DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7549 commits 4 branches 217 tags 166 MiB
Commit graph

237 commits

Author SHA1 Message Date
Kubernetes Prow Robot
14f9b0d64e
Merge pull request #4596 from Shopify/fix-auth-proxy-header-order 
sort auth proxy headers from configmap
 2019-09-24 13:29:26 -07:00
Elvin Efendi
d124dd5eee sort auth proxy headers from configmap 2019-09-24 15:19:49 -04:00
Elvin Efendi
8c64b12a96 refactor force ssl redirect logic 2019-09-24 14:57:52 -04:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Manuel Alejandro de Brito Fontes
1b8f6518cf
Avoid unnecessary reloads generating lua_shared_dict directives 2019-09-22 21:16:00 -03:00
Manuel Alejandro de Brito Fontes
4b4176c830
Fix log format after #4557 2019-09-18 12:52:09 -03:00
Manuel Alejandro de Brito Fontes
c7d2444cf4
Fix nginx variable service_port (nginx) (#4500) 2019-08-31 11:24:01 -04:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Elvin Efendi
0b619dc772 make luaSharedDicts test less dependent on default values 2019-08-15 13:13:43 -04:00
Elvin Efendi
30b64df10a ewma improvements 2019-08-15 13:13:43 -04:00
Elvin Efendi
94052b1bfc fix test by setting default luashareddicts 2019-08-14 22:10:56 -04:00
Elvin Efendi
6a293c7e11 set /configuration client body size dynamically 2019-08-14 22:10:56 -04:00
Elvin Efendi
b21c721196 lua-shared-dicts improvements, fixes and documentation 2019-08-14 22:10:56 -04:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Elvin Efendi
d46b4148fa Lua /etc/resolv.conf parser and some refactoring 2019-08-13 18:34:54 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes
2ed75b3362
Move listen logic to go 2019-08-13 14:52:25 -04:00
Pierrick Charron
f459515d0d Add quote function in template 
Co-authored-by: Charle Demers <charle.demers@gmail.com>
 2019-08-09 15:47:29 -04:00
Manuel Alejandro de Brito Fontes
4a9b02bc03
Remove dynamic TLS records 2019-08-08 15:52:56 -04:00
tals
a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Charle Demers
72271e9313
FastCGI backend support (#2982) 
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
 2019-07-31 10:39:21 -04:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Manuel Alejandro de Brito Fontes
ddffa2a173
Enable arm again 2019-06-26 23:00:58 -04:00
Kubernetes Prow Robot
6f1261015b
Merge pull request #4127 from aledbf/migration 
Migrate to new networking.k8s.io/v1beta1 package
 2019-06-13 09:28:19 -07:00
Manuel Alejandro de Brito Fontes
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package 2019-06-13 11:32:39 -04:00
tals
a9a73c6ed6 increase lua_shared_dict config data 2019-06-12 18:42:47 +03:00
Sebastiaan Tammer
c11583dc5f Only load modsecurity_module when ModSec is active 2019-06-11 16:39:52 +02:00
Elvin Efendi
c4ced9d694 fix source file mods 2019-06-06 10:47:08 -04:00
Manuel Alejandro de Brito Fontes
14a394fc9e
Update nginx (#4150) 
* Update nginx image
* Fix IPV6 test issues in Prow
 2019-06-04 12:15:03 -04:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Thibault Jamet
1cd17cd12c
Implement a validation webhook 
In case some ingress have a syntax error in the snippet configuration,
the freshly generated configuration will not be reloaded to prevent tearing down existing rules.
Although, once inserted, this configuration is preventing from any other valid configuration to be inserted as it remains in the ingresses of the cluster.
To solve this problem, implement an optional validation webhook that simulates the addition of the ingress to be added together with the rest of ingresses.
In case the generated configuration is not validated by nginx, deny the insertion of the ingress.

In case certificates are mounted using kubernetes secrets, when those
changes, keys are automatically updated in the container volume, and the
controller reloads it using the filewatcher.

