DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6822 commits 4 branches 217 tags 166 MiB
Commit graph

1027 commits

Author SHA1 Message Date
Kubernetes Prow Robot
c500bd4b3f
Merge pull request #4139 from choffmeister/fix/collect-metrics-if-metrics-per-host-false 
Always collect metrics when --metrics-per-host=false
 2020-08-08 12:02:19 -07:00
Laszlo Janosi
7d82903ce9
Fix panic in ingress class validation 
If an ingress had no class annotation, nor IngressClassName  at all, and an IngressClass resource was created for the ingress-nginx there was a panic when the controller tried to check the IngressClassName of the Ingress.
 2020-08-07 17:09:14 +00:00
Mitsuo Heijo
094967cfd9 bump fsnotify to v1.4.9 
migrate gopkg.in/fsnotify/fsnotify.v1 to github.com/fsnotify/fsnotify
 2020-07-31 02:14:03 +09:00
Bernard Van De Walle
f3537204d2 Adding Zipkin collector to the E2E opentracing test as it is required to load at least one tracer to enable opentracing 
Work on PR comments
Add tests for template builder

Signed-off-by: Bernard Van De Walle <bernard.vandewalle@getcruise.com>
 2020-07-23 15:25:50 -07:00
Bernard Van De Walle
2baca9e32a Merge branch 'add-opentracing-operation-name-settings' of https://github.com/JorritSalverda/ingress-nginx into add-opentracing-operation-name-settings 2020-07-23 11:42:44 -07:00
Kubernetes Prow Robot
e825af86e1
Merge pull request #5887 from dschwar/force-use-forwarded-for 
Add force-enable-realip-module
 2020-07-17 07:17:02 -07:00
David Schwartz
d52141c2b9 Add enable-real-ip 2020-07-15 15:25:29 -04:00
Manuel Alejandro de Brito Fontes
dc3876666b Revert "use-regex annotation should be applied to only one Location" 
This reverts commit a8a8b5f6e9.
 2020-07-15 11:20:47 -04:00
Manuel Alejandro de Brito Fontes
e4c4edd626 Custom default backend service must have ports 2020-07-07 08:49:13 -04:00
Manuel Alejandro de Brito Fontes
a8a8b5f6e9 use-regex annotation should be applied to only one Location 2020-07-06 19:29:39 -04:00
Mitsuo Heijo
8557677a5e fix json tag for SSLPreferServerCiphers 
related https://github.com/kubernetes/ingress-nginx/pull/5534
 2020-07-06 23:45:36 +09:00
Zhongcheng Lao
c0629e92c2
Add proxy-ssl-server-name to enable passing SNI 2020-07-03 14:14:32 +08:00
agile6v
38447408e1 Remove redundant health check to avoid liveness or readiness timeout 2020-07-01 10:53:31 +08:00
Manuel Alejandro de Brito Fontes
14acc186f0 Update comment about restart of pod 2020-06-24 11:35:37 -04:00
Kubernetes Prow Robot
d3832915e1
Merge pull request #5743 from kulong0105/master 
build/dev-env.sh: remove docker version check
 2020-06-23 14:39:17 -07:00
Yilong Ren
714637bec5 build/dev-env.sh: remove docker version check 
docker experimental feature is unnecessary, so just remove it
 2020-06-23 15:37:41 +08:00
Kubernetes Prow Robot
803a76cf8a
Merge pull request #5749 from Bo0km4n/feat-configurable-max-batch-size 
[Fix/metrics] Be configurable max batch size of metrics
 2020-06-22 22:07:40 -07:00
mengqi.wmq
f232a264ab Add default-type as a configurable for default_type 2020-06-21 11:10:51 +08:00
Bo0km4n
7ab0916c92 Resolve conflicts 2020-06-20 17:13:31 +09:00
Bo0km4n
53a6b0fd3b Configurable metrics max batch size 2020-06-20 15:58:14 +09:00
Kubernetes Prow Robot
832c4e800f
Merge pull request #5702 from sylr/filter-tiller-configmaps 
Filter out objects that belong to Helm
 2020-06-13 11:57:56 -07:00
Sylvain Rabot
c0ae83f891
Use build tags to make it compile on non linux platforms 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2020-06-11 21:50:03 +02:00
Sylvain Rabot
c9cb3dd626
Filter out objects that belong to Helm 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2020-06-11 19:18:56 +02:00
Manuel Alejandro de Brito Fontes
3d3efaab29 Fix proxy_protocol duplication in listen definition 2020-06-09 15:00:59 -04:00
agile6v
fc1c043437 Add http-access-log-path and stream-access-log-path options in configMap 2020-06-05 01:27:26 +08:00
Kubernetes Prow Robot
d061375afa
Merge pull request #5571 from agile6v/dev 
feat: support the combination of Nginx variables for annotation upstream-hash-by.
