Merge commit '36a8134cf1f55fd5f6989ef42d1c73c5448bf0b0'

Changelog.md

@@ -1,5 +1,70 @@
 # Changelog
 
+### 0.29.0
+
+**Image:** `quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0`
+
+_New Features:_
+
+- NGINX 1.17.8
+- Add SameSite support for [Cookie Affinity](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#cookie-affinity) https://www.chromium.org/updates/same-site
+- Refactor of [mirror](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#mirror) feature to remove additional annotations
+
+_Changes:_
+
+- [X] [#4949](https://github.com/kubernetes/ingress-nginx/pull/4949) Add SameSite support - omit None for old browsers
+- [X] [#4973](https://github.com/kubernetes/ingress-nginx/pull/4973) Fix release script
+- [X] [#4975](https://github.com/kubernetes/ingress-nginx/pull/4975) Fix docker installation in travis script
+- [X] [#4976](https://github.com/kubernetes/ingress-nginx/pull/4976) Fix travis
+- [X] [#4977](https://github.com/kubernetes/ingress-nginx/pull/4977) Fix image version
+- [X] [#4983](https://github.com/kubernetes/ingress-nginx/pull/4983) Fix enable opentracing per location
+- [X] [#4987](https://github.com/kubernetes/ingress-nginx/pull/4987) Dump kind logs after e2e tests
+- [X] [#4993](https://github.com/kubernetes/ingress-nginx/pull/4993) Calculation algorithm for server_names_hash_bucket_size should consid…
+- [X] [#4995](https://github.com/kubernetes/ingress-nginx/pull/4995) Cleanup main makefile and remove the need of sed
+- [X] [#4996](https://github.com/kubernetes/ingress-nginx/pull/4996) Fix status update for clusters where networking.k8s.io is not available
+- [X] [#4999](https://github.com/kubernetes/ingress-nginx/pull/4999) Fix limitrange definition
+- [X] [#5000](https://github.com/kubernetes/ingress-nginx/pull/5000) Update python syntax in OAuth2 example
+- [X] [#5003](https://github.com/kubernetes/ingress-nginx/pull/5003) Fix server aliases
+- [X] [#5008](https://github.com/kubernetes/ingress-nginx/pull/5008) Fix docker buildx check in Makefile
+- [X] [#5009](https://github.com/kubernetes/ingress-nginx/pull/5009) Move mod-security logic from template to go code
+- [X] [#5010](https://github.com/kubernetes/ingress-nginx/pull/5010) Update nginx image
+- [X] [#5011](https://github.com/kubernetes/ingress-nginx/pull/5011) Update nginx image, go to 1.13.7 and e2e image
+- [X] [#5015](https://github.com/kubernetes/ingress-nginx/pull/5015) Refactor mirror feature
+- [X] [#5016](https://github.com/kubernetes/ingress-nginx/pull/5016) Fix dep-ensure task
+- [X] [#5023](https://github.com/kubernetes/ingress-nginx/pull/5023) Update metric dependencies and restore default Objectives
+- [X] [#5028](https://github.com/kubernetes/ingress-nginx/pull/5028) Add echo image to avoid building and installing dependencies in each …
+- [X] [#5031](https://github.com/kubernetes/ingress-nginx/pull/5031) Update kindest/node version to v1.17.2
+- [X] [#5032](https://github.com/kubernetes/ingress-nginx/pull/5032) Fix fortune-teller app manifest