Related changes:

- Update vendors
- Extract useful functions to check configuration with an additional ingress
- Update documentation for validating webhook
- Add validating webhook examples
- Add a metric for each syntax check success and errors
- Add more certificate generation examples
 2019-04-18 19:07:04 +02:00
Kubernetes Prow Robot
b87cc5a1a6
Merge pull request #3786 from Shopify/rewrite-x-forwarded-prefix 
Fix x-forwarded-prefix annotation
 2019-03-31 16:18:32 -07:00
Elvin Efendi
496ff07bf1 replace some of the Nginx configuration to Lua code 2019-03-31 12:04:52 -04:00
Alex Kursell
188295550c Simplify x-forwarded-prefix annotation 2019-03-29 16:25:25 -04:00
Thomas Jackson
eba4a8b87c Correctly format ipv6 resolver config for lua 
Fixes #3881
 2019-03-14 10:00:24 -07:00
Alejandro Pedraza
7ea245e6e6 Add test 
Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
 2019-03-07 06:18:06 -05:00
Alejandro Pedraza
a3c87cf9cb Properly set ing.Service when there are multiple rules with different hosts using the same path 
Fixes #3611

Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
 2019-03-07 06:06:24 -05:00
jasongwartz
3865e30a00 Changes CustomHTTPErrors annotation to use custom default backend 
Updates e2e test

Removes focus from e2e test

Fixes renamed function

Adds tests for new template funcs

Addresses gofmt

Updates e2e test, fixes custom-default-backend test by creating service

Updates docs
 2019-02-24 22:48:56 +01:00
Alan J Castonguay
a29c27ed4c Datadog Opentracing support - part 2 
This commit is part 2 of 2, adding configuration of the
Datadog Opentracing module to the controller.

Fixes half of #3752
 2019-02-15 15:20:10 -05:00
Elvin Efendi
d99390f402 remove old unused lua dicts 2019-02-06 17:33:16 -05:00
Fernando Diaz
7b507095f4 Increase Unit Test Coverage for Templates 
Increases the Coverage for nginx ingress template
functions. The majority of the added unit tests
are for checking the invalid type handling.
 2019-01-29 22:55:44 -06:00
Rustam Zagirov
5dee6af957 add params for access log 2019-01-26 21:42:11 +03:00
Kubernetes Prow Robot
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex 
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
 2019-01-02 12:30:18 -08:00
Fernando Diaz
429110aa13 Add Unit Tests for getIngressInformation 
Adds a unit test for the getIngressInformation
function.
 2018-12-18 11:10:48 -06:00
Zenara Daley
67654a6fd5 Generalize Rewrite Block Creation 2018-12-13 13:02:05 -05:00
Manuel Alejandro de Brito Fontes
68f344233b Fix lint issues 2018-12-05 13:28:28 -03:00
Manuel Alejandro de Brito Fontes
2fa55eabf6 Replace glog with klog 2018-12-05 13:27:55 -03:00
Manuel Alejandro de Brito Fontes
06d33c16b5
Allow to disable NGINX metrics 2018-12-05 10:14:35 -03:00
Elvin Efendi
4eabd535f9 be consistent with what Nginx supports 2018-12-02 22:20:56 +04:00
Kubernetes Prow Robot
ccd7b890fd
Merge pull request #3492 from aledbf/fix-units 
Fix data size validations
 2018-12-02 09:01:12 -08:00
Andre Marianiello
b80b19902a Use opentracing_grpc_propagate_context when necessary 2018-12-01 16:31:10 -05:00
Manuel Alejandro de Brito Fontes
6098f6c0e7
Fix data size validations 2018-11-30 10:40:33 -03:00
Elvin Efendi
e93763da6a delete unused LoadBalanceAlgorithm 2018-11-28 14:49:37 +04:00
Elvin Efendi
60569137ca delete unused buildLoadBalancingConfig 2018-11-28 11:55:41 +04:00
k8s-ci-robot
c99716aadf
Merge pull request #3437 from Shopify/ingress-annotations 
Use struct to pack Ingress and its annotations
 2018-11-21 00:41:58 -08:00
Manuel Alejandro de Brito Fontes
a5341822d5 Increase log level when there is an invalid size value 2018-11-20 15:09:03 -03:00
Maxime Ginters
12766cdfc6 Use struct to pack Ingress and its annotations 2018-11-20 09:38:22 -05:00
Maxime Ginters
0f3e2b9bf0 Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size 2018-11-13 10:11:40 -05:00
k8s-ci-robot
265f96bf14
Merge pull request #3344 from ecosia/jg-customerrors-per-ingress 
Adds CustomHTTPErrors ingress annotation and test
 2018-11-06 09:21:49 -08:00
jasongwartz
0ebf0354cb Adds CustomHTTPErrors ingress annotation and test 
Adds per-server/location error-catch functionality to nginx template

