DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3242 commits 4 branches 217 tags 166 MiB
Commit graph

265 commits

Author SHA1 Message Date
oilbeater
1be1f658b4 disable lua for arch s390x and ppc64le 
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
 2018-04-12 08:30:56 +08:00
Elvin Efendi
d6eb44376d run lua-resty-waf in different modes (#2317) 
* run lua-resty-waf in different modes

* update docs
 2018-04-09 09:19:13 -03:00
Elvin Efendi
bad8295a42 extra waf rules per ingress (#2315) 
* extra waf rules per ingress

* document annotation nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules

* regenerate internal/file/bindata.go
 2018-04-09 07:14:30 -03:00
Elvin Efendi
16faf309ca annotation to ignore given list of WAF rulesets (#2314) 2018-04-08 22:55:23 -03:00
Elvin Efendi
a6fe800a47 lua-resty-waf controller (#2304) 2018-04-08 17:37:13 -03:00
Manuel Alejandro de Brito Fontes
1c65320618
Add verification of lua load balancer to health check (#2308) 2018-04-08 15:24:37 -03:00
Manuel Alejandro de Brito Fontes
2a02b7c35c
Fix race condition when Ingress does not contains a secret (#2300) 2018-04-06 17:44:41 -03:00
Manuel de Brito Fontes
82b6c33c25
Escape variables in add-base-url annotation 2018-04-05 20:45:49 -03:00
Sergey Lanzman
83974c32ac Update controller.go (#2285) 2018-04-02 20:16:06 -03:00
Alvaro Aleman
e7aa74b5d4 Add NoAuthLocations and default it to "/.well-known/acme-challenge" (#2243) 
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"

* Add e2e tests for no-auth-location

* Improve wording of no-auth-location tests
 2018-04-01 21:02:34 -03:00
Elvin Efendi
ee46f486c7 e2e tests for dynamic configuration and Lua features and a bug fix (#2254) 
* e2e tests for dynamic configuration and Lua features

* do not rely on force reload to dynamically configure when reload is needed

* fix misspelling

* skip dynamic configuration in the first template rendering

* dont error on first sync
 2018-04-01 17:09:27 -03:00
Antoine Cotten
b09ecf790b Use SharedIndexInformers in place of Informers (#2271) 2018-03-29 09:35:01 -03:00
Manuel Alejandro de Brito Fontes
5738ddbdb5
Revert deleted assignment in #2146 (#2270) 2018-03-28 20:33:03 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
Manuel Alejandro de Brito Fontes
b0a63fe3ff
Fix grpc json tag name (#2246) 2018-03-23 09:12:26 -03:00
Oilbeater
1f93a1ccad fix: empty ingress path (#2244) 
If the origin ingress rule has no field `path`, the default value will be an empty string which will cause issues when rendering template as other place will use `/` as the default value.
Set the default value of path to `/` when retrieve ingress rules from api-server. Thie will fix https://github.com/kubernetes/ingress-nginx/issues/1980
 2018-03-23 08:08:42 -03:00
maxlaverse
39cb880f32 Revert "Get file max from fs/file-max. (#2050)" (#2241) 
This reverts commit d8efd39694.
 2018-03-22 13:03:04 -03:00
fqsghostcloud
4b9cb90f30 Correct typo (#2238) 
* correct spelling

* correct typo
 2018-03-22 08:14:06 -03:00
maxlaverse
8575769781 Make proxy_next_upstream_tries configurable (#2232) 
* Make proxy_next_upstream_tries configurable

* Code generation
 2018-03-22 08:12:36 -03:00
Manuel Alejandro de Brito Fontes
adf12fced1
Add support for gRPC (#2223) 
* Update nginx to 1.13.10 and enable gRPC

