DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4295 commits 4 branches 217 tags 166 MiB
Commit graph

258 commits

Author SHA1 Message Date
Shai Katz
edd87fbae3 add limit connection status code 
add default conn status code

add missing colon

add limit connection status code
 2019-01-09 19:31:10 +02:00
Kubernetes Prow Robot
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex 
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
 2019-01-02 12:30:18 -08:00
Manuel Alejandro de Brito Fontes
a73dac2c0b
Fix proxy_host variable configuration 2019-01-02 15:31:27 -03:00
ramnes
bf7b5ebd81 Add an option to automatically set worker_connections based on worker_rlimit_nofile 2018-12-27 18:36:19 +01:00
Anish Ramasekar
382049a0bf Adds support for HTTP2 Push Preload annotation 
update test for backendprotocols

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Adds support for HTTP2 Push Preload annotation
 2018-12-24 17:13:25 -02:00
Elvin Efendi
4896b064ca lua randomseed per worker 2018-12-20 17:09:29 +04:00
Zenara Daley
67654a6fd5 Generalize Rewrite Block Creation 2018-12-13 13:02:05 -05:00
Manuel Alejandro de Brito Fontes
06d33c16b5
Allow to disable NGINX metrics 2018-12-05 10:14:35 -03:00
Elvin Efendi
4eabd535f9 be consistent with what Nginx supports 2018-12-02 22:20:56 +04:00
Andre Marianiello
b80b19902a Use opentracing_grpc_propagate_context when necessary 2018-12-01 16:31:10 -05:00
Manuel Alejandro de Brito Fontes
35b8023dc8 Match body buffer to max upload size 2018-11-20 15:06:03 -03:00
k8s-ci-robot
bf7ad0daca
Merge pull request #3374 from aledbf/restore-tcp-udp 
Revert removal of support for TCP and UDP services
 2018-11-18 08:33:29 -08:00
k8s-ci-robot
34598e71e0
Merge pull request #3428 from aledbf/set-variables 
Set proxy_host variable to avoid using default value from proxy_pass
 2018-11-18 02:17:49 -08:00
k8s-ci-robot
442b01e5e8
Merge pull request #3400 from diazjf/more-modsecurity 
Add Snippet for ModSecurity
 2018-11-17 03:35:53 -08:00
Manuel Alejandro de Brito Fontes
a2d50c2cd6
Set proxy_host variable to avoid using default value from proxy_pass 2018-11-16 14:55:53 -03:00
Manuel Alejandro de Brito Fontes
168f30d1ec Revert removal of support for TCP and UDP services 2018-11-16 13:48:47 -03:00
Fernando Diaz
95b3042b6e Add a Snippet for ModSecurity 
Allows for the configuration of Mod Security rules via
a Snippet.
 2018-11-14 23:31:27 -06:00
Maxime Ginters
20b095f444 Fix X-Forwarded-Proto typo 2018-11-14 10:19:31 -05:00
Maxime Ginters
0f3e2b9bf0 Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size 2018-11-13 10:11:40 -05:00
Maxime Ginters
e1720d62f4 Prevent X-Forwarded-Proto forward during external auth subrequest 2018-11-12 09:13:48 -05:00
Fernando Diaz
5195600841 Allows ModSecurity to be configured per location 
The following annotations will be added:

- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id

Fixes #3167
 2018-11-06 22:24:31 -06:00
k8s-ci-robot
265f96bf14
Merge pull request #3344 from ecosia/jg-customerrors-per-ingress 
Adds CustomHTTPErrors ingress annotation and test
 2018-11-06 09:21:49 -08:00
jasongwartz
0ebf0354cb Adds CustomHTTPErrors ingress annotation and test 
Adds per-server/location error-catch functionality to nginx template