+- [X] [#5035](https://github.com/kubernetes/ingress-nginx/pull/5035) Update github.com/paultag/sniff dependency
+- [X] [#5036](https://github.com/kubernetes/ingress-nginx/pull/5036) Disable DIND in script run-in-docker.sh
+- [X] [#5038](https://github.com/kubernetes/ingress-nginx/pull/5038) Update code to use pault.ag/go/sniff package
+- [X] [#5042](https://github.com/kubernetes/ingress-nginx/pull/5042) Fix X-Forwarded-Proto based on proxy-protocol server port
+- [X] [#5050](https://github.com/kubernetes/ingress-nginx/pull/5050) Add flag to allow custom ingress status update intervals
+- [X] [#5052](https://github.com/kubernetes/ingress-nginx/pull/5052) Change the handling of ConfigMap creation
+- [X] [#5053](https://github.com/kubernetes/ingress-nginx/pull/5053) Validation of header in authreq should be done only in the key
+- [X] [#5055](https://github.com/kubernetes/ingress-nginx/pull/5055) Only set mirror source when a target is configured
+- [X] [#5059](https://github.com/kubernetes/ingress-nginx/pull/5059) Remove minikube and only use kind
+- [X] [#5060](https://github.com/kubernetes/ingress-nginx/pull/5060) Cleanup e2e tests
+- [X] [#5061](https://github.com/kubernetes/ingress-nginx/pull/5061) Fix scripts to run in osx
+- [X] [#5062](https://github.com/kubernetes/ingress-nginx/pull/5062) Ensure scripts and dev-env works in osx
+- [X] [#5067](https://github.com/kubernetes/ingress-nginx/pull/5067) Make sure set-cookie is retained from external auth endpoint
+- [X] [#5069](https://github.com/kubernetes/ingress-nginx/pull/5069) Enable grpc e2e tests
+- [X] [#5070](https://github.com/kubernetes/ingress-nginx/pull/5070) Update go to 1.13.8
+- [X] [#5071](https://github.com/kubernetes/ingress-nginx/pull/5071) Add gzip-min-length as a Configuration Option
+
+_Documentation:_
+
+- [X] [#4974](https://github.com/kubernetes/ingress-nginx/pull/4974) Add travis script for docs
+- [X] [#4991](https://github.com/kubernetes/ingress-nginx/pull/4991) doc: added hint why regular expressions might not be accepted
+- [X] [#5018](https://github.com/kubernetes/ingress-nginx/pull/5018) Update developer document on dependency updates
+- [X] [#5020](https://github.com/kubernetes/ingress-nginx/pull/5020) docs(deploy): fix helm install command for helm v3
+- [X] [#5037](https://github.com/kubernetes/ingress-nginx/pull/5037) Cleanup README.md
+- [X] [#5040](https://github.com/kubernetes/ingress-nginx/pull/5040) Update documentation and remove hack fixed by upstream cookie library
+- [X] [#5041](https://github.com/kubernetes/ingress-nginx/pull/5041) 36.94% size reduction of image assets using lossless compression from ImgBot
+- [X] [#5043](https://github.com/kubernetes/ingress-nginx/pull/5043) Cleanup docs
+- [X] [#5068](https://github.com/kubernetes/ingress-nginx/pull/5068) docs: reference buildx as a requirement for docker builds
+- [X] [#5073](https://github.com/kubernetes/ingress-nginx/pull/5073) oauth-external-auth: README.md: Link to oauth2-proxy, dashboard-ingress.yaml
+
 ### 0.28.0
 
