DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6400 commits 4 branches 217 tags 166 MiB
Commit graph

993 commits

Author SHA1 Message Date
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
Elvin Efendi
2cff9fa41d generalize cidr parsing and improve lua tests 2021-01-04 15:01:55 -05:00
Elvin Efendi
bc6a2718d2 fix generated code for the new year 2021-01-02 11:22:53 -05:00
Manuel Alejandro de Brito Fontes
6f87f3288b Do not assume ingress-nginx is using recommended labels 2020-12-30 09:00:39 -03:00
Kubernetes Prow Robot
06cb6696a5
Merge pull request #6692 from andyxning/add_string_split_function_to_template_funcMap 
add string split function to template funcMap
 2020-12-29 05:32:28 -08:00
Kubernetes Prow Robot
cff52e69c7
Merge pull request #6685 from foxdalas/geoip_local_mirror 
Add GeoIP Local mirror support
 2020-12-29 04:48:30 -08:00
andyxning
bbf831afae add string split function to template funcMap 2020-12-29 13:57:30 +08:00
Maxim Pogozhiy
b55f4371e3 Add GeoIP Local mirror support 2020-12-28 17:37:26 +10:00
Manuel Alejandro de Brito Fontes
d9af197e62
Remove dead code 2020-12-27 22:26:51 -03:00
eclesiomelojunior
7a533f035b chore: Add test to internal ingress resolver pkg 2020-12-23 13:33:12 -03:00
Josh Soref
a8728f3d2c Spelling 2020-12-15 16:10:48 -05:00
Kubernetes Prow Robot
fe65e9d22f
Merge pull request #6620 from nic-6443/sticky-session-fix 
Fix sticky session not set for host in server-alias annotation (#6448)
 2020-12-15 03:47:48 -08:00
qianyong
44aaa2e367 Fix sticky session not set for host in server-alias annotation (#6448) 2020-12-15 11:01:19 +08:00
qianyong
f9ffa93588 Allow FQDN for ExternalName Service 2020-12-14 20:32:08 +08:00
Manuel Alejandro de Brito Fontes
9c0a39636d Refactor ingress nginx variables 2020-12-12 08:52:47 -03:00
Manuel Alejandro de Brito Fontes
77234fcde0 Fix nginx ingress variables for definitions with Backend 2020-12-05 14:40:22 -03:00
Manuel Alejandro de Brito Fontes
5df2951948 Fix nginx ingress variables for definitions without hosts 2020-12-04 20:30:55 -03:00
Manuel Alejandro de Brito Fontes
81bf8056da Disable HTTP/2 in the webhook server 2020-12-04 20:29:36 -03:00
Manuel Alejandro de Brito Fontes
d781d99797 Fixes for gosec 2020-12-04 20:29:07 -03:00
agile6v
06f53bcf05 feat: allow user to specify the maxmium number of retries in stream block. 2020-12-02 14:54:14 +08:00
Kubernetes Prow Robot
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param 
Allow customisation of redirect URL parameter in external auth redirects
 2020-11-23 01:27:37 -08:00
Manuel Alejandro de Brito Fontes
1389cc0e80 Refactor extraction of ingress pod details 2020-11-19 17:31:28 -03:00
Manuel Alejandro de Brito Fontes
e7d6c3fedc Update tests 2020-11-12 16:07:21 -03:00
Manuel Alejandro de Brito Fontes
2ca1f92697 Add PathType details in external auth location 2020-11-12 16:07:21 -03:00
Manuel Alejandro de Brito Fontes
3f153add00 Refactor handling of path Prefix and Exact 2020-11-10 07:21:34 -03:00
Manuel Alejandro de Brito Fontes
f49d2fdb3b Improve class.IsValid logs 2020-11-09 11:01:03 -03:00
aimuz
e5fa90db9b fix: empty IngressClassName, Error handling 2020-11-09 11:36:00 +08:00