 2020-06-01 15:10:14 -07:00
Manuel Alejandro de Brito Fontes
ea85404acd Do not reload NGINX if master process dies 2020-06-01 16:00:29 -04:00
agile6v
c035a144f8 Support the combination of nginx variables and text value for annotation upstream-hash-by. 2020-06-01 06:37:41 +08:00
Kubernetes Prow Robot
ee02d897d5
Merge pull request #5534 from agile6v/master 
Add annotation ssl-prefer-server-ciphers.
 2020-05-29 08:35:16 -07:00
agile6v
0e79ad8e4f Update unit & e2e tests. 2020-05-21 02:19:13 +08:00
Kubernetes Prow Robot
2e4c8233d5
Merge pull request #5522 from kevinfrommelt/remove-duplicate-annotation-parse 
Remove duplicate annotation parsing for annotationAffinityCookieChangeOnFailure
 2020-05-13 17:06:22 -07:00
Andrey Voronkov
bced1ed8b8 Ability to separately disable access log in http and stream contexts 
Two new configuration options:
`disable-http-access-log`
`disable-stream-access-log`

Should resolve issue with enormous amount of `TCP 200` useless entries in logs

Signed-off-by: Andrey Voronkov <voronkovaa@gmail.com>
 2020-05-13 21:23:37 +03:00
Manuel Alejandro de Brito Fontes
46cca5ad40 Fix error setting $service_name NGINX variable 2020-05-13 10:01:41 -04:00
agile6v
38f99cefb2 Update testcase for sslCipher. 2020-05-13 11:03:15 +08:00
agile6v
38a8556c4f Add comments for sslcipher.Config struct. 2020-05-13 10:40:56 +08:00
agile6v
41d82005ec Add annotation ssl-prefer-server-ciphers. 2020-05-11 16:31:08 +08:00
Kevin Frommelt
e775495a56
Remove duplicate Cookie.ChangeOnFailure assertion 2020-05-08 13:51:14 -05:00
Kevin Frommelt
3c5e3eda7b
Remove duplicate annotation parsing for annotationAffinityCookieChangeOnFailure 2020-05-08 09:14:10 -05:00
Mark Janssen
639a8c7871 Enable TLSv1.3 by default 
Fix for 049b25e566 which mistakenly only
updated documentation.
 2020-05-08 12:40:11 +02:00
Christian Hoffmeister
ef75a2d6fc Merge remote-tracking branch 'upstream/master' into fix/collect-metrics-if-metrics-per-host-false 2020-05-01 14:57:00 +02:00
Manuel Alejandro de Brito Fontes
a8c7ec6cfb Changes on services must trigger a sync event 2020-04-29 13:37:39 -04:00
Manuel Alejandro de Brito Fontes
af910a16d4 Refactor ingress validation in webhook 2020-04-28 18:35:03 -04:00
Andreas Sommer
c775b439dc Case-insensitive TLS host matching 2020-04-28 11:07:43 +02:00
Manuel Alejandro de Brito Fontes
dbaefc8ee9 Ensure webhook validation ingress has a PathTypePrefix 2020-04-27 10:37:26 -04:00
Manuel Alejandro de Brito Fontes
a95d850384 Add support for PathTypeExact 2020-04-23 11:12:37 -04:00
Manuel Alejandro de Brito Fontes
efbb3f9fc8 Add support for IngressClass and ingress.class annotation 2020-04-22 09:15:32 -04:00
Rodrigo Villablanca
ecc20461aa Removed wrong code 2020-04-20 12:30:18 -04:00
Kubernetes Prow Robot
5b8d4baf5c
Merge pull request #5388 from rvillablanca/rm-todos 
Remove TODO that were done
 2020-04-17 19:59:35 -07:00
Manuel Alejandro de Brito Fontes
d18fa90cfd Add e2e test for OCSP and new configmap setting 2020-04-17 12:53:47 -04:00
Rodrigo Villablanca
dc1adaec6b Remove TODO that were done 2020-04-17 03:37:37 -04:00
Elvin Efendi
1dab12fb81 Lua OCSP stapling 2020-04-16 21:29:16 -04:00
Manuel Alejandro de Brito Fontes
ad04fbe8b5 Cleanup parsing of annotations with lists 2020-04-13 17:02:31 -04:00
Manuel Alejandro de Brito Fontes
c0db19b0ec Enable configuration of plugins using configmap 2020-04-13 11:38:42 -04:00
Artem Miroshnychenko
ae88a7d2a8 remove unused test and function 2020-04-08 19:37:23 +03:00
Artem Miroshnychenko
01351a6bf8 remove unused test and function 2020-04-08 19:37:15 +03:00
Manuel Alejandro de Brito Fontes
5390ce4879 Fix definition order of modsecurity directives 2020-04-03 10:53:20 -03:00
Manuel Alejandro de Brito Fontes
51f0ef052b Set new default PathType to prefix 2020-04-01 10:05:48 -03:00
Manuel Alejandro de Brito Fontes
1216ed03f7 Fix condition in server-alias annotation 2020-04-01 08:37:14 -03:00
Manuel Alejandro de Brito Fontes
04ef782c57 Migrate ingress.class annotation to new IngressClassName field 2020-03-31 12:20:01 -03:00
Manuel Alejandro de Brito Fontes
a46126a034 Update client-go methods to support context and and new create and delete options 2020-03-27 19:52:51 -03:00
Bhavin Gandhi
380ef3a92c Fix the ability to disable ModSecurity at location level 
- Adds 'modsecurity off;' to the nginx config if the
  'enable-modsecurity' annotation is set to false.
