·
8 commits
to release-5.0
since this release
What's Changed
💣 Breaking Changes
- Remove support for Open Tracing for NGINX Plus by @jjngx in #7567
- Remove OpenTracing Support from NIC by @pdabelf5 in #7633
🚀 Features
- Increase port number range by @saedx1 in #7054
- Ratelimit based on JWT claim by @pdabelf5 in #7175
- add auth_jwt_claim_set in nginx plus virtualserver template by @haywoodsh in #7205
- Add initial
zone_syncvalues to the ConfigMap by @AlexFenlon in #7239 - Update to NGINX OSS 1.27.4 by @pdabelf5 in #7299
- generate auth_jwt_claim_set directive by @haywoodsh in #7238
- Tiered Rate limit group maps by @pdabelf5 in #7390
- Rate limit group example by @pdabelf5 in #7393
- Add zone-sync with no TLS to ConfigMap by @AlexFenlon in #7347
- Update zone-sync headless service selector label by @pdabelf5 in #7445
- Rate limit zone sync by @pdabelf5 in #7468
- Rate limit with zone sync and scale by @pdabelf5 in #7521
- Update NGINX Plus to R34 and App Protect to 4.14 & 5.6 by @pdabelf5 in #7597
- Add forward proxy support to Plus mgmt config by @AlexFenlon in #7560
- Use pod labels as headless selector labels by @nginx-bot in #7654
🐛 Bug Fixes
- Clean up and fix for NIC Pod failing to bind when NGINX exits unexpectedly by @AlexFenlon in #7121
- Correct typo in helm lease annotations template by @pdabelf5 in #7185
- Add tracking.info and copy into plus images by @javorszky in #7400
- Add NGINX state directory for ReadOnlyRootFilesystem by @haywoodsh in #7519
📦 Helm Chart
- Allow customization of service http and https port names through helm by @arussellf5 in #7318
- Release 5.0.0 by @nginx-bot in #7617
🧪 Tests
- Add mgmt configmap tests by @j1m-ryan in #6957
- Expand mgmt configmap tests by @pdabelf5 in #6987
- Add minikube as option for running tests by @pdabelf5 in #7018
- Add plus jwt to local tests by @pdabelf5 in #7032
- Add OIDC test using keycloak as idp by @vepatel in #7242
- Enable jwksuri tests with keycloak by @vepatel in #7396
- Add delay & retry to flakey weight splits test by @pdabelf5 in #7324
- Update split tests to use delete and create lib function by @vepatel in #7418
- tiered rate limit jwt e2e tests by @pdabelf5 in #7412
- Add zone-sync support to OIDC tests by @vepatel in #7440
- replace patch with delete and create by @vepatel in #7638
🔨 Maintenance
72 changes
- ensure tag exists before scanning by @pdabelf5 in #6958
- allow scan uploads to fail by @pdabelf5 in #6961
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #6944, #7044, #7072, #7124, #7168, #7261, #7373, #7402, #7487, #7548, #7587
- Re-add FIPs images to tests, image patching & release by @haywoodsh in #6948
- chore(deps): bump the actions group across 1 directory with 2 updates by @dependabot in #6960
- update regression matrix to include old k8s by @vepatel in #6974
- Remove unused packages from UBI images by @pdabelf5 in #6989
- chore(deps): bump the actions group with 2 updates by @dependabot in #6991
- Certify UBI images for Redhat catalog by @pdabelf5 in #7011
- chore(deps): bump the actions group with 2 updates by @dependabot in #7005
- chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 in the actions group by @dependabot in #7019
- Symlink to central secret by @pdabelf5 in #6714
- remove all attestation layers from AWS marketplace images by @pdabelf5 in #7033
- chore(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2 in the actions group by @dependabot in #7030
- Add tests for kubernetes versions by @pdabelf5 in #7035
- chore(deps): bump the actions group across 1 directory with 5 updates by @dependabot in #7055
- remove index annotations from AWS marketplace images by @pdabelf5 in #7058
- Add unprivileged port validation by @pdabelf5 in #7034
- pre-commit: silence markdownlint by @javorszky in #7067
- chore(deps): bump reviewdog/action-actionlint from 1.61.0 to 1.62.0 in the actions group by @dependabot in #7070
- remove ubi images from CI by @pdabelf5 in #7093
- remove additional ubi config by @pdabelf5 in #7104
- chore(deps): bump the actions group across 1 directory with 4 updates by @dependabot in #7107
- Update from nginxinc to nginx by @lucacome in #7103