JacieChao
615485affb Reload nginx when L4 proxy protocol change 
Signed-off-by: JacieChao <kathyyy@163.com>
 2020-11-03 19:33:32 +08:00
Manuel Alejandro de Brito Fontes
a6b6f03b53 Add support for k8s ingress pathtype Prefix 2020-11-02 09:56:49 -05:00
Manuel Alejandro de Brito Fontes
4d65097afa Improve log messages 2020-10-26 17:14:36 -03:00
Manuel Alejandro de Brito Fontes
a85e53f4cb Remove k8s.io/kubernetes dependency 2020-10-26 13:04:00 -03:00
Manuel Alejandro de Brito Fontes
a762d8a4e3 Check pod is ready 2020-10-26 11:59:14 -03:00
Manuel Alejandro de Brito Fontes
d74ea25df8 Add validation for wildcard server names 2020-10-26 10:51:14 -03:00
Manuel Alejandro de Brito Fontes
cdd6437380 Refactor Exact path matthing 2020-10-26 10:51:03 -03:00
Manuel Alejandro de Brito Fontes
703c2d6f8e Enable validation of ingress definitions from extensions package 2020-10-26 10:50:44 -03:00
Kubernetes Prow Robot
a6d603566b
Merge pull request #6325 from sylr/filter-helm-secrets 
Filter out secrets that belong to Helm v3
 2020-10-13 11:46:27 -07:00
Sylvain Rabot
ca7db0e330
Filter out secrets that belong to Helm 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2020-10-13 17:45:26 +02:00
Aditya Purandare
57b10f5693
Add datadog environment as a configuration option 
(cherry picked from commit 4306558baa595606cd6befff08c8c815d6fe2bd4)
 2020-10-12 13:52:15 -07:00
Ian Buss
41cf628bdf Add a configurable URL redirect parameter for error URLs 2020-10-08 12:53:46 +01:00
Stevo Slavić
96f8094fdc Improve HandleAdmission resiliency 
Signed-off-by: Stevo Slavić <sslavic@gmail.com>
 2020-10-06 07:48:23 +02:00
Manuel Alejandro de Brito Fontes
9c94d772fb Add support for admission review v1beta1 2020-10-02 14:03:55 -03:00
Kubernetes Prow Robot
8d45bb39a4
Merge pull request #5348 from Antiarchitect/stream-log-annotations 
Ability to separately disable access log in http and stream contexts
 2020-09-28 11:02:53 -07:00
Manuel Alejandro de Brito Fontes
108637bb1c Migrate to structured logging (klog) 2020-09-27 18:59:57 -03:00
Manuel Alejandro de Brito Fontes
a767b1d906 Cleanup 2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes
29ea30a4e8 Add events for NGINX reloads 2020-09-27 17:16:09 -03:00
Kubernetes Prow Robot
6fd891f3df
Merge pull request #6217 from touchifyapp/@feature/cors-expose-headers 
Add annotation to configure CORS Access-Control-Expose-Headers
 2020-09-26 16:52:48 -07:00
Manuel Alejandro de Brito Fontes
7722fa38aa Add admission controller e2e test 2020-09-26 16:06:58 -03:00
Manuel Alejandro de Brito Fontes
a990ac3910
Change defaults 2020-09-24 21:33:56 -03:00
Maxime LUCE
b7b85175f6 Add annotation to configure CORS Access-Control-Expose-Headers 2020-09-23 17:41:52 +02:00
Elvin Efendi
e050ff1b9f disable session tickets by default 2020-09-18 00:08:00 -04:00
Julien Laffaye
d280a344c4 inspect symlinks to auto-reload k8s secrets 2020-09-17 16:11:33 -04:00
Manuel Alejandro de Brito Fontes
87aa96b468 Change server-tokens default value to false 2020-09-17 09:52:07 -03:00
Manuel Alejandro de Brito Fontes
