DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7812 commits 4 branches 217 tags 166 MiB
Commit graph

241 commits

Author SHA1 Message Date
Maksim Nabokikh
1e2ce80846
fix: deny locations with invalid auth-url annotation (#8256) 
* fix: deny locations with invalid auth-url annotation

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Delete duplicate test

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-03-01 02:13:51 -08:00
Aibek
5754eb60f4
Append elements on match, instead of removing for cors-annotations (#8185) 
* fixes https://github.com/kubernetes/ingress-nginx/issues/8168 by appending elements on match, instead of removing

* refactor the corsOriginRegex comparison, and initialize CorsAllowOrigin
 2022-02-13 10:39:47 -08:00
Ricardo Katz
38c73233f3
Remove deprecated libraries, update other libs, add ci v1.23 (#8118) 2022-01-09 16:29:12 -08:00
Tobias Salzmann
ce9deaa332
Add stream-snippet as a ConfigMap and Annotation option (#8029) 
* stream snippet

* gofmt -s
 2021-12-23 11:46:30 -08:00
Yecheng Fu
5cff197bc5
add canary-weight-total annotation (#6338) 2021-12-07 08:40:00 -08:00
Ricardo Katz
67e13bf692
Add option to sanitize annotation inputs (#7874) 
* Add option to sanitize annotation inputs

* Fix e2e tests after string sanitization

* Add proxy_pass and serviceaccount as denied values
 2021-11-12 11:40:30 -08:00
Christopher Larivière
65b8eeddec
Support cors-allow-origin with multiple origins (#7614) 
* Add Initial support for multiple cors origins in nginx

- bump cluster version for `make dev-env`
- add buildOriginRegex function in nginx.tmpl
- add e2e 4 e2e tests for cors.go
- refers to feature request #5496

* add tests + use search to identify '*' origin

* add tests + use search to identify '*' origin

Signed-off-by: Christopher Larivière <lariviere.c@gmail.com>

* fix "should enable cors test" looking at improper values

* Modify tests and add some logic for origin validation

- add origin validation in cors ingress annotations
- add extra tests to validate regex
- properly escape regex using "QuoteMeta"
- fix some copy/paste errors

* add TrimSpace and length validation before adding a new origin

* modify documentation for cors and remove dangling comment

* add support for optional port mapping on origin

* support single-level wildcard subdomains + tests

* Remove automatic `*` fonctionality from incorrect origins

- use []string instead of basic string to avoid reparsing in template.go
- fix typo in docs
- modify template to properly enable only if the whole block is enabled
- modify cors parsing
- test properly by validating that the value returned is the proper
  origin
- update unit tests and annotation tests

* Re-add `*` when no cors origins are supplied + fix tests

- fix e2e tests to allow for `*`
- re-add `*` to cors parsing if trimmed cors-allow-origin is empty
(supplied but empty) and if it wasn't supplied at all.

* remove unecessary logic for building cors origin + remove comments

- add some edge cases in e2e tests
- rework logic for building cors origin

there was no need for logic in template.go for buildCorsOriginRegex
if there is a `*` it ill be short-circuited by first if.

if it's a wildcard domain or any domain (without a wildcard), it MUST
match the main/cors.go regex format.

if there's a star in a wildcard domain, it must be replaced with
`[A-Za-z0-9]+`

* add missing check in e2e tests
 2021-11-02 12:31:42 -07:00
Matthew Silverman
7d5452d00b
configmap: option to not trust incoming tracing spans (#7045) 
* validate the sender of tracing spans

* add location-specific setting
 2021-10-24 14:36:21 -07:00
Renan Gonçalves
48601bcd0e
Allow the usage of Services as Upstream on a global level (#7469) 
It is possible to change this behavior on an ingress level, which works
well when you only have a few of them. When running several dozen
ingress and with a high change rate of running pods it makes it easier
to define this configuration on a global level.

This change is completely backwards compatible, only adding the
possibility of defining a new key in the configmap.
 2021-09-07 12:47:15 -07:00
Ray
cf9ae96d72
Additional AuthTLS assertions and doc change to demonstrate auth-tls-secret enables the other AuthTLS annotations (#7202) 
* Fix indentation of nested list in AuthTLS annotations

Also, put `<annotation>`: <description text>` on a single line in
Markdown markup, which will match what gets rendered eventually.

