DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7549 commits 4 branches 217 tags 166 MiB
Commit graph

182 commits

Author SHA1 Message Date
Manuel Alejandro de Brito Fontes
cdd6437380 Refactor Exact path matthing 2020-10-26 10:51:03 -03:00
Ian Buss
41cf628bdf Add a configurable URL redirect parameter for error URLs 2020-10-08 12:53:46 +01:00
Manuel Alejandro de Brito Fontes
108637bb1c Migrate to structured logging (klog) 2020-09-27 18:59:57 -03:00
Manuel Alejandro de Brito Fontes
e659efbfdb Use dynamic load of modules 2020-09-10 11:39:35 -03:00
Manuel Alejandro de Brito Fontes
0925f20d05 Refactor load of tracer load 2020-09-08 16:20:03 -03:00
Manuel Alejandro de Brito Fontes
cb86c5698c Migrate to klog v2 2020-08-08 21:01:03 -04:00
Bernard Van De Walle
f3537204d2 Adding Zipkin collector to the E2E opentracing test as it is required to load at least one tracer to enable opentracing 
Work on PR comments
Add tests for template builder

Signed-off-by: Bernard Van De Walle <bernard.vandewalle@getcruise.com>
 2020-07-23 15:25:50 -07:00
Manuel Alejandro de Brito Fontes
dc3876666b Revert "use-regex annotation should be applied to only one Location" 
This reverts commit a8a8b5f6e9.
 2020-07-15 11:20:47 -04:00
Manuel Alejandro de Brito Fontes
a8a8b5f6e9 use-regex annotation should be applied to only one Location 2020-07-06 19:29:39 -04:00
Manuel Alejandro de Brito Fontes
3d3efaab29 Fix proxy_protocol duplication in listen definition 2020-06-09 15:00:59 -04:00
Manuel Alejandro de Brito Fontes
46cca5ad40 Fix error setting $service_name NGINX variable 2020-05-13 10:01:41 -04:00
Manuel Alejandro de Brito Fontes
a95d850384 Add support for PathTypeExact 2020-04-23 11:12:37 -04:00
Rodrigo Villablanca
dc1adaec6b Remove TODO that were done 2020-04-17 03:37:37 -04:00
Artem Miroshnychenko
01351a6bf8 remove unused test and function 2020-04-08 19:37:15 +03:00
Manuel Alejandro de Brito Fontes
5390ce4879 Fix definition order of modsecurity directives 2020-04-03 10:53:20 -03:00
Bhavin Gandhi
380ef3a92c Fix the ability to disable ModSecurity at location level 
- Adds 'modsecurity off;' to the nginx config if the
  'enable-modsecurity' annotation is set to false.
- Update tests and e2e tests accordingly

Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
 2020-03-22 23:51:02 +05:30
Manuel Alejandro de Brito Fontes
96327b12cd
Fix $service_name and $service_port variables values without host (#5226) 2020-03-07 23:06:03 -03:00
m.nabokikh
ed30be05bc Fix quote function in template to render pointers properly 2020-03-05 16:45:27 +04:00
Ilya Nemakov
46a3e0a6fd Fix X-Forwarded-Proto based on proxy-protocol server port 2020-02-10 18:08:34 +03:00
Manuel Alejandro de Brito Fontes
b3146354d4 Refactor mirror feature 2020-02-05 10:39:55 -03:00
Manuel Alejandro de Brito Fontes
b9e944a8a6
Move mod-security logic from template to go code (#5009) 2020-02-04 14:04:11 -03:00
Manuel Alejandro de Brito Fontes
5d05e19cc3
Fix enable opentracing per location (#4983) 2020-01-29 12:20:05 -03:00
Manuel Alejandro de Brito Fontes
7ff49b25d6
Move opentracing configuration for location to go (#4965) 2020-01-25 21:39:20 -03:00
Manuel Alejandro de Brito Fontes
c8015c7734
Update nginx image, use docker buildx and remove qemu (#4923) 
* Update nginx image, use docker buildx and remove qemu

