This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 28.000000000000004%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Hi All,
We are using AKS, but recently we have one libxml2 vulnerability for AKS Web_Application_Routing Ingress Controller.
AKS version: 1.28.5
Nginx Controller Image for Web_Application_Routing: mcr.microsoft.com/oss/kubernetes/ingress/nginx-ingress-controller:v1.9.4
I have tried to amend the image version from v1.9.4 to v.1.10.0 in ingress controller yaml file. but it restored after i amend.
So i don't know how to upgrade the image version.
And is there any solution for it without using other ingress controller?
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 89%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Hi Kawen,
How have you installed your nginx-ingress-controller?
Was it installed via Microsoft's Addon - https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default? or was it via HEML charts?
If it was via Addon, unfortunately you won't be able to update it yourself, this is a managed nginx-ingress-controller and therefore the upgrade will be performed by Microsoft's end when possible and if you try to change it, indeed this change will be overwritten again.
If it was via HELM charts, you can consider on updating the charts and then update the deployment:
$helm repo update <name of the repo>
$helm upgrade --reuse-values ingress-nginx ingress-nginx/ingress-nginx
For more information, please check documentations:https://helm.sh/docs/helm/helm_repo_update/
https://kubernetes.github.io/ingress-nginx/deploy/upgrade/#with-helm
https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default
Hi Patricia,
We use the following command line to enable web_application_routing for ak
az aks enable-addons -g rg-inslead-dev -n ns-inslead-dev --addons web_application_routing
then it will create nginx ingress controller automatically.
So i don't know how to upgrade the image version.
Hi Kewen,
It seems like you're still using the older nginx-ingress-controller for the AKS cluster.
This addon mentioned by you was deprecated and in order to start using the newly available, you can follow the steps on the documentation:
https://learn.microsoft.com/en-us/azure/aks/app-routing-migration
Once again, managed ingress-controllers enabled by addons are managed by Microsoft(AKS team) and will be updated by Microsoft as soon as possible, therefore you won't need to do any action on your end.
Although, in your case as you're using a deprecated addon, please consider following the documentation above to install the new addon
Hi Patricia,
I have tried to implement the guide https://learn.microsoft.com/en-us/azure/aks/app-routing-migration provided by you. but it prompted "App Routing is already enabled". So existing nginx ingress controller is new application routing addon.
azureuser [ ~ ]$ az aks approuting enable -g rg-inslead-dev -n aks-insleads-dev
The behavior of this command has been altered by the following extension: aks-preview
App Routing is already enabled.
azureuser [ ~ ]$ kubectl get pod -A | grep nginx
NAMESPACE NAME READY STATUS RESTARTS AGE
app-routing-system nginx-75b695b88d-8qlkk 1/1 Running 0 6d3h
app-routing-system nginx-75b695b88d-lp7ph 1/1 Running 0 6d3h
from the above log, you can see current using ingress controller is App Routing, not old HTTP application routing addon.
Hello Pan, Kewen
We noticed your have rated low on the provided answer as not helpful. Thank you for taking time to share feedback.
This issue needs deeper investigation. Support team will be able to check and help on this. I would recommend you to open a azure support case.