On the other hand, for the line on auth-tls-secret (This annotation
expects the Secret name in the form "namespace/secretName"), its
Markdown markup suggests that the author wanted the line to start on its
own line, but currently this gets rendered on the same line. It's nice
for this to be on its own line, since it's kind of a "note" about the
annotation syntax. Format/indent the markup appropriately so that it
shows up on its line.

* Fix indentation of nested list in CORS annotations

Also, put `<annotation>`: <description text>` on a single line in
Markdown markup, which will match what gets rendered eventually.

On the other hand, for lines noting the allowed characters (This is a
multi-valued field...), its Markdown markup suggests that the author
wanted the line to start on its own line, but currently this gets
rendered on the same line. It's nice for this to be on its own line,
since it's kind of a "note" about the annotation syntax. Format/indent
the markup appropriately so that it shows up on its line.

* Replace f.HTTPTestClientWithTLSConfig() in AuthTLS E2E, the odd one out for requests without client certs

* Demonstrate and document that auth-tls-secret enables the other AuthTLS annotations like verify client, depth

* Split E2E for auth-tls-error-page and *-pass-certificate-to-upstream
 2021-09-07 10:35:16 -07:00
Vincent LE GOFF
f2e743f561
feat: add session-cookie-secure annotation (#7399) 2021-09-01 15:23:40 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
Ricardo Katz
d226d831bd Update go version, modules and remove ioutil 2021-08-06 14:15:21 -03:00
wasker
f222c752be
Enable session affinity for canaries (#7371) 2021-07-29 14:23:19 -07:00
Dmitry Kuleshov
a327a809d9
auto backend protocol for HTTP/HTTPS (#6985) 
* add auto backend protocol for HTTP/HTTPS

* e2e test for AUTO_HTTP backend protocol

* unit  test for AUTO_HTTP backend protocol

Co-authored-by: Luca Del Monte <luca.delmonte5@gmail.com>
 2021-07-29 12:49:19 -07:00
Ricardo Katz
11d4ddca8e
Revert "feat: multiple-cors-allow-origin support (#7134)" (#7168) 
This reverts commit 8a55801cc0.
 2021-05-27 05:38:24 -07:00
Alex Zhang
8a55801cc0
feat: multiple-cors-allow-origin support (#7134) 2021-05-23 09:13:39 -07:00
Matt Miller
b3dfee6ada
Allow preservation of trailing slashes on TLS redirects via annotation. (#7144) 
* allow retaining a trailing slash in a TLS redirect via annotation.