 **Image:** `quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.28.0`

Makefile

@@ -27,7 +27,7 @@ endif
 SHELL=/bin/bash -o pipefail
 
 # Use the 0.0 tag for testing, it shouldn't clobber any release builds
-TAG ?= 0.28.0
+TAG ?= 0.29.0
 
 # Use docker to run makefile tasks
 USE_DOCKER ?= true

build/images/ingress-controller/build-ingress-controller.sh

@@ -80,19 +80,18 @@ git clone https://github.com/kubernetes/ingress-nginx
 
 cd ingress-nginx
 
-# disable docker in docker tasks
-export DIND_TASKS=0
-
 export DOCKER_CLI_EXPERIMENTAL=enabled
 
 make init-docker-buildx
 docker buildx use ingress-nginx --default --global
 
-echo "Building NGINX image..."
+# disable docker in docker tasks
-make all-container
+export DIND_TASKS=0
 
-echo "Publishing NGINX images..."
+echo "Building NGINX image..."
-make all-push
+ARCH=amd64 make build container push
+ARCH=arm   make build container push
+ARCH=arm64 make build container push
 
 # Requires https://github.com/kubernetes/ingress-nginx/pull/4271
 #echo "Creating multi-arch images..."

deploy/cloud-generic/deployment.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: nginx-ingress-serviceaccount
       containers:
         - name: nginx-ingress-controller
-          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.28.0
+          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
           args:
             - /nginx-ingress-controller
             - --configmap=$(POD_NAMESPACE)/$(NGINX_CONFIGMAP_NAME)

deploy/cloud-generic/kustomization.yaml

@@ -12,7 +12,7 @@ resources:
 - service.yaml
 images:
 - name: quay.io/kubernetes-ingress-controller/nginx-ingress-controller
-  newTag: 0.28.0
+  newTag: 0.29.0
 vars:
 - fieldref:
     fieldPath: metadata.name

deploy/static/mandatory.yaml

@@ -217,7 +217,7 @@ spec:
         kubernetes.io/os: linux
       containers:
         - name: nginx-ingress-controller
-          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.28.0
+          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
           args:
             - /nginx-ingress-controller
             - --configmap=$(POD_NAMESPACE)/nginx-configuration

deploy/static/with-rbac.yaml

@@ -28,7 +28,7 @@ spec:
         kubernetes.io/os: linux
       containers:
         - name: nginx-ingress-controller
-          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.28.0
+          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
           args:
             - /nginx-ingress-controller
             - --configmap=$(POD_NAMESPACE)/nginx-configuration

docs/deploy/index.md

@@ -34,7 +34,7 @@
 The following **Mandatory Command** is required for all deployments.
 
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/mandatory.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/mandatory.yaml
 ```
 
 !!! tip
@@ -53,7 +53,7 @@ Kubernetes is available in Docker for Mac (from [version 18.06.0-ce](https://doc
 Create a service
 
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/provider/cloud-generic.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/provider/cloud-generic.yaml
 ```
 
 #### minikube
@@ -101,8 +101,8 @@ Check that no change is necessary with regards to the ELB idle timeout. In some
 Then execute:
 
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/provider/aws/service-l4.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/provider/aws/service-l4.yaml
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/provider/aws/patch-configmap-l4.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/provider/aws/patch-configmap-l4.yaml
 ```
 
 For L7:
@@ -114,8 +114,8 @@ Check that no change is necessary with regards to the ELB idle timeout. In some
 Then execute:
 
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/provider/aws/service-l7.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/provider/aws/service-l7.yaml
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/provider/aws/patch-configmap-l7.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/provider/aws/patch-configmap-l7.yaml
 ```
 
 This example creates an ELB with just two listeners, one in port 80 and another in port 443
@@ -136,13 +136,13 @@ More information with regards to idle timeouts for your Load Balancer can be fou
 This type of load balancer is supported since v1.10.0 as an ALPHA feature.
 
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/provider/aws/service-nlb.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/provider/aws/service-nlb.yaml
 ```
 
 #### GCE-GKE
 
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/provider/cloud-generic.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/provider/cloud-generic.yaml
 ```
 
 **Important Note:** proxy protocol is not supported in GCE/GKE
@@ -150,7 +150,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/ngin
 #### Azure
 
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/provider/cloud-generic.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/provider/cloud-generic.yaml
 ```
 
 #### Bare-metal
@@ -158,7 +158,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/ngin
 Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport):
 
 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/provider/baremetal/service-nodeport.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/provider/baremetal/service-nodeport.yaml
 ```
 
 !!! tip

docs/deploy/upgrade.md

@@ -33,7 +33,7 @@ The easiest way to do this is e.g. (do note you may need to change the name para
 
 ```
 kubectl set image deployment/nginx-ingress-controller \
-  nginx-ingress-controller=quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.28.0
+  nginx-ingress-controller=quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
 ```
 
 For interactive editing, use `kubectl edit deployment nginx-ingress-controller`.

docs/examples/auth/oauth-external-auth/README.md

@@ -51,13 +51,13 @@ kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addon
 
 ![Register OAuth2 Application](images/register-oauth-app-2.png)
 
