DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4158 commits 4 branches 217 tags 166 MiB
Commit graph

374 commits

Author SHA1 Message Date
Manuel de Brito Fontes
692ab5e53c
Remove go-bindata 2018-05-17 07:58:50 -04:00
Elvin Efendi
7ac4e1db30 fix bug with lua sticky session implementation and refactor balancer 2018-05-16 21:00:39 -04:00
Elvin Efendi
44ddd8abba force backend sync when worker starts 2018-05-14 17:08:23 -04:00
Elvin Efendi
992a68de23 upstream-hash-by should override load-balance annotation 2018-05-10 13:47:19 -04:00
Elvin Efendi
6cb28e059c use roundrobin from lua-resty-balancer library and refactor balancer.lua 2018-05-10 13:47:19 -04:00
Elvin Efendi
51cf184c51 always use x-request-id 2018-04-28 00:31:23 -04:00
Elvin Efendi
2ce9196ecf upstream-hash-by annotation support for dynamic configuraton mode 2018-04-27 14:28:43 -04:00
JordanP
c995031ffd Add annotation to enable rewrite logs in a location 2018-04-27 17:50:14 +02:00
Adam Netočný
8b6f043fd8 Add buffer configuration to external auth location config 2018-04-26 16:04:12 +02:00
k8s-ci-robot
9533aa45cc
Merge pull request #2408 from Shopify/updated-buffered-backends 
Read backends data even if buffered to temp file
 2018-04-24 14:09:02 -07:00
Andrew Louis
d3d383d1cc Endpoint Awareness: Read backends data from tmp file as well 
Actually read from the file

Logs probably shouldn't assume knowledge of implementation detail

Typos

Added integration test, and dynamic update config refactor

Don't force the 8k default

Minimal test case to make the configuration/backends request body write to temp file

Leverage new safe config updating methods, and use 2 replicas instead of 4

Small refactor

Better integration test, addresses other feedback

Update bindata
 2018-04-24 15:07:59 -04:00
Zenara Daley
0d0d33aec9 add balancer unit tests 2018-04-24 12:10:57 -04:00
Zenara Daley
4f9865529a Add busted unit testing framework for lua code 2018-04-23 10:46:28 -04:00
Nick Novitski
8886b8a50e Add vts-sum-key config flag 2018-04-17 11:39:32 -07:00
Giancarlo Rubio
c60ed24f4b Detect if header injected request_id before creating one 2018-04-17 15:49:35 +02:00
Bastian Hofmann
1c17962ba0 Add proxy-add-original-uri-header config flag 
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
 2018-04-16 12:34:26 +02:00
k8s-ci-robot
8855460817
Merge pull request #2341 from Shopify/custom-sticky 
Add session affinity to custom load balancing
 2018-04-12 17:22:59 -07:00
Zenara Daley
4b11fe4d25 Fix nginx template 2018-04-12 15:43:13 -04:00
Zenara Daley
6ed256dde6 Add session affinity to custom load balancing 2018-04-12 14:21:42 -04:00
Zenara Daley
4b76ad14bb Fix buildupstream name to work with dynamic session affinity 2018-04-12 14:01:46 -04:00
oilbeater
1be1f658b4 disable lua for arch s390x and ppc64le 
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
 2018-04-12 08:30:56 +08:00
Elvin Efendi
d6eb44376d run lua-resty-waf in different modes (#2317) 
* run lua-resty-waf in different modes

* update docs
 2018-04-09 09:19:13 -03:00
Elvin Efendi
bad8295a42 extra waf rules per ingress (#2315) 
* extra waf rules per ingress

