DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4685 commits 4 branches 217 tags 166 MiB
Commit graph

76 commits

Author SHA1 Message Date
Boris Djurdjevic
665f924e9e Add proxy protocol support for X-Forwarded-Port 
Fixes https://github.com/kubernetes/ingress-nginx/issues/4951
 2020-01-24 13:50:35 +01:00
Manuel Alejandro de Brito Fontes
2af6305a4f Fix flaking e2e tests 2020-01-05 14:08:56 -03:00
Manuel Alejandro de Brito Fontes
1f2820a343 GeoIP test are temporarily disabled 2020-01-04 15:17:24 -03:00
Manuel Alejandro de Brito Fontes
5c30820d1f Remove hard-coded annotation and don't use map pointers 2019-12-13 03:05:20 -03:00
Manuel Alejandro de Brito Fontes
c2550930b1 Fix e2e test flakes 2019-12-13 01:34:52 -03:00
Manuel Alejandro de Brito Fontes
0dce5be743 Migrate ingress definitions from extensions to networking.k8s.io 2019-12-12 21:25:00 -03:00
Elvin Efendi
49ba53b7b6 regression test for duplicate hsts 2019-12-12 13:45:43 -05:00
Kubernetes Prow Robot
fb025ab501
Merge pull request #4087 from MRoci/master 
Define Modsecurity Snippet via ConfigMap
 2019-09-30 15:19:32 -07:00
Andrea Spacca
e84c8cd705 ISSUE-4244 e2e test 2019-09-29 23:28:44 +02:00
MRoci
1ee081ccc8
test modsecurity-snippet 2019-09-28 09:54:10 +02:00
Elvin Efendi
799f0ae76d more meaningful assertion for tls hsts test 2019-09-24 15:39:20 -04:00
Manuel Alejandro de Brito Fontes
ce3e3d51c3
WIP Remove nginx unix sockets (#4531) 
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
 2019-09-08 18:14:54 -03:00
Manuel Alejandro de Brito Fontes
c85450c1e7
Remove hard-coded names from e2e test and use local docker dependencies (#4502) 2019-09-01 14:16:52 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Manuel Alejandro de Brito Fontes
23ed3ba4c4
Fix file permissions to support volumes 2019-08-15 20:48:37 -04:00
Elvin Efendi
b21c721196 lua-shared-dicts improvements, fixes and documentation 2019-08-14 22:10:56 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Kubernetes Prow Robot
8c472190d1
Merge pull request #4086 from jeroen92/issue-4038 
Resolve #4038, move X-Forwarded-Port variable to the location context
 2019-08-09 08:07:25 -07:00
tals
a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Jeroen Schutrup
8dd912114e
Move X-Forwarded-Port variable to the location context 
Resolves issue #4038 where the X-Forwarded-Port header would be set to the value of the https listening port if all of the following settings were satisfied:
- The ingress controller was started with a non-default HTTPS port set with the `--https-port` argument
- An ingress is created having:
  - the `nginx.ingress.kubernetes.io/auth-url` annotation set
  - TLS enabled

This commit solves this issue by moving the setting of the `pass_server_port` variable from the server, one level down to the location context.
 2019-08-06 17:00:58 +02:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Manuel Alejandro de Brito Fontes
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package 2019-06-13 11:32:39 -04:00
Kubernetes Prow Robot
251f48b120
Merge pull request #4135 from nicknovitski/deployment-api-appsv1 
Use apps/v1 api group in e2e tests
 2019-05-29 16:50:18 -07:00
Nick Novitski
e1958b8272 Run PodSecurityPolicy E2E test in parallel 
Previously, this test modified a ClusterRole used by _every_ test.  It had to be run serially, with a special teardown function that restored the state of the ClusterRole for any other serial tests.

Now every test gets its own cluster role, which means this test can be safely run in parallel with all the others, without any special teardown.
 2019-05-29 14:13:04 -07:00
Nick Novitski
d617e5abdc Use apps/v1 api group in e2e tests 2019-05-29 12:12:45 -07:00
Manuel Alejandro de Brito Fontes
c2227a058d
Refactor e2e test 2019-05-27 06:31:01 -04:00
Nick Novitski
51ad0bc54b Rearrange deployment files into kustomizations 2019-05-19 12:35:54 -07:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Elvin Efendi
b13432dbe0 adjust default ssl cert e2e test 2019-04-13 15:00:44 -04:00
Elvin Efendi
1ddf5d2752 regression test for dynamic cert related default-certificate issue 2019-04-09 22:11:21 -04:00
Elvin Efendi
87e962682f properly parse x-forwarded-host 2019-03-31 15:10:45 -04:00
Elvin Efendi
496ff07bf1 replace some of the Nginx configuration to Lua code 2019-03-31 12:04:52 -04:00
Manuel Alejandro de Brito Fontes
14a9e9f3fa
Update dependencies client-go to release-11.0 and kubernetes-1.14.0 2019-03-28 20:43:18 -03:00
Manuel Alejandro de Brito Fontes
5e249d3366
Refactor e2e tests to use the service ClusterIP 2019-02-24 20:04:07 -03:00
Manuel Alejandro de Brito Fontes
8b6e4d4697
Use UsePortInRedirects only if enabled 2019-02-21 17:48:45 -03:00
Alex Kursell
ca74960905 Fix --disable-catch-all 2019-01-25 14:53:55 -05:00
Manuel Alejandro de Brito Fontes
0db09f425d
Refactor e2e tls helper 2019-01-10 20:59:49 -03:00
Maxime Ginters
3fa8395f7f Fix a bug in Ingress update handler 2019-01-08 09:28:42 -05:00
Kubernetes Prow Robot
8f57f9578d
Merge pull request #3586 from Shopify/disable-catch-all 
Add --disable-catch-all option to disable catch-all server
 2019-01-07 07:16:26 -08:00
Kubernetes Prow Robot
29118750be
Merge pull request #3342 from aledbf/allowPrivilegeEscalation 
Allow privilege escalation
 2019-01-02 17:49:39 -08:00
Manuel Alejandro de Brito Fontes
09e2466671
Add support to run e2e tests serially 2019-01-02 15:47:26 -03:00
Manuel Alejandro de Brito Fontes
a73dac2c0b
Fix proxy_host variable configuration 2019-01-02 15:31:27 -03:00
Manuel Alejandro de Brito Fontes
1109db2d09 Add e2e test 2018-12-21 19:30:34 -03:00
Manuel Alejandro de Brito Fontes
9be174738d Add allowPrivilegeEscalation 2018-12-21 19:30:19 -03:00
Maxime Ginters
1678d99a03 Add --disable-catch-all option to disable catch-all server 2018-12-21 13:22:26 -05:00
k8s-ci-robot
710ea8c76f
Merge pull request #3333 from Shopify/dont-trust-by-default 
breaking change: by default do not trust any client
 2018-11-27 05:12:48 -08:00
Manuel Alejandro de Brito Fontes
a51136b863 Refactor assertions 2018-11-18 10:53:05 -03:00
Elvin Efendi
5f3b48e16d breaking change: do not trust x-forwarded-* headers by default 2018-11-13 10:35:59 +04:00
Zenara Daley
8b32c4c326 Restructure load balance e2e tests and update round robin test 2018-11-12 10:19:52 -05:00
Zenara Daley
95db733c12 add e2e test for round robin load balancing 2018-11-09 13:20:33 -05:00