DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7581 commits 4 branches 217 tags 166 MiB
Commit graph

198 commits

Author SHA1 Message Date
Ricardo Katz
5e6ab651ec
Add option to force enabling snippet directives (#7665) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-09-19 12:40:08 -07:00
Ricardo Katz
cda59ccc9c
Add new flag to watch ingressclass by name instead of spec (#7609) 2021-09-10 10:14:01 -07:00
Elvin Efendi
33061b8cdf
put modsecurity e2e tests into their own packages (#7560) 2021-09-07 10:35:22 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
Tom Hayward
c9d5b21a65 fix: discover mounted geoip db files (#7228) 
* fix: discover mounted geoip db files

* add test

* fix runtime reload of config.MaxmindEditionFiles

* add e2e test

* log missing geoip2 db
 2021-08-10 11:24:39 -07:00
Ricardo Katz
d226d831bd Update go version, modules and remove ioutil 2021-08-06 14:15:21 -03:00
Ricardo Katz
f5c80783bf
[Cherry Pick] - Add configuration to disable external name service feature (#7314) (#7321) 
* Add configuration to disable external name service feature (#7314)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix CI files
 2021-07-05 21:50:18 -07:00
Matthew Silverman
9b00a4912f set x-forwarded-scheme like x-forwarded-proto 2021-05-13 09:26:27 -04:00
Mahnoor Mehboob
2503b23b09 Alter e2e test for disable_catch_all.go 2021-04-22 12:01:41 -04:00
Matthew Silverman
71c8ef119d add support for the jaeger propagation format 
adding default, testing w3c traceparent is propagated
 2021-03-26 12:33:24 -04:00
Matthew Silverman
a6442fbadb remove test, getaddrinfo fails for tcp in test 2021-02-19 15:04:33 -05:00
Matthew Silverman
28280de175 jaeger-endpoint configmap attribute 2021-02-18 17:29:35 -05:00
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
Manuel Alejandro de Brito Fontes
d9af197e62
Remove dead code 2020-12-27 22:26:51 -03:00
Manuel Alejandro de Brito Fontes
789021e4f6 Avoid ingress class creation if k8s < 1.18 2020-10-29 19:34:05 -03:00
Manuel Alejandro de Brito Fontes
7f991eef84 Update sqlite cfssl database 2020-10-29 19:34:05 -03:00
Manuel Alejandro de Brito Fontes
703c2d6f8e Enable validation of ingress definitions from extensions package 2020-10-26 10:50:44 -03:00
Kubernetes Prow Robot
524c3a50ea
Merge pull request #6037 from aledbf/redirect 
Do not append a trailing slash on redirects
 2020-10-08 11:51:06 -07:00
Manuel Alejandro de Brito Fontes
104fdab2f6 Refactor TLS e2e tests 2020-09-30 14:42:15 -03:00
Manuel Alejandro de Brito Fontes
4cda9787b8
Cleanup proxy protocol e2e test 2020-09-29 22:39:30 -03:00
Manuel Alejandro de Brito Fontes
493dd6726d
Replace request_uri 2020-09-27 20:26:39 -03:00
Manuel Alejandro de Brito Fontes
29ea30a4e8 Add events for NGINX reloads 2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes
87aa96b468 Change server-tokens default value to false 2020-09-17 09:52:07 -03:00
Elvin Efendi
8e83d4e84a delete redundant NGINX config about X-Forwarded-Proto 2020-09-15 13:22:26 -04:00
Manuel Alejandro de Brito Fontes
ccb1eb4925 Add e2e tests to verify opentracing libraries 2020-09-08 16:20:03 -03:00
agile6v
609e1b5775 feat: support to define trusted addresses for proxy protocol in stream block 2020-08-28 14:37:16 +08:00
Manuel Alejandro de Brito Fontes
8102fff242 Switch images to k8s.gcr.io after Vanity Domain Flip 2020-08-26 22:07:22 -04:00
Manuel Alejandro de Brito Fontes
7fe5eccbc6 Rollback to Poll instead of PollImmediate 2020-08-20 20:50:51 -04:00
Manuel Alejandro de Brito Fontes
3d163e585a Fix flaky e2e test 2020-08-20 08:14:19 -04:00
Bernard Van De Walle
f3537204d2 Adding Zipkin collector to the E2E opentracing test as it is required to load at least one tracer to enable opentracing 
Work on PR comments
Add tests for template builder

