Nginx Ingress Controller - controller-v1.2.0
The chroot release :)
If you want to take full advantage of the security improvements in this release, and also want to take a look into the chroot feature, change the image in your manifest to use controller-chroot:v1.2.0 image and add the SYS_CHROOT capability.
We are going to release soon a blog post about this release!
Images:
- k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185
- k8s.gcr.io/ingress-nginx/controller-chroot:v1.2.0@sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5
This new release contains the following changes that need attention:
* A new deep inspector for objects. Now every time an object gets to be reconciled/added, it will pass entirely through a validation (this may lead to some CPU increase)
* The NGINX process now can be chrooted/jailed inside the ingress container, for security reasons. This option is disabled by default and will be enabled in future releases. This new option requires the SYS_CHROOT capability to be added to the Pod
What's Changed
- Upstream keepalive time by @sskserk in https://github.com/kubernetes/ingress-nginx/pull/8319
- update base images and protobuf gomod by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8478
- added new auth-tls-match-cn annotation by @chrisshino in https://github.com/kubernetes/ingress-nginx/pull/8434
- changed nginx base img tag to img built with alpine3.14.6 by @longwuyuan in https://github.com/kubernetes/ingress-nginx/pull/8479
- change tag to v120beta1 by @longwuyuan in https://github.com/kubernetes/ingress-nginx/pull/8480
- Fix log creation in chroot script by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8481
- Release chart v1.2.0-beta.1 by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8484
- Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty by @phidlipus in https://github.com/kubernetes/ingress-nginx/pull/8468
- force helm release to artifact hub by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/8417
- fix change log changes list by @strongjz in https://github.com/kubernetes/ingress-nginx/pull/8421
- kubectl-plugin code overview info by @kundan2707 in https://github.com/kubernetes/ingress-nginx/pull/8405
- Darwin arm64 by @jsoref in https://github.com/kubernetes/ingress-nginx/pull/8399
- Add dependency review enforcement by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8443
- Bump github.com/prometheus/common from 0.32.1 to 0.33.0 by @dependabot in https://github.com/kubernetes/ingress-nginx/pull/8426
- replace deprecated topology key in example with current one by @froblesmartin in https://github.com/kubernetes/ingress-nginx/pull/8444
- typo fixing by @chienfuchen32 in https://github.com/kubernetes/ingress-nginx/pull/8447
- Fix suggested annotation-value-word-blocklist by @sathieu in https://github.com/kubernetes/ingress-nginx/pull/8446
- Add keepalive support for auth requests by @leki75 in https://github.com/kubernetes/ingress-nginx/pull/8219
- Jail/chroot nginx process inside controller container by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8337
- Update index.md by @ndunks in https://github.com/kubernetes/ingress-nginx/pull/8454
- Update dependencies by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8455
- Implement object deep inspector by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8456
- Fix for buggy ingress sync with retries by @davideshay in https://github.com/kubernetes/ingress-nginx/pull/8325
- Improve req handling dashboard by @naseemkullah in https://github.com/kubernetes/ingress-nginx/pull/8322
- Prepare v1.2.0-beta.0 release by @rikatz in https://github.com/kubernetes/ingress-nginx/pull/8464
- chore: v1.2.0-beta.0 release by @tao12345666333 in https://github.com/kubernetes/ingress-nginx/pull/8465
New Contributors
- @chrisshino made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8434
- @phidlipus made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8468
- @froblesmartin made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8444
- @chienfuchen32 made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8447
- @ndunks made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8454
- @davideshay made their first contribution in https://github.com/kubernetes/ingress-nginx/pull/8325
Full Changelog: https://github.com/kubernetes/ingress-nginx/compare/controller-v1.1.3...controller-v1.2.0
Thank you all for our amazing community!
Security
Security wording was detected, but no CVEs were found.
Details
- 🔍View and search all Nginx Ingress Controller releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!