Adds documentation

Reduces template duplication with helper function for CUSTOM_ERRORS data

Updates documentation

Adds e2e test for customerrors

Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication

Fixes copy-paste error in test, adds additional test cases

Reverts noop change in controller.go (unused now)
 2018-11-06 16:47:52 +01:00
Adnan Baruni
b511333130 add support for auth-snippet annotation 
add test for new auth-snippet annotation

document auth-snippet annotation

add e2e test for auth-snippet annotation

add log warning and update documentation
 2018-11-05 16:02:29 -06:00
Manuel Alejandro de Brito Fontes
36aceded32
Avoid reloads when endpoints are not available 2018-11-01 10:00:49 -03:00
Manuel Alejandro de Brito Fontes
71ebe1cba5 Code linting 2018-10-30 20:46:48 -03:00
Maximilian Bode
c27c57dc8b Add configuration for geoip2 module 
Based on closed PRs #2551, #2755
 2018-10-29 21:25:23 +01:00
k8s-ci-robot
063f652711
Merge pull request #3187 from DesmondHoLLM/feature/annotations-resty-lua 
UPT: annotation enhancement for resty-lua-waf
 2018-10-25 00:06:03 -07:00
Desmond Ho
bf03046a80 UPT: updated e2e test and default true for process-multipart-body annotation 2018-10-25 14:17:38 +08:00
Elvin Efendi
5cc116fa10 fix bug with balancer.lua configuration 2018-10-24 22:42:40 +04:00
Desmond Ho
bab521e81a UPT: align waf options 2018-10-20 12:46:39 +08:00
Desmond Ho
04a89ce234 UPT: annotation enhancement for resty-lua-waf 2018-10-20 12:09:38 +08:00
Fernando Diaz
12955a4a1b Allow Ability to Configure Upstream Keepalive 
Allows Upstream Keepalive values like keepalive_timeout and
keepalive_requests to be configured via ConfigMap.

Fixes #3099
 2018-10-11 20:46:42 -05:00
k8s-ci-robot
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic 
Only support dynamic configuration
 2018-10-10 05:07:34 -07:00
Manuel Alejandro de Brito Fontes
74c2f93de6
Only support dynamic configuration 2018-10-09 22:05:45 -03:00
k8s-ci-robot
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character 
Make literal $ character work in set $location_path
 2018-10-09 15:52:39 -07:00
Bryan Shelton
3686e4f366 Move escapeLocationPathVar to escapeLiteralDollar 2018-10-09 12:58:50 -07:00
Elvin Efendi
78f12c25c5 delete upstream healthcheck annotation 2018-10-09 09:14:13 -04:00
k8s-ci-robot
3cf00b2fd8
Merge pull request #3197 from aledbf/remove-tcp-udp 
Remove support for TCP and UDP services
 2018-10-08 07:19:39 -07:00
k8s-ci-robot
182767b06b
Merge pull request #3170 from Globegitter/move-mainsnippet 
Move mainSnippet before events to fix load_module issue.
 2018-10-08 06:22:25 -07:00
Bryan Shelton
3dc131bd57 Make literal $ character work in set $location_path 2018-10-07 12:58:39 -07:00
Manuel Alejandro de Brito Fontes
44bdc7eb59 Remove support for TCP and UDP services 2018-10-07 10:53:37 -03:00
k8s-ci-robot
b46523a1f4
Merge pull request #3149 from diazjf/proxy-e2e-tests 
Add e2e Tests for Proxy Annotations
 2018-10-05 05:15:09 -07:00
Globegitter
8848c1864a Move mainSnippet before events. 2018-10-02 15:24:44 +02:00
Fernando Diaz
e5dca9353e Remove Unneeded Quotes from Nginx Directives 
Removes quotes from nginx directives which my cause issues with
their functionality

Fixes #3152
 2018-10-01 16:10:33 -05:00
k8s-ci-robot
d9f58144eb
Merge pull request #3145 from Shopify/regex-modifier 
Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
 2018-10-01 11:31:43 -07:00
Zenara Daley
f29bdc3e8d Add 'use regex' annotation to toggle nginx regex location modifier 2018-10-01 13:54:11 -04:00
Markus Padourek
bf4be49c02 Fix incorrect .DisableLua access. (#3144) 
* Fix incorrect .DisableLua access.