-3. Configure oauth2_proxy values in the file oauth2-proxy.yaml with the values:
+3. Configure oauth2_proxy values in the file [`oauth2-proxy.yaml`](https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml) with the values:
 
 - OAUTH2_PROXY_CLIENT_ID with the github `<Client ID>`
 - OAUTH2_PROXY_CLIENT_SECRET with the github `<Client Secret>`
 - OAUTH2_PROXY_COOKIE_SECRET with value of `python -c 'import os,base64; print(base64.b64encode(os.urandom(16)).decode("ascii"))'`
 
-4. Customize the contents of the file dashboard-ingress.yaml:
+4. Customize the contents of the file [`dashboard-ingress.yaml`](https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/auth/oauth-external-auth/dashboard-ingress.yaml):
 
 Replace `__INGRESS_HOST__` with a valid FQDN and `__INGRESS_SECRET__` with a Secret with a valid SSL certificate.
 

docs/examples/customization/custom-errors/README.md

@@ -28,7 +28,7 @@ service/nginx-errors   ClusterIP   10.0.0.12   <none>        80/TCP    10s
 If you do not already have an instance of the NGINX Ingress controller running, deploy it according to the
 [deployment guide][deploy], then follow these steps:
 
-1. Edit the `nginx-ingress-controller` Deployment and set the value of the `--default-backend` flag to the name of the
+1. Edit the `nginx-ingress-controller` Deployment and set the value of the `--default-backend-service` flag to the name of the
    newly created error backend.
 
 2. Edit the `nginx-configuration` ConfigMap and create the key `custom-http-errors` with a value of `404,503`.

docs/examples/grpc/README.md

@@ -13,7 +13,7 @@ nginx controller.
    for the ingress).
 3. You have the nginx-ingress controller installed in typical fashion (must be
    at least
-   [quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.28.0](https://quay.io/kubernetes-ingress-controller/nginx-ingress-controller)
+   [quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0](https://quay.io/kubernetes-ingress-controller/nginx-ingress-controller)
    for grpc support.
 4. You have a backend application running a gRPC server and listening for TCP
    traffic.  If you prefer, you can use the

