DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7720 commits 4 branches 217 tags 166 MiB
Commit graph

298 commits

Author SHA1 Message Date
Ricardo Katz
15567b07c0
Trim spaces from badword items (#7921) 2021-11-15 20:37:29 -03:00
zryfish
7203a0b8bd
support watch namespaces matched namespace selector (#7472) 
skip caching namespaces at cluster scope if only watching single namespace

add --watch-namespace-selector in user guide

add e2e test
 2021-11-12 11:46:28 -08:00
Ricardo Katz
67e13bf692
Add option to sanitize annotation inputs (#7874) 
* Add option to sanitize annotation inputs

* Fix e2e tests after string sanitization

* Add proxy_pass and serviceaccount as denied values
 2021-11-12 11:40:30 -08:00
FBLGit
a5bab6a715
feature: added AdmissionController metrics (#7711) 
* feature: added AdmissionController metrics

* fix: flag control on admissionCollector

* fix: admission collector disclaimer year and linting
 2021-11-02 10:54:34 -07:00
Alan
e8d9144759
fix overlap check when ingress is configured as canary (#7719) 2021-10-03 14:05:07 -07:00
Ricardo Katz
4fc57dcc49
Change enable-snippet to allow-snippet-annotation (#7670) 
Signed-off-by: Ricardo Pchevuzinske Katz <rkatz@vmware.com>
 2021-09-20 16:52:23 -07:00
Ricardo Katz
5e6ab651ec
Add option to force enabling snippet directives (#7665) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-09-19 12:40:08 -07:00
FBLGit
a714fb69db
This PR: (#7514) 
<!--- Provide a general summary of your changes in the Title above --->
<!--- Why is this change required? What problem does it solve? -->

Introduces the CLI command flag `--disable-full-test`

By default, it doesn't alter the current behavior of the tests performed by the admission controller.
With or Without the flag, a full checkOverlap is actioned, without any alteration
and the object `pcfg` is created with the whole set of ingreses.

If the flag is set to true, it does manipulate the size of `pcfg` up to the content of $this single ingress.

This is achieved by overriding pcfg content by just the last slice that got recently appended to the object `ings`
```
	if n.cfg.DisableFullValidationTest {
		_, _, pcfg = n.getConfiguration(ings[len(ings)-1:])
	}
```

The following steps of generateTemplate and testTemplate are significally reduced to a signle scenario
```
    content, err := n.generateTemplate(cfg, *pcfg)
    ...
    err = n.testTemplate(content)
```

This flag doesn't avoid the proper testing of collisions, neither bad syntaxis within the rendered
configuration of the ingress.

But it does eliminate a scenario, which I wasn't able to produce, where by for some reason even proper rendering
and valid values, without collisions of host/path may end into an invalid nginx.conf

The reasoning for this Feature is:
- Test duration increases by the number of ingresses in the cluster.
- File size grows to very important numbers 150-200Mb on clusters with just 2000~ ingresses.
- Tests in that scenario, takes approximately 20s using the last 0.48.1 improvements
- Produces a considerable memory consumption, as well as CPU, compute, that affects directly the containers
  that serve traffic.

Since the flag is trully optional, and by default is disabled I fell as a good thing to have that can definitively
help on large-scale scenarios that still want to have a reasonable set of tests in place at a lower cost.

<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [X ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)

<!--- Please describe in detail how you tested your changes. -->
<!--- Include details of your testing environment, and the tests you ran to -->
<!--- see how your change affects other areas of the code, etc. -->
Tested with the build kit the following scenarios on a cluster with 1000~ ingresses:
- With Flag Disabled or Flag, not present (current status as per 0.48.1)

collision scenario (wrong snippet content):
`kubectl apply -f ../collision-syntax.yaml  0.18s user 0.05s system 3% cpu 6.639 total`

collisions scenario (duplicated host):
`kubectl apply -f ../collision-host.yaml  0.17s user 0.05s system 3% cpu 6.245 total`

create/update:
`kubectl apply -f ing-215.yaml  0.16s user 0.05s system 3% cpu 5.845 total`

- With Flag Enabled (true):
collision scenario (wrong snippet content):
`kubectl apply -f ../collision.yaml  0.18s user 0.02s system 57% cpu 0.347 total`

collision scenario (duplicated host):
`kubectl apply -f ../collision.yaml  0.21s user 0.06s system 85% cpu 0.318 total`

create/update:
`kubectl apply -f ing-973.yaml  0.17s user 0.03s system 72% cpu 0.271 total`

As part of the test, I did verified that the created nginx for the test was of a smaller size, and that it didnt affect negatively the final nginx.conf (of a much larger side) where this was merged by the next steps in place after the validation. I couldn't observe any other change in the behaviour and so far the routine looks simple and non harmful.

