Nginx Ingress Controller - controller-v1.2.0

Security

The chroot release :)

If you want to take full advantage of the security improvements in this release, and also want to take a look into the chroot feature, change the image in your manifest to use controller-chroot:v1.2.0 image and add the SYS_CHROOT capability.

We are going to release soon a blog post about this release!

Images:

  • k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185
  • k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.0@sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5

This new release contains the following changes that need attention:
* A new deep inspector for objects. Now every time an object gets to be reconciled/added, it will pass entirely through a validation (this may lead to some CPU increase)
* The NGINX process now can be chrooted/jailed inside the ingress container, for security reasons. This option is disabled by default and will be enabled in future releases. This new option requires the SYS_CHROOT capability to be added to the Pod

What's Changed

  • Upstream keepalive time by @sskserk in https://github.com/kubernetes/ingress-nginx/pull/8319
  • update base images and protobuf gomod by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8478
  • added new auth-tls-match-cn annotation by @chrisshino in https://github.com/kubernetes/ingress-nginx/pull/8434
  • changed nginx base img tag to img built with alpine3.14.6 by @longwuyuan in https://github.com/kubernetes/ingress-nginx/pull/8479
  • change tag to v120beta1 by @longwuyuan in https://github.com/kubernetes/ingress-nginx/pull/8480
  • Fix log creation in chroot script by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8481
  • Release chart v1.2.0-beta.1 by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8484
  • Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty by @phidlipus in https://github.com/kubernetes/ingress-nginx/pull/8468
  • force helm release to artifact hub by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/8417
  • fix change log changes list by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/8421
  • kubectl-plugin code overview info by @kundan2707 in https://github.com/kubernetes/ingress-nginx/pull/8405
  • Darwin arm64 by @jsoref in https://github.com/kubernetes/ingress-nginx/pull/8399
  • Add dependency review enforcement by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8443
  • Bump github.com/prometheus/common from 0.32.1 to 0.33.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/8426
  • replace deprecated topology key in example with current one by @froblesmartin in https://github.com/kubernetes/ingress-nginx/pull/8444
  • typo fixing by @chienfuchen32 in https://github.com/kubernetes/ingress-nginx/pull/8447
  • Fix suggested annotation-value-word-blocklist by @sathieu in https://github.com/kubernetes/ingress-nginx/pull/8446
  • Add keepalive support for auth requests by @leki75 in https://github.com/kubernetes/ingress-nginx/pull/8219
  • Jail/chroot nginx process inside controller container by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8337
  • Update index.md by @ndunks in https://github.com/kubernetes/ingress-nginx/pull/8454
  • Update dependencies by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8455
  • Implement object deep inspector by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8456
  • Fix for buggy ingress sync with retries by @davideshay in https://github.com/kubernetes/ingress-nginx/pull/8325
  • Improve req handling dashboard by @naseemkullah in https://github.com/kubernetes/ingress-nginx/pull/8322
  • Prepare v1.2.0-beta.0 release by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8464
  • chore: v1.2.0-beta.0 release by @tao12345666333 in https://github.com/kubernetes/ingress-nginx/pull/8465

New Contributors

  • @chrisshino made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8434
  • @phidlipus made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8468
  • @froblesmartin made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8444
  • @chienfuchen32 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8447
  • @ndunks made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8454
  • @davideshay made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8325

Full Changelog: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.1.3...controller-v1.2.0

Thank you all for our amazing community!


Security

Security wording was detected, but no CVEs were found.

Details

date
April 22, 2022, 2:44 a.m.
name
NGINX Ingress Controller - v1.2.0
type
Minor
👇
Register or login to:
  • 🔍View and search all Nginx Ingress Controller releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or