NGINX Ingress Controller Release 5.1.0 (#730)

* Add Rate Limit variable condition

* NIC 5.1.0 Release

* Apply suggestions from code review

Co-authored-by: Alan Dooley <[email protected]>

* update tech specs

* Apply suggestions from code review

Co-authored-by: Mike Jang <[email protected]>

* Update content/nic/technical-specifications.md

---------

Co-authored-by: Paul Abel <[email protected]>
Co-authored-by: Alan Dooley <[email protected]>
Co-authored-by: Mike Jang <[email protected]>

Author: 4 people

content/nic/configuration/policy-resource.md

@@ -175,8 +175,14 @@ condition:
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``jwt`` | defines a JWT condition to rate limit against. | [ratelimit.condition.jwt](#ratelimitconditionjwt) | No |
-|``default`` | sets the rate limit in this policy to be the default if no conditions are met. In a group of policies with the same JWT condition, only one policy can be the default. | ``bool`` | No |
+|``variables`` | defines a Variable condition to rate limit against. | [ratelimit.condition.variables](#ratelimitconditionvariables) | No |
+|``default`` | sets the rate limit in this policy to be the default if no conditions are met. In a group of policies with the same condition, only one policy can be the default. | ``bool`` | No |
 {{% /table %}}
+{{< note >}}
+ 
+One condition of type `jwt` or `variables` is required. Each Policy supports only one condition.
+
+{{< /note >}}
 
 The rate limit policy with condition is designed to be used in combination with one or more rate limit policies. For example, multiple rate limit policies with [RateLimit.Condition.JWT](#ratelimitconditionjwt) can be used to apply different tiers of rate limit based on the value of a JWT claim. For a practical example of tiered rate limiting by the value of a JWT claim, see the example in our [GitHub repository](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/rate-limit-tiered-jwt-claim/README.md).
 
@@ -213,6 +219,27 @@ The rate limit policy will only apply to requests that contain a JWT with the sp
 |``match`` | the value of the claim to match against. | ``string`` | Yes |
 {{% /table %}}
 
+### RateLimit.Condition.Variables
+
+RateLimit.Condition.Variables defines a condition for a rate limit by NGINX variable. The following example defines a condition for a rate limit policy that only applies to requests with the request method with a value `GET`:
+
+```yaml
+variables:
+  - name: $request_method
+    match: GET
+```
+
+{{< note >}}
+Only one variable at a time is supported at present.
+{{< /note >}}
+
+{{% table %}}
+|Field | Description | Type | Required |
+| ---| ---| ---| --- |
+|``name`` | the name of the NGINX variable to be rate limit by. | ``string`` | Yes |
+|``match`` | the value of the NGINX variable to match against.  Values prefixed with the `~` character denote the following is a [regular expression](https://nginx.org/en/docs/http/ngx_http_map_module.html#map).  | ``string`` | Yes |
+{{% /table %}}
+
 ### APIKey
 
 The API Key auth policy configures NGINX to authorize client requests based on the presence of a valid API Key in a header or query param specified in the policy.

content/nic/releases.md

@@ -5,6 +5,55 @@ toc: true
 nd-content-type: reference
 nd-product: NIC
 nd-docs: DOCS-616
+---
+## 5.1.0
+
+08 Jul 2025
+
+This release includes the ability to configure Rate Limiting for your APIs based on a specific NGINX variable and its value. This allows you more granular control over how frequently specific users access your resources.
+
+Lastly, in our previous v5.0.0 release, we removed support for Open Tracing. This release replaces that observability capability with native NGINX Open Telemetry traces, allowing you to monitor the internal traffic of your applications.
+
+### <i class="fa-solid fa-rocket"></i> Features
+- [7642](https://github.com/nginx/kubernetes-ingress/pull/7642) Add OpenTelemetry support
+- [7916](https://github.com/nginx/kubernetes-ingress/pull/7916) Add support for Agent V3
+- [7884](https://github.com/nginx/kubernetes-ingress/pull/7884) Tiered rate limits with variables
+- [7765](https://github.com/nginx/kubernetes-ingress/pull/7765) Add OIDC PKCE configuration through Policy
+- [7832](https://github.com/nginx/kubernetes-ingress/pull/7832) Add request_method to rate-limit Policy
+- [7695](https://github.com/nginx/kubernetes-ingress/pull/7695) Add ConfigMapKeys & MGMTConfigMapKeys to Telemetry
+- [7705](https://github.com/nginx/kubernetes-ingress/pull/7705) Add Context to logging for JSON and TEXT formats
+
+### <i class="fa-solid fa-bug-slash"></i> Fixes
+
+- [7651](https://github.com/nginx/kubernetes-ingress/pull/7651) Use pod labels as headless selector labels
+- [7691](https://github.com/nginx/kubernetes-ingress/pull/7691) Avoid applying updates on Ingress Controller shutdown
+- [7748](https://github.com/nginx/kubernetes-ingress/pull/7748) Add ; in oidc files
+- [7786](https://github.com/nginx/kubernetes-ingress/pull/7786) Correct namespace for mgmt secrets
+- [7853](https://github.com/nginx/kubernetes-ingress/pull/7853) Update template for custom redirect URI
+- [7865](https://github.com/nginx/kubernetes-ingress/pull/7865) Maintain HeadlessService on upgrade
+
+### <i class="fa-solid fa-upload"></i> Dependencies
+
+- [7647](https://github.com/nginx/kubernetes-ingress/pull/7647), [7666](https://github.com/nginx/kubernetes-ingress/pull/7666), [7711](https://github.com/nginx/kubernetes-ingress/pull/7711), [7767](https://github.com/nginx/kubernetes-ingress/pull/7767), [7798](https://github.com/nginx/kubernetes-ingress/pull/7798), [7824](https://github.com/nginx/kubernetes-ingress/pull/7824), [7854](https://github.com/nginx/kubernetes-ingress/pull/7854), [7900](https://github.com/nginx/kubernetes-ingress/pull/7900), [7918](https://github.com/nginx/kubernetes-ingress/pull/7918), [7926](https://github.com/nginx/kubernetes-ingress/pull/7926) Bump Go dependancies
+- [7714](https://github.com/nginx/kubernetes-ingress/pull/7714), [7788](https://github.com/nginx/kubernetes-ingress/pull/7788), [7825](https://github.com/nginx/kubernetes-ingress/pull/7825), [7855](https://github.com/nginx/kubernetes-ingress/pull/7855), [7890](https://github.com/nginx/kubernetes-ingress/pull/7890), [7888](https://github.com/nginx/kubernetes-ingress/pull/7888), [7893](https://github.com/nginx/kubernetes-ingress/pull/7893), [7903](https://github.com/nginx/kubernetes-ingress/pull/7903) Bump Docker dependencies
+- [7808](https://github.com/nginx/kubernetes-ingress/pull/7808) Update kubernetes version to v1.33.1 in helm schema
+- [7896](https://github.com/nginx/kubernetes-ingress/pull/7896) Update go version to 1.24.4
+
+### <i class="fa-solid fa-download"></i> Upgrade
+
+- For NGINX, use the 5.1.0 images from our
+[DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/tags?page=1&ordering=last_updated&name=5.1.0),
+[GitHub Container](https://github.com/nginx/kubernetes-ingress/pkgs/container/kubernetes-ingress),
+[Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress).
+- For NGINX Plus, use the 5.1.0 images from the F5 Container registry or build your own image using the 5.1.0 source code
+- For Helm, use version 2.2.0 of the chart.
+
+### <i class="fa-solid fa-life-ring"></i> Supported Platforms
+
+We will provide technical support for NGINX Ingress Controller on any Kubernetes platform that is currently supported by
+its provider and that passes the Kubernetes conformance tests. This release was fully tested on the following Kubernetes
+versions: 1.25-1.33.
+
 ---
 ## 5.0.0
 

