DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7451 commits 4 branches 217 tags 166 MiB
Commit graph

165 commits

Author SHA1 Message Date
Elvin Efendi
e392c8a8af cleanup unused certificates 2019-09-24 14:16:03 -04:00
Mike Kabischev
d5563a7e47 allow to configure jaeger header names 2019-09-17 12:35:53 +03:00
Manuel Alejandro de Brito Fontes
ce3e3d51c3
WIP Remove nginx unix sockets (#4531) 
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
 2019-09-08 18:14:54 -03:00
Manuel Alejandro de Brito Fontes
c2935ca35c
Refactor health checks and wait until NGINX process ends 2019-09-01 15:31:27 -04:00
Manuel Alejandro de Brito Fontes
72cb7f5e14
Move nginx helper (#4501) 2019-08-30 20:18:11 -04:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Kubernetes Prow Robot
82b241c517
Merge pull request #4476 from antoineco/bug/nil-err-channel 
Initialize nginx process error channel
 2019-08-22 09:46:33 -07:00
Antoine Cotten
d1feb65ff9
Initialize nginx process error channel 
goroutines that write to ngxErrCh remain asleep forever without that
necessary initialization.
 2019-08-22 16:25:47 +02:00
Elvin Efendi
05c889335d post data to Lua only if it changes 2019-08-15 17:21:34 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes
171da635ef
Remove invalid log "Failed to executing diff command: exit status 1" 2019-08-08 12:53:23 -04:00
Manuel Alejandro de Brito Fontes
3d7a09347d
Apply fixes suggested by staticcheck 2019-07-08 16:18:52 -04:00
Manuel Alejandro de Brito Fontes
8807db9748
Check and complete intermediate SSL certificates 2019-07-04 19:13:21 -04:00
Manuel Alejandro de Brito Fontes
ccd88f625c
Refactor metric prometheus leader helper 2019-06-29 17:44:53 -04:00
Manuel Alejandro de Brito Fontes
8ca5c1cba9
Do not send empty certificates to nginx 2019-06-25 08:15:28 -04:00
Elvin Efendi
c4ced9d694 fix source file mods 2019-06-06 10:47:08 -04:00
Kubernetes Prow Robot
3e3e29b78f
Merge pull request #4102 from aledbf/listingresses 
Refactor ListIngresses to add filters
 2019-05-22 06:48:14 -07:00
Manuel Alejandro de Brito Fontes
bae49a4657
Refactor ListIngresses to add filters 2019-05-22 05:37:44 -04:00
reynaldi.wijaya
31ffad8fa1 UPT: Add variable to define custom sampler host and port, add commituser 2019-05-21 12:34:38 +08:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Thibault Jamet
1cd17cd12c
Implement a validation webhook 
In case some ingress have a syntax error in the snippet configuration,
the freshly generated configuration will not be reloaded to prevent tearing down existing rules.
Although, once inserted, this configuration is preventing from any other valid configuration to be inserted as it remains in the ingresses of the cluster.
To solve this problem, implement an optional validation webhook that simulates the addition of the ingress to be added together with the rest of ingresses.
In case the generated configuration is not validated by nginx, deny the insertion of the ingress.

In case certificates are mounted using kubernetes secrets, when those
changes, keys are automatically updated in the container volume, and the
controller reloads it using the filewatcher.

Related changes:

- Update vendors
- Extract useful functions to check configuration with an additional ingress
- Update documentation for validating webhook
- Add validating webhook examples
- Add a metric for each syntax check success and errors
- Add more certificate generation examples
 2019-04-18 19:07:04 +02:00
Alex Kursell
f6beef960d Fix segfault on reference to nonexistent configmap 2019-04-02 16:39:42 -04:00
Manuel Alejandro de Brito Fontes
3ec1028d0b
Fix dynamic SSL certificate for aliases and redirect-from-to-www 2019-03-28 16:29:11 -03:00
Manuel Alejandro de Brito Fontes
f4e4335d8c
Only the leader updates metrics for SSL certificate expiration 2019-03-12 12:08:24 -03:00
Manuel Alejandro de Brito Fontes
20a89480f0
Use full election leader ID 2019-03-11 13:11:27 -03:00
Manuel Alejandro de Brito Fontes
7c717cabcf
Add promehteus metric about leader election status 2019-03-11 13:11:27 -03:00
Manuel Alejandro de Brito Fontes
0a39425e8f
Refactor status update 2019-03-11 13:11:26 -03:00
Manuel Alejandro de Brito Fontes
d898169484 Fix ssl-dh-param issue when secret does not exit 2019-03-05 16:31:33 -03:00
Taoge
24993f359f
- remove annoations in nginxcontroller struct 2019-02-21 19:14:11 +08:00
Kubernetes Prow Robot
784d57ea69
Merge pull request #3695 from yowenter/patch-1 
> Don't reload nginx when L4 endpoints changed
 2019-02-19 11:27:11 -08:00
TaoGe
b03049c0af
> Don't reload nginx when L4 service pods changed 
Since we use lua upstream for L4 service balancer. We don't need reload nginx when L4 service pod changed.
 2019-02-19 14:31:45 +08:00
Alan J Castonguay
a29c27ed4c Datadog Opentracing support - part 2 
This commit is part 2 of 2, adding configuration of the
Datadog Opentracing module to the controller.