* Add support for grpc
 2018-03-22 00:38:47 -03:00
Elvin Efendi
2b5d4d7928 clean backends data before sending to Lua endpoint (#2233) 2018-03-21 23:47:39 -03:00
Elvin Efendi
df50487a35 fix wrong config generation when upstream-hash-by is set (#2215) 2018-03-19 17:37:51 -03:00
Alvaro Aleman
94deb3a01a Add configoption to exclude routes from tls upgrading (#2203) 
* Add configoption to exclude routes from tls upgrading

* Add tests for IsLocationInLocationList

* Seperate elements in NoTLSRedirectLocations by comma

* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default

* Remove trailing slash from "/.well-known/acme-challenge" default
 2018-03-18 17:44:59 -03:00
Oilbeater
5c02d700cb Allow config to disable geoip (#2202) 
For a offline or private cloud environment, geoip is not needed.
Implementing https://github.com/kubernetes/ingress-nginx/issues/2179
 2018-03-18 13:30:05 -03:00
Elvin Efendi
c90a4e811e Live Nginx (re)configuration without reloading (#2174) 2018-03-18 10:13:41 -03:00
Oilbeater
41cefeb178 Add worker-cpu-affinity nginx option (#2201) 
worker_cpu_affinity is a common optimization method for improving nginx performance, adding this as a custom configuration. Also fix some format issues found during editing.
 2018-03-16 13:32:45 -03:00
Oilbeater
ebcdfade8e fix wrong json tag (#2193) 
json tags are case sensitive when encode, change omitEmpty to omitempty
 2018-03-12 03:36:35 -07:00
Elvin Efendi
36cce00fdd configuring load balancing per ingress (#2167) 
* configure load balancing through a ingress annotation

* update docs
 2018-03-09 13:09:41 -08:00
Antoine Cotten
4a49d67adc Add checker test for bad pid (#2191) 2018-03-09 09:21:02 -08:00
Oilbeater
f6b8506b17 change nginx process pgid (#2181) 
put restarted nginx process in another process group, just like the normal nginx start did in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/nginx.go#L289
 2018-03-08 06:58:54 -08:00
Antoine Cotten
5ba0f4ea18 Remove ProxyPassParams setting (#2185) 
This reverts commit c0fecd5bd7
 2018-03-07 16:40:22 -08:00
Elvin Efendi
38b35c292e use the correct error channel (#2164) 2018-03-03 09:23:06 -03:00
Qiu Jian
56036ddc57 Add publish-status-address flag (#2148) 
* Add publish-status-address flag

If this flag is set, status of ingress resources will be updated
with this address.

* Address aledbf's comment
 2018-02-27 00:02:19 -03:00
Manuel Alejandro de Brito Fontes
3c67976969
In case of TLS errors do not allow traffic (#2146) 2018-02-25 17:20:14 -03:00
Manuel Alejandro de Brito Fontes
216fe01a07
Add option in the configuration configmap to enable remote logging (syslog) (#2145) 2018-02-25 12:47:14 -03:00
Manuel Alejandro de Brito Fontes
0dee303ac2
Add annotation to disable logs in a location (#2144) 2018-02-25 11:38:54 -03:00
Manuel Alejandro de Brito Fontes
a8ce680d43
Fix error loading modules (#2141) 2018-02-24 18:09:23 -03:00
Guang Ya Liu
f26c881e3f Updated log level to v2 for sysctlFSFileMax. (#2137) 
This is very importatnt log for trouble-shooting, we should update
it to v2 by default.
 2018-02-23 13:11:54 -03:00
Manuel Alejandro de Brito Fontes
0990c5b6ad
Migrate to codecov.io (#2120) 
* Migrate to codecov.io

* Fix data race

* Update nginx to 1.13.9
 2018-02-20 08:27:02 -08:00
Karl Stoney
d1b6f32981 Enabled the dynamic reload of GeoIP data (#2107) 
* Moved geoip data into its own folder so it can be volume mounted

* Added FS watches for the geoip data

* Fixed single quotes issue (interpolation)

