DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7917 commits 4 branches 217 tags 166 MiB
Commit graph

238 commits

Author SHA1 Message Date
wenzong
724646bd73 Delete OCSP Response cache when certificate renewed 2020-09-18 14:30:18 +08:00
Frank Gadban
e9059eef01 fixed some typos 
Signed-off-by: Frank Gadban <frankgad@outlook.de>
 2020-07-21 22:02:23 +02:00
agile6v
3402d07ff0
doc: update docs and fixed typos (#5821) 2020-07-01 10:02:52 -04:00
Manuel Alejandro de Brito Fontes
bcc3cfaa65 Dynamic LB sync non-external backends only when necessary 2020-06-29 18:11:51 -04:00
Bo0km4n
7ab0916c92 Resolve conflicts 2020-06-20 17:13:31 +09:00
Bo0km4n
53a6b0fd3b Configurable metrics max batch size 2020-06-20 15:58:14 +09:00
agile6v
5b0f7d7d6e Improve performance. 2020-06-10 17:36:56 +08:00
Manuel Alejandro de Brito Fontes
1d4c7ec65c Fix lua lint error 2020-06-09 17:19:16 -04:00
Andreas Sommer
f27b404421 Serve correct TLS certificate for requests with uppercase host 2020-06-09 16:47:03 -04:00
agile6v
bafbd4cccf Enable lj-releng tool to lint lua code. 2020-06-09 18:01:35 +08:00
agile6v
c035a144f8 Support the combination of nginx variables and text value for annotation upstream-hash-by. 2020-06-01 06:37:41 +08:00
Elvin Efendi
3b217cf766 make sure first backend sync happens in timer phase 2020-04-30 19:44:24 -04:00
Manuel Alejandro de Brito Fontes
c8eb914d8a Remove noisy dns log 2020-04-28 18:34:51 -04:00
Elvin Efendi
b569d2357a staple only when OCSP response status is "good" 2020-04-19 13:53:47 -04:00
Elvin Efendi
1dab12fb81 Lua OCSP stapling 2020-04-16 21:29:16 -04:00
Elvin Efendi
b60e25f1db ingress-nginx lua plugins documentation 2020-04-14 09:47:58 -04:00
Manuel Alejandro de Brito Fontes
8527f774f7 Change condition order that produces endless loop 2020-04-03 10:53:40 -03:00
Kubernetes Prow Robot
5cf7018b6d
Merge pull request #5277 from ElvinEfendi/small-refactoring 
refactoring: use more specific var name
 2020-03-23 06:02:51 -07:00
Manuel Alejandro de Brito Fontes
6ea6d47044 Empty directory 2020-03-22 17:16:30 -03:00
Manuel Alejandro de Brito Fontes
1894579455 Remove unnecessary logs 2020-03-22 17:09:39 -03:00
Elvin Efendi
eb112ea06c refactoring: use more specific var name 2020-03-21 21:23:24 -04:00
Lisheng Zheng
f2e5d6f8a5 Migrate the backends handler logic to function 2020-02-27 09:31:04 +08:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
Elvin Efendi
ad78425852 also expose pem cert uid in certificate.call function 2020-02-19 13:41:50 -05:00
Elvin Efendi
4bb9106be2 refactor ssl handling in preperation of OCSP stapling 2020-02-19 13:14:35 -05:00
briankopp
b2beeeab25 Add case for when user agent is nil 
Add test for nil user agent
 2020-02-16 21:07:45 -06:00
Kubernetes Prow Robot
5e54f66ab2
Merge pull request #5040 from BrianKopp/samesite-followup 
Update documentation and remove hack fixed by upstream cookie library
 2020-02-10 10:25:53 -08:00
Ilya Nemakov
46a3e0a6fd Fix X-Forwarded-Proto based on proxy-protocol server port 2020-02-10 18:08:34 +03:00
BrianKopp
7c7a1b9c8b Update samesite tests 2020-02-08 12:58:52 -07:00
BrianKopp
34b194c770 Update documentation and remove hack fixed by upstream cookie library 2020-02-08 11:54:52 -07:00
Brian Kopp
1b523390bb Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-29 14:30:00 -07:00
Boris Djurdjevic
665f924e9e Add proxy protocol support for X-Forwarded-Port 
Fixes https://github.com/kubernetes/ingress-nginx/issues/4951
 2020-01-24 13:50:35 +01:00
Manuel Alejandro de Brito Fontes
a8c2c9c6bc
Remove todo from lua test (#4894) 2020-01-08 19:46:52 -03:00
Manuel Alejandro de Brito Fontes
5ce93d98c2 Fix lua test 2020-01-05 16:00:54 -03:00
Manuel Alejandro de Brito Fontes
6c92c80073 Fix sticky session for ingress without host 2020-01-02 16:52:49 -03:00
Elvin Efendi
54918c0ff2 fix duplicate hsts bug 2019-12-12 13:49:13 -05:00
Laszlo Janosi
31227d61c2 Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition 2019-10-18 10:58:57 +02:00
Thomas Jackson
7fc442c7f1 update test cases 2019-10-14 08:14:35 -07:00
Thomas Jackson
b698699fdd More helpful DNS failure message 
Previously if dns.lua failed to resolve a name you'd see the following in your logs:
```
2019/10/12 23:39:34 [error] 41#41: *6474 [lua] dns.lua:121: dns_lookup(): failed to query the DNS server:
server returned error code: 3: name error
server returned error code: 3: name error, context: ngx.timer
```