Fixes half of #3752
 2019-02-15 15:20:10 -05:00
Elvin Efendi
adc128711b delete confusing CustomErrors attribute to make things more explicit 2019-02-13 22:41:02 -05:00
Sebastiaan Tammer
fc5e99a151 Parse environment variables in OpenTracing configuration 2019-02-10 16:59:05 +01:00
Kubernetes Prow Robot
ef7d7cf7d1
Merge pull request #3667 from Shopify/fix-worker-connection-calculation 
worker_connections should be less (3/4th) than worker_rlimit_nofile
 2019-02-06 15:11:20 -08:00
Manuel Alejandro de Brito Fontes
34b0580225
Replace Status port using a socket 2019-02-06 18:00:10 -03:00
Elvin Efendi
638f965a8f worker_connections should be less than worker_rlimit_nofile 2019-02-02 22:30:36 -05:00
Elvin Efendi
bdf6e47004 rename sysctlFSFileMax to rlimitMaxNumFiles to reflect what it actually does 2019-01-15 15:34:17 -05:00
Manuel Alejandro de Brito Fontes
a3bcbeb3d2
Add support for redirect https to https when from-to-www-redirect is defined 2019-01-10 20:59:49 -03:00
Kubernetes Prow Robot
8f57f9578d
Merge pull request #3586 from Shopify/disable-catch-all 
Add --disable-catch-all option to disable catch-all server
 2019-01-07 07:16:26 -08:00
Manuel Alejandro de Brito Fontes
c830a73255
Remove temporal configuration file after a while 2019-01-04 16:11:38 -03:00
Kevin Pullin
f005d4c3ec L4 config - Only send Service.Spec instead of entire Service. 2019-01-02 09:32:57 -08:00
Kevin Pullin
f0173f0822 Pass k8s Service data through to the TCP balancer script. 
Fixes broken L4 ExternalName services.

Details
---------

The `tcp_udp_balancer.lua` script checks if the property
`backend.service.spec["type"]` equals "ExternalName".  If so,
the script does a DNS lookup on the name in order to configure
the backend configuration.

However, before this commit, the k8s `Service` data was
_not_ set on the `Backend` struct passed into the `tcp_udp_balancer.lua`
script and therefore the ExternalName check always returned false.