- Update tests and e2e tests accordingly

Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
 2020-03-22 23:51:02 +05:30
Manuel Alejandro de Brito Fontes
07b70f68bd
Redirect for app-root should preserve current scheme (#5266) 2020-03-19 15:49:18 -03:00
Maxim Pogozhiy
78576a9bbc Add Maxmind Editions support 2020-03-19 19:36:10 +07:00
Christian Hoffmeister
19770f5b41 Merge remote-tracking branch 'base/master' into fix/collect-metrics-if-metrics-per-host-false 2020-03-13 07:17:49 +01:00
Manuel Alejandro de Brito Fontes
96327b12cd
Fix $service_name and $service_port variables values without host (#5226) 2020-03-07 23:06:03 -03:00
Manuel Alejandro de Brito Fontes
ad460e16ce
Avoid secret without tls.crt and tls.key but a valid ca.crt (#5225) 2020-03-07 21:15:24 -03:00
m.nabokikh
ed30be05bc Fix quote function in template to render pointers properly 2020-03-05 16:45:27 +04:00
schaefec
0ab2e72e95 Doesn't fail if proxy-ssl-name annotation is not specified 2020-02-25 13:32:14 +01:00
schaefec
141ea59b7f Allows overriding the server name used to verify the certificate of the proxied HTTPS server 2020-02-25 13:32:14 +01:00
Kubernetes Prow Robot
35264d6e8f
Merge pull request #5114 from whalecold/match 
Feat: add header-pattern annotation.
 2020-02-24 17:07:36 -08:00
Kubernetes Prow Robot
6cd223558f
Merge pull request #4981 from janosi/proxy-ssl-scope 
Applying proxy-ssl-* directives on locations only
 2020-02-24 15:53:36 -08:00
Manuel Alejandro de Brito Fontes
07686f894a
Check there is a difference in the template besides the checksum (#5151) 2020-02-21 16:41:03 -03:00
Manuel Alejandro de Brito Fontes
c5db20ace4
Update default VariablesHashBucketSize value to 256 (#5150) 2020-02-21 16:01:33 -03:00
Manuel Alejandro de Brito Fontes
cd94ac7f84
Allow service type ExternalName with different port and targetPort (#5141) 2020-02-20 23:06:05 -03:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
Manuel Alejandro de Brito Fontes
37c24b0df5
Migration e2e installation to helm (#5086) 2020-02-16 11:58:37 -03:00
Daniel Arifin
d48d5a61ae Add gzip-min-length as a configurable 2020-02-14 13:29:51 +07:00
Manuel Alejandro de Brito Fontes
281139d1a7
Only set mirror source when a target is configured (#5055) 2020-02-11 13:48:42 -03:00
Manuel Alejandro de Brito Fontes
77586dd83b
Validation of header in authreq should be done only in the key (#5053) 2020-02-11 10:30:14 -03:00
Laszlo Janosi
42ec2cc0ed Change the handling of ConfigMap creation 
When a new CM is created Ingress definitions are checked for reference to the new CM an Ingress sync is triggered if such reference is found.