docs/examples/psp/README.md

@@ -15,7 +15,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/mast
 ```
 
 Now that the pod security policy is applied, we can continue as usual by applying the
-[mandatory.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/mandatory.yaml)
+[mandatory.yaml](https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/mandatory.yaml)
 according to the [Installation Guide](../../deploy/index.md).
 
 Note: PSP permissions must be granted before to the creation of the Deployment and the ReplicaSet.

docs/examples/static-ip/nginx-ingress-controller.yaml

@@ -24,7 +24,7 @@ spec:
       # hostNetwork: true
       terminationGracePeriodSeconds: 60
       containers:
-      - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.28.0
+      - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
         name: nginx-ingress-controller
         readinessProbe:
           httpGet:

docs/user-guide/nginx-configuration/configmap.md

@@ -596,6 +596,10 @@ Enables or disables [HTTP/2](http://nginx.org/en/docs/http/ngx_http_v2_module.ht
 
 Sets the gzip Compression Level that will be used. _**default:**_ 5
 
+## gzip-min-length
+
+Minimum length of responses to be returned to the client before it is eligible for gzip compression, in bytes. _**default:**_ 256
+
 ## gzip-types
 
 Sets the MIME types in addition to "text/html" to compress. The special value "\*" matches any MIME type. Responses with the "text/html" type are always compressed if `[use-gzip](#use-gzip)` is enabled.

images/nginx/Makefile

@@ -12,8 +12,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+.DEFAULT_GOAL:=container
+
+# set default shell
+SHELL=/bin/bash -o pipefail
+
 # 0.0.0 shouldn't clobber any released builds
-TAG ?= 0.97
+TAG ?= 0.98
 REGISTRY ?= quay.io/kubernetes-ingress-controller
 
 IMGNAME = nginx
@@ -25,39 +30,26 @@ EMPTY :=
 SPACE := $(EMPTY) $(EMPTY)
 COMMA := ,
 
-.PHONY: all
-all: container
-
 .PHONY: container
 container:
 	DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build \
-		--no-cache \
 		--progress plain \
 		--platform $(subst $(SPACE),$(COMMA),$(PLATFORMS)) \
 		--tag $(IMAGE):$(TAG) rootfs
 
 	# https://github.com/docker/buildx/issues/59
 	$(foreach PLATFORM,$(PLATFORMS), \
-			DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build \
+		DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build \
-			--load \
+		--load \
-			--progress plain \
+		--progress plain \
-			--platform $(PLATFORM) \
+		--platform $(PLATFORM) \
-			--tag $(IMAGE)-$(PLATFORM):$(TAG) rootfs;)
+		--tag $(IMAGE)-$(PLATFORM):$(TAG) rootfs;)
-
-ifeq ($(ARCH), amd64)
-	# This is for to maintain the backward compatibility
-	docker tag $(MULTI_ARCH_IMG):$(TAG) $(IMAGE):$(TAG)
-endif
 
 .PHONY: push
 push: container
 	$(foreach PLATFORM,$(PLATFORMS), \
 		docker push $(IMAGE)-$(PLATFORM):$(TAG);)
 
-ifeq ($(ARCH), amd64)
-	docker push $(IMAGE):$(TAG)
-endif
-
 .PHONY: release
 release: push
 	echo "done"

images/nginx/rootfs/Dockerfile

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 
-FROM --platform=$BUILDPLATFORM alpine:3.11 as builder
+FROM alpine:3.11 as builder
 
 COPY . /
 
@@ -21,7 +21,7 @@ RUN apk add -U bash \
   && /build.sh
 
 # Use a multi-stage build
-FROM --platform=$BUILDPLATFORM alpine:3.11
+FROM alpine:3.11
 
 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin
 

internal/ingress/controller/config/config.go

@@ -393,6 +393,10 @@ type Configuration struct {
 	// gzip Compression Level that will be used
 	GzipLevel int `json:"gzip-level,omitempty"`
 
+	// Minimum length of responses to be sent to the client before it is eligible
+	// for gzip compression, in bytes.
+	GzipMinLength int `json:"gzip-min-length,omitempty"`
+
 	// MIME types in addition to "text/html" to compress. The special value “*” matches any MIME type.
 	// Responses with the “text/html” type are always compressed if UseGzip is enabled
 	GzipTypes string `json:"gzip-types,omitempty"`
@@ -695,6 +699,7 @@ func NewDefault() Configuration {
 		HSTSPreload:                      false,
 		IgnoreInvalidHeaders:             true,
 		GzipLevel:                        5,
+		GzipMinLength:                    256,
 		GzipTypes:                        gzipTypes,