This commit fixes the issue by setting the `Service` field on
the `Backend` struct. This also requires adding a new field to the
`L4Backend` struct first, so that it's available to set on the `Backend`.
 2019-01-01 20:50:41 -08:00
ramnes
bf7b5ebd81 Add an option to automatically set worker_connections based on worker_rlimit_nofile 2018-12-27 18:36:19 +01:00
Maxime Ginters
1678d99a03 Add --disable-catch-all option to disable catch-all server 2018-12-21 13:22:26 -05:00
Kubernetes Prow Robot
ee3a8fe581
Merge pull request #3505 from Shopify/watch-pod-lua 
Update lua configuration_data when number of controller pod change
 2018-12-17 00:10:30 -08:00
Maxime Ginters
f90881b367 Update lua configuration_data when number of controller pod change 2018-12-14 13:34:54 -05:00
Guihua Zhu
d22146f3b0 handle_error_when_executing_diff 
Signed-off-by: Guihua Zhu <zhuguihua@cmss.chinamobile.com>
 2018-12-12 13:49:17 +08:00
Manuel Alejandro de Brito Fontes
2fa55eabf6 Replace glog with klog 2018-12-05 13:27:55 -03:00
Manuel Alejandro de Brito Fontes
06d33c16b5
Allow to disable NGINX metrics 2018-12-05 10:14:35 -03:00
Maxime Ginters
b6b221aebb Watch controller Pods list 2018-11-26 15:35:31 -05:00
Manuel Alejandro de Brito Fontes
af2dce901d
Fix tests 2018-11-18 08:17:18 -03:00
Manuel Alejandro de Brito Fontes
654eceda46
Add tcp e2e test 2018-11-16 21:07:52 -03:00
Manuel Alejandro de Brito Fontes
168f30d1ec Revert removal of support for TCP and UDP services 2018-11-16 13:48:47 -03:00
mikeweiwei
2850fb538a fix logging calls 2018-11-13 16:02:27 +08:00
k8s-ci-robot
17cad51e47
Merge pull request #3341 from Shopify/canary_upstream 
Add canary annotation and alternative backends for traffic shaping
 2018-11-06 12:22:16 -08:00
Conor Landry
412cd70d3a implement canary annotation and alternative backends 
Adds the ability to create alternative backends. Alternative backends enable
traffic shaping by sharing a single location but routing to different
backends depending on the TrafficShapingPolicy defined by AlternativeBackends.

When the list of upstreams and servers are retrieved, we then call
mergeAlternativeBackends which iterates through the paths of every ingress
and checks if the backend supporting the path is a AlternativeBackend. If
so, we then iterate through the map of servers and find the real backend
that the AlternativeBackend should fall under. Once found, the
AlternativeBackend is embedded in the list of VirtualBackends for the real
backend.

If no matching real backend for a AlternativeBackend is found, then the
AlternativeBackend is deleted as it cannot be backed by any server.
 2018-11-06 13:13:14 -05:00
Manuel Alejandro de Brito Fontes
71ebe1cba5 Code linting 2018-10-30 20:46:48 -03:00
Manuel Alejandro de Brito Fontes
fed013ab6f Fix status update in case of connection errors 2018-10-29 13:01:41 -03:00
Aarni Koskela
4a71111d4c Fix usages of %q formatting for numbers (%d) 
This caused logs like "Adjusting ServerNameHashBucketSize variable to '@'"
 2018-10-23 18:21:16 +03:00
Manuel Alejandro de Brito Fontes
4c46ee95c9
Update leader election methods 2018-10-10 21:46:45 -03:00
Manuel Alejandro de Brito Fontes
74c2f93de6
Only support dynamic configuration 2018-10-09 22:05:45 -03:00
Elvin Efendi
78f12c25c5 delete upstream healthcheck annotation 2018-10-09 09:14:13 -04:00
Manuel Alejandro de Brito Fontes
859b298d42 Remove annotations grpc-backend and secure-backend already deprecated 2018-10-08 12:26:06 -03:00
Manuel Alejandro de Brito Fontes
44bdc7eb59 Remove support for TCP and UDP services 2018-10-07 10:53:37 -03:00
Zenara Daley
a7c2633e4e remove payload from log (#3135) 2018-09-26 12:09:14 -03:00
Fernando Diaz
10de8cac56 Log Errors Missing in Internal 
Adds a few missing errors and fix formatting for others.

Fixes #3013
 2018-08-30 15:02:42 -05:00
Manuel de Brito Fontes
db947e344e
Fix formatting args 2018-08-25 12:18:28 -03:00
Henry Tran
cbf041fc3e Add Lua module to serve SSL Certificates dynamically 2018-08-23 22:15:54 -04:00
Henry Tran
7faf089082 Add dynamic certificate feature to controller 2018-08-16 20:19:33 -04:00
Manuel de Brito Fontes
b148f113ae
Use authbind to bind privileged ports 2018-08-05 11:18:50 -04:00
Elvin Efendi
d4faf68416 add support for ExternalName service type in dynamic mode 2018-07-25 09:05:47 -04:00
Manuel de Brito Fontes
1542a12764
Refactor controller metrics interface 2018-07-12 12:46:34 -04:00
Andrii Kostenko
bc53d1eb74
Sample rate configmap option for zipkin in nginx-opentracing 2018-06-28 18:13:31 +03:00
Antoine Cotten
130866b51c
Proofreading 2018-06-25 00:04:43 +02:00
Manuel Alejandro de Brito Fontes
df76d4b481
Update opentracing configuration (#2676) 2018-06-21 18:15:18 -04:00
Manuel Alejandro de Brito Fontes
aec40c171f
Improve configuration change detection (#2656) 
* Use information about the configuration configmap to determine changes