- chore(deps): bump the actions group with 3 updates by @dependabot in #7123
- chore(deps): bump docker/build-push-action from 6.11.0 to 6.12.0 in the actions group by @dependabot in #7139
- Avoid floating semi-colon on rate-limiting newline by @pdabelf5 in #7156
- chore(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.1 in the actions group by @dependabot in #7159, #7344, #7503
- chore(deps): bump the actions group with 2 updates by @dependabot in #7172
- chore(deps): bump the actions group with 3 updates by @dependabot in #7180
- Docker image update 00f989f4 by @nginx-bot in #7199
- Remove kind 1.32.1 from available kind versions by @pdabelf5 in #7208
- chore(deps): bump the actions group across 1 directory with 5 updates by @dependabot in #7209
- VS template test tidy up by @pdabelf5 in #7211
- Add central event reasons to the log package by @pdabelf5 in #7215
- chore(deps): bump the actions group across 1 directory with 3 updates by @dependabot in #7224
- Refactor policy config structs by @pdabelf5 in #7232
- chore(deps): bump the actions group across 1 directory with 2 updates by @dependabot in #7241
- re-enable ubi image build & publish by @pdabelf5 in #7246
- chore(deps): bump the actions group across 1 directory with 3 updates by @dependabot in #7270
- chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 in the actions group by @dependabot in #7291
- Pin app protect version by @pdabelf5 in #7298
- update helm snaps versions when creating release PR by @pdabelf5 in #7281
- chore(deps): bump the actions group with 2 updates by @dependabot in #7315
- update operator owner for release by @pdabelf5 in #7325
- only run codegen if go code/modules have changed by @pdabelf5 in #7328
- only mark pipeline as succeeded when image build jobs pass by @pdabelf5 in #7327
- chore(deps): bump the actions group across 1 directory with 2 updates by @dependabot in #7334
- Remove unused repo from UBI base image by @pdabelf5 in #7311
- chore(deps): bump the actions group with 2 updates by @dependabot in #7349
- Move jwks example secret to central secret folder by @pdabelf5 in #7394
- Fix linter issues by @jjngx in #7431
- improve single image build & test workflows by @pdabelf5 in #7422
- replace deprecated snapshot.name_template config option by @pdabelf5 in #7438
- chore(deps): bump the actions group across 1 directory with 15 updates by @dependabot in #7439
- add latest version to bug report template by @pdabelf5 in #7447
- chore(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 in the actions group by @dependabot in #7458
- Update alpine to latest supported versions for Plus & NAP by @pdabelf5 in #7282
- chore(deps): bump github/codeql-action from 3.28.10 to 3.28.14 in the actions group by @dependabot in #7485, #7624
- update version of golangci-lint by @pdabelf5 in #7497
- chore(deps): bump docker/login-action from 3.3.0 to 3.4.0 in the actions group by @dependabot in #7518
- chore(deps): bump the actions group across 1 directory with 6 updates by @dependabot in #7533
- chore(deps): bump the actions group across 1 directory with 2 updates by @dependabot in #7540
- chore(deps): bump the actions group with 2 updates by @dependabot in #7550
- update golangci lint config to support v2 by @pdabelf5 in #7554
- add a way to add plus version via make command by @AlexFenlon in #7568
- chore(deps): bump the actions group across 1 directory with 4 updates by @dependabot in #7595
- temporarily disable builds failing for NAP WAF v4 on UBI by @pdabelf5 in #7606
- chore(deps): bump the actions group across 1 directory with 2 updates by @dependabot in #7610
- only run race condition checks in pipeline by @pdabelf5 in #7613
- Update kubernetes version to 1.32.3 in helm schema file by @pdabelf5 in #7616
- [pre-commit.ci] pre-commit autoupdate by @nginx-bot in #7649
📝 Documentation
- Add upgrading to 4.x docs by @j1m-ryan in #6930
- Fix broken link in security.md by @nginx-aoife in #7007
- Fixed documentation for specifying NAP enforcer and configManager images in Helm values by @leonseng in #7021
- Update upgrade docs by @vepatel in #7036
