* Owners: Sort `ingress-nginx-maintainers` & `ingress-nginx-reviewers`.
* Owners: Update URL in aliases.
* Images: Remove owners as it's identical to global owners.
* Images: Remove global owners from `kube-webhook-certgen` owners.
* Owners: Remove members from aliases covered by other aliases.
ingress-nginx-helm-maintainers:
- cpanato: Covered by ingress-nginx-maintainers
- strongjz: Covered by ingress-nginx-maintainers
ingress-nginx-helm-reviewers:
- cpanato: Covered by ingress-nginx-reviewers
- strongjz: Covered by ingress-nginx-reviewers
ingress-nginx-docs-maintainers:
- tao12345666333: Covered by ingress-nginx-maintainers
* Owners: Promote myself to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`.
* feat: add grpc buffer size in the nginx template
* feat: add grpc buffer size in the configmap struct
* feat: add test for GRCP buffer size configuration in the configmap
* chore: add documentation for the grcp buffer size configuration
* fix: fix the copyright year of the test
* fix: fix import order
* fix: fix ignore for the linter - reason was missing
* chore: seems like we don't need to ignore the error handling
* feature(geoip2_autoreload): GeoIP Autoreload
feature(geoip2_autoreload): fix lint
feature(geoip2_autoreload): changing flag interval
feature(geoip2_autoreload): tests - up and running
feature(geoip2_autoreload): tests - up and running
feature(geoip2): testing
feature(geoip2): remove typo
feature(geoip2_autoreload): fixing tests
* feature(geoip2_autoreload): working
* feature(geoip2_autoreload): including tests on geoip2 test file
* [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled
* revert mTLS location excluding acme-challenge since each location will match ultimately resulting in 404 for all request paths
Current implementation of OCSP stapling makes use of the DNS caching machinery[^1],
which results in resty.http not seeing the actual host name of the OCSP responder.
On HTTP level, this is already mitigated via overriding the Host header, but
if a given responder operates on a HTTPS endpoint (a setup which, admittedly, isn't
very popular due to its chicken-and-egg caveats involved but is nonetheless legal[^2])
the connection will fail to be established. A relevant (and a bit redacted) excerpt from logs:
2023/07/02 18:13:23 [info] 112#112: *29039 [lua] dns.lua:32: cache_set(): cache set for 'my.ocsp.responder' with value of [10.1.2.3, 10.4.5.6, 10.7.8.9] and ttl of 30., context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442
2023/07/02 18:13:23 [error] 112#112: *29039 lua ssl certificate does not match host "10.1.2.3", context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442
2023/07/02 18:13:23 [error] 112#112: *29039 [lua] certificate.lua:143: fetch_and_cache_ocsp_response(): could not get OCSP response: certificate host mismatch, context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442
[^1]: https://github.com/kubernetes/ingress-nginx/blob/ebb6314/rootfs/etc/nginx/lua/certificate.lua#L81
[^2]: https://datatracker.ietf.org/doc/html/rfc2560#appendix-A.1.1
* Add OTEL build test
* Simplify otel compilation
* Remove http2 deprecated arg
* Move image build to CI
* Turn image from scratch to optimize usage
* rollback image from scratch
* Final reviews on nginx v1.25 image
* Remove s390x from final image
* added proxy-intercept-errors config option
* fixed error when comparing locations
* fixed missing location config from annotation
added e2e test
* reversed logic for proxy-intercept-errors to disable-proxy-intercept-errors
* reversed logic to disable-proxy-intercept-errors
* reversed logic
* default has to be false
* put comment in same line as return
* run gofmt
* fixing wrong Boilerplate header
* updated code to new IngressAnnotation interface
* fixes to satisfy PR comments
* synced with upstream; fixed typo
* gofumpt disableproxyintercepterrors.go
* gofumpt
* Add a flag to enable or disable aio_write
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix e2e test for aio_write
Signed-off-by: z1cheng <imchench@gmail.com>
* Remove redundant spaces to fix the 2e test
Signed-off-by: z1cheng <imchench@gmail.com>
---------
Signed-off-by: z1cheng <imchench@gmail.com>
* Add validation to all annotations
* Add annotation validation for fcgi
* Fix reviews and fcgi e2e
* Add flag to disable cross namespace validation
* Add risk, flag for validation, tests
* Add missing formating
* Enable validation by default on tests
* Test validation flag
* remove ajp from list
* Finalize validation changes
* Add validations to CI
* Update helm docs
* Fix code review
* Use a better name for annotation risk
* Golang 1.20.6 for test runner
* alpine 3.18.2 as well
Signed-off-by: James Strong <strong.james.e@gmail.com>
---------
Signed-off-by: James Strong <strong.james.e@gmail.com>
update alpine and golang
remove nano
update go modules
remove need for openssl external cli
fix stale
Signed-off-by: James Strong <james.strong@chainguard.dev>