* Address comment.
 2018-09-26 14:05:05 -03:00
Globegitter
a2ccd1f224 Fix usage for $all. 2018-09-26 16:38:16 +02:00
Markus Padourek
fe219db231
Ensure monitoring for custom error pages 
Fixes #3140
 2018-09-26 16:26:38 +02:00
Elvin Efendi
b3a22f7fc0 do not require --default-backend-service 2018-09-25 21:14:28 -04:00
k8s-ci-robot
c4a562dded
Merge pull request #3130 from alanbover/fix/newlines_location_denied 
fix newlines location denied
 2018-09-25 07:04:50 -07:00
Alan Bover
6454608c6c fix newlines location denied 2018-09-25 15:36:23 +02:00
k8s-ci-robot
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref 
Provide possibility to block IPs, User-Agents and Referers globally
 2018-09-25 05:51:56 -07:00
Pavel Sinkevych
7212d0081b Provide possibility to block CIDRs, User-Agents and Referers globally 2018-09-25 14:16:20 +03:00
k8s-ci-robot
6ed5c95562
Merge pull request #3098 from ElvinEfendi/make-keepalive-work 
make upstream keepalive work for http
 2018-09-15 07:36:27 -07:00
Elvin Efendi
6511fa9f58 make upstream keepalive work for http 2018-09-14 19:40:54 -04:00
Zenara Daley
0e6f0bb88d enforce ^~ location modifier when rewrite-target annotation is set 2018-09-13 10:39:52 -04:00
k8s-ci-robot
0a9db37e0f
Merge pull request #3062 from lahsivjar/issue-fix-host-header 
Pass Host header for custom errors
 2018-09-09 09:51:13 -07:00
Vishal Raj
4e14b809df Pass Host header for custom errors 2018-09-09 19:39:10 +08:00
Derek Perkins
9099f3b4db add support for http2-max-requests in configmap 2018-09-02 23:53:30 -06:00
k8s-ci-robot
b0b575db33
Merge pull request #2965 from Shopify/dynamic-certificates-nginx 
Add Lua module to serve SSL Certificates dynamically
 2018-08-23 20:27:55 -07:00
Henry Tran
cbf041fc3e Add Lua module to serve SSL Certificates dynamically 2018-08-23 22:15:54 -04:00
Manuel de Brito Fontes
f6905ae0ff Pass real source IP address to auth request 2018-08-23 10:37:33 -03:00
Elvin Efendi
2207d7694d batch metrics and flush periodically 2018-08-18 13:17:21 -04:00
Dario Nieuwenhuis
b5bcb93a4b
Merge branch 'master' into xff 2018-08-16 18:15:14 +02:00
Elvin Efendi
bc37ba14e8 dont restrict status page to localhost only 2018-08-08 12:46:12 -04:00
Manuel Alejandro de Brito Fontes
a68820808a
Fix documentation (#2902) 2018-08-05 22:30:46 -04:00
k8s-ci-robot
7f7f59df79
Merge pull request #2894 from aledbf/authbind 
Use authbind to bind privileged ports
 2018-08-05 08:43:43 -07:00
Manuel de Brito Fontes
b148f113ae
Use authbind to bind privileged ports 2018-08-05 11:18:50 -04:00
k8s-ci-robot
060704c624
Merge pull request #2682 from aledbf/listen-localhost 
Use localhost to expose status server
 2018-08-04 17:16:56 -07:00
Manuel de Brito Fontes
6b2c7e08db Use localhost to expose status server 2018-08-04 18:57:56 -04:00
Tom Reznik
b7bcf92480 support configuring multi_accept directive via configmap 2018-08-04 19:20:01 +03:00
Tom Reznik
1bacf1655e support custom configuration to main context of nginx config 2018-08-04 00:53:06 +03:00
Elvin Efendi
ed19dc3bc6 fix custom-error-pages functionality in dynamic mode 2018-07-26 13:36:09 -04:00
Elvin Efendi
d4faf68416 add support for ExternalName service type in dynamic mode 2018-07-25 09:05:47 -04:00
takonomura
587c2a8765 Escape $request_uri for external auth 2018-07-19 15:22:05 +09:00
k8s-ci-robot
29ecae5b64
Merge pull request #2752 from dongqi1990/master 
use format "range v := iterative object" and "range k, v := iterative object" when the type of iterative object is slice and map in the file nginx.tmpl
 2018-07-18 04:34:20 -07:00
dongqi1990
50084b1167 use format "range v := iterative object" and "range k, v := iterative 
object" when the type of iterative object is slice and map in the file nginx.tmpl
 2018-07-18 15:02:55 +08:00
Jason Stangroome
8e06afbb45 Allow gzip compress level to be controlled via ConfigMap 2018-07-09 10:30:59 +10:00
Brian Findlay
3b25f3438f Replace more_set_headers directive with more_clear_headers 2018-06-23 10:01:33 -04:00
k8s-ci-robot
700a2275d1
Merge pull request #2678 from hnrytrn/refactor-cert 
Refactor server type to include SSLCert
 2018-06-22 12:34:04 -07:00
Manuel Alejandro de Brito Fontes
df76d4b481
Update opentracing configuration (#2676) 2018-06-21 18:15:18 -04:00
Henry Tran
86def984a3 Merge remote-tracking branch 'origin' into refactor-cert 2018-06-21 11:43:47 -04:00
Henry Tran
2751cbf06d Refactor to add SSLCert as a field in server type 2018-06-21 11:34:29 -04:00
Manuel Alejandro de Brito Fontes
aec40c171f
Improve configuration change detection (#2656) 
* Use information about the configuration configmap to determine changes

