DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4544 commits 4 branches 217 tags 166 MiB
Commit graph

443 commits

Author SHA1 Message Date
Gabor Lekeny
65b9e2c574 Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl 2019-08-16 06:21:53 +02:00
Kubernetes Prow Robot
b5fecd0dc8
Merge pull request #4450 from Shopify/proxy-max-temp-file-size 
Add nginx proxy_max_temp_file_size configuration option
 2019-08-15 12:40:33 -07:00
Maxime Ginters
d8bd8c5619 Add nginx proxy_max_temp_file_size configuration option 2019-08-15 13:47:42 -04:00
Elvin Efendi
30b64df10a ewma improvements 2019-08-15 13:13:43 -04:00
Kubernetes Prow Robot
0b375989f3
Merge pull request #4412 from Shopify/ssl-early-data 
Add nginx ssl_early_data option support
 2019-08-15 10:08:35 -07:00
Elvin Efendi
6a293c7e11 set /configuration client body size dynamically 2019-08-14 22:10:56 -04:00
Kubernetes Prow Robot
dd0fe4b458
Merge pull request #4422 from ElvinEfendi/lua-resolv-conf-search 
teach lua about search and ndots settings in resolv.conf
 2019-08-14 17:36:33 -07:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Elvin Efendi
7b4655bb39 teach lua about search and ndots settings in resolv.conf 2019-08-14 18:03:30 -04:00
Kubernetes Prow Robot
adef152db8
Merge pull request #4379 from diazjf/mirror 
Allow Requests to be Mirrored to different backends
 2019-08-13 17:52:24 -07:00
Elvin Efendi
d46b4148fa Lua /etc/resolv.conf parser and some refactoring 2019-08-13 18:34:54 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes
2ed75b3362
Move listen logic to go 2019-08-13 14:52:25 -04:00
Mathieu Naouache
4d97240d88
Add timezone value into $geoip2_time_zone variable 2019-08-11 14:26:48 +02:00
Pierrick Charron
f459515d0d Add quote function in template 
Co-authored-by: Charle Demers <charle.demers@gmail.com>
 2019-08-09 15:47:29 -04:00
Kubernetes Prow Robot
8c472190d1
Merge pull request #4086 from jeroen92/issue-4038 
Resolve #4038, move X-Forwarded-Port variable to the location context
 2019-08-09 08:07:25 -07:00
Manuel Alejandro de Brito Fontes
4a9b02bc03
Remove dynamic TLS records 2019-08-08 15:52:56 -04:00
tals
a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Maxime Ginters
7219130da4 Add nginx ssl_early_data option support 2019-08-07 16:04:09 -04:00
Jeroen Schutrup
8dd912114e
Move X-Forwarded-Port variable to the location context 
Resolves issue #4038 where the X-Forwarded-Port header would be set to the value of the https listening port if all of the following settings were satisfied:
- The ingress controller was started with a non-default HTTPS port set with the `--https-port` argument
- An ingress is created having:
  - the `nginx.ingress.kubernetes.io/auth-url` annotation set
  - TLS enabled

This commit solves this issue by moving the setting of the `pass_server_port` variable from the server, one level down to the location context.
 2019-08-06 17:00:58 +02:00
Fernando Diaz
386486e969 Allow Requests to be Mirrored to different backends 
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.

See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
 2019-08-01 11:53:58 -05:00
Kubernetes Prow Robot
c8a3710fb8
Merge pull request #4344 from Nuglif/fastcgi-backend-support 
Add FastCGI backend support (#2982)
 2019-07-31 11:20:14 -07:00
Charle Demers
72271e9313
FastCGI backend support (#2982) 
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
 2019-07-31 10:39:21 -04:00
Elvin Efendi
8f5fa78e1a regression test 2019-07-26 10:18:31 -04:00
Elvin Efendi
6f7b66fc7d memoize balancer for a request 2019-07-26 09:35:58 -04:00
Gabor Lekeny
def13fc06c Add proxy_ssl_* directives 
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.