- Update Community Call Dates for the next quarter by @AlexFenlon in #7062
- Update policy waf docs by @vepatel in #7076
- Update APIKey suppliedIn docs by @pdabelf5 in #7084
- Fix broken link to NIM Security Monitoring by @nginx-aoife in #7094
- Fix broken url in compile-waf-policies.md by @nginx-aoife in #7110
- Fix broken link in example for nginx plus license by @AlexFenlon in #7106
- Update Community Call time by @AlexFenlon in #7120
- Fix links to NIM App-protect docs by @nginx-aoife in #7129
- Update build instruction link, remove EoS versions from specifications by @ADubhlaoich in #7137
- Update master/minion allowed ingress annotations by @pdabelf5 in #7151
- Fixed typo in docker registry installation docs by @fabriziofiorucci in #7178
- Fix mountPath directory for NAP5 policy documentation by @ADubhlaoich in #7191
- Fix broken URLs from repository migration by @ADubhlaoich in #7213
- Remove email support by @danielnginx in #7247
- Update or remove mentions to NGINX Community Slack by @ADubhlaoich in #7348
- Update WAF v5 docs to reference WAF Compiler by @shaun-nx in #7432
- Add zone-sync ConfigMap Keys to docs by @AlexFenlon in #7434
- Documentation for jwt claim based tiered rate limit by @haywoodsh in #7419
- Update manifest install by @vepatel in #7477
- Update zone sync docs to expand the descriptions of the feature by @pdabelf5 in #7479
- Update rate limit docs to better describe zone sync by @pdabelf5 in #7480
- Add rate limit zone sync docs by @AlexFenlon in #7481
- Update zone sync doc by @jjngx in #7559
- Update triage call dates by @vepatel in #7570
- Update docs for helm and security monitoring by @vepatel in #7576
- Update Basic configuration documentation by @ADubhlaoich in #7531
- Update docs to fix kubernates typos by @javorszky in #7591
- Update community call timezone by @AlexFenlon in #7601
- Remove broken URL in README by @AlexFenlon in #7611
- Update NAP documentation for 4.1 release by @ADubhlaoich in #7579
- [cherry-pick] Update the
zone-syncConfigMap key note by @nginx-bot in #7644 - update opentracing cm docs by @nginx-bot in #7653
- [cherry-pick] remove extra chars in zone-sync note by @nginx-bot in #7661
⬆️ Dependencies
72 changes
- Security update for Go crypto pkg by @jjngx in #6964
- Bump up 3rd party deps for K8s by @jjngx in #6970
- Docker image update af97676a by @nginx-bot in #6981
- chore(deps): bump the go group across 1 directory with 2 updates by @dependabot in #6978
- chore(deps): bump the go group with 2 updates by @dependabot in #6992
- Docker image update e784ea43 by @nginx-bot in #7006
- chore(deps): bump redhat/ubi9-minimal from
daa61d6tob870979in /build by @dependabot in #7016, #7099, #7288 - chore(deps): bump github.com/gruntwork-io/terratest from 0.48.0 to 0.48.1 in the go group by @dependabot in #7017
- Docker image update edf8f98b by @nginx-bot in #7020
- chore(deps): bump the go group across 1 directory with 4 updates by @dependabot in #7052
- Docker image update 3a6a51ee by @nginx-bot in #7045
- Docker image update 1372e619 by @nginx-bot in #7080
- chore(deps): bump nginx from
4152318to4152318in /build by @dependabot in #7069 - chore(deps): bump the go group across 1 directory with 2 updates by @dependabot in #7105
- Docker image update 43fce5ce by @nginx-bot in #7115
- Docker image update 43d85eaa by @nginx-bot in #7140
- refactor: replace
golang.org/x/expwith stdlib by @Juneezee in #7131 - chore(deps): bump the go group with 2 updates by @dependabot in #7122
- chore(deps): bump the go group across 1 directory with 2 updates by @dependabot in #7138
- Docker image update cc87db80 by @nginx-bot in #7150
- chore(deps): bump the go group with 7 updates by @dependabot in #7149
- chore(deps): bump the docker-images group across 1 directory with 2 updates by @dependabot in #7132
- chore(deps): bump the go group across 1 directory with 4 updates by @dependabot in #7162
- Docker image update 849e80b1 by @nginx-bot in #7173
- chore(deps): bump the go group with 2 updates by @dependabot in #7225
- chore(deps): bump the go group with 2 updates by @dependabot in #7240