* document annotation nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules

* regenerate internal/file/bindata.go
 2018-04-09 07:14:30 -03:00
Elvin Efendi
16faf309ca annotation to ignore given list of WAF rulesets (#2314) 2018-04-08 22:55:23 -03:00
Elvin Efendi
a6fe800a47 lua-resty-waf controller (#2304) 2018-04-08 17:37:13 -03:00
Manuel Alejandro de Brito Fontes
b17ed7b6fd
Configure upload limits for setup of lua load balancer (#2309) 2018-04-08 15:47:49 -03:00
Manuel Alejandro de Brito Fontes
1c65320618
Add verification of lua load balancer to health check (#2308) 2018-04-08 15:24:37 -03:00
Manuel Alejandro de Brito Fontes
ab8349008a
Improve indentation of generated nginx.conf (#2296) 2018-04-05 18:19:30 -03:00
Manuel Alejandro de Brito Fontes
dd2bc91018
Fix HSTS without preload (#2294) 2018-04-04 23:17:51 -03:00
Alvaro Aleman
e7aa74b5d4 Add NoAuthLocations and default it to "/.well-known/acme-challenge" (#2243) 
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"

* Add e2e tests for no-auth-location

* Improve wording of no-auth-location tests
 2018-04-01 21:02:34 -03:00
Elvin Efendi
931e541fb7 Fix bug when auth req is enabled(external authentication) (#2280) 
* set proxy_upstream_name correctly when auth_req module is used

* log a more meaningful message when backend is not found
 2018-03-30 14:19:33 -03:00
Manuel Alejandro de Brito Fontes
146db43794
Disable opentracing for nginx internal urls (#2272) 2018-03-29 13:47:13 -03:00
Oilbeater
c6c219a7d1 clean up tmpl (#2263) 
The nginx.conf generated now is too messy remove some section only useful when dynamic configure enabled and headers only useful for https.
 2018-03-29 09:36:00 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
Zenara Daley
6e099c5f57 Add EWMA as configurable load balancing algorithm (#2229) 2018-03-23 12:06:21 -03:00
Oilbeater
0b0a274a9a fix: cannot set $service_name if use rewrite (#2220) 
$path here is the regular expression formatted nginx location not the origin path in ingress rules. Fix https://github.com/kubernetes/ingress-nginx/issues/2131
 2018-03-22 09:43:45 -03:00
halfcrazy
b45ee8d85f Add missing configuration in #2235 (#2236) 2018-03-22 08:53:29 -03:00
maxlaverse
8575769781 Make proxy_next_upstream_tries configurable (#2232) 
* Make proxy_next_upstream_tries configurable

* Code generation
 2018-03-22 08:12:36 -03:00
halfcrazy
4f5fa47d27 add proxy header ssl-client-issuer-dn, fix #2178 (#2235) 2018-03-22 01:38:47 -03:00
Elvin Efendi
634959fd79 do not hardcode keepalive for upstream_balancer (#2227) 2018-03-21 00:42:22 -03:00
Elvin Efendi
08252e2eef allow ipv6 localhost when enabled (#2210) 2018-03-19 13:32:55 -03:00
Manuel Alejandro de Brito Fontes
6b7491f432
Fix dynamic configuration when custom errors are enabled (#2212) 2018-03-19 12:55:17 -03:00
turettn
de30e53d62 Expose SSL client cert data to external auth provider. (#2078) 2018-03-19 09:30:36 -03:00
Alvaro Aleman
94deb3a01a Add configoption to exclude routes from tls upgrading (#2203) 
* Add configoption to exclude routes from tls upgrading

* Add tests for IsLocationInLocationList

* Seperate elements in NoTLSRedirectLocations by comma

* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default

* Remove trailing slash from "/.well-known/acme-challenge" default
 2018-03-18 17:44:59 -03:00
halfcrazy
977cfcb4c7 add luacheck to lint lua files (#2205) 2018-03-18 13:31:49 -03:00
Oilbeater
5c02d700cb Allow config to disable geoip (#2202) 
For a offline or private cloud environment, geoip is not needed.
Implementing https://github.com/kubernetes/ingress-nginx/issues/2179
 2018-03-18 13:30:05 -03:00
Elvin Efendi
c90a4e811e Live Nginx (re)configuration without reloading (#2174) 2018-03-18 10:13:41 -03:00
Oilbeater
41cefeb178 Add worker-cpu-affinity nginx option (#2201) 
worker_cpu_affinity is a common optimization method for improving nginx performance, adding this as a custom configuration. Also fix some format issues found during editing.
 2018-03-16 13:32:45 -03:00
Elvin Efendi
36cce00fdd configuring load balancing per ingress (#2167) 
* configure load balancing through a ingress annotation

