DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4158 commits 4 branches 217 tags 166 MiB
Commit graph

374 commits

Author SHA1 Message Date
Kubernetes Prow Robot
c8d30755a9
Merge pull request #3748 from aledbf/update-image 
Update nginx image
 2019-02-13 15:14:08 -08:00
Kubernetes Prow Robot
d9845c79c5
Merge pull request #3671 from moonming/randomseed-bugfix 
bugfix: fixed duplicated seeds.
 2019-02-10 11:33:42 -08:00
Manuel Alejandro de Brito Fontes
7dc17a603d Update nginx image 2019-02-09 18:53:31 -03:00
Kubernetes Prow Robot
17e788b8e1
Merge pull request #3684 from aledbf/health 
Replace Status port using a socket
 2019-02-06 13:49:08 -08:00
Manuel Alejandro de Brito Fontes
34b0580225
Replace Status port using a socket 2019-02-06 18:00:10 -03:00
Tim Reddehase
018a1e4d94 respond with 503 when there are no endpoints 
* related to:
  * https://github.com/kubernetes/ingress-nginx/issues/3070
  * https://github.com/kubernetes/ingress-nginx/issues/3335
* add a 503 test
  * test a service that starts out empty
    (a.k.a. ingress-nginx controller (re-)start)
  * test scaling up (should route traffic accordingly)
  * test scaling down to empty service
  * use custom deployments for scaling test.
* provide a fix by updating the lua table (cache) of the configured backends
  to unset the backend if there are no endpoints available.
 2019-02-03 11:43:47 +01:00
Kubernetes Prow Robot
d4d25f6fb4
Merge pull request #3619 from minherz/add-canary-header-by-value 
add header-value annotation
 2019-02-01 14:45:54 -08:00
minherz
57440c9464 fix issue with failing e2e tests 2019-02-01 22:11:09 +02:00
Kubernetes Prow Robot
eddbcc7f3a
Merge pull request #3673 from moonming/table-new 
used table functions of LuaJIT for better performance.
 2019-02-01 08:40:34 -08:00
minherz
de2a1ece6d add header-value annotation 
add new annotation (header-value)
parse it and propogate to lua script
alter balancer rule to include it into the canary routing logic
add e2e test to validate fallback for canary-by-header-value
add description of canary-by-header-value to documentation
 2019-01-30 23:23:44 +02:00
Rustam Zagirov
5dee6af957 add params for access log 2019-01-26 21:42:11 +03:00
WenMing
8ea7501d8b added more error info and keep test cases. 2019-01-21 17:32:18 +08:00
WenMing
a36961f9f9 used table functions of LuaJIT for better performance. 2019-01-19 11:16:31 +08:00
WenMing
1d37e83a18 used cjson.safe instead of pcall. 2019-01-18 23:12:22 +08:00
WenMing
c782f22c5d fixed test case for math.randomseed. 2019-01-18 10:08:33 +08:00
WenMing
011062967a bugfix: fixed duplicated seeds. 
ngx.time() + ngx.worker.pid() maybe get duplicated seeds. get from /dev/urandom first.
 2019-01-18 00:21:25 +08:00
Kubernetes Prow Robot
1db9c91af4
Merge pull request #3363 from skeeey/master 
Document for cookie expires annotation
 2019-01-14 07:52:28 -08:00
Maximilian Gaß
39dd0c50da Remove stickyness cookie domain from Lua balancer to match old behavior (#3648) 2019-01-11 22:24:45 -03:00
liuwei
7aa5834948 add cookie expires document and fix a flaw for session-cookie-expires 2019-01-11 15:35:39 +08:00
Kubernetes Prow Robot
61bca89d13
Merge pull request #3637 from aledbf/fix-redirect 
Add support for redirect https to https (from-to-www-redirect)
 2019-01-10 19:58:35 -08:00
Manuel Alejandro de Brito Fontes
a3bcbeb3d2
Add support for redirect https to https when from-to-www-redirect is defined 2019-01-10 20:59:49 -03:00
Manuel Alejandro de Brito Fontes
916b6a06d2 Empty access_by_lua_block breaks satisfy any 2019-01-10 10:27:23 -03:00
Shai Katz
edd87fbae3 add limit connection status code 
add default conn status code