- chore(deps): bump the go group across 1 directory with 5 updates by @dependabot in #7262
- Docker image update d723130c by @nginx-bot in #7243
- Docker image update bc2e599d by @nginx-bot in #7256
- chore(deps): bump the go group with 2 updates by @dependabot in #7290
- Docker image update 44932776 by @nginx-bot in #7293
- Update opentracing module by @pdabelf5 in #7306
- UBI base image update for NGINX 1.27.4 by @pdabelf5 in #7309
- Docker image update e0520048 by @nginx-bot in #7319
- chore(deps): bump the go group with 2 updates by @dependabot in #7312
- chore(deps): bump the go group with 2 updates by @dependabot in #7345
- chore(deps): bump the go group across 1 directory with 6 updates by @dependabot in #7362
- chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.10 to 0.5.11 in the go group by @dependabot in #7375
- Docker image update 0adb7ebe by @nginx-bot in #7376
- chore(deps): bump the go group with 3 updates by @dependabot in #7385
- Update packages listed by govuncheck by @jjngx in #7415
- chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by @dependabot in #7403
- chore(deps): bump the go group across 1 directory with 3 updates by @dependabot in #7435
- Docker image update 22228ad2 by @nginx-bot in #7409
- Docker image update af343fe2 by @nginx-bot in #7404
- Docker image update 66cacfd5 by @nginx-bot in #7454
- chore(deps): bump nginx/dependencies/nginx-ot from
03f155eto03f155ein /build by @dependabot in #7452 - chore(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.21.1 in the go group by @dependabot in #7459
- Docker image update 4192c62a by @nginx-bot in #7461
- chore(deps): bump alpine from 3.17 to 3.21 in /build in the docker-images group across 1 directory by @dependabot in #7467
- Docker image update b41a319d by @nginx-bot in #7474
- chore(deps): bump the go group with 2 updates by @dependabot in #7472
- Docker image update a8474d83 by @nginx-bot in #7490
- chore(deps): bump the go group with 2 updates by @dependabot in #7483
- chore(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by @dependabot in #7505
- chore(deps): bump the go group with 4 updates by @dependabot in #7501
- Docker image update 339b9945 by @nginx-bot in #7511
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.26.1 to 1.26.2 in the go group by @dependabot in #7522
- Docker image update a8ca1c46 by @nginx-bot in #7523
- Docker image update bf0ad572 by @nginx-bot in #7534
- chore(deps): bump redhat/ubi8 from
5993454to78c110bin /build by @dependabot in #7527 - Docker image update 55d12419 by @nginx-bot in #7539
- chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 in the go_modules group by @dependabot in #7543
- Docker image update 26a66cc2 by @nginx-bot in #7551
- Docker image update b0fecf81 by @nginx-bot in #7564
- chore(deps): bump the go group across 1 directory with 3 updates by @dependabot in #7594
- Docker image update 325fefe1 by @nginx-bot in #7590
- Bump Go version to 1.24.2 by @AlexFenlon in #7607
- chore(deps): bump the go group with 2 updates by @dependabot in #7619
- chore(deps): bump the go group across 1 directory with 3 updates by @dependabot in #7635
- Docker image update d34cdc03 by @nginx-bot in #7631
- [cherry-pick] chore(deps): bump github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.28.2 to 1.29.0 in the go group by @nginx-bot in #7650
New Contributors
- @leonseng made their first contribution in #7021
- @javorszky made their first contribution in #7067
- @arussellf5 made their first contribution in #7318
Full Changelog: v4.0.1...v5.0.0
Upgrade
- For NGINX, use the v5.0.0 images from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v5.0.0 images from the F5 Container registry, the AWS Marketplace, the GCP Marketplace, Azure Marketplace or build your own image using the v5.0.0 source code.
- For Helm, use version 2.1.0 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginx/kubernetes-ingress/tree/v5.0.0/examples
- Helm Chart -- https://github.com/nginx/kubernetes-ingress/tree/v5.0.0/deployments/helm-chart
- Operator -- https://github.com/nginxinc/nginx-ingress-helm-operator
Contributors
lucacome, javorszky, and 18 other contributors