Unfortunately this doesn't tell you what name is failing (so you have to start guessing). To alleviate the pain this simply adds the host name we are attempting to resolve to the log line so users don't have to guess.
 2019-10-14 08:14:35 -07:00
Yuansheng
e4571fdeef optimize: local cache global variable and reduce string object creation. 
and some code style.
 2019-09-25 09:43:11 -04:00
Elvin Efendi
73e659f5fc improve certificate configuration detection per request 2019-09-24 21:17:22 -04:00
Elvin Efendi
c5a8357f1d handle hsts header injection in lua 2019-09-24 21:17:22 -04:00
Elvin Efendi
8c64b12a96 refactor force ssl redirect logic 2019-09-24 14:57:52 -04:00
Elvin Efendi
e392c8a8af cleanup unused certificates 2019-09-24 14:16:03 -04:00
Kubernetes Prow Robot
0f378154a0
Merge pull request #4591 from membphis/change/lua-code-style 
optimize: local cache global variable and avoid single lines over 80
 2019-09-24 07:55:29 -07:00
Yuansheng
1ce68c8723 optimize: local cache global variable and avoid single lines over 80 
characters.
 2019-09-24 10:08:45 -04:00
Kubernetes Prow Robot
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode 
Added new affinity mode for maximum session stickyness.
 2019-09-24 05:09:27 -07:00
Alexander Maret-Huskinson
c26ab315b8 Fixed LUA lint findings. 2019-09-24 10:56:11 +02:00
Alexander Maret-Huskinson
f1839ddb42 Fixed review findings. 2019-09-24 10:46:02 +02:00
Elvin Efendi
bbcf3dc625 regression test for the issue fixed in #4543 2019-09-10 10:00:21 -04:00
Thomas Jackson
28a42686a5 Correctly format ipv6 resolver config for lua 
It seems that when support was added for parsing resolv_conf directly a regression was introduced which effectively breaks anyone with ipv6 resolvers.

Regression of #3895
 2019-09-06 21:18:07 -07:00
Alexander Maret-Huskinson
880b3dc5f1 Fixed test findings. 2019-08-30 19:08:03 +02:00
Alexander Maret-Huskinson
881e352d68 Converted sticky session balancers into separate classes. 2019-08-30 18:07:24 +02:00
Alexander Maret-Huskinson
9170591185 Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 11:40:29 +02:00
Zovin Khanmohammed
76c2063be8
Code Review changes. Remove duplicate tests. 2019-08-26 14:00:59 -05:00
Zovin Khanmohammed
1f8ab60e40
Adds Wilcard check for hostname. Adds wildcard hostname tests. 2019-08-26 14:00:44 -05:00
Elvin Efendi
57db904c92 fix lua certificate handling tests 2019-08-26 13:05:05 -04:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Elvin Efendi
30b64df10a ewma improvements 2019-08-15 13:13:43 -04:00
Kubernetes Prow Robot
dd0fe4b458
Merge pull request #4422 from ElvinEfendi/lua-resolv-conf-search 
teach lua about search and ndots settings in resolv.conf
 2019-08-14 17:36:33 -07:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Elvin Efendi
7b4655bb39 teach lua about search and ndots settings in resolv.conf 2019-08-14 18:03:30 -04:00
Elvin Efendi
d46b4148fa Lua /etc/resolv.conf parser and some refactoring 2019-08-13 18:34:54 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Elvin Efendi
8f5fa78e1a regression test 2019-07-26 10:18:31 -04:00
Elvin Efendi
6f7b66fc7d memoize balancer for a request 2019-07-26 09:35:58 -04:00
Elvin Efendi
b424ad2681 avoid warning during lua unit test 2019-07-11 18:24:13 -04:00
Elvin Efendi
97d3a0ddab fix lua lints 2019-07-08 13:51:24 -04:00
Elvin Efendi
8b208cac93 introduce proxy_alternative_upstream_name Nginx var to differentiate canary requests 2019-07-04 19:43:20 -04:00
Elvin Efendi
0e5913310d dynamic cert mode should understand domain with trailing dot 2019-07-04 17:30:41 -04:00
Elvin Efendi
27df697dde introduce ngx.var.balancer_ewma_score 2019-07-03 16:50:22 -04:00
Elvin Efendi
b66f9e329d override least recently used entries when certificate_data dictionary is full 2019-07-01 10:18:40 -04:00
Elvin Efendi
2b46c3a056 fix monitor test after move to openresty 2019-06-24 14:21:19 -04:00
Kubernetes Prow Robot
57a0542fa3
Merge pull request #4187 from s-shirayama/add_unit_test_case_for_balancer_lua_module 
Add unit test cases for balancer lua module
 2019-06-13 09:02:20 -07:00
s-shirayama
6f0d6b38b8 Add unit test case for canary by header 2019-06-11 22:34:33 +09:00
s-shirayama
0ff679baa7 Add unit test case for canary by cookie 2019-06-11 22:34:30 +09:00
s-shirayama
e9f4c0bb0e Add unit test case for canary by weight 2019-06-11 22:34:24 +09:00
s-shirayama
7a15f52cf1 Add unit test case for balancer.route_to_alternative_balancer() 2019-06-11 22:34:05 +09:00
Elvin Efendi
e2c6202324 bugfix: check all previously failing upstreams, not just the last one 2019-06-07 10:00:31 -04:00
Elvin Efendi
b9b1ffb1d5 simplify sticky balancer 2019-06-06 16:32:33 -04:00
Elvin Efendi
83f2acbe38 Session Affinity ChangeOnFailure should be boolean 2019-06-06 11:22:05 -04:00
Eugene Fedunin
254629cf16 Added support for annotation session-cookie-change-on-failure 
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.

Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
 2019-05-27 13:00:07 +03:00
Elvin Efendi
0e9e40a60b use nkeys for counting lua table elements 2019-05-26 18:15:15 -04:00
Elvin Efendi
dc7fa885a2 log info when endpoints change for a balancer 2019-05-25 23:50:18 -04:00
Elvin Efendi
93f00b2143 fix luacheck warning 2019-04-13 15:26:48 -04:00
Elvin Efendi
45add6cb7d better certificate lua unit tests 2019-04-13 14:01:44 -04:00
Elvin Efendi
42c207c548 handle default certificate correctly in Lua 2019-04-13 12:32:06 -04:00
Elvin Efendi
f067712824 better logging in certificate.lua 2019-04-13 12:32:06 -04:00
Elvin Efendi
8f81538b0d lua plugin system 2019-04-04 09:25:22 -04:00
Elvin Efendi
87e962682f properly parse x-forwarded-host 2019-03-31 15:10:45 -04:00
Elvin Efendi
496ff07bf1 replace some of the Nginx configuration to Lua code 2019-03-31 12:04:52 -04:00
Manuel Alejandro de Brito Fontes
6c1a7f1efd
Add support for IPV6 resolvers 2019-03-21 11:23:47 -03:00
Alex Kursell
d3ac73be79 Remove session-cookie-hash annotation 2019-03-04 10:34:48 -05:00
Alex Kursell
c96eae3015 Add /dbg certs command 2019-02-25 11:38:07 -05:00
Kubernetes Prow Robot
15d5ef95ef
Merge pull request #3740 from Shopify/session-annotation-reload 
Fix ingress updating for session-cookie-* annotation changes
 2019-02-19 15:14:21 -08:00
Alex Kursell
c180a0998b Fix session-cookie-* annotation reloading 2019-02-19 17:27:08 -05:00
Kevin Pullin
f6aded2c51 Fix DNS failures in L4 services 2019-02-17 14:12:10 -08:00
Kubernetes Prow Robot
d9845c79c5
Merge pull request #3671 from moonming/randomseed-bugfix 
bugfix: fixed duplicated seeds.
 2019-02-10 11:33:42 -08:00
Tim Reddehase
018a1e4d94 respond with 503 when there are no endpoints 
* related to:
  * https://github.com/kubernetes/ingress-nginx/issues/3070
  * https://github.com/kubernetes/ingress-nginx/issues/3335
* add a 503 test
  * test a service that starts out empty
    (a.k.a. ingress-nginx controller (re-)start)
  * test scaling up (should route traffic accordingly)
  * test scaling down to empty service
  * use custom deployments for scaling test.
* provide a fix by updating the lua table (cache) of the configured backends
  to unset the backend if there are no endpoints available.
 2019-02-03 11:43:47 +01:00
Kubernetes Prow Robot
d4d25f6fb4
Merge pull request #3619 from minherz/add-canary-header-by-value 
add header-value annotation
 2019-02-01 14:45:54 -08:00