 2020-02-11 11:00:48 +01:00
Manuel Alejandro de Brito Fontes
2c5819e1b3
Add flag to allow custom ingress status update intervals (#5050) 2020-02-10 16:52:50 -03:00
Ilya Nemakov
46a3e0a6fd Fix X-Forwarded-Proto based on proxy-protocol server port 2020-02-10 18:08:34 +03:00
Manuel Alejandro de Brito Fontes
d0423c6d4f
Update code to use pault.ag/go/sniff package (#5038) 
* Update code to use pault.ag/go/sniff package

* Update go dependencies
 2020-02-07 12:27:43 -03:00
Manuel Alejandro de Brito Fontes
9278f0cad2
Update metric dependencies (#5023) 2020-02-06 09:50:13 -03:00
Manuel Alejandro de Brito Fontes
b3146354d4 Refactor mirror feature 2020-02-05 10:39:55 -03:00
Manuel Alejandro de Brito Fontes
b9e944a8a6
Move mod-security logic from template to go code (#5009) 2020-02-04 14:04:11 -03:00
Manuel Alejandro de Brito Fontes
54c30b91c9
Fix server aliases (#5003) 2020-02-02 19:08:55 -03:00
Manuel Alejandro de Brito Fontes
3f94729c52
Fix status update for clusters where networking.k8s.io is not available (#4996) 2020-01-31 21:37:15 -03:00
Manuel Alejandro de Brito Fontes
5d6f09fbcd
Calculation algorithm for server_names_hash_bucket_size should consider annotations (#4993) 2020-01-31 13:01:28 -03:00
Brian Kopp
1b523390bb Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-29 14:30:00 -07:00
Manuel Alejandro de Brito Fontes
5d05e19cc3
Fix enable opentracing per location (#4983) 2020-01-29 12:20:05 -03:00
Laszlo Janosi
ced67e53a1 New logic: proxy-ssl parameters can be applied on locations only 
Add: new parameter in the ConfigMap to control whether the proxy-ssl parameters of an Ingress should be applied on server and location levels, or only on location level
Add: logic in the config handling to work according to the new ConfigMap parameter
Add: unit test case
 2020-01-29 10:00:55 +01:00
Manuel Alejandro de Brito Fontes
1021051fb3 Avoid overlap of rate limit zones 2020-01-27 00:38:54 -03:00
Manuel Alejandro de Brito Fontes
340bb39384 Avoid overwrite of auth file 2020-01-27 00:38:54 -03:00
Manuel Alejandro de Brito Fontes
d9983cb387 Fix spell errors 2020-01-27 00:01:13 -03:00
Manuel Alejandro de Brito Fontes
7ff49b25d6
Move opentracing configuration for location to go (#4965) 2020-01-25 21:39:20 -03:00
Manuel Alejandro de Brito Fontes
a8a827a806
Remove prometheus socket before listen (#4961) 2020-01-25 14:52:51 -03:00
Manuel Alejandro de Brito Fontes
66ef05849f
Refactor how to handle sigterm and nginx process goroutine (#4959) 2020-01-25 14:52:31 -03:00
Manuel Alejandro de Brito Fontes
c8015c7734
Update nginx image, use docker buildx and remove qemu (#4923) 
* Update nginx image, use docker buildx and remove qemu

* Update e2e image
 2020-01-14 20:52:57 -03:00
Manuel Alejandro de Brito Fontes
e726f25d03
Fix incorrect uid in AdmissionResponse (#4927) 2020-01-14 16:42:58 -03:00
Manuel Alejandro de Brito Fontes
74944b99e9
Enable download of GeoLite2 databases (#4896) 2020-01-08 19:46:43 -03:00
Sungmin Lee
d7be5db7de Support sample rate and global sampling configuration for Datadog in ConfigMap 2020-01-07 16:59:59 -08:00
Manuel Alejandro de Brito Fontes
5f6c4cff3e
Add help task (#4891) 
* Add help task
* Fix vet errors
 2020-01-07 10:53:12 -03:00
Manuel Alejandro de Brito Fontes
b30115aba7
Merge pull request #4862 from aledbf/update-nginx-image 
Update nginx image
 2020-01-04 15:51:23 -03:00
Manuel Alejandro de Brito Fontes
fbdd924a45 Update nginx image 2020-01-04 13:23:16 -03:00
Manuel Alejandro de Brito Fontes
965ecd4b15
Default backend protocol only supports http (#4870) 2020-01-04 11:09:00 -03:00
Manuel Alejandro de Brito Fontes
41a3e04163 Update auto-generated code year to 2020 2020-01-02 16:58:36 -03:00
Manuel Alejandro de Brito Fontes
f0f9618a89
Fix ingress status regression introduced in #4490 (#4871) 2019-12-30 20:46:20 -03:00
Manuel Alejandro de Brito Fontes
a0523c3c8a
Use a named location for authSignURL (#4859) 2019-12-24 22:50:25 -03:00
Manuel Alejandro de Brito Fontes
facf841992
Return specific type (#4840) 2019-12-17 12:06:17 -03:00
Manuel Alejandro de Brito Fontes
5c30820d1f Remove hard-coded annotation and don't use map pointers 2019-12-13 03:05:20 -03:00
Manuel Alejandro de Brito Fontes
0dce5be743 Migrate ingress definitions from extensions to networking.k8s.io 2019-12-12 21:25:00 -03:00
Kubernetes Prow Robot
be1907142b
Merge pull request #4823 from aledbf/go-modules 
Update go dependencies to v1.17.0
 2019-12-12 11:40:32 -08:00
Manuel Alejandro de Brito Fontes
fe2ae8a1ec Check the configmap is valid 2019-12-10 22:45:02 -03:00
Kubernetes Prow Robot
d5e197c3e2
Merge pull request #4816 from kdomanski/fix-ssl-redirect 
apply default certificate again in cases of invalid or incomplete cert config
 2019-12-10 17:40:05 -08:00
Kamil Domański
5c8522cdab apply default certificate again in cases of invalid or incomplete cert config 
Signed-off-by: Kamil Domański <kamil@domanski.co>
 2019-12-06 12:15:52 +01:00
Manuel Alejandro de Brito Fontes
cfccc2acc0 Update default SSL ciphers 2019-12-05 19:34:53 -03:00
Manuel Alejandro de Brito Fontes