* Add hashstructure dependency

* Rename queue functions

* Add test for configmap checksum
 2018-06-21 10:50:57 -04:00
Manuel de Brito Fontes
f782929eb5
Remove dummy file watcher 2018-06-16 18:49:08 -04:00
Francisco Mejia
2cd2da7c3f Create UDP collector that listens to UDP messages from monitor.lua and exposes them on /metrics endpoint 2018-06-13 21:31:51 -04:00
Antoine Cotten
47bea35492
Clarify log messages in controller pkg 2018-06-13 21:27:43 +02:00
Manuel de Brito Fontes
7ded31d7a8
Create file permission constants 2018-06-12 11:06:14 -04:00
Jason Roberts
d637a9b978 Configurable Proxy Protocol header timeout for TLS passthrough 2018-06-03 20:10:41 -05:00
Niels Lensink
cfc7cbc824
Change TrimLeft for TrimPrefix on the from-to-www redirect 2018-05-07 13:29:04 +02:00
Manuel de Brito Fontes
c6728aa8fa
Clean JSON before post request to update configuration 2018-04-26 15:27:27 -03:00
Manuel de Brito Fontes
9bf553559c Apply gometalinter suggestions 2018-04-25 18:53:49 -03:00
oilbeater
1be1f658b4 disable lua for arch s390x and ppc64le 
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
 2018-04-12 08:30:56 +08:00
Elvin Efendi
ee46f486c7 e2e tests for dynamic configuration and Lua features and a bug fix (#2254) 
* e2e tests for dynamic configuration and Lua features

* do not rely on force reload to dynamically configure when reload is needed

* fix misspelling

* skip dynamic configuration in the first template rendering

* dont error on first sync
 2018-04-01 17:09:27 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
fqsghostcloud
4b9cb90f30 Correct typo (#2238) 
* correct spelling

* correct typo
 2018-03-22 08:14:06 -03:00
Elvin Efendi
2b5d4d7928 clean backends data before sending to Lua endpoint (#2233) 2018-03-21 23:47:39 -03:00
Elvin Efendi
c90a4e811e Live Nginx (re)configuration without reloading (#2174) 2018-03-18 10:13:41 -03:00
Oilbeater
f6b8506b17 change nginx process pgid (#2181) 
put restarted nginx process in another process group, just like the normal nginx start did in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/nginx.go#L289
 2018-03-08 06:58:54 -08:00
Elvin Efendi
38b35c292e use the correct error channel (#2164) 2018-03-03 09:23:06 -03:00
Qiu Jian
56036ddc57 Add publish-status-address flag (#2148) 
* Add publish-status-address flag

If this flag is set, status of ingress resources will be updated
with this address.

* Address aledbf's comment
 2018-02-27 00:02:19 -03:00
Guang Ya Liu
f26c881e3f Updated log level to v2 for sysctlFSFileMax. (#2137) 
This is very importatnt log for trouble-shooting, we should update
it to v2 by default.
 2018-02-23 13:11:54 -03:00
Manuel Alejandro de Brito Fontes
0990c5b6ad
Migrate to codecov.io (#2120) 
* Migrate to codecov.io

* Fix data race

* Update nginx to 1.13.9
 2018-02-20 08:27:02 -08:00
Karl Stoney
d1b6f32981 Enabled the dynamic reload of GeoIP data (#2107) 
* Moved geoip data into its own folder so it can be volume mounted

* Added FS watches for the geoip data

* Fixed single quotes issue (interpolation)

* Fixed gofmt errors

* Updated to directory crawl
 2018-02-17 12:24:50 -08:00
Manuel Alejandro de Brito Fontes
9bcb5b08ea
Use a ring channel to avoid blocking write of events (#2082) 
* Use a ring channel to avoid blocking write of events

* Add eapache/channels dependency
 2018-02-13 17:46:18 -08:00
Guang Ya Liu
e34afc0fa4 The maximum number of open file descriptors should be maxOpenFiles. (#2031) 2018-02-02 21:05:01 -08:00
Manuel Alejandro de Brito Fontes
444a56c001
Fix chain completion and default certificate flag issues (#1978) 2018-01-25 10:46:20 -03:00