<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [x] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide
- [ ] I have added tests to cover my changes.
- [ ] All new and existing tests passed.

For the test part, I would need to understand the placement and test case that this would require, I wasn't able to see an existing scenario for this
 2021-09-07 10:53:16 -07:00
Vincent LE GOFF
f2e743f561
feat: add session-cookie-secure annotation (#7399) 2021-09-01 15:23:40 -07:00
Maksim Nabokikh
4c4013904a
Add a flag to specify address to bind the healthz server (#7541) 
* Add a flag to specify address to bind the healthz server

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Add healthz host to the helm chart

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Apply suggestions from code review

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
 2021-08-26 05:13:23 -07:00
wenhuwang
6593cb244b
fix ingress-nginx panic when the certificate format is wrong. (#7443) 
* fix ingress-nginx panic when the certificate format is wrong.

Signed-off-by: wang_wenhu <976400757@qq.com>

* Add unit test.

Signed-off-by: wang_wenhu <976400757@qq.com>

* Update controller_test.go
 2021-08-23 18:58:14 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
Robin Elfrink
8ee98e9422 Make custom-default-backend upstream name more unique. 
Signed-off-by: Robin Elfrink <robin.elfrink@eu.equinix.com>
 2021-08-11 09:06:16 +02:00
Tom Hayward
c9d5b21a65 fix: discover mounted geoip db files (#7228) 
* fix: discover mounted geoip db files

* add test

* fix runtime reload of config.MaxmindEditionFiles

* add e2e test

* log missing geoip2 db
 2021-08-10 11:24:39 -07:00
wasker
f222c752be
Enable session affinity for canaries (#7371) 2021-07-29 14:23:19 -07:00
Ricardo Katz
f5c80783bf
[Cherry Pick] - Add configuration to disable external name service feature (#7314) (#7321) 
* Add configuration to disable external name service feature (#7314)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix CI files
 2021-07-05 21:50:18 -07:00
Ricardo Katz
39ace3176b
Fix nilpointer in admission and remove failing test (#7255) 
* Fix nilpointer in admission when it was unable to validate default backend ingress