Adds documentation

Reduces template duplication with helper function for CUSTOM_ERRORS data

Updates documentation

Adds e2e test for customerrors

Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication

Fixes copy-paste error in test, adds additional test cases

Reverts noop change in controller.go (unused now)
 2018-11-06 16:47:52 +01:00
k8s-ci-robot
ecf605bf60
Merge pull request #3369 from SataQiu/fix-20181106 
Fix some typos
 2018-11-06 04:02:10 -08:00
xichengliudui
a13ea30e6d Fix typo: whitlelist -> whitelist 2018-11-06 04:59:03 -05:00
SataQiu
76b5a7b45e fix typos 2018-11-06 15:58:56 +08:00
Manuel Alejandro de Brito Fontes
71ebe1cba5 Code linting 2018-10-30 20:46:48 -03:00
Henry Tran
3cbfd63992 Refactor EWMA to not use shared dictionaries 2018-10-25 22:33:42 +04:00
k8s-ci-robot
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic 
Only support dynamic configuration
 2018-10-10 05:07:34 -07:00
Manuel Alejandro de Brito Fontes
74c2f93de6
Only support dynamic configuration 2018-10-09 22:05:45 -03:00
k8s-ci-robot
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character 
Make literal $ character work in set $location_path
 2018-10-09 15:52:39 -07:00
Bryan Shelton
3686e4f366 Move escapeLocationPathVar to escapeLiteralDollar 2018-10-09 12:58:50 -07:00
Manuel Alejandro de Brito Fontes
859b298d42 Remove annotations grpc-backend and secure-backend already deprecated 2018-10-08 12:26:06 -03:00
Bryan Shelton
3dc131bd57 Make literal $ character work in set $location_path 2018-10-07 12:58:39 -07:00
Zenara Daley
bd3f56eaa0 allow curly braces to be used in regex paths 2018-10-04 10:58:38 -04:00
Zenara Daley
f29bdc3e8d Add 'use regex' annotation to toggle nginx regex location modifier 2018-10-01 13:54:11 -04:00
k8s-ci-robot
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref 
Provide possibility to block IPs, User-Agents and Referers globally
 2018-09-25 05:51:56 -07:00
Pavel Sinkevych
7212d0081b Provide possibility to block CIDRs, User-Agents and Referers globally 2018-09-25 14:16:20 +03:00
Manuel de Brito Fontes
91ae204f6c Replace standard json encoding with jsoniter 2018-09-22 14:25:01 -03:00
Zenara Daley
0de19c8062 Fix/add unit tests; Styling changes 2018-09-14 15:07:57 -04:00
Zenara Daley
0e6f0bb88d enforce ^~ location modifier when rewrite-target annotation is set 2018-09-13 10:39:52 -04:00
Manuel de Brito Fontes
16fce7444f
Check if cgroup cpu limits are defined to get the number of CPUs 2018-08-25 18:34:44 -03:00
Jeroen van Dongen
e428095e3c fixed rewrites for paths not ending in / 2018-08-15 21:15:40 +02:00
k8s-ci-robot
3f5af6eecf
Merge pull request #2889 from hnrytrn/dynamic-cert-endpoint 
Add Lua endpoint to support dynamic certificate serving functionality
 2018-08-13 10:49:43 -07:00
Manuel de Brito Fontes
7af93e03c7
Add annotation backend-protocol 2018-08-07 08:59:38 -04:00
Henry Tran
5200a38bd7 Add lua endpoint to handle certificates in dynamic configuration mode 2018-08-07 08:18:34 -04:00
k8s-ci-robot
23ce9b5db1
Merge pull request #2808 from dongqi1990/bugfix-2799 
fix the bug #2799, add prefix (?i) in rewrite statement.
 2018-08-02 20:58:06 -07:00
dongqi1990
72a2aa171a fix the bug #2799, add prefix (?i) in rewrite statement and add new e2e 
test.
 2018-07-30 17:34:28 +08:00
Elvin Efendi
8a67ace5c3 enable dynamic backend configuration by default 2018-07-26 15:16:06 -04:00
Elvin Efendi
d4faf68416 add support for ExternalName service type in dynamic mode 2018-07-25 09:05:47 -04:00
k8s-ci-robot
237dcd7aa7
Merge pull request #2811 from takonomura/escape-request-uri 
Escape $request_uri for external auth
 2018-07-21 02:23:38 -07:00
k8s-ci-robot
496fb9d3b8
Merge pull request #2812 from dongqi1990/bugfix--rewrite-to 
modified annotation name "rewrite-to" to "rewrite-target" in comments
 2018-07-19 02:38:41 -07:00
dongqi1990
568512fdb8 modified annotation name "rewrite-to" to "rewrite-target" in comments 2018-07-19 17:14:18 +08:00
takonomura
587c2a8765 Escape $request_uri for external auth 2018-07-19 15:22:05 +09:00
Jason Stangroome
8e06afbb45 Allow gzip compress level to be controlled via ConfigMap 2018-07-09 10:30:59 +10:00
Mike Bryant
85d1742283 fix: Use the correct opentracing plugin for Jaeger 
Part of #2738
 2018-07-05 19:09:12 +01:00
AdamDang
56b74d9fac
Typo fix in error message: encounted->encountered 
encounted->encountered
 2018-06-22 13:59:23 +08:00
Manuel Alejandro de Brito Fontes
df76d4b481
Update opentracing configuration (#2676) 2018-06-21 18:15:18 -04:00
Manuel Alejandro de Brito Fontes
aec40c171f
Improve configuration change detection (#2656) 
* Use information about the configuration configmap to determine changes