* Update e2e image
 2020-01-14 20:52:57 -03:00
Manuel Alejandro de Brito Fontes
965ecd4b15
Default backend protocol only supports http (#4870) 2020-01-04 11:09:00 -03:00
Manuel Alejandro de Brito Fontes
a0523c3c8a
Use a named location for authSignURL (#4859) 2019-12-24 22:50:25 -03:00
Manuel Alejandro de Brito Fontes
facf841992
Return specific type (#4840) 2019-12-17 12:06:17 -03:00
Kamil Domański
5c8522cdab apply default certificate again in cases of invalid or incomplete cert config 
Signed-off-by: Kamil Domański <kamil@domanski.co>
 2019-12-06 12:15:52 +01:00
Manuel Alejandro de Brito Fontes
61d902db14 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Elvin Efendi
c5a8357f1d handle hsts header injection in lua 2019-09-24 21:17:22 -04:00
Kubernetes Prow Robot
14f9b0d64e
Merge pull request #4596 from Shopify/fix-auth-proxy-header-order 
sort auth proxy headers from configmap
 2019-09-24 13:29:26 -07:00
Elvin Efendi
d124dd5eee sort auth proxy headers from configmap 2019-09-24 15:19:49 -04:00
Elvin Efendi
8c64b12a96 refactor force ssl redirect logic 2019-09-24 14:57:52 -04:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Manuel Alejandro de Brito Fontes
1b8f6518cf
Avoid unnecessary reloads generating lua_shared_dict directives 2019-09-22 21:16:00 -03:00
Manuel Alejandro de Brito Fontes
4b4176c830
Fix log format after #4557 2019-09-18 12:52:09 -03:00
Manuel Alejandro de Brito Fontes
c7d2444cf4
Fix nginx variable service_port (nginx) (#4500) 2019-08-31 11:24:01 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Elvin Efendi
6a293c7e11 set /configuration client body size dynamically 2019-08-14 22:10:56 -04:00
Elvin Efendi
b21c721196 lua-shared-dicts improvements, fixes and documentation 2019-08-14 22:10:56 -04:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Elvin Efendi
d46b4148fa Lua /etc/resolv.conf parser and some refactoring 2019-08-13 18:34:54 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes
2ed75b3362
Move listen logic to go 2019-08-13 14:52:25 -04:00
Pierrick Charron
f459515d0d Add quote function in template 
Co-authored-by: Charle Demers <charle.demers@gmail.com>
 2019-08-09 15:47:29 -04:00
tals
a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Charle Demers
72271e9313
FastCGI backend support (#2982) 
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
 2019-07-31 10:39:21 -04:00
Manuel Alejandro de Brito Fontes
ddffa2a173
Enable arm again 2019-06-26 23:00:58 -04:00
tals
a9a73c6ed6 increase lua_shared_dict config data 2019-06-12 18:42:47 +03:00
Sebastiaan Tammer
c11583dc5f Only load modsecurity_module when ModSec is active 2019-06-11 16:39:52 +02:00
Elvin Efendi
c4ced9d694 fix source file mods 2019-06-06 10:47:08 -04:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Thibault Jamet
1cd17cd12c
Implement a validation webhook 
In case some ingress have a syntax error in the snippet configuration,
the freshly generated configuration will not be reloaded to prevent tearing down existing rules.
Although, once inserted, this configuration is preventing from any other valid configuration to be inserted as it remains in the ingresses of the cluster.
To solve this problem, implement an optional validation webhook that simulates the addition of the ingress to be added together with the rest of ingresses.
In case the generated configuration is not validated by nginx, deny the insertion of the ingress.

In case certificates are mounted using kubernetes secrets, when those
changes, keys are automatically updated in the container volume, and the
controller reloads it using the filewatcher.