Signed-off-by: mamiller <mamiller@rosettastone.com>

* requested changes

* gofmt
 2021-05-23 08:51:38 -07:00
cjyyb
49ae85099b Fix log printing error 2021-05-02 11:34:57 +08:00
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
Elvin Efendi
2cff9fa41d generalize cidr parsing and improve lua tests 2021-01-04 15:01:55 -05:00
Manuel Alejandro de Brito Fontes
d9af197e62
Remove dead code 2020-12-27 22:26:51 -03:00
Josh Soref
a8728f3d2c Spelling 2020-12-15 16:10:48 -05:00
Kubernetes Prow Robot
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param 
Allow customisation of redirect URL parameter in external auth redirects
 2020-11-23 01:27:37 -08:00
aimuz
e5fa90db9b fix: empty IngressClassName, Error handling 2020-11-09 11:36:00 +08:00
Manuel Alejandro de Brito Fontes
4d65097afa Improve log messages 2020-10-26 17:14:36 -03:00
Manuel Alejandro de Brito Fontes
703c2d6f8e Enable validation of ingress definitions from extensions package 2020-10-26 10:50:44 -03:00
Ian Buss
41cf628bdf Add a configurable URL redirect parameter for error URLs 2020-10-08 12:53:46 +01:00
Manuel Alejandro de Brito Fontes
108637bb1c Migrate to structured logging (klog) 2020-09-27 18:59:57 -03:00
Maxime LUCE
b7b85175f6 Add annotation to configure CORS Access-Control-Expose-Headers 2020-09-23 17:41:52 +02:00
Kubernetes Prow Robot
91c6d1a081
Merge pull request #6150 from timmysilv/master 
Reject ingresses that use the default annotation if a custom one was provided
 2020-09-10 07:11:45 -07:00
Matthew Silverman
9612180f6e reject annotations with default prefix in the case of an override 2020-09-10 09:16:44 -04:00
Gian Ortz
3820aa416b Add annotation to set value for burst multiplier on rate limit 2020-08-30 19:43:08 -03:00
Manuel Alejandro de Brito Fontes
cb86c5698c Migrate to klog v2 2020-08-08 21:01:03 -04:00
Laszlo Janosi
7d82903ce9
Fix panic in ingress class validation 
If an ingress had no class annotation, nor IngressClassName  at all, and an IngressClass resource was created for the ingress-nginx there was a panic when the controller tried to check the IngressClassName of the Ingress.
 2020-08-07 17:09:14 +00:00
Zhongcheng Lao
c0629e92c2
Add proxy-ssl-server-name to enable passing SNI 2020-07-03 14:14:32 +08:00
Yilong Ren
714637bec5 build/dev-env.sh: remove docker version check 
docker experimental feature is unnecessary, so just remove it
 2020-06-23 15:37:41 +08:00
Kubernetes Prow Robot
d061375afa
Merge pull request #5571 from agile6v/dev 
feat: support the combination of Nginx variables for annotation upstream-hash-by.
 2020-06-01 15:10:14 -07:00
agile6v
c035a144f8 Support the combination of nginx variables and text value for annotation upstream-hash-by. 2020-06-01 06:37:41 +08:00
Kubernetes Prow Robot
ee02d897d5
Merge pull request #5534 from agile6v/master 
Add annotation ssl-prefer-server-ciphers.
 2020-05-29 08:35:16 -07:00
agile6v
0e79ad8e4f Update unit & e2e tests. 2020-05-21 02:19:13 +08:00
agile6v
38f99cefb2 Update testcase for sslCipher. 2020-05-13 11:03:15 +08:00
agile6v
38a8556c4f Add comments for sslcipher.Config struct. 2020-05-13 10:40:56 +08:00
agile6v
41d82005ec Add annotation ssl-prefer-server-ciphers. 2020-05-11 16:31:08 +08:00
Kevin Frommelt
e775495a56
Remove duplicate Cookie.ChangeOnFailure assertion 2020-05-08 13:51:14 -05:00
Kevin Frommelt
3c5e3eda7b
Remove duplicate annotation parsing for annotationAffinityCookieChangeOnFailure 2020-05-08 09:14:10 -05:00
Manuel Alejandro de Brito Fontes
efbb3f9fc8 Add support for IngressClass and ingress.class annotation 2020-04-22 09:15:32 -04:00
Manuel Alejandro de Brito Fontes
04ef782c57 Migrate ingress.class annotation to new IngressClassName field 2020-03-31 12:20:01 -03:00
Bhavin Gandhi
380ef3a92c Fix the ability to disable ModSecurity at location level 
- Adds 'modsecurity off;' to the nginx config if the
  'enable-modsecurity' annotation is set to false.
- Update tests and e2e tests accordingly

Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
 2020-03-22 23:51:02 +05:30
Manuel Alejandro de Brito Fontes
07b70f68bd
Redirect for app-root should preserve current scheme (#5266) 2020-03-19 15:49:18 -03:00
schaefec
0ab2e72e95 Doesn't fail if proxy-ssl-name annotation is not specified 2020-02-25 13:32:14 +01:00
schaefec
141ea59b7f Allows overriding the server name used to verify the certificate of the proxied HTTPS server 2020-02-25 13:32:14 +01:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
Manuel Alejandro de Brito Fontes
281139d1a7
Only set mirror source when a target is configured (#5055) 2020-02-11 13:48:42 -03:00
Manuel Alejandro de Brito Fontes
77586dd83b
Validation of header in authreq should be done only in the key (#5053) 2020-02-11 10:30:14 -03:00
Manuel Alejandro de Brito Fontes
b3146354d4 Refactor mirror feature 2020-02-05 10:39:55 -03:00
Brian Kopp
1b523390bb Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-29 14:30:00 -07:00
Manuel Alejandro de Brito Fontes
5d05e19cc3
Fix enable opentracing per location (#4983) 2020-01-29 12:20:05 -03:00
Manuel Alejandro de Brito Fontes
1021051fb3 Avoid overlap of rate limit zones 2020-01-27 00:38:54 -03:00
Manuel Alejandro de Brito Fontes
340bb39384 Avoid overwrite of auth file 2020-01-27 00:38:54 -03:00
Manuel Alejandro de Brito Fontes
7ff49b25d6
Move opentracing configuration for location to go (#4965) 2020-01-25 21:39:20 -03:00
Manuel Alejandro de Brito Fontes
5f6c4cff3e
Add help task (#4891) 
* Add help task
* Fix vet errors
 2020-01-07 10:53:12 -03:00
Kubernetes Prow Robot
a85d5ed93a
Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00
Kubernetes Prow Robot
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
6927d9351a Improve safety of AWS-based builds 
Ensure that AWS and Docker credentials don't get
accidentally added
 2019-11-27 11:07:26 +10:00
Will Thames
0ae463a5f3 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Manuel Alejandro de Brito Fontes
61d902db14 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Laszlo Janosi
c76995b81b Fixing comments 2019-10-18 11:36:00 +02:00
Laszlo Janosi
31227d61c2 Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition 2019-10-18 10:58:57 +02:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Kubernetes Prow Robot
cb2889b87b
Merge pull request #4586 from aledbf/fix-reload 
Fix reload when a configmap changes
 2019-09-24 07:23:28 -07:00
Manuel Alejandro de Brito Fontes
a40a4b0325
Fix reload when a configmap changes 2019-09-24 10:55:59 -03:00
Kubernetes Prow Robot
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode 
Added new affinity mode for maximum session stickyness.
 2019-09-24 05:09:27 -07:00
A Gardner
376b862c23 Add annotation to support map of user/pass pairs in basic auth 2019-09-13 11:33:33 -04:00
Alexander Maret-Huskinson
880b3dc5f1 Fixed test findings. 2019-08-30 19:08:03 +02:00
Alexander Maret-Huskinson
9170591185 Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 11:40:29 +02:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Gabor Lekeny
4624b5bc77 Change PemSHA to CASHA 2019-08-16 06:31:15 +02:00
Gabor Lekeny
65b9e2c574 Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl 2019-08-16 06:21:53 +02:00
Manuel Alejandro de Brito Fontes
9543aacc76
Fix test description on error 2019-08-15 16:56:20 -04:00
Maxime Ginters
d8bd8c5619 Add nginx proxy_max_temp_file_size configuration option 2019-08-15 13:47:42 -04:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Kubernetes Prow Robot
adef152db8
Merge pull request #4379 from diazjf/mirror 
Allow Requests to be Mirrored to different backends
 2019-08-13 17:52:24 -07:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes
40533ad989
Code linting 2019-08-09 08:44:14 -04:00
Fernando Diaz
386486e969 Allow Requests to be Mirrored to different backends 
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.

See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
 2019-08-01 11:53:58 -05:00
Charle Demers
72271e9313
FastCGI backend support (#2982) 
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
 2019-07-31 10:39:21 -04:00
Gabor Lekeny
def13fc06c Add proxy_ssl_* directives 
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.

The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
 2019-07-18 03:21:52 +02:00
Kubernetes Prow Robot
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache 
feat: auth-req caching
 2019-07-17 12:06:12 -07:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Kubernetes Prow Robot
fe6c086580
Merge pull request #4288 from eshicks4/proxy-http-version-annotation 
added proxy-http-version annotation to override the HTTP/1.1 default …
 2019-07-11 11:43:07 -07:00
Manuel Alejandro de Brito Fontes
3d7a09347d
Apply fixes suggested by staticcheck 2019-07-08 16:18:52 -04:00
E. Stuart Hicks
3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Fernando Diaz
e616f6d4ad Get AuthTLS annotation unit tests to 100% 
Adds more unit tests for the authtls annotation. Increases the
coverage.
 2019-06-21 12:46:07 -05:00
Manuel Alejandro de Brito Fontes
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package 2019-06-13 11:32:39 -04:00
Elvin Efendi
83f2acbe38 Session Affinity ChangeOnFailure should be boolean 2019-06-06 11:22:05 -04:00
Elvin Efendi
c4ced9d694 fix source file mods 2019-06-06 10:47:08 -04:00
Eugene Fedunin
254629cf16 Added support for annotation session-cookie-change-on-failure 
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.

Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
 2019-05-27 13:00:07 +03:00
Kubernetes Prow Robot
fafa0a6e13
Merge pull request #4067 from aledbf/normalize 
Trim spaces from annotations that can contain multiple lines
 2019-05-09 07:18:51 -07:00