 		KeepAlive:                        75,
 		KeepAliveRequests:                100,

internal/ingress/controller/template/configmap_test.go

@@ -65,6 +65,7 @@ func TestMergeConfigMapToStruct(t *testing.T) {
 		"error-log-path":                "/var/log/test/error.log",
 		"use-gzip":                      "true",
 		"gzip-level":                    "9",
+		"gzip-min-length":               "1024",
 		"gzip-types":                    "text/html",
 		"proxy-real-ip-cidr":            "1.1.1.1/8,2.2.2.2/24",
 		"bind-address":                  "1.1.1.1,2.2.2.2,3.3.3,2001:db8:a0b:12f0::1,3731:54:65fe:2::a7,33:33:33::33::33",
@@ -85,6 +86,7 @@ func TestMergeConfigMapToStruct(t *testing.T) {
 	def.ProxySendTimeout = 2
 	def.UseProxyProtocol = true
 	def.GzipLevel = 9
+	def.GzipMinLength = 1024
 	def.GzipTypes = "text/html"
 	def.ProxyRealIPCIDR = []string{"1.1.1.1/8", "2.2.2.2/24"}
 	def.BindAddressIpv4 = []string{"1.1.1.1", "2.2.2.2"}

rootfs/Dockerfile

@@ -15,7 +15,7 @@
 ARG BASE_IMAGE
 ARG VERSION
 
-FROM --platform=$BUILDPLATFORM ${BASE_IMAGE}
+FROM ${BASE_IMAGE}
 
 LABEL org.opencontainers.image.title="NGINX Ingress Controller for Kubernetes"
 LABEL org.opencontainers.image.documentation="https://kubernetes.github.io/ingress-nginx/"

rootfs/etc/nginx/template/nginx.tmpl

@@ -239,7 +239,7 @@ http {
     gzip on;
     gzip_comp_level {{ $cfg.GzipLevel }};
     gzip_http_version 1.1;
-    gzip_min_length 256;
+    gzip_min_length {{ $cfg.GzipMinLength}};
     gzip_types {{ $cfg.GzipTypes }};
     gzip_proxied any;
     gzip_vary on;

test/e2e/settings/custom_header.go

@@ -0,0 +1,103 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package settings
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"github.com/parnurzeal/gorequest"
+
+	"k8s.io/ingress-nginx/test/e2e/framework"
+)
+
+var _ = framework.IngressNginxDescribe("Add custom header", func() {
+	f := framework.NewDefaultFramework("custom-header")
+	host := "custom-header"
+
+	BeforeEach(func() {
+		f.NewEchoDeployment()
+		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, nil)
+		f.EnsureIngress(ing)
+	})
+
+	AfterEach(func() {
+	})
+
+	It("Add a custom header", func() {
+		customHeader := "X-A-Custom-Header"
+		customHeaderValue := "customHeaderValue"
+
+		h := make(map[string]string)
+		h[customHeader] = customHeaderValue
+
+		f.CreateConfigMap("add-headers-configmap", h)
+
+		wlKey := "add-headers"
+		wlValue := f.Namespace + "/add-headers-configmap"
+
+		f.UpdateNginxConfigMapData(wlKey, wlValue)
+
+		f.WaitForNginxConfiguration(func(server string) bool {
+			return strings.Contains(server, fmt.Sprintf("more_set_headers \"%s: %s\";", customHeader, customHeaderValue))
+		})
+
+		resp, _, errs := gorequest.New().
+			Get(f.GetURL(framework.HTTP)).
+			Set("Host", host).
+			End()
+
+		Expect(errs).Should(BeEmpty())
+		Expect(resp.StatusCode).Should(Equal(http.StatusOK))
+		Expect(resp.Header.Get(customHeader)).Should(ContainSubstring(customHeaderValue))
+	})
+
+	It("Add multiple custom headers", func() {
+		firstCustomHeader := "X-First"
+		firstCustomHeaderValue := "Prepare for trouble!"
+		secondCustomHeader := "X-Second"
+		secondCustomHeaderValue := "And make it double!"
+
+		h := make(map[string]string)
+		h[firstCustomHeader] = firstCustomHeaderValue
+		h[secondCustomHeader] = secondCustomHeaderValue
+
+		f.CreateConfigMap("add-headers-configmap-two", h)
+
+		wlKey := "add-headers"
+		wlValue := f.Namespace + "/add-headers-configmap-two"
+
+		f.UpdateNginxConfigMapData(wlKey, wlValue)
+
+		f.WaitForNginxConfiguration(func(server string) bool {
+			return strings.Contains(server, fmt.Sprintf("more_set_headers \"%s: %s\";", firstCustomHeader, firstCustomHeaderValue)) && strings.Contains(server, fmt.Sprintf("more_set_headers \"%s: %s\";", secondCustomHeader, secondCustomHeaderValue))
+		})
+
+		resp, _, errs := gorequest.New().
+			Get(f.GetURL(framework.HTTP)).
+			Set("Host", host).
+			End()
+
+		Expect(errs).Should(BeEmpty())
+		Expect(resp.StatusCode).Should(Equal(http.StatusOK))
+		Expect(resp.Header.Get(firstCustomHeader)).Should(ContainSubstring(firstCustomHeaderValue))
+		Expect(resp.Header.Get(secondCustomHeader)).Should(ContainSubstring(secondCustomHeaderValue))
+	})
+})