Related changes:

- Update vendors
- Extract useful functions to check configuration with an additional ingress
- Update documentation for validating webhook
- Add validating webhook examples
- Add a metric for each syntax check success and errors
- Add more certificate generation examples
 2019-04-18 19:07:04 +02:00
Kubernetes Prow Robot
b87cc5a1a6
Merge pull request #3786 from Shopify/rewrite-x-forwarded-prefix 
Fix x-forwarded-prefix annotation
 2019-03-31 16:18:32 -07:00
Elvin Efendi
496ff07bf1 replace some of the Nginx configuration to Lua code 2019-03-31 12:04:52 -04:00
Alex Kursell
188295550c Simplify x-forwarded-prefix annotation 2019-03-29 16:25:25 -04:00
Thomas Jackson
eba4a8b87c Correctly format ipv6 resolver config for lua 
Fixes #3881
 2019-03-14 10:00:24 -07:00
Alejandro Pedraza
a3c87cf9cb Properly set ing.Service when there are multiple rules with different hosts using the same path 
Fixes #3611

Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
 2019-03-07 06:06:24 -05:00
jasongwartz
3865e30a00 Changes CustomHTTPErrors annotation to use custom default backend 
Updates e2e test

Removes focus from e2e test

Fixes renamed function

Adds tests for new template funcs

Addresses gofmt

Updates e2e test, fixes custom-default-backend test by creating service

Updates docs
 2019-02-24 22:48:56 +01:00
Alan J Castonguay
a29c27ed4c Datadog Opentracing support - part 2 
This commit is part 2 of 2, adding configuration of the
Datadog Opentracing module to the controller.

Fixes half of #3752
 2019-02-15 15:20:10 -05:00
Elvin Efendi
d99390f402 remove old unused lua dicts 2019-02-06 17:33:16 -05:00
Fernando Diaz
7b507095f4 Increase Unit Test Coverage for Templates 
Increases the Coverage for nginx ingress template
functions. The majority of the added unit tests
are for checking the invalid type handling.
 2019-01-29 22:55:44 -06:00
Kubernetes Prow Robot
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex 
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
 2019-01-02 12:30:18 -08:00
Fernando Diaz
429110aa13 Add Unit Tests for getIngressInformation 
Adds a unit test for the getIngressInformation
function.
 2018-12-18 11:10:48 -06:00
Zenara Daley
67654a6fd5 Generalize Rewrite Block Creation 2018-12-13 13:02:05 -05:00
Manuel Alejandro de Brito Fontes
68f344233b Fix lint issues 2018-12-05 13:28:28 -03:00
Manuel Alejandro de Brito Fontes
2fa55eabf6 Replace glog with klog 2018-12-05 13:27:55 -03:00
Manuel Alejandro de Brito Fontes
06d33c16b5
Allow to disable NGINX metrics 2018-12-05 10:14:35 -03:00
Elvin Efendi
4eabd535f9 be consistent with what Nginx supports 2018-12-02 22:20:56 +04:00
Kubernetes Prow Robot
ccd7b890fd
Merge pull request #3492 from aledbf/fix-units 
Fix data size validations
 2018-12-02 09:01:12 -08:00
Andre Marianiello
b80b19902a Use opentracing_grpc_propagate_context when necessary 2018-12-01 16:31:10 -05:00
Manuel Alejandro de Brito Fontes
6098f6c0e7
Fix data size validations 2018-11-30 10:40:33 -03:00
Elvin Efendi
60569137ca delete unused buildLoadBalancingConfig 2018-11-28 11:55:41 +04:00
k8s-ci-robot
c99716aadf
Merge pull request #3437 from Shopify/ingress-annotations 
Use struct to pack Ingress and its annotations
 2018-11-21 00:41:58 -08:00
Manuel Alejandro de Brito Fontes
a5341822d5 Increase log level when there is an invalid size value 2018-11-20 15:09:03 -03:00
Maxime Ginters
12766cdfc6 Use struct to pack Ingress and its annotations 2018-11-20 09:38:22 -05:00
Maxime Ginters
0f3e2b9bf0 Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size 2018-11-13 10:11:40 -05:00
jasongwartz
0ebf0354cb Adds CustomHTTPErrors ingress annotation and test 
Adds per-server/location error-catch functionality to nginx template

