
* A new deep inspector for objects. Now every time an object gets to be reconciled/added, it will pass entirely through a validation (this may lead to some CPU increase)
* The NGINX process now can be chrooted/jailed inside the ingress container, for security reasons. This option is disabled by default and will be enabled in future releases. This new option requires the SYS_CHROOT capability to be added to the Pod

What's Changed

  • Upstream keepalive time by @sskserk in
  • update base images and protobuf gomod by @rikatz in
  • added new auth-tls-match-cn annotation by @chrisshino in
  • changed nginx base img tag to img built with alpine3.14.6 by @longwuyuan in
  • change tag to v120beta1 by @longwuyuan in
  • Fix log creation in chroot script by @rikatz in
  • Release chart v1.2.0-beta.1 by @rikatz in
  • Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty by @phidlipus in
  • force helm release to artifact hub by @strongjz in
  • fix change log changes list by @strongjz in
  • kubectl-plugin code overview info by @kundan2707 in
  • Darwin arm64 by @jsoref in
  • Add dependency review enforcement by @rikatz in
  • Bump from 0.32.1 to 0.33.0 by @dependabot in
  • replace deprecated topology key in example with current one by @froblesmartin in
  • typo fixing by @chienfuchen32 in
  • Fix suggested annotation-value-word-blocklist by @sathieu in
  • Add keepalive support for auth requests by @leki75 in
  • Jail/chroot nginx process inside controller container by @rikatz in
  • Update by @ndunks in
  • Update dependencies by @rikatz in
  • Implement object deep inspector by @rikatz in
  • Fix for buggy ingress sync with retries by @davideshay in
  • Improve req handling dashboard by @naseemkullah in
  • Prepare v1.2.0-beta.0 release by @rikatz in
  • chore: v1.2.0-beta.0 release by @tao12345666333 in

New Contributors

  • @chrisshino made their first contribution in
  • @phidlipus made their first contribution in
  • @froblesmartin made their first contribution in
  • @chienfuchen32 made their first contribution in
  • @ndunks made their first contribution in
  • @davideshay made their first contribution in

Full Changelog:

Thank you all for our amazing community!


Security wording was detected, but no CVEs were found.


April 22, 2022, 2:44 a.m.
NGINX Ingress Controller - v1.2.0
Register or login to:
  • 🔍View and search all Nginx Ingress Controller releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google