Skip to content
This repository has been archived by the owner on May 24, 2023. It is now read-only.

Commit

Permalink
Release 0.1.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@Dean-Coakley
Dean-Coakley committed Mar 10, 2021
1 parent 1e9920d commit 4a21fa2
Show file tree
Hide file tree
Showing 13 changed files with 1,775 additions and 10 deletions.
48 changes: 47 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,51 @@
# Changelog

### 0.1.0

FEATURES:

* [56](https://github.com/nginxinc/nginx-ingress-operator/pull/56) Graduate Policies. Add enablePreviewPolicy flag support.
* [55](https://github.com/nginxinc/nginx-ingress-operator/pull/55) Add AppProtect User Defined Signatures support.
* [39](https://github.com/nginxinc/nginx-ingress-operator/pull/39) Update secret type of default secret to TLS.

FIXES:

* [71](https://github.com/nginxinc/nginx-ingress-operator/pull/71) Fix replicas and service to be optional fields.
* [70](https://github.com/nginxinc/nginx-ingress-operator/pull/70) Make enableCRDs optional.
* [66](https://github.com/nginxinc/nginx-ingress-operator/pull/66) Fix Service to be an optional field. Add support for updating ExtraLabels.
* [65](https://github.com/nginxinc/nginx-ingress-operator/pull/65) Fix SCC resource to only affect KIC pods.

DOCUMENTATION:

* [54](https://github.com/nginxinc/nginx-ingress-operator/pull/54) Update IC compatibility in changelog.

KNOWN ISSUES:

* The Operator doesn't automatically remove IngressClasses created by [29](https://github.com/nginxinc/nginx-ingress-operator/pull/29).

COMPATIBILITY:

- NGINX Ingress Controller 1.10.x
- Openshift 4.5 or newer.

UPGRADE INSTRUCTIONS:

UPGRADE INSTRUCTIONS:

1. Remove the existing Policy CRD: kubectl delete crd policies.k8s.nginx.org
**Please note that deletion of the policies.k8s.nginx.org CRD will result in all instances of that CRD being deleted too. Ensure to back up any important Custom Resource instances first!**
1. Delete the existing SCC: kubectl delete scc nginx-ingress-scc
1. Upgrade the operator to version 0.1.0.
1. If the defaultSecret field is not set in your nginxingresscontrollers.k8s.nginx.org resource (or resources):
1. Remove the generated default secret. For example: kubectl delete secret -n my-nginx-ingress my-nginx-ingress-controller
1. Wait until the operator regenerates the secret. The old secret was of the type Opaque. The new secret will be of the type kubernetes.io/tls.
1. Alternatively, if the defaultSecret is set to some secret, make sure it is of the type kubernetes.io/tls. If not, recreate the secret with the type kubernetes.io/tls.
1. If the wildcardTLS is set to some secret, make sure it is of the type kubernetes.io/tls. If not, recreate the secret with the type kubernetes.io/tls.
1. Ensure that the TLS secrets referenced by Ingress, VirtualServer and Policy resources are of the type kubernetes.io/tls, JWT secrets are of the type nginx.org/jwt and CA secrets are of the type nginx.org/ca. To avoid potential disruption of client traffic, instead of recreating the secrets, create new secrets with the correct type and update the Ingress, VirtualServer and Policy resources to use the new secrets.
1. Update any existing instances of the nginxingresscontrollers.k8s.nginx.org Custom Resource to use an NGINX Ingress Controller 1.10.x image.

**Note**: Steps 4-8 are required because Version 1.10.0 of the Ingress Controller added a requirement for secrets to be one of the following types: kubernetes.io/tls for TLS secrets; nginx.org/jwk for JWK secrets; or nginx.org/ca for CA secrets. Please see the section UPDATING SECRETS in https://docs.nginx.com/nginx-ingress-controller/releases/#nginx-ingress-controller-1-10-0 for more details.

### 0.0.7

FEATURES:
Expand All @@ -14,7 +60,7 @@ FIXES:

* [31](https://github.com/nginxinc/nginx-ingress-operator/pull/31) Add Status update for VS/VSR to RBAC.