* update docs
 2018-03-09 13:09:41 -08:00
Manuel Alejandro de Brito Fontes
3c67976969
In case of TLS errors do not allow traffic (#2146) 2018-02-25 17:20:14 -03:00
Manuel Alejandro de Brito Fontes
216fe01a07
Add option in the configuration configmap to enable remote logging (syslog) (#2145) 2018-02-25 12:47:14 -03:00
Manuel Alejandro de Brito Fontes
0dee303ac2
Add annotation to disable logs in a location (#2144) 2018-02-25 11:38:54 -03:00
Manuel Alejandro de Brito Fontes
edb3be64ea
Only add HSTS headers in HTTPS (#2143) 2018-02-25 11:18:42 -03:00
Manuel Alejandro de Brito Fontes
94a85c99f7
Cors header should always be returned (#2140) 2018-02-24 17:52:23 -03:00
Karl Stoney
d1b6f32981 Enabled the dynamic reload of GeoIP data (#2107) 
* Moved geoip data into its own folder so it can be volume mounted

* Added FS watches for the geoip data

* Fixed single quotes issue (interpolation)

* Fixed gofmt errors

* Updated to directory crawl
 2018-02-17 12:24:50 -08:00
Karl Stoney
769f11df60 Added GeoIP Organisational data (#2099) 2018-02-15 14:10:20 -08:00
Manuel Alejandro de Brito Fontes
33475b7184
Fix opentracing configuration when multiple options are configured (#2075) 2018-02-12 16:08:49 -08:00
Elvin Efendi
a30bf2154e do not ignore $http_host and $http_x_forwarded_host (#2030) 2018-02-06 10:59:59 -08:00
Luke Jolly
42076e8ed0 Added configmap option to disable IPv6 in nginx DNS resolver (#1992) 2018-02-02 11:53:28 -08:00
Anish Ramasekar
d7ef6b3fc7 Add support for enabling ssl_ciphers per host (#2006) 
* Add support for adding ssl_ciphers

* Add documentation
 2018-01-31 08:53:07 -08:00
Anish Ramasekar
2f700a9ad5 Add limit-request-status-code option (#2001) 
* Add support for limit_req_status

* Add documentation

* Fix comment
 2018-01-30 07:24:44 -06:00
Qiu Jian
951a704cec Add connection-proxy-header annotation (#1999) 
This is the override the default connection header
 2018-01-29 22:29:03 -06:00
Anish Ramasekar
b020686599 Add support to enable/disable proxy buffering (#1998) 
* Enable proxy buffering using configmap and annotation

* add documentation
 2018-01-29 08:43:55 -06:00
Fernando Diaz
d1ae7ff29c Enable Customization of Auth Request Redirect (#1993) 
Adds the 'nginx.ingress.kubernetes.io/auth-request-redirect'
annotation, which allows the customization of the
'X-Auth-Request-Redirect' Header. Fixes: #1979
 2018-01-27 21:32:08 -03:00
Manuel Alejandro de Brito Fontes
fb3a317f4d
Rollback #1854 (#1969) 2018-01-24 14:28:34 -03:00
Manuel Alejandro de Brito Fontes
8975800740
Add support to hide headers from upstream servers (#1928) 2018-01-18 16:37:22 -02:00
Manuel Alejandro de Brito Fontes
858f3398f8
Remove sendfile configuration (#1927) 2018-01-18 15:22:59 -02:00
Manuel Alejandro de Brito Fontes
52794ae22d
Do not use port from host header (#1926) 2018-01-18 14:51:58 -02:00
Manuel Alejandro de Brito Fontes
b50cdc0256
Add option for reuseport in nginx listen section (#1919) 2018-01-17 21:12:46 -02:00
Manuel Alejandro de Brito Fontes
28058f0edc
Add support for jaeger backend (#1916) 2018-01-17 19:28:59 -02:00
Manuel Alejandro de Brito Fontes
807932259e
If server_tokens is disabled remove the Server header (#1903) 
* If server_tokens is disabled remove the Server header