Signed-off-by: Bernard Van De Walle <bernard.vandewalle@getcruise.com>
 2020-07-23 15:25:50 -07:00
Bernard Van De Walle
2baca9e32a Merge branch 'add-opentracing-operation-name-settings' of https://github.com/JorritSalverda/ingress-nginx into add-opentracing-operation-name-settings 2020-07-23 11:42:44 -07:00
David Schwartz
d52141c2b9 Add enable-real-ip 2020-07-15 15:25:29 -04:00
Kubernetes Prow Robot
baa2b2cd33
Merge pull request #5709 from agile6v/master 
fix: remove duplicated X-Forwarded-Proto header.
 2020-07-02 17:50:47 -07:00
Manuel Alejandro de Brito Fontes
b392fed580 Test pull requests using github actions 2020-07-02 20:12:05 -04:00
Manuel Alejandro de Brito Fontes
ff60aa9e2b Switch to promoted e2e images in gcr 2020-06-30 19:43:21 -04:00
Manuel Alejandro de Brito Fontes
10dcf0db15 Remove unused variables and verbose e2e logs 2020-06-29 18:11:01 -04:00
Manuel Alejandro de Brito Fontes
1539a24c7b Start using e2e test images from gcr.io 2020-06-27 11:36:17 -04:00
agile6v
e8aaa15ce8 Remove duplicated X-Forwarded-Proto header. 2020-06-25 11:11:00 +08:00
Manuel Alejandro de Brito Fontes
3d3efaab29 Fix proxy_protocol duplication in listen definition 2020-06-09 15:00:59 -04:00
agile6v
fc1c043437 Add http-access-log-path and stream-access-log-path options in configMap 2020-06-05 01:27:26 +08:00
Mark Janssen
639a8c7871 Enable TLSv1.3 by default 
Fix for 049b25e566 which mistakenly only
updated documentation.
 2020-05-08 12:40:11 +02:00
Manuel Alejandro de Brito Fontes
efbb3f9fc8 Add support for IngressClass and ingress.class annotation 2020-04-22 09:15:32 -04:00
Manuel Alejandro de Brito Fontes
e9bd1d8b1f Add new cfssl image and update e2e tests to use it 2020-04-17 16:41:50 -04:00
Manuel Alejandro de Brito Fontes
d18fa90cfd Add e2e test for OCSP and new configmap setting 2020-04-17 12:53:47 -04:00
Elvin Efendi
129df3892c adjust e2e test 2020-04-14 10:27:38 -04:00
Manuel Alejandro de Brito Fontes
c0db19b0ec Enable configuration of plugins using configmap 2020-04-13 11:38:42 -04:00
Manuel Alejandro de Brito Fontes
a46126a034 Update client-go methods to support context and and new create and delete options 2020-03-27 19:52:51 -03:00
Manuel Alejandro de Brito Fontes
7627757081
Cleanup of chart labels (#5258) 2020-03-18 08:35:29 -03:00
Balazs Szekeres
12fe318fdb Added test case for proxy connect, read, and send timeout from setting them via Nginx configmap. 2020-03-02 09:36:52 +01:00
Balazs Szekeres
6757224996 Refactored test/e2e/annotations/proxy.go 2020-02-27 16:03:28 +01:00
Kubernetes Prow Robot
380840f27e
Merge pull request #5145 from szombi/e2e-hsts-fix 
Refactor the HSTS related test file and add config check to the HSTS tests
 2020-02-21 07:08:35 -08:00
Sandor Szombat
1906832bc5 Rework the hsts related test file 2020-02-21 14:25:18 +01:00
Balazs Szekeres
0986ea8f18 Added configmap test ssl-ciphers. 2020-02-20 20:43:43 +01:00
Kubernetes Prow Robot
f4454612cb
Merge pull request #5109 from SzekeresB/dev/limit-rate-tc 
Added basic limit-rate configmap test.
 2020-02-20 06:55:04 -08:00
Kubernetes Prow Robot
b6516344bf
Merge pull request #5103 from SzekeresB/dev/no-tls-redirect-location 
Added configmap test for no-tls-redirect-locations
 2020-02-20 06:23:02 -08:00
Balazs Szekeres
122bf02489 Added configmap test for no-tls-redirect-locations 2020-02-20 14:54:41 +01:00
Balazs Szekeres
c47aa3cac7 Added basic limit-rate configmap test. 2020-02-20 14:22:26 +01:00
Sandor Szombat
d149382743 Add upstream keep alive tests 2020-02-20 09:59:36 +01:00
Manuel Alejandro de Brito Fontes
57fcbdfb73
Lint go code (#5132) 2020-02-19 21:43:14 -03:00
Kubernetes Prow Robot
f6cbf3e735
Merge pull request #5117 from szombi/e2e-hash-size 
Hash size e2e check test case
 2020-02-19 15:44:30 -08:00
Manuel Alejandro de Brito Fontes
f9624cbe46 Refactor e2e tests to use testify y httpexpect 2020-02-19 19:42:50 -03:00
Sandor Szombat
bd23b815bd Add hash size check tc 2020-02-19 09:27:53 +01:00
Sandor Szombat
0b1efdb549 Add reuse-port config check tc 2020-02-18 10:09:34 +01:00
Kubernetes Prow Robot
9a52f12b19
Merge pull request #5101 from szombi/e2e-keep-alive 
Add keep-alive config check test
 2020-02-17 11:27:29 -08:00
Sandor Szombat
2400febc48 Add keep-alive config check test 2020-02-17 15:04:43 +01:00
Sandor Szombat
8470a06174 Add log-format related tests 2020-02-17 14:52:35 +01:00
Manuel Alejandro de Brito Fontes
cc318cdec1
Cleanup and standardization of e2e test definitions (#5090) 2020-02-16 15:27:58 -03:00
Manuel Alejandro de Brito Fontes
37c24b0df5
Migration e2e installation to helm (#5086) 2020-02-16 11:58:37 -03:00
Balazs Szekeres
6206adf188 Added 'Add headers' configmap parameter testcase. 2020-02-14 19:56:43 +01:00
Manuel Alejandro de Brito Fontes
0197ea0dc4 Remove empty BeforeEach and AfterEach from e2e tests 2020-02-13 15:33:14 -03:00
Ilya Nemakov
46a3e0a6fd Fix X-Forwarded-Proto based on proxy-protocol server port 2020-02-10 18:08:34 +03:00
Boris Djurdjevic
665f924e9e Add proxy protocol support for X-Forwarded-Port 
Fixes https://github.com/kubernetes/ingress-nginx/issues/4951
 2020-01-24 13:50:35 +01:00
Manuel Alejandro de Brito Fontes
2af6305a4f Fix flaking e2e tests 2020-01-05 14:08:56 -03:00
Manuel Alejandro de Brito Fontes
1f2820a343 GeoIP test are temporarily disabled 2020-01-04 15:17:24 -03:00
Manuel Alejandro de Brito Fontes
5c30820d1f Remove hard-coded annotation and don't use map pointers 2019-12-13 03:05:20 -03:00
Manuel Alejandro de Brito Fontes
c2550930b1 Fix e2e test flakes 2019-12-13 01:34:52 -03:00
Manuel Alejandro de Brito Fontes
0dce5be743 Migrate ingress definitions from extensions to networking.k8s.io 2019-12-12 21:25:00 -03:00
Elvin Efendi
49ba53b7b6 regression test for duplicate hsts 2019-12-12 13:45:43 -05:00
Kubernetes Prow Robot
fb025ab501
Merge pull request #4087 from MRoci/master 
Define Modsecurity Snippet via ConfigMap
 2019-09-30 15:19:32 -07:00
Andrea Spacca
e84c8cd705 ISSUE-4244 e2e test 2019-09-29 23:28:44 +02:00
MRoci
1ee081ccc8
test modsecurity-snippet 2019-09-28 09:54:10 +02:00
Elvin Efendi
799f0ae76d more meaningful assertion for tls hsts test 2019-09-24 15:39:20 -04:00
Manuel Alejandro de Brito Fontes
ce3e3d51c3
WIP Remove nginx unix sockets (#4531) 
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
 2019-09-08 18:14:54 -03:00
Manuel Alejandro de Brito Fontes
c85450c1e7
Remove hard-coded names from e2e test and use local docker dependencies (#4502) 2019-09-01 14:16:52 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Manuel Alejandro de Brito Fontes
23ed3ba4c4
Fix file permissions to support volumes 2019-08-15 20:48:37 -04:00
Elvin Efendi
b21c721196 lua-shared-dicts improvements, fixes and documentation 2019-08-14 22:10:56 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Kubernetes Prow Robot
8c472190d1
Merge pull request #4086 from jeroen92/issue-4038 
Resolve #4038, move X-Forwarded-Port variable to the location context
 2019-08-09 08:07:25 -07:00
tals
a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Jeroen Schutrup
8dd912114e
Move X-Forwarded-Port variable to the location context 
Resolves issue #4038 where the X-Forwarded-Port header would be set to the value of the https listening port if all of the following settings were satisfied:
- The ingress controller was started with a non-default HTTPS port set with the `--https-port` argument
- An ingress is created having:
  - the `nginx.ingress.kubernetes.io/auth-url` annotation set
  - TLS enabled