content/nic/technical-specifications.md

@@ -19,7 +19,8 @@ We test NGINX Ingress Controller on a range of Kubernetes platforms for each rel
 {{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
 | NIC version | Kubernetes versions tested  | NIC Helm Chart version | NIC Operator version | NGINX / NGINX Plus version | End of Technical Support |
 | --- | --- | --- | --- | --- | --- |
-| {{< nic-version >}} | 1.25 - 1.32 | {{< nic-helm-version >}} | {{< nic-operator-version >}} | 1.27.4 / R34 | - |
+| {{< nic-version >}} | 1.25 - 1.33 | {{< nic-helm-version >}} | {{< nic-operator-version >}} | 1.27.5 / R34 P1 | - |
+| 5.0.0 | 1.25 - 1.32 | 2.1.0 | 3.1.0 | 1.27.4 / R34 | Apr 16, 2027 |
 | 4.0.1 | 1.25 - 1.32 | 2.0.1 | 3.0.1 | 1.27.4 / R33 P2 | Feb 7, 2027 |
 | 3.7.2 | 1.25 - 1.31 | 1.4.2 | 2.4.2 | 1.27.2 / R32 P1 | Nov 25, 2026 |
 | 3.6.2 | 1.25 - 1.31 | 1.3.2 | 2.3.2 | 1.27.1 / R32 P1 | Aug 19, 2026 |
@@ -41,13 +42,13 @@ We provide the following Docker images, which include NGINX or NGINX Plus bundle
 From release `v5.1.0` onwards, NGINX Ingress Controller will no longer provide binaries for the `armv7`, `s390x` & `ppc64le` architectures.
 {{< /important >}}
 
-_All images include NGINX 1.27.4._
+_All images include NGINX 1.27.5._
 
 {{< bootstrap-table "table table-bordered table-responsive" >}}
 |<div style="width:200px">Name</div> | <div style="width:100px">Base image</div> | DockerHub image | Architectures |
 | ---| --- | --- | --- |
-|Alpine-based image | ``nginx:1.27.4-alpine``,<br>based on on ``alpine:3.21`` | ``nginx/nginx-ingress:{{< nic-version >}}-alpine`` | arm64<br>amd64 |
-|Debian-based image | ``nginx:1.27.4``,<br>based on on ``debian:12-slim`` | ``nginx/nginx-ingress:{{< nic-version >}}`` | arm64<br>amd64 |
+|Alpine-based image | ``nginx:1.27.5-alpine``,<br>based on on ``alpine:3.21`` | ``nginx/nginx-ingress:{{< nic-version >}}-alpine`` | arm64<br>amd64 |
+|Debian-based image | ``nginx:1.27.5``,<br>based on on ``debian:12-slim`` | ``nginx/nginx-ingress:{{< nic-version >}}`` | arm64<br>amd64 |
 |Ubi-based image | ``redhat/ubi9-minimal`` | ``nginx/nginx-ingress:{{< nic-version >}}-ubi`` | arm64<br>amd64 |
 {{% /bootstrap-table %}}
 

layouts/shortcodes/nic-helm-version.html

@@ -1 +1 @@
-2.1.0
+2.2.0

layouts/shortcodes/nic-operator-version.html

@@ -1 +1 @@
-3.1.0
+3.2.0

layouts/shortcodes/nic-version.html

@@ -1 +1 @@
-5.0.0
+5.1.0