19d596b72b
Allow custom CA certificate when flag --api-server is specified (#4807) 2019-12-05 19:12:54 -03:00
Kubernetes Prow Robot
a85d5ed93a
Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00
Kubernetes Prow Robot
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
6927d9351a Improve safety of AWS-based builds 
Ensure that AWS and Docker credentials don't get
accidentally added
 2019-11-27 11:07:26 +10:00
Will Thames
0ae463a5f3 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Kubernetes Prow Robot
95edf02f91
Merge pull request #4700 from TronWallet/fix/nodeport_externalips 
adds hability to use externalIP when controller service is of type NodePort
 2019-11-26 15:33:20 -08:00
Manuel Alejandro de Brito Fontes
61d902db14 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Kubernetes Prow Robot
62518b60b4
Merge pull request #4689 from janosi/upstream_ssl 
Server-only authentication of backends and per-location SSL config
 2019-11-18 19:49:43 -08:00
Kubernetes Prow Robot
0d244e1c41
Merge pull request #4730 from stamm/master 
add configuration for http2_max_concurrent_streams
 2019-11-08 07:12:29 -08:00
Kubernetes Prow Robot
a0dc3a9a51
Merge pull request #4695 from janosi/secure-verify-ca-secret 
Removing secure-verify-ca-secret support
 2019-11-08 07:12:21 -08:00
Kubernetes Prow Robot
f808f955ee
Merge pull request #4664 from bryanhanner/master 
warn when ConfigMap is missing or not parsable instead of erroring
 2019-11-08 07:12:14 -08:00
Rustam Zagirov
d9cfad1894 add configuration for http2_max_concurrent_streams 2019-10-31 15:13:38 +03:00
Laszlo Janosi
cc84bd4ab6 Server level proxy_ssl parameters are applied again, following the comments received. 
Also writing tls.crt and tls.key to disk is according to the original code.
 2019-10-26 20:20:18 +02:00
Vinicius Niche Correa
b14a6944a7 adds hability to use externalIP 2019-10-21 01:23:27 -03:00
Laszlo Janosi
c76995b81b Fixing comments 2019-10-18 11:36:00 +02:00
Laszlo Janosi
31227d61c2 Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition 2019-10-18 10:58:57 +02:00
Peter Pan
6aa48def3a add remote_addr in layer 4 access log 
original:
[18/Oct/2019:00:47:53 +0000]  TCP 200 4333 81 0.002
new:
[10.6.124.202]  [18/Oct/2019:01:05:15 +0000]  TCP 200 4333  81 0.002
 2019-10-18 09:21:01 +08:00
Laszlo Janosi
37fe9c9876 Enabling per-location proxy-ssl parameters, so locations of the same server but with own unique Ingress definitions can have different SSL configs 2019-10-17 10:15:53 +02:00
Thomas Jackson
500b043f27 Don't use DNS resolution to "validate FQDN" 
As the controller stands today this "validation" is done once per config load, which means if the DNS query fails for any reason the endpoint will remain dead until both (1) a change happens to the ingress and (2) the DNS resolution works. If the user configured the name we should just pass it through, this way the lua dns can attempt to re-query it at its leisure.
 2019-10-13 13:16:47 -07:00
Arthur Axel 'fREW' Schmidt
ea8f7ea8b7 Simplify initialization function of bytes.Buffer 2019-10-12 08:36:54 -07:00
Bryan Hanner
9957d30048 warn when ConfigMap is missing or unparsable instead of erroring 2019-10-11 17:15:38 -07:00
Kubernetes Prow Robot
fb025ab501
Merge pull request #4087 from MRoci/master 
Define Modsecurity Snippet via ConfigMap
 2019-09-30 15:19:32 -07:00
Andrea Spacca
203a3ed455 ISSUE-4244 comply with --health-check-path (#4619) 2019-09-29 14:37:57 -03:00
Manuel Alejandro de Brito Fontes
d5d2b4037c
Fix ports collision when hostNetwork=true (#4617) 2019-09-28 17:30:57 -03:00
MRoci
72c4ffa8b5
add modsecurity-snippet key 2019-09-28 09:54:07 +02:00
Manuel Alejandro de Brito Fontes
6715108d8a
Release 0.26.0 2019-09-27 10:23:12 -03:00
Manuel Alejandro de Brito Fontes
a9f332704a
Fix custom default backend switch to default (#4611) 2019-09-27 10:21:28 -03:00
Manuel Alejandro de Brito Fontes
2bd8121338
Change default for proxy-add-original-uri-header 2019-09-25 10:57:31 -03:00
Elvin Efendi
d8a3d616b4 fix bug with new and running configuration comparison 2019-09-25 06:33:59 -04:00
Elvin Efendi
c5a8357f1d handle hsts header injection in lua 2019-09-24 21:17:22 -04:00
Kubernetes Prow Robot
14f9b0d64e
Merge pull request #4596 from Shopify/fix-auth-proxy-header-order 
sort auth proxy headers from configmap
 2019-09-24 13:29:26 -07:00
Elvin Efendi
d124dd5eee sort auth proxy headers from configmap 2019-09-24 15:19:49 -04:00
Elvin Efendi
8c64b12a96 refactor force ssl redirect logic 2019-09-24 14:57:52 -04:00
Elvin Efendi
e392c8a8af cleanup unused certificates 2019-09-24 14:16:03 -04:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Kubernetes Prow Robot
cb2889b87b
Merge pull request #4586 from aledbf/fix-reload 
Fix reload when a configmap changes
 2019-09-24 07:23:28 -07:00
Manuel Alejandro de Brito Fontes
a40a4b0325
Fix reload when a configmap changes 2019-09-24 10:55:59 -03:00
Kubernetes Prow Robot
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode 
Added new affinity mode for maximum session stickyness.