The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
 2019-07-18 03:21:52 +02:00
Kubernetes Prow Robot
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache 
feat: auth-req caching
 2019-07-17 12:06:12 -07:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Elvin Efendi
b424ad2681 avoid warning during lua unit test 2019-07-11 18:24:13 -04:00
Kubernetes Prow Robot
fe6c086580
Merge pull request #4288 from eshicks4/proxy-http-version-annotation 
added proxy-http-version annotation to override the HTTP/1.1 default …
 2019-07-11 11:43:07 -07:00
Manuel Alejandro de Brito Fontes
1e07cc6933
Disable access log in stream section for configuration socket 2019-07-10 13:42:13 -04:00
E. Stuart Hicks
3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Elvin Efendi
97d3a0ddab fix lua lints 2019-07-08 13:51:24 -04:00
Kubernetes Prow Robot
7c297e001a
Merge pull request #4246 from ElvinEfendi/proxy-alternative-upstream-name 
introduce proxy_alternative_upstream_name Nginx var
 2019-07-04 19:20:35 -07:00
Elvin Efendi
8b208cac93 introduce proxy_alternative_upstream_name Nginx var to differentiate canary requests 2019-07-04 19:43:20 -04:00
Kubernetes Prow Robot
930e37a0b5
Merge pull request #4273 from aledbf/ssh-chain-dynamic 
Check and complete intermediate SSL certificates
 2019-07-04 16:32:36 -07:00
Manuel Alejandro de Brito Fontes
8807db9748
Check and complete intermediate SSL certificates 2019-07-04 19:13:21 -04:00
Elvin Efendi
0e5913310d dynamic cert mode should understand domain with trailing dot 2019-07-04 17:30:41 -04:00
Elvin Efendi
27df697dde introduce ngx.var.balancer_ewma_score 2019-07-03 16:50:22 -04:00
Kubernetes Prow Robot
c01effb076
Merge pull request #4232 from ElvinEfendi/fix-dynamic-cert-bug 
override least recently used entries when certificate_data dict is full
 2019-07-01 08:03:22 -07:00
Elvin Efendi
b66f9e329d override least recently used entries when certificate_data dictionary is full 2019-07-01 10:18:40 -04:00
Manuel Alejandro de Brito Fontes
591887089f
Add e2e test suite to detect memory leaks in lua 2019-06-27 22:05:52 -04:00
Manuel Alejandro de Brito Fontes
ddffa2a173
Enable arm again 2019-06-26 23:00:58 -04:00
Elvin Efendi
2b46c3a056 fix monitor test after move to openresty 2019-06-24 14:21:19 -04:00
Kubernetes Prow Robot
5dfc7e211f
Merge pull request #4221 from aledbf/upgrade-nginx-image 
Switch to openresty image
 2019-06-24 09:45:57 -07:00
Manuel Alejandro de Brito Fontes
991f95f6bf
Migrate to openresty 2019-06-23 22:29:11 -04:00
Manuel Alejandro de Brito Fontes
d7b213d979
Do not set Host header when backend protocol is grpc 2019-06-18 23:44:10 -04:00
Kubernetes Prow Robot
57a0542fa3
Merge pull request #4187 from s-shirayama/add_unit_test_case_for_balancer_lua_module 
Add unit test cases for balancer lua module
 2019-06-13 09:02:20 -07:00
Sebastiaan Tammer
c11583dc5f Only load modsecurity_module when ModSec is active 2019-06-11 16:39:52 +02:00
s-shirayama
6f0d6b38b8 Add unit test case for canary by header 2019-06-11 22:34:33 +09:00
s-shirayama
0ff679baa7 Add unit test case for canary by cookie 2019-06-11 22:34:30 +09:00
s-shirayama
e9f4c0bb0e Add unit test case for canary by weight 2019-06-11 22:34:24 +09:00
s-shirayama
7a15f52cf1 Add unit test case for balancer.route_to_alternative_balancer() 2019-06-11 22:34:05 +09:00
Elvin Efendi
e2c6202324 bugfix: check all previously failing upstreams, not just the last one 2019-06-07 10:00:31 -04:00
Elvin Efendi
b9b1ffb1d5 simplify sticky balancer 2019-06-06 16:32:33 -04:00
Elvin Efendi
83f2acbe38 Session Affinity ChangeOnFailure should be boolean 2019-06-06 11:22:05 -04:00
Kubernetes Prow Robot
286ff13af2
Merge pull request #4048 from fedunineyu/change-upstream-on-error-with-sticky-session 
Change upstream on error when sticky session balancer is used
 2019-06-06 07:22:17 -07:00
Eugene Fedunin
254629cf16 Added support for annotation session-cookie-change-on-failure 
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.

Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
 2019-05-27 13:00:07 +03:00
Manuel Alejandro de Brito Fontes
c4597522bf
Refactor whitelist from map to standard allow directives 2019-05-27 04:55:38 -04:00
Elvin Efendi
0e9e40a60b use nkeys for counting lua table elements 2019-05-26 18:15:15 -04:00
Elvin Efendi
dc7fa885a2 log info when endpoints change for a balancer 2019-05-25 23:50:18 -04:00
weltschraet
abca32ba8e reduce memory footprint and cpu usage when modsecurity and owasp rules are enabled globally 2019-05-18 19:08:30 +02:00
MRoci
8b7f069b56
load modsecurity.conf on ModSecurity.Enable 2019-05-13 17:39:06 +02:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Kubernetes Prow Robot
34734edc6e
Merge pull request #4005 from Shopify/proxy-next-upstream-timeout 
Support proxy_next_upstream_timeout
 2019-04-15 09:10:09 -07:00
Alex Kursell
ffeb1fe348 Support proxy_next_upstream_timeout 2019-04-15 11:08:57 -04:00
Kubernetes Prow Robot
6b6610dabe
Merge pull request #4000 from ElvinEfendi/dynamic-ssl-improvements 
Dynamic ssl improvements
 2019-04-13 14:38:00 -07:00
Elvin Efendi
2f3cf1a6c0 do not create empty access_by_lua_block 2019-04-13 16:11:46 -04:00
Elvin Efendi
93f00b2143 fix luacheck warning 2019-04-13 15:26:48 -04:00
Elvin Efendi
45add6cb7d better certificate lua unit tests 2019-04-13 14:01:44 -04:00
Elvin Efendi
42c207c548 handle default certificate correctly in Lua 2019-04-13 12:32:06 -04:00
Elvin Efendi
f067712824 better logging in certificate.lua 2019-04-13 12:32:06 -04:00
Elvin Efendi
8f81538b0d lua plugin system 2019-04-04 09:25:22 -04:00
Elvin Efendi
87e962682f properly parse x-forwarded-host 2019-03-31 15:10:45 -04:00
Elvin Efendi
496ff07bf1 replace some of the Nginx configuration to Lua code 2019-03-31 12:04:52 -04:00
Gregor Noczinski
1bef3e75b2 Set X-Request-ID for the default-backend, too. 2019-03-22 11:33:11 +01:00
Manuel Alejandro de Brito Fontes
6c1a7f1efd
Add support for IPV6 resolvers 2019-03-21 11:23:47 -03:00
Alejandro Pedraza
a3c87cf9cb Properly set ing.Service when there are multiple rules with different hosts using the same path 
Fixes #3611

Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
 2019-03-07 06:06:24 -05:00
Alex Kursell
d3ac73be79 Remove session-cookie-hash annotation 2019-03-04 10:34:48 -05:00
Mikhail Marchenko
8b3702c829 Enable access log for default backend 
disable log on default_server
 2019-02-26 11:14:31 +03:00
Alex Kursell
c96eae3015 Add /dbg certs command 2019-02-25 11:38:07 -05:00
jasongwartz
3865e30a00 Changes CustomHTTPErrors annotation to use custom default backend 
Updates e2e test

