DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4260 commits 4 branches 217 tags 166 MiB
Commit graph

369 commits

Author SHA1 Message Date
Elvin Efendi
8f5fa78e1a regression test 2019-07-26 10:18:31 -04:00
Elvin Efendi
6f7b66fc7d memoize balancer for a request 2019-07-26 09:35:58 -04:00
Kubernetes Prow Robot
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache 
feat: auth-req caching
 2019-07-17 12:06:12 -07:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Elvin Efendi
b424ad2681 avoid warning during lua unit test 2019-07-11 18:24:13 -04:00
Kubernetes Prow Robot
fe6c086580
Merge pull request #4288 from eshicks4/proxy-http-version-annotation 
added proxy-http-version annotation to override the HTTP/1.1 default …
 2019-07-11 11:43:07 -07:00
Manuel Alejandro de Brito Fontes
1e07cc6933
Disable access log in stream section for configuration socket 2019-07-10 13:42:13 -04:00
E. Stuart Hicks
3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Elvin Efendi
97d3a0ddab fix lua lints 2019-07-08 13:51:24 -04:00
Kubernetes Prow Robot
7c297e001a
Merge pull request #4246 from ElvinEfendi/proxy-alternative-upstream-name 
introduce proxy_alternative_upstream_name Nginx var
 2019-07-04 19:20:35 -07:00
Elvin Efendi
8b208cac93 introduce proxy_alternative_upstream_name Nginx var to differentiate canary requests 2019-07-04 19:43:20 -04:00
Kubernetes Prow Robot
930e37a0b5
Merge pull request #4273 from aledbf/ssh-chain-dynamic 
Check and complete intermediate SSL certificates
 2019-07-04 16:32:36 -07:00
Manuel Alejandro de Brito Fontes
8807db9748
Check and complete intermediate SSL certificates 2019-07-04 19:13:21 -04:00
Elvin Efendi
0e5913310d dynamic cert mode should understand domain with trailing dot 2019-07-04 17:30:41 -04:00
Elvin Efendi
27df697dde introduce ngx.var.balancer_ewma_score 2019-07-03 16:50:22 -04:00
Kubernetes Prow Robot
c01effb076
Merge pull request #4232 from ElvinEfendi/fix-dynamic-cert-bug 
override least recently used entries when certificate_data dict is full
 2019-07-01 08:03:22 -07:00
Elvin Efendi
b66f9e329d override least recently used entries when certificate_data dictionary is full 2019-07-01 10:18:40 -04:00
Manuel Alejandro de Brito Fontes
591887089f
Add e2e test suite to detect memory leaks in lua 2019-06-27 22:05:52 -04:00
Manuel Alejandro de Brito Fontes
ddffa2a173
Enable arm again 2019-06-26 23:00:58 -04:00
Elvin Efendi
2b46c3a056 fix monitor test after move to openresty 2019-06-24 14:21:19 -04:00
Kubernetes Prow Robot
5dfc7e211f
Merge pull request #4221 from aledbf/upgrade-nginx-image 
Switch to openresty image
 2019-06-24 09:45:57 -07:00
Manuel Alejandro de Brito Fontes
991f95f6bf
Migrate to openresty 2019-06-23 22:29:11 -04:00
Manuel Alejandro de Brito Fontes
d7b213d979
Do not set Host header when backend protocol is grpc 2019-06-18 23:44:10 -04:00
Kubernetes Prow Robot
57a0542fa3
Merge pull request #4187 from s-shirayama/add_unit_test_case_for_balancer_lua_module 
Add unit test cases for balancer lua module
 2019-06-13 09:02:20 -07:00
Sebastiaan Tammer
c11583dc5f Only load modsecurity_module when ModSec is active 2019-06-11 16:39:52 +02:00
s-shirayama
6f0d6b38b8 Add unit test case for canary by header 2019-06-11 22:34:33 +09:00
s-shirayama
0ff679baa7 Add unit test case for canary by cookie 2019-06-11 22:34:30 +09:00
s-shirayama
e9f4c0bb0e Add unit test case for canary by weight 2019-06-11 22:34:24 +09:00
s-shirayama
7a15f52cf1 Add unit test case for balancer.route_to_alternative_balancer() 2019-06-11 22:34:05 +09:00
Elvin Efendi
e2c6202324 bugfix: check all previously failing upstreams, not just the last one 2019-06-07 10:00:31 -04:00
Elvin Efendi
b9b1ffb1d5 simplify sticky balancer 2019-06-06 16:32:33 -04:00
Elvin Efendi
83f2acbe38 Session Affinity ChangeOnFailure should be boolean 2019-06-06 11:22:05 -04:00
Kubernetes Prow Robot
286ff13af2
Merge pull request #4048 from fedunineyu/change-upstream-on-error-with-sticky-session 
Change upstream on error when sticky session balancer is used
 2019-06-06 07:22:17 -07:00
Eugene Fedunin
254629cf16 Added support for annotation session-cookie-change-on-failure 
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.

Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
 2019-05-27 13:00:07 +03:00
Manuel Alejandro de Brito Fontes
c4597522bf
Refactor whitelist from map to standard allow directives 2019-05-27 04:55:38 -04:00
Elvin Efendi
0e9e40a60b use nkeys for counting lua table elements 2019-05-26 18:15:15 -04:00
Elvin Efendi
dc7fa885a2 log info when endpoints change for a balancer 2019-05-25 23:50:18 -04:00
weltschraet
abca32ba8e reduce memory footprint and cpu usage when modsecurity and owasp rules are enabled globally 2019-05-18 19:08:30 +02:00
MRoci
8b7f069b56
load modsecurity.conf on ModSecurity.Enable 2019-05-13 17:39:06 +02:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Kubernetes Prow Robot
34734edc6e
Merge pull request #4005 from Shopify/proxy-next-upstream-timeout 
Support proxy_next_upstream_timeout
 2019-04-15 09:10:09 -07:00
Alex Kursell
ffeb1fe348 Support proxy_next_upstream_timeout 2019-04-15 11:08:57 -04:00
Kubernetes Prow Robot
6b6610dabe
Merge pull request #4000 from ElvinEfendi/dynamic-ssl-improvements 
Dynamic ssl improvements
 2019-04-13 14:38:00 -07:00
Elvin Efendi
2f3cf1a6c0 do not create empty access_by_lua_block 2019-04-13 16:11:46 -04:00
Elvin Efendi
93f00b2143 fix luacheck warning 2019-04-13 15:26:48 -04:00
Elvin Efendi
45add6cb7d better certificate lua unit tests 2019-04-13 14:01:44 -04:00
Elvin Efendi
42c207c548 handle default certificate correctly in Lua 2019-04-13 12:32:06 -04:00
Elvin Efendi
f067712824 better logging in certificate.lua 2019-04-13 12:32:06 -04:00
Elvin Efendi
8f81538b0d lua plugin system 2019-04-04 09:25:22 -04:00
Elvin Efendi
87e962682f properly parse x-forwarded-host 2019-03-31 15:10:45 -04:00