* Fixed gofmt errors

* Updated to directory crawl
 2018-02-17 12:24:50 -08:00
Manuel Alejandro de Brito Fontes
9bb9011e57
Only pods in running phase are vallid for status (#2093) 2018-02-14 21:19:27 -08:00
Manuel Alejandro de Brito Fontes
9bcb5b08ea
Use a ring channel to avoid blocking write of events (#2082) 
* Use a ring channel to avoid blocking write of events

* Add eapache/channels dependency
 2018-02-13 17:46:18 -08:00
Manuel Alejandro de Brito Fontes
33475b7184
Fix opentracing configuration when multiple options are configured (#2075) 2018-02-12 16:08:49 -08:00
Manuel Alejandro de Brito Fontes
98213efee3
Fix spelling errors (#2076) 2018-02-12 14:33:26 -08:00
Manuel Alejandro de Brito Fontes
e596a084f8
Do not cancel the synchronization of secrets (#2069) 2018-02-11 21:37:02 -08:00
Guang Ya Liu
d8efd39694 Get file max from fs/file-max. (#2050) 2018-02-08 08:55:25 -08:00
Lihua Tang
1947f35121 Fix typos (#2046) 2018-02-07 19:15:50 -08:00
Guang Ya Liu
e34afc0fa4 The maximum number of open file descriptors should be maxOpenFiles. (#2031) 2018-02-02 21:05:01 -08:00
Luke Jolly
42076e8ed0 Added configmap option to disable IPv6 in nginx DNS resolver (#1992) 2018-02-02 11:53:28 -08:00
Anish Ramasekar
d7ef6b3fc7 Add support for enabling ssl_ciphers per host (#2006) 
* Add support for adding ssl_ciphers

* Add documentation
 2018-01-31 08:53:07 -08:00
Anish Ramasekar
2f700a9ad5 Add limit-request-status-code option (#2001) 
* Add support for limit_req_status

* Add documentation

* Fix comment
 2018-01-30 07:24:44 -06:00
Qiu Jian
951a704cec Add connection-proxy-header annotation (#1999) 
This is the override the default connection header
 2018-01-29 22:29:03 -06:00
Anish Ramasekar
b020686599 Add support to enable/disable proxy buffering (#1998) 
* Enable proxy buffering using configmap and annotation

* add documentation
 2018-01-29 08:43:55 -06:00
Anish Ramasekar
86889532aa fix var checked (#1997) 2018-01-28 20:23:25 -06:00
Fernando Diaz
d1ae7ff29c Enable Customization of Auth Request Redirect (#1993) 
Adds the 'nginx.ingress.kubernetes.io/auth-request-redirect'
annotation, which allows the customization of the
'X-Auth-Request-Redirect' Header. Fixes: #1979
 2018-01-27 21:32:08 -03:00
Manuel Alejandro de Brito Fontes
444a56c001
Fix chain completion and default certificate flag issues (#1978) 2018-01-25 10:46:20 -03:00
Manuel Alejandro de Brito Fontes
6bd97d195f
Only secrets in the local store can be updated (#1974) 2018-01-24 14:46:43 -03:00
Manuel Alejandro de Brito Fontes
c67e9185b6
By default brotli is disabled (#1970) 2018-01-24 10:01:37 -03:00
Manuel de Brito Fontes
0836cb30aa Remove event duplication and check ingress before annotation extraction 2018-01-23 21:11:56 -03:00
Manuel de Brito Fontes
12ec0475c0 Fix SSL passthrough 2018-01-23 19:34:33 -03:00
Manuel de Brito Fontes
12c8ea721d When a secret is updated read ingress annotations (again) 2018-01-23 19:34:33 -03:00
Manuel Alejandro de Brito Fontes
c49c17eb91
Merge pull request #1929 from aledbf/stores 
Refactoring of kubernetes informers and local caches
 2018-01-19 17:44:06 -02:00
Manuel de Brito Fontes
9af683b02a
Cleanup 2018-01-19 15:53:25 -03:00
Benji Visser
40718c3865 updating prometheus metrics names according to naming best practices (#1912) 
updating Go names to not use underscores