* Add hashstructure dependency

* Rename queue functions

* Add test for configmap checksum
 2018-06-21 10:50:57 -04:00
k8s-ci-robot
fa9823634c
Merge pull request #2504 from jrthrawny/proxy-protocol-timeout-for-passthrough-pr 
Add Timeout For TLS Passthrough
 2018-06-03 22:54:53 -07:00
Jason Roberts
d637a9b978 Configurable Proxy Protocol header timeout for TLS passthrough 2018-06-03 20:10:41 -05:00
Lorenzo Fontana
d434583b53
InfluxDB configuration string template builder helper 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:49 +02:00
Manuel de Brito Fontes
ff3e182350 Add support for grpc_set_header 2018-05-17 08:35:11 -04:00
Manuel de Brito Fontes
a085808d2d
Add tests for bind-address 2018-05-16 14:53:29 -04:00
Elvin Efendi
6cb28e059c use roundrobin from lua-resty-balancer library and refactor balancer.lua 2018-05-10 13:47:19 -04:00
Manuel de Brito Fontes
9bf553559c Apply gometalinter suggestions 2018-04-25 18:53:49 -03:00
k8s-ci-robot
564ec885fb
Merge pull request #2353 from bashofmann/master 
Add proxy-add-original-uri-header config flag
 2018-04-16 05:46:59 -07:00
Bastian Hofmann
1c17962ba0 Add proxy-add-original-uri-header config flag 
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
 2018-04-16 12:34:26 +02:00
k8s-ci-robot
361e53ffa9
Merge pull request #2344 from aledbf/xss-base-tag 
Escape variables in add-base-url annotation
 2018-04-13 10:11:00 -07:00
k8s-ci-robot
8855460817
Merge pull request #2341 from Shopify/custom-sticky 
Add session affinity to custom load balancing
 2018-04-12 17:22:59 -07:00
Zenara Daley
6ed256dde6 Add session affinity to custom load balancing 2018-04-12 14:21:42 -04:00
Zenara Daley
9198e2c14b fix make verify-all failures 2018-04-12 14:14:43 -04:00
Zenara Daley
4b76ad14bb Fix buildupstream name to work with dynamic session affinity 2018-04-12 14:01:46 -04:00
Elvin Efendi
d6eb44376d run lua-resty-waf in different modes (#2317) 
* run lua-resty-waf in different modes

