From 9a9c612f5a6f6af4d3ed44694d289d29eabc2827 Mon Sep 17 00:00:00 2001
From: Ilya Saulenko <hi@mynameiswhm.ru>
Date: Tue, 10 Oct 2017 13:18:45 +0300
Subject: [PATCH 1/6] Allow usage of non_idempotent option in
 proxy_next_upstream

---
 pkg/nginx/template/template.go       | 19 +++++++++++---
 pkg/nginx/template/template_test.go  | 39 +++++++++++++++++++++++-----
 rootfs/etc/nginx/template/nginx.tmpl |  2 +-
 3 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/pkg/nginx/template/template.go b/pkg/nginx/template/template.go
index e498b9584..6ec0cf388 100644
--- a/pkg/nginx/template/template.go
+++ b/pkg/nginx/template/template.go
@@ -44,6 +44,7 @@ import (
 
 const (
 	slash         = "/"
+	nonIdempotent = "non_idempotent"
 	defBufferSize = 65535
 )
 
@@ -548,20 +549,30 @@ func isSticky(host string, loc *ingress.Location, stickyLocations map[string][]s
 	return false
 }
 
-func buildNextUpstream(input interface{}) string {
-	nextUpstream, ok := input.(string)
+func buildNextUpstream(i, r interface{}) string {
+	nextUpstream, ok := i.(string)
 	if !ok {
-		glog.Errorf("expected a 'string' type but %T was returned", input)
+		glog.Errorf("expected a 'string' type but %T was returned", i)
 		return ""
 	}
 
+	retryNonIdempotent := r.(bool)
+
 	parts := strings.Split(nextUpstream, " ")
 
 	nextUpstreamCodes := make([]string, 0, len(parts))
 	for _, v := range parts {
-		if v != "" && v != "non_idempotent" {
+		if v != "" && v != nonIdempotent {
 			nextUpstreamCodes = append(nextUpstreamCodes, v)
 		}
+
+		if v == nonIdempotent {
+			retryNonIdempotent = true
+		}
+	}
+
+	if retryNonIdempotent {
+		nextUpstreamCodes = append(nextUpstreamCodes, nonIdempotent)
 	}
 
 	return strings.Join(nextUpstreamCodes, " ")
diff --git a/pkg/nginx/template/template_test.go b/pkg/nginx/template/template_test.go
index 9e68c70a2..de26399a0 100644
--- a/pkg/nginx/template/template_test.go
+++ b/pkg/nginx/template/template_test.go
@@ -311,13 +311,40 @@ func TestBuildResolvers(t *testing.T) {
 }
 
 func TestBuildNextUpstream(t *testing.T) {
-	nextUpstream := "timeout http_500 http_502 non_idempotent"
-	validNextUpstream := "timeout http_500 http_502"
+	cases := map[string]struct {
+		NextUpstream  string
+		NonIdempotent bool
+		Output        string
+	}{
+		"default": {
+			"timeout http_500 http_502",
+			false,
+			"timeout http_500 http_502",
+		},
+		"global": {
+			"timeout http_500 http_502",
+			true,
+			"timeout http_500 http_502 non_idempotent",
+		},
+		"local": {
+			"timeout http_500 http_502 non_idempotent",
+			false,
+			"timeout http_500 http_502 non_idempotent",
+		},
+	}
 
-	buildNextUpstream := buildNextUpstream(nextUpstream)
-
-	if buildNextUpstream != validNextUpstream {
-		t.Errorf("Expected '%v' but returned '%v'", validNextUpstream, buildNextUpstream)
+	for k, tc := range cases {
+		nextUpstream := buildNextUpstream(tc.NextUpstream, tc.NonIdempotent)
+		if nextUpstream != tc.Output {
+			t.Errorf(
+				"%s: called buildNextUpstream('%s', %v); expected '%v' but returned '%v'",
+				k,
+				tc.NextUpstream,
+				tc.NonIdempotent,
+				tc.Output,
+				nextUpstream,
+			)
+		}
 	}
 }
 
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index cdcce1a1a..920b68216 100644
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -788,7 +788,7 @@ stream {
             proxy_cookie_path                       {{ $location.Proxy.CookiePath }};
 
             # In case of errors try the next upstream server before returning an error
-            proxy_next_upstream                     {{ buildNextUpstream $location.Proxy.NextUpstream }}{{ if $all.Cfg.RetryNonIdempotent }} non_idempotent{{ end }};
+            proxy_next_upstream                     {{ buildNextUpstream $location.Proxy.NextUpstream $all.Cfg.RetryNonIdempotent }};
 
             {{/* rewrite only works if the content is not compressed */}}
             {{ if $location.Rewrite.AddBaseURL }}

From 3d07b97a8a7d5e40b28a9f4e66c9e754b48fabfb Mon Sep 17 00:00:00 2001
From: Ilya Saulenko <hi@mynameiswhm.ru>
Date: Tue, 10 Oct 2017 13:18:50 +0300
Subject: [PATCH 2/6] Add ingress.kubernetes.io/proxy-next-upstream annotation
 to annotations.md