accidental tab autocomplete 🔪
 2018-01-19 09:32:19 -02:00
Manuel de Brito Fontes
0287024598 Add event for configmap update 2018-01-18 20:04:40 -03:00
Manuel de Brito Fontes
ffea85d397 Cleanup 2018-01-18 17:35:00 -03:00
Manuel de Brito Fontes
e9a00ff916 Refactoring of kubernetes informers and local caches 2018-01-18 16:14:54 -03:00
Manuel Alejandro de Brito Fontes
8975800740
Add support to hide headers from upstream servers (#1928) 2018-01-18 16:37:22 -02:00
Manuel Alejandro de Brito Fontes
5a16a7aaa0
Fix doc links (#1925) 
* Fix documentation links
* Replace external-traffic annotation
* Update awesome_bot docker image
 2018-01-18 13:30:29 -02:00
Manuel Alejandro de Brito Fontes
b50cdc0256
Add option for reuseport in nginx listen section (#1919) 2018-01-17 21:12:46 -02:00
Manuel Alejandro de Brito Fontes
28058f0edc
Add support for jaeger backend (#1916) 2018-01-17 19:28:59 -02:00
Manuel Alejandro de Brito Fontes
3e7d1f9acf
Random string function should only contains letters (#1906) 2018-01-17 10:26:32 -02:00
Benji Visser
74451e6b1f updating nginx prometheus metrics names according to prometheus naming best practices (#1910) 2018-01-17 09:56:53 -02:00
Manuel Alejandro de Brito Fontes
142b444685
Refactor initial synchronization of ingress objects (#1891) 2018-01-09 10:53:08 -02:00
Márk Sági-Kazár
313fdd2d1a Add CORS max age annotation (#1888) 
Add cors-max-age annotation
 2018-01-09 09:19:42 -02:00
Manuel de Brito Fontes
03a1e20fde
Remove package to generate UUIDs 2018-01-07 12:07:33 -03:00
Manuel de Brito Fontes
e803907066
Update generated code 2018-01-07 12:06:44 -03:00
Manuel de Brito Fontes
c8c4610714
Remove k8s.io/kubernetes/pkg/api package 2018-01-07 12:06:07 -03:00
Manuel de Brito Fontes
f26331844b
Remove deprecated cloner helper 2018-01-07 12:03:00 -03:00
Manuel Alejandro de Brito Fontes
a09527cf6d
Fix data race updating ingress status (#1872) 2018-01-02 17:43:25 -03:00
Manuel Alejandro de Brito Fontes
da829748ec
Fix SSL Passthrough template issue and custom ports in redirect to HTTPS (#1870) 2018-01-02 14:48:42 -03:00
Daniel (Shijun) Qian
d744c2eba7 Fix annotation describe (#1819) 2017-12-13 11:29:41 -06:00
Manuel Alejandro de Brito Fontes
e02697ee4b
Merge pull request #1800 from maxlaverse/configurable_refresh_interval 
Add control of the configuration refresh interval
 2017-12-09 12:17:31 -06:00
Max Laverse
ce99a5e31e Add missing boilerplate 2017-12-06 22:13:39 +01:00
Max Laverse
f5953bbfa1 Add X-Forwarded-Prefix on rewrites 2017-12-06 22:06:37 +01:00
Max Laverse
0561ea8b87 Add control of the configuration refresh interval 2017-12-05 22:17:38 +01:00
Manuel de Brito Fontes
a4f67c0853 Fix verification of boilerplate, style and file headers 2017-12-03 13:58:23 -03:00
Manuel de Brito Fontes
3058e7758d Add setting to configure proxy responses in the stream section 2017-11-30 17:53:23 -03:00
Manuel de Brito Fontes
161b485ae0 Add option to configure the redirect code 2017-11-30 12:08:43 -03:00
Manuel Alejandro de Brito Fontes
2e3c7e24fe