* Add server-tokens tests

* Fix tests
 2018-01-17 10:26:53 -02:00
Manuel Alejandro de Brito Fontes
b0e0712984
Fix custom port in redirects (#1907) 2018-01-17 10:20:41 -02:00
Márk Sági-Kazár
313fdd2d1a Add CORS max age annotation (#1888) 
Add cors-max-age annotation
 2018-01-09 09:19:42 -02:00
Manuel Alejandro de Brito Fontes
da829748ec
Fix SSL Passthrough template issue and custom ports in redirect to HTTPS (#1870) 2018-01-02 14:48:42 -03:00
Tang Le
d22038b3af "proxy_redirect default" should be placed after the "proxy_pass" (#1869) 
When use nginx.ingress.kubernetes.io/proxy-redirect-from: default
annotation. ingress controller will report:
"""
Error: exit status 1
2018/01/02 07:03:11 [emerg] 181#181: "proxy_redirect default" should be placed after the "proxy_pass" directive in /tmp/nginx-cfg632387194:366
nginx: [emerg] "proxy_redirect default" should be placed after the "proxy_pass" directive in /tmp/nginx-cfg632387194:366
nginx: configuration file /tmp/nginx-cfg632387194 test failed
"""

Signed-off-by: Tang <at28997146@163.com>
 2018-01-02 08:34:20 -03:00
Manuel Alejandro de Brito Fontes
54cfad0a07
When upstream-hash-by annotation is used do not configure a lb algorithm (#1858) 2017-12-27 07:48:06 -03:00
Manuel Alejandro de Brito Fontes
6a34e9c261
Fix redirect to ssl (#1854) 2017-12-26 22:53:43 -03:00
Manuel Alejandro de Brito Fontes
fead9087ac
Validate x-forwarded-proto and connection scheme before redirecting to https (#1844) 2017-12-21 12:44:08 -03:00
Gabi Davar
8325ca9934
force external_auth requests to http/1.1 2017-12-02 17:05:13 +02:00
Manuel de Brito Fontes
3058e7758d Add setting to configure proxy responses in the stream section 2017-11-30 17:53:23 -03:00
Manuel de Brito Fontes
161b485ae0 Add option to configure the redirect code 2017-11-30 12:08:43 -03:00
Manuel de Brito Fontes
be185b9743 Use custom https port in redirects 2017-11-29 17:16:45 -03:00
Ricardo Katz
e93c75f46e
Changes ssl-client-cert header 2017-11-20 15:15:31 -02:00
Manuel de Brito Fontes
2223ea9600 Add annotation to enable passing the certificate to the upstream server 2017-11-17 21:28:45 -03:00
Manuel de Brito Fontes
c5b0c8ab0d Add annotation for setting proxy_redirect 2017-11-13 20:19:41 -03:00
Manuel de Brito Fontes
a858c549d9 Add e2e tests for auth annotation 2017-11-12 20:08:32 -03:00
Manuel de Brito Fontes
fdd231816c Disable features not availables in some platforms 2017-11-12 11:12:58 -03:00
Manuel Alejandro de Brito Fontes
d7f72ad8f3
Merge pull request #1696 from aledbf/cors-headers 
Always add cors headers when enabled
 2017-11-12 10:38:40 -03:00
Manuel de Brito Fontes
f4cbf7b888 Update nginx to v0.29 2017-11-12 10:16:52 -03:00
Manuel de Brito Fontes
e7d412c3e8 Always add cors headers when enabled 2017-11-12 01:58:52 -03:00
Manuel de Brito Fontes
cf42d3b275 Fix docker build 2017-11-12 01:46:53 -03:00
Manuel de Brito Fontes
896b407c05 Rollback to nginx-slim 0.28 until new nginx-slim-release 2017-11-12 01:26:04 -03:00
Manuel de Brito Fontes
1cee16f96a Enable s390x 2017-11-12 00:40:10 -03:00
chrisblu
2dfaaa7b9d Add the original http request method to the auth request 2017-11-08 12:14:04 +01:00
Manuel de Brito Fontes
5115adef82 Update nginx to 0.28 and enable brotli 2017-11-01 22:54:22 -03:00
Manuel de Brito Fontes
ff87480070 Disable brotli temporarily [ci skip] 2017-11-01 20:49:53 -03:00
Manuel Alejandro de Brito Fontes
dc3225e5ee
Merge pull request #1627 from estaleiro/brotli 
Add brotli support
 2017-11-01 17:49:11 -03:00
Manuel de Brito Fontes
9015aadc83 Install deumb-init using apt-get 2017-11-01 17:25:14 -03:00
Ricardo Pchevuzinske Katz
fddcfd0340 Adds Brotli support 2017-11-01 17:53:18 -02:00
Joao Morais
29d90a6f18 Add client-dn header 2017-10-31 13:50:06 -02:00
acoshift
589b358311 Add gzip_vary 2017-10-29 20:54:25 +07:00
Max Laverse
b85055a976 Fix full XFF with PROXY 2017-10-28 17:43:16 +02:00
Max Laverse
bfe20306a0 Make X-Forwarded-For computation configurable 2017-10-26 17:44:17 +02:00
Max Laverse
a43833c621 Compute a real X-Forwarded-For 2017-10-26 17:42:13 +02:00
rnburn
888375acef Upgrade nginx-opentracing. 2017-10-24 13:49:30 -07:00
Ricardo Pchevuzinske Katz
c9fbfa34e7
Certiifcate Auth Bugfix 2017-10-22 20:52:54 -02:00
Manuel Alejandro de Brito Fontes
e2790c8f6f Merge pull request #1553 from estaleiro/cors-improvement 
Cors features improvements
 2017-10-22 18:29:52 -03:00
Ricardo Pchevuzinske Katz
2097676ca8 Adds support for other Cors directives 
CORS annotations improvements

