This repository was archived by the owner on May 24, 2023. It is now read-only.
v0.1.0
New in NGINX Ingress Operator v0.1.0
🚀 Features
- Add AppProtect User Defined Signatures support (#55) @Dean-Coakley
- Graduate Policies. Add enablePreviewPolicy flag support. (#56) @Dean-Coakley
- Update secret type of default secret to TLS (#39) @pleshakov
🐛 Bug Fixes
- Fix enableCRDs default to be true (#76) @Dean-Coakley
- Fix RBAC to be able to watch for AppProtect UDS changes (#74) @Dean-Coakley
- Fix replicas and service to be optional fields (#71) @Dean-Coakley
- Make enableCRDs optional (#70) @Dean-Coakley
- Fix Service to be an optional field. Add support for updating ExtraLabels. (#66) @Dean-Coakley
- Fix SCC resource to only affect KIC pods (#65) @Dean-Coakley
📝 Documentation
- Release 0.1.0 (#72) @Dean-Coakley
- Update IC compatibility in changelog (#54) @pleshakov
🔨 Maintenance
- Bump github.com/google/go-cmp from 0.5.4 to 0.5.5 (#73) @dependabot
- Bump golangci/golangci-lint-action from v2.4.0 to v2.5.1 (#67) @dependabot
- Add release-drafter (#64) @lucacome
- Change dependabot interval to weekly (#63) @lucacome
- Bump actions/cache from v2 to v2.1.4 (#53) @dependabot
- Bump golangci/golangci-lint-action from v2 to v2.4.0 (#59) @dependabot
- Bump github.com/google/go-cmp from 0.4.0 to 0.5.4 (#49) @dependabot
- Add dependabot (#45) @lucacome
- Update CRDs, CSVs and Makefile (#36) @lucacome
Known Issues:
The Operator doesn't automatically remove IngressClasses created by #29. Issue is tracked in #88
Compatibility
- NGINX Ingress Controller 1.10.x
- Openshift 4.5 or newer.
Upgrade Instructions:
- Remove the existing Policy CRD:
kubectl delete crd policies.k8s.nginx.org
Please note that deletion of thepolicies.k8s.nginx.orgCRD will result in all instances of that CRD being deleted too. Ensure to back up any important Custom Resource instances first! - Delete the existing SCC:
kubectl delete scc nginx-ingress-scc - Upgrade the operator to version 0.1.0.
- If the defaultSecret field is not set in your
nginxingresscontrollers.k8s.nginx.orgresource (or resources):- Remove the generated default secret. For example:
kubectl delete secret -n my-nginx-ingress my-nginx-ingress-controller - Wait until the operator regenerates the secret. The old secret was of the type
Opaque. The new secret will be of the typekubernetes.io/tls.
- Remove the generated default secret. For example:
- Alternatively, if the defaultSecret is set to some secret, make sure it is of the type
kubernetes.io/tls. If not, recreate the secret with the typekubernetes.io/tls. - If the wildcardTLS is set to some secret, make sure it is of the type
kubernetes.io/tls. If not, recreate the secret with the typekubernetes.io/tls. - Ensure that the TLS secrets referenced by Ingress, VirtualServer and Policy resources are of the type
kubernetes.io/tls, JWT secrets are of the typenginx.org/jwtand CA secrets are of the typenginx.org/ca. To avoid potential disruption of client traffic, instead of recreating the secrets, create new secrets with the correct type and update the Ingress, VirtualServer and Policy resources to use the new secrets. - Update any existing instances of the
nginxingresscontrollers.k8s.nginx.orgCustom Resource to use an NGINX Ingress Controller 1.10.x image.
Note: Steps 4-8 are required because Version 1.10.0 of the Ingress Controller added a requirement for secrets to be one of the following types: kubernetes.io/tls for TLS secrets; nginx.org/jwk for JWK secrets; or nginx.org/ca for CA secrets. Please see the section UPDATING SECRETS in https://docs.nginx.com/nginx-ingress-controller/releases/#nginx-ingress-controller-1-10-0 for more details.