---
 docs/user-guide/annotations.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/user-guide/annotations.md b/docs/user-guide/annotations.md
index c9157685f..9a10e123e 100644
--- a/docs/user-guide/annotations.md
+++ b/docs/user-guide/annotations.md
@@ -28,6 +28,7 @@ The following annotations are supported:
 |[ingress.kubernetes.io/proxy-connect-timeout](#custom-timeouts)|number|
 |[ingress.kubernetes.io/proxy-send-timeout](#custom-timeouts)|number|
 |[ingress.kubernetes.io/proxy-read-timeout](#custom-timeouts)|number|
+|[ingress.kubernetes.io/proxy-next-upstream](#custom-timeouts)|string|
 |[ingress.kubernetes.io/proxy-request-buffering](#custom-timeouts)|string|
 |[ingress.kubernetes.io/rewrite-target](#rewrite)|URI|
 |[ingress.kubernetes.io/secure-backends](#secure-backends)|true or false|
@@ -313,6 +314,7 @@ In some scenarios is required to have different values. To allow this we provide
 - `ingress.kubernetes.io/proxy-connect-timeout`
 - `ingress.kubernetes.io/proxy-send-timeout`
 - `ingress.kubernetes.io/proxy-read-timeout`
+- `ingress.kubernetes.io/proxy-next-upstream`
 - `ingress.kubernetes.io/proxy-request-buffering`
 
 ### Custom max body size

From d1e955ca0a2a770cdd464d260e37f6f578ea30c2 Mon Sep 17 00:00:00 2001
From: Jimmy Grand <jgrand@leadformance.com>
Date: Tue, 17 Oct 2017 10:34:06 +0200
Subject: [PATCH 3/6] fix(documentation): Fix some typos

Fix some word typos
---
 deploy/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/README.md b/deploy/README.md
index 32bd01af5..7b2bb9f30 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -66,7 +66,7 @@ minikube addons enable ingress
 ### AWS
 
 In AWS we use an Elastic Load Balancer (ELB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`.
-This setup requires to choose in wich layer (L4 or L7) we want to configure the ELB:
+This setup requires to choose in which layer (L4 or L7) we want to configure the ELB:
 
 - [Layer 4](https://en.wikipedia.org/wiki/OSI_model#Layer_4:_Transport_Layer): use TCP as the listener protocol for ports 80 and 443.
 - [Layer 7](https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer): use HTTP as the listener protocol for port 80 and terminate TLS in the ELB

From 6ff367910eee49aab1d5df5ce337050a0a0591ab Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Tue, 17 Oct 2017 12:24:03 -0300
Subject: [PATCH 4/6] Fix glog initialization error

---
 pkg/ingress/controller/controller.go | 2 +-
 pkg/ingress/controller/launch.go     | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/ingress/controller/controller.go b/pkg/ingress/controller/controller.go
index c16f46a01..d6608f8b2 100644
--- a/pkg/ingress/controller/controller.go
+++ b/pkg/ingress/controller/controller.go
@@ -1219,7 +1219,7 @@ func (ic *GenericController) Start() {
 
 	time.Sleep(5 * time.Second)
 	// initial sync of secrets to avoid unnecessary reloads
-	glog.Info("running initial sync of secret")
+	glog.Info("running initial sync of secrets")
 	for _, obj := range ic.listers.Ingress.List() {
 		ing := obj.(*extensions.Ingress)
 
diff --git a/pkg/ingress/controller/launch.go b/pkg/ingress/controller/launch.go
index b81bc7c37..57d0d253a 100644
--- a/pkg/ingress/controller/launch.go
+++ b/pkg/ingress/controller/launch.go
@@ -109,6 +109,9 @@ func NewIngressController(backend ingress.Controller) *GenericController {
 	flags.AddGoFlagSet(flag.CommandLine)
 	backend.ConfigureFlags(flags)
 	flags.Parse(os.Args)
+	// Workaround for this issue:
+	// https://github.com/kubernetes/kubernetes/issues/17162
+	flag.CommandLine.Parse([]string{})
 	backend.OverrideFlags(flags)
 
 	flag.Set("logtostderr", "true")

From 489b851835142e66ce67ceed656abfa24cc765b7 Mon Sep 17 00:00:00 2001
From: Daniel Mueller <dan@unthought.org>
Date: Wed, 18 Oct 2017 01:05:09 -0200
Subject: [PATCH 5/6] fix broken GCE-GKE service descriptor

fixes #1546
---
 deploy/provider/gce-gke/service.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/provider/gce-gke/service.yaml b/deploy/provider/gce-gke/service.yaml
index 0af8b11f4..8d2f71505 100644
--- a/deploy/provider/gce-gke/service.yaml
+++ b/deploy/provider/gce-gke/service.yaml
@@ -16,4 +16,4 @@ spec:
     targetPort: http
   - name: https
     port: 443
-    targetPort: http
+    targetPort: https

From f1d8313ee8c97c146aa81b01406f353b3a4a575a Mon Sep 17 00:00:00 2001
From: Giancarlo Rubio <gianrubio@gmail.com>
Date: Wed, 18 Oct 2017 09:39:34 +0200
Subject: [PATCH 6/6] link to prometheus docs

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index e52a401d4..3db9dab51 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,7 @@ An Ingress Controller is a daemon, deployed as a Kubernetes Pod, that watches th
 - [Proxy Protocol](#proxy-protocol)
 - [ModSecurity Web Application Firewall](docs/user-guide/modsecurity.md)
 - [Opentracing](docs/user-guide/opentracing.md)
+- [VTS and Prometheus metrics](docs/examples/customization/custom-vts-metrics-prometheus/README.md)
 - [Custom errors](docs/user-guide/custom-errors.md)
 - [NGINX status page](docs/user-guide/nginx-status-page.md)
 - [Running multiple ingress controllers](#running-multiple-ingress-controllers)