Adds documentation

Reduces template duplication with helper function for CUSTOM_ERRORS data

Updates documentation

Adds e2e test for customerrors

Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication

Fixes copy-paste error in test, adds additional test cases

Reverts noop change in controller.go (unused now)
 2018-11-06 16:47:52 +01:00
Manuel Alejandro de Brito Fontes
71ebe1cba5 Code linting 2018-10-30 20:46:48 -03:00
Henry Tran
3cbfd63992 Refactor EWMA to not use shared dictionaries 2018-10-25 22:33:42 +04:00
k8s-ci-robot
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic 
Only support dynamic configuration
 2018-10-10 05:07:34 -07:00
Manuel Alejandro de Brito Fontes
74c2f93de6
Only support dynamic configuration 2018-10-09 22:05:45 -03:00
k8s-ci-robot
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character 
Make literal $ character work in set $location_path
 2018-10-09 15:52:39 -07:00
Bryan Shelton
3686e4f366 Move escapeLocationPathVar to escapeLiteralDollar 2018-10-09 12:58:50 -07:00
Manuel Alejandro de Brito Fontes
859b298d42 Remove annotations grpc-backend and secure-backend already deprecated 2018-10-08 12:26:06 -03:00
Bryan Shelton
3dc131bd57 Make literal $ character work in set $location_path 2018-10-07 12:58:39 -07:00
Zenara Daley
bd3f56eaa0 allow curly braces to be used in regex paths 2018-10-04 10:58:38 -04:00
Zenara Daley
f29bdc3e8d Add 'use regex' annotation to toggle nginx regex location modifier 2018-10-01 13:54:11 -04:00
k8s-ci-robot
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref 
Provide possibility to block IPs, User-Agents and Referers globally
 2018-09-25 05:51:56 -07:00
Pavel Sinkevych
7212d0081b Provide possibility to block CIDRs, User-Agents and Referers globally 2018-09-25 14:16:20 +03:00
Zenara Daley
0de19c8062 Fix/add unit tests; Styling changes 2018-09-14 15:07:57 -04:00
Zenara Daley
0e6f0bb88d enforce ^~ location modifier when rewrite-target annotation is set 2018-09-13 10:39:52 -04:00
Jeroen van Dongen
e428095e3c fixed rewrites for paths not ending in / 2018-08-15 21:15:40 +02:00
k8s-ci-robot
3f5af6eecf
Merge pull request #2889 from hnrytrn/dynamic-cert-endpoint 
Add Lua endpoint to support dynamic certificate serving functionality
 2018-08-13 10:49:43 -07:00
Manuel de Brito Fontes
7af93e03c7
Add annotation backend-protocol 2018-08-07 08:59:38 -04:00
Henry Tran
5200a38bd7 Add lua endpoint to handle certificates in dynamic configuration mode 2018-08-07 08:18:34 -04:00
k8s-ci-robot
23ce9b5db1
Merge pull request #2808 from dongqi1990/bugfix-2799 
fix the bug #2799, add prefix (?i) in rewrite statement.
 2018-08-02 20:58:06 -07:00
dongqi1990
72a2aa171a fix the bug #2799, add prefix (?i) in rewrite statement and add new e2e 
test.
 2018-07-30 17:34:28 +08:00
Elvin Efendi
8a67ace5c3 enable dynamic backend configuration by default 2018-07-26 15:16:06 -04:00
Elvin Efendi
d4faf68416 add support for ExternalName service type in dynamic mode 2018-07-25 09:05:47 -04:00