add missing colon

add limit connection status code
 2019-01-09 19:31:10 +02:00
Elvin Efendi
ba7b542d78 canary by cookie should support hypen in cookie name 2019-01-08 13:15:02 -05:00
Diego Woitasen
60b983503b Consistent hashing to a subset of nodes. It works like consistent hash, 
but instead of mapping to a single node, we map to a subset of nodes.
 2019-01-03 01:32:52 -03:00
Kubernetes Prow Robot
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex 
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
 2019-01-02 12:30:18 -08:00
Manuel Alejandro de Brito Fontes
a73dac2c0b
Fix proxy_host variable configuration 2019-01-02 15:31:27 -03:00
ramnes
bf7b5ebd81 Add an option to automatically set worker_connections based on worker_rlimit_nofile 2018-12-27 18:36:19 +01:00
Anish Ramasekar
382049a0bf Adds support for HTTP2 Push Preload annotation 
update test for backendprotocols

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Adds support for HTTP2 Push Preload annotation
 2018-12-24 17:13:25 -02:00
Elvin Efendi
4896b064ca lua randomseed per worker 2018-12-20 17:09:29 +04:00
Kubernetes Prow Robot
ee3a8fe581
Merge pull request #3505 from Shopify/watch-pod-lua 
Update lua configuration_data when number of controller pod change
 2018-12-17 00:10:30 -08:00
Maxime Ginters
f90881b367 Update lua configuration_data when number of controller pod change 2018-12-14 13:34:54 -05:00
Zenara Daley
67654a6fd5 Generalize Rewrite Block Creation 2018-12-13 13:02:05 -05:00
Maxime Ginters
ff8bfb6a86 Fix --enable-dynamic-certificates for nested subdomain 2018-12-12 09:16:39 -05:00
Manuel Alejandro de Brito Fontes
41700044ad Replace dockerfile entrypoint 2018-12-07 14:00:55 -03:00
Kubernetes Prow Robot
da32401c66
Merge pull request #3509 from fabiant7t/master 
[1759] Ingress affinity session cookie with Secure flag for HTTPS
 2018-12-06 01:18:24 -08:00
Fabian Topfstedt
f03c8a8544 testing that a secure cookie gets set when being in ssl mode 
Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
 2018-12-06 09:08:25 +01:00
Fabian Topfstedt
6c46adf2b7 reverted changing $https globally in the unit tests 
Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
 2018-12-06 09:01:08 +01:00
Manuel Alejandro de Brito Fontes
06d33c16b5
Allow to disable NGINX metrics 2018-12-05 10:14:35 -03:00
Fabian Topfstedt
1e31767b51 [1759] Ingress affinity session cookie with Secure flag for HTTPS 
Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
 2018-12-04 10:51:52 +01:00
Elvin Efendi
a4bad90f1f fix an ewma unit test 2018-12-03 15:56:58 +04:00
Elvin Efendi
4eabd535f9 be consistent with what Nginx supports 2018-12-02 22:20:56 +04:00
Andre Marianiello
b80b19902a Use opentracing_grpc_propagate_context when necessary 2018-12-01 16:31:10 -05:00
Elvin Efendi
7ae2583ff9 dynamic certificate mode should support widlcard hosts 2018-11-29 15:41:34 +04:00
Manuel Alejandro de Brito Fontes