Removes focus from e2e test

Fixes renamed function

Adds tests for new template funcs

Addresses gofmt

Updates e2e test, fixes custom-default-backend test by creating service

Updates docs
 2019-02-24 22:48:56 +01:00
Kubernetes Prow Robot
7b2495047f
Merge pull request #3781 from zoumo/proxy-buffer-number 
feat: configurable proxy buffers number
 2019-02-22 12:11:46 -08:00
Jim Zhang
dc63e5d185 fix: rename proxy-buffer-number to proxy-buffers-number 2019-02-22 10:21:17 +08:00
Manuel Alejandro de Brito Fontes
8b6e4d4697
Use UsePortInRedirects only if enabled 2019-02-21 17:48:45 -03:00
Jim Zhang
c92d29d462 feat: configurable proxy buffer number 2019-02-20 18:05:09 +08:00
Kubernetes Prow Robot
15d5ef95ef
Merge pull request #3740 from Shopify/session-annotation-reload 
Fix ingress updating for session-cookie-* annotation changes
 2019-02-19 15:14:21 -08:00
Alex Kursell
c180a0998b Fix session-cookie-* annotation reloading 2019-02-19 17:27:08 -05:00
Anthony Ho
ec04852526 Create custom annotation for satisfy "value" 2019-02-19 15:58:35 -05:00
Kubernetes Prow Robot
201718ec0f
Merge pull request #3775 from kppullin/fix-l4-dns-resolve-failures 
Fix DNS lookup failures in L4 services
 2019-02-19 11:11:48 -08:00
Kevin Pullin
f6aded2c51 Fix DNS failures in L4 services 2019-02-17 14:12:10 -08:00
Elvin Efendi
adc128711b delete confusing CustomErrors attribute to make things more explicit 2019-02-13 22:41:02 -05:00
Kubernetes Prow Robot
d9845c79c5
Merge pull request #3671 from moonming/randomseed-bugfix 
bugfix: fixed duplicated seeds.
 2019-02-10 11:33:42 -08:00
Kubernetes Prow Robot
17e788b8e1
Merge pull request #3684 from aledbf/health 
Replace Status port using a socket
 2019-02-06 13:49:08 -08:00
Manuel Alejandro de Brito Fontes
34b0580225
Replace Status port using a socket 2019-02-06 18:00:10 -03:00
Tim Reddehase
018a1e4d94 respond with 503 when there are no endpoints 
* related to:
  * https://github.com/kubernetes/ingress-nginx/issues/3070
  * https://github.com/kubernetes/ingress-nginx/issues/3335
* add a 503 test
  * test a service that starts out empty
    (a.k.a. ingress-nginx controller (re-)start)
  * test scaling up (should route traffic accordingly)
  * test scaling down to empty service
  * use custom deployments for scaling test.
* provide a fix by updating the lua table (cache) of the configured backends
  to unset the backend if there are no endpoints available.
 2019-02-03 11:43:47 +01:00
Kubernetes Prow Robot
d4d25f6fb4
Merge pull request #3619 from minherz/add-canary-header-by-value 
add header-value annotation
 2019-02-01 14:45:54 -08:00
minherz
57440c9464 fix issue with failing e2e tests 2019-02-01 22:11:09 +02:00
Kubernetes Prow Robot
eddbcc7f3a
Merge pull request #3673 from moonming/table-new 
used table functions of LuaJIT for better performance.
 2019-02-01 08:40:34 -08:00
minherz
de2a1ece6d add header-value annotation 
add new annotation (header-value)
parse it and propogate to lua script
alter balancer rule to include it into the canary routing logic
add e2e test to validate fallback for canary-by-header-value
add description of canary-by-header-value to documentation
 2019-01-30 23:23:44 +02:00