 2019-09-24 05:09:27 -07:00
Manuel Alejandro de Brito Fontes
1b8f6518cf
Avoid unnecessary reloads generating lua_shared_dict directives 2019-09-22 21:16:00 -03:00
Manuel Alejandro de Brito Fontes
624ce0857a
Remove retries to ExternalName (#4584) 2019-09-22 18:16:25 -03:00
Manuel Alejandro de Brito Fontes
e888fcff7b
Update runc cgroup mount api 2019-09-19 11:01:31 -03:00
Manuel Alejandro de Brito Fontes
4b4176c830
Fix log format after #4557 2019-09-18 12:52:09 -03:00
Manuel Alejandro de Brito Fontes
9f092a2c81
Increase log level for identical CreationTimestamp warning 2019-09-18 11:59:03 -03:00
Kubernetes Prow Robot
87ad033483
Merge pull request #4569 from mkabischev/jaeger-header-configuration 
allow to configure jaeger header names
 2019-09-17 20:29:29 -07:00
Mike Kabischev
d5563a7e47 allow to configure jaeger header names 2019-09-17 12:35:53 +03:00
Kubernetes Prow Robot
846ff00363
Merge pull request #4560 from Shopify/basic-auth-map 
Support configuring basic auth credentials as a map of user/password hashes
 2019-09-16 07:52:39 -07:00
Kubernetes Prow Robot
2d8f8128b6
Merge pull request #4557 from aledbf/remove-realipvar 
Remove the_real_ip variable
 2019-09-16 07:30:39 -07:00
A Gardner
376b862c23 Add annotation to support map of user/pass pairs in basic auth 2019-09-13 11:33:33 -04:00
Manuel Alejandro de Brito Fontes
55820ef1e8
Allow multiple CA Certificates (#4556) 2019-09-13 09:22:24 -03:00
Manuel Alejandro de Brito Fontes
9af574a234
Remove the_real_ip variable 2019-09-12 20:01:33 -03:00
Manuel Alejandro de Brito Fontes
ce3e3d51c3
WIP Remove nginx unix sockets (#4531) 
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
 2019-09-08 18:14:54 -03:00
Kubernetes Prow Robot
76e2a5d731
Merge pull request #4506 from ProNic-QY/master 
Fix panic on multiple ingress mess up upstream is primary or not
 2019-09-07 12:15:18 -07:00
Ricardo Katz
9c51676f17 Add support to CRL (#3164) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Add support to CRL

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
 2019-09-03 16:47:28 -04:00
zhangty
3dc8211c46 backward compatibility for k8s version < 1.14 2019-09-02 17:05:52 +08:00
Manuel Alejandro de Brito Fontes
c2935ca35c
Refactor health checks and wait until NGINX process ends 2019-09-01 15:31:27 -04:00
Manuel Alejandro de Brito Fontes
c7d2444cf4
Fix nginx variable service_port (nginx) (#4500) 2019-08-31 11:24:01 -04:00
Manuel Alejandro de Brito Fontes
72cb7f5e14
Move nginx helper (#4501) 2019-08-30 20:18:11 -04:00
Alexander Maret-Huskinson
880b3dc5f1 Fixed test findings. 2019-08-30 19:08:03 +02:00
Alexander Maret-Huskinson
9170591185 Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 11:40:29 +02:00
qianyong
435377f47f Fix panic on multiple ingress mess up upstream is primary or not 2019-08-30 07:32:02 +08:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Manuel Alejandro de Brito Fontes
4847bb02f0
Refactor ingress status IP address (#4490) 2019-08-25 12:27:34 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Kubernetes Prow Robot
82b241c517
Merge pull request #4476 from antoineco/bug/nil-err-channel 
Initialize nginx process error channel
 2019-08-22 09:46:33 -07:00
Antoine Cotten
d1feb65ff9
Initialize nginx process error channel 
goroutines that write to ngxErrCh remain asleep forever without that
necessary initialization.