Cors improvements

Cors improevements

Cors improvements

Cors improvements
 2017-10-22 19:22:12 -02:00
Manuel de Brito Fontes
601fb7dacf Add e2e tests 2017-10-20 20:33:48 -03:00
Ilya Saulenko
9a9c612f5a Allow usage of non_idempotent option in proxy_next_upstream 2017-10-16 21:50:17 +03:00
Manuel de Brito Fontes
16c1198980 Merge remote-tracking branch 'master/master' into docs 2017-10-16 09:02:10 -03:00
Manuel de Brito Fontes
8506e1ca67 Remove authentication send body annotation 2017-10-15 18:26:43 -03:00
Manuel de Brito Fontes
026bb52469 Improve documentation and examples [ci skip] 2017-10-15 12:55:40 -03:00
Manuel de Brito Fontes
a30d3775c4 Merge remote-tracking branch 'master/master' into docs 2017-10-13 18:17:38 -03:00
Manuel de Brito Fontes
a9168f276e Split documentation 2017-10-13 18:13:51 -03:00
Chris Reinhardt
0aae81114a Include the serversnippet from the config map in servers that aren't aliaes 2017-10-12 14:30:26 -04:00
Petr Gregor
e78ad92c87 Change alias behaviour not to create new server section needlessly 2017-10-11 15:24:33 +02:00
Manuel de Brito Fontes
7632465ce3 Enable modsecurity feature 2017-10-10 11:24:21 -03:00
Manuel Alejandro de Brito Fontes
63155ee5bd Merge pull request #1511 from sapcc/sso 
fix deprecated ssl_client_cert. add ssl_client_verify header
 2017-10-09 10:40:32 -04:00
Max Laverse
1062340b0d Return 503 by default when no endpoint is available 2017-10-09 14:30:28 +02:00
Arno Uhlig
788eb58bfe ssl_client_cert is deprecated. use ssl_client_escaped_cert. add ssl_client_verify to enable client certificate verification. 2017-10-09 13:13:50 +02:00
Manuel de Brito Fontes
29c0304921 Add tls session ticket key setting 2017-10-08 19:37:19 -03:00
Lourens Naudé
d607cf6dd7 Introduce an upstream-hash-by annotation to support consistent hashing by nginx variable or text 2017-10-07 15:12:20 +01:00
Manuel de Brito Fontes
2139ee85e7 Move nginx to root directory 2017-10-06 16:58:36 -03:00