38fc35f206 Add validation support for networking.k8s.io/v1 2020-09-17 08:57:41 -03:00
Manuel Alejandro de Brito Fontes
e659efbfdb Use dynamic load of modules 2020-09-10 11:39:35 -03:00
Kubernetes Prow Robot
91c6d1a081
Merge pull request #6150 from timmysilv/master 
Reject ingresses that use the default annotation if a custom one was provided
 2020-09-10 07:11:45 -07:00
Matthew Silverman
9612180f6e reject annotations with default prefix in the case of an override 2020-09-10 09:16:44 -04:00
Kubernetes Prow Robot
b1c64fa822
Merge pull request #6101 from GianOrtiz/burst 
Add annotation to set value for burst multiplier on rate limit
 2020-09-10 05:09:45 -07:00
Manuel Alejandro de Brito Fontes
b26ebb0050 Update default gzip level 2020-09-08 17:23:47 -03:00
Manuel Alejandro de Brito Fontes
d13fdf01f6 Update zipkin library location 2020-09-08 16:20:03 -03:00
Manuel Alejandro de Brito Fontes
0925f20d05 Refactor load of tracer load 2020-09-08 16:20:03 -03:00
Manuel Alejandro de Brito Fontes
8abe794178 Use net.JoinHostPort to avoid IPV6 issues 2020-09-02 22:58:51 -04:00
Manuel Alejandro de Brito Fontes
b1f0d28634 Require Kubernetes v1.14 or higher and deprecate extensions 2020-09-02 10:00:16 -04:00
Gian Ortz
3820aa416b Add annotation to set value for burst multiplier on rate limit 2020-08-30 19:43:08 -03:00
hazim1093
32b8a3a473 Return unique addresses from service 2020-08-30 23:13:59 +02:00
Manuel Alejandro de Brito Fontes
a981862ff2 Fix nginx command env variable reference 2020-08-09 12:06:11 -04:00
Manuel Alejandro de Brito Fontes
cb86c5698c Migrate to klog v2 2020-08-08 21:01:03 -04:00
Kubernetes Prow Robot
c500bd4b3f
Merge pull request #4139 from choffmeister/fix/collect-metrics-if-metrics-per-host-false 
Always collect metrics when --metrics-per-host=false
 2020-08-08 12:02:19 -07:00
Laszlo Janosi
7d82903ce9
Fix panic in ingress class validation 
If an ingress had no class annotation, nor IngressClassName  at all, and an IngressClass resource was created for the ingress-nginx there was a panic when the controller tried to check the IngressClassName of the Ingress.
 2020-08-07 17:09:14 +00:00
Mitsuo Heijo
094967cfd9 bump fsnotify to v1.4.9 
migrate gopkg.in/fsnotify/fsnotify.v1 to github.com/fsnotify/fsnotify
 2020-07-31 02:14:03 +09:00
Bernard Van De Walle
f3537204d2 Adding Zipkin collector to the E2E opentracing test as it is required to load at least one tracer to enable opentracing 
Work on PR comments
Add tests for template builder

Signed-off-by: Bernard Van De Walle <bernard.vandewalle@getcruise.com>
 2020-07-23 15:25:50 -07:00
Bernard Van De Walle
2baca9e32a Merge branch 'add-opentracing-operation-name-settings' of https://github.com/JorritSalverda/ingress-nginx into add-opentracing-operation-name-settings 2020-07-23 11:42:44 -07:00
Kubernetes Prow Robot
e825af86e1
Merge pull request #5887 from dschwar/force-use-forwarded-for 
Add force-enable-realip-module
 2020-07-17 07:17:02 -07:00
David Schwartz
d52141c2b9 Add enable-real-ip 2020-07-15 15:25:29 -04:00
Manuel Alejandro de Brito Fontes
dc3876666b Revert "use-regex annotation should be applied to only one Location" 
This reverts commit a8a8b5f6e9.