* Add hashstructure dependency

* Rename queue functions

* Add test for configmap checksum
 2018-06-21 10:50:57 -04:00
Elvin Efendi
cb4755835e refactor some lua code 2018-06-19 12:46:49 +04:00
Manuel Alejandro de Brito Fontes
fee8704b53
Add support for IPV6 in stream upstream servers (#2649) 2018-06-15 10:26:33 -04:00
k8s-ci-robot
3cbd2d66bf
Merge pull request #2643 from aledbf/remove-vts 
Remove VTS from the ingress controller
 2018-06-14 23:59:29 -07:00
k8s-ci-robot
dfca2a0d8d
Merge pull request #2451 from nusx/set-sticky-path-for-backend 
fix for #1930, make sessions sticky, for ingress with multiple rules …
 2018-06-14 20:47:28 -07:00
Manuel de Brito Fontes
63b38e1c21
Remove VTS from the ingress controller 2018-06-14 11:11:29 -04:00
Francisco Mejia
966e9f5e25 Add monitor lua module 2018-06-13 22:54:31 -04:00
Manuel de Brito Fontes
79199dd84c
Run as user dropping privileges 2018-06-12 10:18:36 -04:00
Stefan Schwärzler
1a320ae289 fix for #1930, make sessions sticky, for ingress with multiple rules and backends 
* for an ingress with session affinity cookie, set the location as path on the cookie when unique
* the previous behaviour ( cookie path=/ ) is preserved for ingresses with multiple rules for the same backend (locations not unique)

added e2e tests for session affinity, setting path on sticky config

added tests:
* it should set the path to /something on the generated cookie
* it should set the path to / on the generated cookie if there's more than one rule referring to the same backend
 2018-06-11 10:43:13 +02:00
Dario Nieuwenhuis
67b253a149 Add use-forwarded-headers configmap option. 2018-06-11 00:06:14 +02:00
Dmitry Stolyarov
02ff8244a2 Add $location_path variable 
When you define rules in ingress resource, you use path. So it would be
very useful to be able to use the same path in logs.
 2018-06-07 13:43:29 +03:00
Dmitry Stolyarov
59aac73785 Add $service_port variable 
According to TCP/IP (and common sense), $service_name is not enough to
uniquely identify service, we need $service_port for that.
 2018-06-07 13:43:20 +03:00
Dmitry Stolyarov
eafb1890d6 Move vars to the very beginning of the location 
To make it more clear, that you could use $namespace, $ingress_name and
$service_name variables anywhere in location (especialy in lua), move
their definition to the very begining of the location.
 2018-06-07 13:43:09 +03:00
Paul DeCarlo
3159384480 Use lua-platform-path symlink for all platforms 2018-06-04 18:15:59 -05:00
Elvin Efendi
d4e6c0dfd8 access_log should be off for internal /configuration endpoint 2018-05-31 16:01:54 -04:00