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Remove temporarily the slow shutdown tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-06-21 12:32:51 -07:00
Aditya Sharma
475bcde64c
Skip validation checks if an ingress is marked as deleted (#7216) 
Signed-off-by: Aditya Sharma <git@adi.run>
 2021-06-08 09:27:34 -07:00
qianyong
b6dc384afb Bugfix: non-host canary ingress use default server name as host to merge 2021-05-14 10:25:12 +08:00
Mahnoor Mehboob
8f7fecab17 Deny catch-all ingress when DisableCatchAll is set 2021-04-24 11:49:45 -04:00
Björn Carlsson
54b13bd216 Add flag to allow setting a shutdown grace period 2021-01-27 14:09:04 +01:00
Manuel Alejandro de Brito Fontes
04e2603ecc
Update PemSHA field for default SSL certificate 2021-01-21 19:15:03 -03:00
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
Josh Soref
a8728f3d2c Spelling 2020-12-15 16:10:48 -05:00
qianyong
44aaa2e367 Fix sticky session not set for host in server-alias annotation (#6448) 2020-12-15 11:01:19 +08:00
Manuel Alejandro de Brito Fontes
77234fcde0 Fix nginx ingress variables for definitions with Backend 2020-12-05 14:40:22 -03:00
Manuel Alejandro de Brito Fontes
d781d99797 Fixes for gosec 2020-12-04 20:29:07 -03:00
Manuel Alejandro de Brito Fontes
1389cc0e80 Refactor extraction of ingress pod details 2020-11-19 17:31:28 -03:00
Manuel Alejandro de Brito Fontes
3f153add00 Refactor handling of path Prefix and Exact 2020-11-10 07:21:34 -03:00
Manuel Alejandro de Brito Fontes
a85e53f4cb Remove k8s.io/kubernetes dependency 2020-10-26 13:04:00 -03:00
Manuel Alejandro de Brito Fontes
108637bb1c Migrate to structured logging (klog) 2020-09-27 18:59:57 -03:00
Manuel Alejandro de Brito Fontes
a767b1d906 Cleanup 2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes
29ea30a4e8 Add events for NGINX reloads 2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes
7722fa38aa Add admission controller e2e test 2020-09-26 16:06:58 -03:00
Matthew Silverman
9612180f6e reject annotations with default prefix in the case of an override 2020-09-10 09:16:44 -04:00
Manuel Alejandro de Brito Fontes
cb86c5698c Migrate to klog v2 2020-08-08 21:01:03 -04:00
Manuel Alejandro de Brito Fontes
e4c4edd626 Custom default backend service must have ports 2020-07-07 08:49:13 -04:00
Bo0km4n
7ab0916c92 Resolve conflicts 2020-06-20 17:13:31 +09:00
Bo0km4n
53a6b0fd3b Configurable metrics max batch size 2020-06-20 15:58:14 +09:00
agile6v
41d82005ec Add annotation ssl-prefer-server-ciphers. 2020-05-11 16:31:08 +08:00
Manuel Alejandro de Brito Fontes
af910a16d4 Refactor ingress validation in webhook 2020-04-28 18:35:03 -04:00
Andreas Sommer
c775b439dc Case-insensitive TLS host matching 2020-04-28 11:07:43 +02:00
Manuel Alejandro de Brito Fontes
dbaefc8ee9 Ensure webhook validation ingress has a PathTypePrefix 2020-04-27 10:37:26 -04:00
Manuel Alejandro de Brito Fontes
a95d850384 Add support for PathTypeExact 2020-04-23 11:12:37 -04:00
Rodrigo Villablanca
ecc20461aa Removed wrong code 2020-04-20 12:30:18 -04:00
Manuel Alejandro de Brito Fontes
1216ed03f7 Fix condition in server-alias annotation 2020-04-01 08:37:14 -03:00
Maxim Pogozhiy
78576a9bbc Add Maxmind Editions support 2020-03-19 19:36:10 +07:00
Manuel Alejandro de Brito Fontes
ad460e16ce
Avoid secret without tls.crt and tls.key but a valid ca.crt (#5225) 2020-03-07 21:15:24 -03:00
Kubernetes Prow Robot
35264d6e8f
Merge pull request #5114 from whalecold/match 
Feat: add header-pattern annotation.
 2020-02-24 17:07:36 -08:00
Kubernetes Prow Robot
6cd223558f
Merge pull request #4981 from janosi/proxy-ssl-scope 
Applying proxy-ssl-* directives on locations only
 2020-02-24 15:53:36 -08:00
Manuel Alejandro de Brito Fontes
cd94ac7f84
Allow service type ExternalName with different port and targetPort (#5141) 2020-02-20 23:06:05 -03:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
Manuel Alejandro de Brito Fontes
54c30b91c9
Fix server aliases (#5003) 2020-02-02 19:08:55 -03:00
Brian Kopp
1b523390bb Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-29 14:30:00 -07:00
Laszlo Janosi
ced67e53a1 New logic: proxy-ssl parameters can be applied on locations only 
Add: new parameter in the ConfigMap to control whether the proxy-ssl parameters of an Ingress should be applied on server and location levels, or only on location level
Add: logic in the config handling to work according to the new ConfigMap parameter
Add: unit test case
 2020-01-29 10:00:55 +01:00
Kamil Domański
5c8522cdab apply default certificate again in cases of invalid or incomplete cert config 
Signed-off-by: Kamil Domański <kamil@domanski.co>
 2019-12-06 12:15:52 +01:00
Manuel Alejandro de Brito Fontes
19d596b72b
Allow custom CA certificate when flag --api-server is specified (#4807) 2019-12-05 19:12:54 -03:00
Kubernetes Prow Robot
a85d5ed93a
Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00
Kubernetes Prow Robot
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
0ae463a5f3 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Manuel Alejandro de Brito Fontes
61d902db14 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Kubernetes Prow Robot
62518b60b4
Merge pull request #4689 from janosi/upstream_ssl 
Server-only authentication of backends and per-location SSL config
 2019-11-18 19:49:43 -08:00
Kubernetes Prow Robot
a0dc3a9a51
Merge pull request #4695 from janosi/secure-verify-ca-secret 
Removing secure-verify-ca-secret support
 2019-11-08 07:12:21 -08:00
Laszlo Janosi
cc84bd4ab6 Server level proxy_ssl parameters are applied again, following the comments received. 
Also writing tls.crt and tls.key to disk is according to the original code.
 2019-10-26 20:20:18 +02:00
Laszlo Janosi
31227d61c2 Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition 2019-10-18 10:58:57 +02:00
Laszlo Janosi
37fe9c9876 Enabling per-location proxy-ssl parameters, so locations of the same server but with own unique Ingress definitions can have different SSL configs 2019-10-17 10:15:53 +02:00
Bryan Hanner
9957d30048 warn when ConfigMap is missing or unparsable instead of erroring 2019-10-11 17:15:38 -07:00
Manuel Alejandro de Brito Fontes
d5d2b4037c
Fix ports collision when hostNetwork=true (#4617) 2019-09-28 17:30:57 -03:00
Manuel Alejandro de Brito Fontes
a9f332704a
Fix custom default backend switch to default (#4611) 2019-09-27 10:21:28 -03:00
Kubernetes Prow Robot
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode 
Added new affinity mode for maximum session stickyness.
 2019-09-24 05:09:27 -07:00
Kubernetes Prow Robot
76e2a5d731
Merge pull request #4506 from ProNic-QY/master 
Fix panic on multiple ingress mess up upstream is primary or not
 2019-09-07 12:15:18 -07:00
Manuel Alejandro de Brito Fontes
c2935ca35c
Refactor health checks and wait until NGINX process ends 2019-09-01 15:31:27 -04:00
Alexander Maret-Huskinson
9170591185 Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 11:40:29 +02:00
qianyong
435377f47f Fix panic on multiple ingress mess up upstream is primary or not 2019-08-30 07:32:02 +08:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Gabor Lekeny
65b9e2c574 Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl 2019-08-16 06:21:53 +02:00
Kubernetes Prow Robot
4b0aabc0c3
Merge pull request #4451 from ElvinEfendi/avoid-redundant-lua-sync 
post data to Lua only if it changes
 2019-08-15 16:20:34 -07:00
Elvin Efendi
05c889335d post data to Lua only if it changes 2019-08-15 17:21:34 -04:00
Kubernetes Prow Robot
f4da014907
Merge pull request #4449 from aledbf/fix-en 
Fix service type external name using the name
 2019-08-15 13:08:35 -07:00
Maxime Ginters
d8bd8c5619 Add nginx proxy_max_temp_file_size configuration option 2019-08-15 13:47:42 -04:00
Manuel Alejandro de Brito Fontes
816f4b0824
Fix service type external name using the name 2019-08-15 12:09:42 -04:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Kubernetes Prow Robot
adef152db8
Merge pull request #4379 from diazjf/mirror 
Allow Requests to be Mirrored to different backends
 2019-08-13 17:52:24 -07:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Fernando Diaz
386486e969 Allow Requests to be Mirrored to different backends 
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.