 2020-07-15 11:20:47 -04:00
Manuel Alejandro de Brito Fontes
e4c4edd626 Custom default backend service must have ports 2020-07-07 08:49:13 -04:00
Manuel Alejandro de Brito Fontes
a8a8b5f6e9 use-regex annotation should be applied to only one Location 2020-07-06 19:29:39 -04:00
Mitsuo Heijo
8557677a5e fix json tag for SSLPreferServerCiphers 
related https://github.com/kubernetes/ingress-nginx/pull/5534
 2020-07-06 23:45:36 +09:00
Zhongcheng Lao
c0629e92c2
Add proxy-ssl-server-name to enable passing SNI 2020-07-03 14:14:32 +08:00
agile6v
38447408e1 Remove redundant health check to avoid liveness or readiness timeout 2020-07-01 10:53:31 +08:00
Manuel Alejandro de Brito Fontes
14acc186f0 Update comment about restart of pod 2020-06-24 11:35:37 -04:00
Kubernetes Prow Robot
d3832915e1
Merge pull request #5743 from kulong0105/master 
build/dev-env.sh: remove docker version check
 2020-06-23 14:39:17 -07:00
Yilong Ren
714637bec5 build/dev-env.sh: remove docker version check 
docker experimental feature is unnecessary, so just remove it
 2020-06-23 15:37:41 +08:00
Kubernetes Prow Robot
803a76cf8a
Merge pull request #5749 from Bo0km4n/feat-configurable-max-batch-size 
[Fix/metrics] Be configurable max batch size of metrics
 2020-06-22 22:07:40 -07:00
mengqi.wmq
f232a264ab Add default-type as a configurable for default_type 2020-06-21 11:10:51 +08:00
Bo0km4n
7ab0916c92 Resolve conflicts 2020-06-20 17:13:31 +09:00
Bo0km4n
53a6b0fd3b Configurable metrics max batch size 2020-06-20 15:58:14 +09:00
Kubernetes Prow Robot
832c4e800f
Merge pull request #5702 from sylr/filter-tiller-configmaps 
Filter out objects that belong to Helm
 2020-06-13 11:57:56 -07:00
Sylvain Rabot
c0ae83f891
Use build tags to make it compile on non linux platforms 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2020-06-11 21:50:03 +02:00
Sylvain Rabot
c9cb3dd626
Filter out objects that belong to Helm 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2020-06-11 19:18:56 +02:00
Manuel Alejandro de Brito Fontes
3d3efaab29 Fix proxy_protocol duplication in listen definition 2020-06-09 15:00:59 -04:00
agile6v
fc1c043437 Add http-access-log-path and stream-access-log-path options in configMap 2020-06-05 01:27:26 +08:00
Kubernetes Prow Robot
d061375afa
Merge pull request #5571 from agile6v/dev 
feat: support the combination of Nginx variables for annotation upstream-hash-by.
 2020-06-01 15:10:14 -07:00
Manuel Alejandro de Brito Fontes
ea85404acd Do not reload NGINX if master process dies 2020-06-01 16:00:29 -04:00
agile6v
c035a144f8 Support the combination of nginx variables and text value for annotation upstream-hash-by. 2020-06-01 06:37:41 +08:00
Kubernetes Prow Robot
ee02d897d5
Merge pull request #5534 from agile6v/master 
Add annotation ssl-prefer-server-ciphers.
 2020-05-29 08:35:16 -07:00
agile6v
0e79ad8e4f Update unit & e2e tests. 2020-05-21 02:19:13 +08:00
Kubernetes Prow Robot
2e4c8233d5
Merge pull request #5522 from kevinfrommelt/remove-duplicate-annotation-parse 
Remove duplicate annotation parsing for annotationAffinityCookieChangeOnFailure
 2020-05-13 17:06:22 -07:00
Andrey Voronkov
bced1ed8b8 Ability to separately disable access log in http and stream contexts 
Two new configuration options:
`disable-http-access-log`
`disable-stream-access-log`

Should resolve issue with enormous amount of `TCP 200` useless entries in logs

Signed-off-by: Andrey Voronkov <voronkovaa@gmail.com>
 2020-05-13 21:23:37 +03:00
Manuel Alejandro de Brito Fontes
46cca5ad40 Fix error setting $service_name NGINX variable 2020-05-13 10:01:41 -04:00
agile6v
38f99cefb2 Update testcase for sslCipher. 2020-05-13 11:03:15 +08:00
agile6v
38a8556c4f Add comments for sslcipher.Config struct. 2020-05-13 10:40:56 +08:00
agile6v
41d82005ec Add annotation ssl-prefer-server-ciphers. 2020-05-11 16:31:08 +08:00
Kevin Frommelt
e775495a56
Remove duplicate Cookie.ChangeOnFailure assertion 2020-05-08 13:51:14 -05:00
Kevin Frommelt
3c5e3eda7b
Remove duplicate annotation parsing for annotationAffinityCookieChangeOnFailure 2020-05-08 09:14:10 -05:00
Mark Janssen
639a8c7871 Enable TLSv1.3 by default 
Fix for 049b25e566 which mistakenly only
updated documentation.