* update docs
 2018-04-09 09:19:13 -03:00
Elvin Efendi
a6fe800a47 lua-resty-waf controller (#2304) 2018-04-08 17:37:13 -03:00
Manuel de Brito Fontes
82b6c33c25
Escape variables in add-base-url annotation 2018-04-05 20:45:49 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
Manuel Alejandro de Brito Fontes
adf12fced1
Add support for gRPC (#2223) 
* Update nginx to 1.13.10 and enable gRPC

* Add support for grpc
 2018-03-22 00:38:47 -03:00
Elvin Efendi
df50487a35 fix wrong config generation when upstream-hash-by is set (#2215) 2018-03-19 17:37:51 -03:00
Alvaro Aleman
94deb3a01a Add configoption to exclude routes from tls upgrading (#2203) 
* Add configoption to exclude routes from tls upgrading

* Add tests for IsLocationInLocationList

* Seperate elements in NoTLSRedirectLocations by comma

* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default

* Remove trailing slash from "/.well-known/acme-challenge" default
 2018-03-18 17:44:59 -03:00
Elvin Efendi
c90a4e811e Live Nginx (re)configuration without reloading (#2174) 2018-03-18 10:13:41 -03:00
Oilbeater
41cefeb178 Add worker-cpu-affinity nginx option (#2201) 
worker_cpu_affinity is a common optimization method for improving nginx performance, adding this as a custom configuration. Also fix some format issues found during editing.
 2018-03-16 13:32:45 -03:00
Elvin Efendi
36cce00fdd configuring load balancing per ingress (#2167) 
* configure load balancing through a ingress annotation

* update docs
 2018-03-09 13:09:41 -08:00
Manuel Alejandro de Brito Fontes
a8ce680d43
Fix error loading modules (#2141) 2018-02-24 18:09:23 -03:00
Manuel Alejandro de Brito Fontes
33475b7184
Fix opentracing configuration when multiple options are configured (#2075) 2018-02-12 16:08:49 -08:00
Luke Jolly
42076e8ed0 Added configmap option to disable IPv6 in nginx DNS resolver (#1992) 2018-02-02 11:53:28 -08:00
Fernando Diaz
d1ae7ff29c Enable Customization of Auth Request Redirect (#1993) 
Adds the 'nginx.ingress.kubernetes.io/auth-request-redirect'
annotation, which allows the customization of the
'X-Auth-Request-Redirect' Header. Fixes: #1979
 2018-01-27 21:32:08 -03:00
Manuel de Brito Fontes
9af683b02a
Cleanup 2018-01-19 15:53:25 -03:00
Manuel Alejandro de Brito Fontes
8975800740
Add support to hide headers from upstream servers (#1928) 2018-01-18 16:37:22 -02:00
Manuel Alejandro de Brito Fontes
3e7d1f9acf
Random string function should only contains letters (#1906) 2018-01-17 10:26:32 -02:00
Manuel de Brito Fontes
03a1e20fde
Remove package to generate UUIDs 2018-01-07 12:07:33 -03:00
Max Laverse
f5953bbfa1 Add X-Forwarded-Prefix on rewrites 2017-12-06 22:06:37 +01:00
Manuel de Brito Fontes
3058e7758d Add setting to configure proxy responses in the stream section 2017-11-30 17:53:23 -03:00
Manuel de Brito Fontes
161b485ae0 Add option to configure the redirect code 2017-11-30 12:08:43 -03:00
Canh Ngo
363d3c1f4f Added a unit-test to verify sticky cookie to work with redirection 2017-11-23 22:20:29 +01:00
Manuel de Brito Fontes
18d6573981 Add fake filesystem for test to avoid temporal files on the local filesystem 2017-11-22 19:52:30 -03:00
Manuel de Brito Fontes
8f1ff15a6e Add prefix nginx to annotations 2017-11-11 14:53:44 -03:00
Manuel de Brito Fontes
97577c07a5 Include a buffer pool to improve memory usage 2017-11-11 14:53:44 -03:00
Manuel de Brito Fontes
73fe95722c Rename package pkg to internal 2017-11-11 14:53:44 -03:00