KNOWS ISSUES:
KNOWN ISSUES:
* The Operator doesn't automatically remove IngressClasses created by [29](https://github.com/nginxinc/nginx-ingress-operator/pull/29)

COMPATIBILITY:
Expand Down
4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
OLD_TAG = 0.0.6
TAG = 0.0.7
OLD_TAG = 0.0.7
TAG = 0.1.0

IMAGE = nginx/nginx-ingress-operator

Expand Down
9 changes: 5 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,11 @@ The following table shows the relation between the versions of the two projects:

| NGINX Ingress Controller | NGINX Ingress Operator |
| --- | --- |
| < 1.7.0 | N/A |
| 1.7.x | 0.0.4 |
| 1.8.x | 0.0.6 |
| 1.10.x | 0.1.0 |
| 1.9.x | 0.0.7 |
| 1.8.x | 0.0.6 |
| 1.7.x | 0.0.4 |
| < 1.7.0 | N/A |

Note: The NGINX Ingress Operator works only for NGINX Ingress Controller versions after `1.7.0`.

Expand All @@ -29,7 +30,7 @@ Note: The NGINX Ingress Operator works only for NGINX Ingress Controller version
## NGINX Ingress Operator Releases
We publish NGINX Ingress Operator releases on GitHub. See our [releases page](https://github.com/nginxinc/nginx-ingress-operator/releases).

The latest stable release is [0.0.7](https://github.com/nginxinc/nginx-ingress-operator/releases/tag/v0.0.7). For production use, we recommend that you choose the latest stable release.
The latest stable release is [0.1.0](https://github.com/nginxinc/nginx-ingress-operator/releases/tag/v0.1.0). For production use, we recommend that you choose the latest stable release.