 2020-05-08 12:40:11 +02:00
Christian Hoffmeister
ef75a2d6fc Merge remote-tracking branch 'upstream/master' into fix/collect-metrics-if-metrics-per-host-false 2020-05-01 14:57:00 +02:00
Manuel Alejandro de Brito Fontes
a8c7ec6cfb Changes on services must trigger a sync event 2020-04-29 13:37:39 -04:00
Manuel Alejandro de Brito Fontes
af910a16d4 Refactor ingress validation in webhook 2020-04-28 18:35:03 -04:00
Andreas Sommer
c775b439dc Case-insensitive TLS host matching 2020-04-28 11:07:43 +02:00
Manuel Alejandro de Brito Fontes
dbaefc8ee9 Ensure webhook validation ingress has a PathTypePrefix 2020-04-27 10:37:26 -04:00
Manuel Alejandro de Brito Fontes
a95d850384 Add support for PathTypeExact 2020-04-23 11:12:37 -04:00
Manuel Alejandro de Brito Fontes
efbb3f9fc8 Add support for IngressClass and ingress.class annotation 2020-04-22 09:15:32 -04:00
Rodrigo Villablanca
ecc20461aa Removed wrong code 2020-04-20 12:30:18 -04:00
Kubernetes Prow Robot
5b8d4baf5c
Merge pull request #5388 from rvillablanca/rm-todos 
Remove TODO that were done
 2020-04-17 19:59:35 -07:00
Manuel Alejandro de Brito Fontes
d18fa90cfd Add e2e test for OCSP and new configmap setting 2020-04-17 12:53:47 -04:00
Rodrigo Villablanca
dc1adaec6b Remove TODO that were done 2020-04-17 03:37:37 -04:00
Elvin Efendi
1dab12fb81 Lua OCSP stapling 2020-04-16 21:29:16 -04:00
Manuel Alejandro de Brito Fontes
ad04fbe8b5 Cleanup parsing of annotations with lists 2020-04-13 17:02:31 -04:00
Manuel Alejandro de Brito Fontes
c0db19b0ec Enable configuration of plugins using configmap 2020-04-13 11:38:42 -04:00
Artem Miroshnychenko
ae88a7d2a8 remove unused test and function 2020-04-08 19:37:23 +03:00
Artem Miroshnychenko
01351a6bf8 remove unused test and function 2020-04-08 19:37:15 +03:00
Manuel Alejandro de Brito Fontes
5390ce4879 Fix definition order of modsecurity directives 2020-04-03 10:53:20 -03:00
Manuel Alejandro de Brito Fontes
51f0ef052b Set new default PathType to prefix 2020-04-01 10:05:48 -03:00
Manuel Alejandro de Brito Fontes
1216ed03f7 Fix condition in server-alias annotation 2020-04-01 08:37:14 -03:00
Manuel Alejandro de Brito Fontes
04ef782c57 Migrate ingress.class annotation to new IngressClassName field 2020-03-31 12:20:01 -03:00
Manuel Alejandro de Brito Fontes
a46126a034 Update client-go methods to support context and and new create and delete options 2020-03-27 19:52:51 -03:00
Bhavin Gandhi
380ef3a92c Fix the ability to disable ModSecurity at location level 
- Adds 'modsecurity off;' to the nginx config if the
  'enable-modsecurity' annotation is set to false.