 2019-08-22 16:25:47 +02:00
Kubernetes Prow Robot
6697203891
Merge pull request #4409 from ProNic-QY/master 
sort ingress by namespace and name when ingress.CreationTimestamp identical
 2019-08-18 17:30:03 -07:00
Kubernetes Prow Robot
75d65bbd15
Merge pull request #4327 from leki75/proxyssl 
Add proxy_ssl_* directives
 2019-08-18 09:14:04 -07:00
qianyong
70614f4622 sort ingress by namespace and name when ingress.CreationTimestamp identical 2019-08-18 23:11:15 +08:00
Kubernetes Prow Robot
839076e3b0
Merge pull request #4456 from aledbf/psp-mount 
Fix file permissions to support volumes
 2019-08-16 06:24:32 -07:00
Gabor Lekeny
4624b5bc77 Change PemSHA to CASHA 2019-08-16 06:31:15 +02:00
Gabor Lekeny
65b9e2c574 Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl 2019-08-16 06:21:53 +02:00
Manuel Alejandro de Brito Fontes
23ed3ba4c4
Fix file permissions to support volumes 2019-08-15 20:48:37 -04:00
Kubernetes Prow Robot
4b0aabc0c3
Merge pull request #4451 from ElvinEfendi/avoid-redundant-lua-sync 
post data to Lua only if it changes
 2019-08-15 16:20:34 -07:00
Elvin Efendi
05c889335d post data to Lua only if it changes 2019-08-15 17:21:34 -04:00
Manuel Alejandro de Brito Fontes
9543aacc76
Fix test description on error 2019-08-15 16:56:20 -04:00
Kubernetes Prow Robot
f4da014907
Merge pull request #4449 from aledbf/fix-en 
Fix service type external name using the name
 2019-08-15 13:08:35 -07:00
Kubernetes Prow Robot
b5fecd0dc8
Merge pull request #4450 from Shopify/proxy-max-temp-file-size 
Add nginx proxy_max_temp_file_size configuration option
 2019-08-15 12:40:33 -07:00
Maxime Ginters
d8bd8c5619 Add nginx proxy_max_temp_file_size configuration option 2019-08-15 13:47:42 -04:00
Elvin Efendi
0b619dc772 make luaSharedDicts test less dependent on default values 2019-08-15 13:13:43 -04:00
Elvin Efendi
30b64df10a ewma improvements 2019-08-15 13:13:43 -04:00
Kubernetes Prow Robot
0b375989f3
Merge pull request #4412 from Shopify/ssl-early-data 
Add nginx ssl_early_data option support
 2019-08-15 10:08:35 -07:00
Manuel Alejandro de Brito Fontes
816f4b0824
Fix service type external name using the name 2019-08-15 12:09:42 -04:00
Elvin Efendi
94052b1bfc fix test by setting default luashareddicts 2019-08-14 22:10:56 -04:00
Elvin Efendi
6a293c7e11 set /configuration client body size dynamically 2019-08-14 22:10:56 -04:00
Elvin Efendi
b21c721196 lua-shared-dicts improvements, fixes and documentation 2019-08-14 22:10:56 -04:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Kubernetes Prow Robot
adef152db8
Merge pull request #4379 from diazjf/mirror 
Allow Requests to be Mirrored to different backends
 2019-08-13 17:52:24 -07:00
Elvin Efendi
d46b4148fa Lua /etc/resolv.conf parser and some refactoring 2019-08-13 18:34:54 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes
2ed75b3362
Move listen logic to go 2019-08-13 14:52:25 -04:00
Manuel Alejandro de Brito Fontes
016219d394
Refactor version helper (#4437) 2019-08-13 13:46:16 -04:00
Kubernetes Prow Robot
1926340a7b
Merge pull request #4423 from Nuglif/quote 
Add quote function in template
 2019-08-09 20:55:13 -07:00
Pierrick Charron
f459515d0d Add quote function in template 
Co-authored-by: Charle Demers <charle.demers@gmail.com>
 2019-08-09 15:47:29 -04:00
Manuel Alejandro de Brito Fontes
a768b6066e
Ignore kubernetes objects in hash calculation 2019-08-09 08:44:46 -04:00
Manuel Alejandro de Brito Fontes
40533ad989
Code linting 2019-08-09 08:44:14 -04:00
Manuel Alejandro de Brito Fontes
4a9b02bc03
Remove dynamic TLS records 2019-08-08 15:52:56 -04:00
Kubernetes Prow Robot
f4678764f5
Merge pull request #4416 from aledbf/diff 
Remove invalid log "Failed to executing diff command: exit status 1"
 2019-08-08 11:31:20 -07:00
Manuel Alejandro de Brito Fontes
171da635ef
Remove invalid log "Failed to executing diff command: exit status 1" 2019-08-08 12:53:23 -04:00
tals
a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Maxime Ginters
7219130da4 Add nginx ssl_early_data option support 2019-08-07 16:04:09 -04:00
Fernando Diaz
386486e969 Allow Requests to be Mirrored to different backends 
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.