Merge pull request #1768 from aledbf/fix-default-backend 
Custom default backend must use annotations if present
 2017-11-30 11:13:17 -03:00
Manuel Alejandro de Brito Fontes
5482bca363
Merge pull request #1771 from aledbf/verifyHostname 
Add additional check for old SSL certificates
 2017-11-30 10:34:51 -03:00
Manuel de Brito Fontes
930bd7f4f3 Add additional check for old SSL certificates 2017-11-29 20:52:49 -03:00
Manuel de Brito Fontes
14a9e664bb Custom default backend must use annotations if present 2017-11-29 15:04:51 -03:00
xianlubird
6e18d00cd7 Fix ingress typo 
Signed-off-by: xianlubird <xianlubird@gmail.com>
Signed-off-by: xianlu <xianlu.cxl@alibaba-inc.com>
 2017-11-29 17:02:41 +08:00
Manuel de Brito Fontes
f7e910e960 Fix ingress.class annotation 2017-11-28 19:27:38 -03:00
Manuel de Brito Fontes
3526785b96 Fix reference to removed lister 2017-11-27 19:22:59 -03:00
Manuel Alejandro de Brito Fontes
82b4d2a0af
Merge pull request #1231 from canhnt/sticky-path-rewriter 
Add tests to cover sticky cookie and rewrite-target annotations
 2017-11-23 20:08:04 -03:00
Canh Ngo
363d3c1f4f Added a unit-test to verify sticky cookie to work with redirection 2017-11-23 22:20:29 +01:00
Manuel de Brito Fontes
f055022e58 Simplify annotations 2017-11-23 14:11:31 -03:00
Manuel de Brito Fontes
1a92159fa4 Refactor annotations prefix helper 2017-11-22 21:20:04 -03:00
Manuel de Brito Fontes
18d6573981 Add fake filesystem for test to avoid temporal files on the local filesystem 2017-11-22 19:52:30 -03:00
Manuel de Brito Fontes
14b5259b0f Refactoring of ingress class annotation and main flags 2017-11-22 19:31:59 -03:00
Manuel Alejandro de Brito Fontes
b0eb1cde27
Merge pull request #1726 from oilbeater/fix/deprecated 
fix: replace deprecated methods.
 2017-11-19 10:37:15 -03:00
Mengxin Liu
a3136aa049 fix: replace deprecated methods. 2017-11-19 19:53:35 +08:00
Manuel de Brito Fontes
2223ea9600 Add annotation to enable passing the certificate to the upstream server 2017-11-17 21:28:45 -03:00
Manuel de Brito Fontes
a36cd10041 Do not update a secret not referenced by ingress rules 2017-11-14 17:50:08 -03:00
Manuel de Brito Fontes
c5b0c8ab0d Add annotation for setting proxy_redirect 2017-11-13 20:19:41 -03:00
Manuel de Brito Fontes
ff9e804d9a Refactor SSL intermediate CA certificate check 2017-11-13 12:07:14 -03:00
Manuel de Brito Fontes
fdd231816c Disable features not availables in some platforms 2017-11-12 11:12:58 -03:00
Manuel de Brito Fontes
42dad7fa60 Fix use merge of annotations 2017-11-11 15:26:36 -03:00
Manuel de Brito Fontes
4c1c707e9c Add tests for alias annotation 2017-11-11 14:53:44 -03:00
Manuel de Brito Fontes
d4fd127a1f Add missing field 2017-11-11 14:53:44 -03:00
Manuel de Brito Fontes
8f1ff15a6e Add prefix nginx to annotations 2017-11-11 14:53:44 -03:00
Manuel de Brito Fontes
97577c07a5 Include a buffer pool to improve memory usage 2017-11-11 14:53:44 -03:00
Manuel de Brito Fontes
73fe95722c Rename package pkg to internal 2017-11-11 14:53:44 -03:00