See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
 2019-08-01 11:53:58 -05:00
Charle Demers
72271e9313
FastCGI backend support (#2982) 
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
 2019-07-31 10:39:21 -04:00
Gabor Lekeny
def13fc06c Add proxy_ssl_* directives 
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.

The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
 2019-07-18 03:21:52 +02:00
E. Stuart Hicks
3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Manuel Alejandro de Brito Fontes
8807db9748
Check and complete intermediate SSL certificates 2019-07-04 19:13:21 -04:00
Manuel Alejandro de Brito Fontes
ccd88f625c
Refactor metric prometheus leader helper 2019-06-29 17:44:53 -04:00
Manuel Alejandro de Brito Fontes
0ac850cba4
Service type=ExternalName can be defined with ports 2019-06-18 17:17:43 -04:00
Kubernetes Prow Robot
6f1261015b
Merge pull request #4127 from aledbf/migration 
Migrate to new networking.k8s.io/v1beta1 package
 2019-06-13 09:28:19 -07:00
Manuel Alejandro de Brito Fontes
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package 2019-06-13 11:32:39 -04:00
Colstuwjx
b28577a4bf Fix: fillout missing health check timeout on health check. 2019-06-13 21:15:50 +08:00
Elvin Efendi
c4ced9d694 fix source file mods 2019-06-06 10:47:08 -04:00
Kubernetes Prow Robot
286ff13af2
Merge pull request #4048 from fedunineyu/change-upstream-on-error-with-sticky-session 
Change upstream on error when sticky session balancer is used
 2019-06-06 07:22:17 -07:00
Manuel Alejandro de Brito Fontes
29489097c9
SSL expiration metrics cannot be tied to dynamic updates 2019-06-05 11:04:27 -04:00
Eugene Fedunin
254629cf16 Added support for annotation session-cookie-change-on-failure 
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.

Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
 2019-05-27 13:00:07 +03:00
Manuel Alejandro de Brito Fontes
bae49a4657
Refactor ListIngresses to add filters 2019-05-22 05:37:44 -04:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00