See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
 2019-08-01 11:53:58 -05:00
Kubernetes Prow Robot
c8a3710fb8
Merge pull request #4344 from Nuglif/fastcgi-backend-support 
Add FastCGI backend support (#2982)
 2019-07-31 11:20:14 -07:00
Charle Demers
72271e9313
FastCGI backend support (#2982) 
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
 2019-07-31 10:39:21 -04:00
Pierrick Charron
29788452b6 Fix broken test's filename 2019-07-26 18:15:25 -04:00
Manuel Alejandro de Brito Fontes
2f124e4b76
Refactor http client for unix sockets 2019-07-19 11:07:51 -04:00
Gabor Lekeny
def13fc06c Add proxy_ssl_* directives 
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.

The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
 2019-07-18 03:21:52 +02:00
Kubernetes Prow Robot
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache 
feat: auth-req caching
 2019-07-17 12:06:12 -07:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Manuel Alejandro de Brito Fontes
d5c7fa8cfb
Fix scripts to be able to run tests in docker 2019-07-17 11:06:53 -04:00
Kubernetes Prow Robot
fe6c086580
Merge pull request #4288 from eshicks4/proxy-http-version-annotation 
added proxy-http-version annotation to override the HTTP/1.1 default …
 2019-07-11 11:43:07 -07:00
Manuel Alejandro de Brito Fontes
295c1276d9
Remove unnecessary output 2019-07-10 13:39:55 -04:00
Manuel Alejandro de Brito Fontes
3d7a09347d
Apply fixes suggested by staticcheck 2019-07-08 16:18:52 -04:00
E. Stuart Hicks
3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Kubernetes Prow Robot
7c297e001a
Merge pull request #4246 from ElvinEfendi/proxy-alternative-upstream-name 
introduce proxy_alternative_upstream_name Nginx var
 2019-07-04 19:20:35 -07:00
Elvin Efendi
8b208cac93 introduce proxy_alternative_upstream_name Nginx var to differentiate canary requests 2019-07-04 19:43:20 -04:00
Manuel Alejandro de Brito Fontes
8807db9748
Check and complete intermediate SSL certificates 2019-07-04 19:13:21 -04:00
Manuel Alejandro de Brito Fontes
004d0c8214
Fix go imports 2019-06-30 18:58:18 -04:00
Manuel Alejandro de Brito Fontes
ccd88f625c
Refactor metric prometheus leader helper 2019-06-29 17:44:53 -04:00
Manuel Alejandro de Brito Fontes
ddffa2a173
Enable arm again 2019-06-26 23:00:58 -04:00
Kubernetes Prow Robot
ecce3fd7b1
Merge pull request #4180 from aledbf/externalname 
Service type=ExternalName can be defined with ports
 2019-06-25 13:47:15 -07:00
Manuel Alejandro de Brito Fontes
8ca5c1cba9
Do not send empty certificates to nginx 2019-06-25 08:15:28 -04:00
Manuel Alejandro de Brito Fontes
85a848faaf
Fix misspelled and e2e check 2019-06-24 23:47:22 -04:00
Manuel Alejandro de Brito Fontes
991f95f6bf
Migrate to openresty 2019-06-23 22:29:11 -04:00
Fernando Diaz
e616f6d4ad Get AuthTLS annotation unit tests to 100% 
Adds more unit tests for the authtls annotation. Increases the
coverage.
 2019-06-21 12:46:07 -05:00
Kubernetes Prow Robot
cff97c210a
Merge pull request #4128 from cornershop/feature/service-collectLabel 
feature(collectors): Added services to collectorLabels
 2019-06-18 19:08:31 -07:00
Manuel Alejandro de Brito Fontes
0ac850cba4
Service type=ExternalName can be defined with ports 2019-06-18 17:17:43 -04:00
Kubernetes Prow Robot
6f1261015b
Merge pull request #4127 from aledbf/migration 
Migrate to new networking.k8s.io/v1beta1 package
 2019-06-13 09:28:19 -07:00
Kubernetes Prow Robot
ec674aa22d
Merge pull request #4185 from Colstuwjx/fix/missing-healthcheck-timeout 
Fix: fillout missing health check timeout on health check.
 2019-06-13 08:38:20 -07:00
Manuel Alejandro de Brito Fontes
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package 2019-06-13 11:32:39 -04:00
Colstuwjx
b28577a4bf Fix: fillout missing health check timeout on health check. 2019-06-13 21:15:50 +08:00
tals
a9a73c6ed6 increase lua_shared_dict config data 2019-06-12 18:42:47 +03:00
Sebastiaan Tammer
c11583dc5f Only load modsecurity_module when ModSec is active 2019-06-11 16:39:52 +02:00
Jorrit Salverda
f77eaaee50 Add opentracing-operation-name and opentracing-location-operation-name config settings 
With these settings custom span names can be used for the server span and location span

Signed-off-by: Jorrit Salverda <jsalverda@travix.com>
 2019-06-07 14:19:34 +02:00