c4d6e8f55d Fix nginx directory permissions 2018-11-27 23:05:18 -03:00
Elvin Efendi
c03ac375ef test for ewma:after_balance function 2018-11-26 17:20:26 +04:00
Elvin Efendi
f81f06151d store ewma stats per backend 2018-11-26 16:59:26 +04:00
k8s-ci-robot
8aac340203
Merge pull request #3453 from Shopify/monitor-fixes 
Monitor fixes
 2018-11-21 09:28:24 -08:00
Elvin Efendi
d8b928f501 remove already unused endpoint metric 2018-11-21 20:05:44 +04:00
Elvin Efendi
068d633e81 fix Status key conflic, fixes https://github.com/kubernetes/ingress-nginx/issues/3451 2018-11-21 20:03:15 +04:00
Manuel Alejandro de Brito Fontes
35b8023dc8 Match body buffer to max upload size 2018-11-20 15:06:03 -03:00
Zenara Daley
2b109b360b Only set cookies on paths that enable session affinity 2018-11-19 11:42:12 -05:00
k8s-ci-robot
82721e575d
Merge pull request #3372 from Shopify/session-cookie-path 
Add annotation for session affinity path
 2018-11-19 07:25:32 -08:00
Zenara Daley
50b29feb4a Add annotation for session affinity path 2018-11-19 09:15:24 -05:00
k8s-ci-robot
bf7ad0daca
Merge pull request #3374 from aledbf/restore-tcp-udp 
Revert removal of support for TCP and UDP services
 2018-11-18 08:33:29 -08:00
Manuel Alejandro de Brito Fontes
af2dce901d
Fix tests 2018-11-18 08:17:18 -03:00
k8s-ci-robot
34598e71e0
Merge pull request #3428 from aledbf/set-variables 
Set proxy_host variable to avoid using default value from proxy_pass
 2018-11-18 02:17:49 -08:00
k8s-ci-robot
442b01e5e8
Merge pull request #3400 from diazjf/more-modsecurity 
Add Snippet for ModSecurity
 2018-11-17 03:35:53 -08:00
Manuel Alejandro de Brito Fontes
654eceda46
Add tcp e2e test 2018-11-16 21:07:52 -03:00
Manuel Alejandro de Brito Fontes
a2d50c2cd6
Set proxy_host variable to avoid using default value from proxy_pass 2018-11-16 14:55:53 -03:00
Manuel Alejandro de Brito Fontes
168f30d1ec Revert removal of support for TCP and UDP services 2018-11-16 13:48:47 -03:00
Fernando Diaz
95b3042b6e Add a Snippet for ModSecurity 
Allows for the configuration of Mod Security rules via
a Snippet.
 2018-11-14 23:31:27 -06:00
Maxime Ginters
20b095f444 Fix X-Forwarded-Proto typo 2018-11-14 10:19:31 -05:00
k8s-ci-robot
a22c656f30
Merge pull request #3409 from Shopify/client-max-body-size 
Convert isValidClientBodyBufferSize to something more generic
 2018-11-13 08:36:06 -08:00
Maxime Ginters
0f3e2b9bf0 Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size 2018-11-13 10:11:40 -05:00
Elvin Efendi
764740a09a be more defensive when deciding alternative balancer 2018-11-13 16:03:26 +04:00
Elvin Efendi
41c925f390 bugfix: set canary attributes when initializing balancer 2018-11-13 15:44:57 +04:00
Maxime Ginters
e1720d62f4 Prevent X-Forwarded-Proto forward during external auth subrequest 2018-11-12 09:13:48 -05:00
Fernando Diaz
5195600841 Allows ModSecurity to be configured per location 
The following annotations will be added:

- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id

Fixes #3167
 2018-11-06 22:24:31 -06:00
k8s-ci-robot
17cad51e47
Merge pull request #3341 from Shopify/canary_upstream 
Add canary annotation and alternative backends for traffic shaping
 2018-11-06 12:22:16 -08:00
Conor Landry
412cd70d3a implement canary annotation and alternative backends 
Adds the ability to create alternative backends. Alternative backends enable
traffic shaping by sharing a single location but routing to different
backends depending on the TrafficShapingPolicy defined by AlternativeBackends.

When the list of upstreams and servers are retrieved, we then call
mergeAlternativeBackends which iterates through the paths of every ingress
and checks if the backend supporting the path is a AlternativeBackend. If
so, we then iterate through the map of servers and find the real backend
that the AlternativeBackend should fall under. Once found, the
AlternativeBackend is embedded in the list of VirtualBackends for the real
backend.

If no matching real backend for a AlternativeBackend is found, then the
AlternativeBackend is deleted as it cannot be backed by any server.
 2018-11-06 13:13:14 -05:00
k8s-ci-robot
265f96bf14
Merge pull request #3344 from ecosia/jg-customerrors-per-ingress 
Adds CustomHTTPErrors ingress annotation and test
 2018-11-06 09:21:49 -08:00
jasongwartz
0ebf0354cb Adds CustomHTTPErrors ingress annotation and test 
Adds per-server/location error-catch functionality to nginx template

Adds documentation

Reduces template duplication with helper function for CUSTOM_ERRORS data

Updates documentation

Adds e2e test for customerrors

Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication

Fixes copy-paste error in test, adds additional test cases

Reverts noop change in controller.go (unused now)
 2018-11-06 16:47:52 +01:00
k8s-ci-robot
08d5ffabbf
Merge pull request #3367 from aledbf/503-restart 
Remove reloads when there is no endpoints
 2018-11-06 06:39:04 -08:00
Manuel Alejandro de Brito Fontes
3838145a8c
Remove reloads when there is no endpoints 2018-11-06 09:26:04 -03:00
Adnan Baruni
b511333130 add support for auth-snippet annotation 
add test for new auth-snippet annotation

document auth-snippet annotation

add e2e test for auth-snippet annotation

add log warning and update documentation
 2018-11-05 16:02:29 -06:00
liuwei
3477df4c12 pass static-check 2018-11-02 17:17:29 +08:00
liuwei
c74e59fa4c Use second as cookie expires unit 2018-11-02 17:05:38 +08:00
liuwei
ce6e564f82 merge from master 2018-11-02 13:13:24 +08:00
Manuel Alejandro de Brito Fontes
36aceded32
Avoid reloads when endpoints are not available 2018-11-01 10:00:49 -03:00
Manuel Alejandro de Brito Fontes
71ebe1cba5 Code linting 2018-10-30 20:46:48 -03:00
Elvin Efendi
9e639f9788 fix sticky session implementation 2018-10-30 16:23:08 +04:00
liuwei
38279366a5 add e2e test for cookie annotations 2018-10-30 19:27:21 +08:00
Maximilian Bode
c27c57dc8b Add configuration for geoip2 module 
Based on closed PRs #2551, #2755
 2018-10-29 21:25:23 +01:00
liuwei
7de718f359 pass code static-check 2018-10-29 15:39:43 +08:00
liuwei
ad57c76b73 Support cookie expires 2018-10-29 15:21:10 +08:00
Henry Tran
3cbfd63992 Refactor EWMA to not use shared dictionaries 2018-10-25 22:33:42 +04:00
k8s-ci-robot
063f652711
Merge pull request #3187 from DesmondHoLLM/feature/annotations-resty-lua 
UPT: annotation enhancement for resty-lua-waf
 2018-10-25 00:06:03 -07:00
Desmond Ho
bf03046a80 UPT: updated e2e test and default true for process-multipart-body annotation 2018-10-25 14:17:38 +08:00
Elvin Efendi
5cc116fa10 fix bug with balancer.lua configuration 2018-10-24 22:42:40 +04:00
Desmond Ho
bab521e81a UPT: align waf options 2018-10-20 12:46:39 +08:00
Desmond Ho
04a89ce234 UPT: annotation enhancement for resty-lua-waf 2018-10-20 12:09:38 +08:00
Fernando Diaz
12955a4a1b Allow Ability to Configure Upstream Keepalive 
Allows Upstream Keepalive values like keepalive_timeout and
keepalive_requests to be configured via ConfigMap.

Fixes #3099
 2018-10-11 20:46:42 -05:00
k8s-ci-robot
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic 
Only support dynamic configuration
 2018-10-10 05:07:34 -07:00
Manuel Alejandro de Brito Fontes
74c2f93de6
Only support dynamic configuration 2018-10-09 22:05:45 -03:00
k8s-ci-robot
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character 
Make literal $ character work in set $location_path
 2018-10-09 15:52:39 -07:00
Bryan Shelton
3686e4f366 Move escapeLocationPathVar to escapeLiteralDollar 2018-10-09 12:58:50 -07:00
Elvin Efendi
78f12c25c5 delete upstream healthcheck annotation 2018-10-09 09:14:13 -04:00
k8s-ci-robot
3cf00b2fd8
Merge pull request #3197 from aledbf/remove-tcp-udp 
Remove support for TCP and UDP services
 2018-10-08 07:19:39 -07:00
k8s-ci-robot
182767b06b
Merge pull request #3170 from Globegitter/move-mainsnippet 
Move mainSnippet before events to fix load_module issue.
 2018-10-08 06:22:25 -07:00