## Development

Expand Down
287 changes: 287 additions & 0 deletions bundle/0.1.0/k8s.nginx.org_nginxingresscontrollers_crd.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,287 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: nginxingresscontrollers.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: NginxIngressController
listKind: NginxIngressControllerList
plural: nginxingresscontrollers
singular: nginxingresscontroller
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: NginxIngressController is the Schema for the nginxingresscontrollers
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NginxIngressControllerSpec defines the desired state of NginxIngressController
properties:
appProtect:
description: App Protect support configuration. Requires enableCRDs
set to true.
nullable: true
properties:
enable:
description: Enable App Protect.
type: boolean
required:
- enable
type: object
configMapData:
additionalProperties:
type: string
description: Initial values of the Ingress Controller ConfigMap. Check
https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/
for more information about possible values.
nullable: true
type: object
defaultSecret:
description: The TLS Secret for TLS termination of the default server.
The format is namespace/name. The secret must be of the type kubernetes.io/tls.
If not specified, the operator will generate and deploy a TLS Secret
with a self-signed certificate and key.
type: string
enableCRDs:
description: Enables the use of NGINX Ingress Resource Definitions (VirtualServer
and VirtualServerRoute). Default is true.
nullable: true
type: boolean
enableLatencyMetrics:
description: Bucketed response times from when NGINX establishes a connection
to an upstream server to when the last byte of the response body is
received by NGINX. **Note** The metric for the upstream isn't available
until traffic is sent to the upstream.
nullable: true
type: boolean
enableLeaderElection:
description: Enables Leader election to avoid multiple replicas of the
controller reporting the status of Ingress resources – only one replica
will report status.
type: boolean
enablePreviewPolicies:
description: Enables preview policies. Requires enableCRDs set to true.
type: boolean
enableSnippets:
description: Enable custom NGINX configuration snippets in VirtualServer
and VirtualServerRoute resources. Requires enableCRDs set to true.
type: boolean
enableTLSPassthrough:
description: Enable TLS Passthrough on port 443. Requires enableCRDs
set to true.
type: boolean
globalConfiguration:
description: The GlobalConfiguration resource for global configuration
of the Ingress Controller. Format is namespace/name. Requires enableCRDs
set to true.
type: string
healthStatus:
description: Adds a new location to the default server. The location
responds with the 200 status code for any request. Useful for external
health-checking of the Ingress controller.
nullable: true
properties:
enable:
description: Enable the HealthStatus.
type: boolean
uri:
description: URI of the location. Default is `/nginx-health`.
type: string
required:
- enable
type: object
image:
description: The image of the Ingress Controller.
properties:
pullPolicy:
description: The ImagePullPolicy of the image.
enum:
- Never
- Always
- IfNotPresent
type: string
repository:
description: The repository of the image.
type: string
tag:
description: The tag (version) of the image.
type: string
required:
- pullPolicy
- repository
- tag
type: object
ingressClass:
description: A class of the Ingress controller. The Ingress controller
only processes Ingress resources that belong to its class (in other
words, have the annotation “kubernetes.io/ingress.class”). Additionally,
the Ingress controller processes Ingress resources that do not have
that annotation, which can be disabled by setting UseIngressClassOnly
to true. Default is `nginx`.
type: string
logLevel:
description: Log level for V logs. Format is 0 - 3
maximum: 3
minimum: 0
type: integer
nginxDebug:
description: 'Enable debugging for NGINX. Uses the nginx-debug binary.
Requires ‘error-log-level: debug’ in the ConfigMapData.'
type: boolean
nginxPlus:
description: Deploys the Ingress Controller for NGINX Plus. The default
is false meaning the Ingress Controller will be deployed for NGINX
OSS.
type: boolean
nginxReloadTimeout:
description: Timeout in milliseconds which the Ingress Controller will
wait for a successful NGINX reload after a change or at the initial
start.
type: integer
nginxStatus:
description: NGINX stub_status, or the NGINX Plus API.
nullable: true
properties:
allowCidrs:
description: Whitelist IPv4 IP/CIDR blocks to allow access to NGINX
stub_status or the NGINX Plus API. Separate multiple IP/CIDR by
commas. (default “127.0.0.1”)
type: string
enable:
description: Enable the NginxStatus.
type: boolean
port:
description: Set the port where the NGINX stub_status or the NGINX
Plus API is exposed. Default is 8080. Format is 1023 - 65535
maximum: 65535
minimum: 1023
nullable: true
type: integer
required:
- enable
type: object
prometheus:
description: NGINX or NGINX Plus metrics in the Prometheus format.
nullable: true
properties:
enable:
description: Enable Prometheus metrics.
type: boolean
port:
description: Sets the port where the Prometheus metrics are exposed.
Default is 9113. Format is 1023 - 65535
maximum: 65535
minimum: 1023
nullable: true
type: integer
required:
- enable
type: object
replicas:
description: The number of replicas of the Ingress Controller pod. The
default is 1. Only applies if the type is set to deployment.
format: int32
nullable: true
type: integer
reportIngressStatus:
description: Update the address field in the status of Ingresses resources.
nullable: true
properties:
enable:
description: Enable the ReportIngressStatus.
type: boolean
externalService:
description: 'Specifies the name of the service with the type LoadBalancer
through which the Ingress controller pods are exposed externally.
The external address of the service is used when reporting the
status of Ingress resources. Note: Only if serviceType is NodePort.'
type: string
ingressLink:
description: 'Specifies the name of the IngressLink resource, which
exposes the Ingress Controller pods via a BIG-IP system. The IP
of the BIG-IP system is used when reporting the status of Ingress,
VirtualServer and VirtualServerRoute resources. Requires reportIngressStatus.enable
set to true. Note: Only if serviceType is NodePort and reportIngressStatus.externalService
is not set.'
type: string
required:
- enable
type: object
service:
description: The service of the Ingress controller.
nullable: true
properties:
extraLabels:
additionalProperties:
type: string
description: Specifies extra labels of the service.
type: object
type: object
serviceType:
description: 'The type of the Service for the Ingress Controller. Valid
Service types are: NodePort and LoadBalancer.'
enum:
- NodePort
- LoadBalancer
type: string
type:
description: The type of the Ingress Controller installation - deployment
or daemonset.
enum:
- deployment
- daemonset
type: string
useIngressClassOnly:
description: Ignore Ingress resources without the “kubernetes.io/ingress.class”
annotation.
type: boolean
watchNamespace:
description: Namespace to watch for Ingress resources. By default the
Ingress controller watches all namespaces.
type: string
wildcardTLS:
description: A Secret with a TLS certificate and key for TLS termination
of every Ingress host for which TLS termination is enabled but the
Secret is not specified. The secret must be of the type kubernetes.io/tls.
If the argument is not set, for such Ingress hosts NGINX will break
any attempt to establish a TLS connection. If the argument is set,
but the Ingress controller is not able to fetch the Secret from Kubernetes
API, the Ingress Controller will fail to start. Format is namespace/name.
type: string
required:
- image
- serviceType
- type
type: object
status:
description: NginxIngressControllerStatus defines the observed state of
NginxIngressController
properties:
deployed:
description: Deployed is true if the Operator has finished the deployment
of the NginxIngressController.
type: boolean
required:
- deployed
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
Loading

0 comments on commit 4a21fa2

Please sign in to comment.