This commit solves this issue by moving the setting of the `pass_server_port` variable from the server, one level down to the location context.
 2019-08-06 17:00:58 +02:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Manuel Alejandro de Brito Fontes
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package 2019-06-13 11:32:39 -04:00
Jorrit Salverda
f77eaaee50 Add opentracing-operation-name and opentracing-location-operation-name config settings 
With these settings custom span names can be used for the server span and location span

Signed-off-by: Jorrit Salverda <jsalverda@travix.com>
 2019-06-07 14:19:34 +02:00
Kubernetes Prow Robot
251f48b120
Merge pull request #4135 from nicknovitski/deployment-api-appsv1 
Use apps/v1 api group in e2e tests
 2019-05-29 16:50:18 -07:00
Nick Novitski
e1958b8272 Run PodSecurityPolicy E2E test in parallel 
Previously, this test modified a ClusterRole used by _every_ test.  It had to be run serially, with a special teardown function that restored the state of the ClusterRole for any other serial tests.

Now every test gets its own cluster role, which means this test can be safely run in parallel with all the others, without any special teardown.
 2019-05-29 14:13:04 -07:00
Nick Novitski
d617e5abdc Use apps/v1 api group in e2e tests 2019-05-29 12:12:45 -07:00
Manuel Alejandro de Brito Fontes
c2227a058d
Refactor e2e test 2019-05-27 06:31:01 -04:00
Nick Novitski
51ad0bc54b Rearrange deployment files into kustomizations 2019-05-19 12:35:54 -07:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00