- Update tests and e2e tests accordingly

Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
 2020-03-22 23:51:02 +05:30
Manuel Alejandro de Brito Fontes
07b70f68bd
Redirect for app-root should preserve current scheme (#5266) 2020-03-19 15:49:18 -03:00
Maxim Pogozhiy
78576a9bbc Add Maxmind Editions support 2020-03-19 19:36:10 +07:00
Christian Hoffmeister
19770f5b41 Merge remote-tracking branch 'base/master' into fix/collect-metrics-if-metrics-per-host-false 2020-03-13 07:17:49 +01:00
Manuel Alejandro de Brito Fontes
96327b12cd
Fix $service_name and $service_port variables values without host (#5226) 2020-03-07 23:06:03 -03:00
Manuel Alejandro de Brito Fontes
ad460e16ce
Avoid secret without tls.crt and tls.key but a valid ca.crt (#5225) 2020-03-07 21:15:24 -03:00
m.nabokikh
ed30be05bc Fix quote function in template to render pointers properly 2020-03-05 16:45:27 +04:00
schaefec
0ab2e72e95 Doesn't fail if proxy-ssl-name annotation is not specified 2020-02-25 13:32:14 +01:00
schaefec
141ea59b7f Allows overriding the server name used to verify the certificate of the proxied HTTPS server 2020-02-25 13:32:14 +01:00
Kubernetes Prow Robot
35264d6e8f
Merge pull request #5114 from whalecold/match 
Feat: add header-pattern annotation.
 2020-02-24 17:07:36 -08:00
Kubernetes Prow Robot
6cd223558f
Merge pull request #4981 from janosi/proxy-ssl-scope 
Applying proxy-ssl-* directives on locations only
 2020-02-24 15:53:36 -08:00
Manuel Alejandro de Brito Fontes
07686f894a
Check there is a difference in the template besides the checksum (#5151) 2020-02-21 16:41:03 -03:00
Manuel Alejandro de Brito Fontes
c5db20ace4
Update default VariablesHashBucketSize value to 256 (#5150) 2020-02-21 16:01:33 -03:00
Manuel Alejandro de Brito Fontes
cd94ac7f84
Allow service type ExternalName with different port and targetPort (#5141) 2020-02-20 23:06:05 -03:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
Manuel Alejandro de Brito Fontes
37c24b0df5
Migration e2e installation to helm (#5086) 2020-02-16 11:58:37 -03:00
Daniel Arifin
d48d5a61ae Add gzip-min-length as a configurable 2020-02-14 13:29:51 +07:00
Manuel Alejandro de Brito Fontes
281139d1a7
Only set mirror source when a target is configured (#5055) 2020-02-11 13:48:42 -03:00
Manuel Alejandro de Brito Fontes
77586dd83b
Validation of header in authreq should be done only in the key (#5053) 2020-02-11 10:30:14 -03:00
Laszlo Janosi
42ec2cc0ed Change the handling of ConfigMap creation 
When a new CM is created Ingress definitions are checked for reference to the new CM an Ingress sync is triggered if such reference is found.
 2020-02-11 11:00:48 +01:00
Manuel Alejandro de Brito Fontes
2c5819e1b3
Add flag to allow custom ingress status update intervals (#5050) 2020-02-10 16:52:50 -03:00
Ilya Nemakov
46a3e0a6fd Fix X-Forwarded-Proto based on proxy-protocol server port 2020-02-10 18:08:34 +03:00
Manuel Alejandro de Brito Fontes
d0423c6d4f
Update code to use pault.ag/go/sniff package (#5038) 
* Update code to use pault.ag/go/sniff package

* Update go dependencies
 2020-02-07 12:27:43 -03:00
Manuel Alejandro de Brito Fontes
9278f0cad2
Update metric dependencies (